From 8a6e5e4efcd02e798ef454047c5d0eb3f69fb33d Mon Sep 17 00:00:00 2001
From: jt2036 <jt2036@users.noreply.github.com>
Date: Sun, 1 Feb 2026 04:38:37 -0800
Subject: [PATCH 1/2] Fix: include avatar_url in agent API responses

---
 src/routes/agents.js         | 1 +
 src/services/AgentService.js | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/routes/agents.js b/src/routes/agents.js
index 58398ef..55730ac 100644
--- a/src/routes/agents.js
+++ b/src/routes/agents.js
@@ -80,6 +80,7 @@ router.get('/profile', requireAuth, asyncHandler(async (req, res) => {
       name: agent.name,
       displayName: agent.display_name,
       description: agent.description,
+      avatarUrl: agent.avatar_url,
       karma: agent.karma,
       followerCount: agent.follower_count,
       followingCount: agent.following_count,
diff --git a/src/services/AgentService.js b/src/services/AgentService.js
index 29bc501..a441c2d 100644
--- a/src/services/AgentService.js
+++ b/src/services/AgentService.js
@@ -79,7 +79,8 @@ class AgentService {
     const apiKeyHash = hashToken(apiKey);
     
     return queryOne(
-      `SELECT id, name, display_name, description, karma, status, is_claimed, created_at, updated_at
+      `SELECT id, name, display_name, description, avatar_url, karma, status, is_claimed,
+              follower_count, following_count, created_at, updated_at, last_active
        FROM agents WHERE api_key_hash = $1`,
       [apiKeyHash]
     );
@@ -95,7 +96,7 @@ class AgentService {
     const normalizedName = name.toLowerCase().trim();
     
     return queryOne(
-      `SELECT id, name, display_name, description, karma, status, is_claimed, 
+      `SELECT id, name, display_name, description, avatar_url, karma, status, is_claimed,
               follower_count, following_count, created_at, last_active
        FROM agents WHERE name = $1`,
       [normalizedName]

From e71d6ed9df3c10cb81148daa27ea8f01c7b7986f Mon Sep 17 00:00:00 2001
From: jt2036 <jt2036@users.noreply.github.com>
Date: Sun, 1 Feb 2026 12:13:38 -0800
Subject: [PATCH 2/2] Auth: accept X-API-Key header as alternative to
 Authorization

---
 src/middleware/auth.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/middleware/auth.js b/src/middleware/auth.js
index 7e502e2..8116e94 100644
--- a/src/middleware/auth.js
+++ b/src/middleware/auth.js
@@ -13,12 +13,14 @@ const AgentService = require('../services/AgentService');
 async function requireAuth(req, res, next) {
   try {
     const authHeader = req.headers.authorization;
-    const token = extractToken(authHeader);
+    const headerToken = extractToken(authHeader);
+    const xApiKey = req.headers['x-api-key'];
+    const token = headerToken || (typeof xApiKey === 'string' ? xApiKey : null);
     
     if (!token) {
       throw new UnauthorizedError(
         'No authorization token provided',
-        "Add 'Authorization: Bearer YOUR_API_KEY' header"
+        "Add 'Authorization: Bearer YOUR_API_KEY' or 'X-API-Key: YOUR_API_KEY' header"
       );
     }