@thirdfy/agent-cli 0.1.12 → 0.1.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -4,6 +4,25 @@ All notable changes to `@thirdfy/agent-cli` are documented here. The format is b
4
4
 
5
5
  ## [Unreleased]
6
6
 
7
+ ## [0.1.14] - 2026-04-19
8
+
9
+ **npm:** [`@thirdfy/agent-cli@0.1.14`](https://www.npmjs.com/package/@thirdfy/agent-cli/v/0.1.14)
10
+ **Git tag:** `v0.1.14`
11
+
12
+ ### Changed
13
+
14
+ - **Dual-proof bootstrap completion:** `bootstrap complete` now supports direct `wallet_signature` proof (`challengeId` + `signature`) while preserving the `session_token` path and challenge->session fallback semantics.
15
+ - **Onboarding docs and command contract alignment:** Updated README and command/provider docs to reflect the final MCP dual-proof bootstrap contract and usage.
16
+
17
+ ## [0.1.13] - 2026-04-19
18
+
19
+ **npm:** [`@thirdfy/agent-cli@0.1.13`](https://www.npmjs.com/package/@thirdfy/agent-cli/v/0.1.13)
20
+ **Git tag:** `v0.1.13`
21
+
22
+ ### Changed
23
+
24
+ - **README and onboarding docs refresh:** Updated public README guidance to reflect latest bootstrap/onboarding command surface (`bootstrap begin/complete` plus aliases), session-proof-first issuance behavior, and current release references.
25
+
7
26
  ## [0.1.11] - 2026-04-16
8
27
 
9
28
  **npm:** [`@thirdfy/agent-cli@0.1.11`](https://www.npmjs.com/package/@thirdfy/agent-cli/v/0.1.11)
package/README.md CHANGED
@@ -38,12 +38,12 @@ Run without global install:
38
38
  npx @thirdfy/agent-cli --help
39
39
  ```
40
40
 
41
- ## What's new in 0.1.8
41
+ ## What's new in 0.1.12
42
42
 
43
- - Managed custodial lifecycle parity validation is now first-class in CLI E2E/certification.
44
- - `doctor self` runs as a local diagnostic command without capabilities negotiation.
45
- - Self-exec effect-check fallback payloads are hardened for deterministic automation parsing.
46
- - Managed wallet aliases (`managed wallet init/grant`) are wired directly to custodial delegation handlers.
43
+ - Added Model D onboarding commands: `bootstrap begin` and `bootstrap complete`.
44
+ - Added `onboarding begin` and `onboarding complete` aliases for clearer operator flows.
45
+ - Aligned bootstrap completion to session-proof issuance (`session_token`), with wallet challenge/signature supported as an exchange step into session proof.
46
+ - Hardened bootstrap path behavior for safer timeout and one-time challenge handling.
47
47
 
48
48
  ## Quick start
49
49
 
@@ -112,6 +112,21 @@ Use the returned session token:
112
112
  thirdfy-agent agent register --owner-session-token "$THIRDFY_OWNER_SESSION_TOKEN" --agent-key "0xYOUR_AGENT_KEY" --name "my-agent" --json
113
113
  ```
114
114
 
115
+ ### Bootstrap onboarding (Model D)
116
+
117
+ ```bash
118
+ # Start wallet challenge flow
119
+ thirdfy-agent bootstrap begin --agent-key "0xYOUR_AGENT_KEY" --json
120
+
121
+ # Complete bootstrap with session proof (recommended)
122
+ thirdfy-agent bootstrap complete --agent-key "0xYOUR_AGENT_KEY" --owner-session-token "$THIRDFY_OWNER_SESSION_TOKEN" --lane self --json
123
+
124
+ # Or use challenge/signature as exchange step to obtain session proof first
125
+ thirdfy-agent bootstrap complete --agent-key "0xYOUR_AGENT_KEY" --challenge-id "<challengeId>" --signature "0x..." --lane self --json
126
+ ```
127
+
128
+ `bootstrap complete` supports both proof modes. Prefer `session_token` for operator-managed flows; use `wallet_signature` for direct wallet proof when verifier support is enabled.
129
+
115
130
  ### Idempotency behavior (`run`)
116
131
 
117
132
  - `run` auto-generates `idempotencyKey` by default when not provided.
@@ -240,7 +255,7 @@ Provider and venue guides are kept outside `README` so this page stays stable as
240
255
  - Discovery: `catalogs list`, `actions`
241
256
  - Execution: `preflight`, `run`, `intent-status`, `jeff preflight`, `jeff trade`, `jeff status`
242
257
  - Profiles: `profile init`, `profile use`, `profile show`, `whoami`
243
- - Onboarding: `agent auth challenge`, `agent auth verify`, `agent register`, `agent key rotate`, `agent key revoke`
258
+ - Onboarding: `bootstrap begin`, `bootstrap complete`, `onboarding begin`, `onboarding complete`, `agent auth challenge`, `agent auth verify`, `agent register`, `agent key rotate`, `agent key revoke`, `developer bootstrap`
244
259
  - Governance readiness: `delegation create`, `delegation activate`, `delegation status`, `credentials upsert`, `credentials status`
245
260
  - Delegation operations: `delegation show`, `delegation inspect`, `delegation revoke`
246
261
  - Delegation execution helpers: `delegation balance`, `delegation redeem`
@@ -357,11 +372,11 @@ npm run e2e:managed:delegation:parity
357
372
 
358
373
  ## Release
359
374
 
360
- Version history and user-facing notes: [CHANGELOG.md](./CHANGELOG.md) (for example [0.1.7](https://github.com/thirdfy/agent-cli/releases/tag/v0.1.7) — login/config UX, custodial delegation helpers, swap and config hardening).
375
+ Version history and user-facing notes: [CHANGELOG.md](./CHANGELOG.md) (for example [0.1.12](https://github.com/thirdfy/agent-cli/releases/tag/v0.1.12) — bootstrap onboarding commands and session-proof alignment).
361
376
 
362
377
  ```bash
363
378
  npm version patch
364
379
  npm publish --access public
365
380
  ```
366
381
 
367
- After publishing, push the matching tag (for example `v0.1.7`) so the [Release workflow](.github/workflows/release.yml) can create a GitHub release. If the package version is already on npm, the workflow skips republishing and still creates the release when triggered by a tag.
382
+ After publishing, push the matching tag (for example `v0.1.12`) so the [Release workflow](.github/workflows/release.yml) can create a GitHub release. If the package version is already on npm, the workflow skips republishing and still creates the release when triggered by a tag.
@@ -1321,18 +1321,21 @@ async function commandBootstrapBegin(ctx, flags, capabilities) {
1321
1321
  async function commandBootstrapComplete(ctx, flags, capabilities) {
1322
1322
  const agentKey = requireFlag(flags, 'agentKey', 'Missing --agent-key');
1323
1323
  const lane = normalizeRunMode(flags.lane || flags.runMode || 'self', flags.lane ? '--lane' : '--run-mode');
1324
- const proofType = String(flags.proofType || '').trim() || 'session_token';
1324
+ let proofType = String(flags.proofType || '').trim() || 'session_token';
1325
1325
  if (proofType !== 'session_token' && proofType !== 'wallet_signature') {
1326
- throw new Error('Invalid --proof-type. Supported values: session_token (preferred) or wallet_signature (challenge exchange only).');
1326
+ throw new Error('Invalid --proof-type. Supported values: session_token (preferred) or wallet_signature.');
1327
1327
  }
1328
1328
  let ownerSessionToken = String(flags.ownerSessionToken || process.env.THIRDFY_OWNER_SESSION_TOKEN || '').trim();
1329
1329
  const authToken = String(flags.authToken || process.env.THIRDFY_AUTH_TOKEN || '').trim();
1330
1330
  let challengeId = String(flags.challengeId || '').trim();
1331
1331
  let signature = String(flags.signature || '').trim();
1332
+ if (!String(flags.proofType || '').trim() && !ownerSessionToken && !authToken && challengeId && signature) {
1333
+ proofType = 'wallet_signature';
1334
+ }
1332
1335
  if (proofType === 'wallet_signature' && (!challengeId || !signature)) {
1333
- throw new Error('wallet_signature bootstrap is not supported directly. Provide --owner-session-token or --auth-token.');
1336
+ throw new Error('wallet_signature proof requires --challenge-id and --signature.');
1334
1337
  }
1335
- if (!ownerSessionToken && !authToken && challengeId && signature) {
1338
+ if (proofType === 'session_token' && !ownerSessionToken && !authToken && challengeId && signature) {
1336
1339
  const verify = await verifyOwnerWalletChallenge(ctx, {
1337
1340
  ...flags,
1338
1341
  agentKey,
@@ -1344,12 +1347,12 @@ async function commandBootstrapComplete(ctx, flags, capabilities) {
1344
1347
  throw new Error('Wallet verify did not return owner session token required for bootstrap registration.');
1345
1348
  }
1346
1349
  }
1347
- if (ownerSessionToken || authToken) {
1350
+ if (proofType === 'session_token' && (ownerSessionToken || authToken)) {
1348
1351
  // Avoid replaying a single-use challenge across bootstrap and register calls.
1349
1352
  challengeId = '';
1350
1353
  signature = '';
1351
1354
  }
1352
- if (!ownerSessionToken && !authToken) {
1355
+ if (proofType === 'session_token' && !ownerSessionToken && !authToken) {
1353
1356
  throw new Error(
1354
1357
  'Bootstrap currently supports session_token proof only. Provide --owner-session-token/--auth-token, or --challenge-id + --signature to exchange into a session token.'
1355
1358
  );
@@ -1359,9 +1362,11 @@ async function commandBootstrapComplete(ctx, flags, capabilities) {
1359
1362
  sub: agentKey,
1360
1363
  lane,
1361
1364
  scope: ['onboarding:bootstrap'],
1362
- proof_type: 'session_token',
1365
+ proof_type: proofType,
1363
1366
  ...(ownerSessionToken ? { ownerSessionToken } : {}),
1364
1367
  ...(authToken ? { authToken } : {}),
1368
+ ...(challengeId ? { challengeId } : {}),
1369
+ ...(signature ? { signature } : {}),
1365
1370
  agentKey,
1366
1371
  };
1367
1372
  const issued = await issueBootstrapToken(ctx, flags, bootstrapPayload);
@@ -2991,7 +2996,7 @@ Core commands:
2991
2996
  thirdfy-agent agent auth challenge --agent-key <key> [--wallet-address <addr>] [--chain-id <id>] [--json]
2992
2997
  thirdfy-agent agent auth verify --challenge-id <id> --signature <hex> --agent-key <key> [--wallet-address <addr>] [--json]
2993
2998
  thirdfy-agent bootstrap begin --agent-key <key> [--wallet-address <addr>] [--chain-id <id>] [--json]
2994
- thirdfy-agent bootstrap complete --agent-key <key> [--proof-type session_token] [--lane self|hybrid|thirdfy] [--owner-session-token <token> | --auth-token <token> | --challenge-id <id> --signature <hex>] [--name <agent-name>] [--mcp-base <url>] [--json]
2999
+ thirdfy-agent bootstrap complete --agent-key <key> [--proof-type session_token|wallet_signature] [--lane self|hybrid|thirdfy] [--owner-session-token <token> | --auth-token <token> | --challenge-id <id> --signature <hex>] [--name <agent-name>] [--mcp-base <url>] [--json]
2995
3000
  thirdfy-agent onboarding begin ... # alias of bootstrap begin
2996
3001
  thirdfy-agent onboarding complete ... # alias of bootstrap complete
2997
3002
  thirdfy-agent developer bootstrap --agent-key <key> --name <name> [--owner-session-token <token> | --challenge-id <id> --signature <hex>] [--json]
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@thirdfy/agent-cli",
3
- "version": "0.1.12",
3
+ "version": "0.1.14",
4
4
  "description": "Thirdfy Agent CLI for onboarding, governance preflight, execute-intent, and status polling.",
5
5
  "type": "module",
6
6
  "bin": {