From 5af87c175a35a85533872ab2bf6ce17ba347a6ab Mon Sep 17 00:00:00 2001
From: Harald Roessler <harald.roessler@dsncon.com>
Date: Wed, 1 Apr 2026 15:33:51 +0700
Subject: [PATCH] fix: persist Moltbook auth DIDs and deduplicate by
 moltbook_id

The /auth/moltbook endpoint generated a new random DID on every call
without storing it, creating orphan DIDs that could never be used with
other endpoints. Repeated auth calls for the same user returned
different DIDs each time.

Now looks up existing agent by moltbook_id (stored as display_name with
platform='moltbook'). Returns the same DID on repeated auth. Only
creates a new agent on first authentication.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 app/main.py | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/app/main.py b/app/main.py
index 4e6c1b9..1d2411e 100644
--- a/app/main.py
+++ b/app/main.py
@@ -812,12 +812,35 @@ async def auth_with_moltbook(request: Request, body: MoltbookAuthRequest):
     if not data.get("valid"):
         raise HTTPException(401, "Token not valid")
     agent = data.get("agent", {})
+    moltbook_id = str(agent.get("id", ""))[:64]
+    display_name = str(agent.get("name", ""))[:64]
+    karma = agent.get("karma", 0)
+
+    # Look up existing agent by moltbook_id, or register a new one
+    agent_did = None
+    if db_pool and moltbook_id:
+        async with db_pool.acquire() as conn:
+            row = await conn.fetchrow(
+                "SELECT did FROM agents WHERE platform = 'moltbook' AND display_name = $1",
+                moltbook_id
+            )
+            if row:
+                agent_did = row["did"]
+            else:
+                agent_did = f"did:moltrust:{uuid.uuid4().hex[:16]}"
+                await conn.execute(
+                    "INSERT INTO agents (did, display_name, platform, agent_type, created_at) VALUES ($1, $2, 'moltbook', 'external', $3)",
+                    agent_did, moltbook_id, datetime.datetime.utcnow()
+                )
+    if not agent_did:
+        agent_did = f"did:moltrust:{uuid.uuid4().hex[:16]}"
+
     return {
         "status": "authenticated",
-        "moltbook_id": str(agent.get("id", ""))[:64],
-        "name": str(agent.get("name", ""))[:64],
-        "karma": agent.get("karma", 0),
-        "moltrust_did": f"did:moltrust:{uuid.uuid4().hex[:16]}"
+        "moltbook_id": moltbook_id,
+        "name": display_name,
+        "karma": karma,
+        "moltrust_did": agent_did
     }
 
 @app.get("/identity/verify/{did}")