@thirdfy/agent-cli 0.1.13 → 0.1.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -4,6 +4,16 @@ All notable changes to `@thirdfy/agent-cli` are documented here. The format is b
4
4
 
5
5
  ## [Unreleased]
6
6
 
7
+ ## [0.1.14] - 2026-04-19
8
+
9
+ **npm:** [`@thirdfy/agent-cli@0.1.14`](https://www.npmjs.com/package/@thirdfy/agent-cli/v/0.1.14)
10
+ **Git tag:** `v0.1.14`
11
+
12
+ ### Changed
13
+
14
+ - **Dual-proof bootstrap completion:** `bootstrap complete` now supports direct `wallet_signature` proof (`challengeId` + `signature`) while preserving the `session_token` path and challenge->session fallback semantics.
15
+ - **Onboarding docs and command contract alignment:** Updated README and command/provider docs to reflect the final MCP dual-proof bootstrap contract and usage.
16
+
7
17
  ## [0.1.13] - 2026-04-19
8
18
 
9
19
  **npm:** [`@thirdfy/agent-cli@0.1.13`](https://www.npmjs.com/package/@thirdfy/agent-cli/v/0.1.13)
package/README.md CHANGED
@@ -125,7 +125,7 @@ thirdfy-agent bootstrap complete --agent-key "0xYOUR_AGENT_KEY" --owner-session-
125
125
  thirdfy-agent bootstrap complete --agent-key "0xYOUR_AGENT_KEY" --challenge-id "<challengeId>" --signature "0x..." --lane self --json
126
126
  ```
127
127
 
128
- `bootstrap complete` is session-proof-first in the current deployment. Direct `wallet_signature` proof is not accepted as a final issuance proof.
128
+ `bootstrap complete` supports both proof modes. Prefer `session_token` for operator-managed flows; use `wallet_signature` for direct wallet proof when verifier support is enabled.
129
129
 
130
130
  ### Idempotency behavior (`run`)
131
131
 
@@ -1321,18 +1321,21 @@ async function commandBootstrapBegin(ctx, flags, capabilities) {
1321
1321
  async function commandBootstrapComplete(ctx, flags, capabilities) {
1322
1322
  const agentKey = requireFlag(flags, 'agentKey', 'Missing --agent-key');
1323
1323
  const lane = normalizeRunMode(flags.lane || flags.runMode || 'self', flags.lane ? '--lane' : '--run-mode');
1324
- const proofType = String(flags.proofType || '').trim() || 'session_token';
1324
+ let proofType = String(flags.proofType || '').trim() || 'session_token';
1325
1325
  if (proofType !== 'session_token' && proofType !== 'wallet_signature') {
1326
- throw new Error('Invalid --proof-type. Supported values: session_token (preferred) or wallet_signature (challenge exchange only).');
1326
+ throw new Error('Invalid --proof-type. Supported values: session_token (preferred) or wallet_signature.');
1327
1327
  }
1328
1328
  let ownerSessionToken = String(flags.ownerSessionToken || process.env.THIRDFY_OWNER_SESSION_TOKEN || '').trim();
1329
1329
  const authToken = String(flags.authToken || process.env.THIRDFY_AUTH_TOKEN || '').trim();
1330
1330
  let challengeId = String(flags.challengeId || '').trim();
1331
1331
  let signature = String(flags.signature || '').trim();
1332
+ if (!String(flags.proofType || '').trim() && !ownerSessionToken && !authToken && challengeId && signature) {
1333
+ proofType = 'wallet_signature';
1334
+ }
1332
1335
  if (proofType === 'wallet_signature' && (!challengeId || !signature)) {
1333
- throw new Error('wallet_signature bootstrap is not supported directly. Provide --owner-session-token or --auth-token.');
1336
+ throw new Error('wallet_signature proof requires --challenge-id and --signature.');
1334
1337
  }
1335
- if (!ownerSessionToken && !authToken && challengeId && signature) {
1338
+ if (proofType === 'session_token' && !ownerSessionToken && !authToken && challengeId && signature) {
1336
1339
  const verify = await verifyOwnerWalletChallenge(ctx, {
1337
1340
  ...flags,
1338
1341
  agentKey,
@@ -1344,12 +1347,12 @@ async function commandBootstrapComplete(ctx, flags, capabilities) {
1344
1347
  throw new Error('Wallet verify did not return owner session token required for bootstrap registration.');
1345
1348
  }
1346
1349
  }
1347
- if (ownerSessionToken || authToken) {
1350
+ if (proofType === 'session_token' && (ownerSessionToken || authToken)) {
1348
1351
  // Avoid replaying a single-use challenge across bootstrap and register calls.
1349
1352
  challengeId = '';
1350
1353
  signature = '';
1351
1354
  }
1352
- if (!ownerSessionToken && !authToken) {
1355
+ if (proofType === 'session_token' && !ownerSessionToken && !authToken) {
1353
1356
  throw new Error(
1354
1357
  'Bootstrap currently supports session_token proof only. Provide --owner-session-token/--auth-token, or --challenge-id + --signature to exchange into a session token.'
1355
1358
  );
@@ -1359,9 +1362,11 @@ async function commandBootstrapComplete(ctx, flags, capabilities) {
1359
1362
  sub: agentKey,
1360
1363
  lane,
1361
1364
  scope: ['onboarding:bootstrap'],
1362
- proof_type: 'session_token',
1365
+ proof_type: proofType,
1363
1366
  ...(ownerSessionToken ? { ownerSessionToken } : {}),
1364
1367
  ...(authToken ? { authToken } : {}),
1368
+ ...(challengeId ? { challengeId } : {}),
1369
+ ...(signature ? { signature } : {}),
1365
1370
  agentKey,
1366
1371
  };
1367
1372
  const issued = await issueBootstrapToken(ctx, flags, bootstrapPayload);
@@ -2991,7 +2996,7 @@ Core commands:
2991
2996
  thirdfy-agent agent auth challenge --agent-key <key> [--wallet-address <addr>] [--chain-id <id>] [--json]
2992
2997
  thirdfy-agent agent auth verify --challenge-id <id> --signature <hex> --agent-key <key> [--wallet-address <addr>] [--json]
2993
2998
  thirdfy-agent bootstrap begin --agent-key <key> [--wallet-address <addr>] [--chain-id <id>] [--json]
2994
- thirdfy-agent bootstrap complete --agent-key <key> [--proof-type session_token] [--lane self|hybrid|thirdfy] [--owner-session-token <token> | --auth-token <token> | --challenge-id <id> --signature <hex>] [--name <agent-name>] [--mcp-base <url>] [--json]
2999
+ thirdfy-agent bootstrap complete --agent-key <key> [--proof-type session_token|wallet_signature] [--lane self|hybrid|thirdfy] [--owner-session-token <token> | --auth-token <token> | --challenge-id <id> --signature <hex>] [--name <agent-name>] [--mcp-base <url>] [--json]
2995
3000
  thirdfy-agent onboarding begin ... # alias of bootstrap begin
2996
3001
  thirdfy-agent onboarding complete ... # alias of bootstrap complete
2997
3002
  thirdfy-agent developer bootstrap --agent-key <key> --name <name> [--owner-session-token <token> | --challenge-id <id> --signature <hex>] [--json]
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@thirdfy/agent-cli",
3
- "version": "0.1.13",
3
+ "version": "0.1.14",
4
4
  "description": "Thirdfy Agent CLI for onboarding, governance preflight, execute-intent, and status polling.",
5
5
  "type": "module",
6
6
  "bin": {