feat: add support for environment-based identity configuration and implement client-side identity caching

[ankitranjan7]

Description

Adds env-backed identity loading so Authsome can sign requests without requiring persisted ~/.authsome/client/identities/* files on disk.

The client now:

• reads AUTHSOME_IDENTITY and AUTHSOME_IDENTITY_PRIVATE_KEY first
• derives the did:key from the env private key
• falls back to the existing filesystem-backed identity behavior when env vars are absent
• caches claimed env-backed identities in the API client to avoid repeated registration work in long-lived processes

It also documents the new env-based setup for ephemeral agents and CI runners.

Motivation and Context

This solves the portability gap for ephemeral agents, containers, CI runners, and new machines. Previously, an identity only existed as local key/metadata files tied to one machine. With this change, the acting identity can be supplied from environment variables, similar to how the vault master key already supports env-first resolution.

How Has This Been Tested?

Tested with:

• uv run ruff check --fix src/ tests/
• uv run ty check src/
• uv run pytest
• uv tool run pre-commit run --all-files

Added coverage for:

• env identity taking precedence over filesystem identity
• env private key loading
• validation failure when private key is set without a handle
• caching of env-backed identity state after claim/registration

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the code style of this project.
• I have read the CONTRIBUTING document.
• All new and existing tests passed.

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
agentr	🟢 Ready	View Preview	May 21, 2026, 2:37 PM

💡 Tip: Enable Workflows to automatically generate PRs for you.