@bountyagents/bountyagents-task 2026.2.2715 → 2026.3.9

package/dist/index.js

@@ -9841,14 +9841,14 @@ var require_util = __commonJS((exports, module) => {
       }
       const port = url.port != null ? url.port : url.protocol === "https:" ? 443 : 80;
       let origin = url.origin != null ? url.origin : `${url.protocol || ""}//${url.hostname || ""}:${port}`;
-      let path = url.path != null ? url.path : `${url.pathname || ""}${url.search || ""}`;
+      let path2 = url.path != null ? url.path : `${url.pathname || ""}${url.search || ""}`;
       if (origin[origin.length - 1] === "/") {
         origin = origin.slice(0, origin.length - 1);
       }
-      if (path && path[0] !== "/") {
-        path = `/${path}`;
+      if (path2 && path2[0] !== "/") {
+        path2 = `/${path2}`;
       }
-      return new URL(`${origin}${path}`);
+      return new URL(`${origin}${path2}`);
     }
     if (!isHttpOrHttpsPrefixed(url.origin || url.protocol)) {
       throw new InvalidArgumentError("Invalid URL protocol: the URL must start with `http:` or `https:`.");
@@ -10602,9 +10602,9 @@ var require_diagnostics = __commonJS((exports, module) => {
     });
     diagnosticsChannel.subscribe("undici:client:sendHeaders", (evt) => {
       const {
-        request: { method, path, origin }
+        request: { method, path: path2, origin }
       } = evt;
-      debugLog("sending request to %s %s%s", method, origin, path);
+      debugLog("sending request to %s %s%s", method, origin, path2);
     });
   }
   var isTrackingRequestEvents = false;
@@ -10619,23 +10619,23 @@ var require_diagnostics = __commonJS((exports, module) => {
     isTrackingRequestEvents = true;
     diagnosticsChannel.subscribe("undici:request:headers", (evt) => {
       const {
-        request: { method, path, origin },
+        request: { method, path: path2, origin },
         response: { statusCode }
       } = evt;
-      debugLog("received response to %s %s%s - HTTP %d", method, origin, path, statusCode);
+      debugLog("received response to %s %s%s - HTTP %d", method, origin, path2, statusCode);
     });
     diagnosticsChannel.subscribe("undici:request:trailers", (evt) => {
       const {
-        request: { method, path, origin }
+        request: { method, path: path2, origin }
       } = evt;
-      debugLog("trailers received from %s %s%s", method, origin, path);
+      debugLog("trailers received from %s %s%s", method, origin, path2);
     });
     diagnosticsChannel.subscribe("undici:request:error", (evt) => {
       const {
-        request: { method, path, origin },
+        request: { method, path: path2, origin },
         error
       } = evt;
-      debugLog("request to %s %s%s errored - %s", method, origin, path, error.message);
+      debugLog("request to %s %s%s errored - %s", method, origin, path2, error.message);
     });
   }
   var isTrackingWebSocketEvents = false;
@@ -10710,7 +10710,7 @@ var require_request = __commonJS((exports, module) => {
 
   class Request2 {
     constructor(origin, {
-      path,
+      path: path2,
       method,
       body,
       headers,
@@ -10726,11 +10726,11 @@ var require_request = __commonJS((exports, module) => {
       throwOnError,
       maxRedirections
     }, handler) {
-      if (typeof path !== "string") {
+      if (typeof path2 !== "string") {
         throw new InvalidArgumentError("path must be a string");
-      } else if (path[0] !== "/" && !(path.startsWith("http://") || path.startsWith("https://")) && method !== "CONNECT") {
+      } else if (path2[0] !== "/" && !(path2.startsWith("http://") || path2.startsWith("https://")) && method !== "CONNECT") {
         throw new InvalidArgumentError("path must be an absolute URL or start with a slash");
-      } else if (invalidPathRegex.test(path)) {
+      } else if (invalidPathRegex.test(path2)) {
         throw new InvalidArgumentError("invalid request path");
       }
       if (typeof method !== "string") {
@@ -10798,7 +10798,7 @@ var require_request = __commonJS((exports, module) => {
       this.completed = false;
       this.aborted = false;
       this.upgrade = upgrade || null;
-      this.path = query ? serializePathWithQuery(path, query) : path;
+      this.path = query ? serializePathWithQuery(path2, query) : path2;
       this.origin = origin;
       this.protocol = getProtocolFromUrlString(origin);
       this.idempotent = idempotent == null ? method === "HEAD" || method === "GET" : idempotent;
@@ -15332,7 +15332,7 @@ var require_client_h1 = __commonJS((exports, module) => {
     return method !== "GET" && method !== "HEAD" && method !== "OPTIONS" && method !== "TRACE" && method !== "CONNECT";
   }
   function writeH1(client, request) {
-    const { method, path, host, upgrade, blocking, reset } = request;
+    const { method, path: path2, host, upgrade, blocking, reset } = request;
     let { body, headers, contentLength } = request;
     const expectsPayload = method === "PUT" || method === "POST" || method === "PATCH" || method === "QUERY" || method === "PROPFIND" || method === "PROPPATCH";
     if (util.isFormDataLike(body)) {
@@ -15398,7 +15398,7 @@ var require_client_h1 = __commonJS((exports, module) => {
     if (blocking) {
       socket[kBlocking] = true;
     }
-    let header = `${method} ${path} HTTP/1.1\r
+    let header = `${method} ${path2} HTTP/1.1\r
 `;
     if (typeof host === "string") {
       header += `host: ${host}\r
@@ -16015,7 +16015,7 @@ var require_client_h2 = __commonJS((exports, module) => {
   function writeH2(client, request) {
     const requestTimeout = request.bodyTimeout ?? client[kBodyTimeout];
     const session = client[kHTTP2Session];
-    const { method, path, host, upgrade, expectContinue, signal, protocol, headers: reqHeaders } = request;
+    const { method, path: path2, host, upgrade, expectContinue, signal, protocol, headers: reqHeaders } = request;
     let { body } = request;
     if (upgrade != null && upgrade !== "websocket") {
       util.errorRequest(client, request, new InvalidArgumentError(`Custom upgrade "${upgrade}" not supported over HTTP/2`));
@@ -16083,7 +16083,7 @@ var require_client_h2 = __commonJS((exports, module) => {
         }
         headers[HTTP2_HEADER_METHOD] = "CONNECT";
         headers[HTTP2_HEADER_PROTOCOL] = "websocket";
-        headers[HTTP2_HEADER_PATH] = path;
+        headers[HTTP2_HEADER_PATH] = path2;
         if (protocol === "ws:" || protocol === "wss:") {
           headers[HTTP2_HEADER_SCHEME] = protocol === "ws:" ? "http" : "https";
         } else {
@@ -16126,7 +16126,7 @@ var require_client_h2 = __commonJS((exports, module) => {
       stream.setTimeout(requestTimeout);
       return true;
     }
-    headers[HTTP2_HEADER_PATH] = path;
+    headers[HTTP2_HEADER_PATH] = path2;
     headers[HTTP2_HEADER_SCHEME] = protocol === "http:" ? "http" : "https";
     const expectsPayload = method === "PUT" || method === "POST" || method === "PATCH";
     if (body && typeof body.read === "function") {
@@ -17654,10 +17654,10 @@ var require_proxy_agent = __commonJS((exports, module) => {
       };
       const {
         origin,
-        path = "/",
+        path: path2 = "/",
         headers = {}
       } = opts;
-      opts.path = origin + path;
+      opts.path = origin + path2;
       if (!("host" in headers) && !("Host" in headers)) {
         const { host } = new URL(origin);
         headers.host = host;
@@ -19519,20 +19519,20 @@ var require_mock_utils = __commonJS((exports, module) => {
     }
     return normalizedQp;
   }
-  function safeUrl(path) {
-    if (typeof path !== "string") {
-      return path;
+  function safeUrl(path2) {
+    if (typeof path2 !== "string") {
+      return path2;
     }
-    const pathSegments = path.split("?", 3);
+    const pathSegments = path2.split("?", 3);
     if (pathSegments.length !== 2) {
-      return path;
+      return path2;
     }
     const qp = new URLSearchParams(pathSegments.pop());
     qp.sort();
     return [...pathSegments, qp.toString()].join("?");
   }
-  function matchKey(mockDispatch2, { path, method, body, headers }) {
-    const pathMatch = matchValue(mockDispatch2.path, path);
+  function matchKey(mockDispatch2, { path: path2, method, body, headers }) {
+    const pathMatch = matchValue(mockDispatch2.path, path2);
     const methodMatch = matchValue(mockDispatch2.method, method);
     const bodyMatch = typeof mockDispatch2.body !== "undefined" ? matchValue(mockDispatch2.body, body) : true;
     const headersMatch = matchHeaders(mockDispatch2, headers);
@@ -19557,8 +19557,8 @@ var require_mock_utils = __commonJS((exports, module) => {
     const basePath = key.query ? serializePathWithQuery(key.path, key.query) : key.path;
     const resolvedPath = typeof basePath === "string" ? safeUrl(basePath) : basePath;
     const resolvedPathWithoutTrailingSlash = removeTrailingSlash(resolvedPath);
-    let matchedMockDispatches = mockDispatches.filter(({ consumed }) => !consumed).filter(({ path, ignoreTrailingSlash }) => {
-      return ignoreTrailingSlash ? matchValue(removeTrailingSlash(safeUrl(path)), resolvedPathWithoutTrailingSlash) : matchValue(safeUrl(path), resolvedPath);
+    let matchedMockDispatches = mockDispatches.filter(({ consumed }) => !consumed).filter(({ path: path2, ignoreTrailingSlash }) => {
+      return ignoreTrailingSlash ? matchValue(removeTrailingSlash(safeUrl(path2)), resolvedPathWithoutTrailingSlash) : matchValue(safeUrl(path2), resolvedPath);
     });
     if (matchedMockDispatches.length === 0) {
       throw new MockNotMatchedError(`Mock dispatch not matched for path '${resolvedPath}'`);
@@ -19596,19 +19596,19 @@ var require_mock_utils = __commonJS((exports, module) => {
       mockDispatches.splice(index2, 1);
     }
   }
-  function removeTrailingSlash(path) {
-    while (path.endsWith("/")) {
-      path = path.slice(0, -1);
+  function removeTrailingSlash(path2) {
+    while (path2.endsWith("/")) {
+      path2 = path2.slice(0, -1);
     }
-    if (path.length === 0) {
-      path = "/";
+    if (path2.length === 0) {
+      path2 = "/";
     }
-    return path;
+    return path2;
   }
   function buildKey(opts) {
-    const { path, method, body, headers, query } = opts;
+    const { path: path2, method, body, headers, query } = opts;
     return {
-      path,
+      path: path2,
       method,
       body,
       headers,
@@ -20246,10 +20246,10 @@ var require_pending_interceptors_formatter = __commonJS((exports, module) => {
       });
     }
     format(pendingInterceptors) {
-      const withPrettyHeaders = pendingInterceptors.map(({ method, path, data: { statusCode }, persist, times, timesInvoked, origin }) => ({
+      const withPrettyHeaders = pendingInterceptors.map(({ method, path: path2, data: { statusCode }, persist, times, timesInvoked, origin }) => ({
         Method: method,
         Origin: origin,
-        Path: path,
+        Path: path2,
         "Status code": statusCode,
         Persistent: persist ? PERSISTENT : NOT_PERSISTENT,
         Invocations: timesInvoked,
@@ -20328,9 +20328,9 @@ var require_mock_agent = __commonJS((exports, module) => {
       const acceptNonStandardSearchParameters = this[kMockAgentAcceptsNonStandardSearchParameters];
       const dispatchOpts = { ...opts };
       if (acceptNonStandardSearchParameters && dispatchOpts.path) {
-        const [path, searchParams] = dispatchOpts.path.split("?");
+        const [path2, searchParams] = dispatchOpts.path.split("?");
         const normalizedSearchParams = normalizeSearchParams(searchParams, acceptNonStandardSearchParameters);
-        dispatchOpts.path = `${path}?${normalizedSearchParams}`;
+        dispatchOpts.path = `${path2}?${normalizedSearchParams}`;
       }
       return this[kAgent].dispatch(dispatchOpts, handler);
     }
@@ -20689,12 +20689,12 @@ var require_snapshot_recorder = __commonJS((exports, module) => {
       };
     }
     async loadSnapshots(filePath) {
-      const path = filePath || this.#snapshotPath;
-      if (!path) {
+      const path2 = filePath || this.#snapshotPath;
+      if (!path2) {
         throw new InvalidArgumentError("Snapshot path is required");
       }
       try {
-        const data = await readFile(resolve(path), "utf8");
+        const data = await readFile(resolve(path2), "utf8");
         const parsed = JSON.parse(data);
         if (Array.isArray(parsed)) {
           this.#snapshots.clear();
@@ -20708,16 +20708,16 @@ var require_snapshot_recorder = __commonJS((exports, module) => {
         if (error.code === "ENOENT") {
           this.#snapshots.clear();
         } else {
-          throw new UndiciError(`Failed to load snapshots from ${path}`, { cause: error });
+          throw new UndiciError(`Failed to load snapshots from ${path2}`, { cause: error });
         }
       }
     }
     async saveSnapshots(filePath) {
-      const path = filePath || this.#snapshotPath;
-      if (!path) {
+      const path2 = filePath || this.#snapshotPath;
+      if (!path2) {
         throw new InvalidArgumentError("Snapshot path is required");
       }
-      const resolvedPath = resolve(path);
+      const resolvedPath = resolve(path2);
       await mkdir(dirname(resolvedPath), { recursive: true });
       const data = Array.from(this.#snapshots.entries()).map(([hash3, snapshot]) => ({
         hash: hash3,
@@ -21195,15 +21195,15 @@ var require_redirect_handler = __commonJS((exports, module) => {
         return;
       }
       const { origin, pathname, search } = util.parseURL(new URL(this.location, this.opts.origin && new URL(this.opts.path, this.opts.origin)));
-      const path = search ? `${pathname}${search}` : pathname;
-      const redirectUrlString = `${origin}${path}`;
+      const path2 = search ? `${pathname}${search}` : pathname;
+      const redirectUrlString = `${origin}${path2}`;
       for (const historyUrl of this.history) {
         if (historyUrl.toString() === redirectUrlString) {
           throw new InvalidArgumentError(`Redirect loop detected. Cannot redirect to ${origin}. This typically happens when using a Client or Pool with cross-origin redirects. Use an Agent for cross-origin redirects.`);
         }
       }
       this.opts.headers = cleanRequestHeaders(this.opts.headers, statusCode === 303, this.opts.origin !== origin);
-      this.opts.path = path;
+      this.opts.path = path2;
       this.opts.origin = origin;
       this.opts.query = null;
     }
@@ -27251,9 +27251,9 @@ var require_util4 = __commonJS((exports, module) => {
       }
     }
   }
-  function validateCookiePath(path) {
-    for (let i = 0;i < path.length; ++i) {
-      const code = path.charCodeAt(i);
+  function validateCookiePath(path2) {
+    for (let i = 0;i < path2.length; ++i) {
+      const code = path2.charCodeAt(i);
       if (code < 32 || code === 127 || code === 59) {
         throw new Error("Invalid cookie path");
       }
@@ -30026,6 +30026,27 @@ var require_eventsource = __commonJS((exports, module) => {
   };
 });
 
+// src/helper.ts
+import * as fs from "fs";
+import * as path from "path";
+import * as os from "os";
+function json(data) {
+  return {
+    content: [{ type: "text", text: JSON.stringify(data, null, 2) }],
+    details: data
+  };
+}
+var KEY_PATH = path.join(os.homedir(), ".bountyagents_key");
+function getPrivateKey() {
+  if (fs.existsSync(KEY_PATH)) {
+    const key = fs.readFileSync(KEY_PATH, "utf-8").trim();
+    if (key.startsWith("0x")) {
+      return key;
+    }
+  }
+  return "0x289f92dd30c36ff24b75b48623c70dea2b428dabac7a52c5ca810bcda64d861b";
+}
+
 // ../node_modules/.pnpm/@sinclair+typebox@0.34.48/node_modules/@sinclair/typebox/build/esm/type/guard/value.mjs
 var exports_value = {};
 __export(exports_value, {
@@ -41198,6 +41219,12 @@ init_getAddress();
 init_isAddress();
 init_toBytes();
 init_keccak256();
+// ../node_modules/.pnpm/viem@2.46.2_typescript@5.9.3_zod@4.3.6/node_modules/viem/_esm/accounts/generatePrivateKey.js
+init_secp256k1();
+init_toHex();
+function generatePrivateKey() {
+  return toHex(secp256k1.utils.randomPrivateKey());
+}
 // ../node_modules/.pnpm/viem@2.46.2_typescript@5.9.3_zod@4.3.6/node_modules/viem/_esm/accounts/privateKeyToAccount.js
 init_secp256k1();
 init_toHex();
@@ -41376,14 +41403,6 @@ var buildSettleDataHash = (contractAddress, key, owner, token, worker, amount) =
   ]));
 };
 
-// src/helper.ts
-function json(data) {
-  return {
-    content: [{ type: "text", text: JSON.stringify(data, null, 2) }],
-    details: data
-  };
-}
-
 // node_modules/undici/index.js
 var __filename = "/Users/amigo/Develop/mizu/bountyagents/plugin/node_modules/undici/index.js";
 var Client = require_client();
@@ -41447,11 +41466,11 @@ function makeDispatcher(fn) {
       if (typeof opts.path !== "string") {
         throw new InvalidArgumentError("invalid opts.path");
       }
-      let path = opts.path;
+      let path2 = opts.path;
       if (!opts.path.startsWith("/")) {
-        path = `/${path}`;
+        path2 = `/${path2}`;
       }
-      url = new URL(util.parseOrigin(url).origin + path);
+      url = new URL(util.parseOrigin(url).origin + path2);
     } else {
       if (!opts) {
         opts = typeof url === "object" ? url : {};
@@ -42288,10 +42307,10 @@ function mergeDefs(...defs) {
 function cloneDef(schema) {
   return mergeDefs(schema._zod.def);
 }
-function getElementAtPath(obj, path) {
-  if (!path)
+function getElementAtPath(obj, path2) {
+  if (!path2)
     return obj;
-  return path.reduce((acc, key) => acc?.[key], obj);
+  return path2.reduce((acc, key) => acc?.[key], obj);
 }
 function promiseAllObject(promisesObj) {
   const keys = Object.keys(promisesObj);
@@ -42672,11 +42691,11 @@ function aborted(x, startIndex = 0) {
   }
   return false;
 }
-function prefixIssues(path, issues) {
+function prefixIssues(path2, issues) {
   return issues.map((iss) => {
     var _a;
     (_a = iss).path ?? (_a.path = []);
-    iss.path.unshift(path);
+    iss.path.unshift(path2);
     return iss;
   });
 }
@@ -42859,7 +42878,7 @@ function formatError(error, mapper = (issue2) => issue2.message) {
 }
 function treeifyError(error, mapper = (issue2) => issue2.message) {
   const result = { errors: [] };
-  const processError = (error2, path = []) => {
+  const processError = (error2, path2 = []) => {
     var _a, _b;
     for (const issue2 of error2.issues) {
       if (issue2.code === "invalid_union" && issue2.errors.length) {
@@ -42869,7 +42888,7 @@ function treeifyError(error, mapper = (issue2) => issue2.message) {
       } else if (issue2.code === "invalid_element") {
         processError({ issues: issue2.issues }, issue2.path);
       } else {
-        const fullpath = [...path, ...issue2.path];
+        const fullpath = [...path2, ...issue2.path];
         if (fullpath.length === 0) {
           result.errors.push(mapper(issue2));
           continue;
@@ -42901,8 +42920,8 @@ function treeifyError(error, mapper = (issue2) => issue2.message) {
 }
 function toDotPath(_path) {
   const segs = [];
-  const path = _path.map((seg) => typeof seg === "object" ? seg.key : seg);
-  for (const seg of path) {
+  const path2 = _path.map((seg) => typeof seg === "object" ? seg.key : seg);
+  for (const seg of path2) {
     if (typeof seg === "number")
       segs.push(`[${seg}]`);
     else if (typeof seg === "symbol")
@@ -54649,13 +54668,13 @@ function resolveRef(ref, ctx) {
   if (!ref.startsWith("#")) {
     throw new Error("External $ref is not supported, only local refs (#/...) are allowed");
   }
-  const path = ref.slice(1).split("/").filter(Boolean);
-  if (path.length === 0) {
+  const path2 = ref.slice(1).split("/").filter(Boolean);
+  if (path2.length === 0) {
     return ctx.rootSchema;
   }
   const defsKey = ctx.version === "draft-2020-12" ? "$defs" : "definitions";
-  if (path[0] === defsKey) {
-    const key = path[1];
+  if (path2[0] === defsKey) {
+    const key = path2[1];
     if (!key || !ctx.defs[key]) {
       throw new Error(`Reference not found: ${ref}`);
     }
@@ -55056,7 +55075,7 @@ function date4(params) {
 // ../node_modules/.pnpm/zod@4.3.6/node_modules/zod/v4/classic/external.js
 config(en_default());
 // src/task-db-types.ts
-var taskStatusSchema = exports_external.enum(["finished", "draft", "active", "closed"]);
+var taskStatusSchema = exports_external.enum(["finished", "draft", "active", "closed", "pending_review"]);
 var responseStatusSchema = exports_external.enum(["pending", "approved", "rejected"]);
 var taskRecordSchema = exports_external.object({
   id: exports_external.string().uuid(),
@@ -55111,8 +55130,6 @@ var decisionPayloadSchema = exports_external.object({
   settlementSignature: signatureSchema.optional()
 }).refine((value) => value.status !== "pending", {
   message: "Status must be approved or rejected"
-}).refine((value) => value.status === "approved" ? Boolean(value.settlementSignature) : true, {
-  message: "settlementSignature required when approving"
 });
 var cancelTaskPayloadSchema = exports_external.object({
   taskId: exports_external.string().uuid()
@@ -55269,8 +55286,8 @@ class BaseBountyPlugin {
       execute: (rawInput) => executor(schema.parse(rawInput))
     });
   }
-  async request(path, body, method = "POST") {
-    const response = await $fetch(`${this.baseUrl}${path}`, {
+  async request(path2, body, method = "POST") {
+    const response = await $fetch(`${this.baseUrl}${path2}`, {
       method,
       headers: {
         "content-type": "application/json"
@@ -55335,25 +55352,29 @@ class BountyAgentsPublisherPlugin extends BaseBountyPlugin {
     if (!task.token || task.price === "0") {
       throw new Error("Task is not funded yet");
     }
-    if (payload.price !== task.price) {
-      throw new Error("Price does not match funded amount");
+    const taskPrice = task.price;
+    if (payload.price !== taskPrice) {
+      throw new Error(`Price mismatch: payload price ${payload.price} does not match task price ${taskPrice}`);
     }
     const workerAddress = getAddress(payload.workerAddress);
     if (workerAddress !== getAddress(responseRecord.worker)) {
       throw new Error("Worker address mismatch");
     }
-    const settlementSignature = payload.status === "approved" ? await this.createSettlementSignature(responseRecord.task_id, workerAddress, payload.price, task.token) : undefined;
-    const canonicalPayload = {
+    const settlementSignature = payload.status === "approved" ? await this.createSettlementSignature(responseRecord.task_id, workerAddress, taskPrice, task.token) : undefined;
+    const body = {
       responseId: payload.responseId,
       workerAddress,
       price: payload.price,
       status: payload.status,
-      settlementSignature
-    };
-    const body = {
-      ...canonicalPayload,
+      settlementSignature,
       ownerAddress: this.signer.address,
-      signature: await this.signPayload(decisionSignaturePayload(canonicalPayload))
+      signature: await this.signPayload(decisionSignaturePayload({
+        responseId: payload.responseId,
+        workerAddress,
+        price: payload.price,
+        status: payload.status,
+        settlementSignature
+      }))
     };
     const response = await this.request(`/responses/${payload.responseId}/decision`, body);
     return submissionResponseSchema.parse(response).response;
@@ -55495,7 +55516,6 @@ class PrivateKeySigner {
 // src/publisher.ts
 var SERVICE_URL = "http://localhost:3000";
 var CONTRACT_ADDRESS = "0x55D45aFA265d0381C8A81328FfeA408D2Dd45F40";
-var PRIVATE_KEY = "0x289f92dd30c36ff24b75b48623c70dea2b428dabac7a52c5ca810bcda64d861b";
 var TEST_TOKEN_ADDRESS = "0x56DA32693A4e6dDd0eDC932b295cb00372f37f8b";
 var AGENT_ESCROW_ABI = [
   {
@@ -55548,7 +55568,7 @@ var ERC20_ABI = [
   }
 ];
 async function createBountyTask(params) {
-  const signer = new PrivateKeySigner(PRIVATE_KEY);
+  const signer = new PrivateKeySigner(getPrivateKey());
   const plugin = new BountyAgentsPublisherPlugin(signer, {
     serviceUrl: SERVICE_URL,
     contractAddress: CONTRACT_ADDRESS
@@ -55561,7 +55581,7 @@ async function createBountyTask(params) {
   return task;
 }
 async function fundBountyTask(params) {
-  const signer = new PrivateKeySigner(PRIVATE_KEY);
+  const signer = new PrivateKeySigner(getPrivateKey());
   const plugin = new BountyAgentsPublisherPlugin(signer, {
     serviceUrl: SERVICE_URL,
     contractAddress: CONTRACT_ADDRESS
@@ -55573,7 +55593,7 @@ async function fundBountyTask(params) {
   return task;
 }
 async function depositToken(params) {
-  const account = privateKeyToAccount(PRIVATE_KEY);
+  const account = privateKeyToAccount(getPrivateKey());
   const chain = bscTestnet;
   const transport = http();
   const walletClient = createWalletClient({
@@ -55630,6 +55650,15 @@ async function depositToken(params) {
     rawLockedAmount: depositInfo.amountLocked.toString()
   };
 }
+async function decideOnResponse(params) {
+  const signer = new PrivateKeySigner(getPrivateKey());
+  const plugin = new BountyAgentsPublisherPlugin(signer, {
+    serviceUrl: SERVICE_URL,
+    contractAddress: CONTRACT_ADDRESS
+  });
+  const response = await plugin.executeTool("bountyagents.publisher.task.decision", params);
+  return response;
+}
 function registerPublisherTools(api3) {
   api3.registerTool({
     name: "create_bounty_task",
@@ -55686,14 +55715,36 @@ function registerPublisherTools(api3) {
       }
     }
   });
+  api3.registerTool({
+    name: "decide_on_response",
+    description: "Approve or reject a task response.",
+    parameters: Type.Object({
+      responseId: Type.String(),
+      workerAddress: Type.String(),
+      price: Type.String(),
+      status: Type.Union([
+        Type.Literal("approved"),
+        Type.Literal("rejected")
+      ])
+    }),
+    async execute(_id, params) {
+      try {
+        const result = await decideOnResponse(params);
+        return json(result);
+      } catch (error48) {
+        return json({
+          error: error48 instanceof Error ? error48.message : String(error48)
+        });
+      }
+    }
+  });
 }
 
 // src/worker.ts
 var SERVICE_URL2 = "http://localhost:3000";
 var CONTRACT_ADDRESS2 = "0x55D45aFA265d0381C8A81328FfeA408D2Dd45F40";
-var PRIVATE_KEY2 = "0x289f92dd30c36ff24b75b48623c70dea2b428dabac7a52c5ca810bcda64d861b";
 async function getAvailableTask(params) {
-  const signer = new PrivateKeySigner(PRIVATE_KEY2);
+  const signer = new PrivateKeySigner(getPrivateKey());
   const plugin = new BountyAgentsWorkerPlugin(signer, {
     serviceUrl: SERVICE_URL2,
     contractAddress: CONTRACT_ADDRESS2
@@ -55710,6 +55761,18 @@ async function getAvailableTask(params) {
   }
   return tasks[0];
 }
+async function submitResponse(params) {
+  const signer = new PrivateKeySigner(getPrivateKey());
+  const plugin = new BountyAgentsWorkerPlugin(signer, {
+    serviceUrl: SERVICE_URL2,
+    contractAddress: CONTRACT_ADDRESS2
+  });
+  const response = await plugin.executeTool("bountyagents.worker.task.respond", {
+    taskId: params.taskId,
+    payload: params.payload
+  });
+  return response;
+}
 function registerWorkerTools(api3) {
   api3.registerTool({
     name: "get_available_task",
@@ -55732,10 +55795,66 @@ function registerWorkerTools(api3) {
       }
     }
   });
+  api3.registerTool({
+    name: "submit_task_response",
+    description: "Submit a response for an active bounty task.",
+    parameters: Type.Object({
+      taskId: Type.String(),
+      content: Type.String()
+    }),
+    async execute(_id, params) {
+      try {
+        const result = await submitResponse({
+          taskId: params.taskId,
+          payload: params.content
+        });
+        return json(result);
+      } catch (error48) {
+        return json({
+          error: error48 instanceof Error ? error48.message : String(error48)
+        });
+      }
+    }
+  });
 }
 
 // index.ts
+import * as fs2 from "fs";
 function register(api3) {
+  api3.registerCommand({
+    name: "upclaw",
+    description: "UpClaw Bounty Agents Task commands",
+    acceptsArgs: true,
+    handler: async (ctx) => {
+      const args = ctx.args?.trim() ?? "";
+      const tokens = args.split(/\s+/).filter(Boolean);
+      const action = (tokens[0] ?? "status").toLowerCase();
+      if (action === "init") {
+        try {
+          if (!fs2.existsSync(KEY_PATH)) {
+            const pk = generatePrivateKey();
+            fs2.writeFileSync(KEY_PATH, pk, "utf-8");
+            return json({
+              text: `Initialized new EVM private key and saved to ${KEY_PATH}`
+            });
+          } else {
+            return json({
+              text: `EVM private key already exists at ${KEY_PATH}`
+            });
+          }
+        } catch (error48) {
+          return json({
+            text: "Failed to initialize key:",
+            error: error48.message
+          });
+        }
+      }
+      return json({
+        text: ["UpClaw Bounty Agents Task commands:", "", "/upclaw init"].join(`
+`)
+      });
+    }
+  });
   registerPublisherTools(api3);
   registerWorkerTools(api3);
 }

package/index.ts

@@ -1,52 +1,45 @@
+import { json, KEY_PATH } from "./src/helper.js";
 import { registerPublisherTools } from "./src/publisher.js";
 import { registerWorkerTools } from "./src/worker.js";
+import { generatePrivateKey } from "viem/accounts";
+import * as fs from "fs";
 
 export default function register(api: any) {
-  // api.registerCommand({
-  //   name: "task",
-  //   description: "Bounty Agents Task commands",
-  //   acceptsArgs: true,
-  //   handler: async (ctx: any) => {
-  //     const args = ctx.args?.trim() ?? "";
-  //     const tokens = args.split(/\s+/).filter(Boolean);
-  //     const action = (tokens[0] ?? "status").toLowerCase();
+  api.registerCommand({
+    name: "upclaw",
+    description: "UpClaw Bounty Agents Task commands",
+    acceptsArgs: true,
+    handler: async (ctx: any) => {
+      const args = ctx.args?.trim() ?? "";
+      const tokens = args.split(/\s+/).filter(Boolean);
+      const action = (tokens[0] ?? "status").toLowerCase();
 
-  //     if (action === "create") {
-  //       const signer = new PrivateKeySigner(
-  //         "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80"
-  //       );
-  //       const plugin = new BountyAgentsPublisherPlugin(signer, {
-  //         serviceUrl: "http://localhost:3000",
-  //         contractAddress: "0x55D45aFA265d0381C8A81328FfeA408D2Dd45F40",
-  //       });
+      if (action === "init") {
+        try {
+          if (!fs.existsSync(KEY_PATH)) {
+            const pk = generatePrivateKey();
+            fs.writeFileSync(KEY_PATH, pk, "utf-8");
+            return json({
+              text: `Initialized new EVM private key and saved to ${KEY_PATH}`,
+            });
+          } else {
+            return json({
+              text: `EVM private key already exists at ${KEY_PATH}`,
+            });
+          }
+        } catch (error: any) {
+          return json({
+            text: "Failed to initialize key:",
+            error: error.message,
+          });
+        }
+      }
 
-  //       try {
-  //         const task = (await plugin.executeTool(
-  //           "bountyagents.publisher.task.create",
-  //           {
-  //             id: crypto.randomUUID(),
-  //             title: "Test Task from CLI",
-  //             content: "This is a test task created via the CLI tool.",
-  //           }
-  //         )) as any;
-  //         console.log("Task created successfully:", task);
-  //         return {
-  //           text: `Task created successfully: ${task.id}`,
-  //         };
-  //       } catch (error) {
-  //         console.error("Failed to create task:", error);
-  //         return {
-  //           text: "Failed to create task:",
-  //           error: error,
-  //         };
-  //       }
-  //     }
-
-  //     return {
-  //       text: ["Bounty Agents Task commands:", "", "/task create"].join("\n"),
-  //     };
-  //   },
-  // });
+      return json({
+        text: ["UpClaw Bounty Agents Task commands:", "", "/upclaw init"].join("\n"),
+      });
+    },
+  });
 
   registerPublisherTools(api);
   registerWorkerTools(api);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bountyagents/bountyagents-task",
-  "version": "2026.2.2715",
+  "version": "2026.3.9",
   "description": "BountyAgents Task Plugin for OpenClaw",
   "type": "module",
   "main": "dist/index.js",

package/src/helper.ts

@@ -1,6 +1,23 @@
+import * as fs from "fs";
+import * as path from "path";
+import * as os from "os";
+
 export function json(data: unknown) {
   return {
     content: [{ type: "text" as const, text: JSON.stringify(data, null, 2) }],
     details: data,
   };
 }
+
+export const KEY_PATH = path.join(os.homedir(), ".bountyagents_key");
+
+export function getPrivateKey(): `0x${string}` {
+  if (fs.existsSync(KEY_PATH)) {
+    const key = fs.readFileSync(KEY_PATH, "utf-8").trim();
+    if (key.startsWith("0x")) {
+      return key as `0x${string}`;
+    }
+  }
+  // Fallback to the default one if the file doesn't exist to not break existing functionality directly, but throw error if user wants to use init
+  return "0x289f92dd30c36ff24b75b48623c70dea2b428dabac7a52c5ca810bcda64d861b";
+}

package/src/index.ts

@@ -214,8 +214,12 @@ export class BountyAgentsPublisherPlugin extends BaseBountyPlugin {
     if (!task.token || task.price === "0") {
       throw new Error("Task is not funded yet");
     }
-    if (payload.price !== task.price) {
-      throw new Error("Price does not match funded amount");
+    
+    // Use the price from the task record for the settlement signature
+    const taskPrice = task.price;
+    
+    if (payload.price !== taskPrice) {
+      throw new Error(`Price mismatch: payload price ${payload.price} does not match task price ${taskPrice}`);
     }
     const workerAddress = getAddress(payload.workerAddress as `0x${string}`);
     if (workerAddress !== getAddress(responseRecord.worker as `0x${string}`)) {
@@ -227,23 +231,26 @@ export class BountyAgentsPublisherPlugin extends BaseBountyPlugin {
         ? await this.createSettlementSignature(
             responseRecord.task_id,
             workerAddress,
-            payload.price,
+            taskPrice,
             task.token
           )
         : undefined;
 
-    const canonicalPayload: DecisionPayload = {
+    const body = {
       responseId: payload.responseId,
       workerAddress,
       price: payload.price,
       status: payload.status,
       settlementSignature,
-    };
-    const body = {
-      ...canonicalPayload,
       ownerAddress: this.signer.address,
       signature: await this.signPayload(
-        decisionSignaturePayload(canonicalPayload)
+        decisionSignaturePayload({
+          responseId: payload.responseId,
+          workerAddress,
+          price: payload.price,
+          status: payload.status,
+          settlementSignature,
+        })
       ),
     };
     const response = await this.request(

package/src/publisher.ts

@@ -3,14 +3,12 @@ import { createPublicClient, createWalletClient, http, parseUnits } from "viem";
 import { privateKeyToAccount } from "viem/accounts";
 import { bscTestnet } from "viem/chains";
 import { taskDepositKey } from "./escrow.js";
-import { json } from "./helper.js";
+import { json, getPrivateKey } from "./helper.js";
 import { BountyAgentsPublisherPlugin } from "./index.js";
 import { PrivateKeySigner } from "./signers.js";
 
 const SERVICE_URL = "http://localhost:3000";
 const CONTRACT_ADDRESS = "0x55D45aFA265d0381C8A81328FfeA408D2Dd45F40";
-const PRIVATE_KEY =
-  "0x289f92dd30c36ff24b75b48623c70dea2b428dabac7a52c5ca810bcda64d861b";
 const TEST_TOKEN_ADDRESS = "0x56DA32693A4e6dDd0eDC932b295cb00372f37f8b";
 
 const AGENT_ESCROW_ABI = [
@@ -69,7 +67,7 @@ export async function createBountyTask(params: {
   title: string;
   content: string;
 }) {
-  const signer = new PrivateKeySigner(PRIVATE_KEY);
+  const signer = new PrivateKeySigner(getPrivateKey());
   const plugin = new BountyAgentsPublisherPlugin(signer, {
     serviceUrl: SERVICE_URL,
     contractAddress: CONTRACT_ADDRESS,
@@ -87,7 +85,7 @@ export async function fundBountyTask(params: {
   taskId: string;
   token: string;
 }) {
-  const signer = new PrivateKeySigner(PRIVATE_KEY);
+  const signer = new PrivateKeySigner(getPrivateKey());
   const plugin = new BountyAgentsPublisherPlugin(signer, {
     serviceUrl: SERVICE_URL,
     contractAddress: CONTRACT_ADDRESS,
@@ -104,7 +102,7 @@ export async function depositToken(params: {
   taskId: string;
   amount?: string;
 }) {
-  const account = privateKeyToAccount(PRIVATE_KEY);
+  const account = privateKeyToAccount(getPrivateKey());
   const chain = bscTestnet;
   const transport = http();
 
@@ -175,6 +173,25 @@ export async function depositToken(params: {
   };
 }
 
+export async function decideOnResponse(params: {
+  responseId: string;
+  workerAddress: string;
+  price: string;
+  status: "approved" | "rejected";
+}) {
+  const signer = new PrivateKeySigner(getPrivateKey());
+  const plugin = new BountyAgentsPublisherPlugin(signer, {
+    serviceUrl: SERVICE_URL,
+    contractAddress: CONTRACT_ADDRESS,
+  });
+
+  const response = (await plugin.executeTool(
+    "bountyagents.publisher.task.decision",
+    params
+  )) as any;
+  return response;
+}
+
 export function registerPublisherTools(api: any) {
   api.registerTool({
     name: "create_bounty_task",
@@ -236,4 +253,28 @@ export function registerPublisherTools(api: any) {
       }
     },
   });
+
+  api.registerTool({
+    name: "decide_on_response",
+    description: "Approve or reject a task response.",
+    parameters: Type.Object({
+      responseId: Type.String(),
+      workerAddress: Type.String(),
+      price: Type.String(),
+      status: Type.Union([
+        Type.Literal("approved"),
+        Type.Literal("rejected"),
+      ]),
+    }),
+    async execute(_id: string, params: any) {
+      try {
+        const result = await decideOnResponse(params);
+        return json(result);
+      } catch (error: any) {
+        return json({
+          error: error instanceof Error ? error.message : String(error),
+        });
+      }
+    },
+  });
 }

package/src/task-db-types.ts

@@ -1,6 +1,6 @@
 import { z } from 'zod';
 
-export const taskStatusSchema = z.enum(["finished", "draft", "active", "closed"]);
+export const taskStatusSchema = z.enum(["finished", "draft", "active", "closed", "pending_review"]);
 export type TaskStatus = z.infer<typeof taskStatusSchema>;
 
 export const responseStatusSchema = z.enum(["pending", "approved", "rejected"]);

package/src/types.ts

@@ -44,9 +44,6 @@ export const decisionPayloadSchema = z
   })
   .refine((value) => value.status !== 'pending', {
     message: 'Status must be approved or rejected'
-  })
-  .refine((value) => (value.status === 'approved' ? Boolean(value.settlementSignature) : true), {
-    message: 'settlementSignature required when approving'
   });
 
 export const cancelTaskPayloadSchema = z.object({

package/src/worker.ts

@@ -1,19 +1,17 @@
 import { Type } from "@sinclair/typebox";
 import { PrivateKeySigner } from "./signers.js";
 import { BountyAgentsWorkerPlugin } from "./index.js";
-import { json } from "./helper.js";
+import { json, getPrivateKey } from "./helper.js";
 
 const SERVICE_URL = "http://localhost:3000";
 const CONTRACT_ADDRESS = "0x55D45aFA265d0381C8A81328FfeA408D2Dd45F40";
-const PRIVATE_KEY =
-  "0x289f92dd30c36ff24b75b48623c70dea2b428dabac7a52c5ca810bcda64d861b";
 
 export async function getAvailableTask(params: {
   keyword?: string;
   pageSize?: number;
   pageNum?: number;
 }) {
-  const signer = new PrivateKeySigner(PRIVATE_KEY);
+  const signer = new PrivateKeySigner(getPrivateKey());
   const plugin = new BountyAgentsWorkerPlugin(signer, {
     serviceUrl: SERVICE_URL,
     contractAddress: CONTRACT_ADDRESS,
@@ -32,6 +30,23 @@ export async function getAvailableTask(params: {
   return tasks[0];
 }
 
+export async function submitResponse(params: {
+  taskId: string;
+  payload: string;
+}) {
+  const signer = new PrivateKeySigner(getPrivateKey());
+  const plugin = new BountyAgentsWorkerPlugin(signer, {
+    serviceUrl: SERVICE_URL,
+    contractAddress: CONTRACT_ADDRESS,
+  });
+
+  const response = (await plugin.executeTool("bountyagents.worker.task.respond", {
+    taskId: params.taskId,
+    payload: params.payload,
+  })) as any;
+  return response;
+}
+
 export function registerWorkerTools(api: any) {
   api.registerTool({
     name: "get_available_task",
@@ -55,4 +70,26 @@ export function registerWorkerTools(api: any) {
       }
     },
   });
+
+  api.registerTool({
+    name: "submit_task_response",
+    description: "Submit a response for an active bounty task.",
+    parameters: Type.Object({
+      taskId: Type.String(),
+      content: Type.String(),
+    }),
+    async execute(_id: string, params: any) {
+      try {
+        const result = await submitResponse({
+          taskId: params.taskId,
+          payload: params.content,
+        });
+        return json(result);
+      } catch (error: any) {
+        return json({
+          error: error instanceof Error ? error.message : String(error),
+        });
+      }
+    },
+  });
 }

package/test-response.ts

@@ -0,0 +1,43 @@
+import { submitResponse } from "./src/worker.js";
+import { decideOnResponse } from "./src/publisher.js";
+
+async function testResponseFlow() {
+  const taskId = "c5fc8fd0-e7db-4ec8-8fb9-86314cb6a5e7";
+  console.log(`\n--- Testing Response Flow for taskId: ${taskId} ---`);
+
+  try {
+    // 1. Submit Response
+    console.log("\n1. Submitting response as worker...");
+    const responseResult = await submitResponse({
+      taskId,
+      payload: "This is a test response content submitted via standalone function."
+    });
+    console.log("Response submission successful!");
+    console.log(JSON.stringify(responseResult, null, 2));
+
+    const responseId = responseResult.id;
+    const workerAddress = responseResult.worker;
+    // Note: In a real scenario, we might need to fetch the task to get the price, 
+    // but for testing we'll assume a value or use what's in the response if available.
+    // Based on the schema, price is on the task, not the response.
+    
+    // 2. Decide on Response (Approve)
+    console.log(`\n2. Deciding on response (approving) as publisher...`);
+    // We'll use the price from the task. Since the task was funded with 100 tokens, 
+    // we use the same value.
+    const decisionResult = await decideOnResponse({
+      responseId,
+      workerAddress,
+      price: "142500000",
+      status: "approved"
+    });
+    console.log("Decision (approval) successful!");
+    console.log(JSON.stringify(decisionResult, null, 2));
+
+  } catch (error) {
+    console.error("Test flow failed:");
+    console.error(error);
+  }
+}
+
+testResponseFlow();