agentkeys: §10.2 agent-initiated pairing (method A) — flip from master-issued link codes#159
Merged
Merged
Conversation
Flip the agent bootstrap from master-initiated (link code) to agent- initiated (the agent shows a code, the master claims it — the Matter/ HomeKit IoT model). Replaces #149's master-mint front-half; reuses the on-chain bind + scope tail unchanged. Broker: - NEW storage/pairing_requests.rs — unbound, agent-created request pool (issue/claim/poll/pending_bindings/mark_bound/purge). J1 is NOT stored at rest; minted fresh at poll time on a re-proved pop_sig. - NEW handlers/agent/request.rs (agent, pop_sig-gated) — open an unbound request, return {request_id (secret), pairing_code (display)}. - NEW handlers/agent/claim.rs (master, J1-gated) — claim by code, derive O_agent=HDKD(O_master,//label), record pending binding. - NEW handlers/agent/poll.rs (agent, pop_sig-gated) — once claimed, mint + return J1_agent. - REMOVE handlers/agent/{create,redeem}.rs + storage/link_codes.rs. - Rename link_code_store -> pairing_request_store across state/boot/main. - Rewire routes: /v1/agent/pairing/{request,claim,poll}; keep pending-bindings + /ack (now keyed by request_id). Tests: 14 store unit tests + agent_bootstrap_flow rewritten for the request->claim->poll flow (5 cases incl. cross-device/bad-pop_sig poll rejection). clippy --all-features --all-targets -D warnings clean. Unbind/factory-reset re-pair deferred -> #156; on-chain self-revoke -> #155.
…ost smoke Flip the client + wire harness to agent-initiated pairing (issue #144, method A), matching the broker request/claim/poll endpoints. Daemon (--init-link-code → two one-shots mirroring the two endpoints): - --request-pairing: in-sandbox K10 keygen → POST /v1/agent/pairing/request → print {request_id, pairing_code, …}; persist a 0600 state file so --retrieve-pairing can resolve request_id (--request-id overrides). - --retrieve-pairing: poll /v1/agent/pairing/poll until claimed (bounded by --init-poll-timeout-seconds), mint+persist J1_agent (0600), emit artifact. CLI: agent create → agent claim --pairing-code <code> --label … --services … (POST /v1/agent/pairing/claim). agent pending unchanged (rows now keyed by request_id). Harness phase1-wire-demo.sh Phase P inverts: P.0 agent --request-pairing (shows code) → P.1 master agent claim → P.1b agent --retrieve-pairing (J1) → P.1c pending → P.2 bind + ack-by-request_id → P.3 grant. P.depair unchanged. 404 trap + route names updated. setup-broker-host.sh (runbook-fix-fold-back): nm symbol grep → pairing_{request,claim,poll}|pending_bindings; route smoke → no-bearer POST /v1/agent/pairing/claim must be 401 not 404. cli+daemon: clippy --all-targets -D warnings clean, fmt clean, tests pass (38/38 single-threaded; the 1 parallel-suite failure is a pre-existing k11 enroll test race on a shared HOME path, unrelated). bash -n both scripts OK.
…ooks) Reconcile every doc + code-comment surface with the agent-initiated pairing flip (issue #144, method A). arch.md (single source of truth): - §10.2 ceremony fully rewritten for method A (agent requests → master claims → agent retrieves), incl. the IoT/Sybil-safety rationale + the deferred unbind notes (#155/#156). - §6.2 route list: /v1/agent/pairing/{request,claim,poll} replace create + link-code/redeem; pending-bindings ack now by request_id. - §10.4 re-bootstrap inverted; §5 agent_omni row, §10.6 threat row, trust-boundary + actor-role tables, CLI inventory → pairing terms. Solidity link_code_redemption calldata param kept (contract unchanged). operator-runbook-wire.md: Phase P walkthrough (P.0 request → P.1 claim → P.1b retrieve → P.1c pending → P.2 bind+ack → P.3 grant), 404 trap + route checks, troubleshooting rows. v2-stage1-migration-and-demo.md §7: rewritten for method A (also fixes pre-existing drift — the master, not the broker, submits registerAgentDevice). issue-144 plan: superseded-front-half banner → method-A doc. issue-74 ephemeral-rebootstrap paragraph corrected. Code doc-comments (mcp-server config, core actor_omni, cli device_session) → pairing terms. fmt + clippy --all-targets -D warnings clean on the 3 comment-edited crates.
…owing untracked files)
The --ref deploy path ran a plain `git checkout $PULL_REF`, which ABORTS
when an untracked working-tree file shadows a file the target ref tracks
("untracked working tree files would be overwritten by checkout" — hit on
the broker host when switching to a branch that tracks docs/wiki/*.md the
prior branch did not). The broker host is a deploy target, not a dev
checkout: -f overwrites the colliding files with the tracked version +
discards local edits to TRACKED files, while LEAVING unrelated untracked
files (env, keys, certs — all gitignored) intact. Folds the fix back into
the deploy runbook so the next operator does not hit the same abort.
hanwencheng
added a commit
that referenced
this pull request
Jun 1, 2026
…al memory After merging #159 (§10.2 agent-initiated pairing, method A — which resolves pushback #1 upstream), wire the two genuinely-real pieces the user asked for. Plan + status: docs/plan/web-flow/issue-9step-flow.md. Daemon (ui_bridge.rs) — master memory, real + idempotent: - ApiMemoryEntry + master_memory store; content_hash = sha256(ns ‖ key ‖ body). - GET /v1/master/memory — list (sorted by ns/key). - POST /v1/master/memory/plant — idempotent: dedup by content_hash → {planted, skipped, total}; emits a memory.write audit row when something lands. - dev_seed extended with master_memory (seeds the "already has memory" path). - 3 new unit tests (empty / plant→replant-dedup / changed-body-adds-entry); 23 ui_bridge tests pass. Adds sha2 dep. Client seam (lib/client) — new MasterMemoryEntry/PlantResult + listMasterMemory() + plantMemory(): DaemonBackend hits the real endpoints; EmptyBackend stays disconnected (offline → seed fallback in the UI). UI: - OnboardingScreen (ceremony.tsx): real navigator.credentials.create() via the client (/v1/k11/enroll/{begin,finish}, PR-B) when a daemon is configured — shows a "K11 enrolled · real WebAuthn" chip; narrated fallback offline. No longer a pure setTimeout fake. - MemoryPage wiring (App.tsx): auto-detect existing memory on load (listMasterMemory → hides the plant button); plant calls plantMemory (server dedups) then re-lists; seed fallback when disconnected. The dedup guard is now enforced both client-side AND server-side. - pairing.tsx copy aligned to method A (agent shows a code → master claims it), matching #159. Functional claim-input + daemon pairing-proxy is the next step (needs the broker reachable). Pushback status: #1 resolved by #159; #2 implemented here; #3 (audit decode) remains a mock tracked in #153 (per the user's "just 2" scope). Verified: cargo test -p agentkeys-daemon ui_bridge — 23/23 · npx tsc --noEmit clean · npm run build ok (21.2 kB route) · dev smoke renders onboarding, no runtime errors.
hanwencheng
added a commit
that referenced
this pull request
Jun 1, 2026
* m1: parent-control web UI (closes #110) Next.js 14 app under apps/parent-control/ implementing the Phase 1 mobile-responsive parent dashboard for the M1 demo. Six pages, iii.dev-styled (IBM Plex Mono + Serif, cream/ink palette, hairline rules, per-section accent hues): - actors — HDKD tree + devices/agents table + stats strip - actor detail — per-namespace scope toggles (deny/read/read+write), payment-cap inputs, live cap-tokens with per-cap revoke - audit feed — SSE-simulated stream filterable by worker - anchor status — countdown to next tier-2 batch + recent Merkle roots - workers — five worker cards (memory/credentials/audit/email/payment) with per-actor usage share + trust profile - logo — six Bedlington Terrier variants for brand exploration Demo Act 3 path is wired end-to-end: revoke device → K11 WebAuthn modal with intent context (per arch.md §10.1) and mock Touch ID scan → on confirm, actor flips to revoked status and a device.revoked event appears at the top of the audit feed within ~200ms. Stack matches issue #110: Next.js + thin client (no backend in this project). Mock data is inlined for M1; M2 wires to the broker session JWT + audit-service SSE feed (per #109). Port 3113 aligns with arch.md §22c.1 (canonical web-UI surface). When this UI is later folded into agentkeys daemon's `web` subcommand, the URL stays identical. Source: design handoff from claude.ai/design — port preserves visuals 1:1 while splitting the single-file React+Babel prototype into typed TSX modules (types/data/shared/pages/workers/logos/App). * parent-control: extract mocks, empty states, coverage scaffold (PR-A) Foundation for issue #110 follow-up. Removes all inline mock data from the parent-control UI and introduces a single AgentKeysClient interface that every read + write call now flows through. Adds cargo-llvm-cov to CI as a non-blocking artifact (threshold gating arrives in PR-C). # What changed apps/parent-control/lib/client/types.ts AgentKeysClient interface: listActors, getActor, listCapTokens, listRecentAuditEvents, streamAudit, listWorkers, getWorker, getAnchorStatus, updateScope, updatePaymentCap, revokeDevice, revokeCap, enrollK11Begin, enrollK11Finish. Discriminated Result<T> forces every consumer to handle the disconnected variant explicitly. apps/parent-control/lib/client/empty.ts EmptyBackend — default implementation. Every method returns { ok: false, status: { kind: 'disconnected', reason: 'no-backend-configured' } }. No mock data. Operator sees explicit empty states. apps/parent-control/lib/client/index.ts selectBackend() factory. Reads NEXT_PUBLIC_AGENTKEYS_BACKEND; defaults to 'empty'. 'daemon' falls back with a console warning until DaemonBackend lands in PR-C. apps/parent-control/lib/ClientProvider.tsx React context + useClient() / useConnectionStatus() hooks. Wraps the whole app in app/layout.tsx. apps/parent-control/lib/constants.ts NAMESPACES, CHIP_STYLES (config, not mock data). apps/parent-control/app/_components/data.ts DELETED. Was the home of INITIAL_ACTORS, INITIAL_EVENTS, SIM_EVENTS. apps/parent-control/app/_components/App.tsx Rewritten to fetch via useClient() on mount. Subscribes to client.streamAudit. Revoke flows now call client.revokeDevice + client.revokeCap; scope/payment updates call client.updateScope + client.updatePaymentCap with optimistic rollback on rejection. New sidebar section 'onboarding' with two stub pages (full wizard + WebAuthn ceremony land in PR-B). apps/parent-control/app/_components/pages.tsx apps/parent-control/app/_components/workers.tsx Empty-state rendering everywhere a list was previously inlined. ActorsPage, AuditPage take ConnectionStatus prop; WorkersPage owns its own fetch via useClient(). Every empty state explains what daemon endpoint will populate it. apps/parent-control/app/_components/shared.tsx Adds <EmptyState status={...}> component used by every list page. .github/workflows/coverage.yml cargo-llvm-cov via taiki-e/install-action. Runs on every PR that touches crates/**, generates lcov + html, attaches both as artifacts, prints summary to job summary. Non-blocking. Threshold gating lands in PR-C. # Verified - npm run typecheck — clean - npm run build — 4 static pages, 16.5 kB route, 104 kB First Load JS - npm run dev — HTTP 200, empty state renders 'no actors enrolled' + 'No daemon backend configured.' + harness hint; no 'Sara' / 'FoloToy' / mock data in the SSR HTML. # What did NOT land (intentional, per PR-A scope) - DaemonBackend implementation (PR-C) - Real WebAuthn ceremony (PR-B) - Coverage threshold gate (PR-C) - Harness v2-stage1 onboarding wizard (PR-B) - Daemon HTTP endpoints for actors/audit/anchor/workers (PR-C) * parent-control: real WebAuthn onboarding wizard (PR-B) Issue #110 follow-up. Replaces the simulated 'Touch ID scan' modal with a real browser-driven K11 WebAuthn ceremony backed by a new daemon mode and HTTP surface. # Daemon — new ui-bridge mode crates/agentkeys-daemon/src/ui_bridge.rs (new) Dedicated HTTP surface for the parent-control web UI. Binds 127.0.0.1:3114 by default, CORS-allows http://localhost:3113. Routes: GET /healthz POST /v1/k11/enroll/begin → returns PublicKeyCredentialCreationOptions POST /v1/k11/enroll/finish → verifies attestation with webauthn-rs, returns credentialId + chain stub State is in-memory (pending HashMap keyed by user_id). On-chain SidecarRegistry.register_master_device() submission stubbed for M1 (chain_tx_hash returns null); lands in PR-C. crates/agentkeys-daemon/src/main.rs New --ui-bridge mode + 4 args (--ui-bridge-bind / --ui-bridge-origin / --ui-bridge-rp-id / --ui-bridge-rp-name). Independent of --proxy and --master-companion. crates/agentkeys-daemon/Cargo.toml Adds webauthn-rs 0.5, tower-http 0.5 (cors feature), url 2. # Daemon — unit tests (cargo llvm-cov visible) crates/agentkeys-daemon/src/ui_bridge.rs::tests (6 tests, all green) - begin_returns_user_id_and_creation_options - begin_rejects_empty_username - finish_with_unknown_user_id_returns_no_pending - finish_with_malformed_credential_returns_malformed - replay_after_consume_returns_no_pending (verifies pending entry is only consumed once the credential parses; parse-stage failure leaves pending intact so the user can retry) - healthz_returns_ok Run: cargo test -p agentkeys-daemon --bin agentkeys-daemon ui_bridge # UI — DaemonBackend apps/parent-control/lib/client/daemon.ts (new) DaemonBackend implements AgentKeysClient. status() pings /healthz. enrollK11Begin / enrollK11Finish wire to the new daemon endpoints. All other methods return a 'not yet wired' disconnected variant until PR-C lands the read endpoints (actors, audit-SSE, anchor, workers). apps/parent-control/lib/client/index.ts selectBackend() now actually constructs DaemonBackend when NEXT_PUBLIC_AGENTKEYS_BACKEND=daemon. # UI — real browser WebAuthn apps/parent-control/lib/webauthn.ts (new) Helpers: base64url encode/decode, jsonToCreationOptions (server options → navigator.credentials.create() args), credentialToFinishPayload (PublicKeyCredential → daemon /finish JSON), webauthnAvailable + platformAuthenticatorAvailable feature detection. apps/parent-control/app/_components/onboarding.tsx (new) Onboarding wizard mirroring harness/v2-stage1-demo.sh as 8 numbered steps. Step 3 (K11 WebAuthn) is LIVE — clicks 'run' invoke real navigator.credentials.create() via daemon /v1/k11/enroll/begin and ship the attestation to /v1/k11/enroll/finish. Other 7 steps are honestly labeled 'stubbed; lands in PR-C'. apps/parent-control/app/_components/App.tsx Routes /onboarding to the live OnboardingPage (replaces the PR-A stub list). # To exercise the real ceremony $ cargo run -p agentkeys-daemon -- --ui-bridge & $ cd apps/parent-control $ echo 'NEXT_PUBLIC_AGENTKEYS_BACKEND=daemon' > .env.local $ npm run dev # open http://localhost:3113 → 'add device' → step 3 'run' # browser triggers Touch ID / Windows Hello / passkey UI for real # Verified - cargo build -p agentkeys-daemon — clean - cargo test -p agentkeys-daemon --bin agentkeys-daemon ui_bridge — 6/6 green - npx tsc --noEmit — clean - npm run build — 4 static pages, 19.4 kB route, 107 kB First Load # What did NOT land (intentional, per PR-B scope) - Daemon read endpoints (/v1/actors, /v1/audit/stream, etc.) → PR-C - Identity ceremony, K10 gen, SIWE, STS, provision, chain bring-up, on-chain register-master-device wiring → PR-C - Coverage threshold gate (blocking) → PR-C * parent-control: full daemon read/write surface + harness mirror (PR-C) Issue #110 follow-up. Wires the parent-control UI to a real daemon backend end-to-end: read endpoints for actors / audit-SSE / anchor / workers, write endpoints for scope / payment-cap / device-revoke / cap-revoke, and a harness page mirroring the v2-stage2 + v2-stage3 shell scripts. # Daemon — ui-bridge expansion crates/agentkeys-daemon/src/ui_bridge.rs New ApiActor / ApiAuditEvent / ApiCapToken / ApiWorker / ApiAnchorStatus serializable types. New state: actors HashMap, caps HashMap, audit VecDeque (ring buffer, AUDIT_BUFFER_CAP=200), audit_tx broadcast::Sender for SSE, workers HashMap, anchor RwLock. New routes: GET /v1/actors list_actors (sorted master-first) GET /v1/actors/:id get_actor GET /v1/actors/:id/caps list_caps POST /v1/actors/:id/scope update_scope + audit emit POST /v1/actors/:id/payment-cap update_payment_cap + audit emit POST /v1/actors/:id/revoke revoke_device + audit emit + cap clear POST /v1/actors/:id/caps/revoke revoke_cap + audit emit GET /v1/audit/recent?actor_id&limit list_recent_audit (filterable) GET /v1/audit/stream audit_stream (SSE via tokio broadcast) GET /v1/anchor/status anchor_status (dynamic next_anchor_in) GET /v1/workers list_workers GET /v1/workers/:id get_worker POST /v1/dev/seed dev_seed (operator-only data injection) POST /v1/dev/event dev_emit_event (manual audit emit) push_audit() helper ring-buffers + broadcasts in one place. crates/agentkeys-daemon/Cargo.toml Adds futures-util 0.3 + tokio-stream 0.1 (sync feature) for SSE stream wrapping of the broadcast receiver. # Daemon — tests (20 total, all green; previous 6 plus 14 new) list_actors_returns_empty_when_nothing_registered list_actors_returns_master_first get_actor_unknown_returns_404 get_actor_known_returns_payload update_scope_writes_and_emits_audit update_scope_unknown_actor_404 update_payment_cap_writes_and_emits_audit revoke_device_flips_status_and_clears_caps revoke_cap_removes_only_matching_cap_and_emits_audit dev_seed_populates_all_collections list_workers_empty_by_default get_worker_unknown_returns_404 audit_buffer_caps_at_buffer_cap audit_stream_subscribes_before_emit_and_receives Run: cargo test -p agentkeys-daemon --bin agentkeys-daemon ui_bridge # UI — DaemonBackend full wiring apps/parent-control/lib/client/daemon.ts Every AgentKeysClient method now hits a real daemon endpoint: listActors, getActor (404 → null), listCapTokens, listRecentAuditEvents, streamAudit (EventSource on /v1/audit/stream listening for 'audit' events), listWorkers, getWorker, getAnchorStatus, updateScope, updatePaymentCap, revokeDevice, revokeCap, enrollK11Begin, enrollK11Finish. Wire-type translation (snake_case daemon JSON ↔ camelCase UI types) lives in apiToActor / apiToAuditEvent / apiToWorker helpers. normalizeStatus + normalizeChip clamp daemon strings to the UI's StatusKind + ChipKind unions. # UI — harness mirror apps/parent-control/app/_components/harness.tsx (new) New /harness route. Lists every step of v2-stage2-demo.sh (8 steps) and v2-stage3-demo.sh (15 steps) with file:line source pointers and the invariant each step protects (when applicable). Includes the operator runbook (`AGENTKEYS_CHAIN=heima bash harness/v2-stage{1,2,3}-demo.sh`). apps/parent-control/app/_components/App.tsx Sidebar gains 'stage 2 + 3' under 'onboarding'. Routes /harness to HarnessPage. Adds 'harness' to the data-section accent set. # CI — coverage gate now blocking .github/workflows/coverage.yml Removes continue-on-error: true. Adds `cargo llvm-cov report --workspace --fail-under-lines 60`. 60% is a conservative floor — the new ui_bridge.rs module is well above it (20 unit tests covering every handler) so it carries the workspace. Bump in follow-up PRs as other crates' coverage catches up. # Verified - cargo build -p agentkeys-daemon — clean - cargo test -p agentkeys-daemon ui_bridge — 20/20 green - npx tsc --noEmit (apps/parent-control) — clean - npm run build — 4 static pages, 19.6 kB route, 110 kB First Load # To exercise end-to-end $ cargo run -p agentkeys-daemon -- --ui-bridge & $ curl -X POST http://localhost:3114/v1/dev/seed \ -d @docs/dev-fixtures/parent-control-seed.json # (operator can author) $ cd apps/parent-control $ echo 'NEXT_PUBLIC_AGENTKEYS_BACKEND=daemon' > .env.local $ npm run dev # browse http://localhost:3113 — actors, audit-stream, revoke flows # are all live; no mock data anywhere in the codebase # What did NOT land (called out explicitly per CLAUDE.md plan-completion-policy) - Daemon-side wiring of stage-2 + stage-3 harness steps into a live status feed (clickable 'run' per step) — the harness page is a read-only mirror today. Live execution from the UI is a follow-up. - On-chain SidecarRegistry.register_master_device() submission from the K11 enroll/finish handler — still stubbed (chain_tx_hash=null). - Mobile-device cross-device WebAuthn (M5). - Coverage threshold above 60% — bump once non-daemon crates add tests. * plan: docs/plan/web-flow — parent-control operator user flow (Phase 1) Plan-only commit. No implementation. Maps every harness v2-stage{1,2,3} step into a natural operator user flow with real inputs, and locks the Phase 1 scope to overview-Act-1 steps 1–7 (identity → cloud → chain master register). Everything past step 7 is in an explicit TODO list. # What's here docs/plan/web-flow/README.md Index + how to read. docs/plan/web-flow/overview.md End-to-end narrative · 4-screen Phase 1 state machine sketch · Phase 1 endpoint inventory (12 new + 3 shipped) · TODO list for deferred work. docs/plan/web-flow/stage1-first-run.md Harness v2-stage1 steps 6–11 → 4 UI screens A–D. Includes "Part B" on screen C: master vault + memory listings (per user feedback — the operator's own slice of the cloud is visible immediately after provisioning succeeds, separate from any agent inbox). Screens E, F (first agent, done) explicitly deferred to Phase 2. docs/plan/web-flow/stage2-second-master.md Harness v2-stage2 → 6 screens G–L (pair, companion enroll, confirm, quorum, recovery drill, done). Entire stage marked deferred (Phase 3). docs/plan/web-flow/stage3-agent-usage.md Agent bootstrap paths · live ops dashboard · on-demand isolation health check (16-step v2-stage3 against operator's real cloud). Entire stage marked deferred. docs/plan/web-flow/input-discipline.md Real / Derived / Auto-generated triage. §1 resolves the operator-login-email vs agent-inbox-sub-address distinction explicitly (operator types sara@example.com; agent inbox is derived agent-folotoy@bots.litentry.org, system-derived, never operator-typed; email-service worker per arch.md §15.4 routes the agent's mail without touching the operator's inbox). docs/plan/web-flow/data-model.md Daemon HTTP contract. Every endpoint tagged shipped / Phase 1 / deferred. Phase 1 surface is exactly 12 new endpoints + 3 shipped; everything else is called out as deferred to Phase 2 or Phase 3. docs/plan/web-flow/deferred-and-followups.md What stays shell-only · operator-power-user escape hatches · 6 open questions for review (Q3 cross-browser passkey is the only one that blocks Phase 1) · 7-phase implementation sequencing (~9 days estimated). docs/plan/README.md Adds an "Active plans" section pointing at agentkeys-memory-design and web-flow/. # Phase 1 endpoint inventory (the only new endpoints to build) GET /v1/onboarding/state — umbrella state machine POST /v1/auth/email/start — broker-proxy: email magic link POST /v1/auth/email/verify — broker-proxy: magic-token verify GET /v1/auth/email/status — polled by the original tab POST /v1/onboarding/cloud/provision — dispatches 6 existing scripts GET /v1/onboarding/cloud/stream (SSE) — per-script progress POST /v1/onboarding/cloud/smoke — envelope round-trip GET /v1/master/credentials — metadata listing (no plaintext) GET /v1/master/memory — metadata listing (no plaintext) POST /v1/onboarding/chain/deploy — 4 contracts: deploy or detect POST /v1/onboarding/chain/register-master — register_master_device POST /v1/k11/assert/begin — uniform K11 mutation pattern POST /v1/k11/assert/finish Three shipped endpoints (PR-B) used by Phase 1 without changes: GET /healthz POST /v1/k11/enroll/{begin,finish} # Ready for review Verify: - stage docs match the harness scripts (spot-check any step against harness/v2-stage1-demo.sh's `# ─── Step N` headers). - the email distinction in input-discipline.md §1 is correct (arch.md §15.4 email worker routes the agent's mail). - the data-model.md daemon contract doesn't require rewriting any PR-C endpoint — only net-new endpoints + tagging existing ones. * parent-control: scripts/dev.sh — single-terminal dev stack Runs agentkeys-daemon --ui-bridge + Next.js dev server in one terminal with color-prefixed multiplexed logs. Replaces the manual two-terminal setup ("start the daemon in tab A, npm run dev in tab B, env-var the backend kind by hand") with one command. # What it does apps/parent-control/scripts/dev.sh - Bash 3.2 compatible (macOS default /bin/bash). - Kills stale processes on UI_PORT (3113) + DAEMON_PORT (3114). - Auto-rebuilds agentkeys-daemon iff any .rs source is newer than the debug binary (cargo build -p agentkeys-daemon). - Starts the daemon in --ui-bridge mode, streams its stdout/stderr through a magenta [daemon] prefix. - Waits up to 5s for GET /healthz before launching the UI; fails fast with a clear error if the daemon dies during startup. - Pre-sets NEXT_PUBLIC_AGENTKEYS_BACKEND=daemon + NEXT_PUBLIC_AGENTKEYS_DAEMON_URL=http://127.0.0.1:3114 for the Next.js child so the UI talks to the real daemon out of the box. - Starts npx next dev, streams its output through a cyan [ui] prefix. - Polls both PIDs; when either exits, sends SIGTERM to the other. Ctrl-C cleanly tears down both via a single trap. - All script-side status lines wear a bold-yellow [dev] prefix. apps/parent-control/package.json Adds `npm run dev:stack` → `bash scripts/dev.sh`. The plain `npm run dev` remains the UI-only EmptyBackend path. apps/parent-control/README.md New "dev:stack" subsection documenting the color scheme, what the script does, and the env overrides (UI_PORT, DAEMON_PORT, etc.). # Verified $ UI_PORT=3115 DAEMON_PORT=3116 bash apps/parent-control/scripts/dev.sh [dev] starting daemon on http://127.0.0.1:3116 (rp_id=localhost) [daemon] ui-bridge serving bind=127.0.0.1:3116 origin=http://localhost:3115 [dev] daemon ready. [dev] starting Next.js dev server on http://localhost:3115 [ui] ▲ Next.js 14.2.34 [ui] ✓ Ready in 1498ms [ui] GET / 200 in 1118ms ← HTML title: "agentKeys · parent control" curl http://127.0.0.1:3116/healthz → {"ok":true,"surface":"ui-bridge"} Ctrl-C tears both down. Re-run on stale port detects + kills the previous run's leftovers automatically. # Compatibility note Initial draft used `wait -n` which requires bash 4.3+; macOS ships bash 3.2 by default. Replaced with a `kill -0` polling loop so the script runs on `/bin/bash` everywhere. * dev.sh: move single-terminal dev stack to repo root Previously at apps/parent-control/scripts/dev.sh; now at the repo root so the entry point is one path away on a fresh clone. Invocation: bash dev.sh # from the repo root ./dev.sh # from the repo root, same cd apps/parent-control && npm run dev:stack # via npm wrapper apps/parent-control/package.json dev:stack now calls `bash ../../dev.sh`. apps/parent-control/README.md Updated to reference the new root location with all three invocation forms documented. dev.sh (moved + path fixes) REPO_ROOT now resolves from the script's own dirname (which is the repo root). APP_DIR = "$REPO_ROOT/apps/parent-control". Added a preflight check that fails fast with a clear error if the script is copied somewhere that isn't the agentkeys repo root. Verified: $ UI_PORT=3115 DAEMON_PORT=3116 bash dev.sh [dev] starting daemon on http://127.0.0.1:3116 [daemon] ui-bridge serving bind=127.0.0.1:3116 [dev] daemon ready. [ui] ✓ Ready in 1526ms curl http://127.0.0.1:3116/healthz → {"ok":true,"surface":"ui-bridge"} curl http://localhost:3115/ → 200, <title>agentKeys · parent control</title> * dev.sh: harden free_port, add agentkeys-mcp-server to the stack Two changes addressing direct operator feedback. # 1. Harden free_port — fix "Address already in use" after kill Before: free_port sent a single SIGTERM and slept 0.4 s — fast enough to race the kernel's port release, especially when a previous dev.sh run's children were still in TIME_WAIT or hadn't actually shut down. A second dev.sh would crash on: [daemon] Error: ui-bridge: bind TCP 127.0.0.1:3114 [daemon] Caused by: Address already in use (os error 48) After: free_port now does graceful → forceful → verify: 1. Send SIGTERM. 2. Poll up to 3 s waiting for the pid to exit (`kill -0`). 3. If still alive, send SIGKILL. 4. Re-check the port with lsof; abort the script with a clear error if it's still occupied (so the operator can investigate manually rather than hit the same cryptic bind error). # 2. Bring up agentkeys-mcp-server as part of the stack A third process joins the dev stack, with its own line-prefix color: [daemon] magenta agentkeys-daemon --ui-bridge (port 3114) [mcp] green agentkeys-mcp-server (port 8088) [ui] cyan npx next dev (port 3113) [dev] yellow this script's own status lines Defaults: `--backend in-memory` (zero external dependencies — the MCP server auto-seeds the three-act demo fixtures per crates/agentkeys-mcp-server/README.md). `--listen 127.0.0.1:8088`. Overridable via MCP_PORT + MCP_BACKEND. The Next.js child also receives NEXT_PUBLIC_AGENTKEYS_MCP_URL so the UI can call the MCP server once the stage-3 §1 agent-bootstrap flow lands (Phase 2 — see docs/plan/web-flow/stage3-agent-usage.md). # Refactored - build_daemon_if_needed → generic build_if_needed taking a binary path + cargo package name + watched crate dirs. Reused for both the daemon and the mcp-server. - cleanup() now iterates over all three pids. - the "wait for either to exit" poll loop now watches all three. # Verified $ UI_PORT=3115 DAEMON_PORT=3116 MCP_PORT=8089 bash dev.sh [dev] building agentkeys-mcp-server (debug)... [dev] starting daemon on http://127.0.0.1:3116 [daemon] ui-bridge serving bind=127.0.0.1:3116 [dev] daemon ready. [dev] starting mcp-server on http://127.0.0.1:8089 (backend=in-memory) [mcp] agentkeys-mcp-server listening (HTTP) [dev] mcp-server ready. [dev] starting Next.js dev server on http://localhost:3115 [ui] Ready in 1.5 s curl http://127.0.0.1:3116/healthz → {"ok":true,"surface":"ui-bridge"} curl http://127.0.0.1:8089/ → 404 (server listening; bare / unmapped) curl http://localhost:3115/ → 200 * dev.sh: fix free_port multi-pid handling — make it truly idempotent Operator hit: [dev] port :3114 held by pid 57667 90638 — sending SIGTERM [dev] port :3114 is still occupied after SIGKILL — investigate manually [dev] lsof -i tcp:3114 The first line reveals the bug: `lsof -ti tcp:3114` returns ONE pid per line, but a process listening on both IPv4 and IPv6 (or with a shared child) shows up as TWO pids. The previous code captured the multiline string into one variable and then did: kill "$pid" # $pid == "57667\n90638" which is malformed. `kill` errors out silently (the `|| true` suppresses it), so nothing dies. The verification re-checks lsof, sees the pids still there, and aborts the script. Fix: free_port now iterates over each pid individually for both SIGTERM and SIGKILL. Added a second cleanup pass — if any new pid grabbed the port between the kill and the check (rare but possible during daemon restarts), the second pass kills it too. Only after the second pass fails does free_port abort. Verified: $ ./target/debug/agentkeys-daemon --ui-bridge ... & # plant squatter $ lsof -ti tcp:3114 57667 90638 # two pids — reproduces bug $ UI_PORT=3115 DAEMON_PORT=3114 bash dev.sh [dev] port :3114 held by pid 57667 — sending SIGTERM (pass 1) [dev] port :3114 held by pid 90638 — sending SIGTERM (pass 1) [daemon] ui-bridge serving bind=127.0.0.1:3114 [dev] all three processes running. Ctrl-C to stop. $ curl http://127.0.0.1:3114/healthz {"ok":true,"surface":"ui-bridge"} # new daemon, not the squatter The script is now idempotent against any number of stale processes holding the dev ports (3113, 3114, 8088 — or whatever the operator overrides via env). Re-running after a hard kill / lost terminal cleans up the prior run and starts fresh. * dev.sh: silent + clean shutdown — fix Ctrl-C hang, suppress noise Operator hit: ^C [dev] shutting down… ← trap fired, but then script hung (no further output, no prompt, ports still bound) Plus a cosmetic glitch: [dev] \033[2magentkeys-daemon binary is current — skipping build # Root causes + fixes ## 1. Literal "\033[2m" leaked into the build-skip line The printf format used %s for $C_DIM. %s prints the literal string; %b is what interprets backslash escapes. Single-quoted bash strings don't process \033, so $C_DIM stays as the 6-char literal until %b unfolds it. Fixed by reordering the format specifier. ## 2. Ctrl-C hung the script — process substitution kept fds open Previous attempt used `> >(prefix ...)` so $! would resolve to the real binary pid. That fixed pid tracking but introduced a subtler bug: process substitution opens an fd in the parent shell pointed at the reader's stdin. Even after the daemon binary exits, the script still holds that fd open, so the prefix reader never sees EOF, and `wait` blocks forever in cleanup. Fix: switch to named FIFOs in a per-run temp dir ($TMPDIR/agentkeys-dev-stack-$$/). For each process: prefix "$C_X" "x" < "$FIFO_X" & # reader, blocks on FIFO read PREFIX_X_PID=$! disown "$PREFIX_X_PID" "$X_BIN" ... > "$FIFO_X" 2>&1 & # writer; $! = real binary pid X_PID=$! disown "$X_PID" The script itself never opens the FIFO, so kill -> binary exit -> writer fd closes -> reader sees EOF -> reader exits. Clean. ## 3. "Terminated: 15" job-control noise When `wait` reaped the SIGTERM'd children, bash printed termination notices ("dev.sh: line 198: 34855 Terminated: 15 $DAEMON_BIN ..."). These appeared between [dev] shutting down… and [dev] stopped., muddying the operator's view of what happened. Fix: `disown` each backgrounded pid right after capture. Bash drops the job from its job table, so SIGCHLD reaping is silent. Replaced the cleanup's `wait` with a polling loop (`kill -0` in a tight loop) since `wait` doesn't accept disowned pids. ## 4. False "one of the children exited" warning after clean shutdown After cleanup() returned, control fell back to the polling-loop's post-condition where `warn` printed about an unexpected child exit — misleading after an operator-initiated shutdown. Fix: `exit 0` at the end of cleanup() so the script terminates immediately without re-entering the polling loop. ## 5. set +m Added `set +m` at the top to disable job-control monitor mode. With disown this is belt-and-braces, but it removes the last possible source of "[N]+ Done" / "[N]+ Terminated" announcements. # Verified $ bash dev.sh # then SIGTERM the script pid 1 s later ... [dev] all three processes running. Ctrl-C to stop. [ui] ✓ Starting... ^TERM [dev] shutting down… [dev] stopped. 'Terminated' hits in log: 0 'dev.sh: line' hits in log: 0 'one of the children' hits in log: 0 pids on :3113, :3114, :8088: empty after shutdown total shutdown duration: 1 second * plan(web-flow): redesign agent flow around #141 wire/hook model Merged origin/main (#140 IAM strategy reset + #141 agentkeys wire/hook + #137 audit-vector exporter + #138 CI hardening). The merge brought in the Authority-Host / Task-Host model, which obsoletes the prior agent-onboarding design (paste-a-pair-code into a remote sandbox). Redesigned the web-flow plan to match. What changed in the plan: - stage3-agent-usage.md — full rewrite. Agent onboarding is now pair (agentkeys agent device-session — key born in the runtime, never on the master) → wire (agentkeys wire installs 3 IAM-guarantee hooks the LLM can't bypass: pre_tool_call→check, post_tool_call→audit, pre_llm_call→memory-inject) → the three acts (permissioned memory / deterministic denial / audit) + the memory-aware surprise (deterministically backed by `hermes hooks test pre_llm_call`, not a chat reply). Adds the hook-aware live dashboard + guarantee-health panel. Preserves the 16-step isolation health check. - overview.md — new "two-host model" section up top (Authority Host vs Task Host; IAM tool vs IAM guarantee). Act-3 TODO reframed as "Phase 2 — the wire flow." Master onboarding (Phase 1) unchanged. - data-model.md — replaced the bootstrap/* endpoints with the pair/wire/observe surface: /v1/agents/pair/{init,bind,approve-scope}, /v1/agents/:id/{wire, unwire,verify/memory-inject,guarantee-health}, hook-tagged /v1/audit/stream. Notes the per-actor STS relay config + MCP port 18088. - input-discipline.md — §2.5: runtime choice + wire namespaces/payment-scope are Real inputs; the agent device key is born in the runtime (master never holds it); the runtime list reflects real adapter support, never faked. - README.md — redesign banner + updated source-of-truth + file-map row. - dev.sh — MCP_PORT default 8088 → 18088 (8088 collides with the sandbox gem-server, per #141); header comments aligned. Plan only — no implementation. Master-onboarding docs (stage1/stage2) untouched. * parent-control: implement the 9-step operator flow (Claude-design port) Ports the Claude Design "agentkeyweb" handoff into apps/parent-control as the primary, demoable operator experience. Maps 1:1 to the 9 user workflows. Plan + verification + pushback: docs/plan/web-flow/issue-9step-flow.md. Flow (workflow → component): 1. WebAuthn login + onboarding ceremony → ceremony.tsx (OnboardingScreen + CeremonyRunner) 2. Memory panel: plant preserved memory → memory.tsx (empty-state + plant ceremony, auto-detect existing, dedup guard — plant hidden + blocked once planted) 3-4. Agent connects + master notified → App bell + pairing request (post-#149: a pending binding) 5. Request detail (agent + permissions) → pairing.tsx request card 6-7. Accept + Touch ID + ceremony → WebAuthnModal → CeremonyRunner (PAIRING_STEPS) 8. Device view + permission view → pairing.tsx (device-grid) + permissions.tsx (mobile-style scoped PermissionList — replaces tables, the "won't scale" ask) 9. Audit + decodable Heima TXs → dashboard.tsx AuditFeed → EventDecodeModal (decodeCalldata mock; real decode tracked in #153) New files: - lib/demoData.ts seed actors/events + ONBOARDING_STEPS, PAIRING_STEPS, PRESERVED_MEMORY, INCOMING_PAIRING, CHAIN_PROFILE, VAULT_ITEMS, txHash, decodeCalldata (mock), ONCHAIN_KINDS - _components/ceremony.tsx CeremonyRunner (progress bar + live step log + tx hashes) + OnboardingScreen - _components/memory.tsx MemoryPage (plant / dedup / per-namespace listing) - _components/pairing.tsx PairingPage (request → accept → device/permission view toggle) - _components/permissions.tsx PermSeg/PermSwitch/PermissionList/PermissionView (mobile scoped) - _components/dashboard.tsx ActorsList, ActorDetail (editable PermissionList), AuditFeed Changed: - _components/App.tsx rewritten as the self-contained flow orchestrator: onboarding gate (localStorage), header bell + badge, memory/pairing/audit/chain routes, WebAuthn + pairing-ceremony + tx-decode + memory-view modals - _components/types.ts + CeremonyStep/PreservedMemory/PairingRequest/ChainProfile/ ContractInfo/RequestedPerm; Actor.justPaired; ChipKind +scope/device/k11; Route +memory/pairing/chain - lib/constants.ts CHIP_STYLES covers the new chip kinds - app/globals.css ceremony/onboard/empty-memory/pair-req/view-toggle/device-grid/ bell/tx-decode/mem-body/perm-* blocks (no rounded corners, hairline rules) Scope note: M1 visible flow is seed-data + local ceremony state (the prototype's model). Real-daemon wiring stays behind the lib/client seam and is Phase 2 — #149 endpoints (agent create / pending-bindings / bind / grant), onboarding + master-memory endpoints, and the #153 audit decoder. The old client-based pages (pages.tsx/workers.tsx/onboarding.tsx) remain on disk for that wiring; App no longer imports them. Verified: npx tsc --noEmit clean · npm run build ok (4 static pages, 20.1 kB route) · dev smoke serves the onboarding screen (HTTP 200, all markers present). * parent-control: implement pushback #2 — real onboarding WebAuthn + real memory After merging #159 (§10.2 agent-initiated pairing, method A — which resolves pushback #1 upstream), wire the two genuinely-real pieces the user asked for. Plan + status: docs/plan/web-flow/issue-9step-flow.md. Daemon (ui_bridge.rs) — master memory, real + idempotent: - ApiMemoryEntry + master_memory store; content_hash = sha256(ns ‖ key ‖ body). - GET /v1/master/memory — list (sorted by ns/key). - POST /v1/master/memory/plant — idempotent: dedup by content_hash → {planted, skipped, total}; emits a memory.write audit row when something lands. - dev_seed extended with master_memory (seeds the "already has memory" path). - 3 new unit tests (empty / plant→replant-dedup / changed-body-adds-entry); 23 ui_bridge tests pass. Adds sha2 dep. Client seam (lib/client) — new MasterMemoryEntry/PlantResult + listMasterMemory() + plantMemory(): DaemonBackend hits the real endpoints; EmptyBackend stays disconnected (offline → seed fallback in the UI). UI: - OnboardingScreen (ceremony.tsx): real navigator.credentials.create() via the client (/v1/k11/enroll/{begin,finish}, PR-B) when a daemon is configured — shows a "K11 enrolled · real WebAuthn" chip; narrated fallback offline. No longer a pure setTimeout fake. - MemoryPage wiring (App.tsx): auto-detect existing memory on load (listMasterMemory → hides the plant button); plant calls plantMemory (server dedups) then re-lists; seed fallback when disconnected. The dedup guard is now enforced both client-side AND server-side. - pairing.tsx copy aligned to method A (agent shows a code → master claims it), matching #159. Functional claim-input + daemon pairing-proxy is the next step (needs the broker reachable). Pushback status: #1 resolved by #159; #2 implemented here; #3 (audit decode) remains a mock tracked in #153 (per the user's "just 2" scope). Verified: cargo test -p agentkeys-daemon ui_bridge — 23/23 · npx tsc --noEmit clean · npm run build ok (21.2 kB route) · dev smoke renders onboarding, no runtime errors. * parent-control: remove all mock/seed data — client-drive every page + email-first §9 onboarding - demoData.ts: strip INITIAL_ACTORS / INITIAL_EVENTS / SIM_EVENTS / PRESERVED_MEMORY / INCOMING_PAIRING / VAULT_ITEMS / ONBOARDING_STEPS / MASTER_DEVICES. Keep ONLY the audit tx-decode mock (txHash / decodeCalldata / ONCHAIN_KINDS / contractFor, GH #153), PAIRING_STEPS narration, and CHAIN_PROFILE config (contract addresses now placeholder). - App.tsx: actors / events / memory load from the lib/client seam (listActors / listRecentAuditEvents / streamAudit / listMasterMemory). Drop the synthetic SSE tick, the 9s INCOMING_PAIRING timer, pushEvent echoes, and the hardcoded Hermes actor. Revoke routes through client.revokeDevice; the pairing ceremony re-fetches the actor tree. Header identity + connection status derive from real data (no Sara / iPhone / fake block / ttl). - dashboard / memory / permissions: render EmptyState when disconnected (the default EmptyBackend) and neutral empty copy when connected-but-empty. Vault items come via a prop (default []); the memory page is read-only (no fixture-plant button). - ceremony.tsx + types.ts: first-run is the arch.md §9 master-bootstrap ceremony — real email FIRST, then K10 keygen -> email verify -> K11 Touch ID bound MID-ceremony (CeremonyStep.action) -> wallet + SIWE -> register_master_device. There is no separate 'register' step. Verified: tsc --noEmit clean; next build clean (4/4 static pages). * parent-control: plant the PREPARED real memory archive (rework, not fixture) The memory plant button is reworked to import a PREPARED canonical archive through the real client seam (plantMemory -> daemon POST /v1/master/memory/plant, content-hash dedup) instead of the removed kevin.zhao display fixture. - lib/preparedMemory.ts (NEW): PREPARED_MEMORY = the documented demo dataset the rest of the system already uses — the 'Chengdu trip' the wire demo seeds (SEED_MEMORY_CONTENT) plus the per-namespace composition from docs/agent-iam-strategy.md §3.5 (travel / personal / family). Bytes computed from the body; sent without contentHash (the daemon computes + dedups server-side). - memory.tsx: plant button + ceremony return, gated to connected + empty. Disconnected -> EmptyState (no daemon to plant into). Has-memory -> read-only per-namespace list. - App.tsx: planting state + plantMemory/plantDone restored; plantDone calls client.plantMemory(PREPARED_MEMORY) -> re-lists from the daemon. On disconnected it toasts 'Connect a daemon to plant prepared memory' (no client-side faking). Verified: tsc --noEmit clean; next build clean (4/4 static pages). * parent-control: add log out button (header + sidebar) with full session reset - logout() clears the ak_onboarded localStorage flag and resets all in-memory view state (actors / events / memory / planting / pairing / modals / nav) so the next login starts clean, returning to the §9 email/onboarding screen. - Surfaced as a header 'log out' button next to the master identity, and the sidebar 'account' nav item (was the buried 'replay onboarding' partial reset) now calls the same handler. Verified: tsc --noEmit clean; next build clean (4/4 static pages). * parent-control: remove superseded/unused frontend code Drop dead component files left over from the 9-step-flow port (replaced by dashboard.tsx + ceremony.tsx, never imported by App.tsx — the sole entry is page.tsx → App): - app/_components/pages.tsx (→ dashboard.tsx) - app/_components/onboarding.tsx (→ ceremony.tsx OnboardingScreen) - app/_components/harness.tsx (unreferenced) - app/_components/workers.tsx (unreferenced) Cascade cleanup of symbols they were the only consumers of: - shared.tsx: remove TripleToggle (only used by pages.tsx) + AsciiRule (unused); drop now-unused ScopeBits import. - types.ts: remove SimEvent (only fed the deleted SIM_EVENTS) + Route (unused). Verified: tsc --noEmit clean; next build clean (4/4 static pages). * agentkeys-daemon: rustfmt ui_bridge.rs + main.rs (fix cargo fmt --check CI) The master-memory + ui-bridge test code (added earlier in this PR) was committed without rustfmt, failing the 'cargo fmt + clippy + test' required check on #136. cargo fmt --all is behavior-preserving (test bodies only); the companion 'test + clippy' job already passed on this commit. * ci(coverage): fix cargo-llvm-cov report invocation (drop --workspace/test-args) The non-blocking coverage job failed at the report step: error: --workspace is specific to [test,nextest,...] and not supported for subcommand 'report' A newer cargo-llvm-cov rejects --workspace (and trailing -- <test-args>) on the 'report' subcommand. Collect once with 'cargo llvm-cov --no-report --workspace', then emit lcov/html/summary + apply --fail-under-lines 60 via plain 'report' calls. Same artifacts + gate; one test pass instead of four. * agentkeys-daemon: fix 2 clippy lints in ui_bridge (clippy --all-targets -D warnings) The 'cargo fmt + clippy + test' job runs 'cargo clippy --workspace --all-targets -- -D warnings', which (unlike the other clippy job) lints test code and denies warnings. Two pre-existing lints only surfaced once the fmt fix let clippy run: - plant_master_memory: contains_key-then-insert → use the HashMap entry API (clippy::map_entry). Behavior-identical (vacant → insert+plant; occupied → skip). - a test: assert_eq!(..., true) → assert!(...) (clippy::bool_assert_comparison). Verified: cargo fmt --all --check clean; cargo clippy -p agentkeys-daemon --all-targets -- -D warnings clean; cargo test -p agentkeys-daemon passes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
Flips the §10.2 agent bootstrap from master-initiated (#149: the master mints a link code, the agent redeems it) to agent-initiated (method A: the agent shows a one-time pairing code, the master claims it). This is the Matter/HomeKit IoT model and the only structurally-correct one for a no-keyboard device — an AI companion in a box can show a QR/setup code but can't accept a master-minted code typed into it.
It stays Sybil-safe: the pairing request is unbound (names no master) and inert until a master deliberately claims the code — the master's claim is the sole binder, exactly as the master's mint was under #149. Reuses #149's on-chain bind + scope tail unchanged (the broker still never writes chain; the master submits
registerAgentDevice).Design doc:
docs/spec/plans/agent-initiated-pairing-method-a.md. Supersedes the front-half of #149 (banner added todocs/spec/plans/issue-144-hdkd-agent-bootstrap.md).What landed
Broker (
crates/agentkeys-broker-server)storage/pairing_requests.rs— unbound, agent-created request pool.J1_agentis not stored at rest; it's minted fresh at poll time on a re-provedpop_sig, so no bearer secret sits in SQLite and the JWT TTL starts at retrieval.handlers/agent/{request,claim,poll}.rs; removed{create,redeem}.rs+storage/link_codes.rs.POST /v1/agent/pairing/{request,claim,poll}replacecreate+link-code/redeem.pending-bindings+/ackkept (now keyed byrequest_id).link_code_store→pairing_request_storeacrossstate.rs/boot.rs/main.rs.Daemon (
crates/agentkeys-daemon/src/main.rs)--init-link-code→ two synchronous one-shots mirroring the two endpoints:--request-pairing(keygen in sandbox → open request → display code; writes a 0600 state file) and--retrieve-pairing(poll-until-claimed, bounded by--init-poll-timeout-seconds; mint + persistJ1_agent0600; emit binding artifact).CLI (
crates/agentkeys-cli)agent create→agent claim --pairing-code <code> --label … --services ….agent pendingunchanged.Harness (
harness/phase1-wire-demo.sh)--request-pairing(shows code) → P.1 masteragent claim→ P.1b agent--retrieve-pairing→ P.1c pending → P.2 bind + ack-by-request_id→ P.3 grant.P.depairunchanged.scripts/setup-broker-host.sh: updated both deploy smokes (nm symbol grep + the no-bearer-401 route probe →/v1/agent/pairing/claim).Docs —
arch.md§10.2 rewritten (+ §6.2 routes, §10.4, §5/§10.6 tables, trust boundaries, CLI inventory);operator-runbook-wire.mdPhase P walkthrough;v2-stage1-migration-and-demo.md§7 (also fixed pre-existing "broker submits register" drift). The Soliditylink_code_redemptioncalldata param is kept (contract unchanged).Out of scope (filed)
Verification
agent_bootstrap_flow, incl. cross-device / bad-pop_sig poll rejection).cargo fmt --all --checkclean;cargo clippy --workspace --all-targets --all-features -- -D warningsclean.bash -nonphase1-wire-demo.sh+setup-broker-host.sh.phase1-wire-demo.sh --real --webauthn(can't drive sandbox+broker locally) — that's the behavioral gate after deploy.Deploy note
The broker binary changed (new routes), so the broker host must be redeployed before the wire demo:
sudo bash scripts/setup-broker-host.sh --ref claude/agent-initiated-pairing(no AWS/setup-cloud.shchange — no infra touched).🤖 Generated with Claude Code