6 files changed, 190 insertions, 4 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 37200c9..182fb6c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+- `ngit account whoami` — show the currently logged-in account(s)
 - `ngit pr` subcommand group: `list`, `view`, `checkout`, `apply`, `send`, `close`, `reopen`, `ready`, `comment`, `merge`; replaces the former top-level `ngit list`, `ngit checkout`, and `ngit apply` commands (hard-migrated); `ngit send` remains at the top level unchanged
 - `ngit pr view <id>` — view a PR with its full details and all comments (author, timestamp, body) in chronological order
 - `ngit pr close <id>` / `ngit pr reopen <id>` — change PR status (author or maintainer only)
@@ -143,7 +144,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 - **Pull Requests Support**: Introduced complete PR functionality for large contributions that would be too big for relays as patches:
-
   - Generate PR events for oversized patches automatically
   - Support PR updates and PR as patch revision
   - List open/draft proposals on repo relays/servers as `pr/*` branches and all proposals as `refs/pr/*` and `refs/pr/pr-by-id/head`
@@ -154,12 +154,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **NIP-22 Status Events Support**: Read and process NIP-22 style status events for proposals and PRs
 
 - **ngit sync command**: New command to synchronize git servers with nostr state
-
   - Optional `--force` flag for forced synchronization eg deleting refs on non-GRASP servers
   - `--ref-name` parameter to limit sync to a single reference
 
 - **ngit init improvements** (simple model for non-grasp servers):
-
   - Use user's grasp list for defaults instead of hardcoded options
   - List and allow selection/deselection of non-grasp servers
   - Check and fetch origin refs when missing locally
diff --git a/skills/ngit/SKILL.md b/skills/ngit/SKILL.md
index 6da6305..7621086 100644
--- a/skills/ngit/SKILL.md
+++ b/skills/ngit/SKILL.md
@@ -143,6 +143,8 @@ ngit issue reopen <ID|nevent>
 ## Account management
 
 ```bash
+ngit account whoami --json
+ngit account whoami --json --offline          # use cache, no network
 ngit account login                            # interactive, stores nsec in global git config
 ngit account login --bunker-url bunker://...  # NIP-46 remote signer
 ngit account login --local                    # this repo only
diff --git a/src/bin/ngit/cli.rs b/src/bin/ngit/cli.rs
index 5feaf31..ccf25bb 100644
--- a/src/bin/ngit/cli.rs
+++ b/src/bin/ngit/cli.rs
@@ -143,6 +143,8 @@ pub enum AccountCommands {
     ExportKeys,
     /// create a new nostr account
     Create(sub_commands::create::SubCommandArgs),
+    /// show currently logged-in account(s)
+    Whoami(sub_commands::whoami::SubCommandArgs),
 }
 
 #[derive(clap::Parser)]
@@ -158,7 +160,7 @@ pub struct RepoSubCommandArgs {
     /// Use local cache only, skip network fetch
     #[arg(long)]
     pub offline: bool,
-    /// Output repository info as JSON; is_nostr_repo is false when not in a nostr repository
+    /// Output repository info as JSON; `is_nostr_repo` is false when not in a nostr repository
     #[arg(long)]
     pub json: bool,
 }
diff --git a/src/bin/ngit/main.rs b/src/bin/ngit/main.rs
index 8f3b0da..6a5a8f0 100644
--- a/src/bin/ngit/main.rs
+++ b/src/bin/ngit/main.rs
@@ -48,6 +48,9 @@ async fn main() {
                 AccountCommands::Create(sub_args) => {
                     sub_commands::create::launch(&cli, sub_args).await
                 }
+                AccountCommands::Whoami(sub_args) => {
+                    sub_commands::whoami::launch(&cli, sub_args).await
+                }
             },
             Commands::Init(args) => sub_commands::init::launch(&cli, args).await,
             Commands::Repo(args) => {
diff --git a/src/bin/ngit/sub_commands/mod.rs b/src/bin/ngit/sub_commands/mod.rs
index 60dc413..c4d0821 100644
--- a/src/bin/ngit/sub_commands/mod.rs
+++ b/src/bin/ngit/sub_commands/mod.rs
@@ -15,3 +15,4 @@ pub mod pr_status;
 pub mod repo;
 pub mod send;
 pub mod sync;
+pub mod whoami;
diff --git a/src/bin/ngit/sub_commands/whoami.rs b/src/bin/ngit/sub_commands/whoami.rs
new file mode 100644
index 0000000..be79c79
--- /dev/null
+++ b/src/bin/ngit/sub_commands/whoami.rs
@@ -0,0 +1,180 @@
+use anyhow::{Context, Result};
+use ngit::{
+    client::Params,
+    login::{
+        SignerInfoSource,
+        existing::{get_signer_info, load_existing_login},
+    },
+};
+use nostr_sdk::ToBech32;
+use serde::Serialize;
+
+use crate::{
+    cli::{Cli, extract_signer_cli_arguments},
+    client::{Client, Connect},
+    git::Repo,
+};
+
+#[derive(clap::Args)]
+pub struct SubCommandArgs {
+    /// use local cache only, skip network fetch
+    #[arg(long, action)]
+    pub offline: bool,
+
+    /// output as JSON
+    #[arg(long, action)]
+    pub json: bool,
+}
+
+#[derive(Serialize)]
+struct UserJson {
+    name: String,
+    npub: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    nip05: Option<String>,
+    scope: String,
+}
+
+#[derive(Serialize)]
+struct WhoamiJson {
+    #[serde(skip_serializing_if = "Option::is_none")]
+    local: Option<UserJson>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    global: Option<UserJson>,
+    /// The account that would be used for operations in the current context
+    /// (local takes priority over global).
+    #[serde(skip_serializing_if = "Option::is_none")]
+    active: Option<UserJson>,
+}
+
+pub async fn launch(args: &Cli, command_args: &SubCommandArgs) -> Result<()> {
+    let git_repo = Repo::discover()
+        .context("failed to find a git repository")
+        .ok();
+
+    let client = if command_args.offline {
+        None
+    } else {
+        Some(Client::new(Params::with_git_config_relay_defaults(
+            &git_repo.as_ref(),
+        )))
+    };
+
+    let signer_info = extract_signer_cli_arguments(args).unwrap_or(None);
+
+    // Try to load local login (silent, no prompts)
+    let local = load_user_for_scope(
+        git_repo.as_ref(),
+        signer_info.as_ref(),
+        client.as_ref(),
+        SignerInfoSource::GitLocal,
+    )
+    .await;
+
+    // Try to load global login (silent, no prompts)
+    let global = load_user_for_scope(
+        git_repo.as_ref(),
+        signer_info.as_ref(),
+        client.as_ref(),
+        SignerInfoSource::GitGlobal,
+    )
+    .await;
+
+    if let Some(client) = client {
+        client.disconnect().await?;
+    }
+
+    if command_args.json {
+        // active = local if present, else global
+        let active = local
+            .as_ref()
+            .map(|u| make_user_json(u, "local"))
+            .or_else(|| global.as_ref().map(|u| make_user_json(u, "global")));
+
+        let output = WhoamiJson {
+            local: local.as_ref().map(|u| make_user_json(u, "local")),
+            global: global.as_ref().map(|u| make_user_json(u, "global")),
+            active,
+        };
+        println!("{}", serde_json::to_string_pretty(&output)?);
+    } else {
+        match (local.as_ref(), global.as_ref()) {
+            (None, None) => {
+                println!("not logged in");
+                println!();
+                println!("use `ngit account login` to log in");
+            }
+            (Some(u), None) => {
+                println!("logged in to local repository as:");
+                print_user_human(u);
+            }
+            (None, Some(u)) => {
+                println!("logged in globally as:");
+                print_user_human(u);
+            }
+            (Some(local_u), Some(global_u)) => {
+                println!("local (active):");
+                print_user_human(local_u);
+                println!();
+                println!("global:");
+                print_user_human(global_u);
+            }
+        }
+    }
+
+    Ok(())
+}
+
+fn make_user_json(u: &(String, String, Option<String>), scope: &str) -> UserJson {
+    UserJson {
+        name: u.0.clone(),
+        npub: u.1.clone(),
+        nip05: u.2.clone(),
+        scope: scope.to_string(),
+    }
+}
+
+fn print_user_human(u: &(String, String, Option<String>)) {
+    let (name, npub, nip05) = u;
+    println!("  name: {name}");
+    println!("  npub: {npub}");
+    if let Some(nip05) = nip05 {
+        println!("  nip05: {nip05}");
+    }
+}
+
+/// Attempt to silently load a user from a specific config scope.
+/// Returns `Some((name, npub, nip05))` on success, `None` if not logged in
+/// via that scope or if the scope requires a password prompt (ncryptsec).
+async fn load_user_for_scope(
+    git_repo: Option<&Repo>,
+    signer_info: Option<&ngit::login::SignerInfo>,
+    client: Option<&Client>,
+    source: SignerInfoSource,
+) -> Option<(String, String, Option<String>)> {
+    // First verify signer info exists for this scope without building a full
+    // signer — avoids triggering password prompts for ncryptsec.
+    if get_signer_info(&git_repo, &signer_info.cloned(), &None, &Some(source.clone())).is_err() {
+        return None;
+    }
+
+    let result = load_existing_login(
+        &git_repo,
+        &signer_info.cloned(),
+        &None,
+        &Some(source),
+        client,
+        true,  // silent — don't print "logged in as"
+        false, // don't prompt for password (ncryptsec users get None here)
+        false, // don't force a relay fetch if already cached
+    )
+    .await;
+
+    match result {
+        Ok((_, user_ref, _)) => {
+            let npub = user_ref.public_key.to_bech32().ok()?;
+            Some((user_ref.metadata.name, npub, user_ref.metadata.nip05))
+        }
+        Err(_) => None,
+    }
+}