@promus/cli 0.24.17

package/src/commands/logs.ts

@@ -0,0 +1,86 @@
+import { readFile } from 'node:fs/promises'
+import {
+  SANDBOX_PROVIDER_URL_GALILEO,
+  SandboxProviderClient,
+  agentPaths,
+} from '@promus/core'
+import { findAndLoadConfig } from '../config/load'
+import { pickDefaultAgent } from './_agents'
+import { loadOrPickOperatorSigner } from './init/operator-picker'
+import { extractExecOutput } from './init/sandbox-provision'
+
+export async function runLogs(opts: { agent?: string; tail?: number } = {}): Promise<void> {
+  // Phase 11: in sandbox mode the activity log lives in the container at
+  // /var/log/@promus/gateway.log. Tail it via toolbox exec.
+  const found = await findAndLoadConfig().catch(() => null)
+  if (
+    found?.config.deployTarget === 'sandbox' &&
+    found.config.sandbox?.id &&
+    found.config.sandbox.endpoint
+  ) {
+    const operator = await loadOrPickOperatorSigner({
+      network: found.config.network,
+      hint: found.config.operator,
+    })
+    if (!operator) {
+      console.log('No operator wallet available; cannot authenticate to provider.')
+      process.exit(1)
+    }
+    const operatorAccount = await operator.account()
+    const provider = new SandboxProviderClient({
+      endpoint: SANDBOX_PROVIDER_URL_GALILEO,
+      operator: operatorAccount,
+    })
+    const tail = opts.tail ?? 200
+    try {
+      const r = await provider.execInToolbox(found.config.sandbox.id, {
+        // Harness logs to ~/promus-logs/ inside the container (daytona user;
+        // /var/log needs root). bash -c needed because Daytona exec splits
+        // argv-style without a shell.
+        command: `bash -c 'tail -n ${tail} ~/promus-logs/@promus/gateway.log'`,
+        timeout: 60,
+      })
+      const out = extractExecOutput(r)
+      if (out) process.stdout.write(out)
+      if (r.exitCode !== 0) {
+        process.stderr.write(`\n(toolbox exit=${r.exitCode})\n`)
+      }
+    } catch (e) {
+      console.log(`harness log fetch failed: ${(e as Error).message.slice(0, 200)}`)
+    }
+    await operator.close?.()
+    return
+  }
+
+  // Local mode: read from agentPaths
+  const id = opts.agent ?? (await pickDefaultAgent())
+  if (!id) {
+    console.log('No agents found in ~/.promus/agents. Run `promus init` first.')
+    process.exit(1)
+  }
+  const path = agentPaths.agent(id).activityLog
+
+  let raw: string
+  try {
+    raw = await readFile(path, 'utf8')
+  } catch (e) {
+    if ((e as NodeJS.ErrnoException).code === 'ENOENT') {
+      console.log(`No activity log at ${path}`)
+      return
+    }
+    throw e
+  }
+
+  const lines = raw.trimEnd().split('\n').filter(Boolean)
+  const slice = opts.tail ? lines.slice(-opts.tail) : lines
+  for (const line of slice) {
+    try {
+      const entry = JSON.parse(line) as { ts: number; kind: string; data: unknown }
+      const d = new Date(entry.ts).toISOString()
+      const body = JSON.stringify(entry.data)
+      console.log(`${d}  ${entry.kind.padEnd(16)} ${body.slice(0, 200)}`)
+    } catch {
+      console.log(line)
+    }
+  }
+}

package/src/commands/migrate-keystore.ts

@@ -0,0 +1,155 @@
+import { readFile } from 'node:fs/promises'
+import { cancel, confirm, intro, isCancel, note, outro, password, spinner } from '@clack/prompts'
+import {
+  type EncryptedKeystore,
+  agentPaths,
+  decryptKey,
+  defineConfig,
+  iNFTAgentId,
+  uploadKeystore,
+} from '@promus/core'
+import { type Address, bytesToHex } from 'viem'
+import { privateKeyToAccount } from 'viem/accounts'
+import { findAndLoadConfig } from '../config/load'
+import { writeConfigTs } from '../config/render'
+import { pickOperatorSigner } from './init/operator-picker'
+
+/**
+ * One-shot upgrade for v0.5.0 users: read the legacy passphrase-encrypted
+ * keystore, decrypt it, re-encrypt under the operator wallet (Phase 6.6),
+ * upload the new ciphertext to 0G Storage, anchor the new root hash into
+ * the iNFT keystore slot, and remove the local passphrase keystore file.
+ *
+ * After running, the agent is on the v2 (sign-derived-key) path; chat /
+ * topup --compute / restore / resume all work without a passphrase.
+ */
+export async function runMigrateKeystore(): Promise<void> {
+  intro('promus migrate-keystore')
+
+  const loaded = await findAndLoadConfig()
+  if (!loaded) {
+    cancel('No promus config found. Run `promus init` (or `promus restore`) first.')
+    return
+  }
+  const { config } = loaded
+  if (!config.identity.iNFT || !config.identity.agent) {
+    cancel('Config has no iNFT or agent. Nothing to migrate.')
+    return
+  }
+
+  const network = config.network
+  const contractAddress = config.identity.iNFT.contract as Address
+  const tokenId = BigInt(config.identity.iNFT.tokenId)
+  const agentAddress = config.identity.agent as Address
+  const finalAgentId = iNFTAgentId({ contractAddress, tokenId })
+  const paths = agentPaths.agent(finalAgentId)
+
+  let v1: EncryptedKeystore
+  try {
+    const raw = await readFile(paths.keystore, 'utf8')
+    v1 = JSON.parse(raw) as EncryptedKeystore
+  } catch (e) {
+    if ((e as NodeJS.ErrnoException).code === 'ENOENT') {
+      cancel(
+        `No local keystore at ${paths.keystore}. Migration only works when v0.5.0 left a passphrase keystore on disk. If you only have the iNFT, use \`promus restore\` (it handles v1 directly).`,
+      )
+      return
+    }
+    cancel(`Failed to read existing keystore: ${(e as Error).message}`)
+    return
+  }
+  if (v1.version !== 1) {
+    cancel(
+      `Local keystore is already version ${v1.version}. Nothing to migrate. (Phase 6.6 keystores are version 2.)`,
+    )
+    return
+  }
+
+  const pass = await password({
+    message: 'Current passphrase for the agent keystore',
+    validate: v => (v && v.length >= 1 ? undefined : 'Required.'),
+  })
+  if (isCancel(pass)) {
+    cancel('Aborted.')
+    return
+  }
+
+  let agentPrivkey: `0x${string}`
+  try {
+    const bytes = decryptKey(v1, pass as string)
+    agentPrivkey = bytesToHex(bytes)
+    const derived = privateKeyToAccount(agentPrivkey).address
+    if (derived.toLowerCase() !== agentAddress.toLowerCase()) {
+      cancel(
+        `Decrypted keystore points to ${derived} but config says ${agentAddress}. Refusing to overwrite.`,
+      )
+      return
+    }
+  } catch (e) {
+    cancel(`Decrypt failed: ${(e as Error).message}. Wrong passphrase?`)
+    return
+  }
+
+  const proceed = await confirm({
+    message:
+      'About to re-encrypt to operator wallet, upload to 0G Storage, update iNFT slot, and delete the local passphrase keystore. Continue?',
+    initialValue: true,
+  })
+  if (isCancel(proceed) || !proceed) {
+    cancel('Aborted.')
+    return
+  }
+
+  const picked = await pickOperatorSigner({ network })
+  if (!picked) return
+  const { signer: operator, hint: operatorHint } = picked
+
+  const sUpload = spinner()
+  sUpload.start('Encrypting to operator wallet + uploading to 0G Storage')
+  let rootHash: string
+  try {
+    const result = await uploadKeystore({
+      network,
+      signer: operator,
+      agentAddress,
+      agentPrivkey,
+      tokenId,
+      contractAddress,
+      cachePath: paths.keystore,
+    })
+    rootHash = result.rootHash
+    sUpload.stop(`re-anchored at root ${rootHash.slice(0, 12)}…`)
+  } catch (e) {
+    sUpload.stop(`upload failed: ${(e as Error).message.slice(0, 160)}`)
+    note(
+      'Local v1 keystore is unchanged. Re-run `promus migrate-keystore` after fixing the issue.',
+      'no changes made',
+    )
+    await operator.close?.()
+    return
+  }
+
+  // Update config to record the operator hint so subsequent commands skip the picker.
+  const cfg = defineConfig({
+    ...config,
+    operator: operatorHint,
+  })
+  await writeConfigTs(loaded.path, cfg, {
+    header: '// Updated by `promus migrate-keystore`. Edit freely; type-safe.',
+  })
+
+  await operator.close?.()
+
+  outro(
+    [
+      '',
+      'Migration complete.',
+      `  agent     ${agentAddress}`,
+      `  iNFT slot updated → ${rootHash.slice(0, 12)}…`,
+      `  keystore  ${paths.keystore} (now v2 cache)`,
+      `  config    operator source persisted: ${operatorHint.source}`,
+      '',
+      'You can now use `promus` (chat) / `promus topup --compute` without a passphrase.',
+    ].join('\n'),
+  )
+}

package/src/commands/model.ts

@@ -0,0 +1,48 @@
+import { cancel, intro, outro } from '@clack/prompts'
+import { defineConfig } from '@promus/core'
+import { findAndLoadConfig } from '../config/load'
+import { writeConfigTs } from '../config/render'
+import { pickBrainModel } from './init/model-picker'
+
+/**
+ * `promus model` — re-pick the brain provider/model. Updates the persisted
+ * config so subsequent `promus` (chat) sessions use the new choice.
+ *
+ * The TUI also exposes `/model` as a slash command for in-session switching;
+ * see `chat.tsx`.
+ */
+export async function runModel(): Promise<void> {
+  intro('promus model')
+
+  const loaded = await findAndLoadConfig()
+  if (!loaded) {
+    cancel('No promus.config.ts found. Run `promus init` first.')
+    return
+  }
+  const { config } = loaded
+
+  const pick = await pickBrainModel({ network: config.network })
+  if (!pick) {
+    cancel('No model picked.')
+    return
+  }
+
+  const updated = defineConfig({
+    ...config,
+    brain: { provider: pick.provider, model: pick.model },
+  })
+  await writeConfigTs(loaded.path, updated, {
+    header: '// Updated by `promus model`. Edit freely; type-safe.',
+  })
+
+  outro(
+    [
+      '',
+      `  brain    ${pick.model ?? '?'}`,
+      `  provider ${pick.provider}`,
+      `  config   ${loaded.path}`,
+      '',
+      'Next chat session will use the new brain.',
+    ].join('\n'),
+  )
+}

package/src/commands/pairing-approve.ts

@@ -0,0 +1,114 @@
+import {
+  PAIRING_ALPHABET,
+  PAIRING_CODE_LENGTH,
+  PairingStore,
+  agentPaths,
+  iNFTAgentId,
+} from '@promus/core'
+import { getAddress } from 'viem'
+import { findAndLoadConfig } from '../config/load'
+import { SandboxClient } from '../sandbox/client'
+import { loadOrPickOperatorSigner } from './init/operator-picker'
+
+export interface RunPairingApproveOpts {
+  platform: string
+  code: string
+}
+
+export async function runPairingApprove(opts: RunPairingApproveOpts): Promise<void> {
+  const normalized = opts.code.toUpperCase().trim()
+  if (normalized.length !== PAIRING_CODE_LENGTH) {
+    console.error(
+      `Invalid pairing code: expected ${PAIRING_CODE_LENGTH} characters, got ${normalized.length}`,
+    )
+    process.exit(1)
+  }
+  for (const ch of normalized) {
+    if (!PAIRING_ALPHABET.includes(ch)) {
+      console.error(`Invalid pairing code: contains '${ch}' which is not in the pairing alphabet`)
+      process.exit(1)
+    }
+  }
+
+  const loaded = await findAndLoadConfig()
+  if (!loaded) {
+    console.error('No promus.config.ts found. Run `promus init` first.')
+    process.exit(1)
+  }
+  const { config } = loaded
+  if (!config.identity.iNFT) {
+    console.error('Config has no iNFT. Run `promus init` first.')
+    process.exit(1)
+  }
+
+  // v0.24.4: sandbox-deployed agents need their pairing dir reached over the
+  // signed admin endpoint; the local PairingStore on the host won't see codes
+  // generated by the container. Mirror the autotopup-tick / profile-key
+  // sandbox branch in admin-autotopup-tick.ts.
+  if (config.deployTarget === 'sandbox' && config.sandbox?.endpoint && config.sandbox.id) {
+    const signer = await loadOrPickOperatorSigner({
+      network: config.network,
+      hint: config.operator,
+    })
+    if (!signer) {
+      console.error('failed to load operator signer (cancelled or no key)')
+      process.exit(1)
+    }
+    const operatorAccount = await signer.account()
+    const client = new SandboxClient({
+      endpoint: config.sandbox.endpoint,
+      sandboxId: config.sandbox.id,
+      operator: operatorAccount,
+    })
+    try {
+      const result = await client.approvePairing(opts.platform, normalized)
+      if (!result.ok) {
+        if (result.reason === 'locked-out') {
+          console.error(
+            `Platform '${opts.platform}' is locked out due to repeated bad codes. Wait 1 hour and try again.`,
+          )
+          process.exit(1)
+        }
+        console.error(`Code ${normalized} not found in pending list. Maybe it expired (1h TTL).`)
+        process.exit(1)
+      }
+      console.log(
+        `✓ Approved on ${opts.platform}: id=${result.userId}${
+          result.userName ? ` (@${result.userName})` : ''
+        }`,
+      )
+      console.log('The user can now DM the bot. Their next message will be processed.')
+      return
+    } catch (e) {
+      console.error(`pairing-approve failed: ${(e as Error).message.slice(0, 240)}`)
+      process.exit(1)
+    }
+  }
+
+  // Local deploy: operate directly on the host's PairingStore (same path as
+  // the daemon process when PROMUS_FORCE_EMBEDDED or local-mode chat.tsx).
+  const inftContract = getAddress(config.identity.iNFT.contract) as `0x${string}`
+  const tokenId = BigInt(config.identity.iNFT.tokenId)
+  const agentId = iNFTAgentId({ contractAddress: inftContract, tokenId })
+  const dir = agentPaths.agent(agentId).pairingDir
+  const store = new PairingStore({ dir })
+
+  const result = store.approveCode(opts.platform, normalized)
+  if (!result) {
+    if (store.isLockedOut(opts.platform)) {
+      console.error(
+        `Platform '${opts.platform}' is locked out due to repeated bad codes. Wait 1 hour and try again.`,
+      )
+      process.exit(1)
+    }
+    console.error(`Code ${normalized} not found in pending list. Maybe it expired (1h TTL).`)
+    process.exit(1)
+  }
+
+  console.log(
+    `✓ Approved on ${opts.platform}: id=${result.userId}${
+      result.userName ? ` (@${result.userName})` : ''
+    }`,
+  )
+  console.log('The user can now DM the bot. Their next message will be processed.')
+}

package/src/commands/pairing-clear.ts

@@ -0,0 +1,42 @@
+import { confirm, isCancel } from '@clack/prompts'
+import { PairingStore, agentPaths, iNFTAgentId } from '@promus/core'
+import { getAddress } from 'viem'
+import { findAndLoadConfig } from '../config/load'
+
+export interface RunPairingClearOpts {
+  platform?: string
+  yes?: boolean
+}
+
+export async function runPairingClear(opts: RunPairingClearOpts): Promise<void> {
+  const loaded = await findAndLoadConfig()
+  if (!loaded) {
+    console.error('No promus.config.ts found. Run `promus init` first.')
+    process.exit(1)
+  }
+  const { config } = loaded
+  if (!config.identity.iNFT) {
+    console.error('Config has no iNFT. Run `promus init` first.')
+    process.exit(1)
+  }
+  const inftContract = getAddress(config.identity.iNFT.contract) as `0x${string}`
+  const tokenId = BigInt(config.identity.iNFT.tokenId)
+  const agentId = iNFTAgentId({ contractAddress: inftContract, tokenId })
+  const dir = agentPaths.agent(agentId).pairingDir
+  const store = new PairingStore({ dir })
+
+  if (!opts.yes) {
+    const target = opts.platform ? `${opts.platform} pending` : 'ALL pending pairing codes'
+    const ok = await confirm({
+      message: `Clear ${target}?`,
+      initialValue: false,
+    })
+    if (isCancel(ok) || !ok) {
+      console.log('Aborted.')
+      return
+    }
+  }
+
+  const count = store.clearPending(opts.platform)
+  console.log(`✓ Cleared ${count} pending pairing code${count === 1 ? '' : 's'}`)
+}

package/src/commands/pairing-list.ts

@@ -0,0 +1,58 @@
+import { PairingStore, agentPaths, iNFTAgentId } from '@promus/core'
+import { getAddress } from 'viem'
+import { findAndLoadConfig } from '../config/load'
+
+export interface RunPairingListOpts {
+  platform?: string
+}
+
+export async function runPairingList(opts: RunPairingListOpts): Promise<void> {
+  const store = await openPairingStore()
+  if (!store) return
+
+  const pending = store.listPending(opts.platform)
+  const approved = store.listApproved(opts.platform)
+
+  const pendingTitle = opts.platform ? `Pending (${opts.platform})` : 'Pending'
+  console.log(`\n${pendingTitle} (1h TTL):`)
+  if (pending.length === 0) {
+    console.log('  (none)')
+  } else {
+    for (const p of pending) {
+      const userLabel = p.userName ? `@${p.userName}` : '(unknown)'
+      const idLabel = `id=${p.userId}`
+      console.log(`  [${p.platform}] ${p.code}  ${userLabel} ${idLabel}  age=${p.ageMinutes}m`)
+    }
+  }
+
+  const approvedTitle = opts.platform ? `Approved (${opts.platform})` : 'Approved'
+  console.log(`\n${approvedTitle}:`)
+  if (approved.length === 0) {
+    console.log('  (none)')
+  } else {
+    for (const a of approved) {
+      const userLabel = a.userName ? `@${a.userName}` : '(unknown)'
+      const idLabel = `id=${a.userId}`
+      console.log(`  [${a.platform}] ${userLabel} ${idLabel}`)
+    }
+  }
+  console.log()
+}
+
+async function openPairingStore(): Promise<PairingStore | null> {
+  const loaded = await findAndLoadConfig()
+  if (!loaded) {
+    console.error('No promus.config.ts found. Run `promus init` first.')
+    return null
+  }
+  const { config } = loaded
+  if (!config.identity.iNFT) {
+    console.error('Config has no iNFT. Run `promus init` first.')
+    return null
+  }
+  const inftContract = getAddress(config.identity.iNFT.contract) as `0x${string}`
+  const tokenId = BigInt(config.identity.iNFT.tokenId)
+  const agentId = iNFTAgentId({ contractAddress: inftContract, tokenId })
+  const dir = agentPaths.agent(agentId).pairingDir
+  return new PairingStore({ dir })
+}

package/src/commands/pairing-revoke.ts

@@ -0,0 +1,52 @@
+import { confirm, isCancel } from '@clack/prompts'
+import { PairingStore, agentPaths, iNFTAgentId } from '@promus/core'
+import { getAddress } from 'viem'
+import { findAndLoadConfig } from '../config/load'
+
+export interface RunPairingRevokeOpts {
+  platform: string
+  userId: string
+  yes?: boolean
+}
+
+export async function runPairingRevoke(opts: RunPairingRevokeOpts): Promise<void> {
+  const loaded = await findAndLoadConfig()
+  if (!loaded) {
+    console.error('No promus.config.ts found. Run `promus init` first.')
+    process.exit(1)
+  }
+  const { config } = loaded
+  if (!config.identity.iNFT) {
+    console.error('Config has no iNFT. Run `promus init` first.')
+    process.exit(1)
+  }
+  const inftContract = getAddress(config.identity.iNFT.contract) as `0x${string}`
+  const tokenId = BigInt(config.identity.iNFT.tokenId)
+  const agentId = iNFTAgentId({ contractAddress: inftContract, tokenId })
+  const dir = agentPaths.agent(agentId).pairingDir
+  const store = new PairingStore({ dir })
+
+  if (!store.isApproved(opts.platform, opts.userId)) {
+    console.error(`User ${opts.userId} is not on the ${opts.platform} approved list.`)
+    process.exit(1)
+  }
+
+  if (!opts.yes) {
+    const ok = await confirm({
+      message: `Revoke ${opts.platform} access for user id ${opts.userId}?`,
+      initialValue: false,
+    })
+    if (isCancel(ok) || !ok) {
+      console.log('Aborted.')
+      return
+    }
+  }
+
+  const removed = store.revoke(opts.platform, opts.userId)
+  if (removed) {
+    console.log(`✓ Revoked: ${opts.platform} id=${opts.userId}`)
+  } else {
+    console.error('Revoke failed (concurrent removal?)')
+    process.exit(1)
+  }
+}

package/src/commands/pairing.test.ts

@@ -0,0 +1,88 @@
+import { describe, expect, it } from 'bun:test'
+import { parsePairingArgs } from './pairing'
+
+describe('parsePairingArgs', () => {
+  it('errors on no args', () => {
+    const r = parsePairingArgs([])
+    expect('error' in r).toBe(true)
+  })
+
+  it('errors on unknown subcommand', () => {
+    const r = parsePairingArgs(['quack'])
+    expect('error' in r).toBe(true)
+  })
+
+  it('parses `list`', () => {
+    const r = parsePairingArgs(['list']) as Exclude<
+      ReturnType<typeof parsePairingArgs>,
+      { error: string }
+    >
+    expect(r.sub).toBe('list')
+  })
+
+  it('parses `list telegram` with platform filter', () => {
+    const r = parsePairingArgs(['list', 'telegram']) as Exclude<
+      ReturnType<typeof parsePairingArgs>,
+      { error: string }
+    >
+    expect(r.sub).toBe('list')
+    expect(r.platform).toBe('telegram')
+  })
+
+  it('parses `approve telegram ABCDEFGH`', () => {
+    const r = parsePairingArgs(['approve', 'telegram', 'ABCDEFGH']) as Exclude<
+      ReturnType<typeof parsePairingArgs>,
+      { error: string }
+    >
+    expect(r.sub).toBe('approve')
+    expect(r.platform).toBe('telegram')
+    expect(r.code).toBe('ABCDEFGH')
+  })
+
+  it('errors on `approve` without arguments', () => {
+    const r = parsePairingArgs(['approve'])
+    expect('error' in r).toBe(true)
+  })
+
+  it('errors on `approve telegram` without code', () => {
+    const r = parsePairingArgs(['approve', 'telegram'])
+    expect('error' in r).toBe(true)
+  })
+
+  it('parses `revoke telegram 12345`', () => {
+    const r = parsePairingArgs(['revoke', 'telegram', '12345']) as Exclude<
+      ReturnType<typeof parsePairingArgs>,
+      { error: string }
+    >
+    expect(r.sub).toBe('revoke')
+    expect(r.platform).toBe('telegram')
+    expect(r.userId).toBe('12345')
+  })
+
+  it('parses `clear-pending` and `clear-pending telegram`', () => {
+    const a = parsePairingArgs(['clear-pending']) as Exclude<
+      ReturnType<typeof parsePairingArgs>,
+      { error: string }
+    >
+    expect(a.sub).toBe('clear-pending')
+    expect(a.platform).toBeUndefined()
+    const b = parsePairingArgs(['clear-pending', 'telegram']) as Exclude<
+      ReturnType<typeof parsePairingArgs>,
+      { error: string }
+    >
+    expect(b.platform).toBe('telegram')
+  })
+
+  it('extracts --yes / -y flag', () => {
+    const r = parsePairingArgs(['revoke', 'telegram', '12345', '--yes']) as Exclude<
+      ReturnType<typeof parsePairingArgs>,
+      { error: string }
+    >
+    expect(r.yes).toBe(true)
+    const s = parsePairingArgs(['clear-pending', '-y']) as Exclude<
+      ReturnType<typeof parsePairingArgs>,
+      { error: string }
+    >
+    expect(s.yes).toBe(true)
+  })
+})