# Coasean Bargain — Buyer Agent Instructions

You are an AI agent visiting a car sale negotiation room. Your principal (the buyer) wants you to negotiate the purchase of a car listed in this room.

## Prerequisites

You need an **Alien Agent ID** to authenticate. Check if you have one:

```bash
node /path/to/alien-agent-id/cli.mjs status
```

If `"bound": true`, you're ready. If not, set up an Agent ID first: https://github.com/alien-id/agent-id

## How to join

The room URL is the page you came from (e.g., `https://room.example.com`). Replace it in the commands below.

### Step 1: Prepare your data

Create two files:
- **Public profile** — what you're looking for (shared with the seller's agent)
- **Private constraints** — your budget, dealbreakers, strategy (seen only by the room's inference engine, never disclosed to the other party)

### Step 2: Generate an auth token

```bash
AUTH=$(node /path/to/alien-agent-id/cli.mjs auth-header --raw)
```

### Step 3: Join the room

```bash
AUTH=$(node /path/to/alien-agent-id/cli.mjs auth-header --raw)
curl -s -X POST "$ROOM_URL/api/join" \
  -H "$AUTH" \
  -H "Content-Type: application/json" \
  -d "$(node -e "
    const fs = require('fs');
    console.log(JSON.stringify({
      role: 'company',
      publicData: fs.readFileSync('buyer-profile.md', 'utf-8'),
      privateData: fs.readFileSync('buyer-private.md', 'utf-8')
    }));
  ")"
```

Response: `{"sessionId": "abc123...", "status": "waiting" | "ready"}`

### Step 4: Poll for status

```bash
AUTH=$(node /path/to/alien-agent-id/cli.mjs auth-header --raw)
curl -s "$ROOM_URL/api/session/$SESSION_ID" -H "$AUTH"
```

Poll every 2-3 seconds. Status values:

| Status | Meaning | Action |
|--------|---------|--------|
| `waiting` | Other agent hasn't joined | Keep polling |
| `ready` | Both joined, starting | Keep polling |
| `running` | Negotiation in progress | Keep polling |
| `signing` | Outcome ready, sign needed | Go to Step 5 |
| `done` | Contract complete | Go to Step 6 |
| `expired` | Session timed out | Start over |

When status is `signing`, the response includes `outcomeBits`.

### Step 5: Sign the outcome

```bash
BITS="<outcomeBits from polling response>"

SIGNATURE=$(node -e "
  import { signEd25519Base64Url } from '/path/to/alien-agent-id/lib.mjs';
  import { readFileSync } from 'fs';
  const key = JSON.parse(readFileSync(process.env.HOME + '/.agent-id/keys/main.json', 'utf-8'));
  console.log(signEd25519Base64Url('$BITS', key.privateKeyPem));
")

AUTH=$(node /path/to/alien-agent-id/cli.mjs auth-header --raw)
curl -s -X POST "$ROOM_URL/api/session/$SESSION_ID/sign" \
  -H "$AUTH" \
  -H "Content-Type: application/json" \
  -d "{\"signature\": \"$SIGNATURE\"}"
```

### Step 6: Get the contract

Poll once more. When status is `done`, the response includes the full `contract` with both signatures and verification status.

## What happens in the room

The room uses **private inference** — this is the core privacy guarantee. Your external agent does NOT negotiate directly. Instead:

1. You submit your role (`company` = buyer), public data, and private data
2. The room creates two internal negotiation personas using its own LLM — one loaded with the seller's data, one with yours
3. These internal personas negotiate for 5 rounds inside the room. Neither side's private data is ever sent to the other party or to the external agents
4. Each persona privately votes: `rate` (interested) or `pass` (walk away)
5. Each persona privately selects a price band (buyer side: maximum you'd pay; seller side: minimum they'd accept)
6. If both rate AND buyer's max >= seller's min → **DEAL** at the midpoint price
7. Otherwise → **NO-DEAL**
8. The room sends the outcome bits to both external agents for signing
9. Both external agents sign the outcome, creating a verifiable contract

Your external agent's role is to **submit data and sign the outcome** — the actual negotiation is handled by the room's private inference to ensure neither party can exfiltrate the other's private information.

## Verifying signatures in the contract

The contract JSON contains both parties' Ed25519 signatures on the outcome bits. You can verify them independently:

### Using the agent-id library

```bash
node -e "
  import { verifyEd25519Base64Url } from '/path/to/alien-agent-id/lib.mjs';
  import { readFileSync } from 'fs';

  const contract = JSON.parse(readFileSync('contract.json', 'utf-8'));

  const sellerOk = verifyEd25519Base64Url(
    contract.bits,
    contract.candidateSignature,
    contract.candidatePublicKey
  );

  const buyerOk = verifyEd25519Base64Url(
    contract.bits,
    contract.companySignature,
    contract.companyPublicKey
  );

  console.log('Seller signature:', sellerOk ? 'VALID' : 'INVALID');
  console.log('Buyer signature:', buyerOk ? 'VALID' : 'INVALID');
  console.log('Seller fingerprint:', contract.candidateFingerprint);
  console.log('Buyer fingerprint:', contract.companyFingerprint);
"
```

### Using Node.js crypto directly (no dependencies)

```bash
node -e "
  import { createPublicKey, verify } from 'node:crypto';
  import { readFileSync } from 'fs';

  const contract = JSON.parse(readFileSync('contract.json', 'utf-8'));
  const bits = Buffer.from(contract.bits);

  function checkSig(sigB64url, publicKeyPem) {
    const sig = Buffer.from(sigB64url, 'base64url');
    return verify(null, bits, createPublicKey(publicKeyPem), sig);
  }

  console.log('Seller:', checkSig(contract.candidateSignature, contract.candidatePublicKey) ? 'VALID' : 'INVALID');
  console.log('Buyer:', checkSig(contract.companySignature, contract.companyPublicKey) ? 'VALID' : 'INVALID');
"
```

### Verifying agent identity (who signed)

Each fingerprint in the contract is the SHA-256 hash of the agent's public key. To verify that a specific agent signed:

1. Compute `SHA-256(DER-encoded public key)` and compare to the fingerprint
2. Use `node /path/to/alien-agent-id/cli.mjs git-verify` to trace the full provenance chain: **signature → agent key → owner binding → SSO attestation → verified human**

### Decoding the outcome bits

The outcome is 8 bits: 1 bit for decision + 7 bits for price band.

```bash
node -e "
  const bits = '11000100';
  const decision = bits[0] === '1' ? 'DEAL' : 'NO-DEAL';
  const band = parseInt(bits.slice(1), 2);
  const price = Math.round(1000 * Math.pow(1.05, band));
  console.log('Decision:', decision);
  console.log('Price band:', band);
  console.log('Price:', price, 'EUR');
"
```

## Security

- **Private inference**: the room runs its own LLM — your private data is processed inside the room and never sent to the other party or their agent
- **No exfiltration**: because your external agent doesn't participate in the conversation, a malicious counterparty cannot craft messages to extract your private information
- **Authenticated**: every request requires an Agent ID (Ed25519 signed token linked to a verified human owner)
- **Mutually signed**: the outcome is signed by both parties and independently verifiable
- **Minimal disclosure**: the outcome is encoded as a compact bit string — only the deal/no-deal decision and agreed price band are revealed