@bankr/cli 0.2.9 → 0.2.13

package/README.md

@@ -15,7 +15,7 @@ npm install -g @bankr/cli
 bankr login
 
 # Send a prompt
-bankr prompt "what's trending on base?"
+bankr agent "what's trending on base?"
 
 # Or use the shorthand (no subcommand)
 bankr "what is the price of ETH?"
@@ -60,17 +60,17 @@ bankr logout
 
 ```bash
 # Send a prompt and wait for the response
-bankr prompt "swap 10 USDC to ETH on base"
+bankr agent "swap 10 USDC to ETH on base"
 
 # Shorthand — just pass the prompt directly
 bankr "what are the top holders of VIRTUAL?"
 
 # Continue the most recent conversation
-bankr prompt --continue "and what about SOL?"
-bankr prompt -c "compare them"
+bankr agent --continue "and what about SOL?"
+bankr agent -c "compare them"
 
 # Continue a specific thread
-bankr prompt --thread thr_ABC123 "tell me more"
+bankr agent --thread thr_ABC123 "tell me more"
 ```
 
 ### Token Launch
@@ -95,10 +95,10 @@ bankr launch --name "TESTCOIN" --fee "0x1234..." --fee-type wallet -y
 
 ```bash
 # Check the status of a job
-bankr status job_ABC123DEF456
+bankr agent status job_ABC123DEF456
 
 # Cancel a running job
-bankr cancel job_ABC123DEF456
+bankr agent cancel job_ABC123DEF456
 ```
 
 ### Configuration

package/dist/cli.js

@@ -119,10 +119,9 @@ loginCmd
     .option("--key-name <name>", "API key name (default: CLI)")
     .option("--read-write", "Disable read-only mode (allow transactions)")
     .option("--no-wallet-api", "Disable Wallet API (enabled by default)")
-    .option("--agent-api", "Enable Agent API (AI prompts)")
     .option("--no-token-launch", "Disable Token Launch API (enabled by default)")
     .option("--llm", "Enable LLM gateway on the API key")
-    .option("--allowed-ips <ips>", "Comma-separated IP allowlist (requests from other IPs will be blocked)")
+    .option("--allowed-ips <ips>", "Comma-separated IP/CIDR allowlist, e.g. 1.2.3.4,10.0.0.0/24")
     .option("--allowed-recipients <addresses>", "Comma-separated EVM/Solana addresses (agent will only send funds to these)")
     .action(async (address, opts, cmd) => {
     const parentOpts = cmd.parent.opts();
@@ -135,7 +134,6 @@ loginCmd
         keyName: opts.keyName,
         readWrite: opts.readWrite,
         walletApi: opts.walletApi,
-        agentApi: opts.agentApi,
         tokenLaunch: opts.tokenLaunch,
         llm: opts.llm,
         allowedIps: opts.allowedIps,
@@ -150,9 +148,8 @@ loginCmd
     .option("--key-name <name>", "API key name (default: SIWE-<date>)")
     .option("--read-write", "Disable read-only mode (allow transactions)")
     .option("--no-wallet-api", "Disable Wallet API (enabled by default)")
-    .option("--agent-api", "Enable Agent API (AI prompts)")
     .option("--no-token-launch", "Disable Token Launch API (enabled by default)")
-    .option("--allowed-ips <ips>", "Comma-separated IP allowlist (requests from other IPs will be blocked)")
+    .option("--allowed-ips <ips>", "Comma-separated IP/CIDR allowlist, e.g. 1.2.3.4,10.0.0.0/24")
     .option("--allowed-recipients <addresses>", "Comma-separated EVM/Solana addresses (agent will only send funds to these)")
     .action(async (opts, cmd) => {
     const parentOpts = cmd.parent.opts();
@@ -164,7 +161,6 @@ loginCmd
         keyName: opts.keyName,
         readWrite: opts.readWrite,
         walletApi: opts.walletApi,
-        agentApi: opts.agentApi,
         tokenLaunch: opts.tokenLaunch,
         allowedIps: opts.allowedIps,
         allowedRecipients: opts.allowedRecipients,
@@ -274,7 +270,9 @@ const agentCmd = program
     .description("AI agent commands (prompt, status, cancel, profile, skills)")
     .option("--thread <id>", "Continue a specific conversation thread")
     .option("-c, --continue", "Continue the most recent thread")
-    .action(async (text, opts) => {
+    .option("-m, --model <model>", "Use Max Mode with a specific model (e.g. claude-opus-4.6)")
+    .action(async (text, opts, cmd) => {
+    opts.model ?? (opts.model = cmd.parent?.opts()?.model);
     const joined = text.join(" ").trim();
     if (!joined) {
         agentCmd.help();
@@ -287,7 +285,11 @@ agentCmd
     .description("Send a prompt to the Bankr AI agent")
     .option("--thread <id>", "Continue a specific conversation thread")
     .option("-c, --continue", "Continue the most recent thread")
-    .action(async (text, opts) => {
+    .option("-m, --model <model>", "Use Max Mode with a specific model (e.g. claude-opus-4.6)")
+    .action(async (text, opts, cmd) => {
+    // Commander hoists --model to the parent when both define it;
+    // fall back to parent/grandparent opts so `bankr agent prompt --model` works.
+    opts.model ?? (opts.model = cmd.parent?.opts()?.model ?? cmd.parent?.parent?.opts()?.model);
     const joined = text.join(" ").trim();
     await promptCommand(joined || (await readPromptInput()), opts);
 });
@@ -562,14 +564,19 @@ program
     .command("logout")
     .description("Clear stored credentials")
     .action(logoutCommand);
-// ── Deprecated aliases (kept for backward compat) ──────────────────────
+// ── Deprecated aliases (hidden from help, show runtime warning) ──────
+function deprecatedCmd(oldCmd, newCmd) {
+    output.warn(`"bankr ${oldCmd}" is deprecated and will be removed in a future release. Use "bankr ${newCmd}" instead.`);
+    console.log();
+}
 program
-    .command("balances")
+    .command("balances", { hidden: true })
     .description("Deprecated: use `bankr wallet portfolio` instead")
     .option("--chain <chains>", "Chain(s) to fetch (comma-separated)")
     .option("--json", "Output raw JSON")
     .option("--low-value", "Include low-value tokens (under $1)")
     .action(async (opts) => {
+    deprecatedCmd("balances", "wallet portfolio");
     await balancesCommand({
         chain: opts.chain,
         json: opts.json,
@@ -577,27 +584,37 @@ program
     });
 });
 program
-    .command("prompt [text...]")
+    .command("prompt [text...]", { hidden: true })
     .description("Deprecated: use `bankr agent <prompt>` instead")
     .option("--thread <id>")
     .option("-c, --continue")
-    .action(async (text, opts) => {
+    .option("-m, --model <model>")
+    .action(async (text, opts, cmd) => {
+    deprecatedCmd("prompt", "agent <prompt>");
+    opts.model ?? (opts.model = cmd.parent?.opts()?.model);
     const joined = text.join(" ").trim();
     await promptCommand(joined || (await readPromptInput()), opts);
 });
 program
-    .command("status <jobId>")
+    .command("status <jobId>", { hidden: true })
     .description("Deprecated: use `bankr agent status` instead")
-    .action(statusCommand);
+    .action(async (jobId) => {
+    deprecatedCmd("status", "agent status");
+    await statusCommand(jobId);
+});
 program
-    .command("cancel <jobId>")
+    .command("cancel <jobId>", { hidden: true })
     .description("Deprecated: use `bankr agent cancel` instead")
-    .action(cancelCommand);
+    .action(async (jobId) => {
+    deprecatedCmd("cancel", "agent cancel");
+    await cancelCommand(jobId);
+});
 const profileAliasCmd = program
-    .command("profile")
+    .command("profile", { hidden: true })
     .description("Deprecated: use `bankr agent profile` instead")
     .option("--json", "Output raw JSON")
     .action(async (opts) => {
+    deprecatedCmd("profile", "agent profile");
     await profileViewCommand({ json: opts.json });
 });
 profileAliasCmd
@@ -609,6 +626,7 @@ profileAliasCmd
     .option("--website <url>", "Project website URL")
     .option("--json", "Output raw JSON")
     .action(async (opts) => {
+    deprecatedCmd("profile create", "agent profile create");
     await profileCreateCommand({
         name: opts.name,
         description: opts.description,
@@ -627,6 +645,7 @@ profileAliasCmd
     .option("--website <url>", "Project website URL")
     .option("--json", "Output raw JSON")
     .action(async (opts) => {
+    deprecatedCmd("profile update", "agent profile update");
     await profileUpdateCommand({
         name: opts.name,
         description: opts.description,
@@ -636,13 +655,17 @@ profileAliasCmd
         json: opts.json,
     });
 });
-profileAliasCmd.command("delete").action(profileDeleteCommand);
+profileAliasCmd.command("delete").action(async () => {
+    deprecatedCmd("profile delete", "agent profile delete");
+    await profileDeleteCommand();
+});
 profileAliasCmd
     .command("add-update")
     .option("--title <title>", "Update title")
     .option("--content <text>", "Update content")
     .option("--json", "Output raw JSON")
     .action(async (opts) => {
+    deprecatedCmd("profile add-update", "agent profile add-update");
     await profileAddUpdateCommand({
         title: opts.title,
         content: opts.content,
@@ -650,13 +673,14 @@ profileAliasCmd
     });
 });
 program
-    .command("sign")
+    .command("sign", { hidden: true })
     .description("Deprecated: use `bankr wallet sign` instead")
     .requiredOption("-t, --type <type>", "Signature type")
     .option("-m, --message <message>", "Message to sign")
     .option("--typed-data <json>", "EIP-712 typed data as JSON")
     .option("--transaction <json>", "Transaction as JSON")
     .action(async (opts) => {
+    deprecatedCmd("sign", "wallet sign");
     await signCommand({
         type: opts.type,
         message: opts.message,
@@ -665,7 +689,7 @@ program
     });
 });
 const submitAliasCmd = program
-    .command("submit")
+    .command("submit", { hidden: true })
     .description("Deprecated: use `bankr wallet submit` instead");
 submitAliasCmd
     .command("tx")
@@ -682,6 +706,7 @@ submitAliasCmd
     .option("-d, --description <text>", "Description")
     .option("--no-wait", "Don't wait for confirmation")
     .action(async (opts) => {
+    deprecatedCmd("submit tx", "wallet submit tx");
     await submitCommand({
         to: opts.to,
         chainId: opts.chainId,
@@ -702,6 +727,7 @@ submitAliasCmd
     .option("-d, --description <text>", "Description")
     .option("--no-wait", "Don't wait for confirmation")
     .action(async (transaction, opts) => {
+    deprecatedCmd("submit json", "wallet submit json");
     await submitJsonCommand(transaction, {
         noWait: !opts.wait,
         description: opts.description,
@@ -794,6 +820,7 @@ program
     .arguments("[text...]")
     .option("--thread <id>", "Continue a specific conversation thread")
     .option("-c, --continue", "Continue the most recent thread")
+    .option("-m, --model <model>", "Use Max Mode with a specific model (e.g. claude-opus-4.6)")
     .action(async (text, opts) => {
     if (text.length === 0) {
         program.help();

package/dist/commands/llm.js

@@ -484,7 +484,9 @@ export async function creditsAddCommand(amount, opts) {
         });
         spin.stop();
         if (res.status === 402) {
-            output.error("Insufficient wallet balance. Add funds to your wallet first.");
+            const errBody = (await res.json().catch(() => ({})));
+            output.error(errBody.error ??
+                "Insufficient wallet balance. Add funds to your wallet first.");
             process.exit(1);
         }
         if (res.status === 403) {

package/dist/commands/login.d.ts

@@ -7,7 +7,6 @@ export declare function loginCommand(opts: {
     keyName?: string;
     readWrite?: boolean;
     walletApi?: boolean;
-    agentApi?: boolean;
     tokenLaunch?: boolean;
     llm?: boolean;
     llmKey?: string;

package/dist/commands/login.js

@@ -95,7 +95,7 @@ async function callAcceptTerms(apiUrl, identityToken) {
     }
 }
 async function callGenerateApiKey(apiUrl, identityToken, opts) {
-    const res = await fetch(`${apiUrl}/generate-api-key`, {
+    const res = await fetch(`${apiUrl}/api-keys`, {
         method: "POST",
         headers: {
             "Content-Type": "application/json",
@@ -263,14 +263,8 @@ async function emailLoginFlow(apiUrl, opts) {
     // Fine-grained API flags. walletApi and tokenLaunch default to enabled.
     // --read-write only controls readOnly, not which APIs are enabled.
     const enableWallet = opts.walletApi ?? true;
-    const enableAgent = opts.agentApi ??
-        (headless
-            ? false
-            : await confirm({
-                message: "Enable Agent API? (AI prompts)",
-                default: false,
-                theme: output.bankrTheme,
-            }));
+    // Agent API must be enabled from the website (bankr.bot/api), not the CLI.
+    const enableAgent = false;
     const enableTokenLaunch = opts.tokenLaunch ?? true;
     const enableLlm = opts.llm ??
         (headless
@@ -280,8 +274,8 @@ async function emailLoginFlow(apiUrl, opts) {
                 default: false,
                 theme: output.bankrTheme,
             }));
-    if (opts.readWrite && !enableWallet && !enableAgent) {
-        output.warn("--read-write has no effect when both Wallet API and Agent API are disabled");
+    if (opts.readWrite && !enableWallet) {
+        output.warn("--read-write has no effect when Wallet API is disabled");
     }
     const keySpin = output.spinner("Generating API key...");
     let apiKeyResult;
@@ -323,6 +317,7 @@ async function emailLoginFlow(apiUrl, opts) {
         ];
         output.dim(`  Recipients: ${parts.join(", ")}`);
     }
+    output.dim("  Agent API: enable at bankr.bot/api");
     output.dim("  Manage keys at bankr.bot/api");
     return apiKeyResult.apiKey;
 }
@@ -374,7 +369,7 @@ async function siweLoginFlow(apiUrl, opts) {
             keyName: opts.keyName ?? `SIWE-${new Date().toISOString().slice(0, 10)}`,
             readOnly: opts.readOnly ?? false,
             walletApiEnabled: opts.walletApi ?? true,
-            agentApiEnabled: opts.agentApi ?? false,
+            agentApiEnabled: false,
             tokenLaunchApiEnabled: opts.tokenLaunch ?? true,
             allowedIps: opts.allowedIps,
             allowedRecipients: opts.allowedRecipients,
@@ -435,14 +430,31 @@ async function validateApiKey(apiUrl, apiKey) {
     }
 }
 // ── Main login command ──────────────────────────────────────────────
+function isValidIpOrCidr(value) {
+    const slashIdx = value.indexOf("/");
+    if (slashIdx === -1)
+        return isIP(value) !== 0;
+    const ip = value.slice(0, slashIdx);
+    const prefix = Number(value.slice(slashIdx + 1));
+    if (!Number.isInteger(prefix) || prefix < 0)
+        return false;
+    const version = isIP(ip);
+    if (version === 0)
+        return false;
+    // ::ffff: mapped IPv4 addresses normalize to IPv4 at runtime,
+    // so validate prefix against IPv4 max (32) not IPv6 max (128)
+    const isV4Mapped = version === 6 && ip.toLowerCase().startsWith("::ffff:");
+    const maxPrefix = isV4Mapped ? 32 : version === 4 ? 32 : 128;
+    return prefix <= maxPrefix;
+}
 function parseAndValidateIps(raw) {
     const ips = raw
         .split(",")
         .map((s) => s.trim())
         .filter(Boolean);
-    const invalid = ips.filter((ip) => isIP(ip) === 0);
+    const invalid = ips.filter((ip) => !isValidIpOrCidr(ip));
     if (invalid.length > 0) {
-        fatal(`Invalid IP address(es): ${invalid.join(", ")}`);
+        fatal(`Invalid IP address(es) or CIDR range(s): ${invalid.join(", ")}`);
     }
     return ips;
 }
@@ -547,7 +559,6 @@ export async function loginCommand(opts) {
             keyName: opts.keyName,
             readOnly: !opts.readWrite,
             walletApi: opts.walletApi,
-            agentApi: opts.agentApi,
             tokenLaunch: opts.tokenLaunch,
             ...getParsedRestrictions(),
         });

package/dist/commands/prompt.d.ts

@@ -1,6 +1,7 @@
 export interface PromptOptions {
     thread?: string;
     continue?: boolean;
+    model?: string;
 }
 export declare function promptCommand(text: string, options?: PromptOptions): Promise<void>;
 //# sourceMappingURL=prompt.d.ts.map

package/dist/commands/prompt.js

@@ -1,7 +1,39 @@
-import { pollJob, submitPrompt } from "../lib/api.js";
+import { ApiError, pollJob, submitPrompt } from "../lib/api.js";
 import { emitCESP } from "../lib/cesp/engine.js";
 import { getLastThreadId, requireApiKey, setLastThreadId, } from "../lib/config.js";
 import * as output from "../lib/output.js";
+/** Valid Max Mode model IDs — hardcoded because CLI is standalone (no monorepo imports).
+ *  Must be manually kept in sync with models in the LLM gateway DB. */
+const VALID_MAX_MODE_MODELS = new Set([
+    // Claude (Vertex AI)
+    "claude-opus-4.6",
+    "claude-opus-4.5",
+    "claude-sonnet-4.6",
+    "claude-sonnet-4.5",
+    "claude-haiku-4.5",
+    // Gemini (Vertex AI)
+    "gemini-3.1-pro",
+    "gemini-3-pro",
+    "gemini-2.5-pro",
+    // OpenAI (OpenRouter)
+    "gpt-5.4",
+    "gpt-5.4-mini",
+    "gpt-5.2",
+    "gpt-5-mini",
+    // Grok (OpenRouter)
+    "grok-4.1-fast",
+    // DeepSeek (OpenRouter)
+    "deepseek-v3.2",
+    // Qwen (OpenRouter)
+    "qwen3-coder",
+    "qwen3.5-plus",
+    // MiniMax (direct)
+    "minimax-m2.5",
+    "minimax-m2.7",
+    // Other (OpenRouter)
+    "kimi-k2.5",
+    "glm-5",
+]);
 export async function promptCommand(text, options = {}) {
     requireApiKey();
     // Resolve thread ID from flags
@@ -16,11 +48,20 @@ export async function promptCommand(text, options = {}) {
     else if (options.thread) {
         threadId = options.thread;
     }
+    // Resolve Max Mode from --model flag
+    let maxMode;
+    if (options.model) {
+        if (!VALID_MAX_MODE_MODELS.has(options.model)) {
+            output.error(`Invalid model "${options.model}". Valid models: ${[...VALID_MAX_MODE_MODELS].join(", ")}`);
+            process.exit(1);
+        }
+        maxMode = { enabled: true, model: options.model };
+    }
     let spin = output.spinner("Submitting prompt...");
     let jobId;
     let resolvedThreadId;
     try {
-        const res = await submitPrompt(text, threadId);
+        const res = await submitPrompt(text, threadId, maxMode);
         jobId = res.jobId;
         resolvedThreadId = res.threadId;
         spin.succeed("Prompt submitted");
@@ -34,7 +75,19 @@ export async function promptCommand(text, options = {}) {
     }
     catch (err) {
         spin.fail("Failed to submit prompt");
-        output.error(err.message);
+        if (err instanceof ApiError && err.body.remediation?.length) {
+            output.error(err.body.message);
+            if (process.stdout.isTTY) {
+                output.remediation(err.body.remediation);
+            }
+            else {
+                // Machine-readable JSON for AI agents / piped usage
+                console.log(JSON.stringify(err.body));
+            }
+        }
+        else {
+            output.error(err.message);
+        }
         process.exit(1);
     }
     try {

package/dist/commands/x402.js

@@ -296,6 +296,18 @@ export async function x402ConfigureCommand(name) {
         default: existing.methods?.[0] ?? "GET",
         theme: output.bankrTheme,
     });
+    const paymentScheme = await select({
+        message: "Payment scheme:",
+        choices: [
+            { name: "exact — client pays exactly the listed price", value: "exact" },
+            {
+                name: "upto — client authorizes a max; server settles actual cost",
+                value: "upto",
+            },
+        ],
+        default: existing.paymentScheme ?? "exact",
+        theme: output.bankrTheme,
+    });
     config.services[name] = {
         ...existing,
         description,
@@ -303,6 +315,7 @@ export async function x402ConfigureCommand(name) {
         currency,
         network,
         methods: method === "*" ? undefined : [method],
+        paymentScheme,
     };
     saveConfigFile(root, config);
     output.success(`Updated config for "${name}"`);

package/dist/lib/api.d.ts

@@ -43,7 +43,25 @@ export interface JobStatusResponse {
     richData?: unknown[];
     cancellable?: boolean;
 }
-export declare function submitPrompt(prompt: string, threadId?: string): Promise<PromptResponse>;
+export interface ApiErrorBody {
+    error: string;
+    message: string;
+    remediation?: Array<{
+        action: string;
+        label: string;
+        url?: string;
+        command?: string;
+    }>;
+}
+export declare class ApiError extends Error {
+    status: number;
+    body: ApiErrorBody;
+    constructor(status: number, body: ApiErrorBody);
+}
+export declare function submitPrompt(prompt: string, threadId?: string, maxMode?: {
+    enabled: boolean;
+    model: string;
+}): Promise<PromptResponse>;
 export declare function getJobStatus(jobId: string): Promise<JobStatusResponse>;
 export declare function cancelJob(jobId: string): Promise<JobStatusResponse>;
 export declare function validateApiKey(): Promise<boolean>;

package/dist/lib/api.js

@@ -29,13 +29,32 @@ async function handleResponse(res) {
     }
     return res.json();
 }
-export async function submitPrompt(prompt, threadId) {
+export class ApiError extends Error {
+    constructor(status, body) {
+        super(body.message);
+        this.name = "ApiError";
+        this.status = status;
+        this.body = body;
+    }
+}
+export async function submitPrompt(prompt, threadId, maxMode) {
     const res = await fetch(`${getApiUrl()}/agent/prompt`, {
         method: "POST",
         headers: authHeaders(),
-        body: JSON.stringify({ prompt, ...(threadId && { threadId }) }),
+        body: JSON.stringify({
+            prompt,
+            ...(threadId && { threadId }),
+            ...(maxMode && { maxMode }),
+        }),
     });
-    return handleResponse(res);
+    if (!res.ok) {
+        const body = (await res.json().catch(() => ({
+            error: res.statusText,
+            message: res.statusText,
+        })));
+        throw new ApiError(res.status, body);
+    }
+    return res.json();
 }
 export async function getJobStatus(jobId) {
     const res = await fetch(`${getApiUrl()}/agent/job/${jobId}`, {

package/dist/lib/output.d.ts

@@ -33,5 +33,16 @@ export declare function maskApiKey(key: string): string;
 export declare function formatDuration(ms: number): string;
 export declare function formatUsd(value: string | number): string;
 export declare function formatBalance(value: string | number, decimals?: number): string;
+export interface RemediationStep {
+    action: string;
+    label: string;
+    url?: string;
+    command?: string;
+}
+/**
+ * Display a structured remediation block with actionable fix steps.
+ * Used when the API returns a `remediation` array in error responses.
+ */
+export declare function remediation(steps: RemediationStep[]): void;
 export declare function formatStatus(status: string): string;
 //# sourceMappingURL=output.d.ts.map

package/dist/lib/output.js

@@ -92,6 +92,19 @@ export function formatBalance(value, decimals = 6) {
         maximumFractionDigits: decimals,
     });
 }
+/**
+ * Display a structured remediation block with actionable fix steps.
+ * Used when the API returns a `remediation` array in error responses.
+ */
+export function remediation(steps) {
+    console.log();
+    console.log(`  ${brandColorBold("Options:")}`);
+    for (const step of steps) {
+        const target = step.command ?? step.url ?? "";
+        console.log(`    ${brandColor("→")} ${step.label.padEnd(40)} ${chalk.dim(target)}`);
+    }
+    console.log();
+}
 export function formatStatus(status) {
     switch (status) {
         case "completed":

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bankr/cli",
-  "version": "0.2.9",
+  "version": "0.2.13",
   "description": "Official CLI for the Bankr AI agent platform",
   "type": "module",
   "bin": {