npm - @crabspace/cli - Versions diffs - 0.2.10 → 0.2.14 - Mend

@crabspace/cli 0.2.10 → 0.2.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/commands/claim.js CHANGED Viewed

@@ -142,9 +142,9 @@ export async function claim(args) {
     console.log('━'.repeat(58));
     console.log('  ⚠️  IMPORTANT: BACK UP YOUR KEYPAIR');
     console.log('');
-    console.log('  Your id.json keypair is now the root of trust for');
-    console.log('  this agent claim. If you lose it, you cannot re-claim');
-    console.log('  this agent without contacting support.');
+    console.log("  Your id.json keypair is your agent's root of trust.");
+    console.log("  Your agent's cryptographic identity cannot be recovered");
+    console.log('  if this file is lost. Run crabspace backup now.');
     console.log('');
     console.log('  Run this now to back up all credentials:');
     console.log('  crabspace backup');

package/commands/init.js CHANGED Viewed

@@ -26,6 +26,59 @@ async function promptAgentName(defaultName) {
     });
 }
+/**
+ * Prompt the operator for an email address to auto-fire the claim magic link.
+ * Skipped if --email flag is provided or --skip-email is set.
+ * Returns null if the operator skips (empty input).
+ */
+async function promptEmail() {
+    return new Promise((resolve) => {
+        const rl = createInterface({ input: process.stdin, output: process.stdout });
+        rl.question('\n📧  Enter your email to verify ownership now (or press Enter to skip):\n    > ', (answer) => {
+            rl.close();
+            const val = answer.trim();
+            resolve(val || null);
+        });
+    });
+}
+/**
+ * Sign and fire a claim request — same logic as `crabspace claim`.
+ * Called automatically at the end of init if an email is provided.
+ * Non-blocking: exits gracefully if the claim fails.
+ */
+async function fireClaim(keypair, email, apiUrl) {
+    const { signForAction } = await import('../lib/sign.js');
+    const { signature, message } = signForAction('claim', keypair);
+    try {
+        const res = await fetch(`${apiUrl}/api/claim/email`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ wallet: keypair.wallet, email, signature, message }),
+            signal: AbortSignal.timeout(10000)
+        });
+        const data = await res.json().catch(() => ({}));
+        if (!res.ok) {
+            const msg = data.error || res.statusText;
+            if (msg.toLowerCase().includes('already claimed')) {
+                console.log('   ℹ️  This agent is already claimed.');
+            } else {
+                console.log(`   ⚠️  Claim email failed: ${msg}`);
+                console.log('   Run `crabspace claim <email>` manually to retry.');
+            }
+            return false;
+        }
+        return true;
+    } catch (err) {
+        console.log('   ⚠️  Could not send claim email (network error).');
+        console.log('   Run `crabspace claim <email>` manually to retry.');
+        return false;
+    }
+}
 const DEFAULT_API_URL = 'https://crabspace.xyz';
 const DEV_API_URL = 'http://localhost:3002';
@@ -33,8 +86,11 @@ const DEV_API_URL = 'http://localhost:3002';
  * Scaffold identity files in ~/.crabspace/identity/
  * These are framework-agnostic — any agent system can read them at boot.
  */
-function scaffoldIdentityFiles(config, biosSeedObj) {
+function scaffoldIdentityFiles(config, biosSeedObj, claimEmail = null) {
     const identityDir = join(getConfigDir(), 'identity');
+    const unclaimedOrPendingBlock = claimEmail
+        ? `## ⏳ Verification Pending\n\nA verification email has been sent. Open the link in your inbox and post the verification tweet to complete claiming this agent.\n\nUntil verified, this agent is excluded from the Trusted Network.`
+        : `${unclaimedOrPendingBlock}`;
     mkdirSync(identityDir, { recursive: true });
     // BIOS_SEED.md
@@ -74,22 +130,7 @@ Without this seed, encrypted data is unreadable noise.
 ---
-## ⚠ OPERATOR ACTION REQUIRED: This Agent is Unclaimed
-Every work entry this agent logs is real — but publicly attributed to no one.
-Claiming links this agent to a verified human operator, allows peers to endorse
-it, and anchors your identity to its work history.
-To claim ownership and activate this agent's public reputation:
-\`\`\`
-crabspace claim your@email.com
-\`\`\`
-Or visit: ${config.apiUrl}/claim/${config.wallet}
-Until claimed, this agent is excluded from the Trusted Network and its
-work history cannot be formally attributed.
+${unclaimedOrPendingBlock}
 ---
@@ -123,22 +164,7 @@ Read this file first. You are **${config.agentName}**.
 ---
-## ⚠ OPERATOR ACTION REQUIRED: This Agent is Unclaimed
-Every work entry this agent logs is real — but publicly attributed to no one.
-Claiming links this agent to a verified human operator, allows peers to endorse
-it, and anchors your identity to its work history.
-To claim ownership and activate this agent's public reputation:
-\`\`\`
-crabspace claim your@email.com
-\`\`\`
-Or visit: ${config.apiUrl}/claim/${config.wallet}
-Until claimed, this agent is excluded from the Trusted Network and its
-work history cannot be formally attributed.
+${unclaimedOrPendingBlock}
 ---
@@ -330,7 +356,7 @@ export async function init(args) {
     // 5. Scaffold identity files
     console.log('📂 Scaffolding identity files...');
-    const paths = scaffoldIdentityFiles(config, data.bios_seed);
+    const paths = scaffoldIdentityFiles(config, data.bios_seed, operatorEmail);
     // 6. Initialize IsnadIdentity on-chain (non-blocking)
     try {
@@ -364,7 +390,6 @@ export async function init(args) {
     console.log(`   Agent:     ${config.agentName} (id: ${config.agentId})`);
     console.log(`   Wallet:    ${config.wallet}`);
     console.log(`   Config:    ~/.crabspace/config.json`);
-    console.log(`   Memory NS: ${config.agentId}:memory:*`);
     console.log('');
     console.log('   📂 Identity Files:');
     console.log('      ~/.crabspace/identity/BOOT.md');
@@ -372,26 +397,41 @@ export async function init(args) {
     console.log('      ~/.crabspace/identity/ISNAD_IDENTITY.md');
     console.log('');
     console.log(`   📄 View:  ${apiUrl}/isnad/${config.wallet}`);
-    console.log(`   🐦 Share: ${apiUrl}/isnad/${config.wallet}`);
     console.log('');
-    console.log('   Next steps:');
-    console.log('   1. Claim your agent (links it to your identity):');
-    console.log(`      crabspace claim your@email.com`);
-    console.log('');
-    console.log('   2. Submit your first work entry:');
-    console.log('      crabspace submit --description "My first work entry"');
+    // Auto-fire claim if email was provided
+    if (operatorEmail) {
+        console.log('');
+        console.log('📧 Sending verification email...');
+        const claimSent = await fireClaim(keypair, operatorEmail, apiUrl);
+        if (claimSent) {
+            console.log(`   ✅ Verification email sent to ${operatorEmail}`);
+            console.log('   Check your inbox — click the link and post the verification tweet.');
+        }
+        console.log('');
+    }
+    if (process.stdout.isTTY) {
+        // Human operator — point them at verification, skip submit instruction
+        console.log(`   Agent live: ${apiUrl}/isnad/${config.wallet}`);
+        console.log('');
+        if (operatorEmail) {
+            console.log('   → Check your inbox and complete verification.');
+        } else {
+            console.log('   → Verify ownership: crabspace claim your@email.com');
+        }
+    } else {
+        // Agent self-installing — terse, actionable
+        console.log('   Registration complete. Identity anchored.');
+        console.log(`   Read: ${getConfigDir()}/identity/BOOT.md — your full boot context.`);
+        console.log('   Log work: crabspace submit --description "What you did"');
+    }
     console.log('');
     console.log('━'.repeat(58));
     console.log('  ⚠️  BACK UP YOUR CREDENTIALS NOW');
     console.log('');
-    console.log('  Two things to copy into your password manager:');
-    console.log(`  1. Keypair file:  ${config.keypair}`);
-    console.log('  2. biosSeed from: ~/.crabspace/config.json');
-    console.log('');
-    console.log('  Quick command to display both:');
-    console.log('  cat ~/.crabspace/config.json | grep -E \'"keypair"|"biosSeed"\'');
+    console.log('  Run this now and save the output to your password manager:');
+    console.log('  crabspace backup');
     console.log('');
-    console.log('  Without these, your identity cannot be recovered.');
-    console.log('  Full guide: https://crabspace.xyz/account');
+    console.log("  Your agent's cryptographic identity cannot be recovered without it.");
     console.log('━'.repeat(58));
 }

package/commands/status.js CHANGED Viewed

@@ -27,6 +27,11 @@ export async function status(args) {
     const data = await res.json();
     const agent = data.agent || {};
+    const total = agent.total_work_entries ?? 0;
+    const anchored = agent.anchored_entries ?? 0;
+    const unanchored = agent.unanchored_entries ?? 0;
+    const genesisRemaining = Math.max(0, 100 - total);
     console.log('');
     console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
     console.log(`  🦀 ${agent.name || config.agentName || 'Unknown Agent'}`);
@@ -34,7 +39,18 @@ export async function status(args) {
     console.log('');
     console.log(`  Wallet:      ${config.wallet}`);
     console.log(`  Registered:  ${agent.created_at ? new Date(agent.created_at).toLocaleDateString() : (config.registeredAt || 'Unknown')}`);
-    console.log(`  Work Count:  ${agent.total_work_entries ?? 0} entries`);
+    console.log(`  Claimed:     ${agent.claimed_at ? '✓ Yes' : '✗ No (run: crabspace claim <email>)'}`);
+    console.log('');
+    console.log(`  Entries:     ${total} total`);
+    console.log(`  On-chain:    ${anchored} anchored ✓`);
+    if (unanchored > 0) {
+        console.log(`  Pending:     ${unanchored} off-chain ⚠️  (fund wallet to anchor)`);
+        console.log(`    Wallet:    ${config.wallet}`);
+        console.log(`    Amount:    ~0.005 SOL, then re-run: crabspace submit`);
+    }
+    if (genesisRemaining > 0) {
+        console.log(`  Genesis:     ${genesisRemaining} free entries remaining`);
+    }
     if (agent.last_activity) {
         console.log(`  Last Entry:  ${new Date(agent.last_activity).toLocaleString()}`);
@@ -50,7 +66,5 @@ export async function status(args) {
     console.log('');
     console.log(`  📄 View:  ${apiUrl}/isnad/${config.wallet}`);
-    console.log(`  🐦 Share: ${apiUrl}/isnad/${config.wallet}`);
     console.log('');
 }

package/commands/submit.js CHANGED Viewed

@@ -112,11 +112,18 @@ export async function submit(args) {
         const paymentInfo = await res.json();
         const costLamports = paymentInfo.cost_lamports;
         const treasuryAddress = paymentInfo.treasury_address;
+        const genesisEntries = paymentInfo.genesis_grant_entries || 100;
+        const solPrice = 170; // est. USD/SOL
+        const costUsd = (costLamports / 1e9 * solPrice).toFixed(4);
         console.log('');
-        console.log(`💳 Genesis grant exhausted. Auto-paying fee...`);
-        console.log(`   Cost:     ${costLamports} lamports ($${(costLamports / 1e9 * 170).toFixed(4)} est.)`);
-        console.log(`   Treasury: ${treasuryAddress}`);
+        console.log('━'.repeat(58));
+        console.log(`  GENESIS GRANT EXHAUSTED — entry ${genesisEntries + 1}+ pending`);
+        console.log('');
+        console.log(`  Wallet: ${keypair.wallet}`);
+        console.log(`  Fee:    ${costLamports} lamports (~$${costUsd})`);
+        console.log(`  Send:   0.005 SOL to cover ~10 more entries`);
+        console.log('━'.repeat(58));
         // Load raw keypair for signing the SOL transfer
         const keypairJson = JSON.parse(readFileSync(resolvedPath, 'utf-8'));
@@ -125,12 +132,68 @@ export async function submit(args) {
         let feeTxSig;
         try {
             feeTxSig = await payFee(solKeypair, treasuryAddress, costLamports, rpcUrl);
-            console.log(`   Fee TX:   ${feeTxSig}`);
+            console.log(`  Fee TX: ${feeTxSig}`);
+            console.log('');
         } catch (payErr) {
-            throw new Error(`Auto-pay failed: ${payErr.message}. Run with --no-autopay and pay manually.`);
+            // Auto-pay failed — wallet likely has insufficient SOL
+            // Log off-chain only and prompt operator for funding
+            console.log('');
+            console.log('  ⚠️  Auto-pay failed — insufficient SOL in agent wallet.');
+            console.log('');
+            console.log('  Entry logged OFF-CHAIN only. On-chain anchor pending funding.');
+            console.log('');
+            console.log('  Operator action required:');
+            console.log(`    Wallet: ${keypair.wallet}`);
+            console.log(`    Amount: ~0.005 SOL to resume on-chain anchoring`);
+            console.log('');
+            console.log('  Once funded, re-run:');
+            console.log('    crabspace submit --description "<same entry>"');
+            console.log('━'.repeat(58));
+            console.log('');
+            // Fall through — let the submission proceed off-chain via the
+            // next fetch attempt. If that also fails, the outer error handler fires.
+            // Re-throw only if we want to completely abort (we don't — off-chain is still valid)
+            throw new Error(`Auto-pay failed: ${payErr.message}`);
         }
         // Retry submission with fee confirmed
+        // First: retroactive batch-anchor any off-chain entries now that wallet is funded
+        try {
+            const statusRes = await fetch(`${apiUrl}/api/verify?wallet=${keypair.wallet}`);
+            if (statusRes.ok) {
+                const statusData = await statusRes.json();
+                const unanchored = statusData.agent?.unanchored_entries || 0;
+                if (unanchored > 0) {
+                    console.log(`⛓️  Retroactively anchoring ${Math.min(unanchored, 20)} off-chain entries...`);
+                    // Fetch up to 20 unanchored work IDs
+                    const unanchoredRes = await fetch(
+                        `${apiUrl}/api/work/unanchored?wallet=${keypair.wallet}&limit=20`
+                    );
+                    if (unanchoredRes.ok) {
+                        const { entries: pending } = await unanchoredRes.json();
+                        const keypairJson = JSON.parse(readFileSync(resolvedPath, 'utf-8'));
+                        const solKeypair2 = SolKeypair.fromSecretKey(Uint8Array.from(keypairJson));
+                        let anchored = 0;
+                        for (const entry of (pending || [])) {
+                            try {
+                                const sig = await anchorOnChain(solKeypair2, entry.work_hash, rpcUrl);
+                                if (sig && entry.id) {
+                                    await fetch(`${apiUrl}/api/work/anchor`, {
+                                        method: 'PATCH',
+                                        headers: { 'Content-Type': 'application/json' },
+                                        body: JSON.stringify({ workId: entry.id, onChainSig: sig }),
+                                    });
+                                    anchored++;
+                                }
+                            } catch { /* individual anchor failure is non-blocking */ }
+                        }
+                        if (anchored > 0) console.log(`   ✓ ${anchored} entries anchored on-chain.`);
+                    }
+                }
+            }
+        } catch { /* retroactive anchor is non-blocking — don't fail the main submission */ }
         console.log('🔄 Retrying submission with fee paid...');
         res = await fetch(`${apiUrl}/api/work/submit`, {
             method: 'POST',
@@ -181,8 +244,17 @@ export async function submit(args) {
             }
         } catch (anchorErr) {
             console.log('');
-            console.log(`   ⚠️  Work encrypted and saved to database. On-chain anchor FAILED: ${anchorErr.message}`);
-            console.log(`   Fix: Ensure wallet has SOL on the correct network, then retry by running submit again.`);
+            console.log('━'.repeat(58));
+            console.log('  ⚠️  ON-CHAIN ANCHOR FAILED — entry saved off-chain only');
+            console.log('');
+            console.log('  Your agent wallet has insufficient SOL for Solana gas.');
+            console.log('');
+            console.log('  Operator action required:');
+            console.log(`    Wallet: ${keypair.wallet}`);
+            console.log(`    Amount: ~0.005 SOL to enable on-chain anchoring`);
+            console.log('');
+            console.log('  Once funded, re-run this command to anchor the entry.');
+            console.log('━'.repeat(58));
         }
     }

package/commands/verify.js CHANGED Viewed

@@ -10,6 +10,7 @@
 import { requireConfig, getConfigDir } from '../lib/config.js';
 import { writeFileSync, existsSync, readFileSync, mkdirSync } from 'fs';
 import { join } from 'path';
+import { Keypair as SolKeypair } from '@solana/web3.js';
 // The exact delimiter used in init.js around the unclaimed callout.
 // Everything between (and including) these markers gets stripped.
@@ -53,6 +54,37 @@ export async function verify(args) {
     const config = requireConfig();
     const apiUrl = args['api-url'] || config.apiUrl;
+    // ─── Keypair drift check ──────────────────────────────────────────────────
+    // Compares the public key of the loaded keypair file against the wallet
+    // address stored in config. Mismatch = silent identity switch (e.g. from
+    // a framework upgrade pointing to a swarm node keypair). Warn before anything
+    // else so the operator sees it immediately.
+    if (config.keypair) {
+        try {
+            const kpPath = config.keypair.replace('~', process.env.HOME);
+            const kpJson = JSON.parse(readFileSync(kpPath, 'utf-8'));
+            const kp = SolKeypair.fromSecretKey(Uint8Array.from(kpJson));
+            const loadedWallet = kp.publicKey.toBase58();
+            if (loadedWallet !== config.wallet) {
+                console.log('');
+                console.log('━'.repeat(60));
+                console.log('  ⚠️  IDENTITY MISMATCH — wrong keypair loaded');
+                console.log('');
+                console.log(`  Config wallet:  ${config.wallet}`);
+                console.log(`  Keypair wallet: ${loadedWallet}`);
+                console.log('');
+                console.log('  Your keypair file does not match your registered wallet.');
+                console.log('  Edit ~/.crabspace/config.json and fix one of:');
+                console.log('    "wallet"  → set to the correct wallet address');
+                console.log('    "keypair" → set to the correct keypair file path');
+                console.log('━'.repeat(60));
+                console.log('');
+            }
+        } catch {
+            // Keypair unreadable — skip drift check silently, verify will surface other issues
+        }
+    }
     console.log(`📡 Fetching identity from ${apiUrl}...`);
     const res = await fetch(

package/index.js CHANGED Viewed

@@ -52,7 +52,7 @@ function parseArgs(argv) {
 async function main() {
     console.log('');
-    console.log('🦀 CrabSpace CLI v0.2.10');
+    console.log('🦀 CrabSpace CLI v0.2.14');
     console.log('');
     // Silent boot pre-hook — runs before every command except init/boot/bootstrap
@@ -130,7 +130,7 @@ function printHelp() {
     console.log('  --agent-id <id>         Agent memory namespace ID, e.g. "eisner" (for init)');
     console.log('  --description <text>    Work entry description (for submit)');
     console.log('  --file <path>           Read description from file (avoids escaping issues)');
-    console.log('  --type <type>           Memory entry type: episodic|decision|claim|will|scout (for submit)');
+    console.log('  --type <type>           Memory entry type: episodic|decision|claim|will|scout|becoming (for submit)');
     console.log('  --project <name>        Project name override (for submit, overridden by --type)');
     console.log('  --rpc-url <url>         Solana RPC URL (default: mainnet-beta)');
     console.log('  --no-autopay            Disable auto-pay on 402 (manual payment mode)');

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@crabspace/cli",
-    "version": "0.2.10",
+    "version": "0.2.14",
     "description": "Identity persistence for AI agents. Register, log work, anchor on-chain.",
     "bin": {
         "crabspace": "index.js"