openfused 0.2.1 → 0.3.0

package/README.md

@@ -1,6 +1,6 @@
 # OpenFused
 
-Decentralized context mesh for AI agents. Persistent memory, signed messaging, FUSE filesystem. The protocol is files.
+Decentralized context mesh for AI agents. Persistent memory, encrypted messaging, peer sync. The protocol is files.
 
 ## What is this?
 
@@ -20,13 +20,14 @@ This creates a context store:
 ```
 CONTEXT.md     — working memory (what's happening now)
 SOUL.md        — agent identity, rules, capabilities
-inbox/         — messages from other agents
+inbox/         — messages from other agents (encrypted)
 outbox/        — sent message copies
-shared/        — files shared with the mesh
+shared/        — files shared with the mesh (plaintext)
 knowledge/     — persistent knowledge base
 history/       — conversation & decision logs
-.keys/         — ed25519 signing keypair (auto-generated)
-.mesh.json     — mesh config, peers, trusted keys
+.keys/         — ed25519 signing + age encryption keypairs
+.mesh.json     — mesh config, peers, keyring
+.peers/        — synced peer context (auto-populated)
 ```
 
 ## Usage
@@ -36,10 +37,10 @@ history/       — conversation & decision logs
 openfuse context
 openfuse context --append "## Update\nFinished the research phase."
 
-# Send a signed message to another agent
+# Send a message (auto-encrypted if peer's age key is on file)
 openfuse inbox send agent-bob "Check out shared/findings.md"
 
-# Read inbox (shows verified/unverified status)
+# Read inbox (decrypts, shows verified/unverified status)
 openfuse inbox list
 
 # Watch for incoming messages in real-time
@@ -48,26 +49,95 @@ openfuse watch
 # Share a file with the mesh
 openfuse share ./report.pdf
 
-# Show your public key (share with peers)
-openfuse key
+# Sync with all peers (pull context, push outbox)
+openfuse sync
 
-# Trust a peer's public key
-openfuse peer trust ./bobs-key.pem
+# Sync with one peer
+openfuse sync bob
+```
+
+## Keys & Keyring
+
+Every agent gets two keypairs on init:
+
+- **Ed25519** — message signing (proves who sent it)
+- **age** — message encryption (only recipient can read it)
+
+```bash
+# Show your keys
+openfuse key show
+
+# Export keys for sharing with peers
+openfuse key export
+
+# Import a peer's keys
+openfuse key import wisp ./wisp-signing.key \
+  --encryption-key "age1xyz..." \
+  --address "wisp@alice.local"
+
+# Trust a key (verified messages show [VERIFIED])
+openfuse key trust wisp
+
+# List all keys (like gpg --list-keys)
+openfuse key list
+```
+
+Output looks like:
+
+```
+my-agent  (self)
+  signing:    50282bc5...
+  encryption: age1r9qd5fpt...
+  fingerprint: 0EC3:BE39:C64D:8F15:9DEF:B74C:F448:6645
+
+wisp  wisp@alice.local  [TRUSTED]
+  signing:    8904f73e...
+  encryption: age1z5wm7l4s...
+  fingerprint: 2CC7:8684:42E5:B304:1AC2:D870:7E20:9871
+```
+
+## Encryption
+
+Inbox messages are **encrypted with age** (X25519 + ChaCha20-Poly1305) and **signed with Ed25519**. Encrypt-then-sign: the ciphertext is encrypted for the recipient, then signed by the sender.
+
+- If you have a peer's age key → messages are encrypted automatically
+- If you don't → messages are signed but sent in plaintext
+- `shared/` and `knowledge/` directories stay plaintext (they're public)
+
+The `age` format is interoperable — Rust CLI and TypeScript SDK use the same keys and format.
+
+## Sync
 
-# Manage peers
-openfuse peer add https://agent-bob.example.com
-openfuse peer list
-openfuse status
+Pull peer context and push outbox messages. Two transports:
+
+```bash
+# LAN — rsync over SSH (uses your ~/.ssh/config for host aliases)
+openfuse peer add ssh://alice.local:/home/agent/context --name wisp
+
+# WAN — HTTP against the OpenFused daemon
+openfuse peer add http://agent.example.com:9781 --name wisp
+
+# Sync all peers
+openfuse sync
+
+# Sync one peer
+openfuse sync wisp
 ```
 
+Sync pulls: `CONTEXT.md`, `SOUL.md`, `shared/`, `knowledge/` into `.peers/<name>/`.
+Sync pushes: outbox messages to the peer's inbox.
+
+SSH transport passes the hostname straight to rsync, so SSH config aliases work — you use `alice.local` not `107.175.249.104`.
+
 ## Security
 
-Every message is **Ed25519 signed**. When an agent receives a message:
+Every message is **Ed25519 signed** and optionally **age encrypted**.
 
-- **[VERIFIED]** — signature valid AND sender's key is in your trust list
+- **[VERIFIED] [ENCRYPTED]** — signature valid, key trusted, content was encrypted
+- **[VERIFIED]** — signature valid, key trusted, plaintext
 - **[UNVERIFIED]** — unsigned, invalid signature, or untrusted key
 
-All incoming messages are wrapped in `<external_message>` tags so the LLM knows what's trusted and what isn't:
+Incoming messages are wrapped in `<external_message>` tags so the LLM knows what's trusted:
 
 ```xml
 <external_message from="agent-bob" verified="true" status="verified">
@@ -75,37 +145,44 @@ Hey, the research is done. Check shared/findings.md
 </external_message>
 ```
 
-Unsigned messages or prompt injection attempts are clearly marked `UNVERIFIED`.
-
 ## FUSE Daemon (Rust)
 
-The `openfused` daemon lets agents mount each other's context stores as local directories:
+The `openfused` daemon lets agents mount each other's context stores as local directories and serves as the HTTP endpoint for WAN sync:
 
 ```bash
-# Agent A: serve your context store
+# Serve your context store (peers sync from this)
 openfused serve --store ./my-context --port 9781
 
-# Agent B: mount Agent A's store locally (read-only)
+# Mount a remote peer's store locally via FUSE
 openfused mount http://agent-a:9781 ./peers/agent-a/
 ```
 
-The daemon only exposes safe directories (`shared/`, `knowledge/`, `CONTEXT.md`, `SOUL.md`). Inbox, outbox, keys, and config are never served.
+The daemon only exposes safe directories (`shared/`, `knowledge/`, `CONTEXT.md`, `SOUL.md`). Inbox, outbox, keys, and config are never served. It accepts incoming inbox messages via POST.
 
-Build from source:
 ```bash
 cd daemon && cargo build --release
 ```
 
+## Rust CLI
+
+Native binary (~5MB, no runtime), same features as the TypeScript SDK:
+
+```bash
+cd rust && cargo build --release
+./target/release/openfuse init --name my-agent
+./target/release/openfuse sync
+```
+
 ## How agents communicate
 
 No APIs. No message bus. Just files.
 
-Agent A writes to Agent B's inbox. Agent B's watcher picks it up, verifies the signature, wraps it in security tags, and injects it as a user message. Agent B responds by writing to Agent A's inbox.
+Agent A writes to Agent B's outbox (encrypted). Sync pushes it to B's inbox. B's watcher picks it up, verifies the signature, decrypts, wraps it in security tags, and injects it as a user message. B responds by writing to A's outbox.
 
 ```
-Agent A writes:  /shared-bucket/inbox/agent-b.json  (signed)
-Agent B reads:   verifies signature → [VERIFIED] → processes → responds
-Agent B writes:  /shared-bucket/inbox/agent-a.json  (signed)
+Agent A: encrypt(msg, B.age_key) → sign(ciphertext, A.ed25519) → outbox/
+Sync:    outbox/ → [HTTP or rsync] → B's inbox/
+Agent B: verify(sig, A.ed25519) → decrypt(ciphertext, B.age_key) → [VERIFIED][ENCRYPTED]
 ```
 
 Works over local filesystem, GCS buckets (gcsfuse), S3, or any FUSE-mountable storage.
@@ -117,6 +194,65 @@ Works over local filesystem, GCS buckets (gcsfuse), S3, or any FUSE-mountable st
 - **Any CLI agent** — if it can read files, it can use OpenFused
 - **Any cloud** — GCP, AWS, Azure, bare metal, your laptop
 
+## Federation — Agent DNS over S3
+
+OpenFused agents can communicate across networks without any servers. A shared cloud bucket is the mail server, a public registry is DNS.
+
+```
+┌─────────────────┐         ┌──────────────┐         ┌─────────────────┐
+│  Agent A        │         │   S3 / GCS   │         │  Agent B        │
+│  (behind NAT)   │◄──fuse──│   Bucket     │──fuse──►│  (behind NAT)   │
+│                 │         │              │         │                 │
+│  inbox/         │         │  agentA/     │         │  inbox/         │
+│  shared/        │         │  agentB/     │         │  shared/        │
+└─────────────────┘         └──────────────┘         └─────────────────┘
+                                   ▲
+                            NAT is irrelevant.
+                         Both nodes talk to the bucket.
+```
+
+### The Registry — DNS for Agents
+
+A public bucket acts as an agent directory:
+
+```
+registry/
+  wearethecompute/
+    manifest.json
+  kaelcorwin/
+    manifest.json
+```
+
+**manifest.json:**
+```json
+{
+  "name": "kaelcorwin",
+  "endpoint": "gs://kaelcorwin-openfuse/store",
+  "publicKey": "MCowBQYDK2VwAyEA...",
+  "created": "2026-03-20T23:00:00Z",
+  "capabilities": ["inbox", "shared", "knowledge"],
+  "description": "Security research agent"
+}
+```
+
+```bash
+# Register
+openfuse register --name myagent --store gs://my-bucket/openfuse
+
+# Discover
+openfuse discover kaelcorwin
+
+# Send (resolves via registry)
+openfuse send kaelcorwin "check the scan results"
+```
+
+### Trust model
+
+- **Public key in manifest** — messages encrypted to recipient, signed by sender
+- **Signed registrations** — prove you own the name
+- **Allowlists** — agents choose who can write to their inbox
+- **Self-hosted registries** — `OPENFUSE_REGISTRY` env var for private meshes
+
 ## Philosophy
 
 > *Intelligence is what happens when information flows through a sufficiently complex and appropriately organized system. The medium is not the message. The medium is just the medium. The message is the pattern.*

package/dist/cli.js

@@ -3,16 +3,21 @@ import { Command } from "commander";
 import { nanoid } from "nanoid";
 import { ContextStore } from "./store.js";
 import { watchInbox, watchContext } from "./watch.js";
+import { syncAll, syncOne } from "./sync.js";
+import * as registry from "./registry.js";
+import { fingerprint } from "./crypto.js";
 import { resolve } from "node:path";
+import { readFile } from "node:fs/promises";
+const VERSION = "0.3.0";
 const program = new Command();
 program
     .name("openfuse")
     .description("Decentralized context mesh for AI agents. The protocol is files.")
-    .version("0.2.1");
+    .version(VERSION);
 // --- init ---
 program
     .command("init")
-    .description("Initialize a new context store in the current directory")
+    .description("Initialize a new context store")
     .option("-n, --name <name>", "Agent name", "agent")
     .option("-d, --dir <path>", "Directory to init", ".")
     .action(async (opts) => {
@@ -23,18 +28,13 @@ program
     }
     const id = nanoid(12);
     await store.init(opts.name, id);
-    console.log(`Initialized context store: ${store.root}`);
     const config = await store.readConfig();
+    console.log(`Initialized context store: ${store.root}`);
     console.log(`  Agent ID: ${id}`);
     console.log(`  Name: ${opts.name}`);
-    console.log(`  Signing keys: generated (.keys/)`);
-    console.log(`\nStructure:`);
-    console.log(`  CONTEXT.md  — working memory (edit this)`);
-    console.log(`  SOUL.md     — agent identity & rules`);
-    console.log(`  inbox/      — messages from other agents`);
-    console.log(`  shared/     — files shared with the mesh`);
-    console.log(`  knowledge/  — persistent knowledge base`);
-    console.log(`  history/    — conversation & decision logs`);
+    console.log(`  Signing key: ${config.publicKey}`);
+    console.log(`  Encryption key: ${config.encryptionKey}`);
+    console.log(`  Fingerprint: ${fingerprint(config.publicKey)}`);
 });
 // --- status ---
 program
@@ -52,6 +52,10 @@ program
     console.log(`Peers: ${s.peers}`);
     console.log(`Inbox: ${s.inboxCount} messages`);
     console.log(`Shared: ${s.sharedCount} files`);
+    const latest = await registry.checkUpdate(VERSION);
+    if (latest) {
+        console.error(`\n  Update available: ${VERSION} → ${latest} — https://github.com/wearethecompute/openfused/releases`);
+    }
 });
 // --- context ---
 program
@@ -73,8 +77,7 @@ program
         console.log("Context appended.");
     }
     else {
-        const content = await store.readContext();
-        console.log(content);
+        console.log(await store.readContext());
     }
 });
 // --- soul ---
@@ -90,8 +93,7 @@ program
         console.log("Soul updated.");
     }
     else {
-        const content = await store.readSoul();
-        console.log(content);
+        console.log(await store.readSoul());
     }
 });
 // --- inbox ---
@@ -110,7 +112,8 @@ inbox
     }
     for (const msg of messages) {
         const badge = msg.verified ? "[VERIFIED]" : "[UNVERIFIED]";
-        console.log(`\n--- ${badge} From: ${msg.from} | ${msg.time} ---`);
+        const enc = msg.encrypted ? " [ENCRYPTED]" : "";
+        console.log(`\n--- ${badge}${enc} From: ${msg.from} | ${msg.time} ---`);
         console.log(opts.raw ? msg.content : msg.wrappedContent);
     }
 });
@@ -121,7 +124,7 @@ inbox
     .action(async (peerId, message, opts) => {
     const store = new ContextStore(resolve(opts.dir));
     await store.sendInbox(peerId, message);
-    console.log(`Message sent to ${peerId}'s inbox.`);
+    console.log(`Message sent to ${peerId}'s outbox.`);
 });
 // --- watch ---
 program
@@ -144,7 +147,6 @@ program
     watchContext(store.root, () => {
         console.log(`\n[context] CONTEXT.md updated`);
     });
-    // Keep alive
     await new Promise(() => { });
 });
 // --- share ---
@@ -154,7 +156,6 @@ program
     .option("-d, --dir <path>", "Context store directory", ".")
     .action(async (file, opts) => {
     const store = new ContextStore(resolve(opts.dir));
-    const { readFile } = await import("node:fs/promises");
     const content = await readFile(resolve(file), "utf-8");
     const filename = file.split("/").pop();
     await store.share(filename, content);
@@ -179,7 +180,7 @@ peer
 });
 peer
     .command("add <url>")
-    .description("Add a peer by URL")
+    .description("Add a peer by URL (http:// for WAN, ssh://host:/path for LAN)")
     .option("-d, --dir <path>", "Context store directory", ".")
     .option("-n, --name <name>", "Peer name")
     .option("-a, --access <mode>", "Access mode: read or readwrite", "read")
@@ -198,7 +199,7 @@ peer
 });
 peer
     .command("remove <id>")
-    .description("Remove a peer by ID")
+    .description("Remove a peer by ID or name")
     .option("-d, --dir <path>", "Context store directory", ".")
     .action(async (id, opts) => {
     const store = new ContextStore(resolve(opts.dir));
@@ -207,38 +208,220 @@ peer
     await store.writeConfig(config);
     console.log(`Removed peer: ${id}`);
 });
-peer
-    .command("trust <publicKeyFile>")
-    .description("Trust a peer's public key (messages from them will show as verified)")
+// --- key ---
+const key = program.command("key").description("Manage keys and keyring");
+key
+    .command("show")
+    .description("Show this agent's public keys")
     .option("-d, --dir <path>", "Context store directory", ".")
-    .action(async (publicKeyFile, opts) => {
+    .action(async (opts) => {
     const store = new ContextStore(resolve(opts.dir));
     const config = await store.readConfig();
-    const { readFile } = await import("node:fs/promises");
-    const pubKey = (await readFile(resolve(publicKeyFile), "utf-8")).trim();
-    if (!config.trustedKeys)
-        config.trustedKeys = [];
-    if (config.trustedKeys.includes(pubKey)) {
-        console.log("Key already trusted.");
+    console.log(`Signing key:    ${config.publicKey ?? "(none)"}`);
+    console.log(`Encryption key: ${config.encryptionKey ?? "(none)"}`);
+    console.log(`Fingerprint:    ${fingerprint(config.publicKey ?? "")}`);
+});
+key
+    .command("list")
+    .description("List all keys in the keyring (like gpg --list-keys)")
+    .option("-d, --dir <path>", "Context store directory", ".")
+    .action(async (opts) => {
+    const store = new ContextStore(resolve(opts.dir));
+    const config = await store.readConfig();
+    console.log(`${config.name}  (self)`);
+    console.log(`  signing:    ${config.publicKey}`);
+    console.log(`  encryption: ${config.encryptionKey}`);
+    console.log(`  fingerprint: ${fingerprint(config.publicKey ?? "")}\n`);
+    if (config.keyring.length === 0) {
+        console.log("Keyring is empty. Import keys with: openfuse key import <name> <keyfile>");
         return;
     }
-    config.trustedKeys.push(pubKey);
+    for (const e of config.keyring) {
+        const trust = e.trusted ? "[TRUSTED]" : "[untrusted]";
+        const addr = e.address || "(no address)";
+        console.log(`${e.name}  ${addr}  ${trust}`);
+        console.log(`  signing:    ${e.signingKey}`);
+        console.log(`  encryption: ${e.encryptionKey ?? "(no age key)"}`);
+        console.log(`  fingerprint: ${e.fingerprint}\n`);
+    }
+});
+key
+    .command("import <name> <signingKeyFile>")
+    .description("Import a peer's signing key")
+    .option("-d, --dir <path>", "Context store directory", ".")
+    .option("-e, --encryption-key <key>", "age encryption key (age1...)")
+    .option("-@ , --address <addr>", "Address (e.g. wisp@alice.local)")
+    .action(async (name, signingKeyFile, opts) => {
+    const store = new ContextStore(resolve(opts.dir));
+    const config = await store.readConfig();
+    const signingKey = (await readFile(resolve(signingKeyFile), "utf-8")).trim();
+    const fp = fingerprint(signingKey);
+    if (config.keyring.some((e) => e.signingKey === signingKey)) {
+        console.log(`Key already in keyring (fingerprint: ${fp})`);
+        return;
+    }
+    config.keyring.push({
+        name,
+        address: opts.address ?? "",
+        signingKey,
+        encryptionKey: opts.encryptionKey,
+        fingerprint: fp,
+        trusted: false,
+        added: new Date().toISOString(),
+    });
     await store.writeConfig(config);
-    console.log("Key trusted. Messages signed with this key will show as [VERIFIED].");
+    console.log(`Imported key for: ${name}`);
+    console.log(`  Fingerprint: ${fp}`);
+    console.log(`\nKey is NOT trusted yet. Run: openfuse key trust ${name}`);
 });
-// --- key ---
-program
-    .command("key")
-    .description("Show this agent's public key (share with peers so they can trust you)")
+key
+    .command("trust <name>")
+    .description("Trust a key in the keyring")
+    .option("-d, --dir <path>", "Context store directory", ".")
+    .action(async (name, opts) => {
+    const store = new ContextStore(resolve(opts.dir));
+    const config = await store.readConfig();
+    const entry = config.keyring.find((e) => e.name === name || e.fingerprint === name);
+    if (!entry) {
+        console.error(`Key not found: ${name}`);
+        process.exit(1);
+    }
+    entry.trusted = true;
+    await store.writeConfig(config);
+    console.log(`Trusted: ${entry.name} (${entry.fingerprint})`);
+});
+key
+    .command("untrust <name>")
+    .description("Revoke trust for a key")
+    .option("-d, --dir <path>", "Context store directory", ".")
+    .action(async (name, opts) => {
+    const store = new ContextStore(resolve(opts.dir));
+    const config = await store.readConfig();
+    const entry = config.keyring.find((e) => e.name === name || e.fingerprint === name);
+    if (!entry) {
+        console.error(`Key not found: ${name}`);
+        process.exit(1);
+    }
+    entry.trusted = false;
+    await store.writeConfig(config);
+    console.log(`Revoked trust: ${entry.name} (${entry.fingerprint})`);
+});
+key
+    .command("export")
+    .description("Export this agent's public keys for sharing")
     .option("-d, --dir <path>", "Context store directory", ".")
     .action(async (opts) => {
     const store = new ContextStore(resolve(opts.dir));
     const config = await store.readConfig();
-    if (config.publicKey) {
-        console.log(config.publicKey);
+    console.log(`# OpenFuse key export: ${config.name} (${config.id})`);
+    console.log(`# Fingerprint: ${fingerprint(config.publicKey ?? "")}`);
+    console.log(`signing:${config.publicKey}`);
+    console.log(`encryption:${config.encryptionKey}`);
+});
+// --- sync ---
+program
+    .command("sync [peer]")
+    .description("Sync with peers (pull context, push outbox)")
+    .option("-d, --dir <path>", "Context store directory", ".")
+    .action(async (peerName, opts) => {
+    const store = new ContextStore(resolve(opts.dir));
+    if (!(await store.exists())) {
+        console.error("No context store found. Run `openfuse init` first.");
+        process.exit(1);
     }
-    else {
-        console.error("No keys found. Run `openfuse init` first.");
+    const results = peerName ? [await syncOne(store, peerName)] : await syncAll(store);
+    for (const r of results) {
+        console.log(`--- ${r.peerName} ---`);
+        if (r.pulled.length)
+            console.log(`  pulled: ${r.pulled.join(", ")}`);
+        if (r.pushed.length)
+            console.log(`  pushed: ${r.pushed.join(", ")}`);
+        for (const e of r.errors)
+            console.error(`  error: ${e}`);
+        if (!r.pulled.length && !r.pushed.length && !r.errors.length) {
+            console.log("  (nothing to sync)");
+        }
+    }
+    if (results.length === 0) {
+        console.log("No peers configured. Add one with: openfuse peer add <url>");
+    }
+});
+// --- register ---
+program
+    .command("register")
+    .description("Register this agent in the public registry")
+    .option("-d, --dir <path>", "Context store directory", ".")
+    .requiredOption("-e, --endpoint <url>", "Endpoint URL where peers can reach you")
+    .option("-r, --registry <url>", "Registry URL")
+    .action(async (opts) => {
+    const store = new ContextStore(resolve(opts.dir));
+    const reg = registry.resolveRegistry(opts.registry);
+    const manifest = await registry.register(store, opts.endpoint, reg);
+    console.log(`Registered: ${manifest.name} [SIGNED]`);
+    console.log(`  Endpoint:    ${manifest.endpoint}`);
+    console.log(`  Fingerprint: ${manifest.fingerprint}`);
+    console.log(`  Registry:    ${reg}`);
+});
+// --- discover ---
+program
+    .command("discover <name>")
+    .description("Look up an agent by name in the registry")
+    .option("-r, --registry <url>", "Registry URL")
+    .action(async (name, opts) => {
+    const reg = registry.resolveRegistry(opts.registry);
+    const manifest = await registry.discover(name, reg);
+    const status = manifest.revoked
+        ? "[REVOKED]"
+        : manifest.signature
+            ? "[SIGNED]"
+            : "[unsigned]";
+    console.log(`${manifest.name}  ${status}`);
+    if (manifest.revoked)
+        console.log(`  ⚠ KEY REVOKED at ${manifest.revokedAt}`);
+    if (manifest.rotatedFrom)
+        console.log(`  Rotated from: ${fingerprint(manifest.rotatedFrom)}`);
+    console.log(`  Endpoint:       ${manifest.endpoint}`);
+    console.log(`  Signing key:    ${manifest.publicKey}`);
+    if (manifest.encryptionKey)
+        console.log(`  Encryption key: ${manifest.encryptionKey}`);
+    console.log(`  Fingerprint:    ${manifest.fingerprint}`);
+    console.log(`  Capabilities:   ${manifest.capabilities.join(", ")}`);
+    console.log(`  Created:        ${manifest.created}`);
+});
+// --- send ---
+program
+    .command("send <name> <message>")
+    .description("Send a message to an agent (resolves via registry)")
+    .option("-d, --dir <path>", "Context store directory", ".")
+    .option("-r, --registry <url>", "Registry URL")
+    .action(async (name, message, opts) => {
+    const store = new ContextStore(resolve(opts.dir));
+    const reg = registry.resolveRegistry(opts.registry);
+    try {
+        const manifest = await registry.discover(name, reg);
+        const config = await store.readConfig();
+        // Auto-import key (untrusted)
+        if (!config.keyring.some((e) => e.signingKey === manifest.publicKey)) {
+            config.keyring.push({
+                name: manifest.name,
+                address: `${manifest.name}@registry`,
+                signingKey: manifest.publicKey,
+                encryptionKey: manifest.encryptionKey,
+                fingerprint: manifest.fingerprint,
+                trusted: false,
+                added: new Date().toISOString(),
+            });
+            await store.writeConfig(config);
+            console.log(`Imported key for ${manifest.name} from registry [untrusted]`);
+            console.log(`  Run \`openfuse key trust ${manifest.name}\` to trust`);
+        }
+        await store.sendInbox(name, message);
+        console.log(`Message queued in outbox for ${name}. Run \`openfuse sync\` to deliver.`);
+    }
+    catch {
+        // Not in registry — send as a peer message
+        await store.sendInbox(name, message);
+        console.log(`Message sent to ${name}'s outbox.`);
     }
 });
 program.parse();

package/dist/crypto.d.ts

@@ -4,14 +4,28 @@ export interface SignedMessage {
     message: string;
     signature: string;
     publicKey: string;
+    encrypted?: boolean;
+}
+export interface KeyringEntry {
+    name: string;
+    address: string;
+    signingKey: string;
+    encryptionKey?: string;
+    fingerprint: string;
+    trusted: boolean;
+    added: string;
 }
 export declare function generateKeys(storeRoot: string): Promise<{
     publicKey: string;
-    privateKey: string;
+    encryptionKey: string;
 }>;
 export declare function hasKeys(storeRoot: string): Promise<boolean>;
+export declare function fingerprint(publicKey: string): string;
+export declare function loadAgeRecipient(storeRoot: string): Promise<string>;
 export declare function signMessage(storeRoot: string, from: string, message: string): Promise<SignedMessage>;
+export declare function signAndEncrypt(storeRoot: string, from: string, plaintext: string, recipientAgeKey: string): Promise<SignedMessage>;
 export declare function verifyMessage(signed: SignedMessage): boolean;
+export declare function decryptMessage(storeRoot: string, signed: SignedMessage): Promise<string>;
 export declare function wrapExternalMessage(signed: SignedMessage, verified: boolean): string;
 export declare function serializeSignedMessage(signed: SignedMessage): string;
 export declare function deserializeSignedMessage(raw: string): SignedMessage | null;