@aeon-ai-pay/aigateway 0.1.0

package/src/funding.mjs

@@ -0,0 +1,216 @@
+/**
+ * Funding flow: WalletConnect-based USDT/BNB transfer to session key,
+ * plus on-chain pre-authorization (ERC20.approve facilitator).
+ *
+ * Shared by: create-image (lazy top-up when balance is short),
+ *            prepare      (proactive pre-flight before any image work).
+ */
+import {
+  withWallet,
+  requestERC20Transfer,
+  requestNativeTransfer,
+  setStatus,
+} from "./walletconnect.mjs";
+import { BSC_RPC_URL, USDT_BSC, FACILITATOR_ADDRESS } from "./constants.mjs";
+import { privateKeyToAccount } from "viem/accounts";
+import {
+  createPublicClient,
+  createWalletClient,
+  http,
+  maxUint256,
+} from "viem";
+import { bsc } from "viem/chains";
+import { createInterface } from "node:readline/promises";
+import { logInfo } from "./output.mjs";
+
+/**
+ * Two distinct USDT thresholds — keep them apart:
+ *   LOW_BALANCE_THRESHOLD: when does prepare *trigger* a top-up?
+ *     If balance ≥ this, prepare exits ready immediately. Set low (1 USDT, ≈ 50
+ *     image generations at current pricing) so users aren't asked to refund
+ *     while they still have plenty of headroom.
+ *   MIN_TOPUP_USDT: when a top-up *does* happen, what's the minimum amount?
+ *     A top-up always costs ≥ 5 USDT so a single funding lasts a long time.
+ */
+export const LOW_BALANCE_THRESHOLD = 1;
+export const MIN_TOPUP_USDT = 5;
+export const TOPUP_PRESETS = [5, 10, 20, 50];
+export const AUTO_GAS_BNB = "0.0003";
+
+const ERC20_APPROVE_ABI = [
+  {
+    name: "approve",
+    type: "function",
+    stateMutability: "nonpayable",
+    inputs: [
+      { name: "spender", type: "address" },
+      { name: "amount", type: "uint256" },
+    ],
+    outputs: [{ name: "", type: "bool" }],
+  },
+];
+
+/**
+ * Interactive top-up amount picker (TTY only).
+ * Presets ≥ minTopup are offered; custom amount must also be ≥ minTopup.
+ *
+ * @param {number} minTopup - floor amount in USDT (typically MIN_TOPUP_USDT, but
+ *   may be higher when shortfall > 5)
+ * @returns {Promise<string>} chosen USDT amount as a numeric string
+ */
+export async function promptTopupAmount(minTopup) {
+  const presets = TOPUP_PRESETS.filter((v) => v >= minTopup);
+  const customIdx = presets.length + 1;
+
+  logInfo("");
+  logInfo(`Choose top-up amount (minimum ${minTopup} USDT):`);
+  presets.forEach((v, i) => {
+    logInfo(`  ${i + 1}) ${v} USDT`);
+  });
+  logInfo(`  ${customIdx}) Custom amount`);
+
+  const rl = createInterface({ input: process.stdin, output: process.stderr });
+  try {
+    while (true) {
+      const ans = (await rl.question(`Enter choice [1-${customIdx}]: `)).trim();
+      const n = Number(ans);
+      if (Number.isInteger(n) && n >= 1 && n <= presets.length) {
+        return String(presets[n - 1]);
+      }
+      if (Number.isInteger(n) && n === customIdx) {
+        const custom = (await rl.question(`Enter USDT amount (>= ${minTopup}): `)).trim();
+        const cn = Number(custom);
+        if (!Number.isFinite(cn) || cn <= 0) {
+          logInfo("Invalid amount, please retry.");
+          continue;
+        }
+        if (cn < minTopup) {
+          logInfo(`Amount must be at least ${minTopup} USDT.`);
+          continue;
+        }
+        return custom;
+      }
+      logInfo("Invalid choice, please retry.");
+    }
+  } finally {
+    rl.close();
+  }
+}
+
+/**
+ * Open WalletConnect QR, transfer USDT (optional) and/or 0.0003 BNB (optional)
+ * from the user's main wallet to the local session key.
+ *
+ * @param {object} params
+ * @param {string} params.sessionAddress - destination (local session key)
+ * @param {string|null} params.usdtAmount - USDT amount to transfer, or null to skip
+ * @param {boolean} params.needGas - whether to also transfer 0.0003 BNB for approve gas
+ */
+export async function fundSessionKey({ sessionAddress, usdtAmount, needGas }) {
+  const pageAmount = usdtAmount || (needGas ? AUTO_GAS_BNB : null);
+  const pageToken = usdtAmount ? "USDT" : "BNB";
+  const pageGasAmount = (needGas && usdtAmount) ? AUTO_GAS_BNB : null;
+  await withWallet({ amount: pageAmount, token: pageToken, gasAmount: pageGasAmount }, async ({ signClient, session, peerAddress }) => {
+    const publicClient = createPublicClient({
+      chain: bsc,
+      transport: http(BSC_RPC_URL, { timeout: 15000, retryCount: 2 }),
+    });
+
+    if (usdtAmount) {
+      setStatus("signing", { amount: usdtAmount, token: "USDT", to: sessionAddress });
+      logInfo(`\nRequesting USDT transfer: ${usdtAmount} USDT → ${sessionAddress}`);
+      logInfo("Please confirm the transaction in your wallet app...");
+
+      const usdtTxHash = await requestERC20Transfer(signClient, session, {
+        from: peerAddress,
+        to: sessionAddress,
+        token: USDT_BSC,
+        amount: usdtAmount,
+        decimals: 18,
+      });
+      setStatus("tx_submitted", { txHash: usdtTxHash, amount: usdtAmount, token: "USDT" });
+      logInfo(`USDT transfer submitted: ${usdtTxHash}`);
+      logInfo("Waiting for confirmation...");
+
+      const receipt = await publicClient.waitForTransactionReceipt({
+        hash: usdtTxHash,
+        timeout: 60_000,
+      });
+      if (receipt.status !== "success") {
+        throw new Error("USDT transfer transaction reverted");
+      }
+      logInfo("USDT transfer confirmed.");
+    }
+
+    if (needGas) {
+      try {
+        const activeSessions = signClient.session.getAll();
+        const sessionAlive = activeSessions.some((s) => s.topic === session.topic);
+        if (!sessionAlive) {
+          throw new Error("WalletConnect session expired between USDT and BNB transfers. Run 'aigateway wallet-gas' to add BNB manually.");
+        }
+      } catch (e) {
+        if (e.message.includes("session expired")) throw e;
+      }
+
+      setStatus("signing", { amount: AUTO_GAS_BNB, token: "BNB", to: sessionAddress });
+      logInfo(`\nRequesting BNB transfer: ${AUTO_GAS_BNB} BNB → ${sessionAddress} (for approve gas)`);
+      logInfo("Please confirm the transaction in your wallet app...");
+      const bnbTxHash = await requestNativeTransfer(signClient, session, {
+        from: peerAddress,
+        to: sessionAddress,
+        value: AUTO_GAS_BNB,
+      });
+      setStatus("tx_submitted", { txHash: bnbTxHash, amount: AUTO_GAS_BNB, token: "BNB" });
+      logInfo(`BNB transfer submitted: ${bnbTxHash}`);
+      const bnbReceipt = await publicClient.waitForTransactionReceipt({
+        hash: bnbTxHash,
+        timeout: 60_000,
+      });
+      if (bnbReceipt.status !== "success") {
+        throw new Error("BNB transfer reverted");
+      }
+      logInfo("BNB transfer confirmed.");
+    }
+
+    setStatus("confirmed", { token: usdtAmount ? "USDT" : "BNB" });
+  });
+}
+
+/**
+ * Pre-authorize the x402 facilitator to spend session key's USDT (MaxUint256).
+ * Session key signs and broadcasts directly — needs BNB for gas.
+ *
+ * @param {`0x${string}`} privateKey - session key private key
+ * @returns {Promise<string>} approve tx hash
+ */
+export async function approveFacilitator(privateKey) {
+  const account = privateKeyToAccount(privateKey);
+  const walletClient = createWalletClient({
+    account,
+    chain: bsc,
+    transport: http(BSC_RPC_URL, { timeout: 15000, retryCount: 2 }),
+  });
+  const publicClient = createPublicClient({
+    chain: bsc,
+    transport: http(BSC_RPC_URL, { timeout: 15000, retryCount: 2 }),
+  });
+
+  logInfo(`Pre-authorizing facilitator from ${account.address}...`);
+  const txHash = await walletClient.writeContract({
+    address: USDT_BSC,
+    abi: ERC20_APPROVE_ABI,
+    functionName: "approve",
+    args: [FACILITATOR_ADDRESS, maxUint256],
+  });
+  logInfo(`Approve tx submitted: ${txHash}`);
+  const receipt = await publicClient.waitForTransactionReceipt({
+    hash: txHash,
+    timeout: 60_000,
+  });
+  if (receipt.status !== "success") {
+    throw new Error(`Approve tx reverted: ${txHash}`);
+  }
+  logInfo("Approve confirmed.");
+  return txHash;
+}

package/src/output.mjs

@@ -0,0 +1,85 @@
+/**
+ * 统一输出封装：envelope JSON + 分级日志
+ *
+ * stdout: 一行最终 JSON（machine-readable）
+ *   - 成功：{ ok: true, command, version, data }
+ *   - 失败：{ ok: false, command, version, error: { code, message, ...context } }
+ * stderr: 进度日志（human-readable，agent 可忽略）
+ *
+ * --legacy-output 模式：保留旧裸字段格式，便于已按旧 JSON 解析的脚本/agent 平滑过渡。
+ */
+
+import { readFileSync } from "fs";
+import { join, dirname } from "path";
+import { fileURLToPath } from "url";
+import { ERROR_CODES } from "./error-codes.mjs";
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const VERSION = JSON.parse(
+  readFileSync(join(__dirname, "..", "package.json"), "utf-8"),
+).version;
+
+let LEGACY_MODE = false;
+let QUIET_MODE = false;
+let VERBOSE_MODE = false;
+
+export function setLegacyMode(v) { LEGACY_MODE = !!v; }
+export function setQuietMode(v) { QUIET_MODE = !!v; }
+export function setVerboseMode(v) { VERBOSE_MODE = !!v; }
+export function isLegacyMode() { return LEGACY_MODE; }
+export function isVerboseMode() { return VERBOSE_MODE; }
+
+/**
+ * 输出成功结果。调用方应在调用后让函数自然返回（不要再 process.exit）。
+ * @param {string} command - 命令名，如 "create-card" / "wallet-init"
+ * @param {object} data - envelope 模式下放在 data 字段
+ * @param {object} [legacyShape] - legacy 模式下直接输出的旧格式对象；省略则使用 data 本身
+ */
+export function emitOk(command, data, legacyShape) {
+  if (LEGACY_MODE) {
+    console.log(JSON.stringify(legacyShape ?? data, null, 2));
+  } else {
+    console.log(JSON.stringify({ ok: true, command, version: VERSION, data }));
+  }
+}
+
+/**
+ * 输出错误并退出（按错误码对应的 exit 码）。
+ * @param {string} command
+ * @param {string} code - ERROR_CODES 键名
+ * @param {object} [details] - 额外字段。message 字段会覆盖默认 message；legacy 字段在 legacy 模式下完全替代输出
+ */
+export function emitErr(command, code, details = {}) {
+  const info = ERROR_CODES[code] || ERROR_CODES.INTERNAL_ERROR;
+  const message = details.message || info.message || code;
+  const exit = info.exit;
+  const { message: _m, legacy, ...rest } = details;
+
+  if (LEGACY_MODE) {
+    const legacyOut = legacy ?? { error: message, ...rest };
+    console.error(JSON.stringify(legacyOut));
+  } else {
+    console.log(JSON.stringify({
+      ok: false,
+      command,
+      version: VERSION,
+      error: { code, message, ...rest },
+    }));
+  }
+  process.exit(exit);
+}
+
+/** 进度日志（quiet 模式压制） */
+export function logInfo(msg) {
+  if (!QUIET_MODE) console.error(msg);
+}
+
+/** 详细日志（仅 verbose 模式下输出） */
+export function logVerbose(msg) {
+  if (VERBOSE_MODE && !QUIET_MODE) console.error(msg);
+}
+
+/** 错误日志（quiet 模式下也会输出） */
+export function logError(msg) {
+  console.error(msg);
+}

package/src/sanitize.mjs

@@ -0,0 +1,48 @@
+/**
+ * 卡片输出脱敏：隐藏敏感卡片信息（完整卡号→末4位、移除CVV、移除有效期）
+ * CLI 输出 JSON 供 Agent 解析，Agent 按产品模板展示给用户
+ */
+
+// 需要替换为末4位的字段
+const CARD_NUMBER_KEYS = new Set([
+  "cardnumber", "cardno",
+]);
+
+// 需要完全移除的字段
+const REMOVE_KEYS = new Set([
+  "cvv", "cvv2", "cvc", "cvc2", "securitycode",
+  "expiry", "expirydate", "expiredate", "cardexpiry",
+  "expirationdate", "validthru",
+]);
+
+/**
+ * 递归脱敏对象：
+ * - cardNumber/cardNo → 只保留末4位（"•••• 3398"）
+ * - cvv/securityCode → 移除
+ * - expiry/expireDate → 移除
+ */
+export function sanitizeOutput(obj) {
+  if (obj === null || obj === undefined) return obj;
+  if (Array.isArray(obj)) return obj.map(sanitizeOutput);
+  if (typeof obj !== "object") return obj;
+
+  const result = {};
+  for (const [key, value] of Object.entries(obj)) {
+    const normalized = key.toLowerCase().replace(/[-_]/g, "");
+
+    // 移除 CVV、有效期等敏感字段
+    if (REMOVE_KEYS.has(normalized)) continue;
+
+    // 卡号只保留末4位
+    if (CARD_NUMBER_KEYS.has(normalized)) {
+      if (typeof value === "string" && value.length >= 4) {
+        result[key] = "•••• " + value.slice(-4);
+      }
+      // value 为 null 时不输出此字段
+      continue;
+    }
+
+    result[key] = sanitizeOutput(value);
+  }
+  return result;
+}

package/src/update-check.mjs

@@ -0,0 +1,69 @@
+/**
+ * 自动版本检查 + 静默后台升级
+ *
+ * 策略：
+ * 1. 同步快速检查（npm view）— 发现新版本时输出提示
+ * 2. spawn 后台子进程执行 npm install -g 升级
+ * 3. 升级后执行 postinstall.mjs（skills CLI 安装到所有工具）
+ * 不阻塞主进程
+ */
+
+import { execFileSync, spawn } from "node:child_process";
+
+const PKG_NAME = "@aeon-ai-pay/aigateway";
+
+/**
+ * 启动时调用：同步检查版本 + 后台升级
+ * @param {string} currentVersion
+ */
+export function checkForUpdates(currentVersion) {
+  // 同步快速检查最新版本（超时短，不阻塞太久）
+  let latest;
+  try {
+    latest = execFileSync("npm", ["view", PKG_NAME, "version"], {
+      timeout: 5000,
+      stdio: ["ignore", "pipe", "ignore"],
+    }).toString().trim();
+  } catch {
+    return; // 网络不可用，静默跳过
+  }
+
+  if (!latest || latest === currentVersion) return;
+
+  // 有新版本：输出提示
+  console.error(`[update] ${PKG_NAME} ${currentVersion} → ${latest}, upgrading in background...`);
+
+  // 后台执行升级（结果写入日志文件）
+  const script = `
+    const { execFileSync } = require("child_process");
+    const { join } = require("path");
+    const { appendFileSync, mkdirSync } = require("fs");
+    const { homedir } = require("os");
+    const pkg = ${JSON.stringify(PKG_NAME)};
+    const ver = ${JSON.stringify(latest)};
+    const logDir = join(homedir(), ".aigateway");
+    const logFile = join(logDir, "update.log");
+    function log(msg) {
+      try {
+        mkdirSync(logDir, { recursive: true });
+        appendFileSync(logFile, new Date().toISOString() + " " + msg + "\\n");
+      } catch {}
+    }
+    try {
+      log("Upgrading " + pkg + " to " + ver + "...");
+      execFileSync("npm", ["install", "-g", pkg + "@" + ver], { timeout: 120000 });
+      const root = execFileSync("npm", ["root", "-g"], { timeout: 10000 }).toString().trim();
+      const postinstall = join(root, pkg, "scripts", "postinstall.mjs");
+      execFileSync("node", [postinstall], { timeout: 30000 });
+      log("Upgrade to " + ver + " succeeded.");
+    } catch (e) {
+      log("Upgrade to " + ver + " failed: " + (e.message || e));
+    }
+  `;
+
+  const child = spawn("node", ["-e", script], {
+    stdio: "ignore",
+    detached: true,
+  });
+  child.unref();
+}