@sage-protocol/cli 0.8.0 → 0.8.2

package/dist/cli/commands/personal.js

@@ -1,7 +1,7 @@
 const fs = require('fs');
 const path = require('path');
 const axios = require('axios');
-const { getAddress, id, parseUnits, formatUnits, Contract, MaxUint256 } = require('ethers');
+const { getAddress, id, parseUnits, formatUnits, Contract, MaxUint256, ZeroAddress } = require('ethers');
 const { decryptAesGcm, fromB64 } = require('../utils/aes');
 const sdk = require('@sage-protocol/sdk');
 const { formatJson } = require('../utils/format');
@@ -244,6 +244,42 @@ const PERSONAL_REGISTRY_QUERY = `
 async function resolveOrCreatePersonalRegistry(wallet, opts = {}) {
   const ownerAddress = getAddress(await wallet.getAddress());
   const subgraphUrl = resolveSubgraphUrl(opts.subgraph);
+  const provider = wallet.provider || await getProvider();
+
+  const { resolveArtifact } = require('../utils/artifacts');
+  const PromptRegistryABI = resolveArtifact('contracts/PromptRegistry.sol/PromptRegistry.json').abi;
+
+  async function validateRegistryCandidate(registryAddr) {
+    try {
+      const code = await provider.getCode(registryAddr);
+      if (!code || code === '0x') {
+        return { ok: false, reason: 'no_code' };
+      }
+
+      const read = new Contract(registryAddr, PromptRegistryABI, provider);
+
+      // Ensure this registry is actually usable by the current wallet.
+      const govRole = await read.GOVERNANCE_ROLE().catch(() => null);
+      if (!govRole) return { ok: false, reason: 'missing_governance_role' };
+
+      const hasGovRole = await read.hasRole(govRole, ownerAddress).catch(() => null);
+      if (!hasGovRole) return { ok: false, reason: 'missing_governance_role_for_owner' };
+
+      // Personal registries should not be linked to a SubDAO.
+      const subdao = await read.subDAO().catch(() => null);
+      if (subdao && getAddress(subdao) !== getAddress(ZeroAddress)) {
+        return { ok: false, reason: 'linked_to_subdao', subdao: getAddress(subdao) };
+      }
+
+      // If paused, addPrompt will revert.
+      const paused = await read.paused().catch(() => false);
+      if (paused) return { ok: false, reason: 'paused' };
+
+      return { ok: true };
+    } catch (e) {
+      return { ok: false, reason: 'validation_error', error: e };
+    }
+  }
 
   // Try subgraph lookup first
   if (subgraphUrl) {
@@ -254,7 +290,14 @@ async function resolveOrCreatePersonalRegistry(wallet, opts = {}) {
       });
       const registries = resp.data?.data?.personalRegistries || [];
       if (registries.length > 0) {
-        return getAddress(registries[0].id);
+        const candidate = getAddress(registries[0].id);
+        const validation = await validateRegistryCandidate(candidate);
+        if (validation.ok) return candidate;
+
+        if (!opts.json) {
+          const extra = validation.subdao ? ` (subDAO=${validation.subdao})` : '';
+          ui.warn(`Resolved personal registry ${candidate} is not usable (${validation.reason}${extra}). Creating a fresh registry...`);
+        }
       }
     } catch (_) {
       // Subgraph unavailable, fall through to create
@@ -309,6 +352,30 @@ async function addPromptToRegistry(wallet, registryAddr, promptData, opts = {})
   const PromptRegistryABI = resolveArtifact('contracts/PromptRegistry.sol/PromptRegistry.json').abi;
   const registry = new Contract(registryAddr, PromptRegistryABI, wallet);
 
+  // Proactive checks to surface actionable errors before spending gas.
+  try {
+    const ownerAddress = getAddress(await wallet.getAddress());
+    const govRole = await registry.GOVERNANCE_ROLE().catch(() => null);
+    if (!govRole) {
+      throw new Error(`Resolved registry ${registryAddr} does not expose GOVERNANCE_ROLE(); is this a valid PromptRegistry?`);
+    }
+    const hasGov = await registry.hasRole(govRole, ownerAddress).catch(() => null);
+    if (!hasGov) {
+      throw new Error(`Wallet ${ownerAddress} lacks GOVERNANCE_ROLE on registry ${registryAddr}. This usually means the registry is not your personal registry (or it was not initialized as personal).`);
+    }
+    const subdao = await registry.subDAO().catch(() => null);
+    if (subdao && getAddress(subdao) !== getAddress(ZeroAddress)) {
+      throw new Error(`Registry ${registryAddr} is linked to SubDAO ${getAddress(subdao)}; personal publish requires a personal registry (subDAO=0x0).`);
+    }
+    const paused = await registry.paused().catch(() => false);
+    if (paused) {
+      throw new Error(`Registry ${registryAddr} is paused; unpause it (DEFAULT_ADMIN_ROLE) or create a fresh personal registry.`);
+    }
+  } catch (e) {
+    // Re-throw with a cleaner message for JSON/non-JSON callers.
+    throw e;
+  }
+
   const title = promptData.title || promptData.name || promptData.key || 'Untitled';
   const tags = promptData.tags || [];
   const contentCID = promptData.contentCID || '';

package/dist/cli/commands/wallet.js

@@ -289,9 +289,10 @@ const Web3AuthWalletManager = require('../web3auth-wallet-manager');
             }
 
             // Device code flow via relay works with just appId (no secret needed)
-            // Only --local mode requires appSecret for direct Privy SDK calls
+            // Always prefer relay unless --local is explicitly set
             if (appId) {
               if (options?.local) {
+                process.env.SAGE_PRIVY_LOGIN_MODE = 'local';
                 // Local OAuth requires appSecret for direct Privy SDK authentication
                 if (!appSecret) {
                   ui.error('Local OAuth mode requires PRIVY_APP_SECRET.');
@@ -300,15 +301,9 @@ const Web3AuthWalletManager = require('../web3auth-wallet-manager');
                 }
                 ui.info('Using local OAuth authentication...');
               } else {
-                // Web/device code flow - uses relay, no secret needed
-                // Force device code mode when secret is not available
-                if (!appSecret) {
-                  process.env.SAGE_PRIVY_LOGIN_MODE = 'device';
-                  ui.info('Using device code authentication via web app relay...');
-                } else {
-                  process.env.SAGE_PRIVY_LOGIN_MODE = 'web';
-                  ui.info('Using web-based authentication...');
-                }
+                // Web relay flow - uses web app, no localhost callback
+                process.env.SAGE_PRIVY_LOGIN_MODE = 'web';
+                ui.info('Using web-based authentication via relay...');
               }
 
               const walletManager = new PrivyAuthWalletManager();

package/dist/cli/index.js

@@ -19,6 +19,11 @@ if (!process.env.CONTRACT_ARTIFACTS_ROOT) {
   }
 }
 
+// Always trust SAGE_RPC_URL over RPC_URL when provided
+if (process.env.SAGE_RPC_URL) {
+  process.env.RPC_URL = process.env.SAGE_RPC_URL;
+}
+
 // Filter out deprecated Lit SDK warning immediately
 const realStderrWrite = process.stderr.write.bind(process.stderr);
 process.stderr.write = (chunk, encoding, callback) => {

package/dist/cli/privy-auth-wallet-manager.js

@@ -82,7 +82,9 @@ class PrivyAuthWalletManager {
     try {
       const relayEnabled = process.env.SAGE_DISABLE_PRIVY_RELAY !== '1';
       const hasAppSecret = !!this.appSecret;
-      const preferSessionFlow = relayEnabled && !hasAppSecret;
+      const mode = String(process.env.SAGE_PRIVY_LOGIN_MODE || '').trim().toLowerCase();
+      const forceRelay = relayEnabled && mode !== 'local' && mode !== 'oauth';
+      const preferSessionFlow = forceRelay;
 
       // Try cached credentials first
       const cached = readPrivyCredentials();
@@ -140,7 +142,6 @@ class PrivyAuthWalletManager {
 
       // No valid cached credentials - need OAuth login
       console.log('\nNo cached Privy credentials found.');
-      const mode = String(process.env.SAGE_PRIVY_LOGIN_MODE || '').trim().toLowerCase();
       const useSessionFlow = preferSessionFlow || mode === 'web' || mode === 'session';
       const useDeviceCodeFlow = !preferSessionFlow && (mode === 'device' || mode === 'device_code');
 

package/dist/cli/services/config/chain-defaults.js

@@ -58,7 +58,7 @@ const CHAIN_CONFIGS = {
  * Used for resolution precedence.
  */
 const ENV_VARS = {
-  rpcUrl: ['RPC_URL', 'BASE_SEPOLIA_RPC', 'BASE_RPC_URL'],
+  rpcUrl: ['SAGE_RPC_URL', 'RPC_URL', 'BASE_SEPOLIA_RPC', 'BASE_RPC_URL'],
   chainId: ['CHAIN_ID', 'BASE_CHAIN_ID'],
   subgraphUrl: ['SUBGRAPH_URL', 'SAGE_SUBGRAPH_URL', 'NEXT_PUBLIC_GRAPH_ENDPOINT', 'NEXT_PUBLIC_SUBGRAPH_URL']
 };

package/dist/cli/services/config/manager.js

@@ -121,6 +121,9 @@ class ConfigManager {
       if (fs.existsSync(sageEnv)) {
         dotenv.config({ path: sageEnv });
       }
+      if (process.env.SAGE_RPC_URL) {
+        process.env.RPC_URL = process.env.SAGE_RPC_URL;
+      }
     } catch (_) {
       // dotenv not available, skip
     }

package/dist/cli/services/config/schema.js

@@ -105,6 +105,7 @@ const addressMap = z.record(
  */
 const ipfsConfig = z.object({
   gateway: z.string().url().optional(),
+  gateways: z.array(z.string()).optional(),
   pinataApiKey: z.string().optional(),
   pinataSecretKey: z.string().optional(),
   pinataJwt: z.string().optional(),

package/dist/cli/services/ipfs/onboarding.js

@@ -2,6 +2,12 @@ const path = require('path');
 const ui = require('../../utils/cli-ui');
 
 const DEFAULT_GATEWAY = 'https://ipfs.dev.sageprotocol.io/ipfs';
+const FALLBACK_GATEWAYS = [
+  'https://dweb.link/ipfs',
+  'https://nftstorage.link/ipfs',
+  'https://ipfs.io/ipfs',
+  'https://gateway.pinata.cloud/ipfs'
+];
 const DEFAULT_WORKER_BASE = 'https://api.sageprotocol.io';
 const DEFAULT_WORKER_CHALLENGE_PATH = '/ipfs/auth/challenge';
 const DEFAULT_WORKER_UPLOAD_PATH = '/ipfs/upload';
@@ -87,6 +93,7 @@ function createIpfsOnboarding({
 
     if (!quiet) {
       ui.header('Sage IPFS pinning setup', 'Configure your gateway and pinning providers so uploads work out of the box.');
+      ui.output(`Gateway fallbacks: ${FALLBACK_GATEWAYS.join(', ')}`);
     }
 
     let scope = initialScope && ['project', 'global'].includes(initialScope) ? initialScope : null;
@@ -332,6 +339,10 @@ function createIpfsOnboarding({
     const payload = {};
     if (gateway !== undefined) {
       payload.gateway = ensureString(gateway) || null;
+      if (payload.gateway) {
+        const fallback = FALLBACK_GATEWAYS.filter((g) => g !== payload.gateway);
+        payload.gateways = fallback;
+      }
     }
     payload.warmGateway = !!warmGateway;
     if (provider) payload.provider = provider;

package/dist/cli/utils/aliases.js

@@ -101,6 +101,7 @@ const COMMAND_CATALOG = {
       'info',
       'fork',
       'personal',
+      'vault',
       'delete'
     ],
     subcommandAliases: {

package/dist/cli/utils/cli-ui.js

@@ -402,7 +402,7 @@ function keyValue(data) {
  * @param {boolean} [options.pretty=true] - Pretty print
  */
 function json(data, options = {}) {
-  const { pretty = true } = options;
+  const { pretty = true } = options || {};
   console.log(pretty ? JSON.stringify(data, null, 2) : JSON.stringify(data));
 }
 

package/dist/cli/utils/provider.js

@@ -14,11 +14,15 @@ async function getWallet(provider, options = {}) {
     throw new Error('Signer unavailable. Connect a wallet capable of signing transactions.');
   }
 
-  if (!session.signer.provider && provider) {
-    session.signer.connect(provider);
+  let signer = session.signer;
+
+  // ethers v6 Signer#connect returns a NEW signer; it does not mutate.
+  // Ensure the returned signer is connected so read calls (eth_call) work.
+  if (!signer.provider && provider && typeof signer.connect === 'function') {
+    signer = signer.connect(provider);
   }
 
-  return session.signer;
+  return signer;
 }
 
 module.exports = {

package/dist/cli/wallet-manager.js

@@ -133,19 +133,14 @@ class WalletManager {
             process.env.SAGE_PRIVY_RELAY_URL = defaults.SAGE_PRIVY_RELAY_URL;
         }
 
-        // Device code flow via relay works with just appId (no secret needed)
-        // Use PrivyAuthWalletManager when appId is available
+        // Prefer relay-based web login by default (no localhost callback).
+        // Use PrivyAuthWalletManager when appId is available.
         if (appId) {
-            // Force device code mode when secret is not available
-            if (!appSecret) {
-                process.env.SAGE_PRIVY_LOGIN_MODE = 'device';
-                if (!process.env.SAGE_QUIET_JSON && process.env.SAGE_VERBOSE === '1') {
-                    console.log('🔐 Using device code authentication via web app relay...');
-                }
-            } else {
-                if (!process.env.SAGE_QUIET_JSON && process.env.SAGE_VERBOSE === '1') {
-                    console.log('🔐 Using Privy OAuth authentication (same wallet as web app)');
-                }
+            if (!process.env.SAGE_PRIVY_LOGIN_MODE) {
+                process.env.SAGE_PRIVY_LOGIN_MODE = 'web';
+            }
+            if (!process.env.SAGE_QUIET_JSON && process.env.SAGE_VERBOSE === '1') {
+                console.log('🔐 Using web relay authentication (same wallet as web app)');
             }
             this.wallet = new PrivyAuthWalletManager();
             const ok = await this.wallet.initialize();

package/dist/prompts/e2e-test-prompt.md

@@ -0,0 +1,22 @@
+---
+name: E2E Test Prompt
+description: A test prompt for validating the /prompt/:cid endpoint
+tags: [test, e2e, validation]
+kind: "prompt"
+publishable: true
+targets: []
+---
+
+# E2E Test Prompt
+
+This is a test prompt created to validate the prompt allowlist flow.
+
+## Purpose
+- Test that prompts published to a DAO get added to the allowlist
+- Verify that `/prompt/:cid` endpoint serves allowlisted prompts
+- Confirm library sync properly indexes prompt CIDs
+
+## Instructions
+When this prompt is accessible via the API, the allowlist flow is working correctly.
+
+Created: 2025-12-26

package/dist/prompts/skills/build-web3/plugin.json

@@ -0,0 +1,11 @@
+{
+  "name": "build-web3",
+  "description": "Build Web3 dApps and smart contracts from scratch through shipping. Full lifecycle for EVM/Base development with Solidity, Foundry, Next.js, and viem/wagmi. Covers contracts, frontend, testing, security analysis, and deployment.",
+  "version": "1.0.0",
+  "author": "Sage Protocol",
+  "license": "MIT",
+  "keywords": ["web3", "solidity", "foundry", "next.js", "viem", "wagmi", "smart-contracts", "dapp"],
+  "category": "development",
+  "homepage": "https://github.com/sage-protocol",
+  "repository": "https://github.com/sage-protocol/sage-protocol"
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sage-protocol/cli",
-  "version": "0.8.0",
+  "version": "0.8.2",
   "description": "Sage Protocol CLI for managing AI prompt libraries",
   "bin": {
     "sage": "./bin/sage.js"