@thirdfy/agent-cli 0.1.40 → 0.1.42

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -4,6 +4,19 @@ All notable changes to `@thirdfy/agent-cli` are documented here. The format is b
4
4
 
5
5
  ## [Unreleased]
6
6
 
7
+ ## [0.1.42] - 2026-05-19
8
+
9
+ ### Changed
10
+
11
+ - Email login persists and surfaces API `executionWallets` for `agent_wallet` writes; `whoami`, `wallet list`, and `doctor auth` distinguish owner embedded wallets (auth only) from agent execution wallets to fund.
12
+ - Onboarding help and docs clarify Bridge2 must fund the managed execution wallet, not the owner login wallet, and that Thirdfy credits are separate from Privy gas sponsorship. Pairs with thirdfy-api-v2 **v3.4.25**.
13
+
14
+ ## [0.1.41] - 2026-05-19
15
+
16
+ ### Changed
17
+
18
+ - Hyperliquid provider hints and docs list `get_hyperliquid_funding_status` as step 0 before onboarding plan; clarify Bridge2 sender custody, `--estimated-amount-usd` on `deposit_hyperliquid_bridge`, and `MANUAL_BRIDGE2_DEPOSIT_REQUIRED` guidance. Pairs with thirdfy-api-v2 **v3.4.24**.
19
+
7
20
  ## [0.1.40] - 2026-05-17
8
21
 
9
22
  ### Fixed
package/README.md CHANGED
@@ -42,7 +42,7 @@ npx @thirdfy/agent-cli --help
42
42
 
43
43
  ## Release notes
44
44
 
45
- Version history and highlights: [CHANGELOG.md](./CHANGELOG.md). **v0.1.40** fixes email/bootstrap credential persistence when the API returns nested registration payloads, so owner-session onboarding can save the hidden execution identity without exposing a raw agent API key. **v0.1.39** makes `agent_wallet` the fresh solo default, adds framework guidance for Hermes/OpenClaw/Claude Managed Agents, clarifies Gator/ERC-7710 delegation flows, and keeps BYOW/self plus hybrid/thirdfy mode switching explicit. **v0.1.38** is a **documentation and metadata patch**: it republishes to npm so the package homepage matches the updated `README.md` on `main`, and aligns root `package-lock.json` version fields with `package.json`. **v0.1.37** adds **email OTP** `thirdfy-agent login email` (send code, then complete with `--code --accept-terms`), **`help onboarding`**, **`doctor auth`**, **`wallet list`**, and **masked `whoami`** output so agents and operators get first-run guidance without dumping secrets. Earlier releases added provider discovery parity, portfolio analytics, managed-wallet swap normalization, and **self/build-tx** swap human-decimal `amountIn` parity when using `amountInHuman` + `tokenInDecimals`.
45
+ Version history and highlights: [CHANGELOG.md](./CHANGELOG.md). **v0.1.42** persists API `executionWallets` from email login, updates `doctor auth` / onboarding help for agent execution wallet funding vs owner embedded auth wallet, and documents Bridge2 `FUND_AGENT_EXECUTION_WALLET` remediation (pairs with API **v3.4.25**). **v0.1.41** documents Hyperliquid `get_hyperliquid_funding_status` as setup step 0, Bridge2 sender custody, and `deposit_hyperliquid_bridge --estimated-amount-usd` (pairs with API **v3.4.24**). **v0.1.40** fixes email/bootstrap credential persistence when the API returns nested registration payloads, so owner-session onboarding can save the hidden execution identity without exposing a raw agent API key. **v0.1.39** makes `agent_wallet` the fresh solo default, adds framework guidance for Hermes/OpenClaw/Claude Managed Agents, clarifies Gator/ERC-7710 delegation flows, and keeps BYOW/self plus hybrid/thirdfy mode switching explicit. **v0.1.38** is a **documentation and metadata patch**: it republishes to npm so the package homepage matches the updated `README.md` on `main`, and aligns root `package-lock.json` version fields with `package.json`. **v0.1.37** adds **email OTP** `thirdfy-agent login email` (send code, then complete with `--code --accept-terms`), **`help onboarding`**, **`doctor auth`**, **`wallet list`**, and **masked `whoami`** output so agents and operators get first-run guidance without dumping secrets. Earlier releases added provider discovery parity, portfolio analytics, managed-wallet swap normalization, and **self/build-tx** swap human-decimal `amountIn` parity when using `amountInHuman` + `tokenInDecimals`.
46
46
 
47
47
  **Maintainers — npm:** follow [docs/releasing.md](./docs/releasing.md). From a clone with gitignored `.env`, use `npm run publish:npm:local -- --dry-run` then `npm run publish:npm:local`. Or run `npm run release:npm` after exporting tokens in the shell. Never commit npm tokens — use [.env.example](./.env.example) as a template only.
48
48
 
@@ -104,7 +104,7 @@ thirdfy-agent logout --json
104
104
  thirdfy-agent logout --all --json
105
105
  ```
106
106
 
107
- `login email` is a two-step headless-safe flow. Without `--code`, the CLI asks the Thirdfy API onboarding broker to send a Privy email OTP and exits with the exact next command. With `--code --accept-terms`, it stores a short-lived owner session in `~/.thirdfy/config.json`, records linked EVM/Solana wallets plus the owner `userDid` when Privy returns them, stores a new agent API key when first-run bootstrap issues one, and defaults new solo profiles to `agent_wallet`. Use `--not-interactive` / `--ni` in automation so missing input fails fast instead of prompting — place **`--ni` after the `login email` subcommand** (for example `thirdfy-agent login email you@example.com --code … --accept-terms --ni`); a leading `thirdfy-agent --ni login email …` is parsed incorrectly because `--ni` would consume the `login` token as its value.
107
+ `login email` is a two-step headless-safe flow. Without `--code`, the CLI asks the Thirdfy API onboarding broker to send a Privy email OTP and exits with the exact next command. With `--code --accept-terms`, it stores a short-lived owner session in `~/.thirdfy/config.json`, records linked EVM/Solana wallets plus the owner `userDid` when Privy returns them, stores a new agent API key when first-run bootstrap issues one, stores the returned `executionWallets` map, and defaults new solo profiles to `agent_wallet`. Email OTP is owner authentication only; fund the returned agent execution wallet for the target chain, not the linked owner embedded wallet. Use `--not-interactive` / `--ni` in automation so missing input fails fast instead of prompting — place **`--ni` after the `login email` subcommand** (for example `thirdfy-agent login email you@example.com --code … --accept-terms --ni`); a leading `thirdfy-agent --ni login email …` is parsed incorrectly because `--ni` would consume the `login` token as its value.
108
108
 
109
109
  `logout --all` is provider-agnostic: it attempts owner-session revocation when a session token exists, then always clears local credentials.
110
110
 
@@ -169,7 +169,8 @@ Auth expectations by mode:
169
169
  - `self`: requires execution identity (`agentApiKey`) today; keyless self lane is blocked with deterministic `SELF_OPEN_DISABLED`.
170
170
  - `hybrid`: requires execution identity and governed mirror semantics (`--hybrid-wallet-mode self|agent_wallet`, default `self`).
171
171
  - `thirdfy`: requires execution identity and delegated governance path.
172
- - `agent_wallet`: requires execution identity and owner `userDid`, but does not require subscriber delegation when the owner identity matches the agent wallet/creator.
172
+ - `agent_wallet`: requires execution identity and owner `userDid`, but does not require subscriber delegation when the owner identity matches the agent wallet/creator. Thirdfy credits/free quota still gate execution; Privy gas sponsorship only covers network gas when enabled.
173
+ - Hyperliquid Bridge2 setup is the Arbitrum exception to the Base-focused `agent_wallet` rule: Bridge2 credits the transaction sender. Pass **`--estimated-amount-usd`** as a top-level flag (not inside `--params`). When USDC sits on your linked email-login wallet (`primaryEvmWallet`) instead of the managed execution wallet, Thirdfy API returns **`FUND_AGENT_EXECUTION_WALLET`** / **`MANUAL_BRIDGE2_DEPOSIT_REQUIRED`** with `fundedWallet` and `executionWalletAddress`; move native Arbitrum USDC to `executionWalletAddress` and retry.
173
174
  - custody mode defaults are profile-aware:
174
175
  - `managed` default for `thirdfy`
175
176
  - `external` default for `self` and `hybrid`
@@ -483,6 +483,7 @@ function getTradingProviderHint(providerId) {
483
483
  'get_hyperliquid_candles',
484
484
  'get_hyperliquid_user_state',
485
485
  'get_hyperliquid_open_orders',
486
+ 'get_hyperliquid_funding_status',
486
487
  'get_hyperliquid_onboarding_plan',
487
488
  'get_hyperliquid_referral_status',
488
489
  'get_hyperliquid_builder_fee_status',
@@ -493,6 +494,7 @@ function getTradingProviderHint(providerId) {
493
494
  'get_hyperliquid_open_orders',
494
495
  ],
495
496
  setupActions: [
497
+ 'get_hyperliquid_funding_status',
496
498
  'get_hyperliquid_setup_status',
497
499
  'get_hyperliquid_onboarding_plan',
498
500
  'prepare_hyperliquid_onboarding',
@@ -506,7 +508,12 @@ function getTradingProviderHint(providerId) {
506
508
  'deposit_hyperliquid_staking',
507
509
  'claim_hyperliquid_testnet_faucet',
508
510
  ],
509
- statusActions: ['get_hyperliquid_setup_status', 'get_hyperliquid_builder_fee_status', 'get_hyperliquid_referral_status'],
511
+ statusActions: [
512
+ 'get_hyperliquid_funding_status',
513
+ 'get_hyperliquid_setup_status',
514
+ 'get_hyperliquid_builder_fee_status',
515
+ 'get_hyperliquid_referral_status',
516
+ ],
510
517
  credentialType: 'hyperliquid_api_wallet',
511
518
  credentialUx:
512
519
  'Thirdfy manages Hyperliquid API-wallet setup for normal users. Delegated writes require encrypted privateKey-backed hyperliquid_api_wallet credentials; walletAddress-only records are rejected until Privy walletId-backed Hyperliquid signing ships.',
@@ -533,7 +540,7 @@ function getTradingProviderHint(providerId) {
533
540
  laneCompatibility:
534
541
  'Use self only for setup signatures or Arbitrum funding transactions. Perps orders should use thirdfy, hybrid, or agent_wallet.',
535
542
  setupExample:
536
- 'actions --provider hyperliquid -> get_hyperliquid_onboarding_plan -> prepare_hyperliquid_onboarding -> get_bridge_quote/execute_bridge if source is Base -> deposit_hyperliquid_bridge on 42161 -> approve_hyperliquid_agent -> approve_hyperliquid_builder_fee if required -> get_hyperliquid_setup_status',
543
+ 'actions --provider hyperliquid -> get_hyperliquid_funding_status -> get_hyperliquid_onboarding_plan -> prepare_hyperliquid_onboarding -> get_bridge_quote/execute_bridge if source is Base -> deposit_hyperliquid_bridge on 42161 -> approve_hyperliquid_agent -> approve_hyperliquid_builder_fee if required -> get_hyperliquid_setup_status',
537
544
  example:
538
545
  'thirdfy-agent actions --provider hyperliquid && thirdfy-agent preflight --action place_hyperliquid_perps_order --params \'{"coin":"ETH","isBuy":true,"size":0.01,"limitPx":3500,"orderType":"market"}\'',
539
546
  };
@@ -2544,9 +2551,10 @@ function buildOnboardingHelp(ctx) {
2544
2551
  'thirdfy-agent login email user@example.com',
2545
2552
  'thirdfy-agent login email user@example.com --code <otp> --accept-terms --key-name "My Agent"',
2546
2553
  'thirdfy-agent whoami',
2547
- 'thirdfy-agent managed wallet init --chain-id 8453',
2554
+ 'thirdfy-agent wallet list --json',
2548
2555
  'thirdfy-agent preflight --run-mode agent_wallet --action <action> --params <json> --json',
2549
2556
  ],
2557
+ note: 'Email OTP authenticates the owner. Fund the returned agent execution wallet for the target chain; do not fund the owner embedded/login wallet for agent_wallet writes.',
2550
2558
  },
2551
2559
  {
2552
2560
  id: 'wallet_sign',
@@ -2580,7 +2588,7 @@ function buildOnboardingHelp(ctx) {
2580
2588
  rule: 'Commands must fail fast instead of waiting for prompts when required input is missing.',
2581
2589
  },
2582
2590
  executionModes: {
2583
- agent_wallet: 'Solo managed wallet execution through /execution-wallet + /execute; no subscriber binding when owner userDid matches.',
2591
+ agent_wallet: 'Solo managed server-wallet execution through /execution-wallet + /execute; no subscriber binding when owner userDid matches. Network gas may be sponsored, but Thirdfy credits/free-quota gates still apply.',
2584
2592
  self: 'BYOW/OWS local signing through build-tx, wallet sign, and wallet submit.',
2585
2593
  hybrid: 'Primary self or agent_wallet execution with optional Thirdfy mirror validation.',
2586
2594
  thirdfy: 'Publisher/fanout execute-intent; requires active subscriber/delegation bindings for writes.',
@@ -2588,7 +2596,7 @@ function buildOnboardingHelp(ctx) {
2588
2596
  },
2589
2597
  frameworkGuidance: {
2590
2598
  hermes:
2591
- 'Hermes agents should receive a pre-provisioned Thirdfy profile/env, run doctor auth/self at startup, use agent_wallet for managed solo writes, and keep strategy logic separate from CLI secrets.',
2599
+ 'Hermes agents should receive a pre-provisioned Thirdfy profile/env, run doctor auth/self at startup, use agent_wallet for managed solo writes, fund the agent execution wallet on the target chain, and keep strategy logic separate from CLI secrets.',
2592
2600
  openclaw:
2593
2601
  'OpenClaw agents should keep Thirdfy credentials in runtime secrets, use actions discovery before planning, prefer run --run-mode agent_wallet for own-wallet execution, and use thirdfy only for publisher/fanout.',
2594
2602
  claudeManagedAgents:
@@ -2639,6 +2647,7 @@ async function commandWhoami(ctx, _flags) {
2639
2647
  primaryEvmWallet: wallets.primaryEvmWallet || null,
2640
2648
  evm: Array.isArray(wallets.evm) ? wallets.evm : [],
2641
2649
  solana: Array.isArray(wallets.solana) ? wallets.solana : [],
2650
+ executionWallets: wallets.executionWallets || config.executionWallets || {},
2642
2651
  },
2643
2652
  configPath: getProfileConfigPath(),
2644
2653
  nextSteps: buildOnboardingHelp(ctx).paths[0].commands,
@@ -2658,7 +2667,8 @@ async function commandWalletList(ctx, _flags) {
2658
2667
  primaryEvmWallet: wallets.primaryEvmWallet || null,
2659
2668
  evm: Array.isArray(wallets.evm) ? wallets.evm : [],
2660
2669
  solana: Array.isArray(wallets.solana) ? wallets.solana : [],
2661
- hint: 'Run `thirdfy-agent login email <email>` to refresh linked wallets from Privy-backed onboarding.',
2670
+ executionWallets: wallets.executionWallets || config.executionWallets || {},
2671
+ hint: 'Run `thirdfy-agent login email <email>` to refresh linked wallets and agent execution wallets. Fund executionWallets for agent_wallet writes; linked owner wallets are auth identities.',
2662
2672
  },
2663
2673
  meta: { apiBase: ctx.apiBase },
2664
2674
  });
@@ -2713,6 +2723,20 @@ async function commandDoctorAuth(ctx, _flags) {
2713
2723
  ? `${config.wallets.evm.length} linked EVM wallet${config.wallets.evm.length === 1 ? '' : 's'}`
2714
2724
  : 'missing wallet profile; run email onboarding or wallet-sign proof'),
2715
2725
  },
2726
+ {
2727
+ name: 'agent-execution-wallets',
2728
+ optional: runMode !== 'agent_wallet',
2729
+ ok: Boolean(config.wallets?.executionWallets && Object.keys(config.wallets.executionWallets).length),
2730
+ detail: config.wallets?.executionWallets && Object.keys(config.wallets.executionWallets).length
2731
+ ? `agent execution wallets available for chains: ${Object.keys(config.wallets.executionWallets).join(', ')}`
2732
+ : 'missing agent execution wallets; run `thirdfy-agent login email <email> --code <otp> --accept-terms --json` or execution-wallet preflight',
2733
+ },
2734
+ {
2735
+ name: 'thirdfy-credits-vs-gas-sponsorship',
2736
+ optional: true,
2737
+ ok: true,
2738
+ detail: 'Thirdfy credits/free quota gate action access; Privy gas sponsorship only pays network gas when chain/action sponsorship is enabled.',
2739
+ },
2716
2740
  ];
2717
2741
  const ok = checks.every((entry) => entry.optional || entry.ok);
2718
2742
  printEnvelope({
@@ -2963,12 +2987,14 @@ async function commandLoginEmail(ctx, flags) {
2963
2987
  const agentApiKey = extractAgentApiKey(data);
2964
2988
  const agentKey = extractAgentKey(data);
2965
2989
  const wallets = data.wallets && typeof data.wallets === 'object' ? data.wallets : {};
2990
+ const executionWallets = data.executionWallets && typeof data.executionWallets === 'object' ? data.executionWallets : {};
2966
2991
  const userDid = String(data.owner?.creatorDid || wallets.userDid || '').trim();
2967
2992
  const primaryEvmWallet = String(wallets.primaryEvmWallet || data.owner?.creatorWallet || '').trim();
2968
2993
  const persistedWallets = {
2969
2994
  ...wallets,
2970
2995
  ...(userDid ? { userDid } : {}),
2971
2996
  ...(primaryEvmWallet ? { primaryEvmWallet } : {}),
2997
+ ...(Object.keys(executionWallets).length ? { executionWallets } : {}),
2972
2998
  };
2973
2999
  const runMode = normalizeRunMode(flags.runMode || current.runMode || process.env.THIRDFY_RUN_MODE || 'agent_wallet');
2974
3000
  const custodyMode = normalizeCustodyMode(flags.custodyMode || current.custodyMode || process.env.THIRDFY_CUSTODY_MODE, runMode);
@@ -3016,6 +3042,11 @@ async function commandLoginEmail(ctx, flags) {
3016
3042
  evmWallets: Array.isArray(persistedWallets.evm) ? persistedWallets.evm : [],
3017
3043
  solanaWallets: Array.isArray(persistedWallets.solana) ? persistedWallets.solana : [],
3018
3044
  primaryEvmWallet: persistedWallets.primaryEvmWallet || null,
3045
+ executionWallets:
3046
+ persistedWallets.executionWallets && typeof persistedWallets.executionWallets === 'object'
3047
+ ? persistedWallets.executionWallets
3048
+ : {},
3049
+ ownerLinkedWallet: data.ownerLinkedWallet || null,
3019
3050
  configPath: getProfileConfigPath(),
3020
3051
  nextSteps: response?.nextSteps || [],
3021
3052
  },
@@ -4002,6 +4033,7 @@ function inferActionProvider(action) {
4002
4033
  'get-hyperliquid-user-state': 'hyperliquid',
4003
4034
  'get-hyperliquid-open-orders': 'hyperliquid',
4004
4035
  'get-hyperliquid-setup-status': 'hyperliquid',
4036
+ 'get-hyperliquid-funding-status': 'hyperliquid',
4005
4037
  'get-hyperliquid-onboarding-plan': 'hyperliquid',
4006
4038
  'prepare-hyperliquid-onboarding': 'hyperliquid',
4007
4039
  'claim-hyperliquid-testnet-faucet': 'hyperliquid',
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@thirdfy/agent-cli",
3
- "version": "0.1.40",
3
+ "version": "0.1.42",
4
4
  "description": "Thirdfy Agent CLI for onboarding, governance preflight, execute-intent, and status polling.",
5
5
  "type": "module",
6
6
  "bin": {