@storyclaw/talenthub 0.3.4 → 0.3.6

package/dist/cli.js

@@ -34,6 +34,7 @@ agent
     .command("install <name>")
     .description("Install an agent and its skills")
     .option("-f, --force", "Overwrite existing agent", false)
+    .option("-t, --token <token>", "Authenticate with a th_* token for private agents")
     .action(agentInstall);
 agent
     .command("update [name]")

package/dist/commands/agent-install.d.ts

@@ -1,3 +1,4 @@
 export declare function agentInstall(name: string, options: {
     force?: boolean;
+    token?: string;
 }): Promise<void>;

package/dist/commands/agent-install.js

@@ -1,19 +1,35 @@
 import fs from "node:fs";
 import path from "node:path";
+import { verifyToken } from "../lib/auth.js";
 import { installAllSkills } from "../lib/skills.js";
 import { addOrUpdateAgent, findAgentEntry, readConfig, writeConfig } from "../lib/config.js";
 import { fetchCatalog, fetchManifest } from "../lib/registry.js";
 import { resolveWorkspaceDir } from "../lib/paths.js";
 import { markInstalled } from "../lib/state.js";
 export async function agentInstall(name, options) {
+    const token = options.token;
+    if (token) {
+        if (!token.startsWith("th_")) {
+            console.error("Invalid token format. Token must start with 'th_'.");
+            process.exit(1);
+        }
+        console.log("Verifying token...");
+        try {
+            await verifyToken(token);
+        }
+        catch {
+            console.error("Token verification failed. Please check your token and try again.");
+            process.exit(1);
+        }
+    }
     console.log(`Looking up agent "${name}"...`);
-    const catalog = await fetchCatalog();
+    const catalog = await fetchCatalog(token);
     if (!catalog.agents[name]) {
         const available = Object.keys(catalog.agents).join(", ");
         console.error(`Agent "${name}" not found. Available: ${available}`);
         process.exit(1);
     }
-    const manifest = await fetchManifest(name);
+    const manifest = await fetchManifest(name, token);
     console.log(`Found ${manifest.emoji} ${manifest.name} v${manifest.version} (${manifest.skills.length} skills)`);
     const cfg = readConfig();
     const existing = findAgentEntry(cfg, name);

package/dist/commands/agent-publish.js

@@ -103,6 +103,9 @@ export async function agentPublish(name, opts = {}) {
         min_openclaw_version: manifest.minOpenClawVersion || null,
         avatar_url: manifest.avatarUrl || null,
         is_public: true,
+        ...(manifest.i18n && typeof manifest.i18n === "object"
+            ? { i18n: manifest.i18n }
+            : {}),
     };
     console.log(`\nPublishing ${payload.emoji || ""} ${payload.name} v${finalVersion}...`);
     const base = getRegistryBaseUrl();

package/dist/commands/login.js

@@ -1,5 +1,5 @@
 import { execSync } from "node:child_process";
-import { readAuth, requestDeviceCode, pollForToken, exchangeToken, writeAuth } from "../lib/auth.js";
+import { readAuth, requestDeviceCode, pollForToken, exchangeToken, verifyToken, writeAuth } from "../lib/auth.js";
 function openUrl(url) {
     try {
         const cmd = process.platform === "darwin"
@@ -14,14 +14,23 @@ function openUrl(url) {
     }
 }
 export async function login(options) {
-    // Direct token exchange: skip device-code flow entirely
     if (options.token) {
-        console.log("Exchanging token...");
         try {
-            const { access_token, user_id, expires_at } = await exchangeToken(options.token);
-            writeAuth({ token: access_token, user_id, expires_at });
-            console.log(`✓ Logged in successfully.`);
-            console.log(`  User ID: ${user_id}`);
+            if (options.token.startsWith("th_")) {
+                console.log("Verifying token...");
+                const { user_id } = await verifyToken(options.token);
+                writeAuth({ token: options.token, user_id, expires_at: "" });
+                console.log(`✓ Logged in successfully.`);
+                console.log(`  User ID: ${user_id}`);
+            }
+            else {
+                // sc_token from web session — exchange for a CLI token
+                console.log("Exchanging token...");
+                const { access_token, user_id, expires_at } = await exchangeToken(options.token);
+                writeAuth({ token: access_token, user_id, expires_at });
+                console.log(`✓ Logged in successfully.`);
+                console.log(`  User ID: ${user_id}`);
+            }
         }
         catch (err) {
             console.error(`✗ Login failed: ${err instanceof Error ? err.message : err}`);

package/dist/lib/auth.d.ts

@@ -24,4 +24,10 @@ export type TokenResponse = {
  * Exchange an sc_token (web session cookie) for a CLI-compatible th_* token.
  */
 export declare function exchangeToken(scToken: string): Promise<TokenResponse>;
+/**
+ * Verify a th_* CLI token against the registry and return the user_id.
+ */
+export declare function verifyToken(token: string): Promise<{
+    user_id: string;
+}>;
 export declare function pollForToken(deviceCode: string, interval: number, maxWaitMs: number): Promise<TokenResponse>;

package/dist/lib/auth.js

@@ -64,6 +64,21 @@ export async function exchangeToken(scToken) {
     }
     return res.json();
 }
+/**
+ * Verify a th_* CLI token against the registry and return the user_id.
+ */
+export async function verifyToken(token) {
+    const base = getRegistryBaseUrl();
+    const res = await fetchRetry(`${base}/api/talenthub/auth/me`, {
+        method: "GET",
+        headers: { Authorization: `Bearer ${token}` },
+    });
+    if (!res.ok) {
+        const body = await res.json().catch(() => ({ error: "unknown" }));
+        throw new Error(`Token verification failed (${res.status}): ${body.error ?? "unknown error"}`);
+    }
+    return res.json();
+}
 export async function pollForToken(deviceCode, interval, maxWaitMs) {
     const base = getRegistryBaseUrl();
     const deadline = Date.now() + maxWaitMs;

package/dist/lib/registry.d.ts

@@ -27,5 +27,5 @@ export type AgentManifest = {
     avatarUrl: string | null;
     files: Record<string, string>;
 };
-export declare function fetchCatalog(): Promise<Catalog>;
-export declare function fetchManifest(agentId: string): Promise<AgentManifest>;
+export declare function fetchCatalog(token?: string): Promise<Catalog>;
+export declare function fetchManifest(agentId: string, token?: string): Promise<AgentManifest>;

package/dist/lib/registry.js

@@ -4,24 +4,24 @@ function apiUrl(path) {
     const base = getRegistryBaseUrl().replace(/\/$/, "");
     return `${base}/api/talenthub/registry${path}`;
 }
-function authHeaders() {
-    const auth = readAuth();
-    if (auth?.token) {
-        return { Authorization: `Bearer ${auth.token}` };
+function authHeaders(token) {
+    const t = token ?? readAuth()?.token;
+    if (t) {
+        return { Authorization: `Bearer ${t}` };
     }
     return {};
 }
-export async function fetchCatalog() {
+export async function fetchCatalog(token) {
     const url = apiUrl("/catalog");
-    const res = await fetchRetry(url, { headers: authHeaders() });
+    const res = await fetchRetry(url, { headers: authHeaders(token) });
     if (!res.ok) {
         throw new Error(`Failed to fetch catalog: ${res.status} ${res.statusText}`);
     }
     return res.json();
 }
-export async function fetchManifest(agentId) {
+export async function fetchManifest(agentId, token) {
     const url = apiUrl(`/${agentId}`);
-    const res = await fetchRetry(url, { headers: authHeaders() });
+    const res = await fetchRetry(url, { headers: authHeaders(token) });
     if (!res.ok) {
         throw new Error(`Agent "${agentId}" not found in registry (${res.status})`);
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@storyclaw/talenthub",
-  "version": "0.3.4",
+  "version": "0.3.6",
   "description": "CLI tool to manage StoryClaw AI agents",
   "type": "module",
   "bin": {