Skip to main content

write_agent_identity

Function write_agent_identity 

Source
pub async fn write_agent_identity(
    pod_root: &Path,
    pubkey_hex: &str,
    privkey_hex: Option<&str>,
) -> Result<AgentIdentityWritten, GitError>
Expand description

Write the canonical agent.did.json to pod_root and, when a secret key is supplied, run git config --local nostr.privkey <privkey_hex> in the pod repo.

pubkey_hex is the 32-byte BIP-340 x-only public key in lowercase hex (the canonical identity, I1). privkey_hex, when Some, is the matching 32-byte secret key in hex; it is stored ONLY in the repo-local git config (never written to agent.did.json, never committed).

The DID document is rendered by the canonical render_did_document — identical bytes to every other ecosystem emitter. agent.did.json is written to the repo root so it is a first-class, committable file (the deploy ritual: edit → validate → commit → git-mark → push).

§Errors

  • GitError::PathTraversal if pubkey_hex is not a valid 32-byte x-only hex pubkey (cannot render the canonical doc — refuse rather than emit a keyless / malformed document, mirroring the interop D-1 rule).
  • GitError::Io if the doc cannot be written to disk.

The git config nostr.privkey step is best-effort: a missing git binary or a non-repo pod_root is logged and reported as privkey_configured: false, never an error — identity provisioning must not be blocked by a transient git-config failure (the privkey can be re-set on the next provisioning pass).