diff --git a/src/age.rs b/src/age.rs
index bae35d0..62ef14f 100644
--- a/src/age.rs
+++ b/src/age.rs
@@ -378,18 +378,24 @@ pub async fn cmd_age_keygen(server: &Server, name: &str) -> Protocol {
     // Derive X25519 raw (32-byte) keys and encode as base64
     let (xpub_b64, xsec_b64) = derive_x25519_raw_b64_from_ed25519(&signing_key);
 
+    // Decode to create age-formatted strings
+    let xpub_bytes = B64.decode(&xpub_b64).unwrap();
+    let xsec_bytes = B64.decode(&xsec_b64).unwrap();
+    let xpub_arr: [u8; 32] = xpub_bytes.as_slice().try_into().unwrap();
+    let xsec_arr: [u8; 32] = xsec_bytes.as_slice().try_into().unwrap();
+    let recip_str = format!("age1{}", B64.encode(xpub_arr));
+    let ident_str = format!("AGE-SECRET-KEY-1{}", B64.encode(xsec_arr));
+
     // Persist Ed25519 and derived X25519 (key-managed mode)
     if let Err(e) = sset(server, &sign_pub_key_key(name), &verify_b64) { return e.to_protocol(); }
     if let Err(e) = sset(server, &sign_priv_key_key(name), &sign_b64) { return e.to_protocol(); }
     if let Err(e) = sset(server, &enc_pub_key_key(name), &xpub_b64) { return e.to_protocol(); }
     if let Err(e) = sset(server, &enc_priv_key_key(name), &xsec_b64) { return e.to_protocol(); }
 
-    // Return unified 4-tuple
+    // Return [recipient, identity] in age format
     Protocol::Array(vec![
-        Protocol::BulkString(verify_b64),
-        Protocol::BulkString(sign_b64),
-        Protocol::BulkString(xpub_b64),
-        Protocol::BulkString(xsec_b64),
+        Protocol::BulkString(recip_str),
+        Protocol::BulkString(ident_str),
     ])
 }
 
diff --git a/src/cmd.rs b/src/cmd.rs
index 694f6e1..3405f02 100644
--- a/src/cmd.rs
+++ b/src/cmd.rs
@@ -77,7 +77,7 @@ pub enum Cmd {
     AgeSign(String, String),               // signing_secret, message
     AgeVerify(String, String, String),     // verify_pub, message, signature_b64
 
-    // NEW: persistent named-key commands
+    // Persistent named-key commands
     AgeKeygen(String),                     // name
     AgeSignKeygen(String),                 // name
     AgeEncryptName(String, String),        // name, message
@@ -86,7 +86,7 @@ pub enum Cmd {
     AgeVerifyName(String, String, String), // name, message, signature_b64
     AgeList,
 
-    // SYM (symmetric) commands — stateless (Phase 1)
+    // SYM (symmetric) commands — stateless
     // Raw 32-byte key provided as base64; ciphertext returned as base64
     SymKeygen,
     SymEncrypt(String, String),            // key_b64, message
diff --git a/src/lib.rs b/src/lib.rs
index 3042d6d..24a3208 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1,4 +1,4 @@
-pub mod age;   // NEW
+pub mod age;
 pub mod sym;
 pub mod cmd;
 pub mod crypto;
@@ -9,6 +9,6 @@ pub mod rpc;
 pub mod rpc_server;
 pub mod server;
 pub mod storage;
-pub mod storage_trait;  // Add this
-pub mod storage_sled;   // Add this
+pub mod storage_trait;
+pub mod storage_sled;
 pub mod admin_meta;
diff --git a/src/main.rs b/src/main.rs
index 233e675..3a59b09 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -100,7 +100,7 @@ async fn main() {
     tokio::time::sleep(std::time::Duration::from_millis(100)).await;
 
     // Start RPC server if enabled
-    let rpc_handle = if args.enable_rpc {
+    let _rpc_handle = if args.enable_rpc {
         let rpc_addr = format!("127.0.0.1:{}", args.rpc_port).parse().unwrap();
         let base_dir = args.dir.clone();