@mandate.md/cli 0.1.0

package/src/commands/transfer.ts

@@ -0,0 +1,111 @@
+import { z } from 'incur';
+import { encodeFunctionData, parseAbi } from 'viem';
+import { computeIntentHash } from '@mandate.md/sdk';
+import { PolicyBlockedError, RiskBlockedError, ApprovalRequiredError } from '@mandate.md/sdk';
+import type { CommandDef } from './types.js';
+
+const erc20Abi = parseAbi(['function transfer(address to, uint256 amount) returns (bool)']);
+
+export const transferCommand: CommandDef = {
+  description: 'ERC20 transfer with automatic calldata encoding and validation',
+  options: z.object({
+    to: z.string().describe('Recipient address (0x...)'),
+    amount: z.string().describe('Amount in raw token units'),
+    token: z.string().describe('ERC20 token contract address (0x...)'),
+    reason: z.string().describe('Why this transfer is being sent'),
+    chainId: z.number().optional().describe('Chain ID (default from credentials)'),
+    nonce: z.number().describe('Transaction nonce'),
+    gasLimit: z.string().optional().describe('Gas limit (default: 65000)'),
+    maxFeePerGas: z.string().describe('Max fee per gas (wei)'),
+    maxPriorityFeePerGas: z.string().describe('Max priority fee per gas (wei)'),
+  }),
+  examples: [
+    {
+      options: {
+        to: '0xAlice',
+        amount: '10000000',
+        token: '0x036CbD53842c5426634e7929541eC2318f3dCF7e',
+        reason: 'Invoice #127',
+        nonce: 42,
+        maxFeePerGas: '1000000000',
+        maxPriorityFeePerGas: '1000000000',
+      },
+      description: 'Transfer 10 USDC',
+    },
+  ],
+  async run(c: any) {
+    const client = c.var.client;
+    const creds = c.var.credentials;
+    const opts = c.options;
+
+    const chainId = opts.chainId ?? creds.chainId ?? 84532;
+    const gasLimit = opts.gasLimit ?? '65000';
+
+    const calldata = encodeFunctionData({
+      abi: erc20Abi,
+      functionName: 'transfer',
+      args: [opts.to as `0x${string}`, BigInt(opts.amount)],
+    });
+
+    const intentHash = computeIntentHash({
+      chainId,
+      nonce: opts.nonce,
+      to: opts.token as `0x${string}`,
+      calldata,
+      valueWei: '0',
+      gasLimit,
+      maxFeePerGas: opts.maxFeePerGas,
+      maxPriorityFeePerGas: opts.maxPriorityFeePerGas,
+    });
+
+    try {
+      const result = await client.validate({
+        chainId,
+        nonce: opts.nonce,
+        to: opts.token as `0x${string}`,
+        calldata,
+        valueWei: '0',
+        gasLimit,
+        maxFeePerGas: opts.maxFeePerGas,
+        maxPriorityFeePerGas: opts.maxPriorityFeePerGas,
+        intentHash,
+        reason: opts.reason,
+      });
+
+      return {
+        ok: true,
+        intentId: result.intentId,
+        feedback: '\u2705 Mandate: policy check passed',
+        unsignedTx: {
+          to: opts.token,
+          calldata,
+          value: '0',
+          gasLimit,
+          maxFeePerGas: opts.maxFeePerGas,
+          maxPriorityFeePerGas: opts.maxPriorityFeePerGas,
+          nonce: opts.nonce,
+          chainId,
+        },
+        next: `Run: mandate event ${result.intentId} --tx-hash 0x...`,
+      };
+    } catch (err) {
+      if (err instanceof PolicyBlockedError || err instanceof RiskBlockedError) {
+        return {
+          error: 'POLICY_BLOCKED',
+          message: `\uD83D\uDEAB Mandate: blocked \u2014 ${err.message}`,
+          blockReason: err.blockReason,
+        };
+      }
+      if (err instanceof ApprovalRequiredError) {
+        return {
+          ok: true,
+          requiresApproval: true,
+          intentId: err.intentId,
+          feedback: '\u23F3 Mandate: approval required \u2014 waiting for owner decision',
+          next: `Run: mandate approve ${err.intentId}`,
+        };
+      }
+      throw err;
+    }
+  },
+};

package/src/commands/types.ts

@@ -0,0 +1,10 @@
+/** Shared type for command definitions to avoid circular imports */
+export type CommandDef = {
+  description: string;
+  args?: any;
+  options?: any;
+  alias?: Record<string, string>;
+  middleware?: any[];
+  examples?: any[];
+  run: (c: any) => any;
+};

package/src/commands/validate.ts

@@ -0,0 +1,101 @@
+import { z } from 'incur';
+import { computeIntentHash } from '@mandate.md/sdk';
+import { PolicyBlockedError, RiskBlockedError, ApprovalRequiredError } from '@mandate.md/sdk';
+import type { CommandDef } from './types.js';
+
+export const validateCommand: CommandDef = {
+  description: 'Policy-check a transaction (computes intentHash automatically)',
+  options: z.object({
+    to: z.string().describe('Recipient address (0x...)'),
+    calldata: z.string().optional().describe('Transaction calldata (default: 0x)'),
+    valueWei: z.string().optional().describe('Value in wei (default: 0)'),
+    nonce: z.number().describe('Transaction nonce'),
+    gasLimit: z.string().describe('Gas limit'),
+    maxFeePerGas: z.string().describe('Max fee per gas (wei)'),
+    maxPriorityFeePerGas: z.string().describe('Max priority fee per gas (wei)'),
+    chainId: z.number().optional().describe('Chain ID (default from credentials)'),
+    txType: z.number().optional().describe('Transaction type (default: 2)'),
+    accessList: z.string().optional().describe('Access list JSON string'),
+    reason: z.string().describe('Why this transaction is being sent'),
+  }),
+  examples: [
+    {
+      options: {
+        to: '0x036CbD53842c5426634e7929541eC2318f3dCF7e',
+        calldata: '0xa9059cbb000000000000000000000000',
+        nonce: 42,
+        gasLimit: '90000',
+        maxFeePerGas: '1000000000',
+        maxPriorityFeePerGas: '1000000000',
+        reason: 'Invoice #127 from Alice',
+      },
+      description: 'Validate an ERC20 transfer',
+    },
+  ],
+  async run(c: any) {
+    const client = c.var.client;
+    const creds = c.var.credentials;
+    const opts = c.options;
+
+    const chainId = opts.chainId ?? creds.chainId ?? 84532;
+    const calldata = (opts.calldata ?? '0x') as `0x${string}`;
+    const valueWei = opts.valueWei ?? '0';
+    const txType = opts.txType ?? 2;
+    const accessList = opts.accessList ? JSON.parse(opts.accessList) : [];
+
+    const intentHash = computeIntentHash({
+      chainId,
+      nonce: opts.nonce,
+      to: opts.to as `0x${string}`,
+      calldata,
+      valueWei,
+      gasLimit: opts.gasLimit,
+      maxFeePerGas: opts.maxFeePerGas,
+      maxPriorityFeePerGas: opts.maxPriorityFeePerGas,
+      txType,
+      accessList,
+    });
+
+    try {
+      const result = await client.validate({
+        chainId,
+        nonce: opts.nonce,
+        to: opts.to as `0x${string}`,
+        calldata,
+        valueWei,
+        gasLimit: opts.gasLimit,
+        maxFeePerGas: opts.maxFeePerGas,
+        maxPriorityFeePerGas: opts.maxPriorityFeePerGas,
+        txType,
+        accessList,
+        intentHash,
+        reason: opts.reason,
+      });
+
+      return {
+        ok: true,
+        intentId: result.intentId,
+        feedback: '\u2705 Mandate: policy check passed',
+        next: `Run: mandate event ${result.intentId} --tx-hash 0x...`,
+      };
+    } catch (err) {
+      if (err instanceof PolicyBlockedError || err instanceof RiskBlockedError) {
+        return {
+          error: 'POLICY_BLOCKED',
+          message: `\uD83D\uDEAB Mandate: blocked \u2014 ${err.message}`,
+          blockReason: err.blockReason,
+        };
+      }
+      if (err instanceof ApprovalRequiredError) {
+        return {
+          ok: true,
+          requiresApproval: true,
+          intentId: err.intentId,
+          feedback: '\u23F3 Mandate: approval required \u2014 waiting for owner decision',
+          next: `Run: mandate approve ${err.intentId}`,
+        };
+      }
+      throw err;
+    }
+  },
+};

package/src/commands/whoami.ts

@@ -0,0 +1,17 @@
+import type { CommandDef } from './types.js';
+
+export const whoamiCommand: CommandDef = {
+  description: 'Verify credentials and show agent info',
+  async run(c: any) {
+    const creds = c.var.credentials;
+    const masked = creds.runtimeKey.slice(0, 14) + '...' + creds.runtimeKey.slice(-3);
+
+    return {
+      agentId: creds.agentId,
+      evmAddress: creds.evmAddress ?? 'not set',
+      chainId: creds.chainId ?? 84532,
+      keyPrefix: masked,
+      baseUrl: creds.baseUrl ?? 'https://app.mandate.md',
+    };
+  },
+};

package/src/credentials.ts

@@ -0,0 +1,48 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+
+export interface MandateCredentials {
+  runtimeKey: string;
+  agentId: string;
+  claimUrl: string;
+  evmAddress?: string;
+  chainId?: number;
+  baseUrl?: string;
+}
+
+function credentialsPath(): string {
+  return path.join(os.homedir(), '.mandate', 'credentials.json');
+}
+
+function credentialsDir(): string {
+  return path.join(os.homedir(), '.mandate');
+}
+
+export function loadCredentials(): MandateCredentials | null {
+  const p = credentialsPath();
+  if (!fs.existsSync(p)) return null;
+  try {
+    return JSON.parse(fs.readFileSync(p, 'utf-8'));
+  } catch {
+    return null;
+  }
+}
+
+export function saveCredentials(creds: MandateCredentials): void {
+  const dir = credentialsDir();
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true });
+  }
+  const p = credentialsPath();
+  fs.writeFileSync(p, JSON.stringify(creds, null, 2));
+  fs.chmodSync(p, 0o600);
+}
+
+export function updateCredentials(partial: Partial<MandateCredentials>): void {
+  const existing = loadCredentials();
+  if (!existing) {
+    throw new Error('No existing credentials. Run: mandate login');
+  }
+  saveCredentials({ ...existing, ...partial });
+}

package/src/index.ts

@@ -0,0 +1,61 @@
+import { Cli } from 'incur';
+import { cliVars } from './vars.js';
+import { requireAuth } from './middleware.js';
+import { loginCommand } from './commands/login.js';
+import { activateCommand } from './commands/activate.js';
+import { whoamiCommand } from './commands/whoami.js';
+import { validateCommand } from './commands/validate.js';
+import { transferCommand } from './commands/transfer.js';
+import { eventCommand } from './commands/event.js';
+import { statusCommand } from './commands/status.js';
+import { approveCommand } from './commands/approve.js';
+
+export type { CliVars } from './vars.js';
+
+const cli = Cli.create('mandate', {
+  version: '0.1.0',
+  description: 'Non-custodial agent wallet policy layer. Validate transactions against spend limits, allowlists, and approval workflows — without ever touching private keys.',
+  vars: cliVars,
+  sync: {
+    suggestions: [
+      'register a new agent with mandate login',
+      'validate a transaction before signing',
+      'check intent status after broadcasting',
+    ],
+  },
+})
+  .command('login', {
+    ...loginCommand,
+  })
+  .command('activate', {
+    ...activateCommand,
+    middleware: [requireAuth],
+  })
+  .command('whoami', {
+    ...whoamiCommand,
+    middleware: [requireAuth],
+  })
+  .command('validate', {
+    ...validateCommand,
+    middleware: [requireAuth],
+  })
+  .command('transfer', {
+    ...transferCommand,
+    middleware: [requireAuth],
+  })
+  .command('event', {
+    ...eventCommand,
+    middleware: [requireAuth],
+  })
+  .command('status', {
+    ...statusCommand,
+    middleware: [requireAuth],
+  })
+  .command('approve', {
+    ...approveCommand,
+    middleware: [requireAuth],
+  });
+
+cli.serve();
+
+export default cli;

package/src/middleware.ts

@@ -0,0 +1,14 @@
+import { middleware } from 'incur';
+import { MandateClient } from '@mandate.md/sdk';
+import { loadCredentials } from './credentials.js';
+import type { CliVars } from './vars.js';
+
+export const requireAuth = middleware<CliVars>((c, next) => {
+  const creds = loadCredentials();
+  if (!creds?.runtimeKey) {
+    return c.error({ code: 'NOT_AUTHENTICATED', message: 'No credentials. Run: mandate login' });
+  }
+  c.set('client', new MandateClient({ runtimeKey: creds.runtimeKey, baseUrl: creds.baseUrl }));
+  c.set('credentials', creds);
+  return next();
+});

package/src/vars.ts

@@ -0,0 +1,10 @@
+import { z } from 'incur';
+import type { MandateClient } from '@mandate.md/sdk';
+import type { MandateCredentials } from './credentials.js';
+
+export const cliVars = z.object({
+  client: z.custom<MandateClient>(),
+  credentials: z.custom<MandateCredentials>(),
+});
+
+export type CliVars = typeof cliVars;

package/tsconfig.json

@@ -0,0 +1,8 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "dist",
+    "rootDir": "src"
+  },
+  "include": ["src"]
+}

package/tsup.config.ts

@@ -0,0 +1,9 @@
+import { defineConfig } from 'tsup';
+
+export default defineConfig({
+  entry: ['src/index.ts'],
+  format: ['esm'],
+  dts: false,
+  clean: true,
+  banner: { js: '#!/usr/bin/env node' },
+});