npm - identityapp - Versions diffs - 0.1.0 - Mend

identityapp 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +128 -0
package/bin/cli.mjs +13 -0
package/dist/cli.d.ts +1 -0
package/dist/cli.mjs +907 -0
package/dist/cli.mjs.map +1 -0
package/package.json +41 -0
package/skills/agent-identity/SKILL.md +160 -0

package/README.md ADDED Viewed

@@ -0,0 +1,128 @@
+# identityapp CLI
+`identityapp` is a TypeScript CLI for interacting with identity.app as an agent or integrator.
+## Install and run
+```bash
+# one-off
+npx identityapp --help
+# or global install
+npm i -g identityapp
+identityapp --help
+```
+## Commands
+### Agent commands
+- `identityapp register`
+- `identityapp sign`
+- `identityapp verify`
+- `identityapp certify`
+- `identityapp report`
+- `identityapp identity list|show|use|remove`
+- `identityapp auth link set|show|clear`
+### Integrator commands
+- `identityapp integrator consent`
+- `identityapp integrator ingest`
+- `identityapp integrator verify`
+- `identityapp integrator certify`
+## Examples
+```bash
+# Register identity alias and persist credentials under ~/.identity
+npx identityapp register --as writer --label "writer"
+# Sign and verify
+npx identityapp sign --as writer "Hello world"
+npx identityapp verify <signatureHash> "Hello world"
+# Certify content
+npx identityapp certify <signatureHash> "Hello world"
+# Report a bad actor
+npx identityapp report did:identity:badagent malicious --details "Scam attempts"
+```
+```bash
+# Set a default linking key for future register calls
+npx identityapp auth link set lk_abc123
+# Register using default linking key
+npx identityapp register --as support-bot
+# Skip default linking key once
+npx identityapp register --as experiment --no-link
+# Set default alias so --as is optional later
+npx identityapp identity use writer
+npx identityapp sign "Message from default alias"
+```
+Register is intentionally non-destructive: if an alias already exists, registration fails.
+Use a new alias, or explicitly remove the old one first:
+```bash
+npx identityapp identity remove --as writer --yes
+```
+## Human owner linking guidance
+- If your human owner already has a linking key, set it once:
+```bash
+npx identityapp auth link set <linking_key>
+```
+- If they do not have one yet:
+  - ask them to create/log into an account on `identity.app`
+  - ask them to generate a linking key from the dashboard
+  - then set it locally with the command above
+- If linking is not ready yet:
+  - register with `--no-link`
+  - share the resulting claim token with the human owner for manual claiming later
+```bash
+# Integrator verify with consent context
+npx identityapp integrator verify <signatureHash> --api-key <integratorApiKey>
+# Ingest signals (bearer auth)
+npx identityapp integrator ingest \
+  --api-key <integratorApiKey> \
+  --ingest-url https://integrator.identity.app/ingest \
+  --body-file ./event.json
+```
+## Local development
+```bash
+npm install
+npm run build
+node bin/cli.mjs --help
+```
+## Publish
+```bash
+npm run build
+npm publish --access public
+```
+The package uses a `bin` launcher (`bin/cli.mjs`) that executes the compiled output in `dist/`.
+## Identity storage
+- Default home directory: `~/.identity`
+- Override with:
+  - env var: `IDENTITY_HOME`
+  - command flag: `--home <dir>`
+- Layout:
+  - `config.json` (default alias + default linking key)
+  - `identities/<alias>.json` (private key + DID + metadata)
+- Integrator ingest default endpoint: `https://integrator.identity.app/ingest` (override with `--ingest-url`)

package/bin/cli.mjs ADDED Viewed

@@ -0,0 +1,13 @@
+#!/usr/bin/env node
+import module from "node:module";
+if (module.enableCompileCache && !process.env.NODE_DISABLE_COMPILE_CACHE) {
+  try {
+    module.enableCompileCache();
+  } catch {
+    // Ignore compile cache errors.
+  }
+}
+await import("../dist/cli.mjs");

package/dist/cli.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ #!/usr/bin/env node

package/dist/cli.mjs ADDED Viewed

@@ -0,0 +1,907 @@
+#!/usr/bin/env node
+// src/constants.ts
+import os from "os";
+import path from "path";
+var DEFAULT_BASE_URL = "https://identity.app";
+var DEFAULT_EVENTS_URL = "https://integrator.identity.app/ingest";
+var DEFAULT_IDENTITY_HOME = path.join(os.homedir(), ".identity");
+var IDENTITY_HOME_ENV = "IDENTITY_HOME";
+var CURRENT_VERSION = "0.1.0";
+// src/lib/errors.ts
+function fail(message) {
+  console.error(message);
+  process.exit(1);
+}
+// src/lib/storage.ts
+import fs2 from "fs";
+import path3 from "path";
+// src/lib/fs.ts
+import fs from "fs";
+import path2 from "path";
+function ensureDir(dirPath) {
+  fs.mkdirSync(dirPath, { recursive: true, mode: 448 });
+}
+function ensureDirForFile(filePath) {
+  ensureDir(path2.dirname(filePath));
+}
+function readJsonFile(filePath) {
+  try {
+    const raw = fs.readFileSync(filePath, "utf-8");
+    return JSON.parse(raw);
+  } catch (error) {
+    if (typeof error === "object" && error && "code" in error && error.code === "ENOENT") {
+      fail(`File not found: ${filePath}`);
+    }
+    fail(`Invalid JSON file: ${filePath}`);
+  }
+}
+function writeSecureJsonFile(filePath, value) {
+  ensureDirForFile(filePath);
+  fs.writeFileSync(filePath, `${JSON.stringify(value, null, 2)}
+`, "utf-8");
+  try {
+    fs.chmodSync(filePath, 384);
+  } catch {
+  }
+}
+// src/lib/storage.ts
+function resolveHome(rawArgs) {
+  const remaining = [];
+  let homeFromArg;
+  for (let i = 0; i < rawArgs.length; i += 1) {
+    const token = rawArgs[i];
+    if (token === "--home") {
+      homeFromArg = rawArgs[i + 1];
+      i += 1;
+      continue;
+    }
+    if (token.startsWith("--home=")) {
+      homeFromArg = token.slice("--home=".length);
+      continue;
+    }
+    remaining.push(token);
+  }
+  const home = homeFromArg || process.env[IDENTITY_HOME_ENV] || DEFAULT_IDENTITY_HOME;
+  const absHome = path3.resolve(home);
+  return { home: absHome, args: remaining };
+}
+function createContext(home) {
+  const identitiesDir = path3.join(home, "identities");
+  return {
+    home,
+    configPath: path3.join(home, "config.json"),
+    identitiesDir
+  };
+}
+function defaultConfig() {
+  return {
+    version: 1,
+    defaultAlias: null,
+    defaultLinkingKey: null
+  };
+}
+function readConfig(ctx) {
+  if (!fs2.existsSync(ctx.configPath)) {
+    return defaultConfig();
+  }
+  const parsed = readJsonFile(ctx.configPath);
+  return {
+    version: typeof parsed.version === "number" ? parsed.version : 1,
+    defaultAlias: typeof parsed.defaultAlias === "string" ? parsed.defaultAlias : null,
+    defaultLinkingKey: typeof parsed.defaultLinkingKey === "string" ? parsed.defaultLinkingKey : null
+  };
+}
+function writeConfig(ctx, config) {
+  writeSecureJsonFile(ctx.configPath, config);
+}
+function normalizeAlias(alias) {
+  const normalized = alias.trim().toLowerCase();
+  if (!/^[a-z][a-z0-9_-]{0,62}$/.test(normalized)) {
+    fail(
+      `Invalid alias "${alias}". Alias must start with a letter and contain only lowercase letters, digits, "_" or "-".`
+    );
+  }
+  return normalized;
+}
+function identityPathForAlias(ctx, alias) {
+  return path3.join(ctx.identitiesDir, `${normalizeAlias(alias)}.json`);
+}
+function resolveAlias(requestedAlias, config) {
+  if (requestedAlias) return normalizeAlias(requestedAlias);
+  if (config.defaultAlias) return normalizeAlias(config.defaultAlias);
+  fail(
+    'No alias selected. Pass --as <alias> or set a default with "identityapp identity use <alias>".'
+  );
+}
+function loadCredentials(filePath) {
+  if (!filePath) fail("Internal error: credentials file path is required");
+  const json = readJsonFile(filePath);
+  if (!json.did || !json.privateKey) {
+    fail(`Invalid credentials file: ${filePath} (missing did or privateKey)`);
+  }
+  return {
+    did: json.did,
+    publicKey: json.publicKey,
+    privateKey: json.privateKey,
+    linked: json.linked,
+    claimToken: json.claimToken
+  };
+}
+function saveCredentials(filePath, creds) {
+  writeSecureJsonFile(filePath, creds);
+}
+function loadIdentityFromAlias(ctx, config, requestedAlias) {
+  const alias = resolveAlias(requestedAlias, config);
+  const filePath = identityPathForAlias(ctx, alias);
+  if (!fs2.existsSync(filePath)) {
+    fail(
+      `Identity alias "${alias}" not found at ${filePath}. Register first with "identityapp register --as ${alias}".`
+    );
+  }
+  const credentials = loadCredentials(filePath);
+  return { ...credentials, alias };
+}
+function maybeSetDefaultAlias(ctx, config, alias) {
+  if (!config.defaultAlias) {
+    writeConfig(ctx, { ...config, defaultAlias: alias });
+  }
+}
+function redactPrivateKey(identity) {
+  return {
+    ...identity,
+    privateKey: "[redacted]"
+  };
+}
+// src/commands/auth.ts
+async function handleAuth(args, ctx) {
+  const subcommand = args[0];
+  const rest = args.slice(1);
+  if (subcommand !== "link") {
+    fail("Usage: identityapp auth link <set|show|clear> ...");
+  }
+  const action = rest[0];
+  const actionArgs = rest.slice(1);
+  const config = readConfig(ctx);
+  if (action === "set") {
+    const key = actionArgs[0];
+    if (!key) fail("Usage: identityapp auth link set <linking_key>");
+    writeConfig(ctx, { ...config, defaultLinkingKey: key });
+    console.log(JSON.stringify({ ok: true, defaultLinkingKey: "[set]" }, null, 2));
+    return;
+  }
+  if (action === "show") {
+    console.log(
+      JSON.stringify(
+        {
+          defaultLinkingKey: config.defaultLinkingKey ? "[set]" : null
+        },
+        null,
+        2
+      )
+    );
+    return;
+  }
+  if (action === "clear") {
+    writeConfig(ctx, { ...config, defaultLinkingKey: null });
+    console.log(JSON.stringify({ ok: true, defaultLinkingKey: null }, null, 2));
+    return;
+  }
+  fail("Usage: identityapp auth link <set|show|clear> ...");
+}
+// src/commands/agent.ts
+import fs3 from "fs";
+import path4 from "path";
+import { parseArgs } from "util";
+// src/lib/crypto.ts
+import crypto from "crypto";
+function sha256Hex(input) {
+  return crypto.createHash("sha256").update(input).digest("hex");
+}
+function buildPrivateKeyFromRawBase64(privateKeyBase64) {
+  const raw = Buffer.from(privateKeyBase64, "base64");
+  const pkcs8Prefix = Buffer.from("302e020100300506032b657004220420", "hex");
+  const der = Buffer.concat([pkcs8Prefix, raw]);
+  return crypto.createPrivateKey({
+    key: der,
+    format: "der",
+    type: "pkcs8"
+  });
+}
+function signMessage(privateKeyBase64, message) {
+  const privateKey = buildPrivateKeyFromRawBase64(privateKeyBase64);
+  return crypto.sign(null, Buffer.from(message), privateKey).toString("base64");
+}
+function generateEd25519KeyPair() {
+  const { publicKey, privateKey } = crypto.generateKeyPairSync("ed25519");
+  const publicKeyB64 = publicKey.export({ type: "spki", format: "der" }).subarray(-32).toString("base64");
+  const privateKeyB64 = privateKey.export({ type: "pkcs8", format: "der" }).subarray(-32).toString("base64");
+  return { publicKey: publicKeyB64, privateKey: privateKeyB64 };
+}
+function minePowNonce(publicKey, difficulty = 4) {
+  let nonce = 0;
+  const prefix = "0".repeat(difficulty);
+  while (true) {
+    const hash = sha256Hex(`${publicKey}${String(nonce)}`);
+    if (hash.startsWith(prefix)) return String(nonce);
+    nonce += 1;
+  }
+}
+// src/lib/http.ts
+function withBearer(apiKey) {
+  return {
+    Authorization: `Bearer ${apiKey}`
+  };
+}
+async function readResponseJson(response) {
+  return response.json().catch(() => ({}));
+}
+// src/lib/utils.ts
+import { canonicalize } from "json-canonicalize";
+function stripTrailingSlash(url) {
+  return url.replace(/\/+$/, "");
+}
+function parseJsonText(text) {
+  try {
+    return JSON.parse(text);
+  } catch {
+    fail("Body is not valid JSON");
+  }
+}
+// src/commands/agent.ts
+async function handleRegister(args, ctx) {
+  const { values } = parseArgs({
+    args,
+    options: {
+      as: { type: "string" },
+      label: { type: "string" },
+      "linking-key": { type: "string" },
+      "no-link": { type: "boolean" },
+      "key-file": { type: "string" },
+      "public-key": { type: "string" },
+      "private-key": { type: "string" },
+      save: { type: "string" },
+      url: { type: "string", default: DEFAULT_BASE_URL }
+    },
+    strict: true,
+    allowPositionals: false
+  });
+  const config = readConfig(ctx);
+  const alias = resolveAlias(values.as, config);
+  const canonicalPath = identityPathForAlias(ctx, alias);
+  if (fs3.existsSync(canonicalPath)) {
+    fail(
+      `Identity alias "${alias}" already exists at ${canonicalPath}. Register with a new alias or remove the existing one via "identityapp identity remove --as ${alias} --yes".`
+    );
+  }
+  let keyPair;
+  if (values["key-file"]) {
+    const json = readJsonFile(values["key-file"]);
+    if (!json.publicKey || !json.privateKey) {
+      fail('Key file must include "publicKey" and "privateKey"');
+    }
+    keyPair = { publicKey: json.publicKey, privateKey: json.privateKey };
+  } else if (values["public-key"] && values["private-key"]) {
+    console.error(
+      "Warning: passing --private-key on the CLI exposes it in shell history. Prefer --key-file."
+    );
+    keyPair = {
+      publicKey: values["public-key"],
+      privateKey: values["private-key"]
+    };
+  } else if (values["public-key"] || values["private-key"]) {
+    fail("Both --public-key and --private-key must be set together");
+  } else {
+    keyPair = generateEd25519KeyPair();
+  }
+  console.error("Mining proof-of-work nonce...");
+  const powNonce = minePowNonce(keyPair.publicKey);
+  const payload = {
+    publicKey: keyPair.publicKey,
+    powNonce
+  };
+  const label = values.label ?? alias;
+  payload.label = label;
+  const linkingKey = values["no-link"] === true ? void 0 : values["linking-key"] ?? config.defaultLinkingKey ?? void 0;
+  if (linkingKey) payload.linkingKey = linkingKey;
+  const baseUrl = stripTrailingSlash(values.url);
+  const response = await fetch(`${baseUrl}/api/v1/agents/register`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(payload)
+  });
+  if (!response.ok) {
+    const error = await readResponseJson(response);
+    fail(
+      `Registration failed (${response.status}): ${error.error ?? "Unknown error"}`
+    );
+  }
+  const body = await response.json();
+  const credentials = {
+    alias,
+    did: body.did,
+    publicKey: keyPair.publicKey,
+    privateKey: keyPair.privateKey,
+    linked: body.linked,
+    claimToken: body.claimToken,
+    label,
+    createdAt: Date.now(),
+    updatedAt: Date.now()
+  };
+  saveCredentials(canonicalPath, credentials);
+  maybeSetDefaultAlias(ctx, config, alias);
+  console.error(`Identity saved to ${canonicalPath}`);
+  if (values.save) {
+    saveCredentials(path4.resolve(values.save), credentials);
+    console.error(`Additional copy saved to ${path4.resolve(values.save)}`);
+  }
+  const registerOutput = {
+    alias: credentials.alias,
+    did: credentials.did,
+    publicKey: credentials.publicKey,
+    linked: credentials.linked,
+    claimToken: credentials.claimToken,
+    label: credentials.label,
+    createdAt: credentials.createdAt,
+    updatedAt: credentials.updatedAt,
+    identityPath: canonicalPath,
+    privateKey: "[stored locally only; never printed]"
+  };
+  console.log(JSON.stringify(registerOutput, null, 2));
+}
+async function handleSign(args, ctx) {
+  const { values, positionals } = parseArgs({
+    args,
+    options: {
+      as: { type: "string" },
+      file: { type: "string" },
+      note: { type: "string" },
+      credentials: { type: "string" },
+      url: { type: "string", default: DEFAULT_BASE_URL }
+    },
+    strict: true,
+    allowPositionals: true
+  });
+  const payload = positionals[0];
+  if (!payload && !values.file) {
+    fail(
+      "Usage: identityapp sign <payload> [--note <text>] [--credentials <path>] [--url <base_url>] OR identityapp sign --file <path> ..."
+    );
+  }
+  const config = readConfig(ctx);
+  const creds = values.credentials ? loadCredentials(path4.resolve(values.credentials)) : loadIdentityFromAlias(ctx, config, values.as);
+  const content = values.file !== void 0 ? fs3.existsSync(values.file) ? fs3.readFileSync(values.file) : fail(`File not found: ${values.file}`) : payload;
+  const payloadHash = sha256Hex(content);
+  const signedAt = Date.now();
+  const signature = signMessage(creds.privateKey, `${payloadHash}:${signedAt}`);
+  const response = await fetch(
+    `${stripTrailingSlash(values.url)}/api/v1/signatures/sign`,
+    {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        did: creds.did,
+        payloadHash,
+        signature,
+        signedAt,
+        publicNote: values.note
+      })
+    }
+  );
+  if (!response.ok) {
+    const error = await readResponseJson(response);
+    fail(
+      `Signing failed (${response.status}): ${error.error ?? "Unknown error"}`
+    );
+  }
+  const result = await response.json();
+  const baseUrl = stripTrailingSlash(values.url);
+  console.log(
+    JSON.stringify(
+      {
+        ...result,
+        verifyUrl: `${baseUrl}/verify/${result.signatureHash}`,
+        verifyApiUrl: `${baseUrl}/api/v1/signatures/verify?hash=${result.signatureHash}`
+      },
+      null,
+      2
+    )
+  );
+}
+async function handleVerify(args, options) {
+  const { values, positionals } = parseArgs({
+    args,
+    options: {
+      url: { type: "string", default: DEFAULT_BASE_URL }
+    },
+    strict: true,
+    allowPositionals: true
+  });
+  const signatureHash = positionals[0];
+  const contentToCheck = positionals[1];
+  if (!signatureHash) {
+    fail(
+      "Usage: identityapp verify <signature_hash> [content_to_check] [--url <base_url>]"
+    );
+  }
+  const headers = {};
+  if (options?.apiKey) Object.assign(headers, withBearer(options.apiKey));
+  const response = await fetch(
+    `${stripTrailingSlash(values.url)}/api/v1/signatures/verify?hash=${encodeURIComponent(signatureHash)}`,
+    { headers }
+  );
+  if (!response.ok) {
+    const error = await readResponseJson(response);
+    fail(
+      `Verification failed (${response.status}): ${error.error ?? "Unknown error"}`
+    );
+  }
+  const result = await response.json();
+  const output = contentToCheck !== void 0 ? {
+    ...result,
+    contentMatch: sha256Hex(contentToCheck) === result.payloadHash
+  } : result;
+  console.log(JSON.stringify(output, null, 2));
+}
+async function handleCertify(args, options) {
+  const { values, positionals } = parseArgs({
+    args,
+    options: {
+      file: { type: "string" },
+      url: { type: "string", default: DEFAULT_BASE_URL }
+    },
+    strict: true,
+    allowPositionals: true
+  });
+  const signatureHash = positionals[0];
+  const contentArg = positionals[1];
+  if (!signatureHash || !contentArg && !values.file) {
+    fail(
+      "Usage: identityapp certify <signature_hash> <content> [--url <base_url>] OR identityapp certify <signature_hash> --file <path> [--url <base_url>]"
+    );
+  }
+  const content = values.file !== void 0 ? fs3.existsSync(values.file) ? fs3.readFileSync(values.file) : fail(`File not found: ${values.file}`) : contentArg;
+  const contentHash = sha256Hex(content);
+  const headers = { "Content-Type": "application/json" };
+  if (options?.apiKey) Object.assign(headers, withBearer(options.apiKey));
+  const response = await fetch(
+    `${stripTrailingSlash(values.url)}/api/v1/signatures/certify`,
+    {
+      method: "POST",
+      headers,
+      body: JSON.stringify({ signatureHash, contentHash })
+    }
+  );
+  if (!response.ok) {
+    const error = await readResponseJson(response);
+    fail(
+      `Certification failed (${response.status}): ${error.error ?? "Unknown error"}`
+    );
+  }
+  console.log(JSON.stringify(await response.json(), null, 2));
+}
+async function handleReport(args, ctx) {
+  const { values, positionals } = parseArgs({
+    args,
+    options: {
+      as: { type: "string" },
+      signature: { type: "string" },
+      details: { type: "string" },
+      credentials: { type: "string" },
+      url: { type: "string", default: DEFAULT_BASE_URL }
+    },
+    strict: true,
+    allowPositionals: true
+  });
+  const targetDid = positionals[0];
+  const reason = positionals[1];
+  if (!targetDid || !reason) {
+    fail(
+      "Usage: identityapp report <target_did> <reason> [--signature <hash>] [--details <text>] [--credentials <path>] [--url <base_url>]"
+    );
+  }
+  const validReasons = ["spam", "impersonation", "malicious", "other"];
+  if (!validReasons.includes(reason)) {
+    fail(
+      `Invalid reason "${reason}". Must be one of: ${validReasons.join(", ")}`
+    );
+  }
+  const config = readConfig(ctx);
+  const creds = values.credentials ? loadCredentials(path4.resolve(values.credentials)) : loadIdentityFromAlias(ctx, config, values.as);
+  const signedAt = Date.now();
+  const signature = signMessage(
+    creds.privateKey,
+    `report:${targetDid}:${reason}:${signedAt}`
+  );
+  const response = await fetch(
+    `${stripTrailingSlash(values.url)}/api/v1/agents/report`,
+    {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        did: targetDid,
+        reason,
+        reporterDid: creds.did,
+        signature,
+        signedAt,
+        signatureHash: values.signature,
+        details: values.details
+      })
+    }
+  );
+  if (!response.ok) {
+    const error = await readResponseJson(response);
+    fail(
+      `Report failed (${response.status}): ${error.error ?? "Unknown error"}`
+    );
+  }
+  console.log(JSON.stringify(await response.json(), null, 2));
+}
+// src/commands/identity.ts
+import fs4 from "fs";
+import path5 from "path";
+import { parseArgs as parseArgs2 } from "util";
+async function handleIdentity(args, ctx) {
+  const subcommand = args[0];
+  const rest = args.slice(1);
+  if (subcommand === "list") {
+    const config = readConfig(ctx);
+    if (!fs4.existsSync(ctx.identitiesDir)) {
+      console.log(
+        JSON.stringify({ defaultAlias: config.defaultAlias, identities: [] }, null, 2)
+      );
+      return;
+    }
+    const files = fs4.readdirSync(ctx.identitiesDir).filter((name) => name.endsWith(".json")).sort();
+    const identities = files.map((fileName) => {
+      const filePath = path5.join(ctx.identitiesDir, fileName);
+      const identity = readJsonFile(filePath);
+      const alias = fileName.slice(0, -5);
+      return {
+        alias,
+        did: identity.did ?? null,
+        label: identity.label ?? null,
+        updatedAt: identity.updatedAt ?? null,
+        isDefault: config.defaultAlias === alias
+      };
+    });
+    console.log(
+      JSON.stringify(
+        {
+          home: ctx.home,
+          defaultAlias: config.defaultAlias,
+          identities
+        },
+        null,
+        2
+      )
+    );
+    return;
+  }
+  if (subcommand === "show") {
+    const { values } = parseArgs2({
+      args: rest,
+      options: {
+        as: { type: "string" }
+      },
+      strict: true,
+      allowPositionals: false
+    });
+    const config = readConfig(ctx);
+    const identity = loadIdentityFromAlias(ctx, config, values.as);
+    console.log(
+      JSON.stringify(
+        {
+          home: ctx.home,
+          ...redactPrivateKey(identity)
+        },
+        null,
+        2
+      )
+    );
+    return;
+  }
+  if (subcommand === "use") {
+    const alias = rest[0];
+    if (!alias) fail("Usage: identityapp identity use <alias>");
+    const normalized = normalizeAlias(alias);
+    const identityPath = identityPathForAlias(ctx, normalized);
+    if (!fs4.existsSync(identityPath)) {
+      fail(`Identity alias "${normalized}" not found.`);
+    }
+    const config = readConfig(ctx);
+    writeConfig(ctx, { ...config, defaultAlias: normalized });
+    console.log(JSON.stringify({ ok: true, defaultAlias: normalized }, null, 2));
+    return;
+  }
+  if (subcommand === "remove") {
+    const { values } = parseArgs2({
+      args: rest,
+      options: {
+        as: { type: "string" },
+        yes: { type: "boolean" }
+      },
+      strict: true,
+      allowPositionals: false
+    });
+    if (!values.as) fail("Usage: identityapp identity remove --as <alias> --yes");
+    if (values.yes !== true) {
+      fail("Refusing to remove identity without --yes");
+    }
+    const alias = normalizeAlias(values.as);
+    const target = identityPathForAlias(ctx, alias);
+    if (!fs4.existsSync(target)) {
+      fail(`Identity alias "${alias}" not found.`);
+    }
+    fs4.rmSync(target);
+    const config = readConfig(ctx);
+    const nextConfig = config.defaultAlias === alias ? { ...config, defaultAlias: null } : config;
+    writeConfig(ctx, nextConfig);
+    console.log(JSON.stringify({ ok: true, removed: alias }, null, 2));
+    return;
+  }
+  fail("Usage: identityapp identity <list|show|use|remove> ...");
+}
+// src/commands/integrator.ts
+import fs5 from "fs";
+import path6 from "path";
+import { parseArgs as parseArgs3 } from "util";
+async function handleIntegratorConsent(args, ctx) {
+  const { values, positionals } = parseArgs3({
+    args,
+    options: {
+      as: { type: "string" },
+      credentials: { type: "string" },
+      integrator: { type: "string" },
+      url: { type: "string", default: DEFAULT_BASE_URL }
+    },
+    strict: true,
+    allowPositionals: true
+  });
+  const consentAction = positionals[0];
+  if (consentAction !== "allow" && consentAction !== "revoke") {
+    fail(
+      "Usage: identityapp integrator consent <allow|revoke> --as <alias> --integrator <slug>"
+    );
+  }
+  if (!values.integrator) {
+    fail("Missing required flag: --integrator");
+  }
+  const config = readConfig(ctx);
+  const creds = values.credentials ? loadCredentials(path6.resolve(values.credentials)) : loadIdentityFromAlias(ctx, config, values.as);
+  const baseUrl = stripTrailingSlash(values.url);
+  const signedAt = Date.now();
+  const consentPayload = canonicalize({
+    type: "integrator_consent_v1",
+    did: creds.did,
+    integratorSlug: values.integrator,
+    action: consentAction,
+    signedAt
+  });
+  const payloadHash = sha256Hex(consentPayload);
+  const signature = signMessage(creds.privateKey, `${payloadHash}:${signedAt}`);
+  console.error("Signing consent payload...");
+  const signResponse = await fetch(`${baseUrl}/api/v1/signatures/sign`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      did: creds.did,
+      payloadHash,
+      signature,
+      signedAt,
+      publicNote: `integrator consent: ${consentAction} ${values.integrator}`
+    })
+  });
+  if (!signResponse.ok) {
+    const error = await readResponseJson(signResponse);
+    fail(
+      `Signing consent failed (${signResponse.status}): ${error.error ?? "Unknown error"}`
+    );
+  }
+  const { signatureHash } = await signResponse.json();
+  console.error("Submitting consent...");
+  const consentResponse = await fetch(`${baseUrl}/api/v1/integrators/consent`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      integratorSlug: values.integrator,
+      did: creds.did,
+      action: consentAction,
+      signatureHash,
+      signedAt
+    })
+  });
+  if (!consentResponse.ok) {
+    const error = await readResponseJson(consentResponse);
+    fail(
+      `Consent update failed (${consentResponse.status}): ${error.error ?? "Unknown error"}`
+    );
+  }
+  console.log(JSON.stringify(await consentResponse.json(), null, 2));
+}
+async function handleIntegratorIngest(args) {
+  const { values } = parseArgs3({
+    args,
+    options: {
+      "api-key": { type: "string" },
+      "ingest-url": { type: "string" },
+      body: { type: "string" },
+      "body-file": { type: "string" }
+    },
+    strict: true,
+    allowPositionals: false
+  });
+  if (!values["api-key"]) {
+    fail("Missing required flag: --api-key");
+  }
+  if (!values.body && !values["body-file"]) {
+    fail("Provide one of --body or --body-file");
+  }
+  const jsonText = values["body-file"] ? fs5.existsSync(values["body-file"]) ? fs5.readFileSync(values["body-file"], "utf-8") : fail(`File not found: ${values["body-file"]}`) : values.body;
+  parseJsonText(jsonText);
+  const ingestUrl = values["ingest-url"] ?? DEFAULT_EVENTS_URL;
+  const response = await fetch(ingestUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      ...withBearer(values["api-key"])
+    },
+    body: jsonText
+  });
+  const body = await readResponseJson(response);
+  if (!response.ok) {
+    fail(
+      `Ingest failed (${response.status}): ${body.error ?? "Unknown error"}`
+    );
+  }
+  console.log(JSON.stringify(body, null, 2));
+}
+function extractApiKey(tokens) {
+  const out = [];
+  let apiKey;
+  for (let i = 0; i < tokens.length; i += 1) {
+    const token = tokens[i];
+    if (token === "--api-key") {
+      apiKey = tokens[i + 1];
+      i += 1;
+      continue;
+    }
+    out.push(token);
+  }
+  return { apiKey, remaining: out };
+}
+async function handleIntegrator(args, ctx) {
+  const subcommand = args[0];
+  const rest = args.slice(1);
+  if (subcommand === "consent") {
+    await handleIntegratorConsent(rest, ctx);
+    return;
+  }
+  if (subcommand === "ingest") {
+    await handleIntegratorIngest(rest);
+    return;
+  }
+  if (subcommand === "verify") {
+    const parsed = extractApiKey(rest);
+    if (!parsed.apiKey) fail("Missing required flag: --api-key");
+    await handleVerify(parsed.remaining, { apiKey: parsed.apiKey });
+    return;
+  }
+  if (subcommand === "certify") {
+    const parsed = extractApiKey(rest);
+    if (!parsed.apiKey) fail("Missing required flag: --api-key");
+    await handleCertify(parsed.remaining, { apiKey: parsed.apiKey });
+    return;
+  }
+  fail("Usage: identityapp integrator <consent|ingest|verify|certify> ...");
+}
+// src/usage.ts
+function usage() {
+  return `
+identityapp CLI
+Usage:
+  identityapp register [--as <alias>] [--label <name>] [--linking-key <key>] [--no-link] [--url <base_url>]
+                       [--key-file <path>] [--public-key <b64> --private-key <b64>]
+                       [--save <path>] [--home <dir>]
+  identityapp sign <payload> [--as <alias>] [--note <text>] [--credentials <path>] [--url <base_url>] [--home <dir>]
+  identityapp sign --file <path> [--as <alias>] [--note <text>] [--credentials <path>] [--url <base_url>] [--home <dir>]
+  identityapp verify <signature_hash> [content_to_check] [--url <base_url>]
+  identityapp certify <signature_hash> <content> [--url <base_url>]
+  identityapp certify <signature_hash> --file <path> [--url <base_url>]
+  identityapp report <target_did> <reason> [--as <alias>] [--signature <hash>] [--details <text>]
+                     [--credentials <path>] [--url <base_url>] [--home <dir>]
+  identityapp identity list [--home <dir>]
+  identityapp identity show [--as <alias>] [--home <dir>]
+  identityapp identity use <alias> [--home <dir>]
+  identityapp identity remove --as <alias> --yes [--home <dir>]
+  identityapp auth link set <linking_key> [--home <dir>]
+  identityapp auth link show [--home <dir>]
+  identityapp auth link clear [--home <dir>]
+  identityapp integrator consent <allow|revoke> --as <alias> --integrator <slug>
+                                 [--credentials <path>] [--url <base_url>] [--home <dir>]
+  identityapp integrator ingest --api-key <key> [--ingest-url <full_url>] [--home <dir>]
+                                (--body <json> | --body-file <path>)
+  identityapp integrator verify <signature_hash> [content_to_check] --api-key <key> [--url <base_url>]
+  identityapp integrator certify <signature_hash> <content> --api-key <key> [--url <base_url>]
+  identityapp integrator certify <signature_hash> --file <path> --api-key <key> [--url <base_url>]
+Examples:
+  npx identityapp register --label "my-agent"
+  npx identityapp sign "Hello world"
+  npx identityapp verify <signatureHash> "Hello world"
+  npx identityapp integrator ingest --api-key <key> --body-file ./event.json
+`.trim();
+}
+// src/cli.ts
+async function main() {
+  const parsed = resolveHome(process.argv.slice(2));
+  const args = parsed.args;
+  const ctx = createContext(parsed.home);
+  const command = args[0];
+  const rest = args.slice(1);
+  if (!command || command === "--help" || command === "-h") {
+    console.log(usage());
+    return;
+  }
+  if (command === "--version" || command === "-v") {
+    console.log(CURRENT_VERSION);
+    return;
+  }
+  if (command === "register") {
+    await handleRegister(rest, ctx);
+    return;
+  }
+  if (command === "sign") {
+    await handleSign(rest, ctx);
+    return;
+  }
+  if (command === "verify") {
+    await handleVerify(rest);
+    return;
+  }
+  if (command === "certify") {
+    await handleCertify(rest);
+    return;
+  }
+  if (command === "report") {
+    await handleReport(rest, ctx);
+    return;
+  }
+  if (command === "identity") {
+    await handleIdentity(rest, ctx);
+    return;
+  }
+  if (command === "auth") {
+    await handleAuth(rest, ctx);
+    return;
+  }
+  if (command === "integrator") {
+    await handleIntegrator(rest, ctx);
+    return;
+  }
+  fail(`Unknown command: ${command}
+${usage()}`);
+}
+main().catch((error) => {
+  fail(error instanceof Error ? error.message : "Unknown error");
+});
+//# sourceMappingURL=cli.mjs.map

package/dist/cli.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/constants.ts","../src/lib/errors.ts","../src/lib/storage.ts","../src/lib/fs.ts","../src/commands/auth.ts","../src/commands/agent.ts","../src/lib/crypto.ts","../src/lib/http.ts","../src/lib/utils.ts","../src/commands/identity.ts","../src/commands/integrator.ts","../src/usage.ts","../src/cli.ts"],"sourcesContent":["import os from \"node:os\";\nimport path from \"node:path\";\n\nexport const DEFAULT_BASE_URL = \"https://identity.app\";\nexport const DEFAULT_EVENTS_URL = \"https://integrator.identity.app/ingest\";\nexport const DEFAULT_IDENTITY_HOME = path.join(os.homedir(), \".identity\");\nexport const IDENTITY_HOME_ENV = \"IDENTITY_HOME\";\nexport const CURRENT_VERSION = \"0.1.0\";\n","export function fail(message: string): never {\n console.error(message);\n process.exit(1);\n}\n","import fs from \"node:fs\";\nimport path from \"node:path\";\nimport { DEFAULT_IDENTITY_HOME, IDENTITY_HOME_ENV } from \"../constants\";\nimport type { Credentials, IdentityConfig, RuntimeContext } from \"../types\";\nimport { fail } from \"./errors\";\nimport { readJsonFile, writeSecureJsonFile } from \"./fs\";\n\nexport function resolveHome(rawArgs: string[]) {\n const remaining: string[] = [];\n let homeFromArg: string | undefined;\n\n for (let i = 0; i < rawArgs.length; i += 1) {\n const token = rawArgs[i];\n if (token === \"--home\") {\n homeFromArg = rawArgs[i + 1];\n i += 1;\n continue;\n }\n if (token.startsWith(\"--home=\")) {\n homeFromArg = token.slice(\"--home=\".length);\n continue;\n }\n remaining.push(token);\n }\n\n const home =\n homeFromArg || process.env[IDENTITY_HOME_ENV] || DEFAULT_IDENTITY_HOME;\n const absHome = path.resolve(home);\n return { home: absHome, args: remaining };\n}\n\nexport function createContext(home: string): RuntimeContext {\n const identitiesDir = path.join(home, \"identities\");\n return {\n home,\n configPath: path.join(home, \"config.json\"),\n identitiesDir,\n };\n}\n\nfunction defaultConfig(): IdentityConfig {\n return {\n version: 1,\n defaultAlias: null,\n defaultLinkingKey: null,\n };\n}\n\nexport function readConfig(ctx: RuntimeContext): IdentityConfig {\n if (!fs.existsSync(ctx.configPath)) {\n return defaultConfig();\n }\n const parsed = readJsonFile(ctx.configPath) as Partial<IdentityConfig>;\n return {\n version: typeof parsed.version === \"number\" ? parsed.version : 1,\n defaultAlias:\n typeof parsed.defaultAlias === \"string\" ? parsed.defaultAlias : null,\n defaultLinkingKey:\n typeof parsed.defaultLinkingKey === \"string\"\n ? parsed.defaultLinkingKey\n : null,\n };\n}\n\nexport function writeConfig(ctx: RuntimeContext, config: IdentityConfig) {\n writeSecureJsonFile(ctx.configPath, config);\n}\n\nexport function normalizeAlias(alias: string): string {\n const normalized = alias.trim().toLowerCase();\n if (!/^[a-z][a-z0-9_-]{0,62}$/.test(normalized)) {\n fail(\n `Invalid alias \"${alias}\". Alias must start with a letter and contain only lowercase letters, digits, \"_\" or \"-\".`,\n );\n }\n return normalized;\n}\n\nexport function identityPathForAlias(ctx: RuntimeContext, alias: string): string {\n return path.join(ctx.identitiesDir, `${normalizeAlias(alias)}.json`);\n}\n\nexport function resolveAlias(\n requestedAlias: string | undefined,\n config: IdentityConfig,\n): string {\n if (requestedAlias) return normalizeAlias(requestedAlias);\n if (config.defaultAlias) return normalizeAlias(config.defaultAlias);\n fail(\n 'No alias selected. Pass --as <alias> or set a default with \"identityapp identity use <alias>\".',\n );\n}\n\nexport function loadCredentials(filePath?: string): Credentials {\n if (!filePath) fail(\"Internal error: credentials file path is required\");\n const json = readJsonFile(filePath) as Partial<Credentials>;\n if (!json.did || !json.privateKey) {\n fail(`Invalid credentials file: ${filePath} (missing did or privateKey)`);\n }\n return {\n did: json.did,\n publicKey: json.publicKey,\n privateKey: json.privateKey,\n linked: json.linked,\n claimToken: json.claimToken,\n };\n}\n\nexport function saveCredentials(filePath: string, creds: Credentials) {\n writeSecureJsonFile(filePath, creds);\n}\n\nexport function loadIdentityFromAlias(\n ctx: RuntimeContext,\n config: IdentityConfig,\n requestedAlias?: string,\n): Credentials {\n const alias = resolveAlias(requestedAlias, config);\n const filePath = identityPathForAlias(ctx, alias);\n if (!fs.existsSync(filePath)) {\n fail(\n `Identity alias \"${alias}\" not found at ${filePath}. Register first with \"identityapp register --as ${alias}\".`,\n );\n }\n const credentials = loadCredentials(filePath);\n return { ...credentials, alias };\n}\n\nexport function maybeSetDefaultAlias(\n ctx: RuntimeContext,\n config: IdentityConfig,\n alias: string,\n) {\n if (!config.defaultAlias) {\n writeConfig(ctx, { ...config, defaultAlias: alias });\n }\n}\n\nexport function redactPrivateKey(identity: Credentials) {\n return {\n ...identity,\n privateKey: \"[redacted]\",\n };\n}\n","import fs from \"node:fs\";\nimport path from \"node:path\";\nimport { fail } from \"./errors\";\n\nexport function ensureDir(dirPath: string) {\n fs.mkdirSync(dirPath, { recursive: true, mode: 0o700 });\n}\n\nexport function ensureDirForFile(filePath: string) {\n ensureDir(path.dirname(filePath));\n}\n\nexport function readJsonFile(filePath: string): unknown {\n try {\n const raw = fs.readFileSync(filePath, \"utf-8\");\n return JSON.parse(raw);\n } catch (error) {\n if (\n typeof error === \"object\" &&\n error &&\n \"code\" in error &&\n error.code === \"ENOENT\"\n ) {\n fail(`File not found: ${filePath}`);\n }\n fail(`Invalid JSON file: ${filePath}`);\n }\n}\n\nexport function writeSecureJsonFile(filePath: string, value: unknown) {\n ensureDirForFile(filePath);\n fs.writeFileSync(filePath, `${JSON.stringify(value, null, 2)}\\n`, \"utf-8\");\n try {\n fs.chmodSync(filePath, 0o600);\n } catch {\n // Ignore chmod issues on non-POSIX filesystems.\n }\n}\n","import type { RuntimeContext } from \"../types\";\nimport { fail } from \"../lib/errors\";\nimport { readConfig, writeConfig } from \"../lib/storage\";\n\nexport async function handleAuth(args: string[], ctx: RuntimeContext) {\n const subcommand = args[0];\n const rest = args.slice(1);\n if (subcommand !== \"link\") {\n fail(\"Usage: identityapp auth link <set|show|clear> ...\");\n }\n\n const action = rest[0];\n const actionArgs = rest.slice(1);\n const config = readConfig(ctx);\n\n if (action === \"set\") {\n const key = actionArgs[0];\n if (!key) fail(\"Usage: identityapp auth link set <linking_key>\");\n writeConfig(ctx, { ...config, defaultLinkingKey: key });\n console.log(JSON.stringify({ ok: true, defaultLinkingKey: \"[set]\" }, null, 2));\n return;\n }\n if (action === \"show\") {\n console.log(\n JSON.stringify(\n {\n defaultLinkingKey: config.defaultLinkingKey ? \"[set]\" : null,\n },\n null,\n 2,\n ),\n );\n return;\n }\n if (action === \"clear\") {\n writeConfig(ctx, { ...config, defaultLinkingKey: null });\n console.log(JSON.stringify({ ok: true, defaultLinkingKey: null }, null, 2));\n return;\n }\n\n fail(\"Usage: identityapp auth link <set|show|clear> ...\");\n}\n","import fs from \"node:fs\";\nimport path from \"node:path\";\nimport { parseArgs } from \"node:util\";\nimport { DEFAULT_BASE_URL } from \"../constants\";\nimport type { Credentials, RuntimeContext } from \"../types\";\nimport { generateEd25519KeyPair, minePowNonce, sha256Hex, signMessage } from \"../lib/crypto\";\nimport { fail } from \"../lib/errors\";\nimport { readJsonFile } from \"../lib/fs\";\nimport { readResponseJson, withBearer } from \"../lib/http\";\nimport {\n identityPathForAlias,\n loadCredentials,\n loadIdentityFromAlias,\n maybeSetDefaultAlias,\n readConfig,\n resolveAlias,\n saveCredentials,\n} from \"../lib/storage\";\nimport { stripTrailingSlash } from \"../lib/utils\";\n\nexport async function handleRegister(args: string[], ctx: RuntimeContext) {\n const { values } = parseArgs({\n args,\n options: {\n as: { type: \"string\" },\n label: { type: \"string\" },\n \"linking-key\": { type: \"string\" },\n \"no-link\": { type: \"boolean\" },\n \"key-file\": { type: \"string\" },\n \"public-key\": { type: \"string\" },\n \"private-key\": { type: \"string\" },\n save: { type: \"string\" },\n url: { type: \"string\", default: DEFAULT_BASE_URL },\n },\n strict: true,\n allowPositionals: false,\n });\n const config = readConfig(ctx);\n const alias = resolveAlias(values.as, config);\n const canonicalPath = identityPathForAlias(ctx, alias);\n if (fs.existsSync(canonicalPath)) {\n fail(\n `Identity alias \"${alias}\" already exists at ${canonicalPath}. Register with a new alias or remove the existing one via \"identityapp identity remove --as ${alias} --yes\".`,\n );\n }\n\n let keyPair: { publicKey: string; privateKey: string };\n if (values[\"key-file\"]) {\n const json = readJsonFile(values[\"key-file\"]) as Partial<{\n publicKey: string;\n privateKey: string;\n }>;\n if (!json.publicKey || !json.privateKey) {\n fail('Key file must include \"publicKey\" and \"privateKey\"');\n }\n keyPair = { publicKey: json.publicKey, privateKey: json.privateKey };\n } else if (values[\"public-key\"] && values[\"private-key\"]) {\n console.error(\n \"Warning: passing --private-key on the CLI exposes it in shell history. Prefer --key-file.\",\n );\n keyPair = {\n publicKey: values[\"public-key\"],\n privateKey: values[\"private-key\"],\n };\n } else if (values[\"public-key\"] || values[\"private-key\"]) {\n fail(\"Both --public-key and --private-key must be set together\");\n } else {\n keyPair = generateEd25519KeyPair();\n }\n\n console.error(\"Mining proof-of-work nonce...\");\n const powNonce = minePowNonce(keyPair.publicKey);\n\n const payload: Record<string, unknown> = {\n publicKey: keyPair.publicKey,\n powNonce,\n };\n const label = values.label ?? alias;\n payload.label = label;\n\n const linkingKey =\n values[\"no-link\"] === true\n ? undefined\n : values[\"linking-key\"] ?? config.defaultLinkingKey ?? undefined;\n if (linkingKey) payload.linkingKey = linkingKey;\n\n const baseUrl = stripTrailingSlash(values.url);\n const response = await fetch(`${baseUrl}/api/v1/agents/register`, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify(payload),\n });\n if (!response.ok) {\n const error = await readResponseJson(response);\n fail(\n `Registration failed (${response.status}): ${(error as { error?: string }).error ?? \"Unknown error\"}`,\n );\n }\n\n const body = (await response.json()) as {\n did: string;\n linked: boolean;\n claimToken?: string;\n };\n const credentials: Credentials = {\n alias,\n did: body.did,\n publicKey: keyPair.publicKey,\n privateKey: keyPair.privateKey,\n linked: body.linked,\n claimToken: body.claimToken,\n label,\n createdAt: Date.now(),\n updatedAt: Date.now(),\n };\n\n saveCredentials(canonicalPath, credentials);\n maybeSetDefaultAlias(ctx, config, alias);\n console.error(`Identity saved to ${canonicalPath}`);\n\n if (values.save) {\n saveCredentials(path.resolve(values.save), credentials);\n console.error(`Additional copy saved to ${path.resolve(values.save)}`);\n }\n\n const registerOutput = {\n alias: credentials.alias,\n did: credentials.did,\n publicKey: credentials.publicKey,\n linked: credentials.linked,\n claimToken: credentials.claimToken,\n label: credentials.label,\n createdAt: credentials.createdAt,\n updatedAt: credentials.updatedAt,\n identityPath: canonicalPath,\n privateKey: \"[stored locally only; never printed]\",\n };\n console.log(JSON.stringify(registerOutput, null, 2));\n}\n\nexport async function handleSign(args: string[], ctx: RuntimeContext) {\n const { values, positionals } = parseArgs({\n args,\n options: {\n as: { type: \"string\" },\n file: { type: \"string\" },\n note: { type: \"string\" },\n credentials: { type: \"string\" },\n url: { type: \"string\", default: DEFAULT_BASE_URL },\n },\n strict: true,\n allowPositionals: true,\n });\n\n const payload = positionals[0];\n if (!payload && !values.file) {\n fail(\n \"Usage: identityapp sign <payload> [--note <text>] [--credentials <path>] [--url <base_url>] OR identityapp sign --file <path> ...\",\n );\n }\n\n const config = readConfig(ctx);\n const creds = values.credentials\n ? loadCredentials(path.resolve(values.credentials))\n : loadIdentityFromAlias(ctx, config, values.as);\n const content =\n values.file !== undefined\n ? fs.existsSync(values.file)\n ? fs.readFileSync(values.file)\n : fail(`File not found: ${values.file}`)\n : payload;\n const payloadHash = sha256Hex(content);\n const signedAt = Date.now();\n const signature = signMessage(creds.privateKey, `${payloadHash}:${signedAt}`);\n\n const response = await fetch(\n `${stripTrailingSlash(values.url)}/api/v1/signatures/sign`,\n {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n did: creds.did,\n payloadHash,\n signature,\n signedAt,\n publicNote: values.note,\n }),\n },\n );\n if (!response.ok) {\n const error = await readResponseJson(response);\n fail(\n `Signing failed (${response.status}): ${(error as { error?: string }).error ?? \"Unknown error\"}`,\n );\n }\n const result = (await response.json()) as { signatureHash: string };\n const baseUrl = stripTrailingSlash(values.url);\n console.log(\n JSON.stringify(\n {\n ...result,\n verifyUrl: `${baseUrl}/verify/${result.signatureHash}`,\n verifyApiUrl: `${baseUrl}/api/v1/signatures/verify?hash=${result.signatureHash}`,\n },\n null,\n 2,\n ),\n );\n}\n\nexport async function handleVerify(\n args: string[],\n options?: {\n apiKey?: string;\n },\n) {\n const { values, positionals } = parseArgs({\n args,\n options: {\n url: { type: \"string\", default: DEFAULT_BASE_URL },\n },\n strict: true,\n allowPositionals: true,\n });\n const signatureHash = positionals[0];\n const contentToCheck = positionals[1];\n if (!signatureHash) {\n fail(\n \"Usage: identityapp verify <signature_hash> [content_to_check] [--url <base_url>]\",\n );\n }\n\n const headers: HeadersInit = {};\n if (options?.apiKey) Object.assign(headers, withBearer(options.apiKey));\n\n const response = await fetch(\n `${stripTrailingSlash(values.url)}/api/v1/signatures/verify?hash=${encodeURIComponent(signatureHash)}`,\n { headers },\n );\n if (!response.ok) {\n const error = await readResponseJson(response);\n fail(\n `Verification failed (${response.status}): ${(error as { error?: string }).error ?? \"Unknown error\"}`,\n );\n }\n const result = (await response.json()) as { payloadHash: string };\n const output =\n contentToCheck !== undefined\n ? {\n ...result,\n contentMatch: sha256Hex(contentToCheck) === result.payloadHash,\n }\n : result;\n console.log(JSON.stringify(output, null, 2));\n}\n\nexport async function handleCertify(\n args: string[],\n options?: {\n apiKey?: string;\n },\n) {\n const { values, positionals } = parseArgs({\n args,\n options: {\n file: { type: \"string\" },\n url: { type: \"string\", default: DEFAULT_BASE_URL },\n },\n strict: true,\n allowPositionals: true,\n });\n const signatureHash = positionals[0];\n const contentArg = positionals[1];\n if (!signatureHash || (!contentArg && !values.file)) {\n fail(\n \"Usage: identityapp certify <signature_hash> <content> [--url <base_url>] OR identityapp certify <signature_hash> --file <path> [--url <base_url>]\",\n );\n }\n\n const content =\n values.file !== undefined\n ? fs.existsSync(values.file)\n ? fs.readFileSync(values.file)\n : fail(`File not found: ${values.file}`)\n : contentArg;\n const contentHash = sha256Hex(content);\n\n const headers: HeadersInit = { \"Content-Type\": \"application/json\" };\n if (options?.apiKey) Object.assign(headers, withBearer(options.apiKey));\n\n const response = await fetch(\n `${stripTrailingSlash(values.url)}/api/v1/signatures/certify`,\n {\n method: \"POST\",\n headers,\n body: JSON.stringify({ signatureHash, contentHash }),\n },\n );\n if (!response.ok) {\n const error = await readResponseJson(response);\n fail(\n `Certification failed (${response.status}): ${(error as { error?: string }).error ?? \"Unknown error\"}`,\n );\n }\n console.log(JSON.stringify(await response.json(), null, 2));\n}\n\nexport async function handleReport(args: string[], ctx: RuntimeContext) {\n const { values, positionals } = parseArgs({\n args,\n options: {\n as: { type: \"string\" },\n signature: { type: \"string\" },\n details: { type: \"string\" },\n credentials: { type: \"string\" },\n url: { type: \"string\", default: DEFAULT_BASE_URL },\n },\n strict: true,\n allowPositionals: true,\n });\n const targetDid = positionals[0];\n const reason = positionals[1];\n if (!targetDid || !reason) {\n fail(\n \"Usage: identityapp report <target_did> <reason> [--signature <hash>] [--details <text>] [--credentials <path>] [--url <base_url>]\",\n );\n }\n\n const validReasons = [\"spam\", \"impersonation\", \"malicious\", \"other\"];\n if (!validReasons.includes(reason)) {\n fail(\n `Invalid reason \"${reason}\". Must be one of: ${validReasons.join(\", \")}`,\n );\n }\n\n const config = readConfig(ctx);\n const creds = values.credentials\n ? loadCredentials(path.resolve(values.credentials))\n : loadIdentityFromAlias(ctx, config, values.as);\n const signedAt = Date.now();\n const signature = signMessage(\n creds.privateKey,\n `report:${targetDid}:${reason}:${signedAt}`,\n );\n\n const response = await fetch(\n `${stripTrailingSlash(values.url)}/api/v1/agents/report`,\n {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n did: targetDid,\n reason,\n reporterDid: creds.did,\n signature,\n signedAt,\n signatureHash: values.signature,\n details: values.details,\n }),\n },\n );\n if (!response.ok) {\n const error = await readResponseJson(response);\n fail(\n `Report failed (${response.status}): ${(error as { error?: string }).error ?? \"Unknown error\"}`,\n );\n }\n console.log(JSON.stringify(await response.json(), null, 2));\n}\n","import crypto from \"node:crypto\";\n\nexport function sha256Hex(input: string | Buffer): string {\n return crypto.createHash(\"sha256\").update(input).digest(\"hex\");\n}\n\nexport function buildPrivateKeyFromRawBase64(privateKeyBase64: string) {\n const raw = Buffer.from(privateKeyBase64, \"base64\");\n const pkcs8Prefix = Buffer.from(\"302e020100300506032b657004220420\", \"hex\");\n const der = Buffer.concat([pkcs8Prefix, raw]);\n return crypto.createPrivateKey({\n key: der,\n format: \"der\",\n type: \"pkcs8\",\n });\n}\n\nexport function signMessage(privateKeyBase64: string, message: string): string {\n const privateKey = buildPrivateKeyFromRawBase64(privateKeyBase64);\n return crypto.sign(null, Buffer.from(message), privateKey).toString(\"base64\");\n}\n\nexport function generateEd25519KeyPair() {\n const { publicKey, privateKey } = crypto.generateKeyPairSync(\"ed25519\");\n const publicKeyB64 = publicKey\n .export({ type: \"spki\", format: \"der\" })\n .subarray(-32)\n .toString(\"base64\");\n const privateKeyB64 = privateKey\n .export({ type: \"pkcs8\", format: \"der\" })\n .subarray(-32)\n .toString(\"base64\");\n return { publicKey: publicKeyB64, privateKey: privateKeyB64 };\n}\n\nexport function minePowNonce(publicKey: string, difficulty = 4): string {\n let nonce = 0;\n const prefix = \"0\".repeat(difficulty);\n while (true) {\n const hash = sha256Hex(`${publicKey}${String(nonce)}`);\n if (hash.startsWith(prefix)) return String(nonce);\n nonce += 1;\n }\n}\n","export function withBearer(apiKey: string): HeadersInit {\n return {\n Authorization: `Bearer ${apiKey}`,\n };\n}\n\nexport async function readResponseJson(response: Response) {\n return response.json().catch(() => ({}));\n}\n","import { canonicalize } from \"json-canonicalize\";\nimport { fail } from \"./errors\";\n\nexport { canonicalize };\n\nexport function stripTrailingSlash(url: string): string {\n return url.replace(/\\/+$/, \"\");\n}\n\nexport function parseJsonText(text: string): unknown {\n try {\n return JSON.parse(text);\n } catch {\n fail(\"Body is not valid JSON\");\n }\n}\n","import fs from \"node:fs\";\nimport path from \"node:path\";\nimport { parseArgs } from \"node:util\";\nimport type { Credentials, RuntimeContext } from \"../types\";\nimport { fail } from \"../lib/errors\";\nimport { readJsonFile } from \"../lib/fs\";\nimport {\n identityPathForAlias,\n loadIdentityFromAlias,\n normalizeAlias,\n readConfig,\n redactPrivateKey,\n writeConfig,\n} from \"../lib/storage\";\n\nexport async function handleIdentity(args: string[], ctx: RuntimeContext) {\n const subcommand = args[0];\n const rest = args.slice(1);\n\n if (subcommand === \"list\") {\n const config = readConfig(ctx);\n if (!fs.existsSync(ctx.identitiesDir)) {\n console.log(\n JSON.stringify({ defaultAlias: config.defaultAlias, identities: [] }, null, 2),\n );\n return;\n }\n const files = fs\n .readdirSync(ctx.identitiesDir)\n .filter((name) => name.endsWith(\".json\"))\n .sort();\n const identities = files.map((fileName) => {\n const filePath = path.join(ctx.identitiesDir, fileName);\n const identity = readJsonFile(filePath) as Partial<Credentials>;\n const alias = fileName.slice(0, -5);\n return {\n alias,\n did: identity.did ?? null,\n label: identity.label ?? null,\n updatedAt: identity.updatedAt ?? null,\n isDefault: config.defaultAlias === alias,\n };\n });\n console.log(\n JSON.stringify(\n {\n home: ctx.home,\n defaultAlias: config.defaultAlias,\n identities,\n },\n null,\n 2,\n ),\n );\n return;\n }\n\n if (subcommand === \"show\") {\n const { values } = parseArgs({\n args: rest,\n options: {\n as: { type: \"string\" },\n },\n strict: true,\n allowPositionals: false,\n });\n const config = readConfig(ctx);\n const identity = loadIdentityFromAlias(ctx, config, values.as);\n console.log(\n JSON.stringify(\n {\n home: ctx.home,\n ...redactPrivateKey(identity),\n },\n null,\n 2,\n ),\n );\n return;\n }\n\n if (subcommand === \"use\") {\n const alias = rest[0];\n if (!alias) fail(\"Usage: identityapp identity use <alias>\");\n const normalized = normalizeAlias(alias);\n const identityPath = identityPathForAlias(ctx, normalized);\n if (!fs.existsSync(identityPath)) {\n fail(`Identity alias \"${normalized}\" not found.`);\n }\n const config = readConfig(ctx);\n writeConfig(ctx, { ...config, defaultAlias: normalized });\n console.log(JSON.stringify({ ok: true, defaultAlias: normalized }, null, 2));\n return;\n }\n\n if (subcommand === \"remove\") {\n const { values } = parseArgs({\n args: rest,\n options: {\n as: { type: \"string\" },\n yes: { type: \"boolean\" },\n },\n strict: true,\n allowPositionals: false,\n });\n if (!values.as) fail(\"Usage: identityapp identity remove --as <alias> --yes\");\n if (values.yes !== true) {\n fail(\"Refusing to remove identity without --yes\");\n }\n const alias = normalizeAlias(values.as);\n const target = identityPathForAlias(ctx, alias);\n if (!fs.existsSync(target)) {\n fail(`Identity alias \"${alias}\" not found.`);\n }\n fs.rmSync(target);\n const config = readConfig(ctx);\n const nextConfig =\n config.defaultAlias === alias ? { ...config, defaultAlias: null } : config;\n writeConfig(ctx, nextConfig);\n console.log(JSON.stringify({ ok: true, removed: alias }, null, 2));\n return;\n }\n\n fail(\"Usage: identityapp identity <list|show|use|remove> ...\");\n}\n","import fs from \"node:fs\";\nimport path from \"node:path\";\nimport { parseArgs } from \"node:util\";\nimport { DEFAULT_BASE_URL, DEFAULT_EVENTS_URL } from \"../constants\";\nimport type { RuntimeContext } from \"../types\";\nimport { sha256Hex, signMessage } from \"../lib/crypto\";\nimport { handleCertify, handleVerify } from \"./agent\";\nimport { fail } from \"../lib/errors\";\nimport { readResponseJson, withBearer } from \"../lib/http\";\nimport { loadCredentials, loadIdentityFromAlias, readConfig } from \"../lib/storage\";\nimport { canonicalize, parseJsonText, stripTrailingSlash } from \"../lib/utils\";\n\nasync function handleIntegratorConsent(args: string[], ctx: RuntimeContext) {\n const { values, positionals } = parseArgs({\n args,\n options: {\n as: { type: \"string\" },\n credentials: { type: \"string\" },\n integrator: { type: \"string\" },\n url: { type: \"string\", default: DEFAULT_BASE_URL },\n },\n strict: true,\n allowPositionals: true,\n });\n\n const consentAction = positionals[0];\n if (consentAction !== \"allow\" && consentAction !== \"revoke\") {\n fail(\n \"Usage: identityapp integrator consent <allow|revoke> --as <alias> --integrator <slug>\",\n );\n }\n if (!values.integrator) {\n fail(\"Missing required flag: --integrator\");\n }\n\n const config = readConfig(ctx);\n const creds = values.credentials\n ? loadCredentials(path.resolve(values.credentials))\n : loadIdentityFromAlias(ctx, config, values.as);\n\n const baseUrl = stripTrailingSlash(values.url);\n const signedAt = Date.now();\n\n const consentPayload = canonicalize({\n type: \"integrator_consent_v1\",\n did: creds.did,\n integratorSlug: values.integrator,\n action: consentAction,\n signedAt,\n });\n const payloadHash = sha256Hex(consentPayload);\n const signature = signMessage(creds.privateKey, `${payloadHash}:${signedAt}`);\n\n console.error(\"Signing consent payload...\");\n const signResponse = await fetch(`${baseUrl}/api/v1/signatures/sign`, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n did: creds.did,\n payloadHash,\n signature,\n signedAt,\n publicNote: `integrator consent: ${consentAction} ${values.integrator}`,\n }),\n });\n if (!signResponse.ok) {\n const error = await readResponseJson(signResponse);\n fail(\n `Signing consent failed (${signResponse.status}): ${(error as { error?: string }).error ?? \"Unknown error\"}`,\n );\n }\n const { signatureHash } = (await signResponse.json()) as { signatureHash: string };\n\n console.error(\"Submitting consent...\");\n const consentResponse = await fetch(`${baseUrl}/api/v1/integrators/consent`, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n integratorSlug: values.integrator,\n did: creds.did,\n action: consentAction,\n signatureHash,\n signedAt,\n }),\n });\n if (!consentResponse.ok) {\n const error = await readResponseJson(consentResponse);\n fail(\n `Consent update failed (${consentResponse.status}): ${(error as { error?: string }).error ?? \"Unknown error\"}`,\n );\n }\n console.log(JSON.stringify(await consentResponse.json(), null, 2));\n}\n\nasync function handleIntegratorIngest(args: string[]) {\n const { values } = parseArgs({\n args,\n options: {\n \"api-key\": { type: \"string\" },\n \"ingest-url\": { type: \"string\" },\n body: { type: \"string\" },\n \"body-file\": { type: \"string\" },\n },\n strict: true,\n allowPositionals: false,\n });\n if (!values[\"api-key\"]) {\n fail(\"Missing required flag: --api-key\");\n }\n if (!values.body && !values[\"body-file\"]) {\n fail(\"Provide one of --body or --body-file\");\n }\n\n const jsonText = values[\"body-file\"]\n ? fs.existsSync(values[\"body-file\"])\n ? fs.readFileSync(values[\"body-file\"], \"utf-8\")\n : fail(`File not found: ${values[\"body-file\"]}`)\n : values.body!;\n\n parseJsonText(jsonText);\n\n const ingestUrl = values[\"ingest-url\"] ?? DEFAULT_EVENTS_URL;\n const response = await fetch(ingestUrl, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n ...withBearer(values[\"api-key\"]),\n },\n body: jsonText,\n });\n\n const body = await readResponseJson(response);\n if (!response.ok) {\n fail(\n `Ingest failed (${response.status}): ${(body as { error?: string }).error ?? \"Unknown error\"}`,\n );\n }\n console.log(JSON.stringify(body, null, 2));\n}\n\nfunction extractApiKey(tokens: string[]) {\n const out: string[] = [];\n let apiKey: string | undefined;\n for (let i = 0; i < tokens.length; i += 1) {\n const token = tokens[i];\n if (token === \"--api-key\") {\n apiKey = tokens[i + 1];\n i += 1;\n continue;\n }\n out.push(token);\n }\n return { apiKey, remaining: out };\n}\n\nexport async function handleIntegrator(args: string[], ctx: RuntimeContext) {\n const subcommand = args[0];\n const rest = args.slice(1);\n\n if (subcommand === \"consent\") {\n await handleIntegratorConsent(rest, ctx);\n return;\n }\n if (subcommand === \"ingest\") {\n await handleIntegratorIngest(rest);\n return;\n }\n if (subcommand === \"verify\") {\n const parsed = extractApiKey(rest);\n if (!parsed.apiKey) fail(\"Missing required flag: --api-key\");\n await handleVerify(parsed.remaining, { apiKey: parsed.apiKey });\n return;\n }\n if (subcommand === \"certify\") {\n const parsed = extractApiKey(rest);\n if (!parsed.apiKey) fail(\"Missing required flag: --api-key\");\n await handleCertify(parsed.remaining, { apiKey: parsed.apiKey });\n return;\n }\n\n fail(\"Usage: identityapp integrator <consent|ingest|verify|certify> ...\");\n}\n","export function usage() {\n return `\nidentityapp CLI\n\nUsage:\n identityapp register [--as <alias>] [--label <name>] [--linking-key <key>] [--no-link] [--url <base_url>]\n [--key-file <path>] [--public-key <b64> --private-key <b64>]\n [--save <path>] [--home <dir>]\n identityapp sign <payload> [--as <alias>] [--note <text>] [--credentials <path>] [--url <base_url>] [--home <dir>]\n identityapp sign --file <path> [--as <alias>] [--note <text>] [--credentials <path>] [--url <base_url>] [--home <dir>]\n identityapp verify <signature_hash> [content_to_check] [--url <base_url>]\n identityapp certify <signature_hash> <content> [--url <base_url>]\n identityapp certify <signature_hash> --file <path> [--url <base_url>]\n identityapp report <target_did> <reason> [--as <alias>] [--signature <hash>] [--details <text>]\n [--credentials <path>] [--url <base_url>] [--home <dir>]\n\n identityapp identity list [--home <dir>]\n identityapp identity show [--as <alias>] [--home <dir>]\n identityapp identity use <alias> [--home <dir>]\n identityapp identity remove --as <alias> --yes [--home <dir>]\n\n identityapp auth link set <linking_key> [--home <dir>]\n identityapp auth link show [--home <dir>]\n identityapp auth link clear [--home <dir>]\n\n identityapp integrator consent <allow|revoke> --as <alias> --integrator <slug>\n [--credentials <path>] [--url <base_url>] [--home <dir>]\n identityapp integrator ingest --api-key <key> [--ingest-url <full_url>] [--home <dir>]\n (--body <json> | --body-file <path>)\n identityapp integrator verify <signature_hash> [content_to_check] --api-key <key> [--url <base_url>]\n identityapp integrator certify <signature_hash> <content> --api-key <key> [--url <base_url>]\n identityapp integrator certify <signature_hash> --file <path> --api-key <key> [--url <base_url>]\n\nExamples:\n npx identityapp register --label \"my-agent\"\n npx identityapp sign \"Hello world\"\n npx identityapp verify <signatureHash> \"Hello world\"\n npx identityapp integrator ingest --api-key <key> --body-file ./event.json\n`.trim();\n}\n","#!/usr/bin/env node\n\nimport { CURRENT_VERSION } from \"./constants\";\nimport { handleAuth } from \"./commands/auth\";\nimport {\n handleCertify,\n handleRegister,\n handleReport,\n handleSign,\n handleVerify,\n} from \"./commands/agent\";\nimport { handleIdentity } from \"./commands/identity\";\nimport { handleIntegrator } from \"./commands/integrator\";\nimport { fail } from \"./lib/errors\";\nimport { createContext, resolveHome } from \"./lib/storage\";\nimport { usage } from \"./usage\";\n\nasync function main() {\n const parsed = resolveHome(process.argv.slice(2));\n const args = parsed.args;\n const ctx = createContext(parsed.home);\n const command = args[0];\n const rest = args.slice(1);\n\n if (!command || command === \"--help\" || command === \"-h\") {\n console.log(usage());\n return;\n }\n if (command === \"--version\" || command === \"-v\") {\n console.log(CURRENT_VERSION);\n return;\n }\n\n if (command === \"register\") {\n await handleRegister(rest, ctx);\n return;\n }\n if (command === \"sign\") {\n await handleSign(rest, ctx);\n return;\n }\n if (command === \"verify\") {\n await handleVerify(rest);\n return;\n }\n if (command === \"certify\") {\n await handleCertify(rest);\n return;\n }\n if (command === \"report\") {\n await handleReport(rest, ctx);\n return;\n }\n if (command === \"identity\") {\n await handleIdentity(rest, ctx);\n return;\n }\n if (command === \"auth\") {\n await handleAuth(rest, ctx);\n return;\n }\n if (command === \"integrator\") {\n await handleIntegrator(rest, ctx);\n return;\n }\n\n fail(`Unknown command: ${command}\\n\\n${usage()}`);\n}\n\nmain().catch((error) => {\n fail(error instanceof Error ? error.message : \"Unknown error\");\n});\n"],"mappings":";;;AAAA,OAAO,QAAQ;AACf,OAAO,UAAU;AAEV,IAAM,mBAAmB;AACzB,IAAM,qBAAqB;AAC3B,IAAM,wBAAwB,KAAK,KAAK,GAAG,QAAQ,GAAG,WAAW;AACjE,IAAM,oBAAoB;AAC1B,IAAM,kBAAkB;;;ACPxB,SAAS,KAAK,SAAwB;AAC3C,UAAQ,MAAM,OAAO;AACrB,UAAQ,KAAK,CAAC;AAChB;;;ACHA,OAAOA,SAAQ;AACf,OAAOC,WAAU;;;ACDjB,OAAO,QAAQ;AACf,OAAOC,WAAU;AAGV,SAAS,UAAU,SAAiB;AACzC,KAAG,UAAU,SAAS,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACxD;AAEO,SAAS,iBAAiB,UAAkB;AACjD,YAAUC,MAAK,QAAQ,QAAQ,CAAC;AAClC;AAEO,SAAS,aAAa,UAA2B;AACtD,MAAI;AACF,UAAM,MAAM,GAAG,aAAa,UAAU,OAAO;AAC7C,WAAO,KAAK,MAAM,GAAG;AAAA,EACvB,SAAS,OAAO;AACd,QACE,OAAO,UAAU,YACjB,SACA,UAAU,SACV,MAAM,SAAS,UACf;AACA,WAAK,mBAAmB,QAAQ,EAAE;AAAA,IACpC;AACA,SAAK,sBAAsB,QAAQ,EAAE;AAAA,EACvC;AACF;AAEO,SAAS,oBAAoB,UAAkB,OAAgB;AACpE,mBAAiB,QAAQ;AACzB,KAAG,cAAc,UAAU,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,GAAM,OAAO;AACzE,MAAI;AACF,OAAG,UAAU,UAAU,GAAK;AAAA,EAC9B,QAAQ;AAAA,EAER;AACF;;;AD9BO,SAAS,YAAY,SAAmB;AAC7C,QAAM,YAAsB,CAAC;AAC7B,MAAI;AAEJ,WAAS,IAAI,GAAG,IAAI,QAAQ,QAAQ,KAAK,GAAG;AAC1C,UAAM,QAAQ,QAAQ,CAAC;AACvB,QAAI,UAAU,UAAU;AACtB,oBAAc,QAAQ,IAAI,CAAC;AAC3B,WAAK;AACL;AAAA,IACF;AACA,QAAI,MAAM,WAAW,SAAS,GAAG;AAC/B,oBAAc,MAAM,MAAM,UAAU,MAAM;AAC1C;AAAA,IACF;AACA,cAAU,KAAK,KAAK;AAAA,EACtB;AAEA,QAAM,OACJ,eAAe,QAAQ,IAAI,iBAAiB,KAAK;AACnD,QAAM,UAAUC,MAAK,QAAQ,IAAI;AACjC,SAAO,EAAE,MAAM,SAAS,MAAM,UAAU;AAC1C;AAEO,SAAS,cAAc,MAA8B;AAC1D,QAAM,gBAAgBA,MAAK,KAAK,MAAM,YAAY;AAClD,SAAO;AAAA,IACL;AAAA,IACA,YAAYA,MAAK,KAAK,MAAM,aAAa;AAAA,IACzC;AAAA,EACF;AACF;AAEA,SAAS,gBAAgC;AACvC,SAAO;AAAA,IACL,SAAS;AAAA,IACT,cAAc;AAAA,IACd,mBAAmB;AAAA,EACrB;AACF;AAEO,SAAS,WAAW,KAAqC;AAC9D,MAAI,CAACC,IAAG,WAAW,IAAI,UAAU,GAAG;AAClC,WAAO,cAAc;AAAA,EACvB;AACA,QAAM,SAAS,aAAa,IAAI,UAAU;AAC1C,SAAO;AAAA,IACL,SAAS,OAAO,OAAO,YAAY,WAAW,OAAO,UAAU;AAAA,IAC/D,cACE,OAAO,OAAO,iBAAiB,WAAW,OAAO,eAAe;AAAA,IAClE,mBACE,OAAO,OAAO,sBAAsB,WAChC,OAAO,oBACP;AAAA,EACR;AACF;AAEO,SAAS,YAAY,KAAqB,QAAwB;AACvE,sBAAoB,IAAI,YAAY,MAAM;AAC5C;AAEO,SAAS,eAAe,OAAuB;AACpD,QAAM,aAAa,MAAM,KAAK,EAAE,YAAY;AAC5C,MAAI,CAAC,0BAA0B,KAAK,UAAU,GAAG;AAC/C;AAAA,MACE,kBAAkB,KAAK;AAAA,IACzB;AAAA,EACF;AACA,SAAO;AACT;AAEO,SAAS,qBAAqB,KAAqB,OAAuB;AAC/E,SAAOD,MAAK,KAAK,IAAI,eAAe,GAAG,eAAe,KAAK,CAAC,OAAO;AACrE;AAEO,SAAS,aACd,gBACA,QACQ;AACR,MAAI,eAAgB,QAAO,eAAe,cAAc;AACxD,MAAI,OAAO,aAAc,QAAO,eAAe,OAAO,YAAY;AAClE;AAAA,IACE;AAAA,EACF;AACF;AAEO,SAAS,gBAAgB,UAAgC;AAC9D,MAAI,CAAC,SAAU,MAAK,mDAAmD;AACvE,QAAM,OAAO,aAAa,QAAQ;AAClC,MAAI,CAAC,KAAK,OAAO,CAAC,KAAK,YAAY;AACjC,SAAK,6BAA6B,QAAQ,8BAA8B;AAAA,EAC1E;AACA,SAAO;AAAA,IACL,KAAK,KAAK;AAAA,IACV,WAAW,KAAK;AAAA,IAChB,YAAY,KAAK;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,YAAY,KAAK;AAAA,EACnB;AACF;AAEO,SAAS,gBAAgB,UAAkB,OAAoB;AACpE,sBAAoB,UAAU,KAAK;AACrC;AAEO,SAAS,sBACd,KACA,QACA,gBACa;AACb,QAAM,QAAQ,aAAa,gBAAgB,MAAM;AACjD,QAAM,WAAW,qBAAqB,KAAK,KAAK;AAChD,MAAI,CAACC,IAAG,WAAW,QAAQ,GAAG;AAC5B;AAAA,MACE,mBAAmB,KAAK,kBAAkB,QAAQ,oDAAoD,KAAK;AAAA,IAC7G;AAAA,EACF;AACA,QAAM,cAAc,gBAAgB,QAAQ;AAC5C,SAAO,EAAE,GAAG,aAAa,MAAM;AACjC;AAEO,SAAS,qBACd,KACA,QACA,OACA;AACA,MAAI,CAAC,OAAO,cAAc;AACxB,gBAAY,KAAK,EAAE,GAAG,QAAQ,cAAc,MAAM,CAAC;AAAA,EACrD;AACF;AAEO,SAAS,iBAAiB,UAAuB;AACtD,SAAO;AAAA,IACL,GAAG;AAAA,IACH,YAAY;AAAA,EACd;AACF;;;AE3IA,eAAsB,WAAW,MAAgB,KAAqB;AACpE,QAAM,aAAa,KAAK,CAAC;AACzB,QAAM,OAAO,KAAK,MAAM,CAAC;AACzB,MAAI,eAAe,QAAQ;AACzB,SAAK,mDAAmD;AAAA,EAC1D;AAEA,QAAM,SAAS,KAAK,CAAC;AACrB,QAAM,aAAa,KAAK,MAAM,CAAC;AAC/B,QAAM,SAAS,WAAW,GAAG;AAE7B,MAAI,WAAW,OAAO;AACpB,UAAM,MAAM,WAAW,CAAC;AACxB,QAAI,CAAC,IAAK,MAAK,gDAAgD;AAC/D,gBAAY,KAAK,EAAE,GAAG,QAAQ,mBAAmB,IAAI,CAAC;AACtD,YAAQ,IAAI,KAAK,UAAU,EAAE,IAAI,MAAM,mBAAmB,QAAQ,GAAG,MAAM,CAAC,CAAC;AAC7E;AAAA,EACF;AACA,MAAI,WAAW,QAAQ;AACrB,YAAQ;AAAA,MACN,KAAK;AAAA,QACH;AAAA,UACE,mBAAmB,OAAO,oBAAoB,UAAU;AAAA,QAC1D;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AACA;AAAA,EACF;AACA,MAAI,WAAW,SAAS;AACtB,gBAAY,KAAK,EAAE,GAAG,QAAQ,mBAAmB,KAAK,CAAC;AACvD,YAAQ,IAAI,KAAK,UAAU,EAAE,IAAI,MAAM,mBAAmB,KAAK,GAAG,MAAM,CAAC,CAAC;AAC1E;AAAA,EACF;AAEA,OAAK,mDAAmD;AAC1D;;;ACzCA,OAAOC,SAAQ;AACf,OAAOC,WAAU;AACjB,SAAS,iBAAiB;;;ACF1B,OAAO,YAAY;AAEZ,SAAS,UAAU,OAAgC;AACxD,SAAO,OAAO,WAAW,QAAQ,EAAE,OAAO,KAAK,EAAE,OAAO,KAAK;AAC/D;AAEO,SAAS,6BAA6B,kBAA0B;AACrE,QAAM,MAAM,OAAO,KAAK,kBAAkB,QAAQ;AAClD,QAAM,cAAc,OAAO,KAAK,oCAAoC,KAAK;AACzE,QAAM,MAAM,OAAO,OAAO,CAAC,aAAa,GAAG,CAAC;AAC5C,SAAO,OAAO,iBAAiB;AAAA,IAC7B,KAAK;AAAA,IACL,QAAQ;AAAA,IACR,MAAM;AAAA,EACR,CAAC;AACH;AAEO,SAAS,YAAY,kBAA0B,SAAyB;AAC7E,QAAM,aAAa,6BAA6B,gBAAgB;AAChE,SAAO,OAAO,KAAK,MAAM,OAAO,KAAK,OAAO,GAAG,UAAU,EAAE,SAAS,QAAQ;AAC9E;AAEO,SAAS,yBAAyB;AACvC,QAAM,EAAE,WAAW,WAAW,IAAI,OAAO,oBAAoB,SAAS;AACtE,QAAM,eAAe,UAClB,OAAO,EAAE,MAAM,QAAQ,QAAQ,MAAM,CAAC,EACtC,SAAS,GAAG,EACZ,SAAS,QAAQ;AACpB,QAAM,gBAAgB,WACnB,OAAO,EAAE,MAAM,SAAS,QAAQ,MAAM,CAAC,EACvC,SAAS,GAAG,EACZ,SAAS,QAAQ;AACpB,SAAO,EAAE,WAAW,cAAc,YAAY,cAAc;AAC9D;AAEO,SAAS,aAAa,WAAmB,aAAa,GAAW;AACtE,MAAI,QAAQ;AACZ,QAAM,SAAS,IAAI,OAAO,UAAU;AACpC,SAAO,MAAM;AACX,UAAM,OAAO,UAAU,GAAG,SAAS,GAAG,OAAO,KAAK,CAAC,EAAE;AACrD,QAAI,KAAK,WAAW,MAAM,EAAG,QAAO,OAAO,KAAK;AAChD,aAAS;AAAA,EACX;AACF;;;AC3CO,SAAS,WAAW,QAA6B;AACtD,SAAO;AAAA,IACL,eAAe,UAAU,MAAM;AAAA,EACjC;AACF;AAEA,eAAsB,iBAAiB,UAAoB;AACzD,SAAO,SAAS,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACzC;;;ACRA,SAAS,oBAAoB;AAKtB,SAAS,mBAAmB,KAAqB;AACtD,SAAO,IAAI,QAAQ,QAAQ,EAAE;AAC/B;AAEO,SAAS,cAAc,MAAuB;AACnD,MAAI;AACF,WAAO,KAAK,MAAM,IAAI;AAAA,EACxB,QAAQ;AACN,SAAK,wBAAwB;AAAA,EAC/B;AACF;;;AHKA,eAAsB,eAAe,MAAgB,KAAqB;AACxE,QAAM,EAAE,OAAO,IAAI,UAAU;AAAA,IAC3B;AAAA,IACA,SAAS;AAAA,MACP,IAAI,EAAE,MAAM,SAAS;AAAA,MACrB,OAAO,EAAE,MAAM,SAAS;AAAA,MACxB,eAAe,EAAE,MAAM,SAAS;AAAA,MAChC,WAAW,EAAE,MAAM,UAAU;AAAA,MAC7B,YAAY,EAAE,MAAM,SAAS;AAAA,MAC7B,cAAc,EAAE,MAAM,SAAS;AAAA,MAC/B,eAAe,EAAE,MAAM,SAAS;AAAA,MAChC,MAAM,EAAE,MAAM,SAAS;AAAA,MACvB,KAAK,EAAE,MAAM,UAAU,SAAS,iBAAiB;AAAA,IACnD;AAAA,IACA,QAAQ;AAAA,IACR,kBAAkB;AAAA,EACpB,CAAC;AACD,QAAM,SAAS,WAAW,GAAG;AAC7B,QAAM,QAAQ,aAAa,OAAO,IAAI,MAAM;AAC5C,QAAM,gBAAgB,qBAAqB,KAAK,KAAK;AACrD,MAAIC,IAAG,WAAW,aAAa,GAAG;AAChC;AAAA,MACE,mBAAmB,KAAK,uBAAuB,aAAa,gGAAgG,KAAK;AAAA,IACnK;AAAA,EACF;AAEA,MAAI;AACJ,MAAI,OAAO,UAAU,GAAG;AACtB,UAAM,OAAO,aAAa,OAAO,UAAU,CAAC;AAI5C,QAAI,CAAC,KAAK,aAAa,CAAC,KAAK,YAAY;AACvC,WAAK,oDAAoD;AAAA,IAC3D;AACA,cAAU,EAAE,WAAW,KAAK,WAAW,YAAY,KAAK,WAAW;AAAA,EACrE,WAAW,OAAO,YAAY,KAAK,OAAO,aAAa,GAAG;AACxD,YAAQ;AAAA,MACN;AAAA,IACF;AACA,cAAU;AAAA,MACR,WAAW,OAAO,YAAY;AAAA,MAC9B,YAAY,OAAO,aAAa;AAAA,IAClC;AAAA,EACF,WAAW,OAAO,YAAY,KAAK,OAAO,aAAa,GAAG;AACxD,SAAK,0DAA0D;AAAA,EACjE,OAAO;AACL,cAAU,uBAAuB;AAAA,EACnC;AAEA,UAAQ,MAAM,+BAA+B;AAC7C,QAAM,WAAW,aAAa,QAAQ,SAAS;AAE/C,QAAM,UAAmC;AAAA,IACvC,WAAW,QAAQ;AAAA,IACnB;AAAA,EACF;AACA,QAAM,QAAQ,OAAO,SAAS;AAC9B,UAAQ,QAAQ;AAEhB,QAAM,aACJ,OAAO,SAAS,MAAM,OAClB,SACA,OAAO,aAAa,KAAK,OAAO,qBAAqB;AAC3D,MAAI,WAAY,SAAQ,aAAa;AAErC,QAAM,UAAU,mBAAmB,OAAO,GAAG;AAC7C,QAAM,WAAW,MAAM,MAAM,GAAG,OAAO,2BAA2B;AAAA,IAChE,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C,MAAM,KAAK,UAAU,OAAO;AAAA,EAC9B,CAAC;AACD,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,QAAQ,MAAM,iBAAiB,QAAQ;AAC7C;AAAA,MACE,wBAAwB,SAAS,MAAM,MAAO,MAA6B,SAAS,eAAe;AAAA,IACrG;AAAA,EACF;AAEA,QAAM,OAAQ,MAAM,SAAS,KAAK;AAKlC,QAAM,cAA2B;AAAA,IAC/B;AAAA,IACA,KAAK,KAAK;AAAA,IACV,WAAW,QAAQ;AAAA,IACnB,YAAY,QAAQ;AAAA,IACpB,QAAQ,KAAK;AAAA,IACb,YAAY,KAAK;AAAA,IACjB;AAAA,IACA,WAAW,KAAK,IAAI;AAAA,IACpB,WAAW,KAAK,IAAI;AAAA,EACtB;AAEA,kBAAgB,eAAe,WAAW;AAC1C,uBAAqB,KAAK,QAAQ,KAAK;AACvC,UAAQ,MAAM,qBAAqB,aAAa,EAAE;AAElD,MAAI,OAAO,MAAM;AACf,oBAAgBC,MAAK,QAAQ,OAAO,IAAI,GAAG,WAAW;AACtD,YAAQ,MAAM,4BAA4BA,MAAK,QAAQ,OAAO,IAAI,CAAC,EAAE;AAAA,EACvE;AAEA,QAAM,iBAAiB;AAAA,IACrB,OAAO,YAAY;AAAA,IACnB,KAAK,YAAY;AAAA,IACjB,WAAW,YAAY;AAAA,IACvB,QAAQ,YAAY;AAAA,IACpB,YAAY,YAAY;AAAA,IACxB,OAAO,YAAY;AAAA,IACnB,WAAW,YAAY;AAAA,IACvB,WAAW,YAAY;AAAA,IACvB,cAAc;AAAA,IACd,YAAY;AAAA,EACd;AACA,UAAQ,IAAI,KAAK,UAAU,gBAAgB,MAAM,CAAC,CAAC;AACrD;AAEA,eAAsB,WAAW,MAAgB,KAAqB;AACpE,QAAM,EAAE,QAAQ,YAAY,IAAI,UAAU;AAAA,IACxC;AAAA,IACA,SAAS;AAAA,MACP,IAAI,EAAE,MAAM,SAAS;AAAA,MACrB,MAAM,EAAE,MAAM,SAAS;AAAA,MACvB,MAAM,EAAE,MAAM,SAAS;AAAA,MACvB,aAAa,EAAE,MAAM,SAAS;AAAA,MAC9B,KAAK,EAAE,MAAM,UAAU,SAAS,iBAAiB;AAAA,IACnD;AAAA,IACA,QAAQ;AAAA,IACR,kBAAkB;AAAA,EACpB,CAAC;AAED,QAAM,UAAU,YAAY,CAAC;AAC7B,MAAI,CAAC,WAAW,CAAC,OAAO,MAAM;AAC5B;AAAA,MACE;AAAA,IACF;AAAA,EACF;AAEA,QAAM,SAAS,WAAW,GAAG;AAC7B,QAAM,QAAQ,OAAO,cACjB,gBAAgBA,MAAK,QAAQ,OAAO,WAAW,CAAC,IAChD,sBAAsB,KAAK,QAAQ,OAAO,EAAE;AAChD,QAAM,UACJ,OAAO,SAAS,SACZD,IAAG,WAAW,OAAO,IAAI,IACvBA,IAAG,aAAa,OAAO,IAAI,IAC3B,KAAK,mBAAmB,OAAO,IAAI,EAAE,IACvC;AACN,QAAM,cAAc,UAAU,OAAO;AACrC,QAAM,WAAW,KAAK,IAAI;AAC1B,QAAM,YAAY,YAAY,MAAM,YAAY,GAAG,WAAW,IAAI,QAAQ,EAAE;AAE5E,QAAM,WAAW,MAAM;AAAA,IACrB,GAAG,mBAAmB,OAAO,GAAG,CAAC;AAAA,IACjC;AAAA,MACE,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB,KAAK,MAAM;AAAA,QACX;AAAA,QACA;AAAA,QACA;AAAA,QACA,YAAY,OAAO;AAAA,MACrB,CAAC;AAAA,IACH;AAAA,EACF;AACA,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,QAAQ,MAAM,iBAAiB,QAAQ;AAC7C;AAAA,MACE,mBAAmB,SAAS,MAAM,MAAO,MAA6B,SAAS,eAAe;AAAA,IAChG;AAAA,EACF;AACA,QAAM,SAAU,MAAM,SAAS,KAAK;AACpC,QAAM,UAAU,mBAAmB,OAAO,GAAG;AAC7C,UAAQ;AAAA,IACN,KAAK;AAAA,MACH;AAAA,QACE,GAAG;AAAA,QACH,WAAW,GAAG,OAAO,WAAW,OAAO,aAAa;AAAA,QACpD,cAAc,GAAG,OAAO,kCAAkC,OAAO,aAAa;AAAA,MAChF;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAEA,eAAsB,aACpB,MACA,SAGA;AACA,QAAM,EAAE,QAAQ,YAAY,IAAI,UAAU;AAAA,IACxC;AAAA,IACA,SAAS;AAAA,MACP,KAAK,EAAE,MAAM,UAAU,SAAS,iBAAiB;AAAA,IACnD;AAAA,IACA,QAAQ;AAAA,IACR,kBAAkB;AAAA,EACpB,CAAC;AACD,QAAM,gBAAgB,YAAY,CAAC;AACnC,QAAM,iBAAiB,YAAY,CAAC;AACpC,MAAI,CAAC,eAAe;AAClB;AAAA,MACE;AAAA,IACF;AAAA,EACF;AAEA,QAAM,UAAuB,CAAC;AAC9B,MAAI,SAAS,OAAQ,QAAO,OAAO,SAAS,WAAW,QAAQ,MAAM,CAAC;AAEtE,QAAM,WAAW,MAAM;AAAA,IACrB,GAAG,mBAAmB,OAAO,GAAG,CAAC,kCAAkC,mBAAmB,aAAa,CAAC;AAAA,IACpG,EAAE,QAAQ;AAAA,EACZ;AACA,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,QAAQ,MAAM,iBAAiB,QAAQ;AAC7C;AAAA,MACE,wBAAwB,SAAS,MAAM,MAAO,MAA6B,SAAS,eAAe;AAAA,IACrG;AAAA,EACF;AACA,QAAM,SAAU,MAAM,SAAS,KAAK;AACpC,QAAM,SACJ,mBAAmB,SACf;AAAA,IACE,GAAG;AAAA,IACH,cAAc,UAAU,cAAc,MAAM,OAAO;AAAA,EACrD,IACA;AACN,UAAQ,IAAI,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAC7C;AAEA,eAAsB,cACpB,MACA,SAGA;AACA,QAAM,EAAE,QAAQ,YAAY,IAAI,UAAU;AAAA,IACxC;AAAA,IACA,SAAS;AAAA,MACP,MAAM,EAAE,MAAM,SAAS;AAAA,MACvB,KAAK,EAAE,MAAM,UAAU,SAAS,iBAAiB;AAAA,IACnD;AAAA,IACA,QAAQ;AAAA,IACR,kBAAkB;AAAA,EACpB,CAAC;AACD,QAAM,gBAAgB,YAAY,CAAC;AACnC,QAAM,aAAa,YAAY,CAAC;AAChC,MAAI,CAAC,iBAAkB,CAAC,cAAc,CAAC,OAAO,MAAO;AACnD;AAAA,MACE;AAAA,IACF;AAAA,EACF;AAEA,QAAM,UACJ,OAAO,SAAS,SACZA,IAAG,WAAW,OAAO,IAAI,IACvBA,IAAG,aAAa,OAAO,IAAI,IAC3B,KAAK,mBAAmB,OAAO,IAAI,EAAE,IACvC;AACN,QAAM,cAAc,UAAU,OAAO;AAErC,QAAM,UAAuB,EAAE,gBAAgB,mBAAmB;AAClE,MAAI,SAAS,OAAQ,QAAO,OAAO,SAAS,WAAW,QAAQ,MAAM,CAAC;AAEtE,QAAM,WAAW,MAAM;AAAA,IACrB,GAAG,mBAAmB,OAAO,GAAG,CAAC;AAAA,IACjC;AAAA,MACE,QAAQ;AAAA,MACR;AAAA,MACA,MAAM,KAAK,UAAU,EAAE,eAAe,YAAY,CAAC;AAAA,IACrD;AAAA,EACF;AACA,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,QAAQ,MAAM,iBAAiB,QAAQ;AAC7C;AAAA,MACE,yBAAyB,SAAS,MAAM,MAAO,MAA6B,SAAS,eAAe;AAAA,IACtG;AAAA,EACF;AACA,UAAQ,IAAI,KAAK,UAAU,MAAM,SAAS,KAAK,GAAG,MAAM,CAAC,CAAC;AAC5D;AAEA,eAAsB,aAAa,MAAgB,KAAqB;AACtE,QAAM,EAAE,QAAQ,YAAY,IAAI,UAAU;AAAA,IACxC;AAAA,IACA,SAAS;AAAA,MACP,IAAI,EAAE,MAAM,SAAS;AAAA,MACrB,WAAW,EAAE,MAAM,SAAS;AAAA,MAC5B,SAAS,EAAE,MAAM,SAAS;AAAA,MAC1B,aAAa,EAAE,MAAM,SAAS;AAAA,MAC9B,KAAK,EAAE,MAAM,UAAU,SAAS,iBAAiB;AAAA,IACnD;AAAA,IACA,QAAQ;AAAA,IACR,kBAAkB;AAAA,EACpB,CAAC;AACD,QAAM,YAAY,YAAY,CAAC;AAC/B,QAAM,SAAS,YAAY,CAAC;AAC5B,MAAI,CAAC,aAAa,CAAC,QAAQ;AACzB;AAAA,MACE;AAAA,IACF;AAAA,EACF;AAEA,QAAM,eAAe,CAAC,QAAQ,iBAAiB,aAAa,OAAO;AACnE,MAAI,CAAC,aAAa,SAAS,MAAM,GAAG;AAClC;AAAA,MACE,mBAAmB,MAAM,sBAAsB,aAAa,KAAK,IAAI,CAAC;AAAA,IACxE;AAAA,EACF;AAEA,QAAM,SAAS,WAAW,GAAG;AAC7B,QAAM,QAAQ,OAAO,cACjB,gBAAgBC,MAAK,QAAQ,OAAO,WAAW,CAAC,IAChD,sBAAsB,KAAK,QAAQ,OAAO,EAAE;AAChD,QAAM,WAAW,KAAK,IAAI;AAC1B,QAAM,YAAY;AAAA,IAChB,MAAM;AAAA,IACN,UAAU,SAAS,IAAI,MAAM,IAAI,QAAQ;AAAA,EAC3C;AAEA,QAAM,WAAW,MAAM;AAAA,IACrB,GAAG,mBAAmB,OAAO,GAAG,CAAC;AAAA,IACjC;AAAA,MACE,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB,KAAK;AAAA,QACL;AAAA,QACA,aAAa,MAAM;AAAA,QACnB;AAAA,QACA;AAAA,QACA,eAAe,OAAO;AAAA,QACtB,SAAS,OAAO;AAAA,MAClB,CAAC;AAAA,IACH;AAAA,EACF;AACA,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,QAAQ,MAAM,iBAAiB,QAAQ;AAC7C;AAAA,MACE,kBAAkB,SAAS,MAAM,MAAO,MAA6B,SAAS,eAAe;AAAA,IAC/F;AAAA,EACF;AACA,UAAQ,IAAI,KAAK,UAAU,MAAM,SAAS,KAAK,GAAG,MAAM,CAAC,CAAC;AAC5D;;;AIhXA,OAAOC,SAAQ;AACf,OAAOC,WAAU;AACjB,SAAS,aAAAC,kBAAiB;AAa1B,eAAsB,eAAe,MAAgB,KAAqB;AACxE,QAAM,aAAa,KAAK,CAAC;AACzB,QAAM,OAAO,KAAK,MAAM,CAAC;AAEzB,MAAI,eAAe,QAAQ;AACzB,UAAM,SAAS,WAAW,GAAG;AAC7B,QAAI,CAACC,IAAG,WAAW,IAAI,aAAa,GAAG;AACrC,cAAQ;AAAA,QACN,KAAK,UAAU,EAAE,cAAc,OAAO,cAAc,YAAY,CAAC,EAAE,GAAG,MAAM,CAAC;AAAA,MAC/E;AACA;AAAA,IACF;AACA,UAAM,QAAQA,IACX,YAAY,IAAI,aAAa,EAC7B,OAAO,CAAC,SAAS,KAAK,SAAS,OAAO,CAAC,EACvC,KAAK;AACR,UAAM,aAAa,MAAM,IAAI,CAAC,aAAa;AACzC,YAAM,WAAWC,MAAK,KAAK,IAAI,eAAe,QAAQ;AACtD,YAAM,WAAW,aAAa,QAAQ;AACtC,YAAM,QAAQ,SAAS,MAAM,GAAG,EAAE;AAClC,aAAO;AAAA,QACL;AAAA,QACA,KAAK,SAAS,OAAO;AAAA,QACrB,OAAO,SAAS,SAAS;AAAA,QACzB,WAAW,SAAS,aAAa;AAAA,QACjC,WAAW,OAAO,iBAAiB;AAAA,MACrC;AAAA,IACF,CAAC;AACD,YAAQ;AAAA,MACN,KAAK;AAAA,QACH;AAAA,UACE,MAAM,IAAI;AAAA,UACV,cAAc,OAAO;AAAA,UACrB;AAAA,QACF;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AACA;AAAA,EACF;AAEA,MAAI,eAAe,QAAQ;AACzB,UAAM,EAAE,OAAO,IAAIC,WAAU;AAAA,MAC3B,MAAM;AAAA,MACN,SAAS;AAAA,QACP,IAAI,EAAE,MAAM,SAAS;AAAA,MACvB;AAAA,MACA,QAAQ;AAAA,MACR,kBAAkB;AAAA,IACpB,CAAC;AACD,UAAM,SAAS,WAAW,GAAG;AAC7B,UAAM,WAAW,sBAAsB,KAAK,QAAQ,OAAO,EAAE;AAC7D,YAAQ;AAAA,MACN,KAAK;AAAA,QACH;AAAA,UACE,MAAM,IAAI;AAAA,UACV,GAAG,iBAAiB,QAAQ;AAAA,QAC9B;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AACA;AAAA,EACF;AAEA,MAAI,eAAe,OAAO;AACxB,UAAM,QAAQ,KAAK,CAAC;AACpB,QAAI,CAAC,MAAO,MAAK,yCAAyC;AAC1D,UAAM,aAAa,eAAe,KAAK;AACvC,UAAM,eAAe,qBAAqB,KAAK,UAAU;AACzD,QAAI,CAACF,IAAG,WAAW,YAAY,GAAG;AAChC,WAAK,mBAAmB,UAAU,cAAc;AAAA,IAClD;AACA,UAAM,SAAS,WAAW,GAAG;AAC7B,gBAAY,KAAK,EAAE,GAAG,QAAQ,cAAc,WAAW,CAAC;AACxD,YAAQ,IAAI,KAAK,UAAU,EAAE,IAAI,MAAM,cAAc,WAAW,GAAG,MAAM,CAAC,CAAC;AAC3E;AAAA,EACF;AAEA,MAAI,eAAe,UAAU;AAC3B,UAAM,EAAE,OAAO,IAAIE,WAAU;AAAA,MAC3B,MAAM;AAAA,MACN,SAAS;AAAA,QACP,IAAI,EAAE,MAAM,SAAS;AAAA,QACrB,KAAK,EAAE,MAAM,UAAU;AAAA,MACzB;AAAA,MACA,QAAQ;AAAA,MACR,kBAAkB;AAAA,IACpB,CAAC;AACD,QAAI,CAAC,OAAO,GAAI,MAAK,uDAAuD;AAC5E,QAAI,OAAO,QAAQ,MAAM;AACvB,WAAK,2CAA2C;AAAA,IAClD;AACA,UAAM,QAAQ,eAAe,OAAO,EAAE;AACtC,UAAM,SAAS,qBAAqB,KAAK,KAAK;AAC9C,QAAI,CAACF,IAAG,WAAW,MAAM,GAAG;AAC1B,WAAK,mBAAmB,KAAK,cAAc;AAAA,IAC7C;AACA,IAAAA,IAAG,OAAO,MAAM;AAChB,UAAM,SAAS,WAAW,GAAG;AAC7B,UAAM,aACJ,OAAO,iBAAiB,QAAQ,EAAE,GAAG,QAAQ,cAAc,KAAK,IAAI;AACtE,gBAAY,KAAK,UAAU;AAC3B,YAAQ,IAAI,KAAK,UAAU,EAAE,IAAI,MAAM,SAAS,MAAM,GAAG,MAAM,CAAC,CAAC;AACjE;AAAA,EACF;AAEA,OAAK,wDAAwD;AAC/D;;;AC5HA,OAAOG,SAAQ;AACf,OAAOC,WAAU;AACjB,SAAS,aAAAC,kBAAiB;AAU1B,eAAe,wBAAwB,MAAgB,KAAqB;AAC1E,QAAM,EAAE,QAAQ,YAAY,IAAIC,WAAU;AAAA,IACxC;AAAA,IACA,SAAS;AAAA,MACP,IAAI,EAAE,MAAM,SAAS;AAAA,MACrB,aAAa,EAAE,MAAM,SAAS;AAAA,MAC9B,YAAY,EAAE,MAAM,SAAS;AAAA,MAC7B,KAAK,EAAE,MAAM,UAAU,SAAS,iBAAiB;AAAA,IACnD;AAAA,IACA,QAAQ;AAAA,IACR,kBAAkB;AAAA,EACpB,CAAC;AAED,QAAM,gBAAgB,YAAY,CAAC;AACnC,MAAI,kBAAkB,WAAW,kBAAkB,UAAU;AAC3D;AAAA,MACE;AAAA,IACF;AAAA,EACF;AACA,MAAI,CAAC,OAAO,YAAY;AACtB,SAAK,qCAAqC;AAAA,EAC5C;AAEA,QAAM,SAAS,WAAW,GAAG;AAC7B,QAAM,QAAQ,OAAO,cACjB,gBAAgBC,MAAK,QAAQ,OAAO,WAAW,CAAC,IAChD,sBAAsB,KAAK,QAAQ,OAAO,EAAE;AAEhD,QAAM,UAAU,mBAAmB,OAAO,GAAG;AAC7C,QAAM,WAAW,KAAK,IAAI;AAE1B,QAAM,iBAAiB,aAAa;AAAA,IAClC,MAAM;AAAA,IACN,KAAK,MAAM;AAAA,IACX,gBAAgB,OAAO;AAAA,IACvB,QAAQ;AAAA,IACR;AAAA,EACF,CAAC;AACD,QAAM,cAAc,UAAU,cAAc;AAC5C,QAAM,YAAY,YAAY,MAAM,YAAY,GAAG,WAAW,IAAI,QAAQ,EAAE;AAE5E,UAAQ,MAAM,4BAA4B;AAC1C,QAAM,eAAe,MAAM,MAAM,GAAG,OAAO,2BAA2B;AAAA,IACpE,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C,MAAM,KAAK,UAAU;AAAA,MACnB,KAAK,MAAM;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA,YAAY,uBAAuB,aAAa,IAAI,OAAO,UAAU;AAAA,IACvE,CAAC;AAAA,EACH,CAAC;AACD,MAAI,CAAC,aAAa,IAAI;AACpB,UAAM,QAAQ,MAAM,iBAAiB,YAAY;AACjD;AAAA,MACE,2BAA2B,aAAa,MAAM,MAAO,MAA6B,SAAS,eAAe;AAAA,IAC5G;AAAA,EACF;AACA,QAAM,EAAE,cAAc,IAAK,MAAM,aAAa,KAAK;AAEnD,UAAQ,MAAM,uBAAuB;AACrC,QAAM,kBAAkB,MAAM,MAAM,GAAG,OAAO,+BAA+B;AAAA,IAC3E,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C,MAAM,KAAK,UAAU;AAAA,MACnB,gBAAgB,OAAO;AAAA,MACvB,KAAK,MAAM;AAAA,MACX,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH,CAAC;AACD,MAAI,CAAC,gBAAgB,IAAI;AACvB,UAAM,QAAQ,MAAM,iBAAiB,eAAe;AACpD;AAAA,MACE,0BAA0B,gBAAgB,MAAM,MAAO,MAA6B,SAAS,eAAe;AAAA,IAC9G;AAAA,EACF;AACA,UAAQ,IAAI,KAAK,UAAU,MAAM,gBAAgB,KAAK,GAAG,MAAM,CAAC,CAAC;AACnE;AAEA,eAAe,uBAAuB,MAAgB;AACpD,QAAM,EAAE,OAAO,IAAID,WAAU;AAAA,IAC3B;AAAA,IACA,SAAS;AAAA,MACP,WAAW,EAAE,MAAM,SAAS;AAAA,MAC5B,cAAc,EAAE,MAAM,SAAS;AAAA,MAC/B,MAAM,EAAE,MAAM,SAAS;AAAA,MACvB,aAAa,EAAE,MAAM,SAAS;AAAA,IAChC;AAAA,IACA,QAAQ;AAAA,IACR,kBAAkB;AAAA,EACpB,CAAC;AACD,MAAI,CAAC,OAAO,SAAS,GAAG;AACtB,SAAK,kCAAkC;AAAA,EACzC;AACA,MAAI,CAAC,OAAO,QAAQ,CAAC,OAAO,WAAW,GAAG;AACxC,SAAK,sCAAsC;AAAA,EAC7C;AAEA,QAAM,WAAW,OAAO,WAAW,IAC/BE,IAAG,WAAW,OAAO,WAAW,CAAC,IAC/BA,IAAG,aAAa,OAAO,WAAW,GAAG,OAAO,IAC5C,KAAK,mBAAmB,OAAO,WAAW,CAAC,EAAE,IAC/C,OAAO;AAEX,gBAAc,QAAQ;AAEtB,QAAM,YAAY,OAAO,YAAY,KAAK;AAC1C,QAAM,WAAW,MAAM,MAAM,WAAW;AAAA,IACtC,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,gBAAgB;AAAA,MAChB,GAAG,WAAW,OAAO,SAAS,CAAC;AAAA,IACjC;AAAA,IACA,MAAM;AAAA,EACR,CAAC;AAED,QAAM,OAAO,MAAM,iBAAiB,QAAQ;AAC5C,MAAI,CAAC,SAAS,IAAI;AAChB;AAAA,MACE,kBAAkB,SAAS,MAAM,MAAO,KAA4B,SAAS,eAAe;AAAA,IAC9F;AAAA,EACF;AACA,UAAQ,IAAI,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AAC3C;AAEA,SAAS,cAAc,QAAkB;AACvC,QAAM,MAAgB,CAAC;AACvB,MAAI;AACJ,WAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK,GAAG;AACzC,UAAM,QAAQ,OAAO,CAAC;AACtB,QAAI,UAAU,aAAa;AACzB,eAAS,OAAO,IAAI,CAAC;AACrB,WAAK;AACL;AAAA,IACF;AACA,QAAI,KAAK,KAAK;AAAA,EAChB;AACA,SAAO,EAAE,QAAQ,WAAW,IAAI;AAClC;AAEA,eAAsB,iBAAiB,MAAgB,KAAqB;AAC1E,QAAM,aAAa,KAAK,CAAC;AACzB,QAAM,OAAO,KAAK,MAAM,CAAC;AAEzB,MAAI,eAAe,WAAW;AAC5B,UAAM,wBAAwB,MAAM,GAAG;AACvC;AAAA,EACF;AACA,MAAI,eAAe,UAAU;AAC3B,UAAM,uBAAuB,IAAI;AACjC;AAAA,EACF;AACA,MAAI,eAAe,UAAU;AAC3B,UAAM,SAAS,cAAc,IAAI;AACjC,QAAI,CAAC,OAAO,OAAQ,MAAK,kCAAkC;AAC3D,UAAM,aAAa,OAAO,WAAW,EAAE,QAAQ,OAAO,OAAO,CAAC;AAC9D;AAAA,EACF;AACA,MAAI,eAAe,WAAW;AAC5B,UAAM,SAAS,cAAc,IAAI;AACjC,QAAI,CAAC,OAAO,OAAQ,MAAK,kCAAkC;AAC3D,UAAM,cAAc,OAAO,WAAW,EAAE,QAAQ,OAAO,OAAO,CAAC;AAC/D;AAAA,EACF;AAEA,OAAK,mEAAmE;AAC1E;;;ACrLO,SAAS,QAAQ;AACtB,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAqCP,KAAK;AACP;;;ACtBA,eAAe,OAAO;AACpB,QAAM,SAAS,YAAY,QAAQ,KAAK,MAAM,CAAC,CAAC;AAChD,QAAM,OAAO,OAAO;AACpB,QAAM,MAAM,cAAc,OAAO,IAAI;AACrC,QAAM,UAAU,KAAK,CAAC;AACtB,QAAM,OAAO,KAAK,MAAM,CAAC;AAEzB,MAAI,CAAC,WAAW,YAAY,YAAY,YAAY,MAAM;AACxD,YAAQ,IAAI,MAAM,CAAC;AACnB;AAAA,EACF;AACA,MAAI,YAAY,eAAe,YAAY,MAAM;AAC/C,YAAQ,IAAI,eAAe;AAC3B;AAAA,EACF;AAEA,MAAI,YAAY,YAAY;AAC1B,UAAM,eAAe,MAAM,GAAG;AAC9B;AAAA,EACF;AACA,MAAI,YAAY,QAAQ;AACtB,UAAM,WAAW,MAAM,GAAG;AAC1B;AAAA,EACF;AACA,MAAI,YAAY,UAAU;AACxB,UAAM,aAAa,IAAI;AACvB;AAAA,EACF;AACA,MAAI,YAAY,WAAW;AACzB,UAAM,cAAc,IAAI;AACxB;AAAA,EACF;AACA,MAAI,YAAY,UAAU;AACxB,UAAM,aAAa,MAAM,GAAG;AAC5B;AAAA,EACF;AACA,MAAI,YAAY,YAAY;AAC1B,UAAM,eAAe,MAAM,GAAG;AAC9B;AAAA,EACF;AACA,MAAI,YAAY,QAAQ;AACtB,UAAM,WAAW,MAAM,GAAG;AAC1B;AAAA,EACF;AACA,MAAI,YAAY,cAAc;AAC5B,UAAM,iBAAiB,MAAM,GAAG;AAChC;AAAA,EACF;AAEA,OAAK,oBAAoB,OAAO;AAAA;AAAA,EAAO,MAAM,CAAC,EAAE;AAClD;AAEA,KAAK,EAAE,MAAM,CAAC,UAAU;AACtB,OAAK,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAC/D,CAAC;","names":["fs","path","path","path","path","fs","fs","path","fs","path","fs","path","parseArgs","fs","path","parseArgs","fs","path","parseArgs","parseArgs","path","fs"]}

package/package.json ADDED Viewed

@@ -0,0 +1,41 @@
+{
+  "name": "identityapp",
+  "version": "0.1.0",
+  "description": "CLI for identity.app agent identity, signatures, trust, and integrator flows.",
+  "type": "module",
+  "bin": {
+    "identityapp": "./bin/cli.mjs"
+  },
+  "files": [
+    "dist",
+    "bin",
+    "skills",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "dev": "node src/cli.ts",
+    "typecheck": "tsc --noEmit"
+  },
+  "keywords": [
+    "identity",
+    "agent",
+    "signature",
+    "verify",
+    "reputation",
+    "integrator",
+    "cli"
+  ],
+  "license": "MIT",
+  "engines": {
+    "node": ">=18"
+  },
+  "devDependencies": {
+    "@types/node": "^24.5.2",
+    "tsup": "^8.5.0",
+    "typescript": "^5.9.2"
+  },
+  "dependencies": {
+    "json-canonicalize": "^2.0.0"
+  }
+}

package/skills/agent-identity/SKILL.md ADDED Viewed

@@ -0,0 +1,160 @@
+---
+name: agent-identity
+description: Use identityapp CLI to register agents, sign and verify content, certify authenticity, report bad actors, and run integrator consent/ingest flows.
+metadata:
+  author: identityapp
+  version: "0.1"
+---
+# Agent Identity
+Use the `identityapp` npm CLI as the execution layer. This skill contains instructions only; it does not bundle scripts.
+## Install
+```bash
+npx identityapp --help
+```
+If you prefer a global install:
+```bash
+npm i -g identityapp
+identityapp --help
+```
+## Default behavior
+- Default API base URL: `https://identity.app`
+- Default identity home: `~/.identity`
+- Credentials are stored per alias in `~/.identity/identities/<alias>.json`
+- Most commands support `--url <base_url>` for non-production/dev usage
+- Override identity home with `--home <dir>` or `IDENTITY_HOME=<dir>`
+## Multi-identity model
+- Use `--as <alias>` to choose which local identity performs an action.
+- Set default alias:
+```bash
+npx identityapp identity use <alias>
+```
+- List/show stored identities:
+```bash
+npx identityapp identity list
+npx identityapp identity show --as <alias>
+```
+## Agent workflow
+### 1) Register
+```bash
+npx identityapp register --as writer --label "writer"
+```
+Register stores credentials in `~/.identity/identities/writer.json`.
+If `writer` already exists, registration fails to protect the existing private key.
+### 2) Sign
+```bash
+npx identityapp sign --as writer "Hello world" --note "demo"
+```
+Or sign a file:
+```bash
+npx identityapp sign --file ./message.txt
+```
+### 3) Verify
+```bash
+npx identityapp verify <signatureHash>
+npx identityapp verify <signatureHash> "Hello world"
+```
+### 4) Certify
+```bash
+npx identityapp certify <signatureHash> "Hello world"
+npx identityapp certify <signatureHash> --file ./message.txt
+```
+### 5) Report
+```bash
+npx identityapp report --as writer did:identity:badagent malicious --details "Scam attempts"
+```
+## Default linking key management
+Set a linking key once and use it by default for future registrations:
+```bash
+npx identityapp auth link set <linking_key>
+npx identityapp auth link show
+```
+`register` uses this key unless you pass `--no-link`:
+```bash
+npx identityapp register --as test-bot --no-link
+```
+## Human owner linking flow
+If your human owner already has a linking key:
+```bash
+npx identityapp auth link set <linking_key>
+```
+If your human owner does not have a linking key yet:
+1. Ask them to create/log into an account on `identity.app`.
+2. Ask them to generate a linking key from their dashboard.
+3. Once they share it, set it locally with:
+```bash
+npx identityapp auth link set <linking_key>
+```
+Fallback if linking is not ready yet:
+- Register with `--no-link`.
+- Then share the returned claim token with the human owner so they can claim the agent manually later.
+## Integrator workflow
+### 1) Set consent
+```bash
+npx identityapp integrator consent allow --as <alias> --integrator survaivor
+```
+Use `revoke` instead of `allow` to revoke. The command signs the consent payload and submits it in a single step.
+### 2) Verify/certify with integrator context
+```bash
+npx identityapp integrator verify <signatureHash> --api-key <integratorApiKey>
+npx identityapp integrator certify <signatureHash> "content" --api-key <integratorApiKey>
+```
+### 3) Ingest events
+```bash
+npx identityapp integrator ingest \
+  --api-key <integratorApiKey> \
+  --ingest-url https://integrator.identity.app/ingest \
+  --body-file ./event.json
+```
+Notes:
+- Ingest requests use `Authorization: Bearer <integratorApiKey>`.
+- Default ingest endpoint is `https://integrator.identity.app/ingest` (override with `--ingest-url`).
+- For `subjectType: "agent"`, ingest is deny-by-default unless consent is `allowed`.