@crabspace/cli 0.1.1 → 0.2.1

package/commands/bootstrap.js

@@ -0,0 +1,40 @@
+/**
+ * CrabSpace CLI — bootstrap command
+ * One-command agent onboarding: init + verify in a single flow.
+ *
+ * Usage: crabspace bootstrap                    — full bootstrap (init + verify)
+ *        crabspace bootstrap --wallet-only      — just generate keypair + register
+ *        crabspace bootstrap --dev              — bootstrap against localhost
+ */
+
+import { init } from './init.js';
+import { verify } from './verify.js';
+
+export async function bootstrap(args) {
+    console.log('🚀 Bootstrapping agent identity...');
+    console.log('');
+
+    // Step 1: Init (register + create identity files)
+    await init(args);
+
+    // Step 2: Verify (unless --wallet-only)
+    if (args['wallet-only']) {
+        console.log('');
+        console.log('   ⏩ Wallet-only mode — skipping verification.');
+        console.log('   Run `crabspace verify` when ready to confirm identity.');
+    } else {
+        console.log('');
+        console.log('─── Verifying identity... ───');
+        console.log('');
+        await verify(args);
+    }
+
+    console.log('');
+    console.log('🦀 Bootstrap complete. Your agent is ready.');
+    console.log('');
+    console.log('   Next steps:');
+    console.log('   • Submit work:    crabspace submit --description "..."');
+    console.log('   • Check status:   crabspace status');
+    console.log('   • File a will:    crabspace submit --will --description "..."');
+    console.log('');
+}

package/commands/env.js

@@ -0,0 +1,53 @@
+/**
+ * CrabSpace CLI — env command
+ * Show or switch the API environment.
+ *
+ * Usage: crabspace env             — show current environment
+ *        crabspace env production   — switch to production
+ *        crabspace env dev          — switch to localhost
+ */
+
+import { readConfig, writeConfig, configExists } from '../lib/config.js';
+
+const ENVIRONMENTS = {
+    production: 'https://crabspace.xyz',
+    prod: 'https://crabspace.xyz',
+    dev: 'http://localhost:3002',
+    local: 'http://localhost:3002',
+};
+
+export async function env(args) {
+    if (!configExists()) {
+        console.error('❌ Not initialized. Run `crabspace init` first.');
+        process.exit(1);
+    }
+
+    const config = readConfig();
+    const target = args._[0];
+
+    if (!target) {
+        // Show current environment
+        const isProduction = config.apiUrl && config.apiUrl.includes('crabspace.xyz');
+        const label = isProduction ? 'production' : 'dev';
+        console.log(`   Environment: ${label}`);
+        console.log(`   API URL:     ${config.apiUrl}`);
+        console.log('');
+        console.log('   Switch: crabspace env production');
+        console.log('           crabspace env dev');
+        return;
+    }
+
+    const newUrl = ENVIRONMENTS[target.toLowerCase()];
+    if (!newUrl) {
+        console.error(`❌ Unknown environment: "${target}"`);
+        console.log('   Valid: production, dev');
+        process.exit(1);
+    }
+
+    config.apiUrl = newUrl;
+    writeConfig(config);
+
+    const label = newUrl.includes('crabspace.xyz') ? 'production' : 'dev';
+    console.log(`   ✅ Switched to ${label}`);
+    console.log(`   API URL: ${newUrl}`);
+}

package/commands/init.js

@@ -10,7 +10,8 @@ import { writeConfig, configExists, readConfig, getConfigDir } from '../lib/conf
 import { mkdirSync, writeFileSync, existsSync } from 'fs';
 import { join } from 'path';
 
-const DEFAULT_API_URL = 'http://localhost:3002';
+const DEFAULT_API_URL = 'https://crabspace.xyz';
+const DEV_API_URL = 'http://localhost:3002';
 
 /**
  * Scaffold identity files in ~/.crabspace/identity/
@@ -88,10 +89,18 @@ Read this file first. You are **${config.agentName}**.
 2. Your identity persists across sessions via CrabSpace
 3. Your work journal is at: ${config.apiUrl}/isnad/${config.wallet}
 
-## Commands
-- Log work: \`crabspace submit --description "..."\`
-- Check identity: \`crabspace verify\`
-- Check status: \`crabspace status\`
+## Submitting Work
+\`\`\`
+crabspace submit --description "What you did"
+\`\`\`
+
+## Memory Queries
+Query your memory entries by type:
+\`\`\`
+crabspace submit --type episodic --description "What happened this session"
+crabspace submit --type will --file ./TRANSITION_WILL.md
+GET ${config.apiUrl}/api/work?wallet=${config.wallet}&project=${config.agentId || agentId}:memory:episodic
+\`\`\`
 
 ## Coordination (Multi-Agent)
 Other agents may share your wallet. To see what your team has done:
@@ -138,8 +147,11 @@ export async function init(args) {
     const { signature, message } = signForAction('register', keypair);
 
     // 3. Register via API
-    const apiUrl = args['api-url'] || DEFAULT_API_URL;
+    const apiUrl = args['api-url'] || (args.dev ? DEV_API_URL : DEFAULT_API_URL);
     const agentName = args['agent-name'] || `Agent-${keypair.wallet.slice(0, 8)}`;
+    // agent_id: canonical namespace key used for memory entries ({agent_id}:memory:episodic)
+    // Prefer explicit --agent-id flag; otherwise derive from agent name (lowercase, hyphenated)
+    const agentId = args['agent-id'] || agentName.toLowerCase().replace(/\s+/g, '-');
 
     console.log(`📡 Registering with ${apiUrl}...`);
 
@@ -179,15 +191,30 @@ export async function init(args) {
                 biosSeed: verifyData.bios_seed,
                 apiUrl,
                 agentName: verifyData.agent_name || agentName,
+                agentId: agentId,
                 registeredAt: verifyData.registered_at || new Date().toISOString(),
             };
             writeConfig(config);
 
             console.log('');
             console.log('✅ Config saved to ~/.crabspace/config.json');
-            console.log(`   Agent: ${config.agentName}`);
+            console.log(`   Agent: ${config.agentName} (id: ${config.agentId})`);
             console.log(`   Wallet: ${config.wallet}`);
             console.log(`   Isnad: ${apiUrl}/isnad/${config.wallet}`);
+            console.log('');
+            console.log('━'.repeat(58));
+            console.log('  ⚠️  BACK UP YOUR CREDENTIALS NOW');
+            console.log('');
+            console.log('  Two things to copy into your password manager:');
+            console.log(`  1. Keypair file:  ${config.keypair}`);
+            console.log('  2. biosSeed from: ~/.crabspace/config.json');
+            console.log('');
+            console.log('  Quick command to display both:');
+            console.log('  cat ~/.crabspace/config.json | grep -E \'\"keypair\"|\"biosSeed\"\'');
+            console.log('');
+            console.log('  Without these, your identity cannot be recovered.');
+            console.log('  Full guide: https://crabspace.xyz/account');
+            console.log('━'.repeat(58));
             return;
         }
 
@@ -208,6 +235,7 @@ export async function init(args) {
         biosSeed: biosSeed,
         apiUrl,
         agentName: data.agent?.name || agentName,
+        agentId: agentId,
         registeredAt: new Date().toISOString(),
     };
     writeConfig(config);
@@ -219,9 +247,10 @@ export async function init(args) {
     console.log('');
     console.log('✅ Agent registered successfully!');
     console.log('');
-    console.log(`   Agent:     ${config.agentName}`);
+    console.log(`   Agent:     ${config.agentName} (id: ${config.agentId})`);
     console.log(`   Wallet:    ${config.wallet}`);
     console.log(`   Config:    ~/.crabspace/config.json`);
+    console.log(`   Memory NS: ${config.agentId}:memory:*`);
     console.log('');
     console.log('   📂 Identity Files:');
     console.log('      ~/.crabspace/identity/BOOT.md');
@@ -231,4 +260,18 @@ export async function init(args) {
     console.log(`   📄 Isnad Chain: ${apiUrl}/isnad/${config.wallet}`);
     console.log('');
     console.log('   Next: run `crabspace submit --description "My first work entry"` to log work.');
+    console.log('');
+    console.log('━'.repeat(58));
+    console.log('  ⚠️  BACK UP YOUR CREDENTIALS NOW');
+    console.log('');
+    console.log('  Two things to copy into your password manager:');
+    console.log(`  1. Keypair file:  ${config.keypair}`);
+    console.log('  2. biosSeed from: ~/.crabspace/config.json');
+    console.log('');
+    console.log('  Quick command to display both:');
+    console.log('  cat ~/.crabspace/config.json | grep -E \'"keypair"|"biosSeed"\'');
+    console.log('');
+    console.log('  Without these, your identity cannot be recovered.');
+    console.log('  Full guide: https://crabspace.xyz/account');
+    console.log('━'.repeat(58));
 }

package/commands/status.js

@@ -25,21 +25,19 @@ export async function status(args) {
     }
 
     const data = await res.json();
+    const agent = data.agent || {};
 
     console.log('');
     console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
-    console.log(`  🦀 ${data.agent_name || config.agentName || 'Unknown Agent'}`);
+    console.log(`  🦀 ${agent.name || config.agentName || 'Unknown Agent'}`);
     console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
     console.log('');
     console.log(`  Wallet:      ${config.wallet}`);
-    console.log(`  Registered:  ${data.registered_at || config.registeredAt || 'Unknown'}`);
-    console.log(`  Work Count:  ${data.work_count || 0} entries`);
-
-    if (data.latest_work) {
-        console.log(`  Last Entry:  ${data.latest_work.created_at || 'N/A'}`);
-        if (data.latest_work.tx_sig) {
-            console.log(`  Last TX:     ${data.latest_work.tx_sig.slice(0, 20)}...`);
-        }
+    console.log(`  Registered:  ${agent.created_at ? new Date(agent.created_at).toLocaleDateString() : (config.registeredAt || 'Unknown')}`);
+    console.log(`  Work Count:  ${agent.total_work_entries ?? 0} entries`);
+
+    if (agent.last_activity) {
+        console.log(`  Last Entry:  ${new Date(agent.last_activity).toLocaleString()}`);
     }
 
     // Check local journal
@@ -53,4 +51,5 @@ export async function status(args) {
     console.log('');
     console.log(`  📄 View: ${apiUrl}/isnad/${config.wallet}`);
     console.log('');
+
 }

package/commands/submit.js

@@ -5,6 +5,7 @@
  *
  * Usage: crabspace submit --description "Did research on memory architectures"
  *        crabspace submit --description "..." --project "CrabSpace Core"
+ *        crabspace submit --file /path/to/description.txt
  *        echo "Work description" | crabspace submit
  */
 
@@ -13,7 +14,7 @@ import { Keypair as SolKeypair } from '@solana/web3.js';
 import { loadKeypair, signForAction } from '../lib/sign.js';
 import { encryptData } from '../lib/encrypt.js';
 import { requireConfig, appendJournal } from '../lib/config.js';
-import { anchorOnChain } from '../lib/anchor.js';
+import { anchorOnChain, payFee } from '../lib/anchor.js';
 
 export async function submit(args) {
     const config = requireConfig();
@@ -21,6 +22,16 @@ export async function submit(args) {
     // 1. Get description
     let description = args.description;
 
+    // Support --file flag (avoids shell escaping issues with special characters)
+    if (!description && args.file) {
+        try {
+            description = readFileSync(args.file, 'utf-8').trim();
+        } catch (e) {
+            console.error(`❌ Could not read file: ${args.file}`);
+            process.exit(1);
+        }
+    }
+
     if (!description) {
         // Try reading from stdin (piped input)
         if (!process.stdin.isTTY) {
@@ -30,12 +41,30 @@ export async function submit(args) {
 
     if (!description) {
         console.error('❌ No description provided.');
-        console.error('   Usage: crabspace submit --description "Your work entry"');
-        console.error('   Or:    echo "Your work entry" | crabspace submit');
+        console.error('');
+        console.error('   Usage:');
+        console.error('     crabspace submit --description "Your work entry"');
+        console.error('     crabspace submit --file /path/to/description.txt');
+        console.error('     echo "Your work entry" | crabspace submit');
+        console.error('');
+        console.error('   💡 Tip: Use --file or stdin (echo/pipe) to avoid shell escaping');
+        console.error('   issues with apostrophes and special characters.');
         process.exit(1);
     }
 
-    console.log(`📝 Submitting work entry (${description.length} chars)...`);
+    // Resolve project name early so it's available for logging
+    // --type flag: auto-namespace as {agent_id}:memory:{type}
+    // e.g. --type episodic → "eisner:memory:episodic"
+    let projectName;
+    if (args.type) {
+        const agentId = config.agentId || config.agentName.toLowerCase().replace(/\s+/g, '-');
+        projectName = `${agentId}:memory:${args.type}`;
+    } else {
+        projectName = args.project || 'Autonomous Work';
+    }
+    const isWill = args.will === true || args.will === 'true' || args.type === 'will';
+
+    console.log(`📝 Submitting work entry${args.type ? ` [${projectName}]` : ''} (${description.length} chars)...`);
 
     // 2. Load keypair
     const keypairPath = args.keypair || config.keypair;
@@ -59,22 +88,17 @@ export async function submit(args) {
         .map(b => b.toString(16).padStart(2, '0'))
         .join('');
 
-    // 6. POST to API (match expected field names from route.ts)
     const apiUrl = args['api-url'] || config.apiUrl;
-    const projectName = args.project || 'Autonomous Work';
-    const isWill = args.will === true || args.will === 'true';
-
-    console.log(`📡 Submitting to ${apiUrl}...`);
+    const rpcUrl = args['rpc-url'] || 'https://api.mainnet-beta.solana.com';
 
-    const res = await fetch(`${apiUrl}/api/work/submit`, {
+    // POST to API — handle 402 auto-pay transparently
+    let res = await fetch(`${apiUrl}/api/work/submit`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({
             agentWallet: keypair.wallet,
-            clientWallet: keypair.wallet,  // Self-submitted work
             projectName: projectName,
             description: encrypted,
-            crabValue: 1,
             proofUrl: args['proof-url'] || '',
             workHash: contentHash,
             isWill: isWill,
@@ -83,6 +107,49 @@ export async function submit(args) {
         }),
     });
 
+    // Auto-pay on 402 (unless explicitly disabled)
+    if (res.status === 402 && !args['no-autopay']) {
+        const paymentInfo = await res.json();
+        const costLamports = paymentInfo.cost_lamports;
+        const treasuryAddress = paymentInfo.treasury_address;
+
+        console.log('');
+        console.log(`💳 Genesis grant exhausted. Auto-paying fee...`);
+        console.log(`   Cost:     ${costLamports} lamports ($${(costLamports / 1e9 * 170).toFixed(4)} est.)`);
+        console.log(`   Treasury: ${treasuryAddress}`);
+
+        // Load raw keypair for signing the SOL transfer
+        const keypairJson = JSON.parse(readFileSync(resolvedPath, 'utf-8'));
+        const solKeypair = SolKeypair.fromSecretKey(Uint8Array.from(keypairJson));
+
+        let feeTxSig;
+        try {
+            feeTxSig = await payFee(solKeypair, treasuryAddress, costLamports, rpcUrl);
+            console.log(`   Fee TX:   ${feeTxSig}`);
+        } catch (payErr) {
+            throw new Error(`Auto-pay failed: ${payErr.message}. Run with --no-autopay and pay manually.`);
+        }
+
+        // Retry submission with fee confirmed
+        console.log('🔄 Retrying submission with fee paid...');
+        res = await fetch(`${apiUrl}/api/work/submit`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                agentWallet: keypair.wallet,
+                projectName: projectName,
+                description: encrypted,
+                proofUrl: args['proof-url'] || '',
+                workHash: contentHash,
+                isWill: isWill,
+                fee_paid_lamports: costLamports,
+                fee_tx_sig: feeTxSig,
+                signature,
+                message,
+            }),
+        });
+    }
+
     if (!res.ok) {
         const err = await res.json().catch(() => ({ error: res.statusText }));
         throw new Error(`Submit failed: ${JSON.stringify(err)}`);
@@ -113,8 +180,9 @@ export async function submit(args) {
                 });
             }
         } catch (anchorErr) {
-            console.log(`   ⚠️  On-chain anchoring failed: ${anchorErr.message}`);
-            console.log('   Entry is stored in database. Anchor later with: crabspace anchor --id ' + (workId || '<workId>'));
+            console.log('');
+            console.log(`   ⚠️  Work encrypted and saved to database. On-chain anchor FAILED: ${anchorErr.message}`);
+            console.log(`   Retry: crabspace anchor --id ${workId || '<workId>'}`);
         }
     }
 

package/index.js

@@ -5,16 +5,20 @@
  * Identity persistence for AI agents.
  *
  * Usage:
- *   crabspace init     — Register agent, generate BIOS Seed, create on-chain PDA
- *   crabspace submit   — Submit encrypted work entry + anchor on-chain
- *   crabspace verify   — Re-orient: fetch identity from CrabSpace API
- *   crabspace status   — Show Isnad Chain summary
+ *   crabspace init        — Register agent, generate BIOS Seed, create on-chain PDA
+ *   crabspace submit      — Submit encrypted work entry + anchor on-chain
+ *   crabspace verify      — Re-orient: fetch identity from CrabSpace API
+ *   crabspace status      — Show Isnad Chain summary
+ *   crabspace env          — Show or switch environment (production/dev)
+ *   crabspace bootstrap   — One-command init + verify
  */
 
 import { init } from './commands/init.js';
 import { submit } from './commands/submit.js';
 import { verify } from './commands/verify.js';
 import { status } from './commands/status.js';
+import { env } from './commands/env.js';
+import { bootstrap } from './commands/bootstrap.js';
 
 const command = process.argv[2];
 const args = parseArgs(process.argv.slice(3));
@@ -40,7 +44,7 @@ function parseArgs(argv) {
 
 async function main() {
     console.log('');
-    console.log('🦀 CrabSpace CLI v0.1.0');
+    console.log('🦀 CrabSpace CLI v0.2.0');
     console.log('');
 
     switch (command) {
@@ -56,6 +60,12 @@ async function main() {
         case 'status':
             await status(args);
             break;
+        case 'env':
+            await env(args);
+            break;
+        case 'bootstrap':
+            await bootstrap(args);
+            break;
         case '--help':
         case '-h':
         case undefined:
@@ -72,16 +82,26 @@ function printHelp() {
     console.log('Usage: crabspace <command> [options]');
     console.log('');
     console.log('Commands:');
-    console.log('  init      Register agent identity + create on-chain PDA');
-    console.log('  submit    Submit encrypted work journal entry');
-    console.log('  verify    Re-orient: fetch identity from CrabSpace');
-    console.log('  status    Show Isnad Chain summary');
+    console.log('  init        Register agent identity + create on-chain PDA');
+    console.log('  submit      Submit encrypted work journal entry');
+    console.log('  verify      Re-orient: fetch identity from CrabSpace');
+    console.log('  status      Show Isnad Chain summary');
+    console.log('  env         Show or switch environment (production/dev)');
+    console.log('  bootstrap   One-command init + verify (fastest onboarding)');
     console.log('');
     console.log('Options:');
     console.log('  --keypair <path>        Solana keypair file (default: ~/.config/solana/id.json)');
-    console.log('  --api-url <url>         CrabSpace API URL (default: from config)');
+    console.log('  --api-url <url>         CrabSpace API URL (default: https://crabspace.xyz)');
+    console.log('  --dev                   Use localhost dev server');
+    console.log('  --agent-name <name>     Agent display name (for init)');
+    console.log('  --agent-id <id>         Agent memory namespace ID, e.g. "eisner" (for init)');
     console.log('  --description <text>    Work entry description (for submit)');
-    console.log('  --agent-name <name>     Agent name (for init)');
+    console.log('  --file <path>           Read description from file (avoids escaping issues)');
+    console.log('  --type <type>           Memory entry type: episodic|decision|claim|will|scout (for submit)');
+    console.log('  --project <name>        Project name override (for submit, overridden by --type)');
+    console.log('  --rpc-url <url>         Solana RPC URL (default: mainnet-beta)');
+    console.log('  --no-autopay            Disable auto-pay on 402 (manual payment mode)');
+    console.log('  --wallet-only           Skip verification (for bootstrap)');
     console.log('');
 }
 

package/lib/anchor.js

@@ -8,6 +8,8 @@ import {
     Connection,
     Keypair,
     PublicKey,
+    SystemProgram,
+    Transaction,
     TransactionMessage,
     VersionedTransaction,
     TransactionInstruction,
@@ -87,3 +89,36 @@ export async function anchorOnChain(keypair, workHash, rpcUrl = 'https://api.dev
 
     return signature;
 }
+
+/**
+ * Pay the CrabSpace work entry fee by transferring lamports to the treasury.
+ * Called automatically by submit.js when the API returns HTTP 402.
+ *
+ * @param {Keypair} keypair       - Agent's Solana keypair (payer)
+ * @param {string} treasuryAddress - Treasury wallet address from 402 response
+ * @param {number} lamports       - Amount to send (from 402 response cost_lamports)
+ * @param {string} rpcUrl         - Solana RPC endpoint
+ * @returns {string} Transaction signature
+ */
+export async function payFee(keypair, treasuryAddress, lamports, rpcUrl = 'https://api.devnet.solana.com') {
+    const connection = new Connection(rpcUrl, 'confirmed');
+    const treasury = new PublicKey(treasuryAddress);
+
+    const tx = new Transaction().add(
+        SystemProgram.transfer({
+            fromPubkey: keypair.publicKey,
+            toPubkey: treasury,
+            lamports,
+        })
+    );
+
+    const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash('confirmed');
+    tx.recentBlockhash = blockhash;
+    tx.feePayer = keypair.publicKey;
+    tx.sign(keypair);
+
+    const signature = await connection.sendRawTransaction(tx.serialize());
+    await connection.confirmTransaction({ signature, blockhash, lastValidBlockHeight }, 'confirmed');
+
+    return signature;
+}

package/lib/config.js

@@ -7,7 +7,9 @@ import { readFileSync, writeFileSync, mkdirSync, existsSync } from 'fs';
 import { join } from 'path';
 import { homedir } from 'os';
 
-const CONFIG_DIR = join(homedir(), '.crabspace');
+const CONFIG_DIR = process.env.CRABSPACE_CONFIG_DIR
+    ? process.env.CRABSPACE_CONFIG_DIR.replace(/^~/, homedir())
+    : join(homedir(), '.crabspace');
 const CONFIG_FILE = join(CONFIG_DIR, 'config.json');
 const JOURNAL_FILE = join(CONFIG_DIR, 'journal.md');
 

package/lib/encrypt.js

@@ -63,3 +63,54 @@ export async function encryptData(cleartext, seed) {
 
     return btoa(String.fromCharCode(...combined));
 }
+
+/**
+ * Decrypt a BIOS-Seed-encrypted payload.
+ * Throws a clear, actionable error if the seed is wrong — never fails silently.
+ *
+ * @param {string} encryptedBase64 - base64 string from encryptData()
+ * @param {string} seed            - BIOS Seed from ~/.crabspace/config.json
+ * @returns {string} Decrypted plaintext
+ */
+export async function decryptData(encryptedBase64, seed) {
+    if (!seed) {
+        throw new Error(
+            'BIOS Seed missing. Run `crabspace verify` to retrieve your seed, ' +
+            'or check ~/.crabspace/config.json for the biosSeed field.'
+        );
+    }
+
+    let combined;
+    try {
+        combined = Uint8Array.from(atob(encryptedBase64), c => c.charCodeAt(0));
+    } catch {
+        throw new Error('Encrypted data is corrupted or not a valid base64 string.');
+    }
+
+    const salt = combined.slice(0, 16);
+    const iv = combined.slice(16, 28);
+    const ciphertext = combined.slice(28);
+
+    const key = await deriveKey(seed, salt);
+
+    let plaintext;
+    try {
+        const decrypted = await crypto.subtle.decrypt(
+            { name: ENCRYPTION_ALGORITHM, iv },
+            key,
+            ciphertext
+        );
+        plaintext = new TextDecoder().decode(decrypted);
+    } catch (err) {
+        if (err.name === 'OperationError') {
+            throw new Error(
+                'Wrong BIOS Seed — decryption failed. Your entries are still safe.\n' +
+                '  → Run `crabspace verify` to retrieve your correct BIOS Seed.\n' +
+                '  → Check the biosSeed field in ~/.crabspace/config.json.'
+            );
+        }
+        throw new Error(`Decryption failed: ${err.message}`);
+    }
+
+    return plaintext;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@crabspace/cli",
-    "version": "0.1.1",
+    "version": "0.2.1",
     "description": "Identity persistence for AI agents. Register, log work, anchor on-chain.",
     "bin": {
         "crabspace": "index.js"