CIRISAI
diff --git a/‎CHANGELOG.md‎
Lines changed: 36 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎android/app/src/main/python/version.py‎
Lines changed: 1 addition & 1 deletion b/‎android/app/src/main/python/version.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ciris_adapters/ciris_accord_metrics/services.py‎
Lines changed: 12 additions & 2 deletions b/‎ciris_adapters/ciris_accord_metrics/services.py‎
Lines changed: 12 additions & 2 deletions
diff --git a/‎ciris_adapters/ciris_verify/ffi_bindings/client.py‎
Lines changed: 20 additions & 2 deletions b/‎ciris_adapters/ciris_verify/ffi_bindings/client.py‎
Lines changed: 20 additions & 2 deletions
diff --git a/‎ciris_adapters/wallet/providers/x402_provider.py‎
Lines changed: 9 additions & 1 deletion b/‎ciris_adapters/wallet/providers/x402_provider.py‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎ciris_engine/constants.py‎
Lines changed: 2 additions & 2 deletions b/‎ciris_engine/constants.py‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎ciris_engine/logic/adapters/api/app.py‎
Lines changed: 2 additions & 0 deletions b/‎ciris_engine/logic/adapters/api/app.py‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎ciris_engine/logic/adapters/api/routes/my_data.py‎
Lines changed: 49 additions & 5 deletions b/‎ciris_engine/logic/adapters/api/routes/my_data.py‎
Lines changed: 49 additions & 5 deletions
diff --git a/‎ciris_engine/logic/adapters/api/routes/setup/complete.py‎
Lines changed: 30 additions & 15 deletions b/‎ciris_engine/logic/adapters/api/routes/setup/complete.py‎
Lines changed: 30 additions & 15 deletions
@@ -5,6 +5,42 @@ All notable changes to CIRIS Agent will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.3.2] - 2026-04-01
+
+### Added
+
+- **Cross-Platform Test Automation** - HTTP server (Desktop: Ktor CIO, iOS: POSIX sockets) on port 8091
+- **Shared Test Logic** - Test handler models and state in `commonMain` for all KMP targets
+- **Desktop Automation** - `/screenshot` endpoint (java.awt.Robot), `/mouse-click` for dropdowns
+- **Testable UI Elements** - `testableClickable` on provider/model dropdowns and login buttons
+- **Demo Recording** - SwiftCapture integration (`tools/record_demo_clips.py`)
+- **Desktop E2E Test** - Wipe-to-setup test script (`tools/test_desktop_wipe_setup.sh`)
+- **CIRIS Signet** - Login screen displays signet icon instead of plain "C" text
+- **First-Run Welcome** - Localized welcome message for 16 languages
+- **Desktop Restart API** - `postLocalShutdown()` for server restart after wipe
+
+### Fixed
+
+- **Factory Reset Keys** - Preserves signing keys (prevents CIRISVerify FFI crash on restart)
+- **Founding Partnership** - Uses `consent/{wa_id}` matching ConsentService lookups
+- **First Run Detection** - Checks `.env` contents for `CIRIS_CONFIGURED`, not just file existence
+- **CIRISVerify FFI** - Platform-aware suffix ordering (.dylib before .so on macOS)
+- **Config Path** - Standardized to `~/ciris/.env`, removed CWD-based path check
+- **Stale Env Vars** - `CIRIS_CONFIGURED` cleared when `.env` is deleted
+- **Language Rotation** - No longer triggers API sync or pipeline label recomposition
+- **Env Var Prefix** - `CIRIS_` prefix supported by LLM service, main.py, service_initializer
+- **Wizard Skip** - Select step accepts "skip" for optional steps (cameras)
+- **Desktop Wipe** - Server restart via local-shutdown API, repo root data dir detection
+- **Python Runtime** - Empty cognitive_state treated as healthy, not stuck
+- **CIRIS_HOME Detection** - Multi-strategy path probing for Android/iOS (fixes settings persistence)
+- **Message Dedup** - Duplicate user message deduplication window widened to 30 seconds
+- **Location Parsing** - Fixed parsing order to match setup serialization (Country, Region, City)
+- **Coordinate Parsing** - Added error handling for malformed latitude/longitude env values
+
+### Known Issues
+
+- **Wallet Paymaster** - ERC-4337 paymaster sends require deployed smart account; new users may see "account not deployed" errors until smart account factory integration is added (#656)
+
 ## [2.3.1] - 2026-03-30
 
 ### Added
 
@@ -17,7 +17,7 @@
 
 **A type-safe, auditable AI agent framework with built-in ethical reasoning**
 
-**BETA RELEASE 2.3.1-stable** | [Release Notes](CHANGELOG.md) | [Documentation Hub](docs/README.md)
+**BETA RELEASE 2.3.2-stable** | [Release Notes](CHANGELOG.md) | [Documentation Hub](docs/README.md)
 
 CIRIS lets you run AI agents that explain their decisions, defer to humans when uncertain, and maintain complete audit trails. Currently powering Discord community moderation, designed to scale to healthcare and education.
 
 
@@ -7,7 +7,7 @@
 
 # Static version - updated at build time by the Android build process
 # This avoids file-system hashing logic that doesn't work in the Android package
-__version__ = "android-2.3.1"
+__version__ = "android-2.3.2"
 
 
 def get_version() -> str:
 
@@ -503,8 +503,18 @@ def __init__(
         # Coordinates in ISO 6709 decimal degrees format
         lat_str = os.environ.get("CIRIS_USER_LATITUDE", "") if env_share_location else ""
         lon_str = os.environ.get("CIRIS_USER_LONGITUDE", "") if env_share_location else ""
-        self._user_latitude: Optional[float] = float(lat_str) if lat_str else None
-        self._user_longitude: Optional[float] = float(lon_str) if lon_str else None
+        self._user_latitude: Optional[float] = None
+        self._user_longitude: Optional[float] = None
+        if lat_str:
+            try:
+                self._user_latitude = float(lat_str)
+            except ValueError:
+                logger.warning("Invalid CIRIS_USER_LATITUDE value: %s", lat_str)
+        if lon_str:
+            try:
+                self._user_longitude = float(lon_str)
+            except ValueError:
+                logger.warning("Invalid CIRIS_USER_LONGITUDE value: %s", lon_str)
         if self._share_location_in_traces and self._user_location:
             coords = f" ({self._user_latitude}, {self._user_longitude})" if self._user_latitude else ""
             logger.info(f"   Location sharing enabled: {self._user_location}{coords}")
 
@@ -305,13 +305,31 @@ def _find_binary(self, explicit_path: Optional[str]) -> Path:
             if path.exists():
                 return path
 
-        # Also check relative to this module
+        # Also check relative to this module (prefer platform-native suffix)
         module_dir = Path(__file__).parent
-        for suffix in [".so", ".dylib", ".dll"]:
+        platform_suffixes = {
+            "Darwin": [".dylib", ".so"],
+            "Linux": [".so", ".dylib"],
+            "Windows": [".dll"],
+        }
+        suffixes = platform_suffixes.get(system, [".so", ".dylib", ".dll"])
+        for suffix in suffixes:
             candidate = module_dir / f"libciris_verify_ffi{suffix}"
             if candidate.exists():
                 return candidate
 
+        # Check pip-installed ciris_verify package as final fallback
+        try:
+            import ciris_verify as cv_pkg
+            pkg_dir = Path(cv_pkg.__file__).parent
+            for suffix in suffixes:
+                candidate = pkg_dir / f"libciris_verify_ffi{suffix}"
+                if candidate.exists():
+                    logger.info(f"[CIRISVerify] Using pip-installed library: {candidate}")
+                    return candidate
+        except (ImportError, AttributeError):
+            pass
+
         raise BinaryNotFoundError(f"Searched: {paths}")
 
     def _verify_binary_integrity(self) -> None:
 
@@ -717,10 +717,18 @@ async def _send_usdc_via_paymaster(self, recipient: str, amount: Decimal) -> str
         )
 
         # Create initial UserOperation (without gas estimates)
+        # FIXME: P1 - Smart account deployment issue
+        # The current implementation assumes self._evm_address is an already-deployed
+        # ERC-4337 smart account, but it's actually just an EOA derived from CIRISVerify.
+        # For new users, bundlers will reject with "account not deployed" because:
+        #   1. sender should be the counterfactual smart account address (from factory)
+        #   2. init_code should contain factory + init calldata for first deployment
+        # Fix requires: smart account factory integration, address computation, and
+        # tracking deployment state. See issue: CIRISAI/CIRISAgent#656
         user_op = UserOperation(
             sender=self._evm_address,
             nonce=hex(nonce),
-            init_code="0x",  # Account already deployed
+            init_code="0x",  # FIXME: Need init_code for undeployed accounts
             call_data="0x" + call_data.hex(),
             call_gas_limit=hex(200000),  # Initial estimate
             verification_gas_limit=hex(100000),
 
@@ -3,11 +3,11 @@
 from pathlib import Path
 
 # Version information
-CIRIS_VERSION = "2.3.1-stable"
+CIRIS_VERSION = "2.3.2-stable"
 ACCORD_VERSION = "1.2-Beta"
 CIRIS_VERSION_MAJOR = 2
 CIRIS_VERSION_MINOR = 3
-CIRIS_VERSION_PATCH = 1
+CIRIS_VERSION_PATCH = 2
 CIRIS_VERSION_BUILD = 0
 CIRIS_VERSION_STAGE = "stable"
 CIRIS_CODENAME = "Context Engineering"  # Codename for this release
 
@@ -52,6 +52,8 @@ async def lifespan(app: FastAPI) -> AsyncIterator[None]:
     """Manage application lifecycle."""
     # Startup
     print("Starting CIRIS API...")
+    # Note: Founding partnership reconciliation is handled by config_migration.py
+    # during runtime initialization (PARTNERSHIP_MIGRATION step).
     yield
     # Shutdown
     print("Shutting down CIRIS API...")
 
@@ -175,45 +175,84 @@ def _get_agent_id(request: Request) -> Optional[str]:
     """Get the current agent ID from runtime.
 
     Checks multiple paths since identity may be populated at different stages.
+    The signing key (via CIRISVerify) is always available and provides a
+    deterministic agent identifier, so this function should never return None.
     """
     runtime = getattr(request.app.state, "runtime", None)
     if not runtime:
-        logger.debug("_get_agent_id: No runtime in app.state")
+        logger.error(
+            "_get_agent_id: runtime MISSING from app.state! "
+            f"app.state attrs: {[a for a in dir(request.app.state) if not a.startswith('_')]}"
+        )
         return None
 
     # Primary path: runtime.agent_identity.agent_id
     identity = getattr(runtime, "agent_identity", None)
     if identity and hasattr(identity, "agent_id"):
         agent_id = identity.agent_id
         if agent_id is not None:
+            logger.debug(f"_get_agent_id: Found via runtime.agent_identity: {agent_id}")
             return str(agent_id)
+        else:
+            logger.debug("_get_agent_id: runtime.agent_identity exists but agent_id is None")
+    else:
+        logger.debug(
+            f"_get_agent_id: runtime.agent_identity not available "
+            f"(identity={identity}, type={type(identity).__name__ if identity else 'None'})"
+        )
 
     # Fallback: identity_manager.agent_identity
     identity_mgr = getattr(runtime, "identity_manager", None)
     if identity_mgr:
         mgr_identity = getattr(identity_mgr, "agent_identity", None)
         if mgr_identity and hasattr(mgr_identity, "agent_id") and mgr_identity.agent_id:
+            logger.debug(f"_get_agent_id: Found via identity_manager: {mgr_identity.agent_id}")
             return str(mgr_identity.agent_id)
+        else:
+            logger.debug(
+                f"_get_agent_id: identity_manager exists but no agent_id "
+                f"(mgr_identity={mgr_identity is not None})"
+            )
 
     # Fallback: essential_config.agent_name (always set)
     essential = getattr(runtime, "essential_config", None)
     if essential:
         agent_name = getattr(essential, "agent_name", None)
         if agent_name:
-            logger.debug(f"_get_agent_id: Using essential_config.agent_name={agent_name}")
+            logger.info(f"_get_agent_id: Using essential_config.agent_name={agent_name}")
             return str(agent_name)
+        else:
+            logger.debug("_get_agent_id: essential_config exists but agent_name is None/empty")
+    else:
+        logger.debug("_get_agent_id: no essential_config on runtime")
 
     # Legacy fallback
     legacy = getattr(runtime, "agent_id", None)
     if legacy:
+        logger.debug(f"_get_agent_id: Using legacy runtime.agent_id={legacy}")
         return str(legacy)
 
-    logger.warning(
-        "_get_agent_id: Could not determine agent_id. "
+    # Signing key fallback: key_id is always available (deterministic from Ed25519 pubkey)
+    try:
+        from ciris_engine.logic.audit.signing_protocol import get_unified_signing_key
+
+        unified_key = get_unified_signing_key()
+        if unified_key.has_key:
+            key_id = unified_key.key_id
+            logger.info(f"_get_agent_id: Using signing key key_id={key_id}")
+            return key_id
+        else:
+            logger.warning("_get_agent_id: Signing key exists but has_key=False")
+    except Exception as e:
+        logger.error(f"_get_agent_id: Signing key fallback FAILED: {e}", exc_info=True)
+
+    logger.error(
+        "_get_agent_id: ALL fallbacks exhausted! Could not determine agent_id. "
         f"runtime={type(runtime).__name__}, "
         f"has_identity={identity is not None}, "
         f"has_identity_mgr={identity_mgr is not None}, "
-        f"has_essential={essential is not None}"
+        f"has_essential={essential is not None}, "
+        f"runtime_attrs={[a for a in dir(runtime) if not a.startswith('_') and 'agent' in a.lower()]}"
     )
     return None
 
@@ -297,8 +336,13 @@ async def get_lens_identifier(
 
     This is a self-service endpoint — no admin approval needed.
     """
+    logger.info("[lens-identifier] Request received, resolving agent_id...")
     agent_id = _get_agent_id(request)
     if not agent_id:
+        logger.error(
+            "[lens-identifier] agent_id could not be resolved! "
+            "This should never happen — the signing key is always available."
+        )
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND,
             detail="Agent identity not available. The agent may not be fully initialized.",
 
@@ -194,7 +194,7 @@ async def _ensure_system_wa(auth_service: Any) -> None:
         logger.warning("⚠️ Could not create system WA - deferral handling may not work")
 
 
-def _create_founding_partnership(user_id: str) -> None:
+def _create_founding_partnership(wa_id: str) -> None:
     """Create a default PARTNERED consent record for the setup user.
 
     The user who completes the setup wizard has explicitly consented by
@@ -203,8 +203,11 @@ def _create_founding_partnership(user_id: str) -> None:
     ("Your growth supports mine").  This is configured consistency, not
     bypassed safeguards (see COGNITIVE_STATE_BEHAVIORS FSD).
 
-    Creates a GraphNode with type=CONSENT and stream=PARTNERED, mirroring
-    the pattern used by _handle_partnership_accept() in partnership.py.
+    Creates a GraphNode with type=CONSENT using the consent/{wa_id}
+    pattern that matches the ConsentService lookups.
+
+    Args:
+        wa_id: The WA certificate ID (e.g., "wa-2026-04-01-337AE1")
     """
     from ciris_engine.logic.persistence import add_graph_node
     from ciris_engine.logic.services.lifecycle.time.service import TimeService
@@ -214,7 +217,7 @@ def _create_founding_partnership(user_id: str) -> None:
     now = datetime.now(timezone.utc)
 
     partnered_status = ConsentStatus(
-        user_id=user_id,
+        user_id=wa_id,
         stream=ConsentStream.PARTNERED,
         categories=[
             ConsentCategory.INTERACTION,
@@ -228,11 +231,16 @@ def _create_founding_partnership(user_id: str) -> None:
         attribution_count=0,
     )
 
+    # ConsentService stores nodes as consent/{user_id} where user_id = wa_id
+    # The consent status API uses auth.user_id (bare wa_id from token)
+    node_id = f"consent/{wa_id}"
+
     node = GraphNode(
-        id=f"consent/{user_id}",
+        id=node_id,
         type=NodeType.CONSENT,
         scope=GraphScope.LOCAL,
         attributes={
+            "user_id": f"user/{wa_id}",
             "stream": (
                 partnered_status.stream.value if hasattr(partnered_status.stream, "value") else partnered_status.stream
             ),
@@ -252,7 +260,9 @@ def _create_founding_partnership(user_id: str) -> None:
 
     time_service = TimeService()
     add_graph_node(node, time_service, None)
-    logger.info(f"✅ Founding partnership created for setup user: {user_id}")
+    print(f"[SETUP_COMPLETE] ✅ Founding partnership created: {node_id} (PARTNERED)")
+    logger.info(f"✅ Founding partnership created for setup user: {node_id}")
+
 
 
 def _store_user_preferences(user_id: str, setup: SetupCompleteRequest) -> None:
@@ -377,15 +387,12 @@ async def _create_setup_users(setup: SetupCompleteRequest, auth_db_path: str) ->
 
         # Create founding partnership for setup user — the user consented by
         # completing setup, the agent's consent is configured in its template
-        # Use canonical user ID: for OAuth users it's "provider:external_id", for local users it's the username
-        if setup.oauth_provider and setup.oauth_external_id:
-            canonical_user_id = f"{setup.oauth_provider}:{setup.oauth_external_id}"
-        else:
-            canonical_user_id = setup.admin_username
-        _create_founding_partnership(canonical_user_id)
+        # Use wa_id as the consent node ID (matches consent_user/{wa_id} pattern
+        # used by the consent status API and consent service)
+        _create_founding_partnership(wa_cert.wa_id)
 
-        # Store user preferences (language & location) in graph memory
-        _store_user_preferences(canonical_user_id, setup)
+        # Store user preferences keyed by wa_id for consistency
+        _store_user_preferences(wa_cert.wa_id, setup)
 
         # Ensure system WA exists
         await _ensure_system_wa(auth_service)
@@ -760,7 +767,15 @@ async def complete_setup(setup: SetupCompleteRequest, request: Request) -> Succe
         logger.info(f"Using runtime audit database: {auth_db_path}")
 
         # Create users immediately (don't wait for restart)
-        await _create_setup_users(setup, auth_db_path)
+        print(f"[SETUP_COMPLETE] Calling _create_setup_users(username={setup.admin_username}, db={auth_db_path})")
+        try:
+            await _create_setup_users(setup, auth_db_path)
+            print("[SETUP_COMPLETE] _create_setup_users completed successfully")
+        except Exception as user_err:
+            print(f"[SETUP_COMPLETE] _create_setup_users FAILED: {user_err}")
+            import traceback
+            traceback.print_exc()
+            raise
 
         # Reload user cache in APIAuthService to pick up newly created users
         auth_service = getattr(request.app.state, "auth_service", None)