@thirdfy/agent-cli 0.1.41 → 0.1.42

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -4,6 +4,13 @@ All notable changes to `@thirdfy/agent-cli` are documented here. The format is b
4
4
 
5
5
  ## [Unreleased]
6
6
 
7
+ ## [0.1.42] - 2026-05-19
8
+
9
+ ### Changed
10
+
11
+ - Email login persists and surfaces API `executionWallets` for `agent_wallet` writes; `whoami`, `wallet list`, and `doctor auth` distinguish owner embedded wallets (auth only) from agent execution wallets to fund.
12
+ - Onboarding help and docs clarify Bridge2 must fund the managed execution wallet, not the owner login wallet, and that Thirdfy credits are separate from Privy gas sponsorship. Pairs with thirdfy-api-v2 **v3.4.25**.
13
+
7
14
  ## [0.1.41] - 2026-05-19
8
15
 
9
16
  ### Changed
package/README.md CHANGED
@@ -42,7 +42,7 @@ npx @thirdfy/agent-cli --help
42
42
 
43
43
  ## Release notes
44
44
 
45
- Version history and highlights: [CHANGELOG.md](./CHANGELOG.md). **v0.1.41** documents Hyperliquid `get_hyperliquid_funding_status` as setup step 0, Bridge2 sender custody, and `deposit_hyperliquid_bridge --estimated-amount-usd` (pairs with API **v3.4.24**). **v0.1.40** fixes email/bootstrap credential persistence when the API returns nested registration payloads, so owner-session onboarding can save the hidden execution identity without exposing a raw agent API key. **v0.1.39** makes `agent_wallet` the fresh solo default, adds framework guidance for Hermes/OpenClaw/Claude Managed Agents, clarifies Gator/ERC-7710 delegation flows, and keeps BYOW/self plus hybrid/thirdfy mode switching explicit. **v0.1.38** is a **documentation and metadata patch**: it republishes to npm so the package homepage matches the updated `README.md` on `main`, and aligns root `package-lock.json` version fields with `package.json`. **v0.1.37** adds **email OTP** `thirdfy-agent login email` (send code, then complete with `--code --accept-terms`), **`help onboarding`**, **`doctor auth`**, **`wallet list`**, and **masked `whoami`** output so agents and operators get first-run guidance without dumping secrets. Earlier releases added provider discovery parity, portfolio analytics, managed-wallet swap normalization, and **self/build-tx** swap human-decimal `amountIn` parity when using `amountInHuman` + `tokenInDecimals`.
45
+ Version history and highlights: [CHANGELOG.md](./CHANGELOG.md). **v0.1.42** persists API `executionWallets` from email login, updates `doctor auth` / onboarding help for agent execution wallet funding vs owner embedded auth wallet, and documents Bridge2 `FUND_AGENT_EXECUTION_WALLET` remediation (pairs with API **v3.4.25**). **v0.1.41** documents Hyperliquid `get_hyperliquid_funding_status` as setup step 0, Bridge2 sender custody, and `deposit_hyperliquid_bridge --estimated-amount-usd` (pairs with API **v3.4.24**). **v0.1.40** fixes email/bootstrap credential persistence when the API returns nested registration payloads, so owner-session onboarding can save the hidden execution identity without exposing a raw agent API key. **v0.1.39** makes `agent_wallet` the fresh solo default, adds framework guidance for Hermes/OpenClaw/Claude Managed Agents, clarifies Gator/ERC-7710 delegation flows, and keeps BYOW/self plus hybrid/thirdfy mode switching explicit. **v0.1.38** is a **documentation and metadata patch**: it republishes to npm so the package homepage matches the updated `README.md` on `main`, and aligns root `package-lock.json` version fields with `package.json`. **v0.1.37** adds **email OTP** `thirdfy-agent login email` (send code, then complete with `--code --accept-terms`), **`help onboarding`**, **`doctor auth`**, **`wallet list`**, and **masked `whoami`** output so agents and operators get first-run guidance without dumping secrets. Earlier releases added provider discovery parity, portfolio analytics, managed-wallet swap normalization, and **self/build-tx** swap human-decimal `amountIn` parity when using `amountInHuman` + `tokenInDecimals`.
46
46
 
47
47
  **Maintainers — npm:** follow [docs/releasing.md](./docs/releasing.md). From a clone with gitignored `.env`, use `npm run publish:npm:local -- --dry-run` then `npm run publish:npm:local`. Or run `npm run release:npm` after exporting tokens in the shell. Never commit npm tokens — use [.env.example](./.env.example) as a template only.
48
48
 
@@ -104,7 +104,7 @@ thirdfy-agent logout --json
104
104
  thirdfy-agent logout --all --json
105
105
  ```
106
106
 
107
- `login email` is a two-step headless-safe flow. Without `--code`, the CLI asks the Thirdfy API onboarding broker to send a Privy email OTP and exits with the exact next command. With `--code --accept-terms`, it stores a short-lived owner session in `~/.thirdfy/config.json`, records linked EVM/Solana wallets plus the owner `userDid` when Privy returns them, stores a new agent API key when first-run bootstrap issues one, and defaults new solo profiles to `agent_wallet`. Use `--not-interactive` / `--ni` in automation so missing input fails fast instead of prompting — place **`--ni` after the `login email` subcommand** (for example `thirdfy-agent login email you@example.com --code … --accept-terms --ni`); a leading `thirdfy-agent --ni login email …` is parsed incorrectly because `--ni` would consume the `login` token as its value.
107
+ `login email` is a two-step headless-safe flow. Without `--code`, the CLI asks the Thirdfy API onboarding broker to send a Privy email OTP and exits with the exact next command. With `--code --accept-terms`, it stores a short-lived owner session in `~/.thirdfy/config.json`, records linked EVM/Solana wallets plus the owner `userDid` when Privy returns them, stores a new agent API key when first-run bootstrap issues one, stores the returned `executionWallets` map, and defaults new solo profiles to `agent_wallet`. Email OTP is owner authentication only; fund the returned agent execution wallet for the target chain, not the linked owner embedded wallet. Use `--not-interactive` / `--ni` in automation so missing input fails fast instead of prompting — place **`--ni` after the `login email` subcommand** (for example `thirdfy-agent login email you@example.com --code … --accept-terms --ni`); a leading `thirdfy-agent --ni login email …` is parsed incorrectly because `--ni` would consume the `login` token as its value.
108
108
 
109
109
  `logout --all` is provider-agnostic: it attempts owner-session revocation when a session token exists, then always clears local credentials.
110
110
 
@@ -169,8 +169,8 @@ Auth expectations by mode:
169
169
  - `self`: requires execution identity (`agentApiKey`) today; keyless self lane is blocked with deterministic `SELF_OPEN_DISABLED`.
170
170
  - `hybrid`: requires execution identity and governed mirror semantics (`--hybrid-wallet-mode self|agent_wallet`, default `self`).
171
171
  - `thirdfy`: requires execution identity and delegated governance path.
172
- - `agent_wallet`: requires execution identity and owner `userDid`, but does not require subscriber delegation when the owner identity matches the agent wallet/creator.
173
- - Hyperliquid Bridge2 setup is the Arbitrum exception to the Base-focused `agent_wallet` rule: Bridge2 credits the transaction sender. Pass **`--estimated-amount-usd`** as a top-level flag (not inside `--params`). When USDC sits on your linked email-login wallet (`primaryEvmWallet`) instead of the managed execution wallet, Thirdfy API **v3.4.23+** signs from the funded owner wallet when possible; otherwise it returns **`MANUAL_BRIDGE2_DEPOSIT_REQUIRED`** with `fundedWallet` and `executionWalletAddress`.
172
+ - `agent_wallet`: requires execution identity and owner `userDid`, but does not require subscriber delegation when the owner identity matches the agent wallet/creator. Thirdfy credits/free quota still gate execution; Privy gas sponsorship only covers network gas when enabled.
173
+ - Hyperliquid Bridge2 setup is the Arbitrum exception to the Base-focused `agent_wallet` rule: Bridge2 credits the transaction sender. Pass **`--estimated-amount-usd`** as a top-level flag (not inside `--params`). When USDC sits on your linked email-login wallet (`primaryEvmWallet`) instead of the managed execution wallet, Thirdfy API returns **`FUND_AGENT_EXECUTION_WALLET`** / **`MANUAL_BRIDGE2_DEPOSIT_REQUIRED`** with `fundedWallet` and `executionWalletAddress`; move native Arbitrum USDC to `executionWalletAddress` and retry.
174
174
  - custody mode defaults are profile-aware:
175
175
  - `managed` default for `thirdfy`
176
176
  - `external` default for `self` and `hybrid`
@@ -2551,9 +2551,10 @@ function buildOnboardingHelp(ctx) {
2551
2551
  'thirdfy-agent login email user@example.com',
2552
2552
  'thirdfy-agent login email user@example.com --code <otp> --accept-terms --key-name "My Agent"',
2553
2553
  'thirdfy-agent whoami',
2554
- 'thirdfy-agent managed wallet init --chain-id 8453',
2554
+ 'thirdfy-agent wallet list --json',
2555
2555
  'thirdfy-agent preflight --run-mode agent_wallet --action <action> --params <json> --json',
2556
2556
  ],
2557
+ note: 'Email OTP authenticates the owner. Fund the returned agent execution wallet for the target chain; do not fund the owner embedded/login wallet for agent_wallet writes.',
2557
2558
  },
2558
2559
  {
2559
2560
  id: 'wallet_sign',
@@ -2587,7 +2588,7 @@ function buildOnboardingHelp(ctx) {
2587
2588
  rule: 'Commands must fail fast instead of waiting for prompts when required input is missing.',
2588
2589
  },
2589
2590
  executionModes: {
2590
- agent_wallet: 'Solo managed wallet execution through /execution-wallet + /execute; no subscriber binding when owner userDid matches.',
2591
+ agent_wallet: 'Solo managed server-wallet execution through /execution-wallet + /execute; no subscriber binding when owner userDid matches. Network gas may be sponsored, but Thirdfy credits/free-quota gates still apply.',
2591
2592
  self: 'BYOW/OWS local signing through build-tx, wallet sign, and wallet submit.',
2592
2593
  hybrid: 'Primary self or agent_wallet execution with optional Thirdfy mirror validation.',
2593
2594
  thirdfy: 'Publisher/fanout execute-intent; requires active subscriber/delegation bindings for writes.',
@@ -2595,7 +2596,7 @@ function buildOnboardingHelp(ctx) {
2595
2596
  },
2596
2597
  frameworkGuidance: {
2597
2598
  hermes:
2598
- 'Hermes agents should receive a pre-provisioned Thirdfy profile/env, run doctor auth/self at startup, use agent_wallet for managed solo writes, and keep strategy logic separate from CLI secrets.',
2599
+ 'Hermes agents should receive a pre-provisioned Thirdfy profile/env, run doctor auth/self at startup, use agent_wallet for managed solo writes, fund the agent execution wallet on the target chain, and keep strategy logic separate from CLI secrets.',
2599
2600
  openclaw:
2600
2601
  'OpenClaw agents should keep Thirdfy credentials in runtime secrets, use actions discovery before planning, prefer run --run-mode agent_wallet for own-wallet execution, and use thirdfy only for publisher/fanout.',
2601
2602
  claudeManagedAgents:
@@ -2646,6 +2647,7 @@ async function commandWhoami(ctx, _flags) {
2646
2647
  primaryEvmWallet: wallets.primaryEvmWallet || null,
2647
2648
  evm: Array.isArray(wallets.evm) ? wallets.evm : [],
2648
2649
  solana: Array.isArray(wallets.solana) ? wallets.solana : [],
2650
+ executionWallets: wallets.executionWallets || config.executionWallets || {},
2649
2651
  },
2650
2652
  configPath: getProfileConfigPath(),
2651
2653
  nextSteps: buildOnboardingHelp(ctx).paths[0].commands,
@@ -2665,7 +2667,8 @@ async function commandWalletList(ctx, _flags) {
2665
2667
  primaryEvmWallet: wallets.primaryEvmWallet || null,
2666
2668
  evm: Array.isArray(wallets.evm) ? wallets.evm : [],
2667
2669
  solana: Array.isArray(wallets.solana) ? wallets.solana : [],
2668
- hint: 'Run `thirdfy-agent login email <email>` to refresh linked wallets from Privy-backed onboarding.',
2670
+ executionWallets: wallets.executionWallets || config.executionWallets || {},
2671
+ hint: 'Run `thirdfy-agent login email <email>` to refresh linked wallets and agent execution wallets. Fund executionWallets for agent_wallet writes; linked owner wallets are auth identities.',
2669
2672
  },
2670
2673
  meta: { apiBase: ctx.apiBase },
2671
2674
  });
@@ -2720,6 +2723,20 @@ async function commandDoctorAuth(ctx, _flags) {
2720
2723
  ? `${config.wallets.evm.length} linked EVM wallet${config.wallets.evm.length === 1 ? '' : 's'}`
2721
2724
  : 'missing wallet profile; run email onboarding or wallet-sign proof'),
2722
2725
  },
2726
+ {
2727
+ name: 'agent-execution-wallets',
2728
+ optional: runMode !== 'agent_wallet',
2729
+ ok: Boolean(config.wallets?.executionWallets && Object.keys(config.wallets.executionWallets).length),
2730
+ detail: config.wallets?.executionWallets && Object.keys(config.wallets.executionWallets).length
2731
+ ? `agent execution wallets available for chains: ${Object.keys(config.wallets.executionWallets).join(', ')}`
2732
+ : 'missing agent execution wallets; run `thirdfy-agent login email <email> --code <otp> --accept-terms --json` or execution-wallet preflight',
2733
+ },
2734
+ {
2735
+ name: 'thirdfy-credits-vs-gas-sponsorship',
2736
+ optional: true,
2737
+ ok: true,
2738
+ detail: 'Thirdfy credits/free quota gate action access; Privy gas sponsorship only pays network gas when chain/action sponsorship is enabled.',
2739
+ },
2723
2740
  ];
2724
2741
  const ok = checks.every((entry) => entry.optional || entry.ok);
2725
2742
  printEnvelope({
@@ -2970,12 +2987,14 @@ async function commandLoginEmail(ctx, flags) {
2970
2987
  const agentApiKey = extractAgentApiKey(data);
2971
2988
  const agentKey = extractAgentKey(data);
2972
2989
  const wallets = data.wallets && typeof data.wallets === 'object' ? data.wallets : {};
2990
+ const executionWallets = data.executionWallets && typeof data.executionWallets === 'object' ? data.executionWallets : {};
2973
2991
  const userDid = String(data.owner?.creatorDid || wallets.userDid || '').trim();
2974
2992
  const primaryEvmWallet = String(wallets.primaryEvmWallet || data.owner?.creatorWallet || '').trim();
2975
2993
  const persistedWallets = {
2976
2994
  ...wallets,
2977
2995
  ...(userDid ? { userDid } : {}),
2978
2996
  ...(primaryEvmWallet ? { primaryEvmWallet } : {}),
2997
+ ...(Object.keys(executionWallets).length ? { executionWallets } : {}),
2979
2998
  };
2980
2999
  const runMode = normalizeRunMode(flags.runMode || current.runMode || process.env.THIRDFY_RUN_MODE || 'agent_wallet');
2981
3000
  const custodyMode = normalizeCustodyMode(flags.custodyMode || current.custodyMode || process.env.THIRDFY_CUSTODY_MODE, runMode);
@@ -3023,6 +3042,11 @@ async function commandLoginEmail(ctx, flags) {
3023
3042
  evmWallets: Array.isArray(persistedWallets.evm) ? persistedWallets.evm : [],
3024
3043
  solanaWallets: Array.isArray(persistedWallets.solana) ? persistedWallets.solana : [],
3025
3044
  primaryEvmWallet: persistedWallets.primaryEvmWallet || null,
3045
+ executionWallets:
3046
+ persistedWallets.executionWallets && typeof persistedWallets.executionWallets === 'object'
3047
+ ? persistedWallets.executionWallets
3048
+ : {},
3049
+ ownerLinkedWallet: data.ownerLinkedWallet || null,
3026
3050
  configPath: getProfileConfigPath(),
3027
3051
  nextSteps: response?.nextSteps || [],
3028
3052
  },
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@thirdfy/agent-cli",
3
- "version": "0.1.41",
3
+ "version": "0.1.42",
4
4
  "description": "Thirdfy Agent CLI for onboarding, governance preflight, execute-intent, and status polling.",
5
5
  "type": "module",
6
6
  "bin": {