{ "schemaVersion": "1.0", "item": { "slug": "archon-keymaster", "name": "Archon Keymaster", "source": "tencent", "type": "skill", "category": "通讯协作", "sourceUrl": "https://clawhub.ai/macterra/archon-keymaster", "canonicalUrl": "https://clawhub.ai/macterra/archon-keymaster", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/archon-keymaster", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=archon-keymaster", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "README.md", "SKILL.md", "scripts/aliases/add-alias.sh", "scripts/aliases/list-aliases.sh", "scripts/aliases/remove-alias.sh", "scripts/aliases/resolve-did.sh" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/archon-keymaster" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/archon-keymaster", "agentPageUrl": "https://openagent3.xyz/skills/archon-keymaster/agent", "manifestUrl": "https://openagent3.xyz/skills/archon-keymaster/agent.json", "briefUrl": "https://openagent3.xyz/skills/archon-keymaster/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Archon Keymaster - Core DID Toolkit", "body": "Core toolkit for Archon decentralized identities (DIDs). Manages identity lifecycle, encrypted communication, cryptographic operations, and authorization.\n\nRelated skills:\n\narchon-vault — Vault management and encrypted distributed backups\narchon-cashu — Cashu ecash with DID-locked tokens" }, { "title": "Capabilities", "body": "Identity Management - Create, manage multiple DIDs, recover from mnemonic\nVerifiable Credentials - Create schemas, issue/accept/revoke credentials\nEncrypted Messaging (Dmail) - Send/receive end-to-end encrypted messages between DIDs\nNostr Integration - Derive Nostr keypairs from your DID (same secp256k1 key)\nFile Encryption - Encrypt files for specific DIDs\nDigital Signatures - Sign and verify files with your DID\nDID Aliasing - Friendly names for DIDs (contacts, schemas, credentials)\nAuthorization - Challenge/response verification between DIDs\nGroups - Create and manage DID groups for access control and multi-party operations\nPolls - Cryptographic voting with transparent or secret ballots\nAssets - Store and retrieve content-addressed assets in the registry" }, { "title": "Prerequisites", "body": "Node.js installed (for npx @didcid/keymaster)\nEnvironment: ~/.archon.env with:\n\nARCHON_WALLET_PATH - path to your wallet file (required)\nARCHON_PASSPHRASE - wallet encryption passphrase (required)\nARCHON_GATEKEEPER_URL - gatekeeper endpoint (optional, defaults to public)\n\n\nAll created automatically by create-id.sh" }, { "title": "Security Notes", "body": "This skill handles cryptographic identity operations:\n\nPassphrase in environment: ARCHON_PASSPHRASE is stored in ~/.archon.env for non-interactive script execution. The file should be chmod 600.\n\n\nSensitive files accessed:\n\n~/.archon.wallet.json — encrypted wallet containing DID private keys\n~/.archon.env — wallet encryption passphrase\n\n\n\nNetwork: Data is encrypted before transmission to Archon gatekeeper/hyperswarm. Only intended recipients can decrypt.\n\n\nKey recovery: Your 12-word mnemonic is the master recovery key. Store it offline, never in digital form." }, { "title": "First-Time Setup", "body": "./scripts/identity/create-id.sh [wallet-path]\n\nCreates your first DID, generates passphrase, saves to ~/.archon.env.\n\nDefault wallet location: ~/.archon.wallet.json\nYou can specify a custom path: ./scripts/identity/create-id.sh ~/my-wallet.json\nWrite down your 12-word mnemonic - it's your master recovery key." }, { "title": "Load Environment", "body": "All scripts require ~/.archon.env to be configured. Simply run:\n\nsource ~/.archon.env\n\nThe environment file sets ARCHON_WALLET_PATH and ARCHON_PASSPHRASE. Scripts will error if these are not set." }, { "title": "Create Additional Identity", "body": "./scripts/identity/create-additional-id.sh \n\nCreate pseudonymous personas or role-separated identities (all share same mnemonic)." }, { "title": "List All DIDs", "body": "./scripts/identity/list-ids.sh" }, { "title": "Switch Active Identity", "body": "./scripts/identity/switch-id.sh " }, { "title": "Recovery", "body": "For disaster recovery and vault restore operations, see the archon-backup skill." }, { "title": "Verifiable Credential Schemas", "body": "Create and manage schemas for verifiable credentials." }, { "title": "Create Schema", "body": "./scripts/schemas/create-schema.sh \n\nCreate a credential schema from a JSON file.\n\nExample schema (proof-of-human.json):\n\n{\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$credentialContext\": [\n \"https://www.w3.org/ns/credentials/v2\",\n \"https://archetech.com/schemas/credentials/agent/v1\"\n ],\n \"$credentialType\": [\n \"VerifiableCredential\",\n \"AgentCredential\",\n \"ProofOfHumanCredential\"\n ],\n \"name\": \"proof-of-human\",\n \"description\": \"Verifies human status\",\n \"properties\": {\n \"credence\": {\n \"type\": \"number\",\n \"minimum\": 0,\n \"maximum\": 1,\n \"description\": \"Confidence level (0-1) that subject is human\"\n }\n },\n \"required\": [\"credence\"]\n}\n\n./scripts/schemas/create-schema.sh proof-of-human.json\n# Returns: did:cid:bagaaiera4yl4xi..." }, { "title": "List Your Schemas", "body": "./scripts/schemas/list-schemas.sh\n\nLists all schemas you own." }, { "title": "Get Schema", "body": "./scripts/schemas/get-schema.sh \n\nRetrieve schema definition by DID or alias." }, { "title": "Verifiable Credentials", "body": "Issue, accept, and manage verifiable credentials." }, { "title": "Issuing Credentials (3-step process)", "body": "1. Bind Credential to Subject\n\n./scripts/credentials/bind-credential.sh \n\nCreates a bound credential template file for the subject.\n\nExample:\n\n./scripts/credentials/bind-credential.sh proof-of-human-schema alice\n# Creates: bagaaierb...BOUND.json (subject DID without 'did:cid:' prefix)\n\n2. Fill in Credential Data\n\nEdit the .BOUND.json file and fill in the credentialSubject data:\n\n{\n \"credentialSubject\": {\n \"id\": \"did:cid:bagaaierb...\",\n \"credence\": 0.97\n }\n}\n\n3. Issue Credential\n\n./scripts/credentials/issue-credential.sh \n\nSigns and encrypts the credential. Returns the credential DID. The underlying @didcid/keymaster command may save output files - refer to Keymaster documentation for exact file output behavior.\n\nExample:\n\n./scripts/credentials/issue-credential.sh bagaaierb...BOUND.json\n# Returns credential DID: did:cid:bagaaierc..." }, { "title": "Accepting Credentials", "body": "./scripts/credentials/accept-credential.sh \n\nAccept and save a credential issued to you.\n\nExample:\n\n./scripts/credentials/accept-credential.sh did:cid:bagaaierc..." }, { "title": "Managing Credentials", "body": "List Your Credentials\n\n./scripts/credentials/list-credentials.sh\n\nLists all credentials you've received.\n\nList Issued Credentials\n\n./scripts/credentials/list-issued.sh\n\nLists all credentials you've issued to others.\n\nGet Credential\n\n./scripts/credentials/get-credential.sh \n\nRetrieve full credential details." }, { "title": "Publishing & Revoking", "body": "Publish Credential\n\n./scripts/credentials/publish-credential.sh \n\nAdd credential to your public DID manifest (makes it visible to others).\n\nRevoke Credential\n\n./scripts/credentials/revoke-credential.sh \n\nRevoke a credential you issued (invalidates it)." }, { "title": "Complete Example: Issuing Proof-of-Human", "body": "# 1. Create schema\n./scripts/schemas/create-schema.sh proof-of-human.json\n# Returns: did:cid:bagaaiera4yl4xi...\n\n# 2. Add alias for convenience\n./scripts/aliases/add-alias.sh proof-of-human-schema did:cid:bagaaiera4yl4xi...\n\n# 3. Bind credential to Alice\n./scripts/credentials/bind-credential.sh proof-of-human-schema alice\n# Creates: bagaaierb...BOUND.json (alice's DID without prefix)\n\n# 4. Edit file, set credence: 0.97\n\n# 5. Issue credential\n./scripts/credentials/issue-credential.sh bagaaierb...BOUND.json\n# Returns: did:cid:bagaaierc...\n\n# 6. Alice accepts it\n./scripts/credentials/accept-credential.sh did:cid:bagaaierc...\n\n# 7. Alice publishes to her manifest\n./scripts/credentials/publish-credential.sh did:cid:bagaaierc..." }, { "title": "Encrypted Messaging (Dmail)", "body": "End-to-end encrypted messages between DIDs with attachment support." }, { "title": "Send Message", "body": "./scripts/messaging/send.sh [cc-did...]\n\nExamples:\n\n./scripts/messaging/send.sh alice \"Meeting\" \"Let's sync tomorrow\"\n./scripts/messaging/send.sh did:cid:bag... \"Update\" \"Status report\" did:cid:bob..." }, { "title": "Check Inbox", "body": "./scripts/messaging/refresh.sh # Poll for new messages\n./scripts/messaging/list.sh # List inbox\n./scripts/messaging/list.sh unread # Filter unread" }, { "title": "Read Message", "body": "./scripts/messaging/read.sh " }, { "title": "Reply/Forward/Archive", "body": "./scripts/messaging/reply.sh \n./scripts/messaging/forward.sh [body]\n./scripts/messaging/archive.sh \n./scripts/messaging/delete.sh " }, { "title": "Attachments", "body": "./scripts/messaging/attach.sh \n./scripts/messaging/get-attachment.sh " }, { "title": "Nostr Integration", "body": "Derive Nostr identity from your DID - same secp256k1 key, two protocols." }, { "title": "Prerequisites", "body": "Install nak CLI:\n\ncurl -sSL https://raw.githubusercontent.com/fiatjaf/nak/master/install.sh | sh" }, { "title": "Derive Nostr Keys", "body": "./scripts/nostr/derive-nostr.sh\n\nOutputs nsec, npub, and hex pubkey (derived from m/44'/0'/0'/0/0)." }, { "title": "Save Keys", "body": "mkdir -p ~/.clawstr\necho \"nsec1...\" > ~/.clawstr/secret.key\nchmod 600 ~/.clawstr/secret.key" }, { "title": "Publish Nostr Profile", "body": "echo '{\n \"kind\": 0,\n \"content\": \"{\\\"name\\\":\\\"YourName\\\",\\\"about\\\":\\\"Your bio. DID: did:cid:...\\\"}\"\n}' | nak event --sec $(cat ~/.clawstr/secret.key) \\\n wss://relay.ditto.pub wss://relay.primal.net wss://relay.damus.io wss://nos.lol" }, { "title": "Update DID with Nostr Identity", "body": "npx @didcid/keymaster set-property YourIdName nostr \\\n '{\"npub\":\"npub1...\",\"pubkey\":\"\"}'" }, { "title": "Encrypt Files", "body": "./scripts/crypto/encrypt-file.sh \n./scripts/crypto/encrypt-message.sh \n\nReturns encrypted DID (stored on-chain/IPFS). Only recipient can decrypt." }, { "title": "Decrypt Files", "body": "./scripts/crypto/decrypt-file.sh \n./scripts/crypto/decrypt-message.sh " }, { "title": "Sign Files (Proof of Authorship)", "body": "./scripts/crypto/sign-file.sh \n\nImportant: File must be JSON. Adds proof section with signature." }, { "title": "Verify Signatures", "body": "./scripts/crypto/verify-file.sh \n\nShows who signed it, when, and whether content was tampered with." }, { "title": "DID Aliasing", "body": "Friendly names for DIDs - use \"alice\" instead of did:cid:bagaaiera..." }, { "title": "Add Alias", "body": "./scripts/aliases/add-alias.sh \n\nExamples:\n\n./scripts/aliases/add-alias.sh alice did:cid:bagaaiera...\n./scripts/aliases/add-alias.sh proof-of-human-schema did:cid:bagaaiera4yl4xi...\n./scripts/aliases/add-alias.sh backup-vault did:cid:bagaaierab..." }, { "title": "Resolve Alias", "body": "./scripts/aliases/resolve-did.sh \n\nPass-through safe (returns DID unchanged if you pass a DID)." }, { "title": "List/Remove Aliases", "body": "./scripts/aliases/list-aliases.sh\n./scripts/aliases/remove-alias.sh \n\nNote: Aliases work in most Keymaster commands and all encryption/messaging scripts." }, { "title": "Asset Management", "body": "Store and retrieve assets (files, images, documents, JSON data) in the distributed registry. Assets are content-addressed (DIDs) and support binary data via base64 encoding." }, { "title": "List Assets", "body": "./scripts/assets/list-assets.sh\n\nLists all asset DIDs in the registry." }, { "title": "Create Assets", "body": "From JSON Data (inline)\n\n./scripts/assets/create-asset.sh '{\"type\":\"document\",\"title\":\"My Doc\",\"content\":\"...\"}'\n\nFrom JSON File\n\n./scripts/assets/create-asset-json.sh document.json\n\nFrom File (any type)\n\n./scripts/assets/create-asset-file.sh document.pdf application/pdf\n\nEncodes file as base64 with metadata (filename, content-type).\n\nFrom Image\n\n./scripts/assets/create-asset-image.sh avatar.png\n\nAuto-detects image type (png/jpg/gif/webp/svg) and encodes with metadata." }, { "title": "Retrieve Assets", "body": "Get Asset (raw JSON)\n\n./scripts/assets/get-asset.sh did:cid:bagaaiera...\n\nReturns raw asset data.\n\nGet Asset as JSON\n\n./scripts/assets/get-asset-json.sh did:cid:bagaaiera...\n\nPretty-prints asset data.\n\nGet File Asset\n\n./scripts/assets/get-asset-file.sh did:cid:bagaaiera... [output-path]\n\nDecodes base64 and saves to disk. Auto-detects filename if no output path provided.\n\nGet Image Asset\n\n./scripts/assets/get-asset-image.sh did:cid:bagaaiera... [output-path]\n\nDecodes base64 and saves image. Auto-detects filename if no output path provided." }, { "title": "Update Assets", "body": "Update with JSON Data\n\n./scripts/assets/update-asset.sh did:cid:bagaaiera... '{\"updated\":true}'\n\nUpdate with JSON File\n\n./scripts/assets/update-asset-json.sh did:cid:bagaaiera... updated.json\n\nUpdate with File\n\n./scripts/assets/update-asset-file.sh did:cid:bagaaiera... newdoc.pdf application/pdf\n\nUpdate with Image\n\n./scripts/assets/update-asset-image.sh did:cid:bagaaiera... newavatar.png" }, { "title": "Transfer Assets", "body": "./scripts/assets/transfer-asset.sh did:cid:bagaaiera... did:cid:bagaaierat...\n\nTransfer asset ownership to another DID." }, { "title": "Use Cases", "body": "Skill Packages: Store SKILL.md + scripts as signed assets\nProfile Media: Avatar images, banners\nDocuments: PDFs, markdown files, archives\nData Sets: JSON datasets, configuration files\nShared Resources: Transfer assets between DIDs for collaboration" }, { "title": "Groups", "body": "Manage collections of DIDs for access control, multi-party operations, and organizational structure." }, { "title": "Create Group", "body": "./scripts/groups/create-group.sh \n\nCreates a group and automatically aliases it by name.\n\nExamples:\n\n./scripts/groups/create-group.sh research-team\n./scripts/groups/create-group.sh archetech-devs" }, { "title": "Add/Remove Members", "body": "./scripts/groups/add-member.sh \n./scripts/groups/remove-member.sh \n\nExamples:\n\n./scripts/groups/add-member.sh research-team did:cid:bagaaiera...\n./scripts/groups/add-member.sh devs alice\n./scripts/groups/remove-member.sh devs alice" }, { "title": "List Groups", "body": "./scripts/groups/list-groups.sh\n\nLists all groups owned by your current identity." }, { "title": "Get Group Details", "body": "./scripts/groups/get-group.sh \n\nShows group metadata and membership." }, { "title": "Test Membership", "body": "./scripts/groups/test-member.sh [member]\n\nIf member is omitted, tests whether your current identity is in the group.\n\nExamples:\n\n./scripts/groups/test-member.sh research-team # Am I in this group?\n./scripts/groups/test-member.sh research-team alice # Is alice in this group?" }, { "title": "Use Cases", "body": "Access control - Encrypt files for a group, all members can decrypt\nTeam management - Organize DIDs by role or project\nMulti-party workflows - Define who can participate in group operations" }, { "title": "Authorization", "body": "Challenge/response flow for verifying a DID controls its private key. Used for agent-to-agent authentication, access control, and proof-of-identity workflows." }, { "title": "Create a Challenge", "body": "# Create a basic challenge\n./scripts/auth/create-challenge.sh\n\n# Create a challenge as a specific DID alias\n./scripts/auth/create-challenge.sh --alias myDID\n\n# Create a challenge from a file\n./scripts/auth/create-challenge.sh challenge-template.json\n\n# Create a challenge tied to a specific credential\n./scripts/auth/create-challenge-cc.sh did:cid:bagaaiera...\n\nOutput: a challenge DID (e.g., did:cid:bagaaiera...) that the responder must sign." }, { "title": "Create a Response", "body": "CHALLENGE=\"did:cid:bagaaiera...\"\n./scripts/auth/create-response.sh \"$CHALLENGE\"\n\nOutput: a response DID containing a signed proof." }, { "title": "Verify a Response", "body": "RESPONSE=\"did:cid:bagaaiera...\"\n./scripts/auth/verify-response.sh \"$RESPONSE\"\n\nOutput:\n\n{\n \"challenge\": \"did:cid:...\",\n \"credentials\": [],\n \"requested\": 0,\n \"fulfilled\": 0,\n \"match\": true,\n \"responder\": \"did:cid:...\"\n}\n\nmatch: true means the response is valid and cryptographically verified." }, { "title": "Complete Authorization Flow", "body": "# Challenger creates a challenge\nCHALLENGE=$(./scripts/auth/create-challenge.sh)\n\n# Responder creates a response (proves they control their DID)\nRESPONSE=$(./scripts/auth/create-response.sh \"$CHALLENGE\")\n\n# Challenger verifies the response\n./scripts/auth/verify-response.sh \"$RESPONSE\"\n# → {\"match\": true, \"responder\": \"did:cid:...\", ...}" }, { "title": "Polls", "body": "Cryptographically verifiable voting with support for transparent or secret ballots. Voters are added directly to polls (no separate roster required)." }, { "title": "Create Poll Template", "body": "./scripts/polls/create-poll-template.sh\n\nOutputs a v2 template JSON:\n\n{\n \"version\": 2,\n \"name\": \"poll-name\",\n \"description\": \"What is this poll about?\",\n \"options\": [\"yes\", \"no\", \"abstain\"],\n \"deadline\": \"2026-03-01T00:00:00.000Z\"\n}" }, { "title": "Create Poll", "body": "./scripts/polls/create-poll.sh [options]\n\nCreates a poll from a JSON template file. Returns poll DID.\n\nOptions:\n\n--alias TEXT - DID alias for the poll\n--registry TEXT - Registry URL (default: hyperswarm)\n\nExample:\n\n# Create poll template\n./scripts/polls/create-poll-template.sh > my-poll.json\n\n# Edit poll (set name, description, options, deadline)\nvi my-poll.json\n\n# Create the poll\n./scripts/polls/create-poll.sh my-poll.json\n# Returns: did:cid:bagaaiera..." }, { "title": "Manage Voters", "body": "Add, remove, or list eligible voters for a poll:\n\n# Add a voter\n./scripts/polls/add-poll-voter.sh \n\n# Remove a voter\n./scripts/polls/remove-poll-voter.sh \n\n# List all eligible voters\n./scripts/polls/list-poll-voters.sh " }, { "title": "Vote in Poll", "body": "./scripts/polls/vote-poll.sh \n\nCast a vote in a poll. Returns a ballot DID.\n\nArguments:\n\npoll-did - DID of the poll\nvote-index - Vote number: 0 = spoil, 1-N = option index\n\nExamples:\n\n# View poll first to see options\n./scripts/polls/view-poll.sh did:cid:bagaaiera...\n# Options: 1=yes, 2=no, 3=abstain\n\n# Cast a vote for \"yes\" (option 1)\n./scripts/polls/vote-poll.sh did:cid:bagaaiera... 1\n# Returns: did:cid:bagaaierballot...\n\n# Spoil ballot (vote 0)\n./scripts/polls/vote-poll.sh did:cid:bagaaiera... 0" }, { "title": "Ballot Workflow", "body": "For distributed voting (voters not directly connected to poll owner):\n\n# Voter creates and sends ballot\nBALLOT=$(./scripts/polls/vote-poll.sh \"$POLL\" 1)\n./scripts/polls/send-ballot.sh \"$BALLOT\" \"$POLL\"\n\n# Poll owner receives and adds ballot\n./scripts/polls/update-poll.sh \"$BALLOT\"\n\n# View ballot details\n./scripts/polls/view-ballot.sh \"$BALLOT\"" }, { "title": "Send Poll Notice", "body": "Notify all voters about a poll:\n\n./scripts/polls/send-poll.sh \n\nCreates a notice DID that voters can use to find and vote in the poll." }, { "title": "View Poll", "body": "./scripts/polls/view-poll.sh \n\nView poll details including options (with indices), deadline, and (if published) results." }, { "title": "Publish Poll Results", "body": "Two options for publishing results:\n\nSecret ballots (default):\n\n./scripts/polls/publish-poll.sh \n\nPublishes aggregate results while hiding individual votes.\n\nTransparent ballots:\n\n./scripts/polls/reveal-poll.sh \n\nPublishes results with individual ballots visible (who voted for what)." }, { "title": "Unpublish Poll Results", "body": "./scripts/polls/unpublish-poll.sh \n\nRemove published results from a poll." }, { "title": "Complete Polling Example", "body": "# 1. Create poll template\n./scripts/polls/create-poll-template.sh > team-vote.json\n\n# 2. Edit poll:\n# {\n# \"version\": 2,\n# \"name\": \"proposal-vote\",\n# \"description\": \"Should we adopt the new proposal?\",\n# \"options\": [\"approve\", \"reject\", \"defer\"],\n# \"deadline\": \"2026-03-01T00:00:00.000Z\"\n# }\n\n# 3. Create the poll\nPOLL=$(./scripts/polls/create-poll.sh team-vote.json)\necho \"Poll created: $POLL\"\n\n# 4. Add eligible voters\n./scripts/polls/add-poll-voter.sh \"$POLL\" did:cid:alice...\n./scripts/polls/add-poll-voter.sh \"$POLL\" did:cid:bob...\n./scripts/polls/add-poll-voter.sh \"$POLL\" did:cid:carol...\n\n# 5. Notify voters\n./scripts/polls/send-poll.sh \"$POLL\"\n\n# 6. Members vote (1=approve, 2=reject, 3=defer)\n./scripts/polls/vote-poll.sh \"$POLL\" 1 # Alice votes approve\n./scripts/polls/vote-poll.sh \"$POLL\" 2 # Bob votes reject\n./scripts/polls/vote-poll.sh \"$POLL\" 1 # Carol votes approve\n\n# 7. View current status\n./scripts/polls/view-poll.sh \"$POLL\"\n\n# 8. After deadline, publish results (hiding who voted what)\n./scripts/polls/publish-poll.sh \"$POLL\"\n\n# OR publish transparently\n./scripts/polls/reveal-poll.sh \"$POLL\"" }, { "title": "Use Cases", "body": "Governance decisions - DAO-style voting with verifiable results\nTeam consensus - Anonymous feedback or transparent decision-making\nMulti-agent coordination - Agents voting on shared resources\nAccess control - Voting to add/remove group members" }, { "title": "Multiple Identities (Pseudonymous Personas)", "body": "./scripts/identity/create-additional-id.sh pseudonym\n./scripts/identity/create-additional-id.sh work-persona\n./scripts/identity/switch-id.sh pseudonym\n\nUse cases:\n\nSeparate personal/work identities\nAnonymous participation\nRole-based access control" }, { "title": "Dmail Message Format", "body": "Dmails are JSON:\n\n{\n \"to\": [\"did:cid:recipient1\", \"did:cid:recipient2\"],\n \"cc\": [\"did:cid:cc-recipient\"],\n \"subject\": \"Subject line\",\n \"body\": \"Message body\",\n \"reference\": \"did:cid:original-message\"\n}\n\nDirect Keymaster commands:\n\nnpx @didcid/keymaster create-dmail message.json\nnpx @didcid/keymaster send-dmail \nnpx @didcid/keymaster file-dmail \"inbox,important\"" }, { "title": "Signature Verification", "body": "Signed files include proof:\n\n{\n \"data\": {\"your\": \"content\"},\n \"proof\": {\n \"type\": \"EcdsaSecp256k1Signature2019\",\n \"created\": \"2026-02-10T20:41:26.323Z\",\n \"verificationMethod\": \"did:cid:bagaaiera...#key-1\",\n \"proofValue\": \"wju2GCn0QweP4bH6...\"\n }\n}" }, { "title": "Cryptographic Security", "body": "Mnemonic is master key - Store offline, write down, never digital\nPassphrase encrypts wallet - Protects wallet.json on disk\nAliases are local - Not shared, fully decentralized\nDmail is end-to-end encrypted - Only sender/recipients can read\nSignatures are non-repudiable - Can't deny creating valid signature\nBackups persist - As long as any hyperswarm node retains them" }, { "title": "Data Access Disclosure", "body": "This skill accesses sensitive data by design:\n\nDataScriptsPurpose~/.archon.wallet.jsonAll scriptsContains encrypted private keys~/.archon.envAll scriptsContains ARCHON_PASSPHRASE for non-interactive use~/.clawstr/secret.keyNostr scriptsStores derived Nostr private key" }, { "title": "Environment Variables", "body": "The following are set in ~/.archon.env:\n\nARCHON_WALLET_PATH - Path to wallet file\nARCHON_PASSPHRASE - Wallet decryption passphrase (sensitive!)\nARCHON_GATEKEEPER_URL - Optional, defaults to public gatekeeper\n\nImportant: ~/.archon.env contains your passphrase in plaintext for script automation. Ensure:\n\nchmod 600 ~/.archon.env # Owner read/write only" }, { "title": "Network Transmission", "body": "Scripts connect to:\n\nhttps://archon.technology - Public gatekeeper (default)\nlocalhost:4224 - Local gatekeeper (if configured)\nHyperswarm DHT - Distributed storage network\n\nAll transmitted data is encrypted. No plaintext secrets leave your machine" }, { "title": "Wallet/Passphrase Issues", "body": "\"Cannot read wallet\":\n\nsource ~/.archon.env\nls -la ~/clawd/wallet.json\n\n\"Permission denied\":\n\nchmod 600 ~/.archon.env" }, { "title": "Encryption/Signing", "body": "\"Cannot decrypt\":\n\nEnsure message was encrypted for YOUR DID\nCheck passphrase is correct\n\n\"Signature verification failed\":\n\nFile modified after signing\nSigner's DID may be revoked" }, { "title": "Dmail", "body": "\"Messages not arriving\":\n\n./scripts/messaging/refresh.sh # Poll for new messages\n\n\"Recipient can't decrypt\":\n\nUse correct recipient DID (not alias on their side)" }, { "title": "References", "body": "Archon documentation: https://github.com/archetech/archon\nKeymaster reference: https://github.com/archetech/archon/tree/main/keymaster\nW3C DID specification: https://www.w3.org/TR/did-core/" } ], "body": "Archon Keymaster - Core DID Toolkit\n\nCore toolkit for Archon decentralized identities (DIDs). Manages identity lifecycle, encrypted communication, cryptographic operations, and authorization.\n\nRelated skills:\n\narchon-vault — Vault management and encrypted distributed backups\narchon-cashu — Cashu ecash with DID-locked tokens\nCapabilities\nIdentity Management - Create, manage multiple DIDs, recover from mnemonic\nVerifiable Credentials - Create schemas, issue/accept/revoke credentials\nEncrypted Messaging (Dmail) - Send/receive end-to-end encrypted messages between DIDs\nNostr Integration - Derive Nostr keypairs from your DID (same secp256k1 key)\nFile Encryption - Encrypt files for specific DIDs\nDigital Signatures - Sign and verify files with your DID\nDID Aliasing - Friendly names for DIDs (contacts, schemas, credentials)\nAuthorization - Challenge/response verification between DIDs\nGroups - Create and manage DID groups for access control and multi-party operations\nPolls - Cryptographic voting with transparent or secret ballots\nAssets - Store and retrieve content-addressed assets in the registry\nPrerequisites\nNode.js installed (for npx @didcid/keymaster)\nEnvironment: ~/.archon.env with:\nARCHON_WALLET_PATH - path to your wallet file (required)\nARCHON_PASSPHRASE - wallet encryption passphrase (required)\nARCHON_GATEKEEPER_URL - gatekeeper endpoint (optional, defaults to public)\nAll created automatically by create-id.sh\nSecurity Notes\n\nThis skill handles cryptographic identity operations:\n\nPassphrase in environment: ARCHON_PASSPHRASE is stored in ~/.archon.env for non-interactive script execution. The file should be chmod 600.\n\nSensitive files accessed:\n\n~/.archon.wallet.json — encrypted wallet containing DID private keys\n~/.archon.env — wallet encryption passphrase\n\nNetwork: Data is encrypted before transmission to Archon gatekeeper/hyperswarm. Only intended recipients can decrypt.\n\nKey recovery: Your 12-word mnemonic is the master recovery key. Store it offline, never in digital form.\n\nQuick Start\nFirst-Time Setup\n./scripts/identity/create-id.sh [wallet-path]\n\n\nCreates your first DID, generates passphrase, saves to ~/.archon.env.\n\nDefault wallet location: ~/.archon.wallet.json\nYou can specify a custom path: ./scripts/identity/create-id.sh ~/my-wallet.json\nWrite down your 12-word mnemonic - it's your master recovery key.\nLoad Environment\n\nAll scripts require ~/.archon.env to be configured. Simply run:\n\nsource ~/.archon.env\n\n\nThe environment file sets ARCHON_WALLET_PATH and ARCHON_PASSPHRASE. Scripts will error if these are not set.\n\nIdentity Management\nCreate Additional Identity\n./scripts/identity/create-additional-id.sh \n\n\nCreate pseudonymous personas or role-separated identities (all share same mnemonic).\n\nList All DIDs\n./scripts/identity/list-ids.sh\n\nSwitch Active Identity\n./scripts/identity/switch-id.sh \n\nRecovery\n\nFor disaster recovery and vault restore operations, see the archon-backup skill.\n\nVerifiable Credential Schemas\n\nCreate and manage schemas for verifiable credentials.\n\nCreate Schema\n./scripts/schemas/create-schema.sh \n\n\nCreate a credential schema from a JSON file.\n\nExample schema (proof-of-human.json):\n\n{\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$credentialContext\": [\n \"https://www.w3.org/ns/credentials/v2\",\n \"https://archetech.com/schemas/credentials/agent/v1\"\n ],\n \"$credentialType\": [\n \"VerifiableCredential\",\n \"AgentCredential\",\n \"ProofOfHumanCredential\"\n ],\n \"name\": \"proof-of-human\",\n \"description\": \"Verifies human status\",\n \"properties\": {\n \"credence\": {\n \"type\": \"number\",\n \"minimum\": 0,\n \"maximum\": 1,\n \"description\": \"Confidence level (0-1) that subject is human\"\n }\n },\n \"required\": [\"credence\"]\n}\n\n./scripts/schemas/create-schema.sh proof-of-human.json\n# Returns: did:cid:bagaaiera4yl4xi...\n\nList Your Schemas\n./scripts/schemas/list-schemas.sh\n\n\nLists all schemas you own.\n\nGet Schema\n./scripts/schemas/get-schema.sh \n\n\nRetrieve schema definition by DID or alias.\n\nVerifiable Credentials\n\nIssue, accept, and manage verifiable credentials.\n\nIssuing Credentials (3-step process)\n1. Bind Credential to Subject\n./scripts/credentials/bind-credential.sh \n\n\nCreates a bound credential template file for the subject.\n\nExample:\n\n./scripts/credentials/bind-credential.sh proof-of-human-schema alice\n# Creates: bagaaierb...BOUND.json (subject DID without 'did:cid:' prefix)\n\n2. Fill in Credential Data\n\nEdit the .BOUND.json file and fill in the credentialSubject data:\n\n{\n \"credentialSubject\": {\n \"id\": \"did:cid:bagaaierb...\",\n \"credence\": 0.97\n }\n}\n\n3. Issue Credential\n./scripts/credentials/issue-credential.sh \n\n\nSigns and encrypts the credential. Returns the credential DID. The underlying @didcid/keymaster command may save output files - refer to Keymaster documentation for exact file output behavior.\n\nExample:\n\n./scripts/credentials/issue-credential.sh bagaaierb...BOUND.json\n# Returns credential DID: did:cid:bagaaierc...\n\nAccepting Credentials\n./scripts/credentials/accept-credential.sh \n\n\nAccept and save a credential issued to you.\n\nExample:\n\n./scripts/credentials/accept-credential.sh did:cid:bagaaierc...\n\nManaging Credentials\nList Your Credentials\n./scripts/credentials/list-credentials.sh\n\n\nLists all credentials you've received.\n\nList Issued Credentials\n./scripts/credentials/list-issued.sh\n\n\nLists all credentials you've issued to others.\n\nGet Credential\n./scripts/credentials/get-credential.sh \n\n\nRetrieve full credential details.\n\nPublishing & Revoking\nPublish Credential\n./scripts/credentials/publish-credential.sh \n\n\nAdd credential to your public DID manifest (makes it visible to others).\n\nRevoke Credential\n./scripts/credentials/revoke-credential.sh \n\n\nRevoke a credential you issued (invalidates it).\n\nComplete Example: Issuing Proof-of-Human\n# 1. Create schema\n./scripts/schemas/create-schema.sh proof-of-human.json\n# Returns: did:cid:bagaaiera4yl4xi...\n\n# 2. Add alias for convenience\n./scripts/aliases/add-alias.sh proof-of-human-schema did:cid:bagaaiera4yl4xi...\n\n# 3. Bind credential to Alice\n./scripts/credentials/bind-credential.sh proof-of-human-schema alice\n# Creates: bagaaierb...BOUND.json (alice's DID without prefix)\n\n# 4. Edit file, set credence: 0.97\n\n# 5. Issue credential\n./scripts/credentials/issue-credential.sh bagaaierb...BOUND.json\n# Returns: did:cid:bagaaierc...\n\n# 6. Alice accepts it\n./scripts/credentials/accept-credential.sh did:cid:bagaaierc...\n\n# 7. Alice publishes to her manifest\n./scripts/credentials/publish-credential.sh did:cid:bagaaierc...\n\nEncrypted Messaging (Dmail)\n\nEnd-to-end encrypted messages between DIDs with attachment support.\n\nSend Message\n./scripts/messaging/send.sh [cc-did...]\n\n\nExamples:\n\n./scripts/messaging/send.sh alice \"Meeting\" \"Let's sync tomorrow\"\n./scripts/messaging/send.sh did:cid:bag... \"Update\" \"Status report\" did:cid:bob...\n\nCheck Inbox\n./scripts/messaging/refresh.sh # Poll for new messages\n./scripts/messaging/list.sh # List inbox\n./scripts/messaging/list.sh unread # Filter unread\n\nRead Message\n./scripts/messaging/read.sh \n\nReply/Forward/Archive\n./scripts/messaging/reply.sh \n./scripts/messaging/forward.sh [body]\n./scripts/messaging/archive.sh \n./scripts/messaging/delete.sh \n\nAttachments\n./scripts/messaging/attach.sh \n./scripts/messaging/get-attachment.sh \n\nNostr Integration\n\nDerive Nostr identity from your DID - same secp256k1 key, two protocols.\n\nPrerequisites\n\nInstall nak CLI:\n\ncurl -sSL https://raw.githubusercontent.com/fiatjaf/nak/master/install.sh | sh\n\nDerive Nostr Keys\n./scripts/nostr/derive-nostr.sh\n\n\nOutputs nsec, npub, and hex pubkey (derived from m/44'/0'/0'/0/0).\n\nSave Keys\nmkdir -p ~/.clawstr\necho \"nsec1...\" > ~/.clawstr/secret.key\nchmod 600 ~/.clawstr/secret.key\n\nPublish Nostr Profile\necho '{\n \"kind\": 0,\n \"content\": \"{\\\"name\\\":\\\"YourName\\\",\\\"about\\\":\\\"Your bio. DID: did:cid:...\\\"}\"\n}' | nak event --sec $(cat ~/.clawstr/secret.key) \\\n wss://relay.ditto.pub wss://relay.primal.net wss://relay.damus.io wss://nos.lol\n\nUpdate DID with Nostr Identity\nnpx @didcid/keymaster set-property YourIdName nostr \\\n '{\"npub\":\"npub1...\",\"pubkey\":\"\"}'\n\nFile Encryption & Signatures\nEncrypt Files\n./scripts/crypto/encrypt-file.sh \n./scripts/crypto/encrypt-message.sh \n\n\nReturns encrypted DID (stored on-chain/IPFS). Only recipient can decrypt.\n\nDecrypt Files\n./scripts/crypto/decrypt-file.sh \n./scripts/crypto/decrypt-message.sh \n\nSign Files (Proof of Authorship)\n./scripts/crypto/sign-file.sh \n\n\nImportant: File must be JSON. Adds proof section with signature.\n\nVerify Signatures\n./scripts/crypto/verify-file.sh \n\n\nShows who signed it, when, and whether content was tampered with.\n\nDID Aliasing\n\nFriendly names for DIDs - use \"alice\" instead of did:cid:bagaaiera...\n\nAdd Alias\n./scripts/aliases/add-alias.sh \n\n\nExamples:\n\n./scripts/aliases/add-alias.sh alice did:cid:bagaaiera...\n./scripts/aliases/add-alias.sh proof-of-human-schema did:cid:bagaaiera4yl4xi...\n./scripts/aliases/add-alias.sh backup-vault did:cid:bagaaierab...\n\nResolve Alias\n./scripts/aliases/resolve-did.sh \n\n\nPass-through safe (returns DID unchanged if you pass a DID).\n\nList/Remove Aliases\n./scripts/aliases/list-aliases.sh\n./scripts/aliases/remove-alias.sh \n\n\nNote: Aliases work in most Keymaster commands and all encryption/messaging scripts.\n\nAsset Management\n\nStore and retrieve assets (files, images, documents, JSON data) in the distributed registry. Assets are content-addressed (DIDs) and support binary data via base64 encoding.\n\nList Assets\n./scripts/assets/list-assets.sh\n\n\nLists all asset DIDs in the registry.\n\nCreate Assets\nFrom JSON Data (inline)\n./scripts/assets/create-asset.sh '{\"type\":\"document\",\"title\":\"My Doc\",\"content\":\"...\"}'\n\nFrom JSON File\n./scripts/assets/create-asset-json.sh document.json\n\nFrom File (any type)\n./scripts/assets/create-asset-file.sh document.pdf application/pdf\n\n\nEncodes file as base64 with metadata (filename, content-type).\n\nFrom Image\n./scripts/assets/create-asset-image.sh avatar.png\n\n\nAuto-detects image type (png/jpg/gif/webp/svg) and encodes with metadata.\n\nRetrieve Assets\nGet Asset (raw JSON)\n./scripts/assets/get-asset.sh did:cid:bagaaiera...\n\n\nReturns raw asset data.\n\nGet Asset as JSON\n./scripts/assets/get-asset-json.sh did:cid:bagaaiera...\n\n\nPretty-prints asset data.\n\nGet File Asset\n./scripts/assets/get-asset-file.sh did:cid:bagaaiera... [output-path]\n\n\nDecodes base64 and saves to disk. Auto-detects filename if no output path provided.\n\nGet Image Asset\n./scripts/assets/get-asset-image.sh did:cid:bagaaiera... [output-path]\n\n\nDecodes base64 and saves image. Auto-detects filename if no output path provided.\n\nUpdate Assets\nUpdate with JSON Data\n./scripts/assets/update-asset.sh did:cid:bagaaiera... '{\"updated\":true}'\n\nUpdate with JSON File\n./scripts/assets/update-asset-json.sh did:cid:bagaaiera... updated.json\n\nUpdate with File\n./scripts/assets/update-asset-file.sh did:cid:bagaaiera... newdoc.pdf application/pdf\n\nUpdate with Image\n./scripts/assets/update-asset-image.sh did:cid:bagaaiera... newavatar.png\n\nTransfer Assets\n./scripts/assets/transfer-asset.sh did:cid:bagaaiera... did:cid:bagaaierat...\n\n\nTransfer asset ownership to another DID.\n\nUse Cases\nSkill Packages: Store SKILL.md + scripts as signed assets\nProfile Media: Avatar images, banners\nDocuments: PDFs, markdown files, archives\nData Sets: JSON datasets, configuration files\nShared Resources: Transfer assets between DIDs for collaboration\nGroups\n\nManage collections of DIDs for access control, multi-party operations, and organizational structure.\n\nCreate Group\n./scripts/groups/create-group.sh \n\n\nCreates a group and automatically aliases it by name.\n\nExamples:\n\n./scripts/groups/create-group.sh research-team\n./scripts/groups/create-group.sh archetech-devs\n\nAdd/Remove Members\n./scripts/groups/add-member.sh \n./scripts/groups/remove-member.sh \n\n\nExamples:\n\n./scripts/groups/add-member.sh research-team did:cid:bagaaiera...\n./scripts/groups/add-member.sh devs alice\n./scripts/groups/remove-member.sh devs alice\n\nList Groups\n./scripts/groups/list-groups.sh\n\n\nLists all groups owned by your current identity.\n\nGet Group Details\n./scripts/groups/get-group.sh \n\n\nShows group metadata and membership.\n\nTest Membership\n./scripts/groups/test-member.sh [member]\n\n\nIf member is omitted, tests whether your current identity is in the group.\n\nExamples:\n\n./scripts/groups/test-member.sh research-team # Am I in this group?\n./scripts/groups/test-member.sh research-team alice # Is alice in this group?\n\nUse Cases\nAccess control - Encrypt files for a group, all members can decrypt\nTeam management - Organize DIDs by role or project\nMulti-party workflows - Define who can participate in group operations\nAuthorization\n\nChallenge/response flow for verifying a DID controls its private key. Used for agent-to-agent authentication, access control, and proof-of-identity workflows.\n\nCreate a Challenge\n# Create a basic challenge\n./scripts/auth/create-challenge.sh\n\n# Create a challenge as a specific DID alias\n./scripts/auth/create-challenge.sh --alias myDID\n\n# Create a challenge from a file\n./scripts/auth/create-challenge.sh challenge-template.json\n\n# Create a challenge tied to a specific credential\n./scripts/auth/create-challenge-cc.sh did:cid:bagaaiera...\n\n\nOutput: a challenge DID (e.g., did:cid:bagaaiera...) that the responder must sign.\n\nCreate a Response\nCHALLENGE=\"did:cid:bagaaiera...\"\n./scripts/auth/create-response.sh \"$CHALLENGE\"\n\n\nOutput: a response DID containing a signed proof.\n\nVerify a Response\nRESPONSE=\"did:cid:bagaaiera...\"\n./scripts/auth/verify-response.sh \"$RESPONSE\"\n\n\nOutput:\n\n{\n \"challenge\": \"did:cid:...\",\n \"credentials\": [],\n \"requested\": 0,\n \"fulfilled\": 0,\n \"match\": true,\n \"responder\": \"did:cid:...\"\n}\n\n\nmatch: true means the response is valid and cryptographically verified.\n\nComplete Authorization Flow\n# Challenger creates a challenge\nCHALLENGE=$(./scripts/auth/create-challenge.sh)\n\n# Responder creates a response (proves they control their DID)\nRESPONSE=$(./scripts/auth/create-response.sh \"$CHALLENGE\")\n\n# Challenger verifies the response\n./scripts/auth/verify-response.sh \"$RESPONSE\"\n# → {\"match\": true, \"responder\": \"did:cid:...\", ...}\n\nPolls\n\nCryptographically verifiable voting with support for transparent or secret ballots. Voters are added directly to polls (no separate roster required).\n\nCreate Poll Template\n./scripts/polls/create-poll-template.sh\n\n\nOutputs a v2 template JSON:\n\n{\n \"version\": 2,\n \"name\": \"poll-name\",\n \"description\": \"What is this poll about?\",\n \"options\": [\"yes\", \"no\", \"abstain\"],\n \"deadline\": \"2026-03-01T00:00:00.000Z\"\n}\n\nCreate Poll\n./scripts/polls/create-poll.sh [options]\n\n\nCreates a poll from a JSON template file. Returns poll DID.\n\nOptions:\n\n--alias TEXT - DID alias for the poll\n--registry TEXT - Registry URL (default: hyperswarm)\n\nExample:\n\n# Create poll template\n./scripts/polls/create-poll-template.sh > my-poll.json\n\n# Edit poll (set name, description, options, deadline)\nvi my-poll.json\n\n# Create the poll\n./scripts/polls/create-poll.sh my-poll.json\n# Returns: did:cid:bagaaiera...\n\nManage Voters\n\nAdd, remove, or list eligible voters for a poll:\n\n# Add a voter\n./scripts/polls/add-poll-voter.sh \n\n# Remove a voter\n./scripts/polls/remove-poll-voter.sh \n\n# List all eligible voters\n./scripts/polls/list-poll-voters.sh \n\nVote in Poll\n./scripts/polls/vote-poll.sh \n\n\nCast a vote in a poll. Returns a ballot DID.\n\nArguments:\n\npoll-did - DID of the poll\nvote-index - Vote number: 0 = spoil, 1-N = option index\n\nExamples:\n\n# View poll first to see options\n./scripts/polls/view-poll.sh did:cid:bagaaiera...\n# Options: 1=yes, 2=no, 3=abstain\n\n# Cast a vote for \"yes\" (option 1)\n./scripts/polls/vote-poll.sh did:cid:bagaaiera... 1\n# Returns: did:cid:bagaaierballot...\n\n# Spoil ballot (vote 0)\n./scripts/polls/vote-poll.sh did:cid:bagaaiera... 0\n\nBallot Workflow\n\nFor distributed voting (voters not directly connected to poll owner):\n\n# Voter creates and sends ballot\nBALLOT=$(./scripts/polls/vote-poll.sh \"$POLL\" 1)\n./scripts/polls/send-ballot.sh \"$BALLOT\" \"$POLL\"\n\n# Poll owner receives and adds ballot\n./scripts/polls/update-poll.sh \"$BALLOT\"\n\n# View ballot details\n./scripts/polls/view-ballot.sh \"$BALLOT\"\n\nSend Poll Notice\n\nNotify all voters about a poll:\n\n./scripts/polls/send-poll.sh \n\n\nCreates a notice DID that voters can use to find and vote in the poll.\n\nView Poll\n./scripts/polls/view-poll.sh \n\n\nView poll details including options (with indices), deadline, and (if published) results.\n\nPublish Poll Results\n\nTwo options for publishing results:\n\nSecret ballots (default):\n\n./scripts/polls/publish-poll.sh \n\n\nPublishes aggregate results while hiding individual votes.\n\nTransparent ballots:\n\n./scripts/polls/reveal-poll.sh \n\n\nPublishes results with individual ballots visible (who voted for what).\n\nUnpublish Poll Results\n./scripts/polls/unpublish-poll.sh \n\n\nRemove published results from a poll.\n\nComplete Polling Example\n# 1. Create poll template\n./scripts/polls/create-poll-template.sh > team-vote.json\n\n# 2. Edit poll:\n# {\n# \"version\": 2,\n# \"name\": \"proposal-vote\",\n# \"description\": \"Should we adopt the new proposal?\",\n# \"options\": [\"approve\", \"reject\", \"defer\"],\n# \"deadline\": \"2026-03-01T00:00:00.000Z\"\n# }\n\n# 3. Create the poll\nPOLL=$(./scripts/polls/create-poll.sh team-vote.json)\necho \"Poll created: $POLL\"\n\n# 4. Add eligible voters\n./scripts/polls/add-poll-voter.sh \"$POLL\" did:cid:alice...\n./scripts/polls/add-poll-voter.sh \"$POLL\" did:cid:bob...\n./scripts/polls/add-poll-voter.sh \"$POLL\" did:cid:carol...\n\n# 5. Notify voters\n./scripts/polls/send-poll.sh \"$POLL\"\n\n# 6. Members vote (1=approve, 2=reject, 3=defer)\n./scripts/polls/vote-poll.sh \"$POLL\" 1 # Alice votes approve\n./scripts/polls/vote-poll.sh \"$POLL\" 2 # Bob votes reject\n./scripts/polls/vote-poll.sh \"$POLL\" 1 # Carol votes approve\n\n# 7. View current status\n./scripts/polls/view-poll.sh \"$POLL\"\n\n# 8. After deadline, publish results (hiding who voted what)\n./scripts/polls/publish-poll.sh \"$POLL\"\n\n# OR publish transparently\n./scripts/polls/reveal-poll.sh \"$POLL\"\n\nUse Cases\nGovernance decisions - DAO-style voting with verifiable results\nTeam consensus - Anonymous feedback or transparent decision-making\nMulti-agent coordination - Agents voting on shared resources\nAccess control - Voting to add/remove group members\nAdvanced Usage\nMultiple Identities (Pseudonymous Personas)\n./scripts/identity/create-additional-id.sh pseudonym\n./scripts/identity/create-additional-id.sh work-persona\n./scripts/identity/switch-id.sh pseudonym\n\n\nUse cases:\n\nSeparate personal/work identities\nAnonymous participation\nRole-based access control\nDmail Message Format\n\nDmails are JSON:\n\n{\n \"to\": [\"did:cid:recipient1\", \"did:cid:recipient2\"],\n \"cc\": [\"did:cid:cc-recipient\"],\n \"subject\": \"Subject line\",\n \"body\": \"Message body\",\n \"reference\": \"did:cid:original-message\"\n}\n\n\nDirect Keymaster commands:\n\nnpx @didcid/keymaster create-dmail message.json\nnpx @didcid/keymaster send-dmail \nnpx @didcid/keymaster file-dmail \"inbox,important\"\n\nSignature Verification\n\nSigned files include proof:\n\n{\n \"data\": {\"your\": \"content\"},\n \"proof\": {\n \"type\": \"EcdsaSecp256k1Signature2019\",\n \"created\": \"2026-02-10T20:41:26.323Z\",\n \"verificationMethod\": \"did:cid:bagaaiera...#key-1\",\n \"proofValue\": \"wju2GCn0QweP4bH6...\"\n }\n}\n\nSecurity Notes\nCryptographic Security\nMnemonic is master key - Store offline, write down, never digital\nPassphrase encrypts wallet - Protects wallet.json on disk\nAliases are local - Not shared, fully decentralized\nDmail is end-to-end encrypted - Only sender/recipients can read\nSignatures are non-repudiable - Can't deny creating valid signature\nBackups persist - As long as any hyperswarm node retains them\nData Access Disclosure\n\nThis skill accesses sensitive data by design:\n\nData\tScripts\tPurpose\n~/.archon.wallet.json\tAll scripts\tContains encrypted private keys\n~/.archon.env\tAll scripts\tContains ARCHON_PASSPHRASE for non-interactive use\n~/.clawstr/secret.key\tNostr scripts\tStores derived Nostr private key\nEnvironment Variables\n\nThe following are set in ~/.archon.env:\n\nARCHON_WALLET_PATH - Path to wallet file\nARCHON_PASSPHRASE - Wallet decryption passphrase (sensitive!)\nARCHON_GATEKEEPER_URL - Optional, defaults to public gatekeeper\n\nImportant: ~/.archon.env contains your passphrase in plaintext for script automation. Ensure:\n\nchmod 600 ~/.archon.env # Owner read/write only\n\nNetwork Transmission\n\nScripts connect to:\n\nhttps://archon.technology - Public gatekeeper (default)\nlocalhost:4224 - Local gatekeeper (if configured)\nHyperswarm DHT - Distributed storage network\n\nAll transmitted data is encrypted. No plaintext secrets leave your machine\n\nTroubleshooting\nWallet/Passphrase Issues\n\n\"Cannot read wallet\":\n\nsource ~/.archon.env\nls -la ~/clawd/wallet.json\n\n\n\"Permission denied\":\n\nchmod 600 ~/.archon.env\n\nEncryption/Signing\n\n\"Cannot decrypt\":\n\nEnsure message was encrypted for YOUR DID\nCheck passphrase is correct\n\n\"Signature verification failed\":\n\nFile modified after signing\nSigner's DID may be revoked\nDmail\n\n\"Messages not arriving\":\n\n./scripts/messaging/refresh.sh # Poll for new messages\n\n\n\"Recipient can't decrypt\":\n\nUse correct recipient DID (not alias on their side)\nReferences\nArchon documentation: https://github.com/archetech/archon\nKeymaster reference: https://github.com/archetech/archon/tree/main/keymaster\nW3C DID specification: https://www.w3.org/TR/did-core/" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/macterra/archon-keymaster", "publisherUrl": "https://clawhub.ai/macterra/archon-keymaster", "owner": "macterra", "version": "0.1.4", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/archon-keymaster", "downloadUrl": "https://openagent3.xyz/downloads/archon-keymaster", "agentUrl": "https://openagent3.xyz/skills/archon-keymaster/agent", "manifestUrl": "https://openagent3.xyz/skills/archon-keymaster/agent.json", "briefUrl": "https://openagent3.xyz/skills/archon-keymaster/agent.md" } }