@sage-protocol/cli 0.3.9 → 0.4.0

package/dist/cli/claude-desktop-config.json

@@ -7,7 +7,7 @@
         "RPC_URL": "https://sepolia.base.org",
         "LIBRARY_REGISTRY_ADDRESS": "0x032F2E93549640a319163Ba600fc50bA1AFBE50F",
         "SUBDAO_FACTORY_ADDRESS": "0x6bb6A83149F84Df0584aC863e5fE3416AFb214aC",
-        "SUBGRAPH_URL": "https://api.goldsky.com/api/public/project_cmhxp0fppsbdd01q56xp2gqw9/subgraphs/sxxx-protocol/1.0.0/gn",
+        "SUBGRAPH_URL": "https://api.goldsky.com/api/public/project_cmhxp0fppsbdd01q56xp2gqw9/subgraphs/sxxx-protocol/1.0.1/gn",
         "PINATA_JWT": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySW5mb3JtYXRpb24iOnsiaWQiOiI4ODE2MWM1Ni05NTYzLTQyNTUtYTU4Ni0xMzBiMTUyMWIxNmIiLCJlbWFpbCI6InRlcnJlbmV0d2VsbHM0N0BnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwicGluX3BvbGljeSI6eyJyZWdpb25zIjpbeyJkZXNpcmVkUmVwbGljYXRpb25Db3VudCI6MSwiaWQiOiJGUkExIn0seyJkZXNpcmVkUmVwbGljYXRpb25Db3VudCI6MSwiaWQiOiJOWUMxIn1dLCJ2ZXJzaW9uIjoxfSwibWZhX2VuYWJsZWQiOmZhbHNlLCJzdGF0dXMiOiJBQ1RJVkUifSwiYXV0aGVudGljYXRpb25UeXBlIjoic2NvcGVkS2V5Iiwic2NvcGVkS2V5S2V5IjoiMDRjZWY4NzE5OTg1ODE1M2U5Y2IiLCJzY29wZWRLZXlTZWNyZXQiOiJmNDFjMDVhZTNjN2EzMTliOTAxZjhiNGI3YjMxMDljMThmNjgyZmRkZGY3OGU1ZmZkZjQ4MTM4OTQ0OWUyOGVjIiwiZXhwIjoxNzk1NTMzNTA4fQ.tQKFU7aZ3EKb7RkB99QTaWVduaaKaKjEa1nk43aeSlo"
       }
     }

package/dist/cli/commands/personal.js

@@ -2,11 +2,13 @@ const fs = require('fs');
 const path = require('path');
 const axios = require('axios');
 const { getAddress, id, parseUnits, formatUnits, Contract, MaxUint256 } = require('ethers');
+const { decryptAesGcm, fromB64 } = require('../utils/aes');
 const sdk = require('@sage-protocol/sdk');
 const { formatJson } = require('../utils/format');
 const { getProvider, getWallet } = require('../utils/provider');
 const { loadAbi } = require('../utils/abi-loader');
 const { buildAccessControlConditions, receiptIdToHex } = require('../utils/personal-helpers');
+const { buildNodeAuthSig } = require('../utils/lit');
 const ConfigManager = require('../config');
 
 if (ConfigManager && typeof ConfigManager.loadEnv === 'function') {
@@ -114,7 +116,7 @@ async function createAction(opts) {
     try { return contract.interface.parseLog(l); } catch (_) { return null; }
   }).find(Boolean);
   const out = {
-    txHash: receipt.transactionHash,
+    txHash: receipt.hash,
     registry: evt && evt.args ? evt.args.registry : undefined,
     policy,
   };
@@ -140,7 +142,7 @@ async function setPriceAction(key, price, opts) {
     key,
     price,
     priceWei: priceWei.toString(),
-    txHash: receipt.transactionHash,
+    txHash: receipt.hash,
   };
   if (opts && opts.json) {
     console.log(JSON.stringify(result, null, 2));
@@ -172,7 +174,7 @@ async function sellAction(key, price, opts = {}) {
     const tx = await facet.createPersonalRegistry(policy);
     const rcpt = await tx.wait();
     if (!opts.json) {
-      console.log(`📚 Personal registry created (policy=${policy}) -> tx ${rcpt.transactionHash}`);
+      console.log(`📚 Personal registry created (policy=${policy}) -> tx ${rcpt.hash}`);
     }
   }
 
@@ -244,10 +246,12 @@ async function sellAction(key, price, opts = {}) {
       throw new Error('Lit encryption helpers not available. Ensure @lit-protocol/encryption is installed.');
     }
 
-    const litNetwork = opts.litNetwork || process.env.LIT_NETWORK || 'serrano';
-    const client = new LitNodeClient({ litNetwork });
+    const litNetwork = opts.litNetwork || process.env.LIT_NETWORK || 'datil-test';
+    const client = new LitNodeClient({ litNetwork, debug: false });
     await client.connect();
 
+    const litChain = await inferLitChain(provider, opts.chain);
+
     let sessionSigs = null;
     if (opts.session) {
       sessionSigs = loadJsonFile(opts.session, '--session');
@@ -261,13 +265,14 @@ async function sellAction(key, price, opts = {}) {
         authSig = loadJsonFile(opts.authSig, '--auth-sig');
       } else if (process.env.LIT_AUTH_SIG) {
         authSig = loadJsonFile(process.env.LIT_AUTH_SIG, 'LIT_AUTH_SIG');
-      }
-      if (!authSig) {
-        throw new Error('Provide Lit session signatures (--session) or authSig (--auth-sig) for encryption.');
+      } else {
+        // Auto-generate authSig from connected wallet
+        if (!opts.json) {
+          console.log('🔐 Generating Lit auth signature from wallet...');
+        }
+        authSig = await buildNodeAuthSig(wallet, litChain);
       }
     }
-
-    const litChain = await inferLitChain(provider, opts.chain);
     const accessConditions = buildAccessControlConditions(receiptAddress, receiptId, litChain);
 
     const encResp = await encryptUint8Array({
@@ -328,12 +333,12 @@ async function sellAction(key, price, opts = {}) {
   const marketplace = new Contract(marketplaceAddress, marketplaceAbi, wallet);
   const priceTx = await marketplace.setPrice(keyHash, priceWei);
   const priceReceipt = await priceTx.wait();
-  result.txHash = priceReceipt.transactionHash;
+  result.txHash = priceReceipt.hash;
 
   if (opts.json) {
     console.log(JSON.stringify(result, null, 2));
   } else {
-    console.log(`✅ Listed ${key} for ${price} SXXX (${priceReceipt.transactionHash})`);
+    console.log(`✅ Listed ${key} for ${price} SXXX (tx: ${priceReceipt.hash})`);
     if (result.encryptedCid) {
       console.log(`🔒 Encrypted CID: ${result.encryptedCid}`);
       console.log(`🗃️  Manifest CID: ${result.manifestCid}`);
@@ -430,7 +435,48 @@ async function listAction(opts = {}) {
   let personalResourceMap = new Map();
 
   if (!explicitKeys.length && subgraphUrl) {
-    const document = `
+    // First try to get all listings (PriceSet events)
+    const listingsQuery = `
+      query($creator: Bytes!, $first: Int!) {
+        personalListings(where: { creator: $creator, listed: true }, first: $first, orderBy: updatedAt, orderDirection: desc) {
+          id
+          creator
+          key
+          price
+          listed
+          createdAt
+          updatedAt
+        }
+      }
+    `;
+    try {
+      const listingsData = await subgraphQuery(subgraphUrl, listingsQuery, {
+        creator: creatorAddress.toLowerCase(),
+        first: limit,
+      });
+
+      for (const listing of listingsData?.personalListings || []) {
+        const keyHash = String(listing.key);
+        const idKey = `hash:${keyHash}`;
+        if (!entries.has(idKey)) {
+          entries.set(idKey, {
+            type: 'hash',
+            keyHash,
+            priceFromListing: listing.price ? BigInt(String(listing.price)) : null,
+            listedAt: listing.createdAt ? Number(listing.createdAt) : null,
+            updatedAt: listing.updatedAt ? Number(listing.updatedAt) : null,
+          });
+        }
+      }
+    } catch (listingError) {
+      // PersonalListing entity may not exist yet, fall back to purchases
+      if (!listingError.message?.includes('Cannot query field')) {
+        console.warn(`⚠️  Listings query: ${listingError.message}`);
+      }
+    }
+
+    // Also fetch purchases for additional metadata
+    const purchasesQuery = `
       query($creator: Bytes!, $first: Int!) {
         licensePurchases(where: { creator: $creator }, first: $first, orderBy: blockTimestamp, orderDirection: desc) {
           key
@@ -444,7 +490,7 @@ async function listAction(opts = {}) {
       }
     `;
     try {
-      const data = await subgraphQuery(subgraphUrl, document, {
+      const data = await subgraphQuery(subgraphUrl, purchasesQuery, {
         creator: creatorAddress.toLowerCase(),
         first: limit,
       });
@@ -452,7 +498,15 @@ async function listAction(opts = {}) {
       for (const purchase of data?.licensePurchases || []) {
         const keyHash = String(purchase.key);
         const idKey = `hash:${keyHash}`;
-        if (!entries.has(idKey)) {
+        const existing = entries.get(idKey);
+        if (existing) {
+          // Enrich existing listing with purchase data
+          existing.receiptId = purchase.receiptId ? BigInt(String(purchase.receiptId)) : existing.receiptId;
+          existing.lastBuyer = purchase.buyer ? getAddress(purchase.buyer) : existing.lastBuyer;
+          existing.lastPurchaseAt = purchase.blockTimestamp ? Number(purchase.blockTimestamp) : existing.lastPurchaseAt;
+          existing.encryptedCid = purchase.encryptedCid || existing.encryptedCid;
+          existing.metadata = purchase.metadata || existing.metadata;
+        } else {
           entries.set(idKey, {
             type: 'hash',
             keyHash,
@@ -501,7 +555,10 @@ async function listAction(opts = {}) {
   }
 
   if (!entries.size) {
-    console.log('ℹ️  No listings found. Provide --keys or ensure listings have been purchased/indexed.');
+    console.log('ℹ️  No listings found.');
+    console.log('   Use --key <name> to check a specific listing by key.');
+    console.log('   Example: sage personal list --mine --key "my-prompt"');
+    console.log('   Note: Listings appear in subgraph after first purchase.');
     return [];
   }
 
@@ -678,6 +735,10 @@ async function myLicensesAction(opts = {}) {
     console.log(JSON.stringify(results, null, 2));
   } else if (results.length === 0) {
     console.log('ℹ️  No active personal licenses found for this holder.');
+    console.log('');
+    console.log('   If you recently purchased a license, the subgraph may still be syncing.');
+    console.log('   To check a specific license directly on-chain, use:');
+    console.log('   sage personal premium access <creator> <key>');
   } else {
     results.forEach((item) => {
       console.log(`🧾 ${item.receiptIdHex} — balance ${item.balance}`);
@@ -751,7 +812,7 @@ async function buyAction(creator, key, expectedPriceArg, opts = {}) {
     const approveTx = await sxxx.approve(marketplaceAddress, approveAmount);
     const approveReceipt = await approveTx.wait();
     if (!opts.json) {
-      console.log(`✅ SXXX approval tx ${approveReceipt.transactionHash}`);
+      console.log(`✅ SXXX approval tx ${approveReceipt.hash}`);
     }
   }
 
@@ -778,7 +839,7 @@ async function buyAction(creator, key, expectedPriceArg, opts = {}) {
     : sdk.personal.computeReceiptId(creatorAddress, key);
 
   const result = {
-    txHash: receipt.transactionHash,
+    txHash: receipt.hash,
     creator: creatorAddress,
     buyer: buyerAddress,
     key,
@@ -841,6 +902,32 @@ async function accessAction(creator, key, opts) {
 
   let encryptedCid = resource?.encryptedCid || null;
   let metadata = resource?.metadata || null;
+  let manifestObj = null;
+
+  // If --manifest provided, fetch manifest from IPFS and extract encryptedCid
+  if (opts.manifest) {
+    const gateway = resolveGateway(opts.gateway);
+    try {
+      if (!opts.json) {
+        console.log(`📥 Fetching manifest from IPFS: ${opts.manifest}`);
+      }
+      const manifestResp = await axios.get(`${gateway}${opts.manifest}`, { timeout: 15000 });
+      const manifest = manifestResp.data;
+      manifestObj = manifest;
+      if (manifest?.encryptedCid) {
+        encryptedCid = manifest.encryptedCid;
+        if (!opts.json) {
+          console.log(`✅ Found encryptedCid in manifest: ${encryptedCid}`);
+        }
+      }
+      if (manifest?.metadata && !metadata) {
+        metadata = manifest.metadata;
+      }
+    } catch (err) {
+      console.warn(`⚠️  Failed to fetch manifest: ${err?.message || err}`);
+    }
+  }
+
   if (!encryptedCid && opts.encryptedCid) {
     encryptedCid = String(opts.encryptedCid);
   }
@@ -856,9 +943,12 @@ async function accessAction(creator, key, opts) {
   if (encryptedPayload && looksLikeCid(encryptedPayload)) {
     try {
       const resp = await axios.get(`${gateway}${encryptedPayload}`, { timeout: 10000 });
+      if (resp.status !== 200) {
+        throw new Error(`Status ${resp.status}`);
+      }
       encryptedPayload = resp.data;
     } catch (error) {
-      console.warn(`⚠️  Failed to fetch encrypted payload from IPFS via ${gateway}:`, error?.message || error);
+      throw new Error(`Failed to fetch encrypted payload from IPFS via ${gateway}: ${error.message}`);
     }
   }
 
@@ -879,10 +969,12 @@ async function accessAction(creator, key, opts) {
 
   if (!opts.skipDecrypt && payloadObject) {
     const { LitNodeClient } = requireLit();
-    const litNetwork = opts.litNetwork || process.env.LIT_NETWORK || 'serrano';
-    const client = new LitNodeClient({ litNetwork });
+    const litNetwork = opts.litNetwork || process.env.LIT_NETWORK || 'datil-test';
+    const client = new LitNodeClient({ litNetwork, debug: false });
     await client.connect();
 
+    const litChain = await inferLitChain(provider, opts.chain);
+
     let sessionSigs = null;
     if (opts.session) {
       sessionSigs = loadJsonFile(opts.session, '--session');
@@ -891,22 +983,80 @@ async function accessAction(creator, key, opts) {
     }
 
     let authSig = null;
-    if (opts.authSig) {
-      authSig = loadJsonFile(opts.authSig, '--auth-sig');
-    } else if (process.env.LIT_AUTH_SIG) {
-      authSig = loadJsonFile(process.env.LIT_AUTH_SIG, 'LIT_AUTH_SIG');
+    if (!sessionSigs) {
+      if (opts.authSig) {
+        authSig = loadJsonFile(opts.authSig, '--auth-sig');
+      } else if (process.env.LIT_AUTH_SIG) {
+        authSig = loadJsonFile(process.env.LIT_AUTH_SIG, 'LIT_AUTH_SIG');
+      } else {
+        // Auto-generate authSig from connected wallet
+        if (!opts.json) {
+          console.log('🔐 Generating Lit auth signature from wallet...');
+        }
+        authSig = await buildNodeAuthSig(wallet, litChain);
+      }
     }
 
-    const litChain = await inferLitChain(provider, opts.chain);
-    decrypted = await sdk.personal.decryptWithLit({
-      encryptedCid: payloadObject,
-      receiptId,
-      chain: litChain,
-      receiptAddress,
-      litClient: client,
-      sessionSigs: sessionSigs || undefined,
-      authSig: authSig || undefined,
-    });
+    // Check for Hybrid Encryption (Sage Personal Manifest)
+    if (payloadObject.type === 'sage-personal-encrypted' && payloadObject.enc === 'aes-256-gcm') {
+      if (!manifestObj || !manifestObj.lit) {
+        throw new Error('Hybrid encryption detected but no Manifest provided (use --manifest <cid>).');
+      }
+      if (!opts.json) console.log('🔐 Decrypting hybrid content (Lit + AES-GCM)...');
+
+      const litParams = manifestObj.lit;
+      const condition = litParams.evmContractConditions?.[0] || {
+        conditionType: 'evmContract',
+        contractAddress: receiptAddress,
+        functionName: 'balanceOf',
+        functionParams: [':userAddress', receiptId.toString()],
+        functionAbi: {
+          inputs: [{ internalType: 'address', name: 'account', type: 'address' }, { internalType: 'uint256', name: 'id', type: 'uint256' }],
+          name: 'balanceOf',
+          outputs: [{ internalType: 'uint256', name: '', type: 'uint256' }],
+          stateMutability: 'view',
+          type: 'function',
+        },
+        chain: litChain,
+        returnValueTest: { comparator: '>', value: '0' },
+      };
+
+      const request = {
+        unifiedAccessControlConditions: [condition],
+        chain: litChain,
+        ciphertext: litParams.encryptedSymmetricKey,
+        dataToEncryptHash: litParams.dataToEncryptHash,
+        authSig,
+        sessionSigs,
+      };
+
+      const response = await client.decrypt(request);
+      if (!response || !response.decryptedData) {
+        throw new Error('[personal] Lit decryption of symmetric key failed');
+      }
+      
+      // response.decryptedData is Uint8Array
+      const symmetricKey = response.decryptedData;
+      
+      decrypted = decryptAesGcm(
+        fromB64(payloadObject.ciphertext),
+        Buffer.from(symmetricKey),
+        fromB64(payloadObject.iv),
+        fromB64(payloadObject.tag)
+      );
+
+    } else {
+      // Legacy/Direct Lit Decryption
+      decrypted = await sdk.personal.decryptWithLit({
+        encryptedCid: payloadObject,
+        receiptId,
+        chain: litChain,
+        receiptAddress,
+        litClient: client,
+        sessionSigs: sessionSigs || undefined,
+        authSig: authSig || undefined,
+      });
+    }
 
     if (opts.out) {
       outputPath = path.resolve(opts.out);
@@ -1047,6 +1197,7 @@ function register(program) {
     .option('--out <file>', 'Write decrypted output to file')
     .option('--skip-decrypt', 'Skip decryption and only report license status')
     .option('--encrypted-cid <cid>', 'Override encrypted CID')
+    .option('--manifest <cid>', 'Manifest CID to fetch encrypted content info from IPFS')
     .option('--json', 'Emit machine-readable JSON report', false)
     .action((creator, key, opts) => accessAction(creator, key, opts).catch((err) => { console.error(err.message); process.exit(1); }));
 

package/dist/cli/mcp-setup.md

@@ -18,10 +18,10 @@ Create or update your `.env` file with the required configuration:
 
 ```bash
 # Subgraph (preferred) + Blockchain
-SUBGRAPH_URL=https://api.goldsky.com/api/public/project_cmhxp0fppsbdd01q56xp2gqw9/subgraphs/sxxx-protocol/1.0.0/gn
-RPC_URL=https://sepolia.base.org
-LIBRARY_REGISTRY_ADDRESS=0x032F2E93549640a319163Ba600fc50bA1AFBE50F
-SUBDAO_FACTORY_ADDRESS=0x6bb6A83149F84Df0584aC863e5fE3416AFb214aC
+SUBGRAPH_URL=https://api.goldsky.com/api/public/project_cmhxp0fppsbdd01q56xp2gqw9/subgraphs/sxxx-protocol/1.0.2/gn
+RPC_URL=https://base-sepolia.publicnode.com
+LIBRARY_REGISTRY_ADDRESS=0x419Cd79d58db6A5aE1900dd7F0c1b8d153FfaD06
+SUBDAO_FACTORY_ADDRESS=0xED573E7e4c00fE325f846B961Df3352807eA3807
 
 # Optional: Custom IPFS Gateway
 IPFS_GATEWAY=https://ipfs.io/ipfs
@@ -65,10 +65,10 @@ You should see a JSON response listing the available tools.
       "command": "node",
       "args": ["/absolute/path/to/sage-protocol/cli/mcp-server-stdio.js"],
       "env": {
-        "SUBGRAPH_URL": "https://api.goldsky.com/api/public/project_cmhxp0fppsbdd01q56xp2gqw9/subgraphs/sxxx-protocol/1.0.0/gn",
-        "RPC_URL": "https://sepolia.base.org",
-        "LIBRARY_REGISTRY_ADDRESS": "0x032F2E93549640a319163Ba600fc50bA1AFBE50F",
-        "SUBDAO_FACTORY_ADDRESS": "0x6bb6A83149F84Df0584aC863e5fE3416AFb214aC"
+        "SUBGRAPH_URL": "https://api.goldsky.com/api/public/project_cmhxp0fppsbdd01q56xp2gqw9/subgraphs/sxxx-protocol/1.0.2/gn",
+        "RPC_URL": "https://base-sepolia.publicnode.com",
+        "LIBRARY_REGISTRY_ADDRESS": "0x419Cd79d58db6A5aE1900dd7F0c1b8d153FfaD06",
+        "SUBDAO_FACTORY_ADDRESS": "0xED573E7e4c00fE325f846B961Df3352807eA3807"
       }
     }
   }
@@ -97,36 +97,37 @@ Can you search for on-chain prompts related to "real estate"?
 or
 
 ```
-Please list all available SubDAOs in the Sage Protocol.
+Please list all available DAOs in the Sage Protocol.
 ```
 
 ## Available MCP Tools
 
-Your Sage Protocol MCP Server provides these tools:
-
-### 1. `search_onchain_prompts`
-- **Purpose**: Search prompts from LibraryRegistry and SubDAO registries
-- **Parameters**: 
-  - `query` (optional): Search terms
-  - `subdao` (optional): Filter by SubDAO address
-  - `tags` (optional): Filter by tags array
-  - `limit` (optional): Max results (default: 10)
-  - `includeContent` (optional): Fetch full content (default: false)
-
-### 2. `get_prompt_content`
-- **Purpose**: Fetch full prompt content from IPFS
-- **Parameters**: 
-  - `cid` (required): IPFS CID of the prompt
-
-### 3. `list_subdaos`
-- **Purpose**: List all SubDAOs in the protocol
-- **Parameters**: 
-  - `limit` (optional): Max results (default: 20)
-
-### 4. `get_library_manifests`
-- **Purpose**: Get executed library manifests from LibraryRegistry
-- **Parameters**: 
-  - `limit` (optional): Max results (default: 10)
+Your Sage Protocol MCP Server provides these tools. For the full list, see `docs/development/mcp-config.md`.
+
+### Quick Workflow (recommended)
+- `quick_create_prompt` - Create a new prompt (handles library creation automatically)
+- `quick_iterate_prompt` - Update an existing prompt with automatic backup
+- `quick_test_prompt` / `test_prompt` - Test a prompt with variable substitution
+- `improve_prompt` - Analyze a prompt and suggest improvements
+- `rename_prompt` - Rename a prompt's key/display name
+- `help` - Get help on Sage MCP workflows
+
+### Discovery & Search
+- `search_prompts` - Unified search across local and on-chain sources
+- `search_onchain_prompts` - Search directly from on-chain registries
+- `trending_prompts` - List trending prompts
+- `list_prompts` - List prompts from local libraries
+- `get_prompt` - Retrieve a specific prompt by key
+- `get_prompt_content` - Fetch full content from IPFS by CID
+- `list_libraries` - Page through libraries (local or on-chain)
+- `list_subdaos` - List all available DAOs
+- `get_library_manifests` - Get executed library manifests
+
+### Publishing & Governance
+- `suggest_subdaos_for_library` - Recommend DAOs for publishing
+- `generate_publishing_commands` - Generate CLI commands to publish
+- `publish_manifest_flow` - Validate → Push → Proposal payload (no signing)
+- `list_proposals` - List active proposals for a DAO
 
 ## Troubleshooting
 

package/dist/cli/utils/personal-helpers.js

@@ -44,7 +44,7 @@ function buildAccessControlConditions(receiptAddress, receiptId, chain) {
         type: 'function',
       },
       chain: litChain,
-      returnValueTest: { comparator: '>', value: '0' },
+      returnValueTest: { key: '', comparator: '>', value: '0' },
     },
   ];
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sage-protocol/cli",
-  "version": "0.3.9",
+  "version": "0.4.0",
   "description": "Sage Protocol CLI for managing AI prompt libraries",
   "bin": {
     "sage": "./bin/sage.js"