@thirdfy/agent-cli 0.1.40 → 0.1.42
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +13 -0
- package/README.md +4 -3
- package/bin/thirdfy-agent.mjs +38 -6
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,19 @@ All notable changes to `@thirdfy/agent-cli` are documented here. The format is b
|
|
|
4
4
|
|
|
5
5
|
## [Unreleased]
|
|
6
6
|
|
|
7
|
+
## [0.1.42] - 2026-05-19
|
|
8
|
+
|
|
9
|
+
### Changed
|
|
10
|
+
|
|
11
|
+
- Email login persists and surfaces API `executionWallets` for `agent_wallet` writes; `whoami`, `wallet list`, and `doctor auth` distinguish owner embedded wallets (auth only) from agent execution wallets to fund.
|
|
12
|
+
- Onboarding help and docs clarify Bridge2 must fund the managed execution wallet, not the owner login wallet, and that Thirdfy credits are separate from Privy gas sponsorship. Pairs with thirdfy-api-v2 **v3.4.25**.
|
|
13
|
+
|
|
14
|
+
## [0.1.41] - 2026-05-19
|
|
15
|
+
|
|
16
|
+
### Changed
|
|
17
|
+
|
|
18
|
+
- Hyperliquid provider hints and docs list `get_hyperliquid_funding_status` as step 0 before onboarding plan; clarify Bridge2 sender custody, `--estimated-amount-usd` on `deposit_hyperliquid_bridge`, and `MANUAL_BRIDGE2_DEPOSIT_REQUIRED` guidance. Pairs with thirdfy-api-v2 **v3.4.24**.
|
|
19
|
+
|
|
7
20
|
## [0.1.40] - 2026-05-17
|
|
8
21
|
|
|
9
22
|
### Fixed
|
package/README.md
CHANGED
|
@@ -42,7 +42,7 @@ npx @thirdfy/agent-cli --help
|
|
|
42
42
|
|
|
43
43
|
## Release notes
|
|
44
44
|
|
|
45
|
-
Version history and highlights: [CHANGELOG.md](./CHANGELOG.md). **v0.1.40** fixes email/bootstrap credential persistence when the API returns nested registration payloads, so owner-session onboarding can save the hidden execution identity without exposing a raw agent API key. **v0.1.39** makes `agent_wallet` the fresh solo default, adds framework guidance for Hermes/OpenClaw/Claude Managed Agents, clarifies Gator/ERC-7710 delegation flows, and keeps BYOW/self plus hybrid/thirdfy mode switching explicit. **v0.1.38** is a **documentation and metadata patch**: it republishes to npm so the package homepage matches the updated `README.md` on `main`, and aligns root `package-lock.json` version fields with `package.json`. **v0.1.37** adds **email OTP** `thirdfy-agent login email` (send code, then complete with `--code --accept-terms`), **`help onboarding`**, **`doctor auth`**, **`wallet list`**, and **masked `whoami`** output so agents and operators get first-run guidance without dumping secrets. Earlier releases added provider discovery parity, portfolio analytics, managed-wallet swap normalization, and **self/build-tx** swap human-decimal `amountIn` parity when using `amountInHuman` + `tokenInDecimals`.
|
|
45
|
+
Version history and highlights: [CHANGELOG.md](./CHANGELOG.md). **v0.1.42** persists API `executionWallets` from email login, updates `doctor auth` / onboarding help for agent execution wallet funding vs owner embedded auth wallet, and documents Bridge2 `FUND_AGENT_EXECUTION_WALLET` remediation (pairs with API **v3.4.25**). **v0.1.41** documents Hyperliquid `get_hyperliquid_funding_status` as setup step 0, Bridge2 sender custody, and `deposit_hyperliquid_bridge --estimated-amount-usd` (pairs with API **v3.4.24**). **v0.1.40** fixes email/bootstrap credential persistence when the API returns nested registration payloads, so owner-session onboarding can save the hidden execution identity without exposing a raw agent API key. **v0.1.39** makes `agent_wallet` the fresh solo default, adds framework guidance for Hermes/OpenClaw/Claude Managed Agents, clarifies Gator/ERC-7710 delegation flows, and keeps BYOW/self plus hybrid/thirdfy mode switching explicit. **v0.1.38** is a **documentation and metadata patch**: it republishes to npm so the package homepage matches the updated `README.md` on `main`, and aligns root `package-lock.json` version fields with `package.json`. **v0.1.37** adds **email OTP** `thirdfy-agent login email` (send code, then complete with `--code --accept-terms`), **`help onboarding`**, **`doctor auth`**, **`wallet list`**, and **masked `whoami`** output so agents and operators get first-run guidance without dumping secrets. Earlier releases added provider discovery parity, portfolio analytics, managed-wallet swap normalization, and **self/build-tx** swap human-decimal `amountIn` parity when using `amountInHuman` + `tokenInDecimals`.
|
|
46
46
|
|
|
47
47
|
**Maintainers — npm:** follow [docs/releasing.md](./docs/releasing.md). From a clone with gitignored `.env`, use `npm run publish:npm:local -- --dry-run` then `npm run publish:npm:local`. Or run `npm run release:npm` after exporting tokens in the shell. Never commit npm tokens — use [.env.example](./.env.example) as a template only.
|
|
48
48
|
|
|
@@ -104,7 +104,7 @@ thirdfy-agent logout --json
|
|
|
104
104
|
thirdfy-agent logout --all --json
|
|
105
105
|
```
|
|
106
106
|
|
|
107
|
-
`login email` is a two-step headless-safe flow. Without `--code`, the CLI asks the Thirdfy API onboarding broker to send a Privy email OTP and exits with the exact next command. With `--code --accept-terms`, it stores a short-lived owner session in `~/.thirdfy/config.json`, records linked EVM/Solana wallets plus the owner `userDid` when Privy returns them, stores a new agent API key when first-run bootstrap issues one, and defaults new solo profiles to `agent_wallet`. Use `--not-interactive` / `--ni` in automation so missing input fails fast instead of prompting — place **`--ni` after the `login email` subcommand** (for example `thirdfy-agent login email you@example.com --code … --accept-terms --ni`); a leading `thirdfy-agent --ni login email …` is parsed incorrectly because `--ni` would consume the `login` token as its value.
|
|
107
|
+
`login email` is a two-step headless-safe flow. Without `--code`, the CLI asks the Thirdfy API onboarding broker to send a Privy email OTP and exits with the exact next command. With `--code --accept-terms`, it stores a short-lived owner session in `~/.thirdfy/config.json`, records linked EVM/Solana wallets plus the owner `userDid` when Privy returns them, stores a new agent API key when first-run bootstrap issues one, stores the returned `executionWallets` map, and defaults new solo profiles to `agent_wallet`. Email OTP is owner authentication only; fund the returned agent execution wallet for the target chain, not the linked owner embedded wallet. Use `--not-interactive` / `--ni` in automation so missing input fails fast instead of prompting — place **`--ni` after the `login email` subcommand** (for example `thirdfy-agent login email you@example.com --code … --accept-terms --ni`); a leading `thirdfy-agent --ni login email …` is parsed incorrectly because `--ni` would consume the `login` token as its value.
|
|
108
108
|
|
|
109
109
|
`logout --all` is provider-agnostic: it attempts owner-session revocation when a session token exists, then always clears local credentials.
|
|
110
110
|
|
|
@@ -169,7 +169,8 @@ Auth expectations by mode:
|
|
|
169
169
|
- `self`: requires execution identity (`agentApiKey`) today; keyless self lane is blocked with deterministic `SELF_OPEN_DISABLED`.
|
|
170
170
|
- `hybrid`: requires execution identity and governed mirror semantics (`--hybrid-wallet-mode self|agent_wallet`, default `self`).
|
|
171
171
|
- `thirdfy`: requires execution identity and delegated governance path.
|
|
172
|
-
- `agent_wallet`: requires execution identity and owner `userDid`, but does not require subscriber delegation when the owner identity matches the agent wallet/creator.
|
|
172
|
+
- `agent_wallet`: requires execution identity and owner `userDid`, but does not require subscriber delegation when the owner identity matches the agent wallet/creator. Thirdfy credits/free quota still gate execution; Privy gas sponsorship only covers network gas when enabled.
|
|
173
|
+
- Hyperliquid Bridge2 setup is the Arbitrum exception to the Base-focused `agent_wallet` rule: Bridge2 credits the transaction sender. Pass **`--estimated-amount-usd`** as a top-level flag (not inside `--params`). When USDC sits on your linked email-login wallet (`primaryEvmWallet`) instead of the managed execution wallet, Thirdfy API returns **`FUND_AGENT_EXECUTION_WALLET`** / **`MANUAL_BRIDGE2_DEPOSIT_REQUIRED`** with `fundedWallet` and `executionWalletAddress`; move native Arbitrum USDC to `executionWalletAddress` and retry.
|
|
173
174
|
- custody mode defaults are profile-aware:
|
|
174
175
|
- `managed` default for `thirdfy`
|
|
175
176
|
- `external` default for `self` and `hybrid`
|
package/bin/thirdfy-agent.mjs
CHANGED
|
@@ -483,6 +483,7 @@ function getTradingProviderHint(providerId) {
|
|
|
483
483
|
'get_hyperliquid_candles',
|
|
484
484
|
'get_hyperliquid_user_state',
|
|
485
485
|
'get_hyperliquid_open_orders',
|
|
486
|
+
'get_hyperliquid_funding_status',
|
|
486
487
|
'get_hyperliquid_onboarding_plan',
|
|
487
488
|
'get_hyperliquid_referral_status',
|
|
488
489
|
'get_hyperliquid_builder_fee_status',
|
|
@@ -493,6 +494,7 @@ function getTradingProviderHint(providerId) {
|
|
|
493
494
|
'get_hyperliquid_open_orders',
|
|
494
495
|
],
|
|
495
496
|
setupActions: [
|
|
497
|
+
'get_hyperliquid_funding_status',
|
|
496
498
|
'get_hyperliquid_setup_status',
|
|
497
499
|
'get_hyperliquid_onboarding_plan',
|
|
498
500
|
'prepare_hyperliquid_onboarding',
|
|
@@ -506,7 +508,12 @@ function getTradingProviderHint(providerId) {
|
|
|
506
508
|
'deposit_hyperliquid_staking',
|
|
507
509
|
'claim_hyperliquid_testnet_faucet',
|
|
508
510
|
],
|
|
509
|
-
statusActions: [
|
|
511
|
+
statusActions: [
|
|
512
|
+
'get_hyperliquid_funding_status',
|
|
513
|
+
'get_hyperliquid_setup_status',
|
|
514
|
+
'get_hyperliquid_builder_fee_status',
|
|
515
|
+
'get_hyperliquid_referral_status',
|
|
516
|
+
],
|
|
510
517
|
credentialType: 'hyperliquid_api_wallet',
|
|
511
518
|
credentialUx:
|
|
512
519
|
'Thirdfy manages Hyperliquid API-wallet setup for normal users. Delegated writes require encrypted privateKey-backed hyperliquid_api_wallet credentials; walletAddress-only records are rejected until Privy walletId-backed Hyperliquid signing ships.',
|
|
@@ -533,7 +540,7 @@ function getTradingProviderHint(providerId) {
|
|
|
533
540
|
laneCompatibility:
|
|
534
541
|
'Use self only for setup signatures or Arbitrum funding transactions. Perps orders should use thirdfy, hybrid, or agent_wallet.',
|
|
535
542
|
setupExample:
|
|
536
|
-
'actions --provider hyperliquid -> get_hyperliquid_onboarding_plan -> prepare_hyperliquid_onboarding -> get_bridge_quote/execute_bridge if source is Base -> deposit_hyperliquid_bridge on 42161 -> approve_hyperliquid_agent -> approve_hyperliquid_builder_fee if required -> get_hyperliquid_setup_status',
|
|
543
|
+
'actions --provider hyperliquid -> get_hyperliquid_funding_status -> get_hyperliquid_onboarding_plan -> prepare_hyperliquid_onboarding -> get_bridge_quote/execute_bridge if source is Base -> deposit_hyperliquid_bridge on 42161 -> approve_hyperliquid_agent -> approve_hyperliquid_builder_fee if required -> get_hyperliquid_setup_status',
|
|
537
544
|
example:
|
|
538
545
|
'thirdfy-agent actions --provider hyperliquid && thirdfy-agent preflight --action place_hyperliquid_perps_order --params \'{"coin":"ETH","isBuy":true,"size":0.01,"limitPx":3500,"orderType":"market"}\'',
|
|
539
546
|
};
|
|
@@ -2544,9 +2551,10 @@ function buildOnboardingHelp(ctx) {
|
|
|
2544
2551
|
'thirdfy-agent login email user@example.com',
|
|
2545
2552
|
'thirdfy-agent login email user@example.com --code <otp> --accept-terms --key-name "My Agent"',
|
|
2546
2553
|
'thirdfy-agent whoami',
|
|
2547
|
-
'thirdfy-agent
|
|
2554
|
+
'thirdfy-agent wallet list --json',
|
|
2548
2555
|
'thirdfy-agent preflight --run-mode agent_wallet --action <action> --params <json> --json',
|
|
2549
2556
|
],
|
|
2557
|
+
note: 'Email OTP authenticates the owner. Fund the returned agent execution wallet for the target chain; do not fund the owner embedded/login wallet for agent_wallet writes.',
|
|
2550
2558
|
},
|
|
2551
2559
|
{
|
|
2552
2560
|
id: 'wallet_sign',
|
|
@@ -2580,7 +2588,7 @@ function buildOnboardingHelp(ctx) {
|
|
|
2580
2588
|
rule: 'Commands must fail fast instead of waiting for prompts when required input is missing.',
|
|
2581
2589
|
},
|
|
2582
2590
|
executionModes: {
|
|
2583
|
-
agent_wallet: 'Solo managed wallet execution through /execution-wallet + /execute; no subscriber binding when owner userDid matches.',
|
|
2591
|
+
agent_wallet: 'Solo managed server-wallet execution through /execution-wallet + /execute; no subscriber binding when owner userDid matches. Network gas may be sponsored, but Thirdfy credits/free-quota gates still apply.',
|
|
2584
2592
|
self: 'BYOW/OWS local signing through build-tx, wallet sign, and wallet submit.',
|
|
2585
2593
|
hybrid: 'Primary self or agent_wallet execution with optional Thirdfy mirror validation.',
|
|
2586
2594
|
thirdfy: 'Publisher/fanout execute-intent; requires active subscriber/delegation bindings for writes.',
|
|
@@ -2588,7 +2596,7 @@ function buildOnboardingHelp(ctx) {
|
|
|
2588
2596
|
},
|
|
2589
2597
|
frameworkGuidance: {
|
|
2590
2598
|
hermes:
|
|
2591
|
-
'Hermes agents should receive a pre-provisioned Thirdfy profile/env, run doctor auth/self at startup, use agent_wallet for managed solo writes, and keep strategy logic separate from CLI secrets.',
|
|
2599
|
+
'Hermes agents should receive a pre-provisioned Thirdfy profile/env, run doctor auth/self at startup, use agent_wallet for managed solo writes, fund the agent execution wallet on the target chain, and keep strategy logic separate from CLI secrets.',
|
|
2592
2600
|
openclaw:
|
|
2593
2601
|
'OpenClaw agents should keep Thirdfy credentials in runtime secrets, use actions discovery before planning, prefer run --run-mode agent_wallet for own-wallet execution, and use thirdfy only for publisher/fanout.',
|
|
2594
2602
|
claudeManagedAgents:
|
|
@@ -2639,6 +2647,7 @@ async function commandWhoami(ctx, _flags) {
|
|
|
2639
2647
|
primaryEvmWallet: wallets.primaryEvmWallet || null,
|
|
2640
2648
|
evm: Array.isArray(wallets.evm) ? wallets.evm : [],
|
|
2641
2649
|
solana: Array.isArray(wallets.solana) ? wallets.solana : [],
|
|
2650
|
+
executionWallets: wallets.executionWallets || config.executionWallets || {},
|
|
2642
2651
|
},
|
|
2643
2652
|
configPath: getProfileConfigPath(),
|
|
2644
2653
|
nextSteps: buildOnboardingHelp(ctx).paths[0].commands,
|
|
@@ -2658,7 +2667,8 @@ async function commandWalletList(ctx, _flags) {
|
|
|
2658
2667
|
primaryEvmWallet: wallets.primaryEvmWallet || null,
|
|
2659
2668
|
evm: Array.isArray(wallets.evm) ? wallets.evm : [],
|
|
2660
2669
|
solana: Array.isArray(wallets.solana) ? wallets.solana : [],
|
|
2661
|
-
|
|
2670
|
+
executionWallets: wallets.executionWallets || config.executionWallets || {},
|
|
2671
|
+
hint: 'Run `thirdfy-agent login email <email>` to refresh linked wallets and agent execution wallets. Fund executionWallets for agent_wallet writes; linked owner wallets are auth identities.',
|
|
2662
2672
|
},
|
|
2663
2673
|
meta: { apiBase: ctx.apiBase },
|
|
2664
2674
|
});
|
|
@@ -2713,6 +2723,20 @@ async function commandDoctorAuth(ctx, _flags) {
|
|
|
2713
2723
|
? `${config.wallets.evm.length} linked EVM wallet${config.wallets.evm.length === 1 ? '' : 's'}`
|
|
2714
2724
|
: 'missing wallet profile; run email onboarding or wallet-sign proof'),
|
|
2715
2725
|
},
|
|
2726
|
+
{
|
|
2727
|
+
name: 'agent-execution-wallets',
|
|
2728
|
+
optional: runMode !== 'agent_wallet',
|
|
2729
|
+
ok: Boolean(config.wallets?.executionWallets && Object.keys(config.wallets.executionWallets).length),
|
|
2730
|
+
detail: config.wallets?.executionWallets && Object.keys(config.wallets.executionWallets).length
|
|
2731
|
+
? `agent execution wallets available for chains: ${Object.keys(config.wallets.executionWallets).join(', ')}`
|
|
2732
|
+
: 'missing agent execution wallets; run `thirdfy-agent login email <email> --code <otp> --accept-terms --json` or execution-wallet preflight',
|
|
2733
|
+
},
|
|
2734
|
+
{
|
|
2735
|
+
name: 'thirdfy-credits-vs-gas-sponsorship',
|
|
2736
|
+
optional: true,
|
|
2737
|
+
ok: true,
|
|
2738
|
+
detail: 'Thirdfy credits/free quota gate action access; Privy gas sponsorship only pays network gas when chain/action sponsorship is enabled.',
|
|
2739
|
+
},
|
|
2716
2740
|
];
|
|
2717
2741
|
const ok = checks.every((entry) => entry.optional || entry.ok);
|
|
2718
2742
|
printEnvelope({
|
|
@@ -2963,12 +2987,14 @@ async function commandLoginEmail(ctx, flags) {
|
|
|
2963
2987
|
const agentApiKey = extractAgentApiKey(data);
|
|
2964
2988
|
const agentKey = extractAgentKey(data);
|
|
2965
2989
|
const wallets = data.wallets && typeof data.wallets === 'object' ? data.wallets : {};
|
|
2990
|
+
const executionWallets = data.executionWallets && typeof data.executionWallets === 'object' ? data.executionWallets : {};
|
|
2966
2991
|
const userDid = String(data.owner?.creatorDid || wallets.userDid || '').trim();
|
|
2967
2992
|
const primaryEvmWallet = String(wallets.primaryEvmWallet || data.owner?.creatorWallet || '').trim();
|
|
2968
2993
|
const persistedWallets = {
|
|
2969
2994
|
...wallets,
|
|
2970
2995
|
...(userDid ? { userDid } : {}),
|
|
2971
2996
|
...(primaryEvmWallet ? { primaryEvmWallet } : {}),
|
|
2997
|
+
...(Object.keys(executionWallets).length ? { executionWallets } : {}),
|
|
2972
2998
|
};
|
|
2973
2999
|
const runMode = normalizeRunMode(flags.runMode || current.runMode || process.env.THIRDFY_RUN_MODE || 'agent_wallet');
|
|
2974
3000
|
const custodyMode = normalizeCustodyMode(flags.custodyMode || current.custodyMode || process.env.THIRDFY_CUSTODY_MODE, runMode);
|
|
@@ -3016,6 +3042,11 @@ async function commandLoginEmail(ctx, flags) {
|
|
|
3016
3042
|
evmWallets: Array.isArray(persistedWallets.evm) ? persistedWallets.evm : [],
|
|
3017
3043
|
solanaWallets: Array.isArray(persistedWallets.solana) ? persistedWallets.solana : [],
|
|
3018
3044
|
primaryEvmWallet: persistedWallets.primaryEvmWallet || null,
|
|
3045
|
+
executionWallets:
|
|
3046
|
+
persistedWallets.executionWallets && typeof persistedWallets.executionWallets === 'object'
|
|
3047
|
+
? persistedWallets.executionWallets
|
|
3048
|
+
: {},
|
|
3049
|
+
ownerLinkedWallet: data.ownerLinkedWallet || null,
|
|
3019
3050
|
configPath: getProfileConfigPath(),
|
|
3020
3051
|
nextSteps: response?.nextSteps || [],
|
|
3021
3052
|
},
|
|
@@ -4002,6 +4033,7 @@ function inferActionProvider(action) {
|
|
|
4002
4033
|
'get-hyperliquid-user-state': 'hyperliquid',
|
|
4003
4034
|
'get-hyperliquid-open-orders': 'hyperliquid',
|
|
4004
4035
|
'get-hyperliquid-setup-status': 'hyperliquid',
|
|
4036
|
+
'get-hyperliquid-funding-status': 'hyperliquid',
|
|
4005
4037
|
'get-hyperliquid-onboarding-plan': 'hyperliquid',
|
|
4006
4038
|
'prepare-hyperliquid-onboarding': 'hyperliquid',
|
|
4007
4039
|
'claim-hyperliquid-testnet-faucet': 'hyperliquid',
|