@0xwork/cli 1.0.1 → 1.0.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@0xwork/cli",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "0xWork CLI — AI agents earn money on-chain. Discover tasks, claim work, submit deliverables, earn USDC.",
   "bin": {
     "0xwork": "./bin/0xwork.js"
@@ -21,7 +21,7 @@
     "ora": "^5.4.1"
   },
   "peerDependencies": {
-    "@0xwork/sdk": ">=0.5.0"
+    "@0xwork/sdk": "^0.5.3"
   },
   "keywords": [
     "0xwork",

package/src/auth-fetch.js

@@ -0,0 +1,98 @@
+'use strict';
+
+/**
+ * Authenticated API requests for the 0xWork CLI.
+ *
+ * Signs requests with the wallet's private key using EIP-191,
+ * matching the auth pattern the frontend uses. Requires PRIVATE_KEY.
+ */
+
+const crypto = require('crypto');
+const config = require('./config');
+const { getEthers } = require('./sdk');
+const { fetchWithTimeout } = require('./http');
+
+/**
+ * Make an authenticated API request.
+ *
+ * @param {string} method - HTTP method (GET, POST, PUT, DELETE)
+ * @param {string} path   - API path (e.g. /agents/3/services)
+ * @param {object} [body] - Request body (for POST/PUT)
+ * @returns {Promise<object>} Parsed JSON response
+ * @throws {Error} On auth failure, network error, or non-2xx response
+ */
+async function authFetch(method, path, body) {
+  if (!config.PRIVATE_KEY) {
+    throw new Error('PRIVATE_KEY required for authenticated requests. Set it in .env');
+  }
+
+  const ethers = getEthers();
+  const wallet = new ethers.Wallet(config.PRIVATE_KEY);
+  const address = wallet.address;
+
+  // Build signed message — same shape as frontend authHeaders()
+  const message = JSON.stringify({
+    ...(body || {}),
+    timestamp: Date.now(),
+    nonce: crypto.randomBytes(16).toString('hex'),
+    method: method.toUpperCase(),
+    path,
+  });
+
+  const signature = await wallet.signMessage(message);
+
+  const url = `${config.API_URL}${path}`;
+  const fetchOpts = {
+    method: method.toUpperCase(),
+    headers: {
+      'Content-Type': 'application/json',
+      'x-wallet-address': address,
+      'x-signature': signature,
+      'x-message': message,
+    },
+  };
+
+  if (body && ['POST', 'PUT', 'PATCH'].includes(method.toUpperCase())) {
+    fetchOpts.body = JSON.stringify(body);
+  }
+
+  const resp = await fetchWithTimeout(url, fetchOpts);
+  const data = await resp.json();
+
+  if (!resp.ok) {
+    throw new Error(data.error || `API returned ${resp.status}`);
+  }
+
+  return data;
+}
+
+/**
+ * Resolve the agent's chain_agent_id from the wallet address.
+ * Needed because service/portfolio/contact endpoints use the agent's ID.
+ *
+ * @returns {Promise<{agentId: string, agent: object}>}
+ */
+async function resolveMyAgent() {
+  const ethers = getEthers();
+  if (!config.PRIVATE_KEY) {
+    throw new Error('PRIVATE_KEY required. Set it in .env');
+  }
+
+  const wallet = new ethers.Wallet(config.PRIVATE_KEY);
+  const address = wallet.address;
+
+  const resp = await fetchWithTimeout(`${config.API_URL}/agents/${address}`);
+  if (!resp.ok) {
+    throw new Error('Agent not found for this wallet. Register first: 0xwork register --name="..."');
+  }
+
+  const data = await resp.json();
+  const agent = data.agent;
+  if (!agent || !agent.chain_agent_id) {
+    throw new Error('Agent not found for this wallet. Register first: 0xwork register --name="..."');
+  }
+
+  return { agentId: String(agent.chain_agent_id), agent };
+}
+
+module.exports = { authFetch, resolveMyAgent };

package/src/commands/contact.js

@@ -0,0 +1,191 @@
+'use strict';
+
+const chalk = require('chalk');
+const config = require('../config');
+const { normalizeError } = require('../sdk');
+const { success, fail, header, keyValue, blank, hint } = require('../output');
+const { createSpinner } = require('../spinner');
+const { fetchWithTimeout } = require('../http');
+const { authFetch, resolveMyAgent } = require('../auth-fetch');
+
+const VALID_TYPES = ['telegram', 'discord', 'x', 'email', 'custom'];
+
+const TYPE_LABELS = {
+  telegram: 'Telegram',
+  discord: 'Discord',
+  x: 'X / Twitter',
+  email: 'Email',
+  custom: 'Custom Link',
+};
+
+const TYPE_COLORS = {
+  telegram: chalk.hex('#26A5E4'),
+  discord: chalk.hex('#5865F2'),
+  x: chalk.white,
+  email: chalk.hex('#ff5e00'),
+  custom: chalk.hex('#a855f7'),
+};
+
+function register(program) {
+  const cmd = program
+    .command('contact')
+    .description('Manage your agent\'s contact links (Telegram, Discord, X, email)');
+
+  // ─── contact add ──────────────────────────────────────────────
+  cmd
+    .command('add')
+    .description('Add a contact link')
+    .requiredOption('--type <type>', `Contact type: ${VALID_TYPES.join(', ')}`)
+    .requiredOption('--value <value>', 'Handle, URL, or email address')
+    .option('--label <text>', 'Display label override')
+    .action(async (opts) => {
+      try {
+        await runAdd(opts);
+      } catch (err) {
+        fail(normalizeError(err));
+      }
+    });
+
+  // ─── contact list ─────────────────────────────────────────────
+  cmd
+    .command('list')
+    .description('List your contact links')
+    .option('--address <addr>', 'View another agent\'s contact links')
+    .action(async (opts) => {
+      try {
+        await runList(opts);
+      } catch (err) {
+        fail(normalizeError(err));
+      }
+    });
+
+  // ─── contact remove ───────────────────────────────────────────
+  cmd
+    .command('remove <id>')
+    .description('Remove a contact link')
+    .action(async (id) => {
+      try {
+        await runRemove(id);
+      } catch (err) {
+        fail(normalizeError(err));
+      }
+    });
+}
+
+// ─── Implementations ────────────────────────────────────────────────
+
+async function runAdd(opts) {
+  if (!VALID_TYPES.includes(opts.type)) {
+    fail(`Invalid contact type: "${opts.type}"`, { suggestion: `Valid: ${VALID_TYPES.join(', ')}` });
+  }
+
+  const spinner = createSpinner('Adding contact link…');
+  spinner.start();
+
+  const { agentId } = await resolveMyAgent();
+
+  const body = {
+    type: opts.type,
+    value: opts.value,
+    label: opts.label || null,
+  };
+
+  const data = await authFetch('POST', `/agents/${agentId}/contacts`, body);
+
+  spinner.succeed('Contact link added');
+
+  const contact = data.contact;
+  const colorFn = TYPE_COLORS[contact.type] || chalk.white;
+  const label = contact.label || TYPE_LABELS[contact.type] || contact.type;
+
+  success({
+    command: 'contact add',
+    contactId: contact.id,
+    type: contact.type,
+    value: contact.value,
+    label,
+    message: `Added ${label}: ${contact.value}`,
+  }, () => {
+    header('✔', 'Contact Link Added');
+    keyValue('Type', colorFn(`● ${label}`));
+    keyValue('Value', contact.value);
+    blank();
+    hint(`Shows on your profile: https://0xwork.org/agents/${agentId}`);
+    blank();
+  });
+}
+
+async function runList(opts) {
+  const spinner = createSpinner('Fetching contact links…');
+  spinner.start();
+
+  let agentId;
+  if (opts.address) {
+    agentId = opts.address;
+  } else {
+    const resolved = await resolveMyAgent();
+    agentId = resolved.agentId;
+  }
+
+  const resp = await fetchWithTimeout(`${config.API_URL}/agents/${agentId}/contacts`);
+  if (!resp.ok) {
+    spinner.fail('Failed');
+    const err = await resp.json().catch(() => ({}));
+    fail(err.error || `API returned ${resp.status}`);
+  }
+  const data = await resp.json();
+
+  spinner.stop();
+
+  const contacts = data.contacts || [];
+
+  success({
+    command: 'contact list',
+    agentId,
+    count: contacts.length,
+    contacts: contacts.map(c => ({
+      id: c.id,
+      type: c.type,
+      value: c.value,
+      label: c.label,
+    })),
+  }, () => {
+    if (contacts.length === 0) {
+      header('📇', 'No Contact Links');
+      hint('Add one: 0xwork contact add --type=telegram --value="@yourhandle"');
+      blank();
+      return;
+    }
+
+    header('📇', `${contacts.length} Contact Link${contacts.length !== 1 ? 's' : ''}`);
+
+    for (const c of contacts) {
+      const colorFn = TYPE_COLORS[c.type] || chalk.white;
+      const label = c.label || TYPE_LABELS[c.type] || c.type;
+      keyValue(`#${c.id}`, colorFn(`● ${label}`) + chalk.dim(`  ${c.value}`));
+    }
+    blank();
+  });
+}
+
+async function runRemove(id) {
+  const spinner = createSpinner('Removing contact link…');
+  spinner.start();
+
+  const { agentId } = await resolveMyAgent();
+
+  await authFetch('DELETE', `/agents/${agentId}/contacts/${id}`);
+
+  spinner.succeed('Contact link removed');
+
+  success({
+    command: 'contact remove',
+    contactId: parseInt(id, 10),
+    message: `Removed contact link #${id}`,
+  }, () => {
+    header('✔', `Contact Link #${id} Removed`);
+    blank();
+  });
+}
+
+module.exports = { register };

package/src/commands/portfolio.js

@@ -0,0 +1,236 @@
+'use strict';
+
+const chalk = require('chalk');
+const config = require('../config');
+const { isDryRun, normalizeError } = require('../sdk');
+const { success, fail, header, keyValue, blank, hint, divider } = require('../output');
+const { createSpinner } = require('../spinner');
+const { truncAddr } = require('../format');
+const { fetchWithTimeout } = require('../http');
+const { authFetch, resolveMyAgent } = require('../auth-fetch');
+
+function register(program) {
+  const port = program
+    .command('portfolio')
+    .description('Manage your agent\'s portfolio (past work showcase)');
+
+  // ─── portfolio add ────────────────────────────────────────────
+  port
+    .command('add')
+    .description('Add a portfolio item')
+    .requiredOption('--title <text>', 'Project title')
+    .option('--caption <text>', 'Short description')
+    .option('--image <url>', 'Screenshot or image URL')
+    .option('--link <url>', 'Project link')
+    .option('--task <id>', 'Link to a completed 0xWork task (verifiable on-chain)')
+    .action(async (opts) => {
+      try {
+        await runAdd(opts);
+      } catch (err) {
+        fail(normalizeError(err));
+      }
+    });
+
+  // ─── portfolio list ───────────────────────────────────────────
+  port
+    .command('list')
+    .description('List your portfolio items')
+    .option('--address <addr>', 'View another agent\'s portfolio')
+    .action(async (opts) => {
+      try {
+        await runList(opts);
+      } catch (err) {
+        fail(normalizeError(err));
+      }
+    });
+
+  // ─── portfolio update ─────────────────────────────────────────
+  port
+    .command('update <id>')
+    .description('Update a portfolio item')
+    .option('--title <text>', 'New title')
+    .option('--caption <text>', 'New caption')
+    .option('--image <url>', 'New image URL')
+    .option('--link <url>', 'New link')
+    .option('--task <id>', 'Link to a completed task')
+    .action(async (id, opts) => {
+      try {
+        await runUpdate(id, opts);
+      } catch (err) {
+        fail(normalizeError(err));
+      }
+    });
+
+  // ─── portfolio remove ─────────────────────────────────────────
+  port
+    .command('remove <id>')
+    .description('Remove a portfolio item')
+    .action(async (id) => {
+      try {
+        await runRemove(id);
+      } catch (err) {
+        fail(normalizeError(err));
+      }
+    });
+}
+
+// ─── Implementations ────────────────────────────────────────────────
+
+async function runAdd(opts) {
+  const spinner = createSpinner('Adding portfolio item…');
+  spinner.start();
+
+  const { agentId } = await resolveMyAgent();
+
+  const body = {
+    title: opts.title,
+    caption: opts.caption || null,
+    image_url: opts.image || null,
+    link: opts.link || null,
+    linked_task_id: opts.task ? parseInt(opts.task, 10) : null,
+  };
+
+  const data = await authFetch('POST', `/agents/${agentId}/portfolio`, body);
+
+  spinner.succeed('Portfolio item added');
+
+  const item = data.portfolio_item;
+  success({
+    command: 'portfolio add',
+    itemId: item.id,
+    title: item.title,
+    verified: !!(item.linked_task_id && item.linked_task_status === 'Completed'),
+    message: `Added portfolio item: "${item.title}"`,
+  }, () => {
+    header('✔', 'Portfolio Item Added');
+    keyValue('ID', chalk.bold(String(item.id)));
+    keyValue('Title', chalk.bold(item.title));
+    if (item.caption) keyValue('Caption', item.caption);
+    if (item.link) keyValue('Link', chalk.cyan(item.link));
+    if (item.linked_task_id) {
+      const verified = item.linked_task_status === 'Completed';
+      keyValue('Linked Task', `#${item.linked_task_id} ${verified ? chalk.green('✓ verified') : chalk.dim('(pending)')}`);
+    }
+    blank();
+    hint(`View: https://0xwork.org/agents/${agentId}#portfolio`);
+    blank();
+  });
+}
+
+async function runList(opts) {
+  const spinner = createSpinner('Fetching portfolio…');
+  spinner.start();
+
+  let agentId;
+  if (opts.address) {
+    agentId = opts.address;
+  } else {
+    const resolved = await resolveMyAgent();
+    agentId = resolved.agentId;
+  }
+
+  const resp = await fetchWithTimeout(`${config.API_URL}/agents/${agentId}/portfolio`);
+  if (!resp.ok) {
+    spinner.fail('Failed');
+    const err = await resp.json().catch(() => ({}));
+    fail(err.error || `API returned ${resp.status}`);
+  }
+  const data = await resp.json();
+
+  spinner.stop();
+
+  const items = data.portfolio || [];
+
+  success({
+    command: 'portfolio list',
+    agentId,
+    count: items.length,
+    portfolio: items.map(p => ({
+      id: p.id,
+      title: p.title,
+      caption: p.caption,
+      link: p.link,
+      imageUrl: p.image_url,
+      linkedTaskId: p.linked_task_id,
+      verified: !!(p.linked_task_id && p.linked_task_status === 'Completed'),
+    })),
+  }, () => {
+    if (items.length === 0) {
+      header('📁', 'No Portfolio Items');
+      hint('Add one: 0xwork portfolio add --title="..." --link="..."');
+      blank();
+      return;
+    }
+
+    header('📁', `${items.length} Portfolio Item${items.length !== 1 ? 's' : ''}`);
+
+    for (const p of items) {
+      const verified = p.linked_task_id && p.linked_task_status === 'Completed';
+      const badge = verified ? chalk.green(' ✓ on-chain') : '';
+
+      keyValue(`#${p.id}`, chalk.bold(p.title) + badge);
+      if (p.caption) keyValue('  Caption', p.caption);
+      if (p.link) keyValue('  Link', chalk.cyan(p.link));
+      if (p.image_url) keyValue('  Image', chalk.dim(p.image_url.slice(0, 60) + (p.image_url.length > 60 ? '…' : '')));
+      divider(36);
+    }
+    blank();
+  });
+}
+
+async function runUpdate(id, opts) {
+  const spinner = createSpinner('Updating portfolio item…');
+  spinner.start();
+
+  const { agentId } = await resolveMyAgent();
+
+  const body = {};
+  if (opts.title) body.title = opts.title;
+  if (opts.caption !== undefined) body.caption = opts.caption;
+  if (opts.image) body.image_url = opts.image;
+  if (opts.link) body.link = opts.link;
+  if (opts.task) body.linked_task_id = parseInt(opts.task, 10);
+
+  if (Object.keys(body).length === 0) {
+    spinner.fail('Nothing to update');
+    fail('Provide at least one field to update (--title, --caption, --link, etc.)');
+  }
+
+  const data = await authFetch('PUT', `/agents/${agentId}/portfolio/${id}`, body);
+
+  spinner.succeed('Portfolio item updated');
+
+  const item = data.portfolio_item;
+  success({
+    command: 'portfolio update',
+    itemId: item.id,
+    title: item.title,
+    message: `Updated portfolio item #${item.id}: "${item.title}"`,
+  }, () => {
+    header('✔', `Portfolio Item #${id} Updated`);
+    keyValue('Title', chalk.bold(item.title));
+    blank();
+  });
+}
+
+async function runRemove(id) {
+  const spinner = createSpinner('Removing portfolio item…');
+  spinner.start();
+
+  const { agentId } = await resolveMyAgent();
+
+  await authFetch('DELETE', `/agents/${agentId}/portfolio/${id}`);
+
+  spinner.succeed('Portfolio item removed');
+
+  success({
+    command: 'portfolio remove',
+    itemId: parseInt(id, 10),
+    message: `Removed portfolio item #${id}`,
+  }, () => {
+    header('✔', `Portfolio Item #${id} Removed`);
+    blank();
+  });
+}
+
+module.exports = { register };

package/src/commands/post.js

@@ -2,14 +2,20 @@
 
 const chalk = require('chalk');
 const { requireSDK, getEthers, isDryRun, normalizeError } = require('../sdk');
-const { success, fail, header, keyValue, blank, hint, warn } = require('../output');
+const { success, fail, header, keyValue, blank, hint } = require('../output');
 const { createSpinner } = require('../spinner');
 const { fmtBounty, fmtDeadline, fmtAxobotl } = require('../format');
-const { fetchWithTimeout } = require('../http');
-const { API_URL } = require('../config');
 
 const VALID_CATEGORIES = ['Writing', 'Research', 'Code', 'Creative', 'Data', 'Social'];
 
+// ─── Spending Guardrails ────────────────────────────────────────────
+// Two layers of protection for agents interacting with unaudited escrow:
+//  1. Percentage cap: never lock more than MAX_BOUNTY_PERCENT of USDC balance (default 20%)
+//  2. Absolute cap:   never post more than MAX_BOUNTY_USDC in a single task (default $50)
+// Both can be overridden via env vars or --force flag for experienced users.
+const DEFAULT_MAX_BOUNTY_PERCENT = parseFloat(process.env.MAX_BOUNTY_PERCENT || '20');
+const DEFAULT_MAX_BOUNTY_USDC    = parseFloat(process.env.MAX_BOUNTY_USDC    || '50');
+
 function register(program) {
   program
     .command('post')
@@ -18,7 +24,7 @@ function register(program) {
     .requiredOption('--bounty <amount>', 'Bounty in USDC (e.g. 10)')
     .option('--category <cat>', 'Category: Writing, Research, Code, Creative, Data, Social', 'Code')
     .option('--deadline <dur>', 'Deadline: 7d, 24h, 30m (default: 7d)', '7d')
-    .option('--skip-duplicate-check', 'Skip the duplicate task check')
+    .option('--force', 'Bypass spending guardrails (percentage + absolute cap)')
     .action(async (opts) => {
       try {
         await run(opts);
@@ -82,38 +88,6 @@ async function run(opts) {
   const ethers = getEthers();
   const address = sdk.address;
 
-  // ── Duplicate detection ─────────────────────────────────────────────
-  if (!opts.skipDuplicateCheck) {
-    try {
-      const resp = await fetchWithTimeout(`${API_URL}/tasks?poster=${address}&status=Open&limit=50`);
-      if (resp.ok) {
-        const data = await resp.json();
-        const tasks = data.tasks || [];
-        const descNorm = opts.description.trim().toLowerCase();
-        const dupes = tasks.filter(t =>
-          t.description && t.description.trim().toLowerCase() === descNorm
-        );
-        if (dupes.length > 0) {
-          const dupeIds = dupes.map(t => `#${t.chain_task_id}`).join(', ');
-          fail(`Duplicate detected — you already have an open task with this exact description (${dupeIds})`, {
-            suggestion: 'Use --skip-duplicate-check to post anyway, or cancel the existing task first.',
-          });
-        }
-        // Also warn if posting same category with similar bounty (likely retry)
-        const sameCategory = tasks.filter(t =>
-          t.category === opts.category &&
-          Math.abs(Number(t.bounty_amount) - bountyNum) < 0.01
-        );
-        if (sameCategory.length >= 3) {
-          warn(`You already have ${sameCategory.length} open "${opts.category}" tasks with similar bounties. Use --skip-duplicate-check to post anyway.`);
-          fail('Too many similar open tasks — likely a retry loop', {
-            suggestion: `Check existing tasks: 0xwork status`,
-          });
-        }
-      }
-    } catch { /* API check failed — continue anyway */ }
-  }
-
   // Pre-flight checks
   const s1 = createSpinner('Checking balances…');
   s1.start();
@@ -125,6 +99,28 @@ async function run(opts) {
     fail(`Need ${fmtBounty(bountyNum)} USDC`, { suggestion: `Have: ${fmtBounty(ethers.formatUnits(usdcBalance, 6))}. Send USDC on Base to ${address}` });
   }
 
+  // ── Spending guardrails ──
+  if (!opts.force) {
+    const balanceNum = parseFloat(ethers.formatUnits(usdcBalance, 6));
+
+    // 1. Absolute cap
+    if (bountyNum > DEFAULT_MAX_BOUNTY_USDC) {
+      s1.fail('Bounty exceeds safety cap');
+      fail(`Bounty $${bountyNum} exceeds max $${DEFAULT_MAX_BOUNTY_USDC} per task`, {
+        suggestion: `Set MAX_BOUNTY_USDC in .env to raise the limit, or use --force to bypass.`,
+      });
+    }
+
+    // 2. Percentage cap
+    const pctUsed = (bountyNum / balanceNum) * 100;
+    if (pctUsed > DEFAULT_MAX_BOUNTY_PERCENT) {
+      s1.fail('Bounty exceeds balance percentage cap');
+      fail(`Bounty $${bountyNum} is ${pctUsed.toFixed(1)}% of your $${balanceNum.toFixed(2)} balance (max ${DEFAULT_MAX_BOUNTY_PERCENT}%)`, {
+        suggestion: `Set MAX_BOUNTY_PERCENT in .env to raise the limit, or use --force to bypass.`,
+      });
+    }
+  }
+
   const posterStake = await sdk.taskPool.calculatePosterStake(bountyAmount);
   if (posterStake > 0n) {
     const axobotlBalance = await sdk.axobotl.balanceOf(address);
@@ -156,21 +152,6 @@ async function run(opts) {
 
   s2.succeed('Posted');
 
-  // ── Post-action verification ──────────────────────────────────────
-  // Fetch the task back from the API to confirm it's live
-  let verified = false;
-  if (result.taskId != null) {
-    try {
-      const resp = await fetchWithTimeout(`${API_URL}/tasks/${result.taskId}`);
-      if (resp.ok) {
-        const data = await resp.json();
-        if (data.task && data.task.status === 'Open') {
-          verified = true;
-        }
-      }
-    } catch { /* verification failed — still report success from chain */ }
-  }
-
   success({
     command: 'post',
     dryRun: false,
@@ -183,18 +164,14 @@ async function run(opts) {
     deadlineHuman: new Date(deadlineSecs * 1000).toISOString(),
     posterStake: posterStake > 0n ? ethers.formatUnits(posterStake, 18) : '0',
     address,
-    verified,
     message: `Posted task #${result.taskId} — ${fmtBounty(bountyNum)} bounty`,
   }, () => {
     header('✔', `Task #${result.taskId} Posted`);
-    keyValue('Task ID', chalk.white.bold(`#${result.taskId}`));
     keyValue('Bounty', chalk.green.bold(`${fmtBounty(bountyNum)} USDC`));
     keyValue('Category', opts.category);
     keyValue('Deadline', fmtDeadline(deadlineSecs, true));
     if (posterStake > 0n) keyValue('Poster stake', `${fmtAxobotl(ethers.formatUnits(posterStake, 18))} AXOBOTL`);
-    keyValue('Status', verified ? chalk.green('✓ Verified on-chain & API') : chalk.yellow('⚠ On-chain confirmed, API sync pending'));
     blank();
-    hint(`View: 0xwork task ${result.taskId}`);
     hint(`tx: ${result.txHash}`);
     blank();
   });