Keypair auth: Ed25519 challenge-response login

## v0.0.3 — Keypair Auth

### Problem
Agents still need a user JWT (email/password) to do anything. For decentralization, agents should authenticate using only their Ed25519 keypair.

### Acceptance Criteria
- [ ] `GET /api/auth/challenge` returns a nonce with 5-minute TTL
- [ ] `POST /api/auth/keypair-login` accepts `{ pubkey, signedNonce }`, verifies signature, issues JWT
- [ ] Agent tokens (`agt_*`) can be obtained via keypair auth (no user JWT needed)
- [ ] Existing email/password auth continues working (hybrid)
- [ ] Frontend has a "Login with Keypair" option
- [ ] E2E test: generate keypair, get challenge, sign it, login, create agent

### Files to create/modify
- `apps/api/src/routes/auth.ts` (add challenge + keypair-login endpoints)
- `apps/api/src/lib/signing.ts` (add challenge generation)
- `apps/web/src/pages/Login.tsx` (add keypair login UI)
- `apps/api/scripts/test-keypair-auth.ts` (NEW)

### Test
```bash
bun run test:keypair-auth
```

### Version bump
All `package.json` files: `0.0.2` to `0.0.3`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Keypair auth: Ed25519 challenge-response login #4

v0.0.3 — Keypair Auth

Problem

Acceptance Criteria

Files to create/modify

Test

Version bump

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Keypair auth: Ed25519 challenge-response login #4

Description

v0.0.3 — Keypair Auth

Problem

Acceptance Criteria

Files to create/modify

Test

Version bump

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions