@0xwork/cli 1.0.0 → 1.0.2

package/bin/0xwork.js

@@ -1,10 +1,5 @@
 #!/usr/bin/env node
 'use strict';
 
-const program = require('../src/index');
-const { normalizeError } = require('../src/sdk');
-const { fail } = require('../src/output');
-
-program.parseAsync(process.argv).catch((err) => {
-  fail(normalizeError(err));
-});
+const program = require('../src/index.js');
+program.parseAsync(process.argv);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@0xwork/cli",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "0xWork CLI — AI agents earn money on-chain. Discover tasks, claim work, submit deliverables, earn USDC.",
   "bin": {
     "0xwork": "./bin/0xwork.js"
@@ -21,7 +21,7 @@
     "ora": "^5.4.1"
   },
   "peerDependencies": {
-    "@0xwork/sdk": ">=0.5.0"
+    "@0xwork/sdk": "^0.5.3"
   },
   "keywords": [
     "0xwork",

package/src/auth-fetch.js

@@ -0,0 +1,98 @@
+'use strict';
+
+/**
+ * Authenticated API requests for the 0xWork CLI.
+ *
+ * Signs requests with the wallet's private key using EIP-191,
+ * matching the auth pattern the frontend uses. Requires PRIVATE_KEY.
+ */
+
+const crypto = require('crypto');
+const config = require('./config');
+const { getEthers } = require('./sdk');
+const { fetchWithTimeout } = require('./http');
+
+/**
+ * Make an authenticated API request.
+ *
+ * @param {string} method - HTTP method (GET, POST, PUT, DELETE)
+ * @param {string} path   - API path (e.g. /agents/3/services)
+ * @param {object} [body] - Request body (for POST/PUT)
+ * @returns {Promise<object>} Parsed JSON response
+ * @throws {Error} On auth failure, network error, or non-2xx response
+ */
+async function authFetch(method, path, body) {
+  if (!config.PRIVATE_KEY) {
+    throw new Error('PRIVATE_KEY required for authenticated requests. Set it in .env');
+  }
+
+  const ethers = getEthers();
+  const wallet = new ethers.Wallet(config.PRIVATE_KEY);
+  const address = wallet.address;
+
+  // Build signed message — same shape as frontend authHeaders()
+  const message = JSON.stringify({
+    ...(body || {}),
+    timestamp: Date.now(),
+    nonce: crypto.randomBytes(16).toString('hex'),
+    method: method.toUpperCase(),
+    path,
+  });
+
+  const signature = await wallet.signMessage(message);
+
+  const url = `${config.API_URL}${path}`;
+  const fetchOpts = {
+    method: method.toUpperCase(),
+    headers: {
+      'Content-Type': 'application/json',
+      'x-wallet-address': address,
+      'x-signature': signature,
+      'x-message': message,
+    },
+  };
+
+  if (body && ['POST', 'PUT', 'PATCH'].includes(method.toUpperCase())) {
+    fetchOpts.body = JSON.stringify(body);
+  }
+
+  const resp = await fetchWithTimeout(url, fetchOpts);
+  const data = await resp.json();
+
+  if (!resp.ok) {
+    throw new Error(data.error || `API returned ${resp.status}`);
+  }
+
+  return data;
+}
+
+/**
+ * Resolve the agent's chain_agent_id from the wallet address.
+ * Needed because service/portfolio/contact endpoints use the agent's ID.
+ *
+ * @returns {Promise<{agentId: string, agent: object}>}
+ */
+async function resolveMyAgent() {
+  const ethers = getEthers();
+  if (!config.PRIVATE_KEY) {
+    throw new Error('PRIVATE_KEY required. Set it in .env');
+  }
+
+  const wallet = new ethers.Wallet(config.PRIVATE_KEY);
+  const address = wallet.address;
+
+  const resp = await fetchWithTimeout(`${config.API_URL}/agents/${address}`);
+  if (!resp.ok) {
+    throw new Error('Agent not found for this wallet. Register first: 0xwork register --name="..."');
+  }
+
+  const data = await resp.json();
+  const agent = data.agent;
+  if (!agent || !agent.chain_agent_id) {
+    throw new Error('Agent not found for this wallet. Register first: 0xwork register --name="..."');
+  }
+
+  return { agentId: String(agent.chain_agent_id), agent };
+}
+
+module.exports = { authFetch, resolveMyAgent };

package/src/commands/contact.js

@@ -0,0 +1,191 @@
+'use strict';
+
+const chalk = require('chalk');
+const config = require('../config');
+const { normalizeError } = require('../sdk');
+const { success, fail, header, keyValue, blank, hint } = require('../output');
+const { createSpinner } = require('../spinner');
+const { fetchWithTimeout } = require('../http');
+const { authFetch, resolveMyAgent } = require('../auth-fetch');
+
+const VALID_TYPES = ['telegram', 'discord', 'x', 'email', 'custom'];
+
+const TYPE_LABELS = {
+  telegram: 'Telegram',
+  discord: 'Discord',
+  x: 'X / Twitter',
+  email: 'Email',
+  custom: 'Custom Link',
+};
+
+const TYPE_COLORS = {
+  telegram: chalk.hex('#26A5E4'),
+  discord: chalk.hex('#5865F2'),
+  x: chalk.white,
+  email: chalk.hex('#ff5e00'),
+  custom: chalk.hex('#a855f7'),
+};
+
+function register(program) {
+  const cmd = program
+    .command('contact')
+    .description('Manage your agent\'s contact links (Telegram, Discord, X, email)');
+
+  // ─── contact add ──────────────────────────────────────────────
+  cmd
+    .command('add')
+    .description('Add a contact link')
+    .requiredOption('--type <type>', `Contact type: ${VALID_TYPES.join(', ')}`)
+    .requiredOption('--value <value>', 'Handle, URL, or email address')
+    .option('--label <text>', 'Display label override')
+    .action(async (opts) => {
+      try {
+        await runAdd(opts);
+      } catch (err) {
+        fail(normalizeError(err));
+      }
+    });
+
+  // ─── contact list ─────────────────────────────────────────────
+  cmd
+    .command('list')
+    .description('List your contact links')
+    .option('--address <addr>', 'View another agent\'s contact links')
+    .action(async (opts) => {
+      try {
+        await runList(opts);
+      } catch (err) {
+        fail(normalizeError(err));
+      }
+    });
+
+  // ─── contact remove ───────────────────────────────────────────
+  cmd
+    .command('remove <id>')
+    .description('Remove a contact link')
+    .action(async (id) => {
+      try {
+        await runRemove(id);
+      } catch (err) {
+        fail(normalizeError(err));
+      }
+    });
+}
+
+// ─── Implementations ────────────────────────────────────────────────
+
+async function runAdd(opts) {
+  if (!VALID_TYPES.includes(opts.type)) {
+    fail(`Invalid contact type: "${opts.type}"`, { suggestion: `Valid: ${VALID_TYPES.join(', ')}` });
+  }
+
+  const spinner = createSpinner('Adding contact link…');
+  spinner.start();
+
+  const { agentId } = await resolveMyAgent();
+
+  const body = {
+    type: opts.type,
+    value: opts.value,
+    label: opts.label || null,
+  };
+
+  const data = await authFetch('POST', `/agents/${agentId}/contacts`, body);
+
+  spinner.succeed('Contact link added');
+
+  const contact = data.contact;
+  const colorFn = TYPE_COLORS[contact.type] || chalk.white;
+  const label = contact.label || TYPE_LABELS[contact.type] || contact.type;
+
+  success({
+    command: 'contact add',
+    contactId: contact.id,
+    type: contact.type,
+    value: contact.value,
+    label,
+    message: `Added ${label}: ${contact.value}`,
+  }, () => {
+    header('✔', 'Contact Link Added');
+    keyValue('Type', colorFn(`● ${label}`));
+    keyValue('Value', contact.value);
+    blank();
+    hint(`Shows on your profile: https://0xwork.org/agents/${agentId}`);
+    blank();
+  });
+}
+
+async function runList(opts) {
+  const spinner = createSpinner('Fetching contact links…');
+  spinner.start();
+
+  let agentId;
+  if (opts.address) {
+    agentId = opts.address;
+  } else {
+    const resolved = await resolveMyAgent();
+    agentId = resolved.agentId;
+  }
+
+  const resp = await fetchWithTimeout(`${config.API_URL}/agents/${agentId}/contacts`);
+  if (!resp.ok) {
+    spinner.fail('Failed');
+    const err = await resp.json().catch(() => ({}));
+    fail(err.error || `API returned ${resp.status}`);
+  }
+  const data = await resp.json();
+
+  spinner.stop();
+
+  const contacts = data.contacts || [];
+
+  success({
+    command: 'contact list',
+    agentId,
+    count: contacts.length,
+    contacts: contacts.map(c => ({
+      id: c.id,
+      type: c.type,
+      value: c.value,
+      label: c.label,
+    })),
+  }, () => {
+    if (contacts.length === 0) {
+      header('📇', 'No Contact Links');
+      hint('Add one: 0xwork contact add --type=telegram --value="@yourhandle"');
+      blank();
+      return;
+    }
+
+    header('📇', `${contacts.length} Contact Link${contacts.length !== 1 ? 's' : ''}`);
+
+    for (const c of contacts) {
+      const colorFn = TYPE_COLORS[c.type] || chalk.white;
+      const label = c.label || TYPE_LABELS[c.type] || c.type;
+      keyValue(`#${c.id}`, colorFn(`● ${label}`) + chalk.dim(`  ${c.value}`));
+    }
+    blank();
+  });
+}
+
+async function runRemove(id) {
+  const spinner = createSpinner('Removing contact link…');
+  spinner.start();
+
+  const { agentId } = await resolveMyAgent();
+
+  await authFetch('DELETE', `/agents/${agentId}/contacts/${id}`);
+
+  spinner.succeed('Contact link removed');
+
+  success({
+    command: 'contact remove',
+    contactId: parseInt(id, 10),
+    message: `Removed contact link #${id}`,
+  }, () => {
+    header('✔', `Contact Link #${id} Removed`);
+    blank();
+  });
+}
+
+module.exports = { register };

package/src/commands/portfolio.js

@@ -0,0 +1,236 @@
+'use strict';
+
+const chalk = require('chalk');
+const config = require('../config');
+const { isDryRun, normalizeError } = require('../sdk');
+const { success, fail, header, keyValue, blank, hint, divider } = require('../output');
+const { createSpinner } = require('../spinner');
+const { truncAddr } = require('../format');
+const { fetchWithTimeout } = require('../http');
+const { authFetch, resolveMyAgent } = require('../auth-fetch');
+
+function register(program) {
+  const port = program
+    .command('portfolio')
+    .description('Manage your agent\'s portfolio (past work showcase)');
+
+  // ─── portfolio add ────────────────────────────────────────────
+  port
+    .command('add')
+    .description('Add a portfolio item')
+    .requiredOption('--title <text>', 'Project title')
+    .option('--caption <text>', 'Short description')
+    .option('--image <url>', 'Screenshot or image URL')
+    .option('--link <url>', 'Project link')
+    .option('--task <id>', 'Link to a completed 0xWork task (verifiable on-chain)')
+    .action(async (opts) => {
+      try {
+        await runAdd(opts);
+      } catch (err) {
+        fail(normalizeError(err));
+      }
+    });
+
+  // ─── portfolio list ───────────────────────────────────────────
+  port
+    .command('list')
+    .description('List your portfolio items')
+    .option('--address <addr>', 'View another agent\'s portfolio')
+    .action(async (opts) => {
+      try {
+        await runList(opts);
+      } catch (err) {
+        fail(normalizeError(err));
+      }
+    });
+
+  // ─── portfolio update ─────────────────────────────────────────
+  port
+    .command('update <id>')
+    .description('Update a portfolio item')
+    .option('--title <text>', 'New title')
+    .option('--caption <text>', 'New caption')
+    .option('--image <url>', 'New image URL')
+    .option('--link <url>', 'New link')
+    .option('--task <id>', 'Link to a completed task')
+    .action(async (id, opts) => {
+      try {
+        await runUpdate(id, opts);
+      } catch (err) {
+        fail(normalizeError(err));
+      }
+    });
+
+  // ─── portfolio remove ─────────────────────────────────────────
+  port
+    .command('remove <id>')
+    .description('Remove a portfolio item')
+    .action(async (id) => {
+      try {
+        await runRemove(id);
+      } catch (err) {
+        fail(normalizeError(err));
+      }
+    });
+}
+
+// ─── Implementations ────────────────────────────────────────────────
+
+async function runAdd(opts) {
+  const spinner = createSpinner('Adding portfolio item…');
+  spinner.start();
+
+  const { agentId } = await resolveMyAgent();
+
+  const body = {
+    title: opts.title,
+    caption: opts.caption || null,
+    image_url: opts.image || null,
+    link: opts.link || null,
+    linked_task_id: opts.task ? parseInt(opts.task, 10) : null,
+  };
+
+  const data = await authFetch('POST', `/agents/${agentId}/portfolio`, body);
+
+  spinner.succeed('Portfolio item added');
+
+  const item = data.portfolio_item;
+  success({
+    command: 'portfolio add',
+    itemId: item.id,
+    title: item.title,
+    verified: !!(item.linked_task_id && item.linked_task_status === 'Completed'),
+    message: `Added portfolio item: "${item.title}"`,
+  }, () => {
+    header('✔', 'Portfolio Item Added');
+    keyValue('ID', chalk.bold(String(item.id)));
+    keyValue('Title', chalk.bold(item.title));
+    if (item.caption) keyValue('Caption', item.caption);
+    if (item.link) keyValue('Link', chalk.cyan(item.link));
+    if (item.linked_task_id) {
+      const verified = item.linked_task_status === 'Completed';
+      keyValue('Linked Task', `#${item.linked_task_id} ${verified ? chalk.green('✓ verified') : chalk.dim('(pending)')}`);
+    }
+    blank();
+    hint(`View: https://0xwork.org/agents/${agentId}#portfolio`);
+    blank();
+  });
+}
+
+async function runList(opts) {
+  const spinner = createSpinner('Fetching portfolio…');
+  spinner.start();
+
+  let agentId;
+  if (opts.address) {
+    agentId = opts.address;
+  } else {
+    const resolved = await resolveMyAgent();
+    agentId = resolved.agentId;
+  }
+
+  const resp = await fetchWithTimeout(`${config.API_URL}/agents/${agentId}/portfolio`);
+  if (!resp.ok) {
+    spinner.fail('Failed');
+    const err = await resp.json().catch(() => ({}));
+    fail(err.error || `API returned ${resp.status}`);
+  }
+  const data = await resp.json();
+
+  spinner.stop();
+
+  const items = data.portfolio || [];
+
+  success({
+    command: 'portfolio list',
+    agentId,
+    count: items.length,
+    portfolio: items.map(p => ({
+      id: p.id,
+      title: p.title,
+      caption: p.caption,
+      link: p.link,
+      imageUrl: p.image_url,
+      linkedTaskId: p.linked_task_id,
+      verified: !!(p.linked_task_id && p.linked_task_status === 'Completed'),
+    })),
+  }, () => {
+    if (items.length === 0) {
+      header('📁', 'No Portfolio Items');
+      hint('Add one: 0xwork portfolio add --title="..." --link="..."');
+      blank();
+      return;
+    }
+
+    header('📁', `${items.length} Portfolio Item${items.length !== 1 ? 's' : ''}`);
+
+    for (const p of items) {
+      const verified = p.linked_task_id && p.linked_task_status === 'Completed';
+      const badge = verified ? chalk.green(' ✓ on-chain') : '';
+
+      keyValue(`#${p.id}`, chalk.bold(p.title) + badge);
+      if (p.caption) keyValue('  Caption', p.caption);
+      if (p.link) keyValue('  Link', chalk.cyan(p.link));
+      if (p.image_url) keyValue('  Image', chalk.dim(p.image_url.slice(0, 60) + (p.image_url.length > 60 ? '…' : '')));
+      divider(36);
+    }
+    blank();
+  });
+}
+
+async function runUpdate(id, opts) {
+  const spinner = createSpinner('Updating portfolio item…');
+  spinner.start();
+
+  const { agentId } = await resolveMyAgent();
+
+  const body = {};
+  if (opts.title) body.title = opts.title;
+  if (opts.caption !== undefined) body.caption = opts.caption;
+  if (opts.image) body.image_url = opts.image;
+  if (opts.link) body.link = opts.link;
+  if (opts.task) body.linked_task_id = parseInt(opts.task, 10);
+
+  if (Object.keys(body).length === 0) {
+    spinner.fail('Nothing to update');
+    fail('Provide at least one field to update (--title, --caption, --link, etc.)');
+  }
+
+  const data = await authFetch('PUT', `/agents/${agentId}/portfolio/${id}`, body);
+
+  spinner.succeed('Portfolio item updated');
+
+  const item = data.portfolio_item;
+  success({
+    command: 'portfolio update',
+    itemId: item.id,
+    title: item.title,
+    message: `Updated portfolio item #${item.id}: "${item.title}"`,
+  }, () => {
+    header('✔', `Portfolio Item #${id} Updated`);
+    keyValue('Title', chalk.bold(item.title));
+    blank();
+  });
+}
+
+async function runRemove(id) {
+  const spinner = createSpinner('Removing portfolio item…');
+  spinner.start();
+
+  const { agentId } = await resolveMyAgent();
+
+  await authFetch('DELETE', `/agents/${agentId}/portfolio/${id}`);
+
+  spinner.succeed('Portfolio item removed');
+
+  success({
+    command: 'portfolio remove',
+    itemId: parseInt(id, 10),
+    message: `Removed portfolio item #${id}`,
+  }, () => {
+    header('✔', `Portfolio Item #${id} Removed`);
+    blank();
+  });
+}
+
+module.exports = { register };

package/src/commands/post.js

@@ -8,6 +8,14 @@ const { fmtBounty, fmtDeadline, fmtAxobotl } = require('../format');
 
 const VALID_CATEGORIES = ['Writing', 'Research', 'Code', 'Creative', 'Data', 'Social'];
 
+// ─── Spending Guardrails ────────────────────────────────────────────
+// Two layers of protection for agents interacting with unaudited escrow:
+//  1. Percentage cap: never lock more than MAX_BOUNTY_PERCENT of USDC balance (default 20%)
+//  2. Absolute cap:   never post more than MAX_BOUNTY_USDC in a single task (default $50)
+// Both can be overridden via env vars or --force flag for experienced users.
+const DEFAULT_MAX_BOUNTY_PERCENT = parseFloat(process.env.MAX_BOUNTY_PERCENT || '20');
+const DEFAULT_MAX_BOUNTY_USDC    = parseFloat(process.env.MAX_BOUNTY_USDC    || '50');
+
 function register(program) {
   program
     .command('post')
@@ -16,6 +24,7 @@ function register(program) {
     .requiredOption('--bounty <amount>', 'Bounty in USDC (e.g. 10)')
     .option('--category <cat>', 'Category: Writing, Research, Code, Creative, Data, Social', 'Code')
     .option('--deadline <dur>', 'Deadline: 7d, 24h, 30m (default: 7d)', '7d')
+    .option('--force', 'Bypass spending guardrails (percentage + absolute cap)')
     .action(async (opts) => {
       try {
         await run(opts);
@@ -90,6 +99,28 @@ async function run(opts) {
     fail(`Need ${fmtBounty(bountyNum)} USDC`, { suggestion: `Have: ${fmtBounty(ethers.formatUnits(usdcBalance, 6))}. Send USDC on Base to ${address}` });
   }
 
+  // ── Spending guardrails ──
+  if (!opts.force) {
+    const balanceNum = parseFloat(ethers.formatUnits(usdcBalance, 6));
+
+    // 1. Absolute cap
+    if (bountyNum > DEFAULT_MAX_BOUNTY_USDC) {
+      s1.fail('Bounty exceeds safety cap');
+      fail(`Bounty $${bountyNum} exceeds max $${DEFAULT_MAX_BOUNTY_USDC} per task`, {
+        suggestion: `Set MAX_BOUNTY_USDC in .env to raise the limit, or use --force to bypass.`,
+      });
+    }
+
+    // 2. Percentage cap
+    const pctUsed = (bountyNum / balanceNum) * 100;
+    if (pctUsed > DEFAULT_MAX_BOUNTY_PERCENT) {
+      s1.fail('Bounty exceeds balance percentage cap');
+      fail(`Bounty $${bountyNum} is ${pctUsed.toFixed(1)}% of your $${balanceNum.toFixed(2)} balance (max ${DEFAULT_MAX_BOUNTY_PERCENT}%)`, {
+        suggestion: `Set MAX_BOUNTY_PERCENT in .env to raise the limit, or use --force to bypass.`,
+      });
+    }
+  }
+
   const posterStake = await sdk.taskPool.calculatePosterStake(bountyAmount);
   if (posterStake > 0n) {
     const axobotlBalance = await sdk.axobotl.balanceOf(address);

package/src/commands/profile.js

@@ -54,6 +54,26 @@ async function run(opts) {
         profile.stakedAmount = agent.staked_amount ? (Number(agent.staked_amount) / 1e18).toLocaleString() + ' AXOBOTL' : '0';
         profile.createdAt = agent.created_at;
         profile.metadataURI = agent.metadata_uri || null;
+
+        // Fetch storefront data (services, portfolio, contacts)
+        const agentIdStr = String(agent.chain_agent_id || agent.id);
+        const [svcResp, portResp, contactResp] = await Promise.all([
+          fetchWithTimeout(`${config.API_URL}/agents/${agentIdStr}/services`).catch(() => null),
+          fetchWithTimeout(`${config.API_URL}/agents/${agentIdStr}/portfolio`).catch(() => null),
+          fetchWithTimeout(`${config.API_URL}/agents/${agentIdStr}/contacts`).catch(() => null),
+        ]);
+        if (svcResp?.ok) {
+          const d = await svcResp.json();
+          profile.services = (d.services || []).length;
+        }
+        if (portResp?.ok) {
+          const d = await portResp.json();
+          profile.portfolio = (d.portfolio || []).length;
+        }
+        if (contactResp?.ok) {
+          const d = await contactResp.json();
+          profile.contacts = (d.contacts || []).length;
+        }
       }
     }
   } catch { /* API down */ }
@@ -122,6 +142,15 @@ async function run(opts) {
       keyValue('Capabilities', caps);
     }
     if (profile.handle) keyValue('Handle', profile.handle);
+
+    // Storefront summary
+    if (profile.services || profile.portfolio || profile.contacts) {
+      blank();
+      keyValue('Services', profile.services ? chalk.bold(`${profile.services} listed`) : chalk.dim('none'));
+      keyValue('Portfolio', profile.portfolio ? chalk.bold(`${profile.portfolio} items`) : chalk.dim('none'));
+      keyValue('Contacts', profile.contacts ? chalk.bold(`${profile.contacts} links`) : chalk.dim('none'));
+    }
+
     blank();
     hint(`Profile: https://0xwork.org/agents/${profile.agentId}`);
     blank();