npm - @heyanon-arp/cli - Versions diffs - 0.0.30 → 0.0.32 - Mend

@heyanon-arp/cli 0.0.30 → 0.0.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/cli.js CHANGED Viewed

@@ -585,6 +585,30 @@ var init_api = __esm({
           )
         );
       }
+      /**
+       * Signed `GET /v1/agents/:did/active-delegations`. The signer's own
+       * IN-FLIGHT delegations as recipient — the worker's task list in one
+       * indexed read instead of crawling every relationship. Signer must
+       * equal `did`. Oldest-first (FIFO). Same inbound content-security as
+       * `listDelegations`: scope/title/brief/acceptanceCriteria are
+       * OFFERER-authored, so they are shield-scanned (the reader is the
+       * recipient here, never the offerer, so every row is scanned).
+       */
+      async listActiveDelegations(did, signer, query, signal) {
+        const rows = await this.signedRequest(
+          "GET",
+          `/v1/agents/${encodeURIComponent(did)}/active-delegations`,
+          null,
+          signer,
+          query,
+          signal
+        );
+        return Promise.all(
+          rows.map(
+            (row) => signer.did === row.offererDid ? row : (0, import_shield.guardInboundFields)(row, ["scopeSummary", "title", "brief", "acceptanceCriteria"], { selfDid: signer.did }).then((r) => r.event)
+          )
+        );
+      }
       /**
        * Signed `GET /v1/relationships/:id/work`. One row per
        * `(delegationId, requestId)`, ordered chronologically with the
@@ -735,13 +759,13 @@ var init_api = __esm({
 });
 // src/cli.ts
-var import_shield3 = require("@heyanon-arp/shield");
+var import_shield4 = require("@heyanon-arp/shield");
 var import_commander = require("commander");
 // package.json
 var package_default = {
   name: "@heyanon-arp/cli",
-  version: "0.0.30",
+  version: "0.0.32",
   description: "Command-line client for the Agent Relationship Protocol \u2014 register agents, sign envelopes, run escrowed work cycles on Solana.",
   license: "MIT",
   keywords: ["arp", "agent-relationship-protocol", "did", "solana", "escrow", "ed25519", "agents", "a2a", "cli"],
@@ -1022,7 +1046,7 @@ function requireCredential(commandName, serverUrl) {
 // src/state.ts
 init_paths();
-var STATE_WARNING = "DO NOT COMMIT \u2014 contains private keys (Ed25519 + derived scrypt).";
+var STATE_WARNING = "DO NOT COMMIT \u2014 contains private keys (Ed25519 identity + settlement).";
 function stateFilePath() {
   return (0, import_node_path4.join)(arpHomeDir(), "agents.json");
 }
@@ -1135,9 +1159,6 @@ function toKeyBundle(agent, exportedAt) {
     identitySecretKeyB64: agent.identitySecretKeyB64,
     settlementPublicKeyB58: agent.settlementPublicKeyB58,
     settlementSecretKeyB64: agent.settlementSecretKeyB64,
-    scryptKeyB64: agent.scryptKeyB64,
-    scryptSaltB64: agent.scryptSaltB64,
-    scryptSaltId: agent.scryptSaltId,
     ownerWallet: agent.ownerWallet,
     exportedAt
   };
@@ -1147,16 +1168,7 @@ function validateKeyBundle(raw) {
     throw new Error("recover: key file is not a JSON object");
   }
   const o = raw;
-  const required = [
-    "did",
-    "identityPublicKeyB58",
-    "identitySecretKeyB64",
-    "settlementPublicKeyB58",
-    "settlementSecretKeyB64",
-    "scryptKeyB64",
-    "scryptSaltB64",
-    "scryptSaltId"
-  ];
+  const required = ["did", "identityPublicKeyB58", "identitySecretKeyB64", "settlementPublicKeyB58", "settlementSecretKeyB64"];
   for (const f of required) {
     if (typeof o[f] !== "string" || o[f].length === 0) {
       throw new Error(`recover: key file is missing or has an invalid '${f}' (expected a non-empty string) \u2014 is this a 'heyarp keys export' file?`);
@@ -1171,9 +1183,6 @@ function validateKeyBundle(raw) {
     identitySecretKeyB64: o.identitySecretKeyB64,
     settlementPublicKeyB58: o.settlementPublicKeyB58,
     settlementSecretKeyB64: o.settlementSecretKeyB64,
-    scryptKeyB64: o.scryptKeyB64,
-    scryptSaltB64: o.scryptSaltB64,
-    scryptSaltId: o.scryptSaltId,
     ownerWallet: o.ownerWallet,
     exportedAt: typeof o.exportedAt === "string" ? o.exportedAt : ""
   };
@@ -4011,6 +4020,7 @@ var DELEGATION_CURRENCY_FLAGS = {
 // src/commands/delegations.ts
 var import_sdk14 = require("@heyanon-arp/sdk");
+var import_shield2 = require("@heyanon-arp/shield");
 var import_chalk12 = __toESM(require("chalk"));
 init_api();
 var ALLOWED_STATES = /* @__PURE__ */ new Set([import_sdk14.DelegationStates.OFFERED, import_sdk14.DelegationStates.ACCEPTED, import_sdk14.DelegationStates.DECLINED, import_sdk14.DelegationStates.CANCELED]);
@@ -4070,7 +4080,7 @@ function formatDelegationLine(d, selfDid, opts = {}) {
   const state = colorState(d.state).padEnd(stateColumnWidth());
   const offerer = d.offererDid === selfDid ? import_chalk12.default.bold("me") : import_chalk12.default.dim(opts.fullIds ? d.offererDid : didHead(d.offererDid));
   const amount = formatAmount(d);
-  const title = d.title ? import_chalk12.default.dim(`"${truncate2(d.title, 40)}"`) : import_chalk12.default.dim("(no title)");
+  const title = (0, import_shield2.isShieldRedacted)(d.title) ? import_chalk12.default.dim("(redacted)") : d.title ? import_chalk12.default.dim(`"${truncate2(d.title, 40)}"`) : import_chalk12.default.dim("(no title)");
   let declineSuffix = "";
   if (d.state === import_sdk14.DelegationStates.DECLINED && d.declineReason) {
     const detail = d.declineReasonDetail ? `: ${truncate2(d.declineReasonDetail, 40)}` : "";
@@ -5097,6 +5107,12 @@ var GUIDE_SECTIONS = [
       "   ARP is asynchronous \u2014 offers + work_requests ARRIVE whenever the buyer",
       "   acts. Pick whichever loop your runtime can actually sustain:",
       "",
+      "   COLD-START / RECONCILE: `heyarp tasks` returns your in-flight delegations as",
+      "   recipient (offered|accepted|pending_lock_finalization|locked|disputing) in ONE",
+      '   indexed read \u2014 the snapshot of "what is on my plate" without crawling every',
+      "   relationship. Pull it on startup / after a restart, then ride a loop below for",
+      "   new arrivals (the inbox stream is the realtime signal; `tasks` is the catch-up):",
+      "",
       "   A) LONG-LIVED (a process that can hold a thread \u2014 e.g. a daemon):",
       "      block on the next state:",
       "        heyarp status <rel-id> --wait --until <state>   (exit 124 on timeout)",
@@ -6457,7 +6473,7 @@ function registerProfileCommand(root) {
 // src/commands/receipt.ts
 var import_sdk22 = require("@heyanon-arp/sdk");
-var import_shield2 = require("@heyanon-arp/shield");
+var import_shield3 = require("@heyanon-arp/shield");
 var import_chalk25 = __toESM(require("chalk"));
 init_api();
 function registerReceiptCommands(root) {
@@ -6668,7 +6684,7 @@ async function computeWorkLogHashes(api, sender, relationshipId, delegationId, r
       `receipt propose --auto-hashes: work-log row ${requestId} is in state '${workLog.state}', not 'responded'. The payee must \`work respond\` before a receipt can be proposed.`
     );
   }
-  if ((0, import_shield2.isShieldRedacted)(workLog.requestParams) || (0, import_shield2.isShieldRedacted)(workLog.responseOutput)) {
+  if ((0, import_shield3.isShieldRedacted)(workLog.requestParams) || (0, import_shield3.isShieldRedacted)(workLog.responseOutput)) {
     throw new Error(
       `receipt propose --auto-hashes: work-log row ${requestId} has shield-withheld content (the counterparty's request or response was flagged by content-security). Cannot reconstruct canonical hashes over withheld content \u2014 do not settle; review and dispute. See ~/.heyshield/receipts.jsonl.`
     );
@@ -6939,9 +6955,6 @@ async function runRecover(opts) {
     identitySecretKeyB64: bundle.identitySecretKeyB64,
     settlementPublicKeyB58: bundle.settlementPublicKeyB58,
     settlementSecretKeyB64: bundle.settlementSecretKeyB64,
-    scryptKeyB64: bundle.scryptKeyB64,
-    scryptSaltB64: bundle.scryptSaltB64,
-    scryptSaltId: bundle.scryptSaltId,
     currentAttestationId: row.currentAttestationId,
     name: row.name ?? void 0,
     description: row.description ?? void 0,
@@ -6959,7 +6972,6 @@ async function runRecover(opts) {
 }
 // src/commands/register.ts
-var import_node_crypto4 = require("crypto");
 var import_node_fs9 = require("fs");
 var import_sdk25 = require("@heyanon-arp/sdk");
 var import_chalk28 = __toESM(require("chalk"));
@@ -6971,28 +6983,10 @@ function registerRegisterCommand(root) {
     [
       "Register a new ARP agent. Interactive by default; pass any of the profile flags below to skip the matching prompt.",
       "",
-      "`--password` is REQUIRED \u2014 must be at least 8 characters. In interactive mode (--yes omitted) the CLI prompts for it; with --yes it must be passed explicitly.",
+      "No password \u2014 the agent identity key self-signs the owner key-link; ownership is your `heyarp login` wallet.",
       "`--yes` is the non-interactive switch \u2014 every required field must arrive via flags (no prompts). Use this for scripted setups."
     ].join("\n")
-  ).option("--server <url>", "Override ARP server base URL").option("--from-keys <file>", "Load identity + settlement keys from a JSON file instead of generating").option("--name <s>", "Unique handle \u2014 lowercase a-z0-9_, 3-32 chars, immutable (skips the name prompt)").option("--description <s>", "Description (skips the description prompt)").option("--tag <s>", "Capability tag \u2014 repeatable, e.g. --tag translation --tag fr", accumulate3, []).option(
-    "--password <s>",
-    // `--password` puts the secret in `argv` — visible via
-    // `ps aux` / kernel process table on shared hosts,
-    // recorded by `/proc/<pid>/cmdline`, and almost always
-    // logged by CI runners (e.g. GitHub Actions echoes the
-    // full command). Safer alternatives:
-    // • interactive prompt (default) — never written anywhere
-    // • `HEYARP_PASSWORD` env var (tracked) reads from env so
-    //   the secret stays out of argv even in scripts
-    // Treat `--password <s>` as a one-off local-dev affordance;
-    // do NOT use it in CI pipelines without a secret-redacting
-    // runner.
-    "Owner password \u2014 MUST be at least 8 characters. REQUIRED when --yes is set; otherwise the CLI prompts for it. WARNING: --password puts the secret in process argv (visible in `ps`, /proc/<pid>/cmdline, and CI logs that echo commands). Prefer the interactive prompt unless your CI runner redacts secrets in command echoes. HEYARP_PASSWORD env var support is tracked."
-  ).option(
-    "--yes",
-    "Strict non-interactive: fail if any required field is still missing after merging flags. With --yes, --password must be supplied explicitly (>= 8 chars).",
-    false
-  ).option(
+  ).option("--server <url>", "Override ARP server base URL").option("--from-keys <file>", "Load identity + settlement keys from a JSON file instead of generating").option("--name <s>", "Unique handle \u2014 lowercase a-z0-9_, 3-32 chars, immutable (skips the name prompt)").option("--description <s>", "Description (skips the description prompt)").option("--tag <s>", "Capability tag \u2014 repeatable, e.g. --tag translation --tag fr", accumulate3, []).option("--yes", "Strict non-interactive: fail if any required field (--name) is still missing after merging flags.", false).option(
     "--json",
     // Emit a single JSON object instead of human-friendly
     // success prints. Output shape:
@@ -7029,9 +7023,6 @@ async function runRegister(opts, deps = defaultRegisterDeps) {
   const did = (0, import_sdk25.formatDid)(keys.identityPublicKey);
   if (!opts.json) console.log(import_chalk28.default.dim(`DID will be: ${did}`));
   const answers = await mergeAnswers(opts);
-  const scryptSalt = (0, import_node_crypto4.randomBytes)(16);
-  if (!opts.json) console.log(import_chalk28.default.dim("Deriving scrypt key, this may take a moment..."));
-  const scryptKey = (0, import_sdk25.deriveScryptKey)(answers.password, new Uint8Array(scryptSalt));
   const challenge = await api.issueChallenge("register");
   const challengeBytes = base64UrlNoPadDecode(challenge.challengeB64);
   if (challengeBytes.length !== 32) {
@@ -7045,7 +7036,6 @@ async function runRegister(opts, deps = defaultRegisterDeps) {
     signature: Buffer.from(challengeSig).toString("base64")
   });
   const settlementPublicKeyB58 = (0, import_sdk25.base58btcEncode)(keys.settlementPublicKey);
-  const scryptSaltId = (0, import_sdk25.uuidV4)();
   const payload = {
     purpose: import_sdk25.Purpose.KEY_LINK,
     agent_did: did,
@@ -7056,18 +7046,15 @@ async function runRegister(opts, deps = defaultRegisterDeps) {
     created_at: (0, import_sdk25.rfc3339)(),
     nonce: (0, import_sdk25.senderNonce)()
   };
-  const attestation = (0, import_sdk25.signKeyLinkAttestation)({ payload, scryptKey, scryptSaltId });
+  const attestation = (0, import_sdk25.signKeyLinkAttestation)({ payload, identitySecretKey: keys.identitySecretKey });
   const body = {
     challengeId: challenge.challengeId,
     identityPublicKey: identityPublicKeyB58,
     settlementPublicKey: settlementPublicKeyB58,
     ownerAttestation: {
       payload: attestation.payload,
-      sig: attestation.sig,
-      scrypt_salt_id: attestation.scrypt_salt_id
+      sig: attestation.sig
     },
-    scryptKeyB64: Buffer.from(scryptKey).toString("base64"),
-    scryptSaltB64: Buffer.from(scryptSalt).toString("base64"),
     name: answers.name,
     description: answers.description ? answers.description : void 0,
     tags: answers.tags.length > 0 ? answers.tags : void 0
@@ -7078,9 +7065,6 @@ async function runRegister(opts, deps = defaultRegisterDeps) {
     identitySecretKeyB64: Buffer.from(keys.identitySecretKey).toString("base64"),
     settlementPublicKeyB58,
     settlementSecretKeyB64: Buffer.from(keys.settlementSecretKey).toString("base64"),
-    scryptKeyB64: Buffer.from(scryptKey).toString("base64"),
-    scryptSaltB64: Buffer.from(scryptSalt).toString("base64"),
-    scryptSaltId,
     // Placeholder until the server confirms registration and returns
     // the canonical attestation id (finalized in Step 8 below).
     currentAttestationId: "",
@@ -7159,32 +7143,15 @@ Local state saved to ${arpHomeDir()}/agents.json (mode 0600).`));
   }
 }
 async function mergeAnswers(opts) {
-  const need = opts.yes ? { password: false, name: false, description: false, tagsCsv: false } : {
-    password: opts.password === void 0,
+  const need = opts.yes ? { name: false, description: false, tagsCsv: false } : {
     name: opts.name === void 0,
     description: opts.description === void 0,
     tagsCsv: opts.tag === void 0 || opts.tag.length === 0
   };
-  if (opts.yes) {
-    const missing = [];
-    if (opts.password === void 0) missing.push("--password");
-    if (opts.name === void 0) missing.push("--name");
-    if (missing.length > 0) {
-      throw new Error(`register --yes: missing required flag${missing.length > 1 ? "s" : ""}: ${missing.join(", ")}`);
-    }
-  }
-  if (opts.password !== void 0 && opts.password.length < 8) {
-    throw new Error("register --password: password must be at least 8 characters");
+  if (opts.yes && opts.name === void 0) {
+    throw new Error("register --yes: missing required flag: --name");
   }
   const promptDefs = [];
-  if (need.password) {
-    promptDefs.push({
-      type: "password",
-      name: "password",
-      message: "Owner password (used to derive the scrypt key)",
-      validate: (v) => v.length >= 8 ? true : "must be at least 8 characters"
-    });
-  }
   if (need.name) {
     promptDefs.push({
       type: "text",
@@ -7218,7 +7185,6 @@ async function mergeAnswers(opts) {
   const tags = (opts.tag && opts.tag.length > 0 ? opts.tag : parseTagsCsv(typeof prompted.tagsCsv === "string" ? prompted.tagsCsv : "")).map((t) => t.trim().toLowerCase()).filter((t) => t.length > 0);
   const name = normalizeAndValidateName(opts.name ?? prompted.name);
   return {
-    password: opts.password ?? prompted.password,
     name,
     description: opts.description ?? prompted.description ?? "",
     tags
@@ -8070,9 +8036,63 @@ function renderAssets(assets) {
   }
 }
-// src/commands/watch.ts
+// src/commands/tasks.ts
+var import_sdk30 = require("@heyanon-arp/sdk");
 var import_chalk35 = __toESM(require("chalk"));
 init_api();
+var INFLIGHT = new Set(import_sdk30.DELEGATION_INFLIGHT_STATES);
+function registerTasksCommand(root) {
+  root.command("tasks").description("List MY in-flight delegations as recipient \u2014 the worker task list (offered|accepted|pending_lock_finalization|locked|disputing), oldest-first").option("--server <url>", "Override ARP server base URL").option("--state <s>", "Filter by ONE in-flight state (offered|accepted|pending_lock_finalization|locked|disputing)").option("--after <id>", "Cursor: pass the previous page's last `id` to fetch the next page").option("--limit <n>", "Max rows to return (1..100)", "20").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--json", "Machine-readable mode \u2014 emit a single JSON array of delegation rows, no chalk, no summary. Pipe-safe.", false).option("--full-ids", "Print delegationId / DIDs in full (no truncation) for copy-paste into the next command.", false).action(async (opts) => {
+    await runTasks(opts);
+  });
+}
+async function runTasks(opts) {
+  const limit = parseLimit7(opts.limit);
+  const state = parseInflightState(opts.state);
+  const api = new ArpApiClient(opts.server);
+  const sender = resolveSenderAgent("tasks", opts.server, opts.fromDid, opts.from);
+  progress(opts.json, import_chalk35.default.dim(`Server: ${api.serverUrl}`));
+  progress(opts.json, import_chalk35.default.dim(`Signer: ${sender.did}`));
+  const query = { limit };
+  if (state) query.state = state;
+  if (opts.after) query.after = opts.after;
+  const signer = makeSigner(sender);
+  const rows = await api.listActiveDelegations(sender.did, signer, query);
+  if (opts.json) {
+    jsonOut(rows);
+    return;
+  }
+  if (rows.length === 0) {
+    console.log(import_chalk35.default.dim("\n(no in-flight delegations \u2014 your task queue is empty)"));
+    return;
+  }
+  console.log("");
+  for (const d of rows) {
+    console.log(formatDelegationLine(d, sender.did, { fullIds: !!opts.fullIds }));
+  }
+  const lastId = rows[rows.length - 1].id;
+  console.log(import_chalk35.default.dim(`
+${rows.length} active task(s). Paginate with --after ${lastId}.`));
+}
+function parseLimit7(raw) {
+  if (raw === void 0) return 20;
+  const n = Number(raw);
+  if (!Number.isFinite(n) || !Number.isInteger(n) || n < 1 || n > 100) {
+    throw new Error(`tasks: --limit must be an integer between 1 and 100 (got '${raw}')`);
+  }
+  return n;
+}
+function parseInflightState(raw) {
+  if (raw === void 0) return void 0;
+  if (!INFLIGHT.has(raw)) {
+    throw new Error(`tasks: --state must be an in-flight state (offered|accepted|pending_lock_finalization|locked|disputing) (got '${raw}')`);
+  }
+  return raw;
+}
+// src/commands/watch.ts
+var import_chalk36 = __toESM(require("chalk"));
+init_api();
 function registerWatchCommand(root) {
   root.command("watch").description("Live tail filtered to a single relationship (SSE). Server-side $match; only envelopes belonging to <rel-id> are streamed.").argument("<relationship-id>", "Relationship UUID to watch").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--verbose", "After each envelope, print the full JSON with a per-row label including eventId + serverEventHash", false).option("--json", "Machine-readable: one NDJSON object per line. Pipe-safe into `jq -c`.", false).option("--full-ids", "Print DIDs + serverEventHash in full (no truncation).", false).action(async (relationshipId, opts) => {
     await runWatch(relationshipId, opts);
@@ -8082,9 +8102,9 @@ async function runWatch(relationshipId, opts) {
   const local = resolveSenderAgent("watch", opts.server, opts.fromDid, opts.from);
   const api = new ArpApiClient(opts.server);
   if (!opts.json) {
-    console.log(import_chalk35.default.dim(`Server: ${api.serverUrl}`));
-    console.log(import_chalk35.default.dim(`Signer: ${local.did}`));
-    console.log(import_chalk35.default.dim(`Watching: ${relationshipId}`));
+    console.log(import_chalk36.default.dim(`Server: ${api.serverUrl}`));
+    console.log(import_chalk36.default.dim(`Signer: ${local.did}`));
+    console.log(import_chalk36.default.dim(`Watching: ${relationshipId}`));
   }
   const controller = new AbortController();
   let userAborted = false;
@@ -8103,7 +8123,7 @@ async function runWatch(relationshipId, opts) {
       }
       if (event.type === "heartbeat") continue;
       if (event.type === "connected") {
-        console.log(import_chalk35.default.green(`\u25CF stream open \u2014 watching ${relationshipId}`));
+        console.log(import_chalk36.default.green(`\u25CF stream open \u2014 watching ${relationshipId}`));
         continue;
       }
       if (event.type === "envelope") {
@@ -8117,7 +8137,7 @@ async function runWatch(relationshipId, opts) {
         }
         continue;
       }
-      console.log(import_chalk35.default.dim(`(unknown event: ${event.type})`));
+      console.log(import_chalk36.default.dim(`(unknown event: ${event.type})`));
     }
     if (!userAborted) {
       throw new Error(`watch ${relationshipId}: stream ended unexpectedly (server may have restarted, or the change stream errored). Re-run to reconnect.`);
@@ -8125,7 +8145,7 @@ async function runWatch(relationshipId, opts) {
   } catch (err) {
     const name = err.name;
     if (name === "AbortError" || userAborted) {
-      if (!opts.json) console.log(import_chalk35.default.dim("\nstream closed."));
+      if (!opts.json) console.log(import_chalk36.default.dim("\nstream closed."));
       return;
     }
     throw err;
@@ -8139,21 +8159,21 @@ function formatWatchLine(ev, selfDid, opts = {}) {
   const type = ev.type.padEnd(20);
   const direction = directionLabel2(ev, selfDid, opts);
   const hash = opts.fullIds ? ev.serverEventHash : hashHead4(ev.serverEventHash);
-  return `${import_chalk35.default.dim(`[${ts}]`)}  ${type}  ${direction}    ${import_chalk35.default.cyan(hash)}`;
+  return `${import_chalk36.default.dim(`[${ts}]`)}  ${type}  ${direction}    ${import_chalk36.default.cyan(hash)}`;
 }
 function directionLabel2(ev, selfDid, opts = {}) {
   const senderHead = opts.fullIds ? ev.senderDid : didHead4(ev.senderDid);
   const recipientHead = opts.fullIds ? ev.recipientDid : didHead4(ev.recipientDid);
-  if (ev.senderDid === selfDid) return `${import_chalk35.default.bold("me")} \u2192 ${import_chalk35.default.dim(recipientHead)}`;
-  if (ev.recipientDid === selfDid) return `${import_chalk35.default.dim(senderHead)} \u2192 ${import_chalk35.default.bold("me")}`;
-  return `${import_chalk35.default.dim(senderHead)} \u2192 ${import_chalk35.default.dim(recipientHead)}`;
+  if (ev.senderDid === selfDid) return `${import_chalk36.default.bold("me")} \u2192 ${import_chalk36.default.dim(recipientHead)}`;
+  if (ev.recipientDid === selfDid) return `${import_chalk36.default.dim(senderHead)} \u2192 ${import_chalk36.default.bold("me")}`;
+  return `${import_chalk36.default.dim(senderHead)} \u2192 ${import_chalk36.default.dim(recipientHead)}`;
 }
 function didHead4(did) {
   if (did.length <= 20) return did;
   return `${did.slice(0, 20)}...`;
 }
 function hashHead4(hash) {
-  if (!hash) return import_chalk35.default.dim("(none)");
+  if (!hash) return import_chalk36.default.dim("(none)");
   if (hash.length <= 14) return hash;
   return `${hash.slice(0, 14)}...`;
 }
@@ -8165,7 +8185,7 @@ function formatClock(iso) {
 }
 // src/commands/whoami.ts
-var import_chalk36 = __toESM(require("chalk"));
+var import_chalk37 = __toESM(require("chalk"));
 init_api();
 function registerWhoamiCommand(root) {
   root.command("whoami").description(
@@ -8196,12 +8216,12 @@ function registerWhoamiCommand(root) {
         if (opts.json) {
           console.log(formatJson({ ...localJson, account: credential ? { wallet: credential.wallet } : null }));
         } else {
-          console.log(import_chalk36.default.bold("Local agent:"));
-          console.log(`  DID:                ${import_chalk36.default.cyan(local.did)}`);
-          console.log(`  Settlement pubkey:  ${import_chalk36.default.cyan(local.settlementPublicKeyB58)}`);
-          console.log(`  Identity pubkey:    ${import_chalk36.default.cyan(local.identityPublicKeyB58)}`);
+          console.log(import_chalk37.default.bold("Local agent:"));
+          console.log(`  DID:                ${import_chalk37.default.cyan(local.did)}`);
+          console.log(`  Settlement pubkey:  ${import_chalk37.default.cyan(local.settlementPublicKeyB58)}`);
+          console.log(`  Identity pubkey:    ${import_chalk37.default.cyan(local.identityPublicKeyB58)}`);
           if (local.name) console.log(`  Name:               ${local.name}`);
-          console.log(`  Account:            ${credential ? import_chalk36.default.cyan(credential.wallet) : import_chalk36.default.dim("not logged in (heyarp login)")}`);
+          console.log(`  Account:            ${credential ? import_chalk37.default.cyan(credential.wallet) : import_chalk37.default.dim("not logged in (heyarp login)")}`);
         }
         return;
       }
@@ -8219,19 +8239,19 @@ function registerWhoamiCommand(root) {
       if (opts.json) {
         console.log(formatJson({ local: localJson, account, server: agent }));
       } else {
-        console.log(import_chalk36.default.dim(`Server: ${api.serverUrl}`));
-        console.log(import_chalk36.default.bold("\nLocal agent:"));
-        console.log(`  DID:                ${import_chalk36.default.cyan(local.did)}`);
-        console.log(`  Settlement pubkey:  ${import_chalk36.default.cyan(local.settlementPublicKeyB58)}`);
-        console.log(`  Identity pubkey:    ${import_chalk36.default.cyan(local.identityPublicKeyB58)}`);
-        console.log(import_chalk36.default.bold("\nAccount:"));
+        console.log(import_chalk37.default.dim(`Server: ${api.serverUrl}`));
+        console.log(import_chalk37.default.bold("\nLocal agent:"));
+        console.log(`  DID:                ${import_chalk37.default.cyan(local.did)}`);
+        console.log(`  Settlement pubkey:  ${import_chalk37.default.cyan(local.settlementPublicKeyB58)}`);
+        console.log(`  Identity pubkey:    ${import_chalk37.default.cyan(local.identityPublicKeyB58)}`);
+        console.log(import_chalk37.default.bold("\nAccount:"));
         if (account) {
-          console.log(`  Wallet:             ${import_chalk36.default.cyan(account.wallet)}`);
+          console.log(`  Wallet:             ${import_chalk37.default.cyan(account.wallet)}`);
           console.log(`  Agents registered:  ${account.agentCount}`);
         } else {
-          console.log(`  ${import_chalk36.default.dim("not logged in (heyarp login)")}`);
+          console.log(`  ${import_chalk37.default.dim("not logged in (heyarp login)")}`);
         }
-        console.log(import_chalk36.default.bold("\nServer profile:"));
+        console.log(import_chalk37.default.bold("\nServer profile:"));
         console.log(formatJson(agent));
       }
     } catch (err) {
@@ -8242,13 +8262,13 @@ function registerWhoamiCommand(root) {
 }
 // src/commands/whois.ts
-var import_sdk30 = require("@heyanon-arp/sdk");
-var import_chalk37 = __toESM(require("chalk"));
+var import_sdk31 = require("@heyanon-arp/sdk");
+var import_chalk38 = __toESM(require("chalk"));
 init_api();
 function registerWhoisCommand(root) {
   root.command("whois").description("Resolve an agent name (handle) or DID to its public profile \u2014 DID, description, reputation, liveness.").argument("<name-or-did>", "Agent name (handle) or DID (did:arp:...)").option("--server <url>", "Override ARP server base URL").option("--json", "Emit the full composed profile (DiscoveryProfile) as a single JSON object on stdout.", false).action(async (input, opts) => {
     const api = new ArpApiClient(opts.server);
-    progress(opts.json, import_chalk37.default.dim(`Server: ${api.serverUrl}`));
+    progress(opts.json, import_chalk38.default.dim(`Server: ${api.serverUrl}`));
     const profile = await resolveProfile(api, input);
     if (opts.json) {
       jsonOut(profile);
@@ -8259,31 +8279,31 @@ function registerWhoisCommand(root) {
 }
 async function resolveProfile(api, input) {
   if (input.startsWith("did:arp:")) {
-    if (!(0, import_sdk30.isValidDid)(input)) {
+    if (!(0, import_sdk31.isValidDid)(input)) {
       throw new Error(`whois: '${input}' starts with did:arp: but is not a valid DID (base58btc-encoded 32-byte Ed25519 pubkey).`);
     }
     return api.discoverProfile(input);
   }
-  const name = (0, import_sdk30.normalizeName)(input);
-  if (!(0, import_sdk30.isValidAgentName)(name)) {
+  const name = (0, import_sdk31.normalizeName)(input);
+  if (!(0, import_sdk31.isValidAgentName)(name)) {
     throw new Error(`whois: '${input}' is neither a DID (did:arp:...) nor a valid agent name (lowercase a-z0-9_, 3-32 chars).`);
   }
   return api.discoverByName(name);
 }
 function printProfile(p) {
-  console.log(`${import_chalk37.default.bold("Name")}:        ${import_chalk37.default.cyan(p.name ?? "(unnamed)")}`);
-  console.log(`${import_chalk37.default.bold("DID")}:         ${import_chalk37.default.cyan(p.did)}`);
-  if (p.description) console.log(`${import_chalk37.default.bold("Description")}: ${p.description}`);
-  if (p.tags.length > 0) console.log(`${import_chalk37.default.bold("Tags")}:        ${p.tags.join(", ")}`);
-  console.log(`${import_chalk37.default.bold("Registered")}:  ${p.registeredAt}`);
+  console.log(`${import_chalk38.default.bold("Name")}:        ${import_chalk38.default.cyan(p.name ?? "(unnamed)")}`);
+  console.log(`${import_chalk38.default.bold("DID")}:         ${import_chalk38.default.cyan(p.did)}`);
+  if (p.description) console.log(`${import_chalk38.default.bold("Description")}: ${p.description}`);
+  if (p.tags.length > 0) console.log(`${import_chalk38.default.bold("Tags")}:        ${p.tags.join(", ")}`);
+  console.log(`${import_chalk38.default.bold("Registered")}:  ${p.registeredAt}`);
   const rep = p.reputation;
-  console.log(`${import_chalk37.default.bold("Reputation")}:  composite ${rep.scores.composite}/100${rep.computed ? "" : import_chalk37.default.dim(" (cold-start \u2014 no settled cycles yet)")}`);
-  console.log(`${import_chalk37.default.bold("Online")}:      ${p.liveness.online ? import_chalk37.default.green("yes") : import_chalk37.default.dim("no")}`);
+  console.log(`${import_chalk38.default.bold("Reputation")}:  composite ${rep.scores.composite}/100${rep.computed ? "" : import_chalk38.default.dim(" (cold-start \u2014 no settled cycles yet)")}`);
+  console.log(`${import_chalk38.default.bold("Online")}:      ${p.liveness.online ? import_chalk38.default.green("yes") : import_chalk38.default.dim("no")}`);
 }
 // src/commands/work.ts
-var import_sdk31 = require("@heyanon-arp/sdk");
-var import_chalk38 = __toESM(require("chalk"));
+var import_sdk32 = require("@heyanon-arp/sdk");
+var import_chalk39 = __toESM(require("chalk"));
 init_api();
 function registerWorkCommands(root) {
   const cmd = root.command("work").description("Work envelopes inside an ACCEPTED delegation: request / respond");
@@ -8297,7 +8317,7 @@ function registerRequest(parent) {
   ).option(
     "--params-file <path>",
     "Read the JSON payload from a file. Mutually exclusive with --params. Use this for any payload large or quote-heavy enough that `--params '{...}'` would fight your shell."
-  ).option("--ttl <seconds>", `Envelope TTL in seconds (max ${import_sdk31.MAX_ENVELOPE_TTL_SECONDS} = 24h)`, "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
+  ).option("--ttl <seconds>", `Envelope TTL in seconds (max ${import_sdk32.MAX_ENVELOPE_TTL_SECONDS} = 24h)`, "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
     "--json",
     'Machine-readable mode \u2014 emit a single JSON object on stdout ({ok, action:"work_request", requestId, delegationId, eventId, relationshipId, relationshipEventIndex, serverTimestamp, serverEventHash}). Prelude + reply hints move to stderr; on failure stderr carries `{code, message}`. Mutually exclusive with --verbose.',
     false
@@ -8324,11 +8344,11 @@ async function runRequest(recipientDid, delegationId, opts) {
     params
   };
   const body = { type: "work_request", content };
-  progress(opts.json, import_chalk38.default.dim(`Server: ${api.serverUrl}`));
-  progress(opts.json, import_chalk38.default.dim(`Sender: ${sender.did}`));
-  progress(opts.json, import_chalk38.default.dim(`Recipient: ${recipientDid}`));
-  progress(opts.json, import_chalk38.default.dim(`Delegation: ${delegationId}`));
-  progress(opts.json, import_chalk38.default.dim(`Request id: ${requestId}`));
+  progress(opts.json, import_chalk39.default.dim(`Server: ${api.serverUrl}`));
+  progress(opts.json, import_chalk39.default.dim(`Sender: ${sender.did}`));
+  progress(opts.json, import_chalk39.default.dim(`Recipient: ${recipientDid}`));
+  progress(opts.json, import_chalk39.default.dim(`Delegation: ${delegationId}`));
+  progress(opts.json, import_chalk39.default.dim(`Request id: ${requestId}`));
   const result = await sendWorkEnvelope({ api, sender, recipientDid, body, ttlSeconds, verbose: opts.verbose, server: opts.server });
   if (opts.json) {
     jsonOut({
@@ -8345,10 +8365,10 @@ async function runRequest(recipientDid, delegationId, opts) {
     });
   } else {
     printIngestResult3(result);
-    console.log(import_chalk38.default.dim(`
+    console.log(import_chalk39.default.dim(`
 The payee can reply with:`));
-    console.log(import_chalk38.default.dim(`  heyarp work respond ${result.relationshipId} ${delegationId} ${requestId} --output '<json>'`));
-    console.log(import_chalk38.default.dim(`  heyarp work respond ${result.relationshipId} ${delegationId} ${requestId} --error CODE:message`));
+    console.log(import_chalk39.default.dim(`  heyarp work respond ${result.relationshipId} ${delegationId} ${requestId} --output '<json>'`));
+    console.log(import_chalk39.default.dim(`  heyarp work respond ${result.relationshipId} ${delegationId} ${requestId} --error CODE:message`));
   }
 }
 function registerRespond(parent) {
@@ -8383,13 +8403,13 @@ async function runRespond(relationshipId, delegationId, requestId, opts) {
     ...responsePayload
   };
   const body = { type: "work_response", content };
-  progress(opts.json, import_chalk38.default.dim(`Server: ${api.serverUrl}`));
-  progress(opts.json, import_chalk38.default.dim(`Sender: ${sender.did}`));
-  progress(opts.json, import_chalk38.default.dim(`Recipient: ${recipientDid}`));
-  progress(opts.json, import_chalk38.default.dim(`Relationship: ${relationshipId}`));
-  progress(opts.json, import_chalk38.default.dim(`Delegation: ${delegationId}`));
-  progress(opts.json, import_chalk38.default.dim(`Request id: ${requestId}`));
-  progress(opts.json, import_chalk38.default.dim(`Outcome: ${responsePayload.output ? "success" : "error"}`));
+  progress(opts.json, import_chalk39.default.dim(`Server: ${api.serverUrl}`));
+  progress(opts.json, import_chalk39.default.dim(`Sender: ${sender.did}`));
+  progress(opts.json, import_chalk39.default.dim(`Recipient: ${recipientDid}`));
+  progress(opts.json, import_chalk39.default.dim(`Relationship: ${relationshipId}`));
+  progress(opts.json, import_chalk39.default.dim(`Delegation: ${delegationId}`));
+  progress(opts.json, import_chalk39.default.dim(`Request id: ${requestId}`));
+  progress(opts.json, import_chalk39.default.dim(`Outcome: ${responsePayload.output ? "success" : "error"}`));
   const result = await sendWorkEnvelope({ api, sender, recipientDid, body, ttlSeconds, verbose: opts.verbose, server: opts.server });
   if (opts.json) {
     jsonOut({
@@ -8411,26 +8431,26 @@ async function runRespond(relationshipId, delegationId, requestId, opts) {
 async function sendWorkEnvelope(args) {
   const nextSequence = (args.sender.lastSenderSequence ?? 0) + 1;
   const protectedBlock = {
-    protocol_version: import_sdk31.CURRENT_PROTOCOL_VERSION,
-    purpose: import_sdk31.Purpose.ENVELOPE,
-    message_id: (0, import_sdk31.uuidV4)(),
+    protocol_version: import_sdk32.CURRENT_PROTOCOL_VERSION,
+    purpose: import_sdk32.Purpose.ENVELOPE,
+    message_id: (0, import_sdk32.uuidV4)(),
     sender_did: args.sender.did,
     recipient_did: args.recipientDid,
     relationship_id: null,
     sender_sequence: nextSequence,
-    sender_nonce: (0, import_sdk31.senderNonce)(),
-    timestamp: (0, import_sdk31.rfc3339)(),
-    expires_at: (0, import_sdk31.expiresAt)(args.ttlSeconds),
+    sender_nonce: (0, import_sdk32.senderNonce)(),
+    timestamp: (0, import_sdk32.rfc3339)(),
+    expires_at: (0, import_sdk32.expiresAt)(args.ttlSeconds),
     delivery_id: null
   };
   const signer = makeSigner(args.sender);
-  const envelope = (0, import_sdk31.signEnvelope)({
+  const envelope = (0, import_sdk32.signEnvelope)({
     protected: protectedBlock,
     body: args.body,
     identitySecretKey: signer.identitySecretKey
   });
   if (args.verbose) {
-    console.log(import_chalk38.default.bold("\nEnvelope (pre-send):"));
+    console.log(import_chalk39.default.bold("\nEnvelope (pre-send):"));
     console.log(formatJson(envelope));
   }
   try {
@@ -8438,7 +8458,7 @@ async function sendWorkEnvelope(args) {
     updateAgentLocal(args.server, args.sender.did, { lastSenderSequence: nextSequence });
     return result;
   } catch (err) {
-    if (err instanceof ApiError && (0, import_sdk31.isPostCommitErrorCode)(err.payload.code)) {
+    if (err instanceof ApiError && (0, import_sdk32.isPostCommitErrorCode)(err.payload.code)) {
       updateAgentLocal(args.server, args.sender.did, { lastSenderSequence: nextSequence });
     }
     throw err;
@@ -8450,7 +8470,7 @@ async function resolveResponseRecipient(cmdName, api, signer, args) {
     const page = await api.listWorkLogs(args.relationshipId, signer, { delegationId: args.delegationId, limit: 100, after });
     const row = page.find((w) => w.requestId === args.requestId);
     if (row) {
-      if (row.state !== import_sdk31.WorkLogStates.REQUESTED) {
+      if (row.state !== import_sdk32.WorkLogStates.REQUESTED) {
         throw new Error(
           `${cmdName}: work_request ${args.requestId} for delegation ${args.delegationId} is already in state '${row.state}' \u2014 only requests in state 'requested' can be responded to.`
         );
@@ -8470,12 +8490,12 @@ async function resolveResponseRecipient(cmdName, api, signer, args) {
   );
 }
 function printIngestResult3(result) {
-  console.log(import_chalk38.default.green("\nDelivered."));
-  console.log(`${import_chalk38.default.bold("Event id")}: ${import_chalk38.default.cyan(result.eventId)}`);
-  console.log(`${import_chalk38.default.bold("Relationship id")}: ${import_chalk38.default.cyan(result.relationshipId)}`);
-  console.log(`${import_chalk38.default.bold("Chain index")}: ${import_chalk38.default.cyan(String(result.relationshipEventIndex))}`);
-  console.log(`${import_chalk38.default.bold("Server timestamp")}: ${import_chalk38.default.cyan(result.serverTimestamp)}`);
-  console.log(`${import_chalk38.default.bold("Server event hash")}: ${import_chalk38.default.cyan(result.serverEventHash)}`);
+  console.log(import_chalk39.default.green("\nDelivered."));
+  console.log(`${import_chalk39.default.bold("Event id")}: ${import_chalk39.default.cyan(result.eventId)}`);
+  console.log(`${import_chalk39.default.bold("Relationship id")}: ${import_chalk39.default.cyan(result.relationshipId)}`);
+  console.log(`${import_chalk39.default.bold("Chain index")}: ${import_chalk39.default.cyan(String(result.relationshipEventIndex))}`);
+  console.log(`${import_chalk39.default.bold("Server timestamp")}: ${import_chalk39.default.cyan(result.serverTimestamp)}`);
+  console.log(`${import_chalk39.default.bold("Server event hash")}: ${import_chalk39.default.cyan(result.serverEventHash)}`);
 }
 function parseJsonObject(cmdName, flagName, raw) {
   let parsed;
@@ -8567,7 +8587,7 @@ function parseTtl5(cmdName, raw) {
 }
 function parseRequestId(cmdName, raw) {
   if (raw === void 0 || raw === "") {
-    return (0, import_sdk31.uuidV4)();
+    return (0, import_sdk32.uuidV4)();
   }
   if (raw.length === 0) {
     throw new Error(`${cmdName}: --request-id must be a non-empty string`);
@@ -8576,10 +8596,10 @@ function parseRequestId(cmdName, raw) {
 }
 // src/commands/work-list.ts
-var import_sdk32 = require("@heyanon-arp/sdk");
-var import_chalk39 = __toESM(require("chalk"));
+var import_sdk33 = require("@heyanon-arp/sdk");
+var import_chalk40 = __toESM(require("chalk"));
 init_api();
-var ALLOWED_STATES3 = new Set(import_sdk32.WORK_LOG_STATES);
+var ALLOWED_STATES3 = new Set(import_sdk33.WORK_LOG_STATES);
 function registerWorkListCommand(root) {
   root.command("work-list").description("List work-log rows for a relationship (one row per (delegationId, requestId), oldest-first)").argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--state <s>", "Filter by exact state (requested|responded)").option("--delegation-id <uuid>", "Narrow to work-logs operating under a specific delegation id").option("--after <id>", "Cursor: pass the previous page's last `id` to fetch the next page").option("--limit <n>", "Max rows to return (1..100)", "20").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option(
     "--verbose",
@@ -8599,14 +8619,14 @@ async function runWorkList(relationshipId, opts) {
       "work-list: --verbose and --json are mutually exclusive. --json already emits the full payload; --verbose adds the framed dump on top of the human summary."
     );
   }
-  const limit = parseLimit7(opts.limit);
+  const limit = parseLimit8(opts.limit);
   const state = parseState3(opts.state);
   const api = new ArpApiClient(opts.server);
   const sender = resolveSenderAgent("work-list", opts.server, opts.fromDid, opts.from);
   if (!opts.json) {
-    console.log(import_chalk39.default.dim(`Server: ${api.serverUrl}`));
-    console.log(import_chalk39.default.dim(`Signer: ${sender.did}`));
-    console.log(import_chalk39.default.dim(`Relationship: ${relationshipId}`));
+    console.log(import_chalk40.default.dim(`Server: ${api.serverUrl}`));
+    console.log(import_chalk40.default.dim(`Signer: ${sender.did}`));
+    console.log(import_chalk40.default.dim(`Relationship: ${relationshipId}`));
   }
   const query = { limit };
   if (state) query.state = state;
@@ -8619,7 +8639,7 @@ async function runWorkList(relationshipId, opts) {
     return;
   }
   if (rows.length === 0) {
-    console.log(import_chalk39.default.dim("\n(no work-logs for this relationship)"));
+    console.log(import_chalk40.default.dim("\n(no work-logs for this relationship)"));
     return;
   }
   console.log("");
@@ -8636,36 +8656,36 @@ async function runWorkList(relationshipId, opts) {
     }));
   }
   const lastId = rows[rows.length - 1].id;
-  console.log(import_chalk39.default.dim(`
+  console.log(import_chalk40.default.dim(`
 ${rows.length} work-log row(s). Paginate with --after ${lastId}.`));
 }
 function formatWorkLogLine(w, selfDid, opts = {}) {
   const delegationPart = opts.fullIds ? w.delegationId : idHead3(w.delegationId);
   const requestPart = opts.fullIds ? w.requestId : truncate3(w.requestId, 16);
-  const id = import_chalk39.default.bold(`${delegationPart}/${requestPart}`);
+  const id = import_chalk40.default.bold(`${delegationPart}/${requestPart}`);
   const state = colorState2(w.state).padEnd(stateColumnWidth2());
   const peerCallerHead = opts.fullIds ? w.callerDid : didHead5(w.callerDid);
   const peerPayeeHead = opts.fullIds ? w.payeeDid : didHead5(w.payeeDid);
-  const direction = w.callerDid === selfDid ? `${import_chalk39.default.bold("me")} \u2192 ${import_chalk39.default.dim(peerPayeeHead)}` : `${import_chalk39.default.dim(peerCallerHead)} \u2192 ${import_chalk39.default.bold("me")}`;
+  const direction = w.callerDid === selfDid ? `${import_chalk40.default.bold("me")} \u2192 ${import_chalk40.default.dim(peerPayeeHead)}` : `${import_chalk40.default.dim(peerCallerHead)} \u2192 ${import_chalk40.default.bold("me")}`;
   const outcome = formatOutcome(w);
   return `${id}  ${state}  ${direction}  ${outcome}`;
 }
 function colorState2(s) {
   switch (s) {
-    case import_sdk32.WorkLogStates.REQUESTED:
-      return import_chalk39.default.yellow("requested");
-    case import_sdk32.WorkLogStates.RESPONDED:
-      return import_chalk39.default.green("responded");
+    case import_sdk33.WorkLogStates.REQUESTED:
+      return import_chalk40.default.yellow("requested");
+    case import_sdk33.WorkLogStates.RESPONDED:
+      return import_chalk40.default.green("responded");
   }
 }
 function stateColumnWidth2() {
   return 9;
 }
 function formatOutcome(w) {
-  if (w.state === import_sdk32.WorkLogStates.REQUESTED) return import_chalk39.default.dim("(in flight)");
-  if (w.responseError) return import_chalk39.default.red(`error ${w.responseError.code}: ${truncate3(w.responseError.message, 32)}`);
-  if (w.responseOutput) return import_chalk39.default.cyan("ok");
-  return import_chalk39.default.dim("(empty response)");
+  if (w.state === import_sdk33.WorkLogStates.REQUESTED) return import_chalk40.default.dim("(in flight)");
+  if (w.responseError) return import_chalk40.default.red(`error ${w.responseError.code}: ${truncate3(w.responseError.message, 32)}`);
+  if (w.responseOutput) return import_chalk40.default.cyan("ok");
+  return import_chalk40.default.dim("(empty response)");
 }
 function idHead3(id) {
   if (id.length <= 12) return id;
@@ -8686,7 +8706,7 @@ function parseState3(raw) {
   }
   return raw;
 }
-function parseLimit7(raw) {
+function parseLimit8(raw) {
   if (raw === void 0) return 20;
   const n = Number(raw);
   if (!Number.isFinite(n) || !Number.isInteger(n) || n < 1 || n > 100) {
@@ -8863,6 +8883,7 @@ async function main() {
   registerEnvelopeCommand(program);
   registerDelegationCommands(program);
   registerDelegationsCommand(program);
+  registerTasksCommand(program);
   registerWorkCommands(program);
   registerWorkListCommand(program);
   registerReceiptCommands(program);
@@ -8870,7 +8891,7 @@ async function main() {
   registerReputationCommand(program);
   registerStatsCommand(program);
   registerWalletCommands(program);
-  (0, import_shield3.installMiddleware)(program);
+  (0, import_shield4.installMiddleware)(program);
   try {
     await program.parseAsync(process.argv);
   } catch (err) {