blockintql 1.0.0__tar.gz

blockintql-1.0.0/LICENSE

@@ -0,0 +1,17 @@
+MIT License
+
+Copyright (c) 2026 Block6IQ
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

blockintql-1.0.0/PKG-INFO

@@ -0,0 +1,138 @@
+Metadata-Version: 2.4
+Name: blockintql
+Version: 1.0.0
+Summary: BlockINTQL — Sovereign Blockchain Intelligence CLI
+Home-page: https://blockintql.com
+Author: Block6IQ
+Author-email: joe@block6iq.com
+Keywords: blockchain bitcoin ethereum forensics compliance aml kyc intelligence agents
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Security
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: click>=8.0.0
+Requires-Dist: httpx>=0.27.0
+Requires-Dist: rich>=13.0.0
+Dynamic: author
+Dynamic: author-email
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: keywords
+Dynamic: license-file
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary
+
+# BlockINTQL CLI
+
+Sovereign blockchain intelligence from the command line.
+Built for AI agents, compliance teams, and developers.
+
+## Install
+
+    pip install blockintql
+
+## Setup
+
+    blockintql auth --api-key biq_sk_live_YOUR_KEY
+
+Get an API key at blockintql.com
+
+## Usage
+
+    # Screen before accepting payment
+    blockintql screen --address 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa
+
+    # Enrich with your own Chainalysis/TRM key
+    blockintql screen --address 0x123... --chain ethereum \
+      --provider chainalysis --provider-key $KEY
+
+    # Natural language intelligence
+    blockintql query "is this address linked to Lazarus Group?"
+
+    # Multi-agent analysis
+    blockintql analyze "check if these wallets transacted with each other" \
+      --address 0x123... --address 0x456...
+
+    # OP_RETURN identity search
+    blockintql profile --identifier @lazarus_trader
+
+    # Trace funds FIFO/LIFO
+    blockintql trace --txid abc123... --hops 5
+
+    # List attribution providers
+    blockintql providers
+
+    # Install skills into agent context
+    blockintql skills --install >> CLAUDE.md
+
+## Agent Mode
+
+All commands support --agent for machine-readable JSON:
+
+    RESULT=$(blockintql screen --address $PAYMENT_DEST --agent)
+    SAFE=$(echo $RESULT | jq -r '.safe')
+
+    if [ "$SAFE" = "false" ]; then
+      echo "Payment blocked"
+      exit 1
+    fi
+
+## x402 Autonomous Payments
+
+Configure once, pay per screen automatically:
+
+    blockintql pay --wallet-type cdp \
+      --cdp-key-id $CDP_KEY_ID \
+      --cdp-private-key $CDP_PRIVATE_KEY \
+      --auto-pay
+
+Every screen auto-pays $0.001 USDC on Base to:
+0x32984663A11b9d7634Bf35835AE32B5A031637D5
+
+## Attribution Providers
+
+Bring your own key — we never see your data:
+
+  chainalysis   --provider chainalysis --provider-key $KEY
+  trm           --provider trm --provider-key $KEY
+  elliptic      --provider elliptic --provider-key $KEY
+  arkham        --provider arkham --provider-key $KEY
+  metamask      --provider metamask (free, no key needed)
+  generic       --provider generic --provider-url https://your-api.com/screen/{address}
+
+## Privacy Guarantee
+
+Your attribution provider key never leaves your machine.
+
+Provider API calls are made directly from the CLI on your local machine.
+BlockINTQL servers only receive the address being screened — never your
+provider key, never the raw provider response.
+
+Verify this by reading the source:
+  blockintql/providers.py — all provider calls are direct HTTP from CLI
+  blockintql/cli.py — only address + chain sent to BlockINTQL API
+
+Open source. Verify yourself: github.com/block6iq/blockintql-cli
+
+## MCP Server
+
+For AI agents using MCP (Model Context Protocol):
+
+    https://blockintql-mcp-385334043904.us-central1.run.app/mcp
+
+## Powered By
+
+- Sovereign Bitcoin node — fully synced, 942,000+ blocks
+- Sovereign Ethereum node — fully synced, 24,000,000+ blocks  
+- 50,000+ OP_RETURN identity signals mined from the Bitcoin blockchain
+- BlockINTAI — autonomous multi-agent analytics engine
+- BlockINTQL — sovereign blockchain query language
+
+Block6IQ — block6iq.com

blockintql-1.0.0/README.md

@@ -0,0 +1,107 @@
+# BlockINTQL CLI
+
+Sovereign blockchain intelligence from the command line.
+Built for AI agents, compliance teams, and developers.
+
+## Install
+
+    pip install blockintql
+
+## Setup
+
+    blockintql auth --api-key biq_sk_live_YOUR_KEY
+
+Get an API key at blockintql.com
+
+## Usage
+
+    # Screen before accepting payment
+    blockintql screen --address 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa
+
+    # Enrich with your own Chainalysis/TRM key
+    blockintql screen --address 0x123... --chain ethereum \
+      --provider chainalysis --provider-key $KEY
+
+    # Natural language intelligence
+    blockintql query "is this address linked to Lazarus Group?"
+
+    # Multi-agent analysis
+    blockintql analyze "check if these wallets transacted with each other" \
+      --address 0x123... --address 0x456...
+
+    # OP_RETURN identity search
+    blockintql profile --identifier @lazarus_trader
+
+    # Trace funds FIFO/LIFO
+    blockintql trace --txid abc123... --hops 5
+
+    # List attribution providers
+    blockintql providers
+
+    # Install skills into agent context
+    blockintql skills --install >> CLAUDE.md
+
+## Agent Mode
+
+All commands support --agent for machine-readable JSON:
+
+    RESULT=$(blockintql screen --address $PAYMENT_DEST --agent)
+    SAFE=$(echo $RESULT | jq -r '.safe')
+
+    if [ "$SAFE" = "false" ]; then
+      echo "Payment blocked"
+      exit 1
+    fi
+
+## x402 Autonomous Payments
+
+Configure once, pay per screen automatically:
+
+    blockintql pay --wallet-type cdp \
+      --cdp-key-id $CDP_KEY_ID \
+      --cdp-private-key $CDP_PRIVATE_KEY \
+      --auto-pay
+
+Every screen auto-pays $0.001 USDC on Base to:
+0x32984663A11b9d7634Bf35835AE32B5A031637D5
+
+## Attribution Providers
+
+Bring your own key — we never see your data:
+
+  chainalysis   --provider chainalysis --provider-key $KEY
+  trm           --provider trm --provider-key $KEY
+  elliptic      --provider elliptic --provider-key $KEY
+  arkham        --provider arkham --provider-key $KEY
+  metamask      --provider metamask (free, no key needed)
+  generic       --provider generic --provider-url https://your-api.com/screen/{address}
+
+## Privacy Guarantee
+
+Your attribution provider key never leaves your machine.
+
+Provider API calls are made directly from the CLI on your local machine.
+BlockINTQL servers only receive the address being screened — never your
+provider key, never the raw provider response.
+
+Verify this by reading the source:
+  blockintql/providers.py — all provider calls are direct HTTP from CLI
+  blockintql/cli.py — only address + chain sent to BlockINTQL API
+
+Open source. Verify yourself: github.com/block6iq/blockintql-cli
+
+## MCP Server
+
+For AI agents using MCP (Model Context Protocol):
+
+    https://blockintql-mcp-385334043904.us-central1.run.app/mcp
+
+## Powered By
+
+- Sovereign Bitcoin node — fully synced, 942,000+ blocks
+- Sovereign Ethereum node — fully synced, 24,000,000+ blocks  
+- 50,000+ OP_RETURN identity signals mined from the Bitcoin blockchain
+- BlockINTAI — autonomous multi-agent analytics engine
+- BlockINTQL — sovereign blockchain query language
+
+Block6IQ — block6iq.com

blockintql-1.0.0/blockintql/__init__.py

@@ -0,0 +1,2 @@
+"""BlockINTQL — Sovereign Blockchain Intelligence CLI"""
+__version__ = "1.0.0"

blockintql-1.0.0/blockintql/cli.py

@@ -0,0 +1,415 @@
+#!/usr/bin/env python3
+"""
+BlockINTQL CLI
+
+PRIVACY ARCHITECTURE:
+  BlockINTQL API receives: address + chain ONLY
+  Provider API receives: address + your key (direct from your machine)
+  BlockINTQL NEVER sees: your provider key or raw provider response
+
+Verify this by reading the source. Open source: github.com/block6iq/blockintql-cli
+"""
+
+import sys, os, json
+import click
+import httpx
+from typing import Optional
+from rich.console import Console
+from rich.table import Table
+from rich.panel import Panel
+from rich import box
+from .providers import get_provider, list_providers
+
+API_BASE = os.environ.get("BLOCKINTQL_API_URL", "https://btc-index-api-385334043904.us-central1.run.app")
+CONFIG_FILE = os.path.expanduser("~/.blockintql/config.json")
+console = Console()
+err_console = Console(stderr=True)
+
+def load_config():
+    if os.path.exists(CONFIG_FILE):
+        with open(CONFIG_FILE) as f: return json.load(f)
+    return {}
+
+def save_config(config):
+    os.makedirs(os.path.dirname(CONFIG_FILE), exist_ok=True)
+    with open(CONFIG_FILE, "w") as f: json.dump(config, f, indent=2)
+
+def get_api_key():
+    return os.environ.get("BLOCKINTQL_API_KEY") or load_config().get("api_key")
+
+def get_headers():
+    key = get_api_key()
+    if not key:
+        err_console.print("[red]No API key.[/] Run: blockintql auth --api-key YOUR_KEY")
+        sys.exit(1)
+    return {"Authorization": f"Bearer {key}", "Content-Type": "application/json"}
+
+def api_get(path, params=None):
+    """Query BlockINTQL API — sends address+chain ONLY, never provider keys."""
+    try:
+        r = httpx.get(f"{API_BASE}{path}", headers=get_headers(), params=params, timeout=30)
+        r.raise_for_status()
+        return r.json()
+    except Exception as e:
+        return {"error": str(e)}
+
+def api_post(path, body):
+    """Query BlockINTQL API — sends address+chain ONLY, never provider keys."""
+    try:
+        r = httpx.post(f"{API_BASE}{path}", headers=get_headers(), json=body, timeout=60)
+        r.raise_for_status()
+        return r.json()
+    except Exception as e:
+        return {"error": str(e)}
+
+def enrich_with_provider(result, address, chain, provider_name, provider_key):
+    """
+    PRIVACY: Runs entirely on your local machine.
+    Calls provider API directly — key never sent to BlockINTQL.
+    Only the merged verdict (no raw provider data) is shown to user.
+    """
+    if not provider_name or not provider_key:
+        return result
+    provider = get_provider(provider_name, provider_key)
+    if not provider:
+        err_console.print(f"[yellow]Unknown provider: {provider_name}[/]")
+        return result
+
+    # PRIVACY: This call goes directly to provider API from your machine
+    pd = provider.get_address_risk(address, chain)
+
+    if "error" in pd.get("raw", {}):
+        return result
+
+    # Merge — take higher risk score
+    result["risk_score"] = max(pd.get("risk_score", 0), result.get("risk_score", 0))
+    if pd.get("entity_name") and not result.get("entity"):
+        result["entity"] = pd["entity_name"]
+    if pd.get("sanctions_hit"):
+        result["verdict"] = "BLOCK"
+        result["safe"] = False
+        result.setdefault("risk_indicators", []).append("SANCTIONS")
+    # Store provider summary (not raw response) for display
+    result["provider_data"] = {
+        "provider": provider_name,
+        "entity_name": pd.get("entity_name"),
+        "entity_category": pd.get("entity_category"),
+        "risk_score": pd.get("risk_score", 0),
+        "risk_indicators": pd.get("risk_indicators", []),
+        "sanctions_hit": pd.get("sanctions_hit", False),
+    }
+    return result
+
+def verdict_color(v):
+    return {"CLEAR": "green", "CAUTION": "yellow", "BLOCK": "red"}.get(str(v).upper(), "white")
+
+def output(data, agent, quiet):
+    if agent or not sys.stdout.isatty():
+        click.echo(json.dumps(data, indent=2, default=str))
+        return
+    if "error" in data:
+        err_console.print(f"[red]Error:[/] {data['error']}")
+        return
+    if "verdict" in data and "risk_score" in data:
+        v = data["verdict"]
+        color = verdict_color(v)
+        console.print(Panel(f"[bold {color}]{v}[/]  {'✅' if data.get('safe') else '❌'}",
+                           title="BlockINTQL Verdict", border_style=color))
+        if not quiet:
+            t = Table(box=box.SIMPLE, show_header=False)
+            t.add_column("", style="dim", width=22)
+            t.add_column("")
+            t.add_row("Address", data.get("address",""))
+            t.add_row("Chain", data.get("chain",""))
+            t.add_row("Risk Score", f"{data.get('risk_score',0)}/100")
+            t.add_row("Entity", data.get("entity") or "Unknown")
+            if data.get("risk_indicators"):
+                t.add_row("Risk Indicators", ", ".join(data["risk_indicators"]))
+            if data.get("action"):
+                t.add_row("Action", data["action"])
+            if data.get("provider_data"):
+                pd = data["provider_data"]
+                t.add_row("─"*15, "─"*25)
+                t.add_row(f"[dim]{pd.get('provider','').upper()} (local)[/]", "")
+                if pd.get("entity_name"): t.add_row("  Entity", pd["entity_name"])
+                t.add_row("  Risk", f"{pd.get('risk_score',0)}/100")
+                if pd.get("sanctions_hit"): t.add_row("  Sanctions", "[red]⚠️ HIT[/]")
+            console.print(t)
+            if data.get("narrative"):
+                console.print(Panel(data["narrative"], title="Analysis", border_style="dim"))
+        return
+    if "profile" in data:
+        found = data.get("found", False)
+        console.print(Panel(
+            f"[bold]{data['identifier']}[/] ({data.get('identifier_type','')})\n"
+            f"{'[green]Found[/]' if found else '[dim]Not found[/]'}",
+            title="BlockINTQL Profile", border_style="blue" if found else "dim"))
+        if not quiet and found:
+            p = data.get("profile", {})
+            t = Table(box=box.SIMPLE, show_header=False)
+            t.add_column("", style="dim", width=25)
+            t.add_column("")
+            if p.get("entity_name"): t.add_row("Entity", p["entity_name"])
+            t.add_row("Risk Score", f"{p.get('risk_score',0)}/100")
+            if p.get("linked_bitcoin_addresses"):
+                t.add_row("Linked BTC", "\n".join(p["linked_bitcoin_addresses"][:5]))
+            if p.get("linked_identifiers"):
+                t.add_row("Linked IDs", "\n".join(
+                    [f"{l['identifier']} ({l['type']})" for l in p["linked_identifiers"][:5]]))
+            console.print(t)
+        return
+    if not quiet:
+        console.print_json(json.dumps(data, default=str))
+
+provider_opts = [
+    click.option("--provider", "-p", default=None,
+                 type=click.Choice(["chainalysis","trm","elliptic","arkham","metamask","generic"]),
+                 help="Attribution provider (key stays on your machine)"),
+    click.option("--provider-key", default=None, envvar="BLOCKINTQL_PROVIDER_KEY",
+                 help="Provider API key — never sent to BlockINTQL"),
+    click.option("--provider-url", default=None,
+                 help="Custom provider URL template (use {address} placeholder)"),
+]
+
+def with_provider(f):
+    for opt in reversed(provider_opts): f = opt(f)
+    return f
+
+@click.group()
+@click.version_option("1.0.0", prog_name="blockintql")
+def cli():
+    """BlockINTQL — Sovereign Blockchain Intelligence CLI
+
+    Your provider key never leaves your machine.
+    BlockINTQL only receives the address being screened.
+    """
+    pass
+
+@cli.command()
+@click.option("--api-key", required=True)
+@click.option("--provider", default=None)
+@click.option("--provider-key", default=None)
+def auth(api_key, provider, provider_key):
+    """Save API key and optional default provider."""
+    config = load_config()
+    config["api_key"] = api_key
+    if provider: config["default_provider"] = provider
+    if provider_key: config["default_provider_key"] = provider_key
+    save_config(config)
+    console.print("[green]✅ Saved.[/]")
+
+@cli.command()
+@click.option("--address", "-a", required=True)
+@click.option("--chain", "-c", default="bitcoin", type=click.Choice(["bitcoin","ethereum"]))
+@click.option("--context", default="")
+@with_provider
+@click.option("--agent", is_flag=True)
+@click.option("--quiet", "-q", is_flag=True)
+def verdict(address, chain, context, provider, provider_key, provider_url, agent, quiet):
+    """Get a CLEAR/CAUTION/BLOCK verdict.
+
+    \b
+    Privacy: BlockINTQL receives address+chain only.
+    Provider key stays on your machine.
+
+    \b
+    Examples:
+      blockintql verdict --address 1A1zP1e...
+      blockintql verdict --address 0x123... --provider chainalysis --provider-key $KEY
+    """
+    config = load_config()
+    provider = provider or config.get("default_provider")
+    provider_key = provider_key or config.get("default_provider_key")
+    if not quiet and not agent:
+        p_info = f" + {provider} (local)" if provider else ""
+        console.print(f"[dim]Screening {address[:20]}...{p_info}[/]")
+
+    # STEP 1: BlockINTQL gets address+chain ONLY
+    result = api_post("/v1/verdict", {"address": address, "chain": chain, "context": context})
+
+    # STEP 2: Provider called directly from YOUR machine — key never sent to BlockINTQL
+    if provider and provider_key and "error" not in result:
+        result = enrich_with_provider(result, address, chain, provider, provider_key)
+
+    output(result, agent, quiet)
+
+@cli.command()
+@click.option("--address", "-a", required=True)
+@click.option("--chain", "-c", default="bitcoin", type=click.Choice(["bitcoin","ethereum"]))
+@with_provider
+@click.option("--agent", is_flag=True)
+@click.option("--quiet", "-q", is_flag=True)
+def screen(address, chain, provider, provider_key, provider_url, agent, quiet):
+    """Screen a counterparty before transacting.
+
+    \b
+    Privacy: Your provider key never touches BlockINTQL servers.
+    Provider is called directly from your machine.
+
+    \b
+    Examples:
+      blockintql screen --address 1A1zP1e...
+      blockintql screen --address 0x123... --provider trm --provider-key $KEY
+    """
+    config = load_config()
+    provider = provider or config.get("default_provider")
+    provider_key = provider_key or config.get("default_provider_key")
+    if not quiet and not agent:
+        p_info = f" + {provider} (local)" if provider else ""
+        console.print(f"[dim]Screening {address[:20]}...{p_info}[/]")
+
+    # STEP 1: BlockINTQL gets address+chain ONLY
+    result = api_post("/v1/screen", {"address": address, "chain": chain})
+
+    # STEP 2: Provider called directly from YOUR machine — key never sent to BlockINTQL
+    if provider and provider_key and "error" not in result:
+        result = enrich_with_provider(result, address, chain, provider, provider_key)
+
+    output(result, agent, quiet)
+
+@cli.command()
+@click.argument("query", required=False)
+@click.option("--address", "-a", multiple=True)
+@click.option("--chain", "-c", default="ethereum", type=click.Choice(["bitcoin","ethereum","both"]))
+@click.option("--format", "fmt", default="full", type=click.Choice(["full","graph","narrative"]))
+@click.option("--agent", is_flag=True)
+@click.option("--quiet", "-q", is_flag=True)
+def analyze(query, address, chain, fmt, agent, quiet):
+    """Run autonomous multi-agent analysis."""
+    if not query and not address:
+        raise click.UsageError("Provide a QUERY or --address")
+    if not quiet and not agent:
+        console.print("[dim]Running autonomous analysis...[/]")
+    result = api_post("/v1/analyze", {"query": query or "", "addresses": list(address),
+                                       "chain": chain, "output_format": fmt})
+    output(result, agent, quiet)
+
+@cli.command()
+@click.option("--identifier", "-i", required=True)
+@click.option("--type", "id_type", default="auto",
+              type=click.Choice(["auto","email","telegram","twitter","phone",
+                                  "btc_address","eth_address","pgp_fingerprint"]))
+@click.option("--agent", is_flag=True)
+@click.option("--quiet", "-q", is_flag=True)
+def profile(identifier, id_type, agent, quiet):
+    """Search OP_RETURN identity graph — unique on-chain data."""
+    if not quiet and not agent:
+        console.print(f"[dim]Searching identity graph...[/]")
+    result = api_get("/v1/profile/search", {"identifier": identifier, "type": id_type})
+    output(result, agent, quiet)
+
+@cli.command()
+@click.option("--txid", "-t", required=True)
+@click.option("--hops", default=5)
+@click.option("--method", default="fifo", type=click.Choice(["fifo","lifo"]))
+@click.option("--agent", is_flag=True)
+@click.option("--quiet", "-q", is_flag=True)
+def trace(txid, hops, method, agent, quiet):
+    """Trace funds with FIFO/LIFO accounting."""
+    if not quiet and not agent:
+        console.print(f"[dim]Tracing {txid[:20]}... ({hops} hops)[/]")
+    result = api_post("/v1/trace", {"txid": txid, "hops": hops, "method": method})
+    output(result, agent, quiet)
+
+@cli.command()
+@click.argument("query")
+@click.option("--agent", is_flag=True)
+@click.option("--quiet", "-q", is_flag=True)
+def query(query, agent, quiet):
+    """Natural language blockchain intelligence."""
+    if not quiet and not agent: console.print("[dim]Processing...[/]")
+    result = api_post("/v1/intelligence/search", {"query": query})
+    output(result, agent, quiet)
+
+@cli.command()
+@click.option("--agent", is_flag=True)
+def providers(agent):
+    """List attribution providers — all called locally, keys never leave your machine."""
+    data = list_providers()
+    if agent or not sys.stdout.isatty():
+        click.echo(json.dumps(data, indent=2))
+        return
+    t = Table(title="Attribution Providers (all local — keys never sent to BlockINTQL)",
+              box=box.ROUNDED, border_style="blue")
+    t.add_column("Provider", style="bold yellow")
+    t.add_column("Description")
+    t.add_column("Key Required")
+    for p in data:
+        t.add_row(p["name"], p["description"], "No" if p["name"] in ("metamask","generic") else "Yes")
+    console.print(t)
+
+@cli.command()
+@click.option("--install", is_flag=True)
+@click.option("--agent", is_flag=True)
+def skills(install, agent):
+    """List capabilities or install into agent context."""
+    if install:
+        r = httpx.get(f"{API_BASE}/skills/skill.md", timeout=10)
+        click.echo(r.text)
+        return
+    if agent or not sys.stdout.isatty():
+        click.echo(json.dumps({
+            "commands": ["verdict","screen","analyze","profile","trace","query","providers"],
+            "providers": [p["name"] for p in list_providers()],
+            "privacy": "Provider keys never leave your machine",
+            "mcp_server": "https://blockintql-mcp-385334043904.us-central1.run.app/mcp",
+            "source": "https://github.com/block6iq/blockintql-cli",
+        }, indent=2))
+        return
+    t = Table(title="BlockINTQL CLI", box=box.ROUNDED, border_style="blue")
+    t.add_column("Command", style="bold yellow", width=12)
+    t.add_column("Description")
+    t.add_column("Example")
+    rows = [
+        ("verdict","CLEAR/CAUTION/BLOCK","blockintql verdict --address 1ABC..."),
+        ("screen","Screen + provider","blockintql screen --address 0x123... --provider trm --provider-key $KEY"),
+        ("analyze","Multi-agent analysis",'blockintql analyze "check for sanctions"'),
+        ("profile","OP_RETURN identity","blockintql profile --identifier @handle"),
+        ("trace","FIFO/LIFO tracing","blockintql trace --txid abc123..."),
+        ("query","Natural language",'blockintql query "is this safe?"'),
+        ("providers","List providers","blockintql providers"),
+        ("skills","Agent skills","blockintql skills --install >> CLAUDE.md"),
+    ]
+    for r in rows: t.add_row(*r)
+    console.print(t)
+    console.print("\n[dim]Provider keys stay on your machine. BlockINTQL only sees the address.[/]")
+    console.print("[dim]Source: github.com/block6iq/blockintql-cli[/]")
+
+@cli.command()
+@click.option("--wallet-type", default="cdp", type=click.Choice(["cdp","privatekey"]))
+@click.option("--cdp-key-id", default=None, envvar="BLOCKINTQL_CDP_KEY_ID")
+@click.option("--cdp-private-key", default=None, envvar="BLOCKINTQL_CDP_PRIVATE_KEY")
+@click.option("--private-key", default=None, envvar="BLOCKINTQL_PRIVATE_KEY")
+@click.option("--auto-pay", is_flag=True)
+@click.option("--max-payment", default=0.10)
+def pay(wallet_type, cdp_key_id, cdp_private_key, private_key, auto_pay, max_payment):
+    """Configure x402 auto-payment — $0.001 USDC per screen on Base."""
+    config = load_config()
+    payment_config = {"type": wallet_type, "auto_pay": auto_pay, "max_payment_usd": max_payment}
+    if wallet_type == "cdp":
+        if not cdp_key_id or not cdp_private_key:
+            err_console.print("[red]CDP requires --cdp-key-id and --cdp-private-key[/]")
+            return
+        payment_config.update({"cdp_key_id": cdp_key_id, "cdp_private_key": cdp_private_key})
+    elif wallet_type == "privatekey":
+        if not private_key:
+            err_console.print("[red]Requires --private-key[/]")
+            return
+        payment_config["private_key"] = private_key
+    config["payment"] = payment_config
+    save_config(config)
+    console.print(f"[green]✅ Payment wallet configured ({wallet_type})[/]")
+    console.print(f"[green]✅ Auto-pay: {'enabled' if auto_pay else 'disabled'} | Max: ${max_payment}[/]")
+    console.print(f"[dim]Payments → 0x32984663A11b9d7634Bf35835AE32B5A031637D5 (Base)[/]")
+
+@cli.command()
+@click.option("--agent", is_flag=True)
+def status(agent):
+    """Check node health."""
+    output(api_get("/health"), agent, False)
+
+def main():
+    cli()
+
+if __name__ == "__main__":
+    main()

blockintql-1.0.0/blockintql/providers.py

@@ -0,0 +1,228 @@
+"""BlockINTQL Provider Plugin System"""
+
+import httpx
+from abc import ABC, abstractmethod
+
+
+class AttributionProvider(ABC):
+    name: str = "unknown"
+    description: str = ""
+    def __init__(self, api_key: str):
+        self.api_key = api_key
+    @abstractmethod
+    def get_address_risk(self, address: str, chain: str = "bitcoin") -> dict:
+        pass
+    def normalize(self, raw: dict) -> dict:
+        return {"entity_name": None, "entity_category": None, "risk_score": 0,
+                "risk_indicators": [], "sanctions_hit": False, "provider": self.name, "raw": raw}
+
+
+class ChainalysisProvider(AttributionProvider):
+    name = "chainalysis"
+    description = "Chainalysis KYT — industry standard blockchain analytics"
+    def get_address_risk(self, address: str, chain: str = "bitcoin") -> dict:
+        asset = {"bitcoin": "BITCOIN", "ethereum": "ETHEREUM"}.get(chain, "BITCOIN")
+        try:
+            r = httpx.post(f"https://api.chainalysis.com/api/kyt/v2/users/demo_user/transfers",
+                headers={"Token": self.api_key, "Content-Type": "application/json"},
+                json={"network": asset, "asset": asset, "transferReference": address, "direction": "received"},
+                timeout=15)
+            if r.status_code not in (200, 201):
+                return self.normalize({"error": f"HTTP {r.status_code}"})
+            data = r.json()
+            risk = data.get("riskScore", "unknown")
+            cluster = data.get("cluster", {})
+            risk_map = {"low": 10, "medium": 50, "high": 80, "severe": 100}
+            result = self.normalize(data)
+            result.update({"entity_name": cluster.get("name"), "entity_category": cluster.get("category"),
+                "risk_score": risk_map.get(str(risk).lower(), 0),
+                "risk_indicators": data.get("exposures", []),
+                "sanctions_hit": any(e.get("category") == "sanctions" for e in data.get("exposures", []))})
+            return result
+        except Exception as e:
+            return self.normalize({"error": str(e)})
+
+
+class TRMProvider(AttributionProvider):
+    name = "trm"
+    description = "TRM Labs — blockchain risk intelligence"
+    def get_address_risk(self, address: str, chain: str = "bitcoin") -> dict:
+        blockchain = {"bitcoin": "bitcoin", "ethereum": "ethereum"}.get(chain, "bitcoin")
+        try:
+            r = httpx.post(f"https://api.trmlabs.com/public/v2/screening/addresses",
+                headers={"Authorization": f"Basic {self.api_key}", "Content-Type": "application/json"},
+                json=[{"address": address, "chain": blockchain}], timeout=15)
+            if r.status_code != 200:
+                return self.normalize({"error": f"HTTP {r.status_code}"})
+            data = r.json()
+            item = data[0] if isinstance(data, list) and data else {}
+            risk_details = item.get("addressRiskIndicators", [])
+            risk_score = item.get("riskScore", 0)
+            result = self.normalize(data)
+            result.update({"entity_name": item.get("addressSummary", {}).get("name"),
+                "entity_category": item.get("addressSummary", {}).get("type"),
+                "risk_score": float(risk_score) * 100 if risk_score <= 1 else float(risk_score),
+                "risk_indicators": [r.get("riskType") for r in risk_details if r.get("riskType")],
+                "sanctions_hit": any(r.get("riskType") == "SANCTIONS" for r in risk_details)})
+            return result
+        except Exception as e:
+            return self.normalize({"error": str(e)})
+
+
+class EllipticProvider(AttributionProvider):
+    name = "elliptic"
+    description = "Elliptic — blockchain analytics and financial crime compliance"
+    def get_address_risk(self, address: str, chain: str = "bitcoin") -> dict:
+        asset = {"bitcoin": "bitcoin", "ethereum": "ethereum"}.get(chain, "bitcoin")
+        try:
+            r = httpx.post("https://aml-api.elliptic.co/v2/wallet/synchronous",
+                headers={"x-access-key": self.api_key, "Content-Type": "application/json"},
+                json={"subject": {"asset": asset, "type": "address", "hash": address}, "type": "wallet_exposure"},
+                timeout=20)
+            if r.status_code != 200:
+                return self.normalize({"error": f"HTTP {r.status_code}"})
+            data = r.json()
+            risk_score = data.get("risk_score_detail", {}).get("risk_score", 0)
+            result = self.normalize(data)
+            result.update({"risk_score": float(risk_score) * 100 if risk_score <= 1 else float(risk_score),
+                "sanctions_hit": data.get("risk_score_detail", {}).get("rule_triggered_name") == "OFAC SDN"})
+            return result
+        except Exception as e:
+            return self.normalize({"error": str(e)})
+
+
+class ArkhamProvider(AttributionProvider):
+    name = "arkham"
+    description = "Arkham Intelligence — entity intelligence platform"
+    def get_address_risk(self, address: str, chain: str = "bitcoin") -> dict:
+        try:
+            r = httpx.get(f"https://api.arkhamintelligence.com/intelligence/address/{address}",
+                headers={"API-Key": self.api_key}, timeout=15)
+            if r.status_code != 200:
+                return self.normalize({"error": f"HTTP {r.status_code}"})
+            data = r.json()
+            entity = data.get("arkhamEntity", {})
+            entity_type = entity.get("type", "")
+            risk_map = {"exchange": 10, "defi": 15, "mixer": 90, "sanctions": 100, "scam": 95, "hack": 95, "darknet": 90}
+            result = self.normalize(data)
+            result.update({"entity_name": entity.get("name"), "entity_category": entity_type,
+                "risk_score": risk_map.get(entity_type.lower(), 20),
+                "sanctions_hit": entity_type.lower() == "sanctions"})
+            return result
+        except Exception as e:
+            return self.normalize({"error": str(e)})
+
+
+class MetaMaskRiskProvider(AttributionProvider):
+    name = "metamask"
+    description = "MetaMask Transaction Insight — free, no API key needed"
+    def __init__(self, api_key: str = ""):
+        self.api_key = api_key
+    def get_address_risk(self, address: str, chain: str = "ethereum") -> dict:
+        if chain != "ethereum":
+            return self.normalize({"error": "MetaMask only supports Ethereum"})
+        try:
+            r = httpx.get(f"https://risk-api.metamask.io/v1/chains/1/addresses/{address}", timeout=10)
+            if r.status_code != 200:
+                return self.normalize({"error": f"HTTP {r.status_code}"})
+            data = r.json()
+            risk_score = 90 if data.get("result") == "Malicious" else 50 if data.get("result") == "Warning" else 0
+            indicators = ["FLAGGED_MALICIOUS"] if risk_score == 90 else ["WARNING"] if risk_score == 50 else []
+            result = self.normalize(data)
+            result.update({"risk_score": risk_score, "risk_indicators": indicators})
+            return result
+        except Exception as e:
+            return self.normalize({"error": str(e)})
+
+
+PROVIDERS = {
+    "chainalysis": ChainalysisProvider,
+    "trm": TRMProvider,
+    "elliptic": EllipticProvider,
+    "arkham": ArkhamProvider,
+    "metamask": MetaMaskRiskProvider,
+}
+
+def get_provider(name: str, api_key: str):
+    cls = PROVIDERS.get(name.lower())
+    return cls(api_key) if cls else None
+
+def list_providers() -> list:
+    return [{"name": k, "description": v.description} for k, v in PROVIDERS.items()]
+
+
+class GenericProvider(AttributionProvider):
+    """
+    Generic provider — point to any REST API that returns risk data.
+    
+    Usage:
+      blockintql screen --address 1ABC... \
+        --provider generic \
+        --provider-key $API_KEY \
+        --provider-url https://api.yourprovider.com/screen/{address} \
+        --provider-field risk_score
+    """
+    name = "generic"
+    description = "Generic — any REST API that returns risk data"
+
+    def __init__(self, api_key: str, url_template: str = None,
+                 risk_field: str = "risk_score",
+                 entity_field: str = "entity",
+                 auth_header: str = "Authorization",
+                 auth_prefix: str = "Bearer"):
+        self.api_key = api_key
+        self.url_template = url_template
+        self.risk_field = risk_field
+        self.entity_field = entity_field
+        self.auth_header = auth_header
+        self.auth_prefix = auth_prefix
+
+    def get_address_risk(self, address: str, chain: str = "bitcoin") -> dict:
+        if not self.url_template:
+            return self.normalize({"error": "No --provider-url specified"})
+        try:
+            url = self.url_template.replace("{address}", address).replace("{chain}", chain)
+            r = httpx.get(url,
+                headers={self.auth_header: f"{self.auth_prefix} {self.api_key}".strip()},
+                timeout=15)
+            if r.status_code != 200:
+                return self.normalize({"error": f"HTTP {r.status_code}"})
+            data = r.json()
+            # Try to extract risk score from nested path e.g. "result.risk.score"
+            risk_score = 0
+            parts = self.risk_field.split(".")
+            val = data
+            for p in parts:
+                val = val.get(p, 0) if isinstance(val, dict) else 0
+            try:
+                risk_score = float(val)
+                if risk_score <= 1:
+                    risk_score *= 100
+            except:
+                pass
+            # Extract entity name
+            entity_val = data
+            for p in self.entity_field.split("."):
+                entity_val = entity_val.get(p) if isinstance(entity_val, dict) else None
+            result = self.normalize(data)
+            result.update({"entity_name": str(entity_val) if entity_val else None,
+                "risk_score": risk_score})
+            return result
+        except Exception as e:
+            return self.normalize({"error": str(e)})
+
+
+# Add generic to registry
+PROVIDERS["generic"] = GenericProvider
+
+# ── PRIVACY GUARANTEE ─────────────────────────────────────────────────────────
+#
+# Provider API calls are made DIRECTLY from this CLI on the user's machine.
+# Provider keys and raw responses NEVER touch BlockINTQL servers.
+# BlockINTQL only receives: address, chain, and the final merged verdict.
+#
+# You can verify this by reading the source code above.
+# The BlockINTQL API endpoint called is /v1/verdict or /v1/screen —
+# neither endpoint accepts or logs provider keys.
+#
+# Open source. Verify yourself: github.com/block6iq/blockintql-cli

blockintql-1.0.0/blockintql.egg-info/PKG-INFO

@@ -0,0 +1,138 @@
+Metadata-Version: 2.4
+Name: blockintql
+Version: 1.0.0
+Summary: BlockINTQL — Sovereign Blockchain Intelligence CLI
+Home-page: https://blockintql.com
+Author: Block6IQ
+Author-email: joe@block6iq.com
+Keywords: blockchain bitcoin ethereum forensics compliance aml kyc intelligence agents
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Security
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: click>=8.0.0
+Requires-Dist: httpx>=0.27.0
+Requires-Dist: rich>=13.0.0
+Dynamic: author
+Dynamic: author-email
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: keywords
+Dynamic: license-file
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary
+
+# BlockINTQL CLI
+
+Sovereign blockchain intelligence from the command line.
+Built for AI agents, compliance teams, and developers.
+
+## Install
+
+    pip install blockintql
+
+## Setup
+
+    blockintql auth --api-key biq_sk_live_YOUR_KEY
+
+Get an API key at blockintql.com
+
+## Usage
+
+    # Screen before accepting payment
+    blockintql screen --address 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa
+
+    # Enrich with your own Chainalysis/TRM key
+    blockintql screen --address 0x123... --chain ethereum \
+      --provider chainalysis --provider-key $KEY
+
+    # Natural language intelligence
+    blockintql query "is this address linked to Lazarus Group?"
+
+    # Multi-agent analysis
+    blockintql analyze "check if these wallets transacted with each other" \
+      --address 0x123... --address 0x456...
+
+    # OP_RETURN identity search
+    blockintql profile --identifier @lazarus_trader
+
+    # Trace funds FIFO/LIFO
+    blockintql trace --txid abc123... --hops 5
+
+    # List attribution providers
+    blockintql providers
+
+    # Install skills into agent context
+    blockintql skills --install >> CLAUDE.md
+
+## Agent Mode
+
+All commands support --agent for machine-readable JSON:
+
+    RESULT=$(blockintql screen --address $PAYMENT_DEST --agent)
+    SAFE=$(echo $RESULT | jq -r '.safe')
+
+    if [ "$SAFE" = "false" ]; then
+      echo "Payment blocked"
+      exit 1
+    fi
+
+## x402 Autonomous Payments
+
+Configure once, pay per screen automatically:
+
+    blockintql pay --wallet-type cdp \
+      --cdp-key-id $CDP_KEY_ID \
+      --cdp-private-key $CDP_PRIVATE_KEY \
+      --auto-pay
+
+Every screen auto-pays $0.001 USDC on Base to:
+0x32984663A11b9d7634Bf35835AE32B5A031637D5
+
+## Attribution Providers
+
+Bring your own key — we never see your data:
+
+  chainalysis   --provider chainalysis --provider-key $KEY
+  trm           --provider trm --provider-key $KEY
+  elliptic      --provider elliptic --provider-key $KEY
+  arkham        --provider arkham --provider-key $KEY
+  metamask      --provider metamask (free, no key needed)
+  generic       --provider generic --provider-url https://your-api.com/screen/{address}
+
+## Privacy Guarantee
+
+Your attribution provider key never leaves your machine.
+
+Provider API calls are made directly from the CLI on your local machine.
+BlockINTQL servers only receive the address being screened — never your
+provider key, never the raw provider response.
+
+Verify this by reading the source:
+  blockintql/providers.py — all provider calls are direct HTTP from CLI
+  blockintql/cli.py — only address + chain sent to BlockINTQL API
+
+Open source. Verify yourself: github.com/block6iq/blockintql-cli
+
+## MCP Server
+
+For AI agents using MCP (Model Context Protocol):
+
+    https://blockintql-mcp-385334043904.us-central1.run.app/mcp
+
+## Powered By
+
+- Sovereign Bitcoin node — fully synced, 942,000+ blocks
+- Sovereign Ethereum node — fully synced, 24,000,000+ blocks  
+- 50,000+ OP_RETURN identity signals mined from the Bitcoin blockchain
+- BlockINTAI — autonomous multi-agent analytics engine
+- BlockINTQL — sovereign blockchain query language
+
+Block6IQ — block6iq.com

blockintql-1.0.0/blockintql.egg-info/SOURCES.txt

@@ -0,0 +1,12 @@
+LICENSE
+README.md
+setup.py
+blockintql/__init__.py
+blockintql/cli.py
+blockintql/providers.py
+blockintql.egg-info/PKG-INFO
+blockintql.egg-info/SOURCES.txt
+blockintql.egg-info/dependency_links.txt
+blockintql.egg-info/entry_points.txt
+blockintql.egg-info/requires.txt
+blockintql.egg-info/top_level.txt

blockintql-1.0.0/blockintql.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

blockintql-1.0.0/blockintql.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+blockintql = blockintql.cli:main

blockintql-1.0.0/blockintql.egg-info/requires.txt

@@ -0,0 +1,3 @@
+click>=8.0.0
+httpx>=0.27.0
+rich>=13.0.0

blockintql-1.0.0/blockintql.egg-info/top_level.txt

@@ -0,0 +1 @@
+blockintql

blockintql-1.0.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

blockintql-1.0.0/setup.py

@@ -0,0 +1,32 @@
+from setuptools import setup, find_packages
+
+setup(
+    name="blockintql",
+    version="1.0.0",
+    description="BlockINTQL — Sovereign Blockchain Intelligence CLI",
+    long_description=open("README.md").read(),
+    long_description_content_type="text/markdown",
+    author="Block6IQ",
+    author_email="joe@block6iq.com",
+    url="https://blockintql.com",
+    packages=find_packages(),
+    install_requires=[
+        "click>=8.0.0",
+        "httpx>=0.27.0",
+        "rich>=13.0.0",
+    ],
+    entry_points={
+        "console_scripts": [
+            "blockintql=blockintql.cli:main",
+        ],
+    },
+    python_requires=">=3.8",
+    classifiers=[
+        "Development Status :: 4 - Beta",
+        "Intended Audience :: Developers",
+        "Topic :: Security",
+        "License :: OSI Approved :: MIT License",
+        "Programming Language :: Python :: 3",
+    ],
+    keywords="blockchain bitcoin ethereum forensics compliance aml kyc intelligence agents",
+)