@tuskydp/cli 0.2.1 → 0.4.0

package/src/commands/wallet.ts

@@ -0,0 +1,183 @@
+import type { Command } from 'commander';
+import chalk from 'chalk';
+import { Ed25519Keypair } from '@mysten/sui/keypairs/ed25519';
+import { cliConfig, getApiUrl, getApiKey } from '../config.js';
+import { createTable, formatDate } from '../lib/output.js';
+
+/**
+ * Lightweight fetch helper that uses the API key for auth.
+ * The SDK does not have a wallet resource, so we call the API directly.
+ */
+async function walletFetch<T>(apiUrl: string, apiKey: string, path: string, init?: RequestInit): Promise<T> {
+  const url = `${apiUrl.replace(/\/$/, '')}${path}`;
+  const response = await fetch(url, {
+    ...init,
+    headers: {
+      'Authorization': `Bearer ${apiKey}`,
+      'Content-Type': 'application/json',
+      ...(init?.headers || {}),
+    },
+  });
+  if (!response.ok) {
+    const body = await response.json().catch(() => ({ error: response.statusText }));
+    throw new Error((body as Record<string, string>).error || `HTTP ${response.status}`);
+  }
+  return response.json() as Promise<T>;
+}
+
+interface WalletInfo {
+  id: string;
+  suiAddress: string;
+  walBalance: string;
+  walBalanceFormatted: string;
+  suiBalance: string;
+  suiBalanceFormatted: string;
+  usdcBalance?: string;
+  usdcBalanceFormatted?: string;
+  createdAt: string;
+}
+
+interface DepositInfo {
+  suiAddress: string;
+  network: string;
+  supportedTokens: string[];
+}
+
+interface PaymentEntry {
+  id: string;
+  fileId: string;
+  type: string;
+  walMist: string;
+  suiGasMist: string;
+  epochs: number;
+  createdAt: string;
+}
+
+interface PaymentsResponse {
+  payments: PaymentEntry[];
+  totalSpentWal: string;
+  totalSpentWalFormatted: string;
+}
+
+export function registerWalletCommands(program: Command) {
+  const wallet = program.command('wallet').description('Manage wallet and payments (PPU)');
+
+  // ── info ────────────────────────────────────────────────────────────
+  wallet.command('info')
+    .description('Show wallet balances and address')
+    .action(async () => {
+      const root = wallet.parent || wallet;
+      const apiUrl = getApiUrl(root.opts().apiUrl);
+      const apiKey = getApiKey(root.opts().apiKey);
+      const format = root.opts().format || cliConfig.get('outputFormat');
+
+      const w = await walletFetch<WalletInfo>(apiUrl, apiKey, '/api/wallet');
+
+      if (format === 'json') {
+        console.log(JSON.stringify(w, null, 2));
+        return;
+      }
+
+      console.log(chalk.bold('Wallet'));
+      console.log(`  Address:  ${w.suiAddress}`);
+      console.log(`  WAL:      ${w.walBalanceFormatted}`);
+      console.log(`  SUI:      ${w.suiBalanceFormatted}`);
+      if (w.usdcBalanceFormatted) {
+        console.log(`  USDC:     ${w.usdcBalanceFormatted}`);
+      }
+      console.log(`  Created:  ${new Date(w.createdAt).toLocaleString()}`);
+    });
+
+  // ── deposit ─────────────────────────────────────────────────────────
+  wallet.command('deposit')
+    .description('Show deposit address and supported tokens')
+    .action(async () => {
+      const root = wallet.parent || wallet;
+      const apiUrl = getApiUrl(root.opts().apiUrl);
+      const apiKey = getApiKey(root.opts().apiKey);
+      const format = root.opts().format || cliConfig.get('outputFormat');
+
+      const d = await walletFetch<DepositInfo>(apiUrl, apiKey, '/api/wallet/deposit-info');
+
+      if (format === 'json') {
+        console.log(JSON.stringify(d, null, 2));
+        return;
+      }
+
+      console.log(chalk.bold('Deposit Info'));
+      console.log(`  Address:  ${d.suiAddress}`);
+      console.log(`  Network:  ${d.network}`);
+      console.log(`  Tokens:   ${d.supportedTokens.join(', ')}`);
+      console.log('');
+      console.log(chalk.dim('Send WAL, SUI, or USDC to the address above on the Sui network.'));
+    });
+
+  // ── payments ────────────────────────────────────────────────────────
+  wallet.command('payments')
+    .description('List payment history')
+    .option('--limit <n>', 'Max results', '20')
+    .action(async (options) => {
+      const root = wallet.parent || wallet;
+      const apiUrl = getApiUrl(root.opts().apiUrl);
+      const apiKey = getApiKey(root.opts().apiKey);
+      const format = root.opts().format || cliConfig.get('outputFormat');
+
+      const data = await walletFetch<PaymentsResponse>(
+        apiUrl, apiKey,
+        `/api/wallet/payments?limit=${options.limit}`,
+      );
+
+      if (format === 'json') {
+        console.log(JSON.stringify(data, null, 2));
+        return;
+      }
+
+      if (data.payments.length === 0) {
+        console.log(chalk.dim('No payments found.'));
+        return;
+      }
+
+      const table = createTable(['Type', 'WAL', 'SUI Gas', 'Epochs', 'File', 'Date']);
+      for (const p of data.payments) {
+        table.push([
+          p.type,
+          p.walMist,
+          p.suiGasMist,
+          String(p.epochs),
+          chalk.dim(p.fileId.slice(0, 8) + '...'),
+          formatDate(p.createdAt),
+        ]);
+      }
+      console.log(table.toString());
+      console.log(chalk.dim(`\nTotal spent: ${data.totalSpentWalFormatted}`));
+    });
+
+  // ── generate ─────────────────────────────────────────────────────
+  wallet.command('generate')
+    .description('Generate a new Sui Ed25519 keypair for use with shared vaults (SEAL encryption)')
+    .action(async () => {
+      const root = wallet.parent || wallet;
+      const format = root.opts().format || cliConfig.get('outputFormat');
+
+      const keypair = Ed25519Keypair.generate();
+      const address = keypair.toSuiAddress();
+      const privateKey = keypair.getSecretKey(); // bech32 suiprivkey1... format
+
+      if (format === 'json') {
+        console.log(JSON.stringify({ address, privateKey }, null, 2));
+        return;
+      }
+
+      console.log(chalk.bold('Generated Sui Ed25519 Keypair'));
+      console.log(`  Address:     ${chalk.cyan(address)}`);
+      console.log(`  Private key: ${chalk.yellow(privateKey)}`);
+      console.log('');
+      console.log(chalk.dim('Set TUSKYDP_SUI_PRIVATE_KEY=<private key> to use this keypair for shared vault encryption.'));
+      console.log(chalk.dim('Link the address to your Tusky account: tusky account link-sui ' + address));
+    });
+
+  // Default action for `tusky wallet` with no subcommand → run info
+  wallet.action(async () => {
+    await wallet.commands.find(c => c.name() === 'info')?.parseAsync([], { from: 'user' });
+  });
+}

package/src/commands/webhook.ts

@@ -0,0 +1,193 @@
+import type { Command } from 'commander';
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import { cliConfig } from '../config.js';
+import { getSDKClientFromParent } from '../sdk.js';
+import { createTable, formatDate, shortId } from '../lib/output.js';
+
+// Import canonical event list from shared — keep in sync
+import { WEBHOOK_EVENTS } from '@tuskydp/shared/constants.js';
+
+export function registerWebhookCommands(program: Command) {
+  const webhook = program.command('webhook').description('Manage webhook endpoints');
+
+  // ── create ──────────────────────────────────────────────────────────
+  webhook.command('create <url>')
+    .description('Create a webhook endpoint')
+    .requiredOption('--events <events>', 'Comma-separated list of events to subscribe to')
+    .option('--description <text>', 'Webhook description')
+    .action(async (url: string, options) => {
+      const sdk = getSDKClientFromParent(webhook);
+      const events = options.events.split(',').map((e: string) => e.trim());
+
+      const created = await sdk.webhooks.create({
+        url,
+        events: events as any,
+        description: options.description,
+      });
+
+      console.log(chalk.green(`Webhook created: ${created.id}`));
+      console.log(`URL:    ${created.url}`);
+      console.log(`Events: ${created.events.join(', ')}`);
+      if (created.secret) {
+        console.log(chalk.yellow.bold(`Secret: ${created.secret}`));
+        console.log(chalk.yellow('  Save this secret — it will not be shown again.'));
+      }
+    });
+
+  // ── list ────────────────────────────────────────────────────────────
+  webhook.command('list')
+    .description('List webhook endpoints')
+    .action(async () => {
+      const sdk = getSDKClientFromParent(webhook);
+      const root = webhook.parent || webhook;
+      const format = root.opts().format || cliConfig.get('outputFormat');
+      const webhooks = await sdk.webhooks.list();
+
+      if (format === 'json') {
+        console.log(JSON.stringify(webhooks, null, 2));
+        return;
+      }
+
+      if (webhooks.length === 0) {
+        console.log(chalk.dim('No webhook endpoints found.'));
+        return;
+      }
+
+      const table = createTable(['URL', 'Events', 'Active', 'Failures', 'ID']);
+      for (const w of webhooks) {
+        table.push([
+          w.url.length > 40 ? w.url.slice(0, 39) + '...' : w.url,
+          String(w.events.length) + ' event(s)',
+          w.active ? chalk.green('Yes') : chalk.red('No'),
+          w.failureCount > 0 ? chalk.yellow(String(w.failureCount)) : '0',
+          chalk.dim(shortId(w.id)),
+        ]);
+      }
+      console.log(table.toString());
+    });
+
+  // ── info ────────────────────────────────────────────────────────────
+  webhook.command('info <webhook-id>')
+    .description('Show webhook endpoint details')
+    .action(async (webhookId: string) => {
+      const sdk = getSDKClientFromParent(webhook);
+      const root = webhook.parent || webhook;
+      const format = root.opts().format || cliConfig.get('outputFormat');
+      const w = await sdk.webhooks.get(webhookId);
+
+      if (format === 'json') {
+        console.log(JSON.stringify(w, null, 2));
+        return;
+      }
+
+      console.log(`URL:         ${w.url}`);
+      console.log(`Active:      ${w.active ? chalk.green('Yes') : chalk.red('No')}`);
+      console.log(`Events:      ${w.events.join(', ')}`);
+      console.log(`Description: ${w.description || chalk.dim('(none)')}`);
+      console.log(`Failures:    ${w.failureCount}`);
+      if (w.lastDeliveryAt) {
+        console.log(`Last Delivery: ${formatDate(w.lastDeliveryAt)} (${w.lastDeliveryStatus})`);
+      }
+      console.log(`Created:     ${new Date(w.createdAt).toLocaleString()}`);
+      console.log(`ID:          ${w.id}`);
+    });
+
+  // ── update ──────────────────────────────────────────────────────────
+  webhook.command('update <webhook-id>')
+    .description('Update a webhook endpoint')
+    .option('--url <url>', 'New webhook URL')
+    .option('--events <events>', 'Comma-separated list of events')
+    .option('--active <bool>', 'Enable or disable (true/false)')
+    .option('--description <text>', 'New description')
+    .action(async (webhookId: string, options) => {
+      const sdk = getSDKClientFromParent(webhook);
+
+      const params: { url?: string; events?: any[]; active?: boolean; description?: string } = {};
+      if (options.url) params.url = options.url;
+      if (options.events) params.events = options.events.split(',').map((e: string) => e.trim());
+      if (options.active !== undefined) params.active = options.active === 'true';
+      if (options.description) params.description = options.description;
+
+      if (Object.keys(params).length === 0) {
+        console.error(chalk.red('Provide at least one option to update (--url, --events, --active, --description).'));
+        return;
+      }
+
+      await sdk.webhooks.update(webhookId, params);
+      console.log(chalk.green('Webhook updated.'));
+    });
+
+  // ── delete ──────────────────────────────────────────────────────────
+  webhook.command('delete <webhook-id>')
+    .description('Delete a webhook endpoint')
+    .option('--force', 'Skip confirmation prompt')
+    .action(async (webhookId: string, options) => {
+      const sdk = getSDKClientFromParent(webhook);
+
+      if (!options.force) {
+        const answers = await inquirer.prompt([{
+          type: 'confirm',
+          name: 'confirm',
+          message: 'Delete this webhook endpoint?',
+          default: false,
+        }]);
+        if (!answers.confirm) return;
+      }
+
+      await sdk.webhooks.delete(webhookId);
+      console.log(chalk.green('Webhook deleted.'));
+    });
+
+  // ── test ────────────────────────────────────────────────────────────
+  webhook.command('test <webhook-id>')
+    .description('Send a test delivery to the webhook')
+    .action(async (webhookId: string) => {
+      const sdk = getSDKClientFromParent(webhook);
+      const delivery = await sdk.webhooks.test(webhookId);
+      console.log(chalk.green('Test delivery sent.'));
+      console.log(`Delivery ID: ${delivery.id}`);
+      console.log(`Event:       ${delivery.event}`);
+      console.log(`Status:      ${delivery.status}`);
+    });
+
+  // ── deliveries ──────────────────────────────────────────────────────
+  webhook.command('deliveries <webhook-id>')
+    .description('List recent webhook deliveries')
+    .option('--limit <n>', 'Max results', '20')
+    .action(async (webhookId: string, options) => {
+      const sdk = getSDKClientFromParent(webhook);
+      const root = webhook.parent || webhook;
+      const format = root.opts().format || cliConfig.get('outputFormat');
+      const deliveries = await sdk.webhooks.listDeliveries(webhookId, { limit: parseInt(options.limit) });
+
+      if (format === 'json') {
+        console.log(JSON.stringify(deliveries, null, 2));
+        return;
+      }
+
+      if (deliveries.length === 0) {
+        console.log(chalk.dim('No deliveries found.'));
+        return;
+      }
+
+      const table = createTable(['Event', 'Status', 'HTTP', 'Attempts', 'Created', 'ID']);
+      const statusColors: Record<string, typeof chalk.green> = {
+        success: chalk.green,
+        failed: chalk.red,
+        pending: chalk.yellow,
+      };
+      for (const d of deliveries) {
+        const sc = statusColors[d.status] || chalk.white;
+        table.push([
+          d.event,
+          sc(d.status),
+          d.httpStatus ? String(d.httpStatus) : '-',
+          `${d.attempts}/${d.maxAttempts}`,
+          formatDate(d.createdAt),
+          chalk.dim(shortId(d.id)),
+        ]);
+      }
+      console.log(table.toString());
+    });
+}

package/src/config.ts

@@ -5,7 +5,7 @@ export interface TuskyDPConfig {
   apiKey?: string;
   defaultVault?: string;
   outputFormat: 'table' | 'json' | 'plain';
-  encryptionEnabled: boolean;
+  suiPrivateKey?: string;
 }
 
 export const cliConfig = new Conf<TuskyDPConfig>({
@@ -13,7 +13,6 @@ export const cliConfig = new Conf<TuskyDPConfig>({
   defaults: {
     apiUrl: 'https://api.tusky.ai',
     outputFormat: 'table',
-    encryptionEnabled: true,
   },
 });
 
@@ -39,8 +38,8 @@ export function getOutputFormat(override?: string): 'table' | 'json' | 'plain' {
 
 /**
  * Get the Sui private key for SEAL operations on shared vaults.
- * Only read from env var (never persisted to config for security).
+ * Priority: TUSKYDP_SUI_PRIVATE_KEY env var > stored config key.
  */
 export function getSuiPrivateKey(): string | null {
-  return process.env.TUSKYDP_SUI_PRIVATE_KEY || null;
+  return process.env.TUSKYDP_SUI_PRIVATE_KEY || cliConfig.get('suiPrivateKey') || null;
 }

package/src/index.ts

@@ -1,28 +1,28 @@
 import { Command } from 'commander';
 import chalk from 'chalk';
 import { registerAuthCommands } from './commands/auth.js';
-import { registerEncryptionCommands } from './commands/encryption.js';
 import { registerVaultCommands } from './commands/vault.js';
 import { registerFileCommands } from './commands/files.js';
 import { registerAccountCommands } from './commands/account.js';
+import { registerFolderCommands } from './commands/folder.js';
+import { registerTrashCommands } from './commands/trash.js';
+import { registerWebhookCommands } from './commands/webhook.js';
+import { registerWalletCommands } from './commands/wallet.js';
 import { uploadCommand } from './commands/upload.js';
 import { downloadCommand } from './commands/download.js';
 import { rehydrateCommand } from './commands/rehydrate.js';
 import { registerTuiCommand } from './commands/tui.js';
 import { registerMcpCommands } from './commands/mcp.js';
+import { registerSuiCommands } from './commands/sui.js';
 import { registerExportCommand } from './commands/export.js';
-import { registerDecryptCommand } from './commands/decrypt.js';
-
-import { createRequire } from 'module';
-const __require = createRequire(import.meta.url);
-const { version: VERSION } = __require('../../package.json');
+import { CLI_VERSION } from './version.js';
 
 const program = new Command();
 
 program
   .name('tusky')
   .description('Tusky — Encrypted decentralized storage for developers, apps, and agents')
-  .version(VERSION)
+  .version(CLI_VERSION)
   .option('--api-key <key>', 'Override API key')
   .option('--api-url <url>', 'Override API URL')
   .option('--format <fmt>', 'Output format: table, json, plain', 'table')
@@ -38,20 +38,27 @@ program
   });
 
 registerAuthCommands(program);
-registerEncryptionCommands(program);
 registerVaultCommands(program);
 registerFileCommands(program);
+registerFolderCommands(program);
+registerTrashCommands(program);
+registerWebhookCommands(program);
+registerWalletCommands(program);
 registerAccountCommands(program);
 registerTuiCommand(program);
 registerMcpCommands(program);
+registerSuiCommands(program);
 registerExportCommand(program);
-registerDecryptCommand(program);
 
 // Direct shortcuts for common operations
-program.command('upload <paths...>')
+program.command('upload [paths...]')
   .description('Upload files')
   .option('--vault <vault>', 'Target vault')
+  .option('--folder <folder-id>', 'Target folder ID within the vault')
   .option('--recursive', 'Upload directory contents')
+  .option('--content <text>', 'Upload inline text content instead of a file path')
+  .option('--stdin', 'Read file content from stdin')
+  .option('--name <filename>', 'File name to use (required with --content or --stdin)')
   .action(async (paths: string[], options) => {
     await uploadCommand(paths, options, program);
   });
@@ -59,6 +66,7 @@ program.command('upload <paths...>')
 program.command('download <file-id>')
   .description('Download a file')
   .option('--output <path>', 'Output path')
+  .option('--stdout', 'Write file content to stdout (for sandboxed agents without filesystem access)')
   .action(async (fileId: string, options) => {
     await downloadCommand(fileId, options, program);
   });
@@ -66,6 +74,7 @@ program.command('download <file-id>')
 program.command('rehydrate <blob-id>')
   .description('Download a file directly from Walrus by blob ID')
   .option('--output <path>', 'Output file path')
+  .option('--stdout', 'Write blob content to stdout (for sandboxed agents without filesystem access)')
   .action(async (blobId: string, options) => {
     await rehydrateCommand(blobId, options, program);
   });

package/src/lib/resolve.ts

@@ -7,12 +7,11 @@ export async function resolveVault(sdk: TuskyClient, vaultRef?: string): Promise
     const defaultVault = cliConfig.get('defaultVault');
     if (defaultVault) return defaultVault;
 
-    // Fall back to the user's default vault
+    // Fall back to the first vault
     const vaults = await sdk.vaults.list();
-    const defaultV = vaults.find((v) => v.isDefault);
-    if (defaultV) return defaultV.id;
+    if (vaults.length > 0) return vaults[0].id;
 
-    throw new Error('No default vault found. Create one with: tusky vault create <name>');
+    throw new Error('No vault found. Create one with: tusky vault create <name>');
   }
 
   // If it looks like a UUID, use it directly

package/src/mcp/context.ts

@@ -1,8 +1,7 @@
 /**
  * Shared context for MCP tool handlers.
  *
- * Holds the authenticated SDK client, the unlocked master key for
- * private vault encryption, and the Sui keypair for shared vault
+ * Holds the authenticated SDK client and the Sui keypair for shared vault
  * SEAL encryption/decryption.
  */
 
@@ -13,15 +12,6 @@ export interface McpContext {
   /** Authenticated Tusky SDK client. */
   sdk: TuskyClient;
 
-  /**
-   * Returns the in-memory master key, or null if encryption was not
-   * unlocked (i.e. TUSKYDP_PASSWORD was not provided or setup is incomplete).
-   */
-  getMasterKey(): Buffer | null;
-
-  /** True when the master key is available for encrypt/decrypt operations. */
-  isEncryptionReady(): boolean;
-
   /**
    * Returns the Sui Ed25519 keypair for SEAL operations, or null if
    * TUSKYDP_SUI_PRIVATE_KEY was not provided.

package/src/mcp/server.ts

@@ -9,12 +9,6 @@
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { TuskyClient, TuskyError } from '@tuskydp/sdk';
-import {
-  deriveMasterKey,
-  verifyPassphrase,
-  unwrapMasterKey,
-} from '../crypto.js';
-import { loadMasterKey } from '../lib/keyring.js';
 import { getSuiKeypair } from '../seal.js';
 import type { McpContext } from './context.js';
 
@@ -25,58 +19,7 @@ import { registerFolderTools } from './tools/folders.js';
 import { registerFileTools } from './tools/files.js';
 import { registerTrashTools } from './tools/trash.js';
 import { registerSharedVaultTools } from './tools/sharedVaults.js';
-
-// ---------------------------------------------------------------------------
-// Encryption bootstrap
-// ---------------------------------------------------------------------------
-
-/**
- * Attempt to unlock the master key using (in order):
- *   1. TUSKYDP_PASSWORD env var  →  derive wrapping key  →  unwrap master key
- *   2. Existing session file (~/.tusky/session.enc)
- *
- * Returns the master key Buffer, or null if neither method works.
- */
-async function unlockMasterKey(sdk: TuskyClient): Promise<Buffer | null> {
-  const password = process.env.TUSKYDP_PASSWORD;
-
-  if (password) {
-    try {
-      const params = await sdk.account.getEncryptionParams();
-      if (!params.setupComplete) {
-        console.error('[tusky-mcp] Encryption not set up on this account. Skipping encryption unlock.');
-        return null;
-      }
-
-      const salt = Buffer.from(params.salt!, 'base64');
-      const verifier = Buffer.from(params.verifier!, 'base64');
-      const wrappingKey = deriveMasterKey(password, salt);
-
-      if (!verifyPassphrase(wrappingKey, verifier)) {
-        console.error('[tusky-mcp] TUSKYDP_PASSWORD is incorrect. Encryption will be unavailable.');
-        return null;
-      }
-
-      if (params.encryptedMasterKey) {
-        return unwrapMasterKey(Buffer.from(params.encryptedMasterKey, 'base64'), wrappingKey);
-      }
-      // Legacy accounts where wrapping key IS the master key
-      return wrappingKey;
-    } catch (err: any) {
-      console.error(`[tusky-mcp] Failed to unlock encryption: ${err.message}`);
-      return null;
-    }
-  }
-
-  // Fallback: try existing session file
-  const sessionKey = loadMasterKey();
-  if (sessionKey) {
-    console.error('[tusky-mcp] Using encryption key from existing session.');
-    return sessionKey;
-  }
-
-  return null;
-}
+import { CLI_VERSION } from '../version.js';
 
 // ---------------------------------------------------------------------------
 // Server lifecycle
@@ -106,15 +49,6 @@ export async function startMcpServer(options: McpServerOptions): Promise<void> {
     process.exit(1);
   }
 
-  // Unlock encryption (best effort)
-  const masterKey = await unlockMasterKey(sdk);
-  if (masterKey) {
-    console.error('[tusky-mcp] Encryption unlocked — private vault operations are available.');
-  } else {
-    console.error('[tusky-mcp] Encryption not unlocked — private vault encrypt/decrypt unavailable.');
-    console.error('[tusky-mcp] Set TUSKYDP_PASSWORD env var or run `tusky encryption unlock` first.');
-  }
-
   // Load Sui keypair for SEAL shared vault operations (best effort)
   const suiKeypair = getSuiKeypair();
   if (suiKeypair) {
@@ -126,8 +60,6 @@ export async function startMcpServer(options: McpServerOptions): Promise<void> {
   // Build context
   const ctx: McpContext = {
     sdk,
-    getMasterKey: () => masterKey,
-    isEncryptionReady: () => masterKey !== null,
     getSuiKeypair: () => suiKeypair,
     isSealReady: () => suiKeypair !== null,
   };
@@ -135,7 +67,7 @@ export async function startMcpServer(options: McpServerOptions): Promise<void> {
   // Create MCP server
   const server = new McpServer({
     name: 'tusky',
-    version: '0.1.0',
+    version: CLI_VERSION,
   });
 
   // Register all tools

package/src/mcp/tools/account.ts

@@ -9,7 +9,7 @@ import { wrapToolError } from './helpers.js';
 export function registerAccountTools(server: McpServer, ctx: McpContext) {
   server.tool(
     'tusky_account_info',
-    'Get account information including email, plan, storage usage, and encryption status',
+    'Get account information including email, plan, and storage usage',
     {},
     async () => {
       try {
@@ -24,8 +24,6 @@ export function registerAccountTools(server: McpServer, ctx: McpContext) {
           storageLimit: account.storageLimitFormatted,
           storageUsedBytes: account.storageUsedBytes,
           storageLimitBytes: account.storageLimitBytes,
-          encryptionSetup: account.encryptionSetupComplete,
-          encryptionUnlocked: ctx.isEncryptionReady(),
           createdAt: account.createdAt,
         };