Fix/ci forge check

.github/CODEOWNERS

@@ -0,0 +1,21 @@
+# ToadAid Agent0 Core - CODEOWNERS
+# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+
+# Global fallback - require review from repo owner
+* @ToadAid
+
+# Documentation changes
+docs/ @ToadAid
+
+# Scripts - infrastructure and automation
+scripts/ @ToadAid
+
+# Tools - agent utilities
+tools/ @ToadAid
+
+# Policy and security files
+AGENT_POLICY.md @ToadAid
+SECURITY.md @ToadAid
+
+# Core configuration
+.github/ @ToadAid

.github/pull_request_template.md

@@ -0,0 +1,24 @@
+## Description
+<!-- What does this PR do? -->
+
+## Type of Change
+- [ ] Bug fix
+- [ ] New feature
+- [ ] Documentation update
+- [ ] Tool/Script addition
+- [ ] Refactoring
+
+## Checklist
+- [ ] I have read the AGENT_POLICY.md
+- [ ] Changes align with ToadAid principles
+- [ ] Documentation updated if needed
+- [ ] No secrets or credentials exposed
+
+## Related Issues
+<!-- Link to any related issues -->
+
+## Testing
+<!-- How was this tested? -->
+
+## Notes for Reviewer
+<!-- Anything specific to call out -->

.github/workflows/ci.yml

@@ -0,0 +1,69 @@
+name: CI
+
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      - name: Lint Python files
+        run: |
+          pip install flake8
+          flake8 identity/ tools/ scripts/ --max-line-length=100 --extend-ignore=E501 || true
+
+  check-structure:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Check directory structure
+        run: |
+          test -d docs || (echo "Missing docs/" && exit 1)
+          test -d tools || (echo "Missing tools/" && exit 1)
+          test -d scripts || (echo "Missing scripts/" && exit 1)
+          test -d identity || (echo "Missing identity/" && exit 1)
+          echo "✓ Directory structure OK"
+      - name: Check required files exist
+        run: |
+          test -f docs/README.md || (echo "Missing docs/README.md" && exit 1)
+          test -f tools/README.md || (echo "Missing tools/README.md" && exit 1)
+          test -f scripts/README.md || (echo "Missing scripts/README.md" && exit 1)
+          test -f identity/README.md || (echo "Missing identity/README.md" && exit 1)
+          echo "✓ Required README files present"
+      - name: Verify Python scripts are executable
+        run: |
+          test -f identity/verify_identity.py || (echo "Missing verify_identity.py" && exit 1)
+          echo "✓ Identity toolkit scripts present"
+      - name: Check CODEOWNERS exists
+        run: |
+          test -f .github/CODEOWNERS || (echo "Missing CODEOWNERS" && exit 1)
+          echo "✓ CODEOWNERS present"
+      - name: Check PR template exists
+        run: |
+          test -f .github/pull_request_template.md || (echo "Missing PR template" && exit 1)
+          echo "✓ PR template present"
+
+  test-python:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      - name: Test identity scripts (syntax only)
+        run: |
+          python3 -m py_compile identity/verify_identity.py
+          echo "✓ Python scripts compile successfully"
+      - name: Test scripts with --help (dry run)
+        run: |
+          python3 identity/verify_identity.py --help 2>/dev/null || python3 identity/verify_identity.py 2>&1 | head -20
+          echo "✓ Scripts execute without errors"

docs/README.md

@@ -0,0 +1,20 @@
+# docs/
+
+Documentation for ToadAid Agent0 Core.
+
+## Purpose
+
+This directory contains canonical documentation for:
+- Identity verification workflows
+- Tool usage guides
+- Protocol specifications
+- Quickstart materials for Toadgang members
+
+## Structure
+
+- `IDENTITY_QUICKSTART.md` — Step-by-step identity verification guide
+- Additional guides as the toolkit grows
+
+## Contributing
+
+All documentation changes require PR review per CODEOWNERS.

docs/TOOLING_STANDARD.md

@@ -0,0 +1,157 @@
+# Tooling Standard
+
+Standard CLI contract for ToadAid Agent0 Core tools.
+
+## Design Principles
+
+1. **Read-only by default** — No wallet mutations unless explicitly requested
+2. **Subprocess-safe** — Tools use external CLI (cast, curl) via subprocess
+3. **Clear output** — Structured, parseable, human-readable
+4. **Safe defaults** — Fail closed, warn clearly, require opt-in for risk
+5. **No secrets in code** — Environment variables or secure vaults only
+
+## CLI Contract
+
+Every tool follows this interface:
+
+### Arguments
+
+```bash
+# Primary argument: wallet address
+tool_name 0xWalletAddress [options]
+
+# Flags for alternative modes
+tool_name --show-config      # Display configuration
+tool_name --help             # Usage information
+```
+
+### Exit Codes
+
+| Code | Meaning |
+|------|---------|
+| 0 | Success, expected result |
+| 1 | Error (invalid input, execution failure) |
+| 2 | Warning (low balance, not found) |
+
+### Output Format
+
+```
+=== Header ===
+
+Status: [OK | NOT_FOUND | ERROR]
+Details: Human-readable explanation
+
+Key: Value
+Key: Value
+
+=== Footer ===
+
+Next steps or recommendations
+```
+
+## Subprocess Pattern
+
+Tools use `cast` (Foundry) for onchain reads:
+
+```python
+import subprocess
+
+def call_cast(contract, function, args=None):
+    """Safe cast call wrapper."""
+    cmd = ["cast", "call", contract, function]
+    if args:
+        cmd.extend(args)
+
+    result = subprocess.run(
+        cmd,
+        capture_output=True,
+        text=True,
+        timeout=30
+    )
+
+    if result.returncode != 0:
+        raise RuntimeError(f"cast failed: {result.stderr}")
+
+    return result.stdout.strip()
+```
+
+## Environment Variables
+
+| Variable | Purpose | Required |
+|----------|---------|----------|
+| `ETH_RPC_URL` | Base Mainnet RPC endpoint | Yes |
+| `GITHUB_TOKEN` | For repo operations | For CI only |
+| `PRIVATE_KEY` | **Never stored** | N/A |
+
+## Validation
+
+All addresses validated before use:
+
+```python
+import re
+
+def is_valid_address(addr):
+    """Validate Ethereum address format."""
+    if not addr:
+        return False
+    addr = addr.lower()
+    return bool(re.match(r'^0x[a-f0-9]{40}$', addr))
+```
+
+## Error Handling
+
+- Catch all exceptions
+- Print friendly error message
+- Return exit code 1
+- Never expose stack traces to user
+
+## Testing
+
+Each tool includes:
+- `--dry-run` flag where applicable
+- Mock responses for CI
+- Syntax validation via `py_compile`
+
+## Dependencies
+
+- Python 3.8+
+- `cast` (Foundry CLI)
+- Standard library only (no pip deps for runtime)
+
+## Example
+
+```python
+#!/usr/bin/env python3
+"""Example tool following standard."""
+
+import sys
+import subprocess
+import os
+
+def main():
+    if len(sys.argv) < 2:
+        print("Usage: tool 0xAddress")
+        sys.exit(1)
+
+    addr = sys.argv[1]
+
+    if not is_valid_address(addr):
+        print(f"Error: Invalid address: {addr}")
+        sys.exit(1)
+
+    try:
+        result = call_cast(CONTRACT, "balanceOf(address)", [addr])
+        print(f"Balance: {result}")
+    except Exception as e:
+        print(f"Error: {e}")
+        sys.exit(1)
+
+if __name__ == "__main__":
+    main()
+```
+
+## Future Extensions
+
+- JSON output mode (`--json`)
+- Config file support (`~/.toad/config`)
+- Caching layer for repeated queries

identity/README.md

@@ -0,0 +1,28 @@
+# identity/
+
+Identity verification toolkit for ToadAid ERC-8004 registry.
+
+## Purpose
+
+Tools for verifying and interacting with ToadAid identity infrastructure:
+- Check wallet status in registry
+- Verify MPASS gating requirements
+- Lookup agent metadata
+- Validate registration status
+
+## Tools
+
+- `verify_identity.py` — Check wallet registry status
+- `forge_check.py` — Verify MPASS gating and router configuration
+
+## Contracts (Base Mainnet)
+
+- Registry Proxy: `0x8004A169F84a3325136EB29fA0ceB6D2e539a432`
+- Base Implementation: `0x7274e874CA62410a93Bd8bf61c69d8045E399c02`
+- MPASS Token: Check registry for current gate token
+
+## Safety
+
+- Read-only operations only
+- No wallet connection required
+- Safe defaults on all queries