@starkscan/cli 0.1.0-beta.1 → 0.1.0

package/README.md

@@ -1,137 +1,113 @@
 # @starkscan/cli
 
-Command-line launcher for Starkscan API, export, and agent workflows.
+Command-line Starkscan client for status checks, explorer reads, local exports,
+and agent setup.
 
-Status: public beta. Use a smoked exact version such as `0.1.0-beta.1` for unattended
-agents or production services.
+Status: public `0.1.0` stable release. The npm `latest` tag points to the real
+CLI package. Use the untagged install for normal setup and pin `0.1.0` for
+unattended agents or production services that need reproducible installs.
 
 ## Install
 
 ```bash
-npm install -g @starkscan/cli@0.1.0-beta.1
-starkscan init
+npm install -g @starkscan/cli
+starkscan doctor
 ```
 
-One-off agent run:
+One-off agent setup without a global install:
 
 ```bash
-npx -y @starkscan/cli@0.1.0-beta.1 init --agent --output-format json
+npx -y @starkscan/cli init --agent --output-format json
 ```
 
-For unattended agents or production services, pin a smoked exact version instead
-of floating on `@beta`.
+Exact pin for unattended services:
 
-## What it does
+```bash
+npx -y @starkscan/cli@0.1.0 init --agent --output-format json
+```
 
-- Runs the prebuilt native `starkscan` binary without requiring a Rust toolchain.
-- Verifies bundled native archives against release-manifest checksums.
-- Calls the hosted Starkscan API with request IDs and route-class headers.
-- Exposes shell-friendly output for agents, scripts, exports, and operator
-  smoke checks.
+The `@beta` tag remains a prerelease channel only. Do not use it for unattended
+production services unless a maintainer explicitly asks you to test a
+prerelease.
 
-## Trust status
+## First commands
 
-- npm: <https://www.npmjs.com/package/@starkscan/cli>
-- public trust docs: <https://starkscan.co/docs/build/package-trust>
-- machine-readable matrix: <https://starkscan.co/public-client-surface-matrix.json>
-- Socket signal: <https://socket.dev/npm/package/@starkscan/cli>
+```bash
+export STARKSCAN_API_KEY="<store this in your shell or agent secret store>"
+export STARKSCAN_CHAIN="SN_MAIN"
+# Optional: only set this for preview or self-hosted hosts.
+# export STARKSCAN_BASE_URL="https://preview.example.com/api"
 
-Socket is an external package-risk signal, not a formal Starkscan security
-certificate. Starkscan package promotion also requires bundled-artifact checksum
-verification, manual passkey or Trusted Publishing/OIDC publish control, and
-the launch gates documented at the public package trust page. The canonical
-source repository is private, so public package trust links intentionally point
-to Starkscan docs instead of GitHub.
+starkscan status
+starkscan block 8279910
+starkscan tx 0x1234abcd
+starkscan search 0x1234abcd
+```
 
-The wrapper uses bundled native artifacts when they are present in the published package, verifies downloaded or bundled archives against checksums in the release manifest, rejects malformed archives, caches the native `starkscan` binary, and forwards all arguments to it. It does not require a Rust toolchain or repository access.
+The CLI defaults to `https://api.starkscan.co`, sends `X-Starkscan-Api-Key`,
+and uses the same REST API contract as the SDK. MCP uses a separate
+transport: `POST https://api.starkscan.co/mcp` on the API domain, or
+`POST {appBaseUrl}/api/mcp` on app-origin deployments.
 
-Agents can inspect the launcher decision without executing the native binary:
+## Why use it
+
+- No Rust toolchain or private repository access required.
+- Prebuilt native `starkscan` binaries are bundled in the npm package.
+- Bundled or downloaded native archives are verified against manifest checksums
+  before execution.
+- `--output-format json` keeps stdout parseable for agents and CI.
+- Stable exit classes make automation predictable: success, usage, auth,
+  rate-limit, timeout, and not-found errors are distinct.
+- MCP helpers print ready-to-paste Codex, Claude Code, Cursor, Claude Desktop,
+  and Cline configs with environment placeholders, not secret values.
+
+## Agent setup
 
 ```bash
-npx -y @starkscan/cli@0.1.0-beta.1 --launcher-json
+npx -y @starkscan/cli@0.1.0 init --agent --output-format json
+npx -y @starkscan/cli@0.1.0 mcp print-config --transport remote
+npx -y @starkscan/cli@0.1.0 mcp start --transport remote
 ```
 
-`--launcher-json` also works through `STARKSCAN_LAUNCHER_JSON=1` or
-`STARKSCAN_CLI_LAUNCHER_JSON=1`. The JSON includes the package version,
-resolved binary path, release tag, source (`bundled`, `download`, `bin-path`, or
-`unknown` for legacy caches without valid sidecar metadata), cache-hit status, and
-verification status. It may resolve and verify the binary first, but it does
-not invoke the native `starkscan` executable.
+`print-config` emits machine-readable snippets. Keep `STARKSCAN_API_KEY` in the
+host shell, CI secret store, or MCP client secret store.
+
+## Launcher inspection
 
-MCP client setup uses the same package. `print-config` emits machine-readable
-Codex and Claude Code snippets with environment-variable placeholders, not
-secret values. `start` is the stable alias for serving the remote stdio bridge:
+Agents can inspect the launcher decision without executing the native binary:
 
 ```bash
-npx -y @starkscan/cli@0.1.0-beta.1 init --agent --output-format json
-npx -y @starkscan/cli@0.1.0-beta.1 mcp print-config --transport remote
-npx -y @starkscan/cli@0.1.0-beta.1 mcp start --transport remote
+npx -y @starkscan/cli@0.1.0 --launcher-json
 ```
 
-## Environment
+The JSON includes the package version, resolved binary path, release tag,
+source (`bundled`, `download`, `bin-path`, or `unknown` for legacy caches),
+cache-hit status, and verification status.
 
-```bash
-export STARKSCAN_API_KEY="mzk_test_your_key_here"
-export STARKSCAN_CHAIN="SN_MAIN"
-# Optional: only set this for preview or self-hosted hosts.
-# export STARKSCAN_BASE_URL="https://preview.example.com/api"
-```
+## Trust and safety
+
+- npm package: <https://www.npmjs.com/package/@starkscan/cli>
+- CLI docs: <https://starkscan.co/docs/ai/agent-cli>
+- API key setup: <https://starkscan.co/api-key>
+- Package trust: <https://starkscan.co/docs/build/package-trust>
+- Machine-readable launch matrix: <https://starkscan.co/public-client-surface-matrix.json>
+- Socket signal: <https://socket.dev/npm/package/@starkscan/cli>
 
-`STARKSCAN_*` is the public CLI environment contract. The launcher still accepts
-the old internal variable names as hidden compatibility aliases during the beta
-cutover. The CLI defaults to `https://api.starkscan.co` and sends
-`X-Starkscan-Api-Key` to the hosted API.
+Socket is an external package-risk signal, not a Starkscan security certificate.
+The public trust source is Starkscan docs because the canonical engineering
+repository is private. Package promotion also requires checked release scripts,
+native artifact checksum verification, npm Trusted Publishing/OIDC for CI
+publishes, and live smoke proof against the hosted API.
 
-The native CLI forwards public API keys only to Starkscan HTTPS hosts or
+The CLI forwards public API keys only to Starkscan HTTPS hosts or
 localhost/loopback fixtures. When intentionally testing a private API host, pass
 `--allow-untrusted-base-url` explicitly so keys are not replayed to an
 unexpected endpoint by default.
 
-Supported `STARKSCAN_CHAIN` values are `SN_MAIN` and `SN_SEPOLIA`. Global flags
-can be placed before or after the subcommand, for example
-`starkscan status --output-format json --pretty`.
-
-For agent callers, `--output-format json` always keeps stdout parseable: success
-prints `{ "ok": true, "data": ... }`, and failures before a result payload is
-emitted print
-`{ "ok": false, "error": { "code": "auth_error", "message": "HTTP 401: unauthorized", "exitCode": 3, "exitClass": "auth", "httpStatus": 401, "requestId": "starkscan-cli-..." } }`
-before exiting non-zero. Diagnostic commands such as `doctor` can emit
-`{ "ok": false, "data": ... }` with a non-zero exit. `stream-json` failures
-print one compact `type: "error"` line. Text mode keeps human-readable errors on
-stderr.
-
-Transaction hashes, addresses, token addresses, and calldata values must be
-`0x`-prefixed Starknet field elements. Contract-read selectors can be function
-names such as `balanceOf` or selector felts. Malformed values fail locally before
-any network request with exit code `2`; JSON mode emits `code: "usage_error"`.
-In JSON output, address-shaped fields such as `address`, `fromAddress`,
-`toAddress`, `contractAddress`, and `tokenAddress` are canonicalized to lowercase
-`0x` plus 64 hex characters so agents can join rows reliably. Hashes, calldata,
-selectors, and other felt values are not rewritten.
-
-CLI exit codes are stable for agents: `0` success, `1` runtime, `2`
-usage/bad input, `3` auth, `4` rate-limited, `5` timeout, and `6` not found.
-
-## Minimal commands
-
-```bash
-npx -y @starkscan/cli@0.1.0-beta.1 init
-npx -y @starkscan/cli@0.1.0-beta.1 status
-npx -y @starkscan/cli@0.1.0-beta.1 doctor
-npx -y @starkscan/cli@0.1.0-beta.1 mcp print-config --transport remote
-```
-
 ## Release binding
 
-By default, the package resolves to bundled artifacts under `artifacts/v<package-version>` when published with native binaries included. Maintainers can override the release source for tests or emergency rollback:
-
-- `STARKSCAN_CLI_RELEASE_TAG`: release tag, or `latest`
-- `STARKSCAN_CLI_BUNDLED_ARTIFACT_DIR`: maintainer/test override for the bundled artifact root. Use an absolute path in CI, or a cwd-relative path locally, pointing to a root that contains `artifacts/v<release-tag>/starkscan-cli-manifest.json` and matching platform archives. Example: `STARKSCAN_CLI_BUNDLED_ARTIFACT_DIR=/tmp/starkscan-cli-artifacts npx -y @starkscan/cli@0.1.0-beta.1 doctor`
-- `STARKSCAN_CLI_RELEASE_BASE_URL`: maintainer/test release base URL override. Published public packages use bundled artifacts first; beta clients should not set this. By default the override must be a local `file:` URL, the official GitHub HTTPS release path, or Starkscan HTTPS. Custom HTTPS hosts or GitHub repo paths require `STARKSCAN_CLI_ALLOW_CUSTOM_RELEASE_BASE_URL=1`; plaintext HTTP requires `STARKSCAN_CLI_ALLOW_INSECURE_RELEASE_BASE_URL=1` and is limited to localhost or loopback maintainer fixtures. Network release manifests are fail-closed unless `STARKSCAN_CLI_ALLOW_UNSIGNED_NETWORK_MANIFEST=1` is set for a maintainer-only fallback; bundled npm artifacts or local `file:` fixtures are preferred until signed manifest verification exists.
-- `STARKSCAN_CLI_CACHE_DIR`: cache root for downloaded native binaries
-- `STARKSCAN_CLI_BIN_PATH`: maintainer/test override to use an existing local `starkscan` binary and skip download. Requires `STARKSCAN_CLI_ALLOW_BIN_PATH=1`; the path must be absolute, executable, and not a symlink.
-- `STARKSCAN_CLI_RELEASE_REPO`: maintainer/test GitHub repo path override
-- `STARKSCAN_CLI_PLATFORM_OVERRIDE`: force a specific target platform for cross-platform testing
-- `STARKSCAN_CLI_DOWNLOAD_TIMEOUT_MS`: download inactivity timeout in milliseconds, default `120000`
-
-The package expects release assets produced by `rust-exp/scripts/package-starkscan-cli.sh`: `starkscan-cli-manifest.json`, `starkscan-<platform>.tar.gz`, and matching checksums. Run native packaging and npm packaging from the repository root so `.artifacts/release/cli` is available. Publish the tarball produced by `scripts/package-starkscan-cli-npm.sh` or `scripts/publish-public-cli.sh`; do not publish the package directory directly, because that can omit native artifacts.
+The package resolves bundled artifacts under `artifacts/v<package-version>` when
+published with native binaries included. Maintainer overrides such as
+`STARKSCAN_CLI_RELEASE_TAG`, `STARKSCAN_CLI_RELEASE_BASE_URL`,
+`STARKSCAN_CLI_BUNDLED_ARTIFACT_DIR`, and `STARKSCAN_CLI_BIN_PATH` exist for
+tests and emergency rollback; public clients should not need them.

package/artifacts/{v0.1.0-beta.1 → v0.1.0}/starkscan-cli-manifest.json

@@ -1,34 +1,34 @@
 {
   "schemaVersion": 1,
-  "generatedAt": "2026-06-29T04:53:36Z",
+  "generatedAt": "2026-06-29T13:07:15Z",
   "artifacts": [
     {
       "name": "starkscan-darwin-aarch64.tar.gz",
       "platform": "darwin-aarch64",
       "target": "darwin-aarch64",
       "archive": "starkscan-darwin-aarch64.tar.gz",
-      "sha256": "b33a14b7b4e85ee571ee537e46153ea0ef5eb1eb01d6d34c3620c670c13cb371"
+      "sha256": "f09d9f6e76be371e0f87da9d1540a77607c37cabb94c69c59959c02cbf523a14"
     },
     {
       "name": "starkscan-darwin-x86_64.tar.gz",
       "platform": "darwin-x86_64",
       "target": "darwin-x86_64",
       "archive": "starkscan-darwin-x86_64.tar.gz",
-      "sha256": "4bcf906defb317754d38c72a9586219eadfcb9dc725aa920a4fce650c78cf311"
+      "sha256": "46319387c9b77503a79dc617fc28aa6b35ba34edda3a6997ce70701591f51885"
     },
     {
       "name": "starkscan-linux-aarch64.tar.gz",
       "platform": "linux-aarch64",
       "target": "linux-aarch64",
       "archive": "starkscan-linux-aarch64.tar.gz",
-      "sha256": "a60a493fd6c226b329d9e7a4f1b1c1a0d62a68d59740dd484390306db879bac1"
+      "sha256": "767bd29fe5562a3ab114f098eecda36d05e816f48e6f8e57df0f66970897887e"
     },
     {
       "name": "starkscan-linux-x86_64.tar.gz",
       "platform": "linux-x86_64",
       "target": "linux-x86_64",
       "archive": "starkscan-linux-x86_64.tar.gz",
-      "sha256": "604f25e483adf6b035e37ef803f6e5d5a56bed20b3caa1762d0a46923d384e05"
+      "sha256": "2f51b30701dce6502cf4cf070adfcb839c74720015524197de679b65d6d927f5"
     }
   ]
 }

package/artifacts/v0.1.0/starkscan-darwin-aarch64.tar.gz.sha256

@@ -0,0 +1 @@
+f09d9f6e76be371e0f87da9d1540a77607c37cabb94c69c59959c02cbf523a14  starkscan-darwin-aarch64.tar.gz

package/artifacts/v0.1.0/starkscan-darwin-x86_64.tar.gz.sha256

@@ -0,0 +1 @@
+46319387c9b77503a79dc617fc28aa6b35ba34edda3a6997ce70701591f51885  starkscan-darwin-x86_64.tar.gz

package/artifacts/v0.1.0/starkscan-linux-aarch64.tar.gz.sha256

@@ -0,0 +1 @@
+767bd29fe5562a3ab114f098eecda36d05e816f48e6f8e57df0f66970897887e  starkscan-linux-aarch64.tar.gz

package/artifacts/v0.1.0/starkscan-linux-x86_64.tar.gz.sha256

@@ -0,0 +1 @@
+2f51b30701dce6502cf4cf070adfcb839c74720015524197de679b65d6d927f5  starkscan-linux-x86_64.tar.gz

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@starkscan/cli",
   "private": false,
-  "version": "0.1.0-beta.1",
+  "version": "0.1.0",
   "description": "Command-line launcher for Starkscan API, export, and agent workflows.",
   "license": "MIT",
   "type": "module",

package/artifacts/v0.1.0-beta.1/starkscan-darwin-aarch64.tar.gz.sha256

@@ -1 +0,0 @@
-b33a14b7b4e85ee571ee537e46153ea0ef5eb1eb01d6d34c3620c670c13cb371  starkscan-darwin-aarch64.tar.gz

package/artifacts/v0.1.0-beta.1/starkscan-darwin-x86_64.tar.gz.sha256

@@ -1 +0,0 @@
-4bcf906defb317754d38c72a9586219eadfcb9dc725aa920a4fce650c78cf311  starkscan-darwin-x86_64.tar.gz

package/artifacts/v0.1.0-beta.1/starkscan-linux-aarch64.tar.gz.sha256

@@ -1 +0,0 @@
-a60a493fd6c226b329d9e7a4f1b1c1a0d62a68d59740dd484390306db879bac1  starkscan-linux-aarch64.tar.gz

package/artifacts/v0.1.0-beta.1/starkscan-linux-x86_64.tar.gz.sha256

@@ -1 +0,0 @@
-604f25e483adf6b035e37ef803f6e5d5a56bed20b3caa1762d0a46923d384e05  starkscan-linux-x86_64.tar.gz