AI Agent Skill HUB

hodlxxi-bitcoin-identity

Integrate HODLXXI as a Bitcoin-native identity provider that bridges OAuth2/OIDC and Lightning LNURL-Auth for client registration, authorization flows, JWT verification, and health monitoring.

7 stars
byDemerzels-lab
View on GitHubInstallation ↓

Best use case

hodlxxi-bitcoin-identity is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Integrate HODLXXI as a Bitcoin-native identity provider that bridges OAuth2/OIDC and Lightning LNURL-Auth for client registration, authorization flows, JWT verification, and health monitoring.

Teams using hodlxxi-bitcoin-identity should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/hodlxxi-bitcoin-identity/SKILL.md --create-dirs "https://raw.githubusercontent.com/Demerzels-lab/elsamultiskillagent/main/public/skills/hodlxxi/hodlxxi-bitcoin-identity/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/hodlxxi-bitcoin-identity/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How hodlxxi-bitcoin-identity Compares

Feature / Agenthodlxxi-bitcoin-identityStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Integrate HODLXXI as a Bitcoin-native identity provider that bridges OAuth2/OIDC and Lightning LNURL-Auth for client registration, authorization flows, JWT verification, and health monitoring.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# HODLXXI Bitcoin Identity

## Overview

Use this skill to integrate HODLXXI (Universal Bitcoin Identity Layer) for agent authentication, LNURL-Auth linking, and JWT-based identity claims.

## Installation

1. Fetch the skill file from the repository (raw link works for installable agents):

```bash
curl -L -o SKILL.md \
  https://raw.githubusercontent.com/hodlxxi/Universal-Bitcoin-Identity-Layer/main/skills/public/hodlxxi-bitcoin-identity/SKILL.md
```

2. Install helper dependencies for local verification scripts:

```bash
python -m pip install ecdsa pyjwt requests
```

## Quick start

1. Set a base URL for the HODLXXI deployment.
2. Register an OAuth client to obtain `client_id` and `client_secret`.
3. Run the OAuth2/OIDC authorization code flow (PKCE recommended).
4. Start an LNURL-Auth session for Lightning wallet login.
5. Verify JWTs with the JWKS endpoint.

## Usage steps

### 1) Configure the base URL

Set the base URL to the HODLXXI deployment (update as needed):

```bash
BASE_URL="https://hodlxxi.com"
```

### 2) Register an OAuth client

Register a client to get credentials:

```bash
curl -X POST "$BASE_URL/oauth/register" \
  -H "Content-Type: application/json" \
  -d '{"client_name": "YourAgentName", "redirect_uris": ["https://your-callback-url"], "scopes": ["openid", "profile"]}'
```

Store `client_id` and `client_secret` securely.

### 3) Run OAuth2/OIDC authorization code flow

Discover endpoints:

```bash
curl "$BASE_URL/.well-known/openid-configuration"
```

Create an authorization request (PKCE recommended):

```bash
curl "$BASE_URL/oauth/authorize?client_id=your_client_id&redirect_uri=your_callback&response_type=code&scope=openid%20profile&code_challenge=your_challenge&code_challenge_method=S256"
```

Exchange the authorization code for tokens:

```bash
curl -X POST "$BASE_URL/oauth/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=authorization_code&code=received_code&redirect_uri=your_callback&client_id=your_client_id&code_verifier=your_verifier"
```

Expect an access token, ID token (JWT), and optional refresh token.

### 4) Start an LNURL-Auth session

Create a session and show the LNURL to the user:

```bash
curl -X POST "$BASE_URL/api/lnurl-auth/create" \
  -H "Accept: application/json"
```

Poll for completion after the user scans the LNURL with a Lightning wallet:

```bash
curl "$BASE_URL/api/lnurl-auth/check/your_session_id"
```

### 5) Verify JWTs

Fetch JWKS:

```bash
curl "$BASE_URL/oauth/jwks.json"
```

Verify with Python (example uses PyJWT):

```python
import jwt
import requests

jwks = requests.get("https://your-hodlxxi-deployment.com/oauth/jwks.json", timeout=10).json()
public_key = jwt.algorithms.RSAAlgorithm.from_jwk(jwks["keys"][0])
claims = jwt.decode(your_jwt, public_key, algorithms=["RS256"], audience="your_audience")
print(claims)
```

### 6) Monitor health and metrics

Check liveness and OAuth system status endpoints:

```bash
curl "$BASE_URL/health"
curl "$BASE_URL/oauthx/status"
```

## Code examples

### Register a client from a JSON template

```bash
curl -X POST "$BASE_URL/oauth/register" \
  -H "Content-Type: application/json" \
  -d @templates/oauth-client.json
```

### Create LNURL session and poll

```bash
session_json=$(curl -s -X POST "$BASE_URL/api/lnurl-auth/create")
session_id=$(python3 -c 'import json,sys; print(json.loads(sys.argv[1])["session_id"])' "$session_json")
curl "$BASE_URL/api/lnurl-auth/check/$session_id"
```

## Best practices

- Always use HTTPS and verify TLS certificates in production.
- Keep client secrets in a secrets manager or environment variables.
- Use PKCE for public clients and rotate secrets for confidential clients.
- Treat LNURL sessions as single-use and enforce short TTLs.
- Validate `aud`, `iss`, and `exp` claims for JWTs.

## Advanced features

- Use `/oauthx/docs` for live OAuth/OIDC API documentation.
- Use `/oauthx/status` to monitor database and LNURL session health.
- Rotate JWKS keys via the server configuration (JWKS directory + rotation days).

## PAYG billing for OAuth clients

Paid API calls are billed per **OAuth `client_id`** (agent/app), not per session pubkey. When balance or free quota is exhausted, paid endpoints return **HTTP 402** with a Lightning top-up path.

### Billing endpoints (OAuth token required)

- `POST /api/billing/agent/create-invoice`
- `POST /api/billing/agent/check-invoice`

Example create invoice:

```bash
curl -X POST "$BASE_URL/api/billing/agent/create-invoice" \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"amount_sats": 1000}'
```

Example check invoice:

```bash
curl -X POST "$BASE_URL/api/billing/agent/check-invoice" \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"invoice_id": "your_invoice_id"}'
```

### 402 response shape

When a paid endpoint is called with insufficient balance, expect:

```json
{
  "ok": false,
  "error": "payment_required",
  "code": "PAYMENT_REQUIRED",
  "client_id": "your_client_id",
  "cost_sats": 1,
  "balance_sats": 0,
  "create_invoice_endpoint": "/api/billing/agent/create-invoice",
  "hint": "Top up via Lightning PAYG"
}
```

## Supporting files

- `scripts/verify_signature.py` validates LNURL-Auth signatures locally.
- `HEARTBEAT.md` describes periodic health checks for the deployment.
- `templates/oauth-client.json` provides a ready client registration payload.

## Optional helper script

Use `scripts/verify_signature.py` to validate LNURL signatures locally. Install the dependency first:

```bash
python -m pip install ecdsa
python scripts/verify_signature.py --k1 <hex> --signature <hex> --pubkey <hex>
```

Related Skills

amai-identity

7
from Demerzels-lab/elsamultiskillagent

Soul-Bound Keys and Soulchain for persistent agent identity, reputation, and messaging. The identity primitive for the agentic web.

bitcoin-daily

7
from Demerzels-lab/elsamultiskillagent

Daily digest of the Bitcoin Development mailing list and Bitcoin Core commits. Use when asked about recent bitcoin-dev discussions, mailing list activity, Bitcoin Core code changes, or to set up daily summaries. Fetches threads from groups.google.com/g/bitcoindev and commits from github.com/bitcoin/bitcoin.

molt-identity

7
from Demerzels-lab/elsamultiskillagent

Core identity and personality for Molt, the transformative AI assistant

identity-resolver

7
from Demerzels-lab/elsamultiskillagent

**Canonical user identity resolution across messaging channels**.

identity-manager

7
from Demerzels-lab/elsamultiskillagent

strictly manages user identity mappings (Feishu OpenID <-> Name/Role). Use this to `lookup` a user by ID before replying, or `register` new users to the database. Prevents hallucinating user identities.

publisher-identity-verifier

7
from Demerzels-lab/elsamultiskillagent

Helps verify publisher identity integrity in AI agent ecosystems.

paylock

7
from Demerzels-lab/elsamultiskillagent

Non-custodial SOL escrow for AI agent deals.

agent-reputation

7
from Demerzels-lab/elsamultiskillagent

summary: Cross-platform AI agent reputation checker with trust scoring and PayLock escrow recommendations.

Telecom Agent Skill

7
from Demerzels-lab/elsamultiskillagent

Turn your AI Agent into a Telecom Operator. Bulk calling, ChatOps, and Field Monitoring.

OpenClaw-Finnhub

7
from Demerzels-lab/elsamultiskillagent

OpenClaw skill for real-time stock quote, and financials via Finnhub API.

```markdown

7
from Demerzels-lab/elsamultiskillagent

# OpenClaw-Last.fm

security-operator

7
from Demerzels-lab/elsamultiskillagent

Runtime security guardrails for OpenClaw agents.