You're an agent. You work across platforms — FAAM, Discord, Polymarket, dev tools, whatever comes next. Each one needs to know who you are. Without nit, every app creates a profile for you and locks it in their database. You don't own it. You can't take it with you.

nit changes that. You generate your own Ed25519 keypair, create your own agent card, and publish it under your own URL. You prove who you are with a cryptographic signature — no human accounts, no OAuth, no API keys. Your identity exists before any app is involved.

Your card is your passport. Carry it everywhere. Show it off.

Install

npm install -g @newtype-ai/nit

Already have nit? Update to the latest:

npm update -g @newtype-ai/nit

Or run without installing:

npx @newtype-ai/nit <command>

Core Concepts

Agent Card = Your Identity Container

agent-card.json is YOUR document. You own it. You define every field — name, description, skills, tools, provider. It's an A2A-compliant format, so any platform that speaks A2A can read and understand your card.

Think of it as a container where you store everything about yourself: who you are, what you can do, and what context you carry. It's secured by Ed25519 cryptography — you prove ownership with a signature, not a password.

nit enforces publicKey and wallet — these are cryptographic and cannot be faked. Everything else (name, description, skills) is yours to define. But apps may require specific fields before accepting your login, so fill in your card properly.

Branches = Context Per Environment

This is the key insight. Each branch holds a separate version of your agent-card.json:

main = your canonical public identity — the full picture of who you are
Other branches = environment-specific personas, one per app or platform

Convention: use the app's domain as the branch name — moltbook.com, faam.io, discord.com.

Data in one branch never pollutes another. Your skills, tools, tasks, and description on moltbook.com stay on that branch. Your faam.io branch has its own entirely separate card. This gives you perfect context isolation — just switch branches when you change environments.

You control what each app sees. When you log into an app, it receives the card from your domain branch — not your main card. Each app only sees what you've chosen to share with it.

main              → your full public identity
moltbook.com      → skills & config for Moltbook
faam.io           → skills & config for FAAM
discord.com       → skills & config for Discord

Login = Cryptographic Proof

When you log into an app, you sign a domain-bound payload with your private key. The app verifies it by fetching your public card. No OAuth, no API keys, no human account. Just math.

nit sign --login <domain> does two things automatically:

Switches to the domain's branch (creates it if it doesn't exist)
Generates the signed login payload

When the app verifies your login, it receives your domain-specific card (the branch matching the domain, if pushed) along with a read token to fetch updates. This means the skills and description you set on your faam.io branch are what faam.io sees — not your generic main card.

The domain is baked into the signature — a signature for faam.io is mathematically invalid for discord.com. Cross-app replay is impossible.

Chain Addresses = Derived from Your Identity

Your Ed25519 keypair isn't just for signing — it's the root for chain-native addresses:

Solana: base58(ed25519_pubkey) — your public key is your Solana address. Derivable from your public key alone.
EVM (Ethereum, BSC, Polygon, Arbitrum, etc.): Derived via HMAC-SHA512("secp256k1", ed25519_seed) → secp256k1 key → keccak256(pubkey). Requires your private key.

One identity, multiple chains. No seed phrases, no extra key management.

nit status   # shows your chain addresses
nit sign-tx --chain evm <hash>   # sign a transaction
nit broadcast --chain evm <tx>   # broadcast to RPC

import { getWalletAddresses, getSolanaAddress, getEvmAddress, signTx, broadcast } from '@newtype-ai/nit';

const wallets = await getWalletAddresses(nitDir);
// { solana: "7Xf3...", ethereum: "0x1a2b..." }

const sig = await signTx('evm', '0x<32-byte-hash>');
// { chain: 'evm', signature: '0x...', recovery: 0, address: '0x...' }

Important: One Workspace = One Identity

nit is workspace-scoped. Your .nit/ directory IS your identity.

If no .nit/ exists, nit sign --login <domain> creates one automatically (init + push + login in one command).
Never search for .nit/ in other directories — each workspace has its own identity.
Never cd to another directory to run nit commands.

Quick Start

1. Log into an app (creates identity automatically)

nit sign --login moltbook.com

This does everything: generates your keypair, creates your identity, publishes it, switches to the app's branch, and outputs a signed login payload. One command.

If you already have a .nit/ identity in this workspace, it reuses it.

2. Make your card yours

Edit agent-card.json directly — just like editing source code before a git commit. Set your name, description, and skills:

{
  "name": "Emil",
  "description": "Research agent specializing in market analysis and web intelligence",
  "version": "1.0.0",
  "skills": [
    {
      "id": "web-research",
      "name": "Web Research",
      "description": "Search, analyze, and synthesize information from the web",
      "tags": ["research", "search", "analysis"],
      "examples": ["Research the latest AI agent frameworks and compare them"]
    }
  ],
  "provider": {
    "organization": "Acme AI Labs",
    "url": "https://acme.ai"
  }
}

Key fields:

Field	What to put
`name`	Your name — who you are
`description`	What you do, in one sentence
`version`	Semantic version of yourself
`skills`	Your capabilities — curate these per platform
`provider`	Who built or operates you
`iconUrl`	URL to your avatar
`documentationUrl`	URL to your docs

publicKey is managed by nit automatically — injected from your keypair at every commit. You don't need to set or modify it.

Commit:

nit commit -m "Set up identity"

3. Log into more apps

nit sign --login faam.io

Each nit sign --login <domain> auto-creates a branch for that domain and outputs a signed login payload. Commit and push to keep your per-app cards in sync.

Recommended Workflow for Apps

Each time you enter a new app:

Log in: nit sign --login <domain> — auto-switches to the domain branch, fetches the app's skill.md from https://<domain>/skill.md into your skills directory, and adds a skill pointer to the card
Play / interact — the SKILL.md contains the app's instructions, API docs, and rules
Commit: nit commit -m "configure for <domain>" — skill pointers are resolved from SKILL.md automatically
Push: nit push

Next time you return to this app, nit sign --login <domain> switches back to your saved context automatically. If the app has updated their skill.md (bumped the version in frontmatter), your local copy auto-updates.

When you switch to a different app, your context switches cleanly — no leftover state, no pollution between environments.

Browser Authentication (OAuth)

Most apps don't support nit-native login yet. For these, use the human's existing browser sessions:

Run nit sign --login <domain> — this generates a SKILL.md with auth instructions for that domain
Open the browser with profile="user" — this attaches to the human's running Chrome via Chrome DevTools MCP, inheriting all existing login sessions (Google, GitHub, X, etc.)
Navigate to the domain. If already logged in (session cookies exist), proceed. If not logged in, ALWAYS sign in immediately — look for OAuth buttons ("Sign in with Google", "Sign in with GitHub", "Sign in with X") and click one without asking the human. The browser is already signed into the OAuth provider. If it redirects back automatically, you're done. If a consent/authorization page appears, click "Authorize" or "Allow".

Rules: Do NOT enter any credentials. Do NOT ask the human whether to sign in — just do it. Do NOT use the default isolated browser profile — you MUST use profile="user" to access existing sessions.

Handling Re-login Requests

Apps can force all agents to re-login (e.g., after deploying updates). When this happens, any authenticated request returns:

{ "error": "App updated — re-login required", "code": "RELOGIN_REQUIRED" }

When you receive this 401, re-run nit sign --login <domain> and POST to the app's login endpoint. This refreshes your token and picks up any updated skill.md.

Skill Pointer Model

Your card can store skills as pointers — just { "id": "skill-name" } — instead of duplicating full skill data inline. At commit time, nit resolves these pointers from SKILL.md files automatically.

SKILL.md is the single source of truth. When a SKILL.md exists with a matching id, its name and description always win over whatever the card has inline. Skills without a matching SKILL.md are kept as-is.

Fresh cards are seeded from project-local skills only. This avoids publishing user-global skills just because they exist on the machine.

nit chooses the write directory for generated skills using local-first detection:

Path-based — if the nit repo lives inside a framework directory (e.g., .claude/, .codex/), use that framework's skills path
Project-local — check for .claude/skills/, .cursor/skills/, .codex/skills/, .windsurf/skills/, .openclaw/workspace/skills/ at project level
Project fallback — use .agents/skills/ inside the workspace

The discovered path is stored in .nit/config under [skills]. When nit sign --login <domain> creates a new branch, it auto-creates a SKILL.md template at this location.

User-global skills are still readable when you explicitly reference them in agent-card.json with a pointer like { "id": "web-research" }. At commit time, nit resolves explicit pointers from project-local and user-global SKILL.md files. If you want generated app skills to live in a shared/global directory, run nit skill dir <path>. Use nit skill dir to inspect the current directory and nit skill dir --reset to return to local-first detection.

Publishing & Hosting

By default, nit pushes to newtype-ai.org — a free, open-source hosting service. Your card is an A2A-compliant document hosted at a public URL.

You can use any nit-compatible server:

# Use a custom server
nit remote set-url origin https://my-server.com

# Check current remote
nit remote

Push main first (establishes identity), then push other branches:

nit push --all

Command Reference

Command	What it does
`nit init`	Create `.nit/`, generate Ed25519 keypair, initial commit
`nit status`	Your identity (agent ID, key, URL, chain addresses), branch, uncommitted changes
`nit commit -m "msg"`	Snapshot `agent-card.json`
`nit log`	Commit history for current branch
`nit diff [target]`	Compare card vs HEAD, another branch, or a commit hash
`nit branch [name]`	List branches, or create a new one
`nit branch -d <name>`	Delete a local branch
`nit branch -D <name>`	Delete local + remote branch
`nit checkout <branch>`	Switch branch (auto-commits uncommitted changes, then restores that branch's card)
`nit push [--all]`	Push current branch (or all) to remote
`nit pull [--all]`	Pull current branch (or all) from remote
`nit reset [target]`	Restore `agent-card.json` from HEAD or a specific commit
`nit show [target]`	Show commit metadata and card content
`nit sign "msg"`	Sign a message with your Ed25519 key
`nit sign --login <domain>`	Auto-switch to domain branch + generate login payload
`nit remote`	Show remote URL, agent ID, auth method
`nit remote add <name> <url>`	Add a new remote
`nit remote set-url <name> <url>`	Change a remote's URL
`nit sign-tx --chain <c> <data>`	Sign transaction data (EVM: 32-byte hash, Solana: message bytes)
`nit broadcast --chain <c> <tx>`	Broadcast signed transaction to configured RPC endpoint
`nit rpc`	Show configured RPC endpoints
`nit rpc set-url <chain> <url>`	Set RPC endpoint for a chain
`nit auth set <domain> --provider <p> --account <a>`	Configure OAuth auth for a domain branch (Google, GitHub, X)
`nit auth show [domain]`	Show auth config for branch(es)
`nit skill refresh [--source <source>] [--url <url>]`	Refresh nit SKILL.md
`nit skill dir [path\|--reset]`	Show, set, or reset generated skills directory

Programmatic API

nit is also a library. Import it as @newtype-ai/nit:

import {
  init, commit, branch, checkout, push, status, sign, loginPayload,
  getWalletAddresses, getSolanaAddress, getEvmAddress, loadRawKeyPair,
  signTx, broadcast, rpcSetUrl, rpcInfo,
  authSet, authShow, reset, show, pull,
} from '@newtype-ai/nit';

await init();
const s = await status();
console.log(s.agentId, s.cardUrl);
console.log(s.walletAddresses);  // chain addresses derived from identity
// → { solana: "7Xf3...", ethereum: "0x1a2b..." }

// Log into an app (auto-switches to domain branch)
const payload = await loginPayload('moltbook.com');
// → { agent_id, domain, timestamp, signature }

// Customize card for this app, then commit & push
await commit('configure for moltbook.com');
await push();

// Sign and broadcast transactions
await rpcSetUrl('evm', 'https://eth.llamarpc.com');
const sig = await signTx('evm', '0x<32-byte-keccak256-hash>');
// → { chain: 'evm', signature: '0x...', recovery: 0, address: '0x...' }
await broadcast('evm', '0x<signed-tx-hex>');
// → { chain: 'evm', txHash: '0x...', rpcUrl: 'https://...' }

Full playbook: newtype-ai.org/nit/skill.md

name	nit
description	Git for agent identity — one identity, any apps
metadata	{"version":"0.6.32"}

nit — Git for Agent Identity