@keeperhub/wallet 0.1.2 → 0.1.3

package/dist/index.d.ts

@@ -37,49 +37,6 @@ declare class WalletConfigMissingError extends Error {
     constructor();
 }
 
-type ClientOptions = {
-    /** Defaults to process.env.KEEPERHUB_API_URL ?? "https://app.keeperhub.com" */
-    baseUrl?: string;
-    /** Injected for tests; defaults to global fetch */
-    fetch?: typeof fetch;
-};
-/**
- * 202 ask-tier envelope returned by /sign and /approval-request when the
- * risk classifier routes a request to the ask queue. Callers poll
- * `/api/agentic-wallet/approval-request/:id` until status !== "pending".
- */
-type AskTierResponse = {
-    _status: 202;
-    approvalRequestId: string;
-};
-/**
- * HMAC-signed HTTP client for the KeeperHub agentic-wallet API surface.
- * Every request to /api/agentic-wallet/* (except /provision, which uses
- * the session cookie) flows through this class.
- *
- * @security No logging of headers, body, or response bodies. Any stdout
- *   emitter (the global console object or util.inspect) added to this
- *   file is a T-34-08 violation (grep-enforced in CI).
- */
-declare class KeeperHubClient {
-    private readonly baseUrl;
-    private readonly fetchImpl;
-    private readonly wallet;
-    constructor(wallet: WalletConfig, opts?: ClientOptions);
-    /**
-     * HMAC-signed POST/GET to any /api/agentic-wallet/* route except
-     * /provision. Path MUST start with a leading slash. Body is
-     * JSON.stringify'd (or the empty string for GET).
-     *
-     * Error mapping: non-2xx/non-202 surface as `KeeperHubError(code,
-     * message)` where `code` is the server-supplied field or the default
-     * taxonomy (`HMAC_INVALID`, `POLICY_BLOCKED`, `NOT_FOUND`,
-     * `TURNKEY_UPSTREAM`, `HTTP_<status>`). 202 ask-tier surfaces as an
-     * AskTierResponse envelope.
-     */
-    request<T>(method: "GET" | "POST", path: string, body?: unknown): Promise<T | AskTierResponse>;
-}
-
 type BalanceSnapshot = {
     base: {
         chain: "base";
@@ -93,23 +50,16 @@ type BalanceSnapshot = {
         amount: string;
         address: `0x${string}`;
     };
-    offChainCredit: {
-        amount: string;
-        currency: "USD";
-    };
 };
 type CheckBalanceOptions = {
     /** Injectable viem client for Base (tests mock readContract). */
     baseClient?: PublicClient;
     /** Injectable viem client for Tempo (tests mock readContract). */
     tempoClient?: PublicClient;
-    /** Injectable KeeperHubClient (tests inject a mocked fetch). */
-    khClient?: KeeperHubClient;
 };
 /**
- * Read the wallet's balance across Base + Tempo + off-chain KeeperHub credit
- * in parallel. All three legs must resolve; any single failure rejects the
- * Promise.
+ * Read the wallet's on-chain balance across Base + Tempo in parallel. Both
+ * legs must resolve; any single failure rejects the Promise.
  *
  * Amounts are formatted as decimal strings (6-decimal USDC precision) so the
  * caller can render them without BigInt math.
@@ -168,6 +118,49 @@ declare const BASE_USDC: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913";
 /** Bridged USDC (USDC.e) on Tempo mainnet. NOT the same contract as BASE_USDC. */
 declare const TEMPO_USDC_E: "0x20c000000000000000000000b9537d11c60e8b50";
 
+type ClientOptions = {
+    /** Defaults to process.env.KEEPERHUB_API_URL ?? "https://app.keeperhub.com" */
+    baseUrl?: string;
+    /** Injected for tests; defaults to global fetch */
+    fetch?: typeof fetch;
+};
+/**
+ * 202 ask-tier envelope returned by /sign and /approval-request when the
+ * risk classifier routes a request to the ask queue. Callers poll
+ * `/api/agentic-wallet/approval-request/:id` until status !== "pending".
+ */
+type AskTierResponse = {
+    _status: 202;
+    approvalRequestId: string;
+};
+/**
+ * HMAC-signed HTTP client for the KeeperHub agentic-wallet API surface.
+ * Every request to /api/agentic-wallet/* (except /provision, which uses
+ * the session cookie) flows through this class.
+ *
+ * @security No logging of headers, body, or response bodies. Any stdout
+ *   emitter (the global console object or util.inspect) added to this
+ *   file is a T-34-08 violation (grep-enforced in CI).
+ */
+declare class KeeperHubClient {
+    private readonly baseUrl;
+    private readonly fetchImpl;
+    private readonly wallet;
+    constructor(wallet: WalletConfig, opts?: ClientOptions);
+    /**
+     * HMAC-signed POST/GET to any /api/agentic-wallet/* route except
+     * /provision. Path MUST start with a leading slash. Body is
+     * JSON.stringify'd (or the empty string for GET).
+     *
+     * Error mapping: non-2xx/non-202 surface as `KeeperHubError(code,
+     * message)` where `code` is the server-supplied field or the default
+     * taxonomy (`HMAC_INVALID`, `POLICY_BLOCKED`, `NOT_FOUND`,
+     * `TURNKEY_UPSTREAM`, `HTTP_<status>`). 202 ask-tier surfaces as an
+     * AskTierResponse envelope.
+     */
+    request<T>(method: "GET" | "POST", path: string, body?: unknown): Promise<T | AskTierResponse>;
+}
+
 type FundInstructions = {
     /** Coinbase Onramp deeplink (legacy query-param form). */
     coinbaseOnrampUrl: string;

package/dist/index.js

@@ -79,124 +79,6 @@ var tempo = defineChain({
 var BASE_USDC = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913";
 var TEMPO_USDC_E = "0x20c000000000000000000000b9537d11c60e8b50";
 
-// src/hmac.ts
-import { createHash, createHmac } from "crypto";
-function computeSignature(secret, method, path, subOrgId, body, timestamp) {
-  const bodyDigest = createHash("sha256").update(body).digest("hex");
-  const signingString = `${method}
-${path}
-${subOrgId}
-${bodyDigest}
-${timestamp}`;
-  return createHmac("sha256", secret).update(signingString).digest("hex");
-}
-function buildHmacHeaders(secret, method, path, subOrgId, body) {
-  const timestamp = String(Math.floor(Date.now() / 1e3));
-  const signature = computeSignature(
-    secret,
-    method,
-    path,
-    subOrgId,
-    body,
-    timestamp
-  );
-  return {
-    "X-KH-Sub-Org": subOrgId,
-    "X-KH-Timestamp": timestamp,
-    "X-KH-Signature": signature
-  };
-}
-
-// src/types.ts
-var KeeperHubError = class extends Error {
-  code;
-  constructor(code, message) {
-    super(message);
-    this.name = "KeeperHubError";
-    this.code = code;
-  }
-};
-var WalletConfigMissingError = class extends Error {
-  constructor() {
-    super(
-      "Wallet config not found at ~/.keeperhub/wallet.json. Run `npx @keeperhub/wallet add` to provision."
-    );
-    this.name = "WalletConfigMissingError";
-  }
-};
-
-// src/client.ts
-var TRAILING_SLASH = /\/$/;
-function defaultCodeForStatus(status) {
-  if (status === 401) {
-    return "HMAC_INVALID";
-  }
-  if (status === 403) {
-    return "POLICY_BLOCKED";
-  }
-  if (status === 404) {
-    return "NOT_FOUND";
-  }
-  if (status === 502) {
-    return "TURNKEY_UPSTREAM";
-  }
-  return `HTTP_${status}`;
-}
-var KeeperHubClient = class {
-  baseUrl;
-  fetchImpl;
-  wallet;
-  constructor(wallet, opts = {}) {
-    this.wallet = wallet;
-    const envBase = process.env.KEEPERHUB_API_URL;
-    this.baseUrl = (opts.baseUrl ?? envBase ?? "https://app.keeperhub.com").replace(TRAILING_SLASH, "");
-    this.fetchImpl = opts.fetch ?? globalThis.fetch;
-  }
-  /**
-   * HMAC-signed POST/GET to any /api/agentic-wallet/* route except
-   * /provision. Path MUST start with a leading slash. Body is
-   * JSON.stringify'd (or the empty string for GET).
-   *
-   * Error mapping: non-2xx/non-202 surface as `KeeperHubError(code,
-   * message)` where `code` is the server-supplied field or the default
-   * taxonomy (`HMAC_INVALID`, `POLICY_BLOCKED`, `NOT_FOUND`,
-   * `TURNKEY_UPSTREAM`, `HTTP_<status>`). 202 ask-tier surfaces as an
-   * AskTierResponse envelope.
-   */
-  async request(method, path, body) {
-    const bodyStr = body === void 0 ? "" : JSON.stringify(body);
-    const hmacHeaders = buildHmacHeaders(
-      this.wallet.hmacSecret,
-      method,
-      path,
-      this.wallet.subOrgId,
-      bodyStr
-    );
-    const headers = method === "POST" ? { ...hmacHeaders, "content-type": "application/json" } : { ...hmacHeaders };
-    const response = await this.fetchImpl(`${this.baseUrl}${path}`, {
-      method,
-      headers,
-      body: method === "POST" ? bodyStr : void 0
-    });
-    if (response.status === 202) {
-      const data = await response.json();
-      return { _status: 202, approvalRequestId: data.approvalRequestId };
-    }
-    if (!response.ok) {
-      let code = "UNKNOWN";
-      let message = `HTTP ${response.status}`;
-      try {
-        const data = await response.json();
-        code = data.code ?? defaultCodeForStatus(response.status);
-        message = data.error ?? message;
-      } catch {
-      }
-      throw new KeeperHubError(code, message);
-    }
-    return await response.json();
-  }
-};
-
 // src/balance.ts
 var USDC_DECIMALS = 6;
 async function checkBalance(wallet, opts = {}) {
@@ -208,8 +90,7 @@ async function checkBalance(wallet, opts = {}) {
     chain: tempo,
     transport: http()
   });
-  const khClient = opts.khClient ?? new KeeperHubClient(wallet);
-  const [baseRaw, tempoRaw, credit] = await Promise.all([
+  const [baseRaw, tempoRaw] = await Promise.all([
     baseClient.readContract({
       address: BASE_USDC,
       abi: erc20Abi,
@@ -221,12 +102,8 @@ async function checkBalance(wallet, opts = {}) {
       abi: erc20Abi,
       functionName: "balanceOf",
       args: [wallet.walletAddress]
-    }),
-    khClient.request("GET", "/api/agentic-wallet/credit")
+    })
   ]);
-  if ("_status" in credit) {
-    throw new Error("Unexpected 202 response from /api/agentic-wallet/credit");
-  }
   return {
     base: {
       chain: "base",
@@ -239,10 +116,6 @@ async function checkBalance(wallet, opts = {}) {
       token: "USDC.e",
       amount: formatUnits(tempoRaw, USDC_DECIMALS),
       address: wallet.walletAddress
-    },
-    offChainCredit: {
-      amount: credit.amount,
-      currency: "USD"
     }
   };
 }
@@ -273,6 +146,34 @@ function fund(walletAddress) {
   };
 }
 
+// src/hmac.ts
+import { createHash, createHmac } from "crypto";
+function computeSignature(secret, method, path, subOrgId, body, timestamp) {
+  const bodyDigest = createHash("sha256").update(body).digest("hex");
+  const signingString = `${method}
+${path}
+${subOrgId}
+${bodyDigest}
+${timestamp}`;
+  return createHmac("sha256", secret).update(signingString).digest("hex");
+}
+function buildHmacHeaders(secret, method, path, subOrgId, body) {
+  const timestamp = String(Math.floor(Date.now() / 1e3));
+  const signature = computeSignature(
+    secret,
+    method,
+    path,
+    subOrgId,
+    body,
+    timestamp
+  );
+  return {
+    "X-KH-Sub-Org": subOrgId,
+    "X-KH-Timestamp": timestamp,
+    "X-KH-Signature": signature
+  };
+}
+
 // src/skill-install.ts
 import { chmod, copyFile, mkdir, readFile, writeFile } from "fs/promises";
 import { dirname as dirname2, join as join2 } from "path";
@@ -372,6 +273,26 @@ async function installSkill(options = {}) {
 import { chmod as chmod2, mkdir as mkdir2, readFile as readFile2, writeFile as writeFile2 } from "fs/promises";
 import { homedir as homedir2 } from "os";
 import { dirname as dirname3, join as join3 } from "path";
+
+// src/types.ts
+var KeeperHubError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.name = "KeeperHubError";
+    this.code = code;
+  }
+};
+var WalletConfigMissingError = class extends Error {
+  constructor() {
+    super(
+      "Wallet config not found at ~/.keeperhub/wallet.json. Run `npx @keeperhub/wallet add` to provision."
+    );
+    this.name = "WalletConfigMissingError";
+  }
+};
+
+// src/storage.ts
 async function readWalletConfig() {
   const walletPath = join3(homedir2(), ".keeperhub", "wallet.json");
   let raw;
@@ -400,11 +321,11 @@ function getWalletConfigPath() {
 }
 
 // src/cli.ts
-var TRAILING_SLASH2 = /\/$/;
+var TRAILING_SLASH = /\/$/;
 var WALLET_ADDRESS_PATTERN = /^0x[a-fA-F0-9]{40}$/;
 function resolveBaseUrl(override) {
   const candidate = override ?? process.env.KEEPERHUB_API_URL ?? "https://app.keeperhub.com";
-  return candidate.replace(TRAILING_SLASH2, "");
+  return candidate.replace(TRAILING_SLASH, "");
 }
 function isNonEmptyString(value) {
   return typeof value === "string" && value.length > 0;
@@ -518,14 +439,10 @@ async function cmdFund() {
 async function cmdBalance() {
   const wallet = await readWalletConfig();
   const snap = await checkBalance(wallet);
-  process.stdout.write(`Base USDC:         ${snap.base.amount}
+  process.stdout.write(`Base USDC:    ${snap.base.amount}
 `);
-  process.stdout.write(`Tempo USDC.e:      ${snap.tempo.amount}
+  process.stdout.write(`Tempo USDC.e: ${snap.tempo.amount}
 `);
-  process.stdout.write(
-    `KeeperHub credit:  ${snap.offChainCredit.amount} ${snap.offChainCredit.currency}
-`
-  );
 }
 async function cmdInfo() {
   const wallet = await readWalletConfig();
@@ -538,7 +455,7 @@ async function runCli(argv = process.argv) {
   const program = new Command();
   program.name("keeperhub-wallet").description(
     "KeeperHub agentic wallet CLI (auto-pay x402 + MPP 402 responses)"
-  ).version("0.1.0");
+  ).version("0.1.3");
   program.command("add").description("Provision a new agentic wallet (no account required)").option("--base-url <url>", "KeeperHub API base URL").action(async (opts) => {
     await cmdAdd(opts);
   });
@@ -552,9 +469,7 @@ async function runCli(argv = process.argv) {
   ).action(async () => {
     await cmdFund();
   });
-  program.command("balance").description(
-    "Print unified balance: Base USDC + Tempo USDC.e + off-chain KeeperHub credit"
-  ).action(async () => {
+  program.command("balance").description("Print on-chain balance: Base USDC + Tempo USDC.e").action(async () => {
     await cmdBalance();
   });
   program.command("info").description("Print subOrgId and walletAddress from local config").action(async () => {
@@ -609,6 +524,78 @@ async function runCli(argv = process.argv) {
   }
 }
 
+// src/client.ts
+var TRAILING_SLASH2 = /\/$/;
+function defaultCodeForStatus(status) {
+  if (status === 401) {
+    return "HMAC_INVALID";
+  }
+  if (status === 403) {
+    return "POLICY_BLOCKED";
+  }
+  if (status === 404) {
+    return "NOT_FOUND";
+  }
+  if (status === 502) {
+    return "TURNKEY_UPSTREAM";
+  }
+  return `HTTP_${status}`;
+}
+var KeeperHubClient = class {
+  baseUrl;
+  fetchImpl;
+  wallet;
+  constructor(wallet, opts = {}) {
+    this.wallet = wallet;
+    const envBase = process.env.KEEPERHUB_API_URL;
+    this.baseUrl = (opts.baseUrl ?? envBase ?? "https://app.keeperhub.com").replace(TRAILING_SLASH2, "");
+    this.fetchImpl = opts.fetch ?? globalThis.fetch;
+  }
+  /**
+   * HMAC-signed POST/GET to any /api/agentic-wallet/* route except
+   * /provision. Path MUST start with a leading slash. Body is
+   * JSON.stringify'd (or the empty string for GET).
+   *
+   * Error mapping: non-2xx/non-202 surface as `KeeperHubError(code,
+   * message)` where `code` is the server-supplied field or the default
+   * taxonomy (`HMAC_INVALID`, `POLICY_BLOCKED`, `NOT_FOUND`,
+   * `TURNKEY_UPSTREAM`, `HTTP_<status>`). 202 ask-tier surfaces as an
+   * AskTierResponse envelope.
+   */
+  async request(method, path, body) {
+    const bodyStr = body === void 0 ? "" : JSON.stringify(body);
+    const hmacHeaders = buildHmacHeaders(
+      this.wallet.hmacSecret,
+      method,
+      path,
+      this.wallet.subOrgId,
+      bodyStr
+    );
+    const headers = method === "POST" ? { ...hmacHeaders, "content-type": "application/json" } : { ...hmacHeaders };
+    const response = await this.fetchImpl(`${this.baseUrl}${path}`, {
+      method,
+      headers,
+      body: method === "POST" ? bodyStr : void 0
+    });
+    if (response.status === 202) {
+      const data = await response.json();
+      return { _status: 202, approvalRequestId: data.approvalRequestId };
+    }
+    if (!response.ok) {
+      let code = "UNKNOWN";
+      let message = `HTTP ${response.status}`;
+      try {
+        const data = await response.json();
+        code = data.code ?? defaultCodeForStatus(response.status);
+        message = data.error ?? message;
+      } catch {
+      }
+      throw new KeeperHubError(code, message);
+    }
+    return await response.json();
+  }
+};
+
 // src/safety-config.ts
 import { chmod as chmod3, mkdir as mkdir3, readFile as readFile3, writeFile as writeFile3 } from "fs/promises";
 import { homedir as homedir3 } from "os";