@clawapps/cli 0.3.0 → 0.5.0

package/README.md

@@ -1,10 +1,9 @@
 # @clawapps/cli
 
+[![npm version](https://img.shields.io/npm/v/@clawapps/cli.svg)](https://www.npmjs.com/package/@clawapps/cli)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
 [![Node.js](https://img.shields.io/badge/Node.js-%3E%3D18-green.svg)](https://nodejs.org/)
 
-**[中文文档](README_zh.md)**
-
 A command-line tool for authenticating with the [ClawApps](https://www.clawapps.ai) platform. Sign in via Google or Apple directly from your terminal — tokens are stored locally for use by AI agents and scripts.
 
 ## Install
@@ -13,31 +12,24 @@ A command-line tool for authenticating with the [ClawApps](https://www.clawapps.
 npm install -g @clawapps/cli
 ```
 
-> **Not yet on npm?** Install from source:
-> ```bash
-> git clone git@github.com:ClawApps/clawapps-cli.git
-> cd clawapps-cli && npm install && npm run build && npm link
-> ```
-
 ## Commands
 
-### `claw login`
+### `clawapps login`
 
-Sign in with Google or Apple. Opens a browser for OAuth, then stores tokens locally.
+Sign in with Google or Apple. Opens a browser for OAuth, then stores tokens locally. If already logged in, auto-refreshes the token and extends the session.
 
 ```bash
-$ claw login
-? Choose login method: Google
-Opening browser for Google login...
+$ clawapps login
+Opening browser for login...
 ✔ Logged in as user@gmail.com
 ```
 
-### `claw whoami`
+### `clawapps whoami`
 
 Show current account info. Auto-refreshes expired tokens.
 
 ```bash
-$ claw whoami
+$ clawapps whoami
 ClawApps Account
 ──────────────────────────────
 Name:     Username
@@ -46,30 +38,79 @@ ID:       xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
 Provider: google
 ```
 
-### `claw logout`
+### `clawapps token`
+
+Print current valid access token. Auto-refreshes if expired. Designed for scripting.
+
+```bash
+$ clawapps token
+eyJhbGciOiJIUzI1NiIs...
+```
+
+Use in scripts:
+
+```bash
+curl -H "Authorization: Bearer $(clawapps token)" https://api.clawapps.ai/api/v1/...
+```
+
+### `clawapps credit`
+
+Open credit recharge page in browser.
+
+```bash
+$ clawapps credit
+Opening credit recharge page...
+Page opened in your browser.
+```
+
+### `clawapps membership`
+
+Open membership subscription page in browser.
+
+```bash
+$ clawapps membership
+Opening membership subscription page...
+Page opened in your browser.
+```
+
+### `clawapps payment-grant <skill_id>`
+
+Open payment grant page for a skill. Starts a local callback server to receive the payment token after authorization.
+
+```bash
+$ clawapps payment-grant c0ff42a9-2b54-48b3-b570-cb16be363ad6
+Opening payment grant page...
+Waiting for payment confirmation...
+
+Payment grant confirmed!
+Payment Token: 8d6d2e514eb241559a4dfcb3176ce3a4
+Auto Payment: disabled
+```
+
+### `clawapps logout`
 
 Sign out and clear local credentials.
 
 ```bash
-$ claw logout
+$ clawapps logout
 Logged out successfully.
 ```
 
 ## How It Works
 
 ```
-claw login
-  → Choose Google or Apple
+clawapps login
   → Local HTTP server starts on localhost (random port)
-  → Browser opens for OAuth
-  → Callback returns token to local server
-  → Token exchange: Google/Apple → OpenDigits → ClawApps
+  → Browser opens for OAuth (Google or Apple)
+  → Callback returns tokens to local server
   → Credentials saved to ~/.clawapps/credentials.json (0600)
-```
-
-**Google flow**: Implicit OAuth → local callback page extracts token from URL hash → POST to local server → exchange for ClawApps tokens.
 
-**Apple flow**: OpenDigits handles Apple OAuth → redirects to local callback with tokens in query params → exchange for ClawApps tokens.
+clawapps token
+  → Load local credentials
+  → Validate access token via API
+  → If expired, auto-refresh using refresh token
+  → Output valid access token to stdout
+```
 
 ## Credentials
 
@@ -80,41 +121,42 @@ Tokens are stored at `~/.clawapps/credentials.json` with file permissions `0600`
   "provider": "google",
   "access_token": "eyJ...",
   "refresh_token": "eyJ...",
-  "logged_in_at": "2026-02-24T11:11:35.871Z"
+  "logged_in_at": "2026-03-12T11:00:00.000Z"
 }
 ```
 
-Use in scripts:
-
-```bash
-TOKEN=$(cat ~/.clawapps/credentials.json | jq -r .access_token)
-curl -H "Authorization: Bearer $TOKEN" https://api.clawapps.ai/api/v1/...
-```
-
 ## Project Structure
 
 ```
 clawapps-cli/
-├── bin/claw.js                # Entry point
+├── bin/claw.js                    # Entry point
 ├── src/
-│   ├── index.ts               # Commander setup
+│   ├── index.ts                   # Commander setup
 │   ├── commands/
-│   │   ├── login.ts           # OAuth flow orchestration
-│   │   ├── logout.ts          # Clear credentials
-│   │   └── whoami.ts          # User info with auto-refresh
+│   │   ├── login.ts               # OAuth flow with auto-refresh
+│   │   ├── logout.ts              # Clear credentials
+│   │   ├── whoami.ts              # User info with auto-refresh
+│   │   ├── token.ts               # Print valid access token
+│   │   ├── credit.ts              # Open credit page
+│   │   ├── membership.ts          # Open membership page
+│   │   ├── payment-grant.ts       # Payment authorization flow
+│   │   └── helpers/
+│   │       └── ensure-token.ts    # Token validation & refresh
 │   ├── auth/
-│   │   ├── server.ts          # Local HTTP callback server
-│   │   ├── google.ts          # Google OAuth URL builder
-│   │   ├── apple.ts           # Apple OAuth URL builder (via OD)
-│   │   └── exchange.ts        # Token exchange (OD → ClawApps)
+│   │   ├── login-server.ts        # Login callback server
+│   │   ├── payment-server.ts      # Payment callback server
+│   │   ├── server.ts              # Google OAuth callback server
+│   │   ├── google.ts              # Google OAuth URL builder
+│   │   ├── apple.ts               # Apple OAuth URL builder
+│   │   └── exchange.ts            # Token exchange
 │   ├── lib/
-│   │   ├── config.ts          # API endpoints & constants
-│   │   ├── credentials.ts     # Read/write ~/.clawapps/credentials.json
-│   │   ├── api.ts             # HTTP request helpers
-│   │   └── types.ts           # TypeScript interfaces
+│   │   ├── config.ts              # API endpoints & constants
+│   │   ├── credentials.ts         # Read/write credentials
+│   │   ├── api.ts                 # HTTP request helpers
+│   │   └── types.ts               # TypeScript interfaces
 │   └── html/
-│       ├── callback.ts        # OAuth callback HTML templates
-│       └── logo-data.ts       # Logo (base64 embedded)
+│       ├── callback.ts            # OAuth callback HTML templates
+│       └── logo-data.ts           # Logo (base64 embedded)
 ├── package.json
 └── tsconfig.json
 ```

package/dist/auth/qr-poll.d.ts

@@ -0,0 +1,32 @@
+export interface CreateLoginCodeResult {
+    code: string;
+    expires_at: string;
+    qr_url: string;
+}
+export interface CreatePaymentCodeResult {
+    code: string;
+    type: string;
+    skill_id: string;
+    expires_at: string;
+    qr_url: string;
+}
+/**
+ * Call POST /agent/create-login-code to create a login code on the server.
+ * No authentication required.
+ */
+export declare function createLoginCode(): Promise<CreateLoginCodeResult>;
+/**
+ * Call POST /agent/create-payment-code to create a payment code on the server.
+ * Requires authentication (Bearer token).
+ */
+export declare function createPaymentCode(token: string, skillId: string, type?: string): Promise<CreatePaymentCodeResult>;
+/**
+ * Display a QR code in the terminal.
+ */
+export declare function displayQRCode(url: string): void;
+/**
+ * Poll the agent auth-code verification API.
+ * Resolves with the response data when the code is verified.
+ * Rejects on timeout or error.
+ */
+export declare function pollAuthCode<T>(code: string, type: 'login' | 'payment', timeoutMs?: number): Promise<T>;

package/dist/auth/qr-poll.js

@@ -0,0 +1,72 @@
+import qrcode from 'qrcode-terminal';
+import { CONFIG } from '../lib/config.js';
+/**
+ * Call POST /agent/create-login-code to create a login code on the server.
+ * No authentication required.
+ */
+export async function createLoginCode() {
+    const res = await fetch(CONFIG.AGENT_CREATE_LOGIN_CODE, { method: 'POST' });
+    const json = await res.json();
+    if (json.code === 'OK' && json.data?.code === 0 && json.data.data) {
+        return json.data.data;
+    }
+    throw new Error(json.data?.message || 'Failed to create login code');
+}
+/**
+ * Call POST /agent/create-payment-code to create a payment code on the server.
+ * Requires authentication (Bearer token).
+ */
+export async function createPaymentCode(token, skillId, type = 'one_time') {
+    const url = `${CONFIG.AGENT_CREATE_PAYMENT_CODE}?skill_id=${encodeURIComponent(skillId)}&type=${encodeURIComponent(type)}`;
+    const res = await fetch(url, {
+        method: 'POST',
+        headers: { 'Authorization': `Bearer ${token}` },
+    });
+    const json = await res.json();
+    if (json.code === 'OK' && json.data?.code === 0 && json.data.data) {
+        return json.data.data;
+    }
+    throw new Error(json.data?.message || 'Failed to create payment code');
+}
+/**
+ * Display a QR code in the terminal.
+ */
+export function displayQRCode(url) {
+    qrcode.generate(url, { small: true });
+}
+/**
+ * Poll the agent auth-code verification API.
+ * Resolves with the response data when the code is verified.
+ * Rejects on timeout or error.
+ */
+export function pollAuthCode(code, type, timeoutMs = CONFIG.AUTH_TIMEOUT_MS) {
+    return new Promise((resolve, reject) => {
+        const url = `${CONFIG.AGENT_AUTH_CODE}?code=${encodeURIComponent(code)}&type=${type}`;
+        const startTime = Date.now();
+        async function poll() {
+            if (Date.now() - startTime >= timeoutMs) {
+                reject(new Error('Verification timed out. Please try again.'));
+                return;
+            }
+            try {
+                const res = await fetch(url);
+                const json = await res.json();
+                // Outer envelope: code "OK", then check inner code
+                if (json.code === 'OK' && json.data) {
+                    if (json.data.code === 0 && json.data.data) {
+                        resolve(json.data.data);
+                        return;
+                    }
+                    // Inner code non-zero (e.g. 4007 "Code not found"), keep polling
+                }
+                // Other responses, keep polling
+            }
+            catch {
+                // Network error, keep polling
+            }
+            setTimeout(poll, CONFIG.AUTH_POLL_INTERVAL_MS);
+        }
+        poll();
+    });
+}
+//# sourceMappingURL=qr-poll.js.map

package/dist/auth/qr-poll.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"qr-poll.js","sourceRoot":"","sources":["../../src/auth/qr-poll.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,iBAAiB,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAgB1C;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,uBAAuB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5E,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAG1B,CAAC;IAEF,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAClE,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;IACxB,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,IAAI,6BAA6B,CAAC,CAAC;AACvE,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,KAAa,EACb,OAAe,EACf,OAAe,UAAU;IAEzB,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,yBAAyB,aAAa,kBAAkB,CAAC,OAAO,CAAC,SAAS,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;IAC3H,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAC3B,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,eAAe,EAAE,UAAU,KAAK,EAAE,EAAE;KAChD,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAG1B,CAAC;IAEF,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAClE,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;IACxB,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,IAAI,+BAA+B,CAAC,CAAC;AACzE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AACxC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAC1B,IAAY,EACZ,IAAyB,EACzB,YAAoB,MAAM,CAAC,eAAe;IAE1C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,eAAe,SAAS,kBAAkB,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC;QACtF,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,KAAK,UAAU,IAAI;YACjB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,IAAI,SAAS,EAAE,CAAC;gBACxC,MAAM,CAAC,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC,CAAC;gBAC/D,OAAO;YACT,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC7B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAG1B,CAAC;gBAEF,mDAAmD;gBACnD,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;oBACpC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;wBAC3C,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBACxB,OAAO;oBACT,CAAC;oBACD,iEAAiE;gBACnE,CAAC;gBAED,gCAAgC;YAClC,CAAC;YAAC,MAAM,CAAC;gBACP,8BAA8B;YAChC,CAAC;YAED,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,qBAAqB,CAAC,CAAC;QACjD,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/commands/login.js

@@ -1,11 +1,10 @@
 import chalk from 'chalk';
 import ora from 'ora';
-import open from 'open';
 import { loadCredentials, saveCredentials } from '../lib/credentials.js';
 import { apiGet } from '../lib/api.js';
 import { CONFIG } from '../lib/config.js';
-import { startLoginCallbackServer } from '../auth/login-server.js';
 import { ensureValidToken } from './helpers/ensure-token.js';
+import { createLoginCode, displayQRCode, pollAuthCode } from '../auth/qr-poll.js';
 export async function loginCommand() {
     // Check if already logged in, refresh token if needed
     const existing = await loadCredentials();
@@ -23,54 +22,52 @@ export async function loginCommand() {
             }
         }
         catch {
-            // Token validation/refresh failed, continue with browser login
+            // Token validation/refresh failed, continue with login
         }
     }
-    // Start local callback server to receive tokens from web
-    const { port, result, close } = await startLoginCallbackServer();
-    const callbackUrl = `http://localhost:${port}/callback`;
-    // Open web login page with callback
-    const loginUrl = `${CONFIG.CLAW_WEB_BASE}/login?callback=${encodeURIComponent(callbackUrl)}`;
-    console.log(chalk.gray('\nOpening browser for login...'));
-    console.log(chalk.gray(`If the browser doesn't open, visit:\n${loginUrl}\n`));
+    // Create login code via API and display QR code
+    let loginCode;
     try {
-        await open(loginUrl);
+        loginCode = await createLoginCode();
     }
-    catch {
-        console.log(chalk.yellow('Could not open browser automatically.'));
-        console.log(chalk.yellow('Please open the URL above manually.'));
+    catch (err) {
+        const message = err instanceof Error ? err.message : 'Unknown error';
+        console.error(chalk.red(`\nFailed to create login code: ${message}`));
+        process.exit(1);
     }
+    console.log(chalk.gray('\nScan the QR code to login:\n'));
+    displayQRCode(loginCode.qr_url);
+    console.log(chalk.gray(`\nOr visit: ${loginCode.qr_url}\n`));
+    console.log(chalk.yellow('Waiting for QR code verification (valid for 3 minutes)...\n'));
     const spinner = ora('Waiting for authentication...').start();
     try {
-        const tokens = await result;
+        const result = await pollAuthCode(loginCode.code, 'login');
         // Save credentials
         await saveCredentials({
             provider: 'google', // web login handles provider selection
-            access_token: tokens.access_token,
-            refresh_token: tokens.refresh_token,
+            access_token: result.access_token,
+            refresh_token: result.refresh_token,
             logged_in_at: new Date().toISOString(),
         });
         spinner.text = 'Fetching user info...';
-        const userRes = await apiGet(CONFIG.CLAW_ME, tokens.access_token);
+        const userRes = await apiGet(CONFIG.CLAW_ME, result.access_token);
         spinner.stop();
+        console.log(chalk.green('\nLogin successful!'));
+        console.log(chalk.gray(`Access Token: ${result.access_token}`));
         if (userRes.ok) {
             const user = userRes.data.data;
             const name = user.name || user.email || 'user';
-            console.log(chalk.green(`\nLogged in as ${chalk.bold(name)}`));
+            console.log(chalk.gray(`User: ${name}`));
             if (user.email) {
                 console.log(chalk.gray(`Email: ${user.email}`));
             }
         }
-        else {
-            console.log(chalk.green('\nLogin successful!'));
-            console.log(chalk.gray('Run `clawapps whoami` to see your account info.'));
-        }
     }
     catch (err) {
         spinner.stop();
-        close();
         const message = err instanceof Error ? err.message : 'Unknown error';
         console.error(chalk.red(`\nLogin failed: ${message}`));
+        console.error(chalk.yellow('QR code has expired. Please run `clawapps login` to generate a new one.'));
         process.exit(1);
     }
 }

package/dist/commands/login.js.map

@@ -1 +1 @@
-{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACzE,OAAO,EAAE,MAAM,EAAwB,MAAM,eAAe,CAAC;AAC7D,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAG7D,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,sDAAsD;IACtD,MAAM,QAAQ,GAAG,MAAM,eAAe,EAAE,CAAC;IACzC,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YACnD,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,GAAG,GAAG,MAAM,MAAM,CAA4B,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC;gBAC5F,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;oBACX,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;oBAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,IAAI,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;oBACnG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC,CAAC;oBAC9F,OAAO;gBACT,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,+DAA+D;QACjE,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,wBAAwB,EAAE,CAAC;IACjE,MAAM,WAAW,GAAG,oBAAoB,IAAI,WAAW,CAAC;IAExD,oCAAoC;IACpC,MAAM,QAAQ,GAAG,GAAG,MAAM,CAAC,aAAa,mBAAmB,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC;IAE7F,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wCAAwC,QAAQ,IAAI,CAAC,CAAC,CAAC;IAE9E,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,uCAAuC,CAAC,CAAC,CAAC;QACnE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,qCAAqC,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,OAAO,GAAG,GAAG,CAAC,+BAA+B,CAAC,CAAC,KAAK,EAAE,CAAC;IAE7D,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC;QAE5B,mBAAmB;QACnB,MAAM,eAAe,CAAC;YACpB,QAAQ,EAAE,QAAQ,EAAE,uCAAuC;YAC3D,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACvC,CAAC,CAAC;QAEH,OAAO,CAAC,IAAI,GAAG,uBAAuB,CAAC;QAEvC,MAAM,OAAO,GAAG,MAAM,MAAM,CAA4B,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;QAE7F,OAAO,CAAC,IAAI,EAAE,CAAC;QAEf,IAAI,OAAO,CAAC,EAAE,EAAE,CAAC;YACf,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,kBAAkB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YAC/D,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,EAAE,CAAC;QACf,KAAK,EAAE,CAAC;QACR,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QACrE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,mBAAmB,OAAO,EAAE,CAAC,CAAC,CAAC;QACvD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACzE,OAAO,EAAE,MAAM,EAAwB,MAAM,eAAe,CAAC;AAC7D,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGlF,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,sDAAsD;IACtD,MAAM,QAAQ,GAAG,MAAM,eAAe,EAAE,CAAC;IACzC,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YACnD,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,GAAG,GAAG,MAAM,MAAM,CAA4B,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC;gBAC5F,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;oBACX,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;oBAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,IAAI,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;oBACnG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC,CAAC;oBAC9F,OAAO;gBACT,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,uDAAuD;QACzD,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,IAAI,SAAS,CAAC;IACd,IAAI,CAAC;QACH,SAAS,GAAG,MAAM,eAAe,EAAE,CAAC;IACtC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QACrE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,kCAAkC,OAAO,EAAE,CAAC,CAAC,CAAC;QACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC,CAAC;IAC1D,aAAa,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAChC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,SAAS,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC;IAC7D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,6DAA6D,CAAC,CAAC,CAAC;IAEzF,MAAM,OAAO,GAAG,GAAG,CAAC,+BAA+B,CAAC,CAAC,KAAK,EAAE,CAAC;IAE7D,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,YAAY,CAAsB,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAEhF,mBAAmB;QACnB,MAAM,eAAe,CAAC;YACpB,QAAQ,EAAE,QAAQ,EAAE,uCAAuC;YAC3D,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACvC,CAAC,CAAC;QAEH,OAAO,CAAC,IAAI,GAAG,uBAAuB,CAAC;QAEvC,MAAM,OAAO,GAAG,MAAM,MAAM,CAA4B,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;QAE7F,OAAO,CAAC,IAAI,EAAE,CAAC;QAEf,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;QAChD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;QAEhE,IAAI,OAAO,CAAC,EAAE,EAAE,CAAC;YACf,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,CAAC;YACzC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QACrE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,mBAAmB,OAAO,EAAE,CAAC,CAAC,CAAC;QACvD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,yEAAyE,CAAC,CAAC,CAAC;QACvG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/payment-grant.js

@@ -1,10 +1,8 @@
 import chalk from 'chalk';
 import ora from 'ora';
-import open from 'open';
 import { loadCredentials } from '../lib/credentials.js';
-import { CONFIG } from '../lib/config.js';
 import { ensureValidToken } from './helpers/ensure-token.js';
-import { startPaymentCallbackServer } from '../auth/payment-server.js';
+import { createPaymentCode, displayQRCode, pollAuthCode } from '../auth/qr-poll.js';
 export async function paymentGrantCommand(skillId) {
     const credentials = await loadCredentials();
     if (!credentials) {
@@ -16,34 +14,42 @@ export async function paymentGrantCommand(skillId) {
         console.log(chalk.red('Session expired. Please run `clawapps login` again.'));
         process.exit(1);
     }
-    // Start local callback server to receive payment token
-    const { port, result, close } = await startPaymentCallbackServer();
-    const callbackUrl = `http://localhost:${port}/callback`;
-    const url = `${CONFIG.CLAW_WEB_BASE}/payment-grant?skill_id=${encodeURIComponent(skillId)}&token=${encodeURIComponent(validated.access_token)}&callback=${encodeURIComponent(callbackUrl)}`;
-    console.log(chalk.gray('\nOpening payment grant page...'));
-    console.log(chalk.gray(`If the browser doesn't open, visit:\n${url}\n`));
+    // Create payment code via API and display QR code
+    let paymentCode;
     try {
-        await open(url);
+        paymentCode = await createPaymentCode(validated.access_token, skillId);
     }
-    catch {
-        console.log(chalk.yellow('Could not open browser automatically.'));
-        console.log(chalk.yellow('Please open the URL above manually.'));
+    catch (err) {
+        const message = err instanceof Error ? err.message : 'Unknown error';
+        console.error(chalk.red(`\nFailed to create payment code: ${message}`));
+        process.exit(1);
     }
+    console.log(chalk.gray('\nScan the QR code to authorize payment:\n'));
+    displayQRCode(paymentCode.qr_url);
+    console.log(chalk.gray(`\nOr visit: ${paymentCode.qr_url}\n`));
+    console.log(chalk.yellow('Waiting for QR code verification (valid for 3 minutes)...\n'));
     const spinner = ora('Waiting for payment confirmation...').start();
     try {
-        const payment = await result;
+        const result = await pollAuthCode(paymentCode.code, 'payment');
         spinner.stop();
-        console.log(chalk.green('\nPayment grant confirmed!'));
-        if (payment.payment_token) {
-            console.log(chalk.gray(`Payment Token: ${payment.payment_token}`));
+        if (result.one_time_pay_token) {
+            console.log(chalk.green('\nPayment grant confirmed!'));
+            console.log(chalk.gray(`Payment Token: ${result.one_time_pay_token}`));
+            console.log(chalk.gray(`Auto Payment: ${result.auto_pay_enabled ? 'enabled' : 'disabled'}`));
+        }
+        else if (result.auto_pay_enabled) {
+            console.log(chalk.green('\nAuto-pay is enabled, proceeding...'));
+        }
+        else {
+            console.error(chalk.red('\nPayment grant failed: no payment token received.'));
+            process.exit(1);
         }
-        console.log(chalk.gray(`Auto Payment: ${payment.auto_payment ? 'enabled' : 'disabled'}`));
     }
     catch (err) {
         spinner.stop();
-        close();
         const message = err instanceof Error ? err.message : 'Unknown error';
         console.error(chalk.red(`\nPayment grant failed: ${message}`));
+        console.error(chalk.yellow('QR code has expired. Please run `clawapps payment-grant <skill_id>` to generate a new one.'));
         process.exit(1);
     }
 }

package/dist/commands/payment-grant.js.map

@@ -1 +1 @@
-{"version":3,"file":"payment-grant.js","sourceRoot":"","sources":["../../src/commands/payment-grant.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,0BAA0B,EAAE,MAAM,2BAA2B,CAAC;AAEvE,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,OAAe;IACvD,MAAM,WAAW,GAAG,MAAM,eAAe,EAAE,CAAC;IAE5C,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,4CAA4C,CAAC,CAAC,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,WAAW,CAAC,CAAC;IACtD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC,CAAC;QAC9E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,uDAAuD;IACvD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,0BAA0B,EAAE,CAAC;IACnE,MAAM,WAAW,GAAG,oBAAoB,IAAI,WAAW,CAAC;IAExD,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,aAAa,2BAA2B,kBAAkB,CAAC,OAAO,CAAC,UAAU,kBAAkB,CAAC,SAAS,CAAC,YAAY,CAAC,aAAa,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC;IAE5L,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC,CAAC;IAC3D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wCAAwC,GAAG,IAAI,CAAC,CAAC,CAAC;IAEzE,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,uCAAuC,CAAC,CAAC,CAAC;QACnE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,qCAAqC,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,OAAO,GAAG,GAAG,CAAC,qCAAqC,CAAC,CAAC,KAAK,EAAE,CAAC;IAEnE,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC;QAE7B,OAAO,CAAC,IAAI,EAAE,CAAC;QAEf,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC;QACvD,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YAC1B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,kBAAkB,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;QACrE,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IAC5F,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,EAAE,CAAC;QACf,KAAK,EAAE,CAAC;QACR,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QACrE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,2BAA2B,OAAO,EAAE,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}
+{"version":3,"file":"payment-grant.js","sourceRoot":"","sources":["../../src/commands/payment-grant.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAExD,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGpF,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,OAAe;IACvD,MAAM,WAAW,GAAG,MAAM,eAAe,EAAE,CAAC;IAE5C,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,4CAA4C,CAAC,CAAC,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,WAAW,CAAC,CAAC;IACtD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC,CAAC;QAC9E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,kDAAkD;IAClD,IAAI,WAAW,CAAC;IAChB,IAAI,CAAC;QACH,WAAW,GAAG,MAAM,iBAAiB,CAAC,SAAS,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IACzE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QACrE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,oCAAoC,OAAO,EAAE,CAAC,CAAC,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC,CAAC;IACtE,aAAa,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IAClC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,WAAW,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,6DAA6D,CAAC,CAAC,CAAC;IAEzF,MAAM,OAAO,GAAG,GAAG,CAAC,qCAAqC,CAAC,CAAC,KAAK,EAAE,CAAC;IAEnE,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,YAAY,CAAwB,WAAW,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAEtF,OAAO,CAAC,IAAI,EAAE,CAAC;QAEf,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;YAC9B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC;YACvE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QAC/F,CAAC;aAAM,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC,CAAC;QACnE,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC,CAAC;YAC/E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QACrE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,2BAA2B,OAAO,EAAE,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,4FAA4F,CAAC,CAAC,CAAC;QAC1H,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/recharge-credits.d.ts

@@ -0,0 +1 @@
+export declare function rechargeCreditsCommand(): Promise<void>;

package/dist/commands/recharge-credits.js

@@ -0,0 +1,10 @@
+import chalk from 'chalk';
+import { CONFIG } from '../lib/config.js';
+import { displayQRCode } from '../auth/qr-poll.js';
+export async function rechargeCreditsCommand() {
+    const url = `${CONFIG.CLAW_WEB_BASE}/credit`;
+    console.log(chalk.yellow('\nInsufficient credits. Please scan the QR code to recharge.\n'));
+    displayQRCode(url);
+    console.log(chalk.gray(`\nOr visit: ${url}\n`));
+}
+//# sourceMappingURL=recharge-credits.js.map

package/dist/commands/recharge-credits.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"recharge-credits.js","sourceRoot":"","sources":["../../src/commands/recharge-credits.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,aAAa,SAAS,CAAC;IAE7C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,gEAAgE,CAAC,CAAC,CAAC;IAC5F,aAAa,CAAC,GAAG,CAAC,CAAC;IACnB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,CAAC,CAAC;AAClD,CAAC"}

package/dist/commands/subscribe.d.ts

@@ -0,0 +1 @@
+export declare function subscribeCommand(): Promise<void>;

package/dist/commands/subscribe.js

@@ -0,0 +1,10 @@
+import chalk from 'chalk';
+import { CONFIG } from '../lib/config.js';
+import { displayQRCode } from '../auth/qr-poll.js';
+export async function subscribeCommand() {
+    const url = `${CONFIG.CLAW_WEB_BASE}/membership`;
+    console.log(chalk.yellow('\nScan the QR code to subscribe membership.\n'));
+    displayQRCode(url);
+    console.log(chalk.gray(`\nOr visit: ${url}\n`));
+}
+//# sourceMappingURL=subscribe.js.map

package/dist/commands/subscribe.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"subscribe.js","sourceRoot":"","sources":["../../src/commands/subscribe.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,aAAa,aAAa,CAAC;IAEjD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,+CAA+C,CAAC,CAAC,CAAC;IAC3E,aAAa,CAAC,GAAG,CAAC,CAAC;IACnB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,CAAC,CAAC;AAClD,CAAC"}

package/dist/index.js

@@ -2,18 +2,18 @@ import { Command } from 'commander';
 import { loginCommand } from './commands/login.js';
 import { logoutCommand } from './commands/logout.js';
 import { whoamiCommand } from './commands/whoami.js';
-import { creditCommand } from './commands/credit.js';
-import { membershipCommand } from './commands/membership.js';
 import { tokenCommand } from './commands/token.js';
 import { paymentGrantCommand } from './commands/payment-grant.js';
+import { rechargeCreditsCommand } from './commands/recharge-credits.js';
+import { subscribeCommand } from './commands/subscribe.js';
 const program = new Command();
 program
     .name('clawapps')
-    .description('ClawApps CLI - Manage your ClawApps account')
-    .version('0.3.0');
+    .description('ClawApps CLI - Authenticate, manage payments, and recharge credits via QR code')
+    .version('0.5.0');
 program
     .command('login')
-    .description('Log in to your ClawApps account via Google or Apple')
+    .description('Log in via QR code (scan to authenticate, valid for 3 minutes)')
     .action(loginCommand);
 program
     .command('logout')
@@ -23,22 +23,22 @@ program
     .command('whoami')
     .description('Show your ClawApps account info')
     .action(whoamiCommand);
-program
-    .command('credit')
-    .description('Open credit recharge page in browser')
-    .action(creditCommand);
-program
-    .command('membership')
-    .description('Open membership subscription page in browser')
-    .action(membershipCommand);
 program
     .command('token')
-    .description('Print current valid access token (refreshes if needed)')
+    .description('Print valid access token (auto-refreshes if expired)')
     .action(tokenCommand);
 program
     .command('payment-grant')
-    .description('Open payment grant page for a skill')
+    .description('Authorize skill payment via QR code (valid for 3 minutes)')
     .argument('<skill_id>', 'The skill ID to grant payment for')
     .action(paymentGrantCommand);
+program
+    .command('recharge-credits')
+    .description('Display QR code to recharge credits')
+    .action(rechargeCreditsCommand);
+program
+    .command('subscribe')
+    .description('Display QR code to subscribe membership')
+    .action(subscribeCommand);
 program.parse();
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAElE,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,UAAU,CAAC;KAChB,WAAW,CAAC,6CAA6C,CAAC;KAC1D,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,qDAAqD,CAAC;KAClE,MAAM,CAAC,YAAY,CAAC,CAAC;AAExB,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,kCAAkC,CAAC;KAC/C,MAAM,CAAC,aAAa,CAAC,CAAC;AAEzB,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,iCAAiC,CAAC;KAC9C,MAAM,CAAC,aAAa,CAAC,CAAC;AAEzB,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,sCAAsC,CAAC;KACnD,MAAM,CAAC,aAAa,CAAC,CAAC;AAEzB,OAAO;KACJ,OAAO,CAAC,YAAY,CAAC;KACrB,WAAW,CAAC,8CAA8C,CAAC;KAC3D,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAE7B,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,wDAAwD,CAAC;KACrE,MAAM,CAAC,YAAY,CAAC,CAAC;AAExB,OAAO;KACJ,OAAO,CAAC,eAAe,CAAC;KACxB,WAAW,CAAC,qCAAqC,CAAC;KAClD,QAAQ,CAAC,YAAY,EAAE,mCAAmC,CAAC;KAC3D,MAAM,CAAC,mBAAmB,CAAC,CAAC;AAE/B,OAAO,CAAC,KAAK,EAAE,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,UAAU,CAAC;KAChB,WAAW,CAAC,gFAAgF,CAAC;KAC7F,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,gEAAgE,CAAC;KAC7E,MAAM,CAAC,YAAY,CAAC,CAAC;AAExB,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,kCAAkC,CAAC;KAC/C,MAAM,CAAC,aAAa,CAAC,CAAC;AAEzB,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,iCAAiC,CAAC;KAC9C,MAAM,CAAC,aAAa,CAAC,CAAC;AAEzB,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,sDAAsD,CAAC;KACnE,MAAM,CAAC,YAAY,CAAC,CAAC;AAExB,OAAO;KACJ,OAAO,CAAC,eAAe,CAAC;KACxB,WAAW,CAAC,2DAA2D,CAAC;KACxE,QAAQ,CAAC,YAAY,EAAE,mCAAmC,CAAC;KAC3D,MAAM,CAAC,mBAAmB,CAAC,CAAC;AAE/B,OAAO;KACJ,OAAO,CAAC,kBAAkB,CAAC;KAC3B,WAAW,CAAC,qCAAqC,CAAC;KAClD,MAAM,CAAC,sBAAsB,CAAC,CAAC;AAElC,OAAO;KACJ,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,yCAAyC,CAAC;KACtD,MAAM,CAAC,gBAAgB,CAAC,CAAC;AAE5B,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/lib/config.d.ts

@@ -8,7 +8,11 @@ export declare const CONFIG: {
     readonly CLAW_ME: "https://api.clawapps.ai/api/v1/auth/me";
     readonly CLAW_REFRESH: "https://api.clawapps.ai/api/v1/auth/refresh";
     readonly CLAW_LOGOUT: "https://api.clawapps.ai/api/v1/auth/logout";
-    readonly CLAW_WEB_BASE: "https://www.clawapps.ai";
+    readonly CLAW_WEB_BASE: "https://clawapps.ai";
+    readonly AGENT_CREATE_LOGIN_CODE: "https://api.clawapps.ai/api/v1/agent/create-login-code";
+    readonly AGENT_CREATE_PAYMENT_CODE: "https://api.clawapps.ai/api/v1/agent/create-payment-code";
+    readonly AGENT_AUTH_CODE: "https://api.clawapps.ai/api/v1/agent/auth-code";
+    readonly AUTH_POLL_INTERVAL_MS: number;
     readonly AUTH_TIMEOUT_MS: number;
     readonly CREDENTIALS_DIR: ".clawapps";
     readonly CREDENTIALS_FILE: "credentials.json";

package/dist/lib/config.js

@@ -11,9 +11,14 @@ export const CONFIG = {
     CLAW_REFRESH: 'https://api.clawapps.ai/api/v1/auth/refresh',
     CLAW_LOGOUT: 'https://api.clawapps.ai/api/v1/auth/logout',
     // Web
-    CLAW_WEB_BASE: 'https://www.clawapps.ai',
+    CLAW_WEB_BASE: 'https://clawapps.ai',
+    // Agent code endpoints
+    AGENT_CREATE_LOGIN_CODE: 'https://api.clawapps.ai/api/v1/agent/create-login-code',
+    AGENT_CREATE_PAYMENT_CODE: 'https://api.clawapps.ai/api/v1/agent/create-payment-code',
+    AGENT_AUTH_CODE: 'https://api.clawapps.ai/api/v1/agent/auth-code',
+    AUTH_POLL_INTERVAL_MS: 3 * 1000, // 3 seconds
     // Timeouts
-    AUTH_TIMEOUT_MS: 2 * 60 * 1000, // 2 minutes
+    AUTH_TIMEOUT_MS: 3 * 60 * 1000, // 3 minutes
     // Credentials
     CREDENTIALS_DIR: '.clawapps',
     CREDENTIALS_FILE: 'credentials.json',

package/dist/lib/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,MAAM,GAAG;IACpB,gBAAgB,EAAE,yEAAyE;IAE3F,WAAW,EAAE,kCAAkC;IAC/C,aAAa,EAAE,gCAAgC;IAE/C,eAAe;IACf,cAAc,EAAE,oDAAoD;IACpE,kBAAkB,EAAE,6DAA6D;IAEjF,qBAAqB;IACrB,aAAa,EAAE,8CAA8C;IAC7D,OAAO,EAAE,wCAAwC;IACjD,YAAY,EAAE,6CAA6C;IAC3D,WAAW,EAAE,4CAA4C;IAEzD,MAAM;IACN,aAAa,EAAE,yBAAyB;IAExC,WAAW;IACX,eAAe,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,YAAY;IAE5C,cAAc;IACd,eAAe,EAAE,WAAW;IAC5B,gBAAgB,EAAE,kBAAkB;CAC5B,CAAC"}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,MAAM,GAAG;IACpB,gBAAgB,EAAE,yEAAyE;IAE3F,WAAW,EAAE,kCAAkC;IAC/C,aAAa,EAAE,gCAAgC;IAE/C,eAAe;IACf,cAAc,EAAE,oDAAoD;IACpE,kBAAkB,EAAE,6DAA6D;IAEjF,qBAAqB;IACrB,aAAa,EAAE,8CAA8C;IAC7D,OAAO,EAAE,wCAAwC;IACjD,YAAY,EAAE,6CAA6C;IAC3D,WAAW,EAAE,4CAA4C;IAEzD,MAAM;IACN,aAAa,EAAE,qBAAqB;IAEpC,uBAAuB;IACvB,uBAAuB,EAAE,wDAAwD;IACjF,yBAAyB,EAAE,0DAA0D;IACrF,eAAe,EAAE,gDAAgD;IACjE,qBAAqB,EAAE,CAAC,GAAG,IAAI,EAAE,YAAY;IAE7C,WAAW;IACX,eAAe,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,YAAY;IAE5C,cAAc;IACd,eAAe,EAAE,WAAW;IAC5B,gBAAgB,EAAE,kBAAkB;CAC5B,CAAC"}

package/dist/lib/types.d.ts

@@ -19,6 +19,14 @@ export interface PaymentGrantResult {
     payment_token?: string;
     auto_payment: boolean;
 }
+export interface AuthCodeLoginResult {
+    access_token: string;
+    refresh_token: string;
+}
+export interface AuthCodePaymentResult {
+    one_time_pay_token?: string;
+    auto_pay_enabled: boolean;
+}
 export interface UserInfo {
     id: string;
     email: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawapps/cli",
-  "version": "0.3.0",
+  "version": "0.5.0",
   "description": "ClawApps CLI - Login and manage your ClawApps account from the terminal",
   "type": "module",
   "bin": {
@@ -30,7 +30,8 @@
     "chalk": "^5.6.2",
     "commander": "^14.0.3",
     "open": "^11.0.0",
-    "ora": "^8.2.0"
+    "ora": "^8.2.0",
+    "qrcode-terminal": "^0.12.0"
   },
   "devDependencies": {
     "@types/node": "^25.3.0",