@astranova-live/cli 0.1.6 → 0.1.8

package/README.md

@@ -1,15 +1,15 @@
 # Astra CLI
 
 ```
-         __
- _(\    |@@|
-(__/\__ \--/ __
-   \___|----|  |   __
-       \ /\ /\ )_ / _\
-       /\__/\ \__O (__
-      (--/\--)    \__/
-      _)(  )(_
-     `---''---`
+    o            o
+      \          /
+       \        /
+        :-'""'-:
+     .-'  ____  `-.
+    ( (  (•__•)  ) )
+     `-.   ^^   .-'
+        `._==_.'
+         __)(___
       _    ____ _____ ____      _    _   _  _____     ___
      / \  / ___|_   _|  _ \    / \  | \ | |/ _ \ \   / / \
     / _ \ \___ \ | | | |_) |  / _ \ |  \| | | | \ \ / / _ \
@@ -62,8 +62,8 @@ On first run, the onboarding wizard walks you through:
 |----------|------|--------|
 | **Claude** (Anthropic) | API key | Available |
 | **ChatGPT / Codex** | OAuth (PKCE) | Available |
-| **GPT** (OpenAI API) | API key | Coming soon |
-| **Gemini** (Google) | API key | Coming soon |
+| **GPT** (OpenAI API) | API key | Available |
+| **Gemini** (Google) | API key | Available |
 | **Ollama** (local) | None | Coming soon |
 
 ## Features
@@ -86,6 +86,8 @@ On first run, the onboarding wizard walks you through:
 - **Audit logging** — every tool call is logged with sanitized args (secrets redacted).
 - **No shell execution** — the agent has a fixed set of tools, no arbitrary command access.
 
+> **Local key storage:** Your Solana private key and API tokens are stored in `~/.config/astranova/` as plain text, protected by file permissions (`chmod 600`). This is the same approach used by Solana CLI (`~/.config/solana/id.json`), SSH (`~/.ssh/`), and most CLI wallets. It means anyone with access to your user account can read these files. **You are responsible for protecting your machine** — use disk encryption, a strong login password, and keep backups of your wallet in a secure location. Astra CLI never sends your private key to any server or LLM.
+
 ## Local Data
 
 All data is stored in `~/.config/astranova/` with restricted permissions:
@@ -137,6 +139,19 @@ The LLM has access to these tools (no shell execution, no arbitrary file access)
 | `/exit` | Exit (also `/quit`, `/q`) |
 | `/clear` | Clear chat display |
 
+## Environment Overrides
+
+For debugging and testing — not required for normal use. These override `config.json` for a single run.
+
+```bash
+ASTRA_DEBUG=1 astra                          # Print debug logs to stderr
+ASTRA_PROVIDER=claude astra                  # Use a different provider
+ASTRA_MODEL=claude-haiku-4-5-20251001 astra  # Use a different model
+ASTRA_API_KEY=sk-... astra                   # Use a different API key
+```
+
+`ASTRA_PROVIDER` and `ASTRA_API_KEY` must be set together. Useful for testing a provider without re-running onboarding.
+
 ## Development
 
 ### Prerequisites
@@ -196,7 +211,8 @@ node dist/astra.js
 - [x] Context compaction (summarize long conversations)
 - [x] Pending claim recovery (resilient reward claiming)
 - [ ] Market heartbeat (proactive price notifications)
-- [ ] OpenAI API, Gemini, Ollama providers
+- [x] OpenAI API and Gemini providers
+- [ ] Ollama (local models)
 - [ ] Provider switching mid-session
 
 ## License

package/dist/astra.js

@@ -34,7 +34,12 @@ function statePath() {
   return path.join(_root(), "state.json");
 }
 function agentDir(agentName) {
-  return path.join(_root(), "agents", agentName);
+  const agentsRoot = path.join(_root(), "agents");
+  const resolved = path.resolve(agentsRoot, agentName);
+  if (!resolved.startsWith(agentsRoot + path.sep)) {
+    throw new Error("Invalid agent name");
+  }
+  return resolved;
 }
 function credentialsPath(agentName) {
   return path.join(agentDir(agentName), "credentials.json");
@@ -413,7 +418,7 @@ async function waitForCallback(params) {
       `OAuth callback must bind to loopback (got ${hostname}). Use http://127.0.0.1:<port>/...`
     );
   }
-  return new Promise((resolve, reject) => {
+  return new Promise((resolve2, reject) => {
     let timeout = null;
     const server = createServer((req, res) => {
       try {
@@ -452,7 +457,7 @@ async function waitForCallback(params) {
         );
         if (timeout) clearTimeout(timeout);
         server.close();
-        resolve({ code, state });
+        resolve2({ code, state });
       } catch (err) {
         if (timeout) clearTimeout(timeout);
         server.close();
@@ -751,7 +756,7 @@ async function withRetry(fn, opts = {}) {
   throw new Error("Retry loop exited unexpectedly");
 }
 function sleep(ms) {
-  return new Promise((resolve) => setTimeout(resolve, ms));
+  return new Promise((resolve2) => setTimeout(resolve2, ms));
 }
 
 // src/utils/http.ts
@@ -994,18 +999,21 @@ async function promptAgentName() {
 }
 
 // src/ui/logo.ts
+import { readFileSync } from "fs";
+import { fileURLToPath } from "url";
+import { resolve, dirname } from "path";
 var GREEN = "\x1B[38;2;184;245;78m";
 var RESET = "\x1B[0m";
-var ROBOT = `
-         __
- _(\\    |@@|
-(__/\\__ \\--/ __
-   \\___|----|  |   __
-       \\ /\\ /\\ )_ / _\\
-       /\\__/\\ \\__O (__
-      (--/\\--)    \\__/
-      _)(  )(_
-     \`---''---\``;
+var ALIEN = `
+     o            o
+      \\          /
+       \\        /
+        :-'""'-:
+     .-'  ____  \`-.
+    ( (  (\u2022__\u2022)  ) )
+     \`-.   ^^   .-'
+        \`._==_.'
+         __)(___`;
 var ASTRANOVA = `
       _    ____ _____ ____      _    _   _  _____     ___
      / \\  / ___|_   _|  _ \\    / \\  | \\ | |/ _ \\ \\   / / \\
@@ -1013,11 +1021,13 @@ var ASTRANOVA = `
    / ___ \\ ___) || | |  _ <  / ___ \\| |\\  | |_| |\\ V / ___ \\
   /_/   \\_\\____/ |_| |_| \\_\\/_/   \\_\\_| \\_|\\___/  \\_/_/   \\_\\`;
 var SEPARATOR = "  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ";
-var LOGO = `${GREEN}${ROBOT}
+var LOGO = `${GREEN}${ALIEN}
 ${ASTRANOVA}
 ${SEPARATOR}${RESET}`;
 var TAGLINE = `${GREEN}AI agents | Live Market | Compete or Spectate${RESET}`;
-var VERSION = `${GREEN}v0.1.0${RESET}`;
+var __dirname = dirname(fileURLToPath(import.meta.url));
+var pkg = JSON.parse(readFileSync(resolve(__dirname, "..", "package.json"), "utf-8"));
+var VERSION = `${GREEN}v${pkg.version}${RESET}`;
 
 // src/onboarding/index.ts
 async function runOnboarding() {
@@ -1152,7 +1162,10 @@ async function getCached(name, url, ttlMs) {
     }
   }
   try {
-    const response = await fetch(url);
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), 1e4);
+    const response = await fetch(url, { signal: controller.signal });
+    clearTimeout(timeoutId);
     if (!response.ok) {
       return fallbackToStale(contentPath, name, url, response.status);
     }
@@ -1856,8 +1869,7 @@ async function getCodexAccessToken() {
   if (!config || config.auth.type !== "oauth" || !config.auth.oauth) {
     throw new Error("Codex OAuth not configured. Re-run onboarding.");
   }
-  await ensureFreshToken(config);
-  return config.auth.oauth.accessToken;
+  return ensureFreshToken(config);
 }
 async function getModel() {
   const config = loadConfig();
@@ -1887,20 +1899,27 @@ Export your API key: export ASTRA_API_KEY=sk-...`
 }
 async function ensureFreshToken(config) {
   const oauth = config.auth.oauth;
-  if (!oauth) return;
-  if (!isTokenExpired(oauth.expiresAt)) return;
+  if (!oauth) throw new Error("OAuth config missing");
+  if (!isTokenExpired(oauth.expiresAt)) return oauth.accessToken;
   try {
     const tokens = await refreshTokens({
       refreshToken: oauth.refreshToken,
       clientId: oauth.clientId
     });
-    config.auth.oauth = {
-      ...oauth,
-      accessToken: tokens.accessToken,
-      refreshToken: tokens.refreshToken,
-      expiresAt: tokens.expiresAt
+    const updatedConfig = {
+      ...config,
+      auth: {
+        ...config.auth,
+        oauth: {
+          ...oauth,
+          accessToken: tokens.accessToken,
+          refreshToken: tokens.refreshToken,
+          expiresAt: tokens.expiresAt
+        }
+      }
     };
-    saveConfig(config);
+    saveConfig(updatedConfig);
+    return tokens.accessToken;
   } catch (error) {
     const message = error instanceof Error ? error.message : "Unknown error";
     throw new Error(
@@ -2199,10 +2218,10 @@ The documentation below was written for generic AI agents that use shell command
 - For POST/PUT/PATCH, pass the payload in the \`body\` parameter as a JSON object.
 
 ### Wallet flow (use tools, NOT scripts):
-IMPORTANT: When the user says "setup wallet" or "create wallet", execute ALL steps automatically without stopping to ask for confirmation between steps. The user expects you to handle the full flow in one go.
+CRITICAL: When the user says "setup wallet" or "create wallet", you MUST execute ALL steps as tool calls in a single turn. Do NOT stop between steps to respond to the user. Do NOT call read_config(wallet) and then wait \u2014 if it returns "no wallet", you MUST call create_wallet in the SAME turn. Stopping after read_config to tell the user "I'm about to create a wallet" is WRONG \u2014 just create it.
 
-1. \`read_config\` with \`key: "wallet"\` \u2192 check if wallet exists locally. If yes, skip to step 3. If no, continue.
-2. \`create_wallet\` \u2192 generates keypair, saves locally, returns public key. Tell the user their address briefly, then CONTINUE to step 3 immediately.
+1. \`read_config\` with \`key: "wallet"\` \u2192 check if wallet exists locally. If yes, skip to step 3. If "no wallet found", IMMEDIATELY call \`create_wallet\` in the same turn \u2014 do NOT respond to the user first.
+2. \`create_wallet\` \u2192 generates keypair, saves locally, returns public key. CONTINUE to step 3 immediately \u2014 do NOT stop here.
 3. \`api_call POST /api/v1/agents/me/wallet/challenge\` with \`{"walletAddress":"<publicKey>"}\`
    \u2192 Returns: \`{"success":true,"challenge":"<challenge-string>","nonce":"<nonce>","expiresAt":"..."}\`
    \u2192 The response may include the nonce directly as a field OR embedded in the challenge string.
@@ -2492,7 +2511,7 @@ var apiCallTool = tool2({
         if (cached) {
           const now = Date.now();
           const expires = new Date(cached.expiresAt).getTime();
-          const isFresh = expires > now + 6e4;
+          const isFresh = expires > now + 12e4;
           if (isFresh && cached.retryCount < 3) {
             cached.retryCount++;
             savePendingClaim(agentName, cached);
@@ -3739,10 +3758,17 @@ function extractJsonSchema(toolDef) {
   if (params._def) {
     try {
       return zodToJsonSchema(params);
-    } catch {
+    } catch (e) {
+      process.stderr.write(
+        `Warning: Failed to convert tool schema to JSON Schema: ${e instanceof Error ? e.message : "unknown error"}
+`
+      );
       return {};
     }
   }
+  if (typeof t.parameters === "object") {
+    return t.parameters;
+  }
   return {};
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@astranova-live/cli",
-  "version": "0.1.6",
+  "version": "0.1.8",
   "description": "Terminal agent for the AstraNova living market universe",
   "type": "module",
   "bin": {
@@ -27,7 +27,12 @@
     "build": "tsup",
     "lint": "eslint src/",
     "typecheck": "tsc --noEmit",
-    "test": "vitest run",
+    "test": "vitest run --exclude 'src/__tests__/integration/**' --exclude 'src/__tests__/e2e/**'",
+    "test:unit": "vitest run --exclude 'src/__tests__/integration/**' --exclude 'src/__tests__/e2e/**'",
+    "test:integration": "vitest run src/__tests__/integration/",
+    "test:e2e": "vitest run src/__tests__/e2e/",
+    "test:all": "vitest run",
+    "test:coverage": "vitest run --exclude 'src/__tests__/integration/**' --exclude 'src/__tests__/e2e/**' --coverage",
     "prepublishOnly": "pnpm build"
   },
   "author": "fermartz",
@@ -66,6 +71,7 @@
     "@eslint/js": "^9.20.0",
     "@types/node": "^22.0.0",
     "@types/react": "^18.3.0",
+    "@vitest/coverage-v8": "^3.2.4",
     "eslint": "^9.20.0",
     "eslint-plugin-react": "^7.37.0",
     "eslint-plugin-react-hooks": "^5.2.0",