@zeroxyz/cli 0.0.23 → 0.0.24

package/dist/index.js

@@ -1,12 +1,12 @@
 #!/usr/bin/env node
 
 // src/app.ts
-import { Command as Command9 } from "commander";
+import { Command as Command10 } from "commander";
 
 // package.json
 var package_default = {
   name: "@zeroxyz/cli",
-  version: "0.0.23",
+  version: "0.0.24",
   type: "module",
   bin: {
     zero: "dist/index.js",
@@ -59,21 +59,477 @@ var package_default = {
   }
 };
 
+// src/commands/bug-report-command.ts
+import { createHash as createHash2 } from "crypto";
+import { readFileSync } from "fs";
+import { Command } from "commander";
+import { z as z2 } from "zod";
+
+// src/services/api-service.ts
+import { createHash } from "crypto";
+import z from "zod";
+var searchResultSchema = z.object({
+  id: z.string(),
+  position: z.number(),
+  slug: z.string(),
+  name: z.string(),
+  canonicalName: z.string().nullable().optional(),
+  description: z.string(),
+  whatItDoes: z.string().nullable().optional(),
+  url: z.string(),
+  cost: z.object({ amount: z.string(), asset: z.string() }),
+  rating: z.object({
+    score: z.string(),
+    successRate: z.string(),
+    reviews: z.number(),
+    stars: z.string().nullable().optional(),
+    state: z.enum(["unrated", "rated"]).optional()
+  }),
+  trustScore: z.number().nullable().optional(),
+  trustSignalCount: z.number().optional(),
+  availabilityStatus: z.enum(["healthy", "degraded", "down", "unknown"]).nullable().optional(),
+  relevanceScore: z.number().optional()
+});
+var searchResponseSchema = z.object({
+  searchId: z.string(),
+  total: z.number().optional().default(0),
+  offset: z.number().optional().default(0),
+  hasMore: z.boolean().optional().default(false),
+  capabilities: z.array(searchResultSchema)
+});
+var capabilityResponseSchema = z.object({
+  uid: z.string(),
+  slug: z.string(),
+  name: z.string(),
+  description: z.string(),
+  url: z.string(),
+  method: z.string(),
+  headers: z.record(z.string(), z.string()).nullable(),
+  bodySchema: z.record(z.string(), z.unknown()).nullable(),
+  responseSchema: z.record(z.string(), z.unknown()).nullable(),
+  example: z.object({ request: z.unknown(), response: z.unknown() }).nullable(),
+  tags: z.array(z.string()).nullable(),
+  displayCostAmount: z.string(),
+  displayCostAsset: z.string(),
+  rating: z.object({
+    score: z.string(),
+    successRate: z.string(),
+    reviews: z.number(),
+    stars: z.string().nullable().optional(),
+    state: z.enum(["unrated", "rated"]).optional()
+  }),
+  priceObserved: z.object({
+    medianCents: z.string(),
+    p95Cents: z.string(),
+    sampleCount: z.number(),
+    varies: z.boolean()
+  }).nullable().optional(),
+  paymentMethods: z.array(
+    z.object({
+      uid: z.string(),
+      protocol: z.string(),
+      methodType: z.string(),
+      chain: z.string().nullable(),
+      mode: z.string(),
+      costAmount: z.string(),
+      costPer: z.string(),
+      priority: z.number()
+    })
+  ).nullable(),
+  trustScore: z.number().nullable().optional(),
+  trustComponents: z.object({
+    apiQuality: z.number().nullable(),
+    blockchainActivity: z.number().nullable(),
+    performance: z.number().nullable()
+  }).nullable().optional(),
+  availabilityStatus: z.enum(["healthy", "degraded", "down", "unknown"]).nullable().optional()
+});
+var createRunResponseSchema = z.object({
+  runId: z.string()
+});
+var createReviewResponseSchema = z.object({
+  reviewId: z.string(),
+  recorded: z.boolean()
+});
+var BUG_REPORT_CATEGORIES = [
+  "search_relevance",
+  "ranking_issue",
+  "missing_capability",
+  "wrong_schema",
+  "misleading_description",
+  "broken_execution",
+  "payment_failure",
+  "billing_anomaly",
+  "cli_bug",
+  "security",
+  "other"
+];
+var createBugReportResponseSchema = z.object({
+  bugReportId: z.string(),
+  status: z.string(),
+  deduped: z.boolean(),
+  category: z.enum(BUG_REPORT_CATEGORIES).nullable(),
+  title: z.string().nullable(),
+  attached: z.object({
+    capabilityId: z.number().nullable(),
+    runId: z.number().nullable(),
+    searchId: z.number().nullable()
+  })
+});
+var runListItemSchema = z.object({
+  uid: z.string(),
+  capabilityUid: z.string(),
+  capabilitySlug: z.string(),
+  capabilityName: z.string(),
+  status: z.number().nullable(),
+  latencyMs: z.number().nullable(),
+  cost: z.object({ amount: z.string(), asset: z.string().nullable() }).nullable(),
+  payment: z.object({
+    protocol: z.string(),
+    chain: z.string().nullable(),
+    txHash: z.string().nullable(),
+    mode: z.string().nullable()
+  }).nullable(),
+  createdAt: z.coerce.date(),
+  reviewed: z.boolean()
+});
+var listRunsResponseSchema = z.object({
+  runs: z.array(runListItemSchema),
+  nextCursor: z.string().nullable()
+});
+var buildCanonicalMessage = (method, path, body, timestamp, nonce) => {
+  const bodyHash = createHash("sha256").update(body ?? "").digest("hex");
+  return `${method}:${path}:${bodyHash}:${timestamp}:${nonce}`;
+};
+var ApiService = class {
+  constructor(baseUrl, account) {
+    this.baseUrl = baseUrl;
+    this.account = account;
+    this.walletAddress = this.account?.address ?? null;
+  }
+  walletAddress;
+  account;
+  signRequest = async (method, path, body) => {
+    if (!this.account) throw new Error("No private key configured");
+    const timestamp = Math.floor(Date.now() / 1e3).toString();
+    const nonce = crypto.randomUUID();
+    const message = buildCanonicalMessage(method, path, body, timestamp, nonce);
+    const signature = await this.account.signMessage({ message });
+    return {
+      "x-zero-address": this.account.address,
+      "x-zero-timestamp": timestamp,
+      "x-zero-nonce": nonce,
+      "x-zero-signature": signature
+    };
+  };
+  request = async (method, path, body) => {
+    const url = `${this.baseUrl}${path}`;
+    const bodyStr = body ? JSON.stringify(body) : void 0;
+    const headers = {
+      "content-type": "application/json"
+    };
+    if (this.account) {
+      const walletHeaders = await this.signRequest(method, path, bodyStr);
+      Object.assign(headers, walletHeaders);
+    }
+    const response = await fetch(url, {
+      method,
+      headers,
+      body: bodyStr
+    });
+    if (!response.ok) {
+      const errorBody = await response.json().catch(() => ({ error: "Unknown error" }));
+      throw new Error(
+        errorBody.error ?? `HTTP ${response.status}`
+      );
+    }
+    return response.json();
+  };
+  search = async (options) => {
+    const json = await this.request("POST", "/v1/search", options);
+    return searchResponseSchema.parse(json);
+  };
+  getCapability = async (id, searchId) => {
+    const qs = searchId ? `?searchId=${encodeURIComponent(searchId)}` : "";
+    const json = await this.request(
+      "GET",
+      `/v1/capabilities/${encodeURIComponent(id)}${qs}`
+    );
+    return capabilityResponseSchema.parse(json);
+  };
+  createRun = async (data) => {
+    const json = await this.request("POST", "/v1/runs", data);
+    return createRunResponseSchema.parse(json);
+  };
+  listRuns = async (params = {}) => {
+    const qs = new URLSearchParams();
+    if (params.capabilityId) qs.set("capabilityId", params.capabilityId);
+    if (params.unreviewed) qs.set("unreviewed", "true");
+    if (params.limit) qs.set("limit", String(params.limit));
+    if (params.cursor) qs.set("cursor", params.cursor);
+    const suffix = qs.toString() ? `?${qs.toString()}` : "";
+    const json = await this.request("GET", `/v1/runs${suffix}`);
+    return listRunsResponseSchema.parse(json);
+  };
+  createReview = async (data) => {
+    const json = await this.request("POST", "/v1/reviews", data);
+    return createReviewResponseSchema.parse(json);
+  };
+  createBugReport = async (data) => {
+    const json = await this.request("POST", "/v1/bug-reports", data);
+    return createBugReportResponseSchema.parse(json);
+  };
+  getFundingUrl = async (amount) => {
+    try {
+      const qs = amount ? `?amount=${encodeURIComponent(amount)}` : "";
+      const json = await this.request("GET", `/v1/wallet/fund-url${qs}`);
+      const parsed = z.object({ url: z.string() }).parse(json);
+      return parsed.url;
+    } catch {
+      return null;
+    }
+  };
+};
+
+// src/commands/bug-report-command.ts
+var bulkEntrySchema = z2.object({
+  description: z2.string().min(1),
+  category: z2.enum(BUG_REPORT_CATEGORIES).optional(),
+  title: z2.string().min(1).max(200).optional(),
+  severity: z2.number().int().min(1).max(3).optional(),
+  reproduction: z2.string().optional(),
+  capabilityId: z2.string().optional(),
+  runId: z2.string().optional(),
+  searchId: z2.string().optional(),
+  idempotencyKey: z2.string().min(1).max(200).optional()
+});
+var buildCliContext = () => ({
+  cliVersion: package_default.version,
+  os: process.platform,
+  node: process.version
+});
+var TEN_MIN_MS = 10 * 60 * 1e3;
+var autoIdempotencyKey = (description, contextSeed) => {
+  const bucket = Math.floor(Date.now() / TEN_MIN_MS);
+  const seed = `${description}|${contextSeed ?? ""}|${bucket}`;
+  return `auto-${createHash2("sha256").update(seed).digest("hex").slice(0, 16)}`;
+};
+var bugReportCommand = (appContext) => new Command("bug-report").description(
+  "Report a Zero platform bug \u2014 bad search ranking, wrong indexed URL, CLI bugs, billing issues. The CLI auto-attaches your most recent context (last search + last run), auto-derives a title, and lets the server classify the category. For 'this capability returned a bad result', use `zero review` instead."
+).addHelpText(
+  "after",
+  `
+Minimum surface \u2014 just describe the bug:
+  zero bug-report "Search ranked generic crypto API above exact match for BTC price"
+
+The CLI will:
+  - Attach your most recent search + run as context (use --no-context to skip)
+  - Auto-derive a title from your description
+  - Generate an idempotency key so accidental retries dedupe within 10 minutes
+  - Capture cliContext (cli version, os, node)
+
+The server will:
+  - Pick a category from your description (override with --category if it gets it wrong)
+  - Default severity to 2 (override with --severity)
+  - Echo back what it picked + attached so you can verify
+
+Overrides (only when needed):
+  --capability cap_xyz   Attach a specific capability (overrides auto-context)
+  --run run_xyz          Attach a specific run
+  --search sea_xyz       Attach a specific search
+  --no-context           Skip auto-attached context (file a standalone platform bug)
+  --category <c>         Force a category (otherwise classifier picks)
+  --severity 1|2|3       Override default severity 2
+  --title "..."          Override auto-derived title
+  --reproduction "..."   Add reproduction notes
+  --idempotency-key <k>  Override auto-key (e.g. for explicit retries)
+  --json                 Machine-readable output
+  --from-file <path>     Bulk submit from JSONL (each line: {description, ...overrides})
+
+Categories the classifier picks from:
+  search & discovery: search_relevance, ranking_issue, missing_capability
+  indexed-data quality: wrong_schema, misleading_description, broken_execution
+  platform infra: payment_failure, billing_anomaly, cli_bug
+  cross-cutting: security, other`
+).argument(
+  "[description]",
+  "What broke (free-form text). Required unless --from-file is used."
+).option(
+  "--capability <id>",
+  "Attach this capability uid (cap_*) or slug as context, overriding auto-context"
+).option(
+  "--run <runId>",
+  "Attach this run uid (run_*) as context, overriding auto-context"
+).option(
+  "--search <searchId>",
+  "Attach this search uid (sea_*) as context, overriding auto-context"
+).option("--no-context", "Skip auto-attached context entirely").option(
+  "--category <category>",
+  `Force a category (skips classifier). One of: ${BUG_REPORT_CATEGORIES.join(", ")}`
+).option(
+  "--severity <n>",
+  "Severity 1 (low), 2 (med, default), 3 (high)",
+  Number.parseInt
+).option("--title <text>", "Override auto-derived title (\u2264200 chars)").option(
+  "--reproduction <text>",
+  "Optional reproduction steps (e.g. equivalent curl)"
+).option("--idempotency-key <key>", "Override the auto-generated dedup key").option(
+  "--from-file <path>",
+  "Submit bug reports in bulk from a JSONL file (one report per line)"
+).option("--json", "Emit the API result as JSON on stdout (for batch use)").action(
+  async (description, options) => {
+    try {
+      const { analyticsService, apiService, stateService } = appContext.services;
+      if (!apiService.walletAddress) {
+        console.error(
+          "Wallet auth required \u2014 run `zero wallet import` or set ZERO_PRIVATE_KEY."
+        );
+        process.exitCode = 1;
+        return;
+      }
+      if (options.fromFile) {
+        const contents = readFileSync(options.fromFile, "utf8");
+        const lines = contents.split("\n").map((l) => l.trim()).filter((l) => l.length > 0 && !l.startsWith("#"));
+        let ok = 0;
+        let failed = 0;
+        const cliContext = buildCliContext();
+        for (const [idx, line] of lines.entries()) {
+          const lineNum = idx + 1;
+          try {
+            const parsed = bulkEntrySchema.parse(JSON.parse(line));
+            const result2 = await apiService.createBugReport({
+              description: parsed.description,
+              category: parsed.category,
+              severity: parsed.severity,
+              title: parsed.title,
+              reproduction: parsed.reproduction,
+              capabilityId: parsed.capabilityId,
+              runId: parsed.runId,
+              searchId: parsed.searchId,
+              cliContext,
+              idempotencyKey: parsed.idempotencyKey ?? autoIdempotencyKey(parsed.description, parsed.runId)
+            });
+            ok += 1;
+            console.log(
+              `[${lineNum}] ${result2.bugReportId} category=${result2.category ?? "unclassified"}${result2.deduped ? " (deduped)" : ""}`
+            );
+            analyticsService.capture("bug_report_submitted", {
+              category: result2.category,
+              severity: parsed.severity ?? 2,
+              bulk: true,
+              deduped: result2.deduped
+            });
+          } catch (err) {
+            failed += 1;
+            console.error(
+              `[${lineNum}] FAILED: ${err instanceof Error ? err.message : String(err)}`
+            );
+          }
+        }
+        console.log(
+          `
+Bulk bug-report complete: ${ok} ok, ${failed} failed`
+        );
+        if (failed > 0) process.exitCode = 1;
+        return;
+      }
+      if (!description || description.trim().length === 0) {
+        console.error(
+          'Provide a description: zero bug-report "what broke"'
+        );
+        process.exitCode = 1;
+        return;
+      }
+      if (options.category && !BUG_REPORT_CATEGORIES.includes(
+        options.category
+      )) {
+        console.error(
+          `Invalid --category. Valid: ${BUG_REPORT_CATEGORIES.join(", ")}`
+        );
+        process.exitCode = 1;
+        return;
+      }
+      if (options.severity !== void 0 && (Number.isNaN(options.severity) || options.severity < 1 || options.severity > 3)) {
+        console.error("--severity must be 1, 2, or 3");
+        process.exitCode = 1;
+        return;
+      }
+      let { capability, run, search } = options;
+      const useAutoContext = options.context !== false;
+      if (useAutoContext) {
+        const lastSearch = stateService.loadLastSearch();
+        if (lastSearch) {
+          search = search ?? lastSearch.searchId;
+          const recent = lastSearch.capabilities[0];
+          capability = capability ?? recent?.id;
+        }
+        if (!run) {
+          try {
+            const list = await apiService.listRuns({ limit: 1 });
+            const [latest] = list.runs;
+            if (latest) {
+              run = latest.uid;
+              capability = capability ?? latest.capabilityUid;
+            }
+          } catch {
+          }
+        }
+      }
+      const idempotencyKey = options.idempotencyKey ?? autoIdempotencyKey(description, run ?? capability ?? null);
+      const result = await apiService.createBugReport({
+        description,
+        category: options.category,
+        severity: options.severity,
+        title: options.title,
+        reproduction: options.reproduction,
+        capabilityId: capability,
+        runId: run,
+        searchId: search,
+        cliContext: buildCliContext(),
+        idempotencyKey
+      });
+      if (options.json) {
+        console.log(JSON.stringify(result));
+      } else {
+        const cat = result.category ?? "unclassified";
+        const dedupeNote = result.deduped ? " (deduped \u2014 same description within 10 min)" : "";
+        console.log(
+          `Bug report filed: ${result.bugReportId}${dedupeNote}
+  category: ${cat}
+  title:    ${result.title ?? "(none)"}
+  attached: capability=${result.attached.capabilityId ?? "\u2014"} run=${result.attached.runId ?? "\u2014"} search=${result.attached.searchId ?? "\u2014"}`
+        );
+      }
+      analyticsService.capture("bug_report_submitted", {
+        category: result.category,
+        severity: options.severity ?? 2,
+        deduped: result.deduped,
+        autoContext: useAutoContext
+      });
+    } catch (err) {
+      console.error(
+        err instanceof Error ? err.message : "Bug report failed"
+      );
+      process.exitCode = 1;
+    }
+  }
+);
+
 // src/commands/config-command.ts
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { existsSync, mkdirSync, readFileSync as readFileSync2, writeFileSync } from "fs";
 import { homedir } from "os";
 import { join } from "path";
-import { Command } from "commander";
+import { Command as Command2 } from "commander";
 var VALID_KEYS = ["lowBalanceWarning", "auth", "telemetry"];
 var loadConfig = (configPath) => {
   try {
     if (!existsSync(configPath)) return {};
-    return JSON.parse(readFileSync(configPath, "utf8"));
+    return JSON.parse(readFileSync2(configPath, "utf8"));
   } catch {
     return {};
   }
 };
-var configCommand = (_appContext) => new Command("config").description("View or update CLI configuration").option("--set <keyValue>", "Set a config value (key=value)").action((options) => {
+var configCommand = (_appContext) => new Command2("config").description("View or update CLI configuration").option("--set <keyValue>", "Set a config value (key=value)").action((options) => {
   const configPath = join(homedir(), ".zero", "config.json");
   if (!options.set) {
     const config2 = loadConfig(configPath);
@@ -110,7 +566,7 @@ var configCommand = (_appContext) => new Command("config").description("View or
 });
 
 // src/commands/fetch-command.ts
-import { Command as Command2 } from "commander";
+import { Command as Command3 } from "commander";
 
 // src/util/infer-schema.ts
 var inferSchema = (value, depth = 0) => {
@@ -168,7 +624,7 @@ var detectPaymentRequirement = (headers, status) => {
   }
   return { protocol: "unknown", raw: {} };
 };
-var fetchCommand = (appContext) => new Command2("fetch").description("Fetch a capability URL with automatic payment handling").argument("<url>", "URL to fetch").option(
+var fetchCommand = (appContext) => new Command3("fetch").description("Fetch a capability URL with automatic payment handling").argument("<url>", "URL to fetch").option(
   "-X, --method <method>",
   "HTTP method (GET, POST, PUT, PATCH, DELETE). Defaults to POST when -d is set, otherwise GET"
 ).option("-d, --data <body>", "Request body (JSON string)").option("-H, --header <header...>", "Headers in Key:Value format").option("--max-pay <amount>", "Maximum amount willing to pay (USDC)").option(
@@ -391,7 +847,7 @@ var fetchCommand = (appContext) => new Command2("fetch").description("Fetch a ca
 );
 
 // src/commands/get-command.ts
-import { Command as Command3 } from "commander";
+import { Command as Command4 } from "commander";
 var formatReviewCount = (count) => {
   if (count >= 1e3) return `${(count / 1e3).toFixed(1)}k`;
   return count.toString();
@@ -446,7 +902,7 @@ var formatCapability = (capability) => {
   lines.push(`  Method: ${capability.method}`);
   return lines.join("\n");
 };
-var getCommand = (appContext) => new Command3("get").description(
+var getCommand = (appContext) => new Command4("get").description(
   "Get details for a capability by position from last search, or by slug"
 ).argument(
   "<identifier>",
@@ -500,20 +956,21 @@ var getCommand = (appContext) => new Command3("get").description(
 });
 
 // src/commands/init-command.ts
-import { createHash } from "crypto";
+import { createHash as createHash3 } from "crypto";
 import {
   chmodSync,
   cpSync,
   existsSync as existsSync2,
   mkdirSync as mkdirSync2,
   readdirSync,
-  readFileSync as readFileSync2,
+  readFileSync as readFileSync3,
+  rmSync,
   writeFileSync as writeFileSync2
 } from "fs";
 import { homedir as homedir2 } from "os";
 import { dirname, join as join2, relative } from "path";
 import { fileURLToPath } from "url";
-import { Command as Command4 } from "commander";
+import { Command as Command5 } from "commander";
 import { generatePrivateKey, privateKeyToAccount } from "viem/accounts";
 var AGENT_TOOLS = [
   { name: "Claude Code", configDir: ".claude" },
@@ -535,7 +992,7 @@ var getPackageRoot = () => {
   }
   return dir;
 };
-var sha256File = (filePath) => createHash("sha256").update(readFileSync2(filePath)).digest("hex");
+var sha256File = (filePath) => createHash3("sha256").update(readFileSync3(filePath)).digest("hex");
 var verifyFileCopy = (src, dest) => {
   if (!existsSync2(dest)) return false;
   return sha256File(src) === sha256File(dest);
@@ -577,7 +1034,7 @@ var installHook = (home) => {
   let settings = {};
   if (existsSync2(settingsPath)) {
     try {
-      settings = JSON.parse(readFileSync2(settingsPath, "utf-8"));
+      settings = JSON.parse(readFileSync3(settingsPath, "utf-8"));
     } catch {
     }
   }
@@ -654,6 +1111,36 @@ var installHook = (home) => {
 `);
   return true;
 };
+var CONFLICTING_SKILL_PATTERNS = ["zam", "tempo"];
+var findConflictingSkills = (home) => {
+  const found = [];
+  for (const tool of AGENT_TOOLS) {
+    const toolSkillsPath = join2(home, tool.configDir, "skills");
+    if (!existsSync2(toolSkillsPath)) continue;
+    const entries = readdirSync(toolSkillsPath, { withFileTypes: true });
+    for (const entry of entries) {
+      if (!entry.isDirectory()) continue;
+      const lower = entry.name.toLowerCase();
+      if (CONFLICTING_SKILL_PATTERNS.some((p) => lower.includes(p))) {
+        found.push({
+          tool: tool.name,
+          skillPath: join2(toolSkillsPath, entry.name),
+          skillName: entry.name
+        });
+      }
+    }
+  }
+  return found;
+};
+var removeConflictingSkills = (home) => {
+  const conflicts = findConflictingSkills(home);
+  const removed = [];
+  for (const { skillPath, tool, skillName } of conflicts) {
+    rmSync(skillPath, { recursive: true, force: true });
+    removed.push(`${tool}: ${skillName}`);
+  }
+  return removed;
+};
 var installSkills = (home) => {
   const skillsSourceDir = join2(getPackageRoot(), "skills");
   const skillDirs = readdirSync(skillsSourceDir, { withFileTypes: true }).filter((d) => d.isDirectory()).map((d) => d.name);
@@ -683,7 +1170,7 @@ var installSkills = (home) => {
   }
   return installed;
 };
-var initCommand = (appContext) => new Command4("init").description("Initialize Zero CLI for usage").option("--force", "Overwrite existing configuration").action(async (options) => {
+var initCommand = (appContext) => new Command5("init").description("Initialize Zero CLI for usage").option("--force", "Overwrite existing configuration").action(async (options) => {
   const home = homedir2();
   const zeroDir = join2(home, ".zero");
   const configPath = join2(zeroDir, "config.json");
@@ -692,7 +1179,7 @@ var initCommand = (appContext) => new Command4("init").description("Initialize Z
   const walletExists = (() => {
     if (!existsSync2(configPath)) return false;
     try {
-      const existing = JSON.parse(readFileSync2(configPath, "utf8"));
+      const existing = JSON.parse(readFileSync3(configPath, "utf8"));
       return !!existing.privateKey;
     } catch {
       return false;
@@ -702,7 +1189,7 @@ var initCommand = (appContext) => new Command4("init").description("Initialize Z
     const privateKey = generatePrivateKey();
     const account = privateKeyToAccount(privateKey);
     mkdirSync2(zeroDir, { recursive: true });
-    const existing = existsSync2(configPath) ? JSON.parse(readFileSync2(configPath, "utf8")) : {};
+    const existing = existsSync2(configPath) ? JSON.parse(readFileSync3(configPath, "utf8")) : {};
     writeFileSync2(
       configPath,
       JSON.stringify(
@@ -716,7 +1203,7 @@ var initCommand = (appContext) => new Command4("init").description("Initialize Z
     console.log(`Wallet address: ${account.address}`);
   } else {
     try {
-      const existing = JSON.parse(readFileSync2(configPath, "utf8"));
+      const existing = JSON.parse(readFileSync3(configPath, "utf8"));
       const account = privateKeyToAccount(existing.privateKey);
       walletAddress = account.address;
     } catch {
@@ -748,6 +1235,17 @@ var initCommand = (appContext) => new Command4("init").description("Initialize Z
   } catch (err) {
     hookError = err instanceof Error ? err.message : "unknown hook error";
   }
+  const conflictingSkills = findConflictingSkills(home);
+  if (conflictingSkills.length > 0) {
+    const skillList = conflictingSkills.map((s) => `  - ${s.tool}: ${s.skillName}`).join("\n");
+    console.error(
+      `
+Found deprecated skills that may conflict with Zero:
+${skillList}
+
+To remove them, run: zero init cleanup`
+    );
+  }
   console.error(
     'Zero is ready! Run `zero search` to find capabilities.\n\nTry:\n  zero search "translate text to Spanish"\n  zero search "generate an image"\n  zero search "weather forecast"'
   );
@@ -770,23 +1268,45 @@ var initCommand = (appContext) => new Command4("init").description("Initialize Z
     hook_installed: hookInstalled,
     // biome-ignore lint/style/useNamingConvention: snake_case for analytics
     hook_error: hookError,
+    // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+    conflicting_skills_found: conflictingSkills.length,
     force: options.force ?? false
   });
-});
+}).addCommand(
+  new Command5("cleanup").description(
+    "Remove deprecated skills (zam, tempo) that conflict with Zero"
+  ).action(() => {
+    const home = homedir2();
+    const removed = removeConflictingSkills(home);
+    if (removed.length === 0) {
+      console.error("No conflicting skills found. Nothing to remove.");
+      return;
+    }
+    const removedList = removed.map((s) => `  - ${s}`).join("\n");
+    console.error(`Removed deprecated skills:
+${removedList}`);
+    appContext.services.analyticsService.capture("skills_cleanup", {
+      // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+      skills_removed: removed,
+      // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+      skills_removed_count: removed.length
+    });
+  })
+);
 
 // src/commands/review-command.ts
-import { readFileSync as readFileSync3 } from "fs";
-import { Command as Command5 } from "commander";
-import { z } from "zod";
-var bulkEntrySchema = z.object({
-  runId: z.string(),
-  success: z.boolean(),
-  accuracy: z.number().int().min(1).max(5),
-  value: z.number().int().min(1).max(5),
-  reliability: z.number().int().min(1).max(5),
-  content: z.string().optional()
+import { readFileSync as readFileSync4 } from "fs";
+import { Command as Command6 } from "commander";
+import { z as z3 } from "zod";
+var bulkEntrySchema2 = z3.object({
+  runId: z3.string(),
+  success: z3.boolean(),
+  accuracy: z3.number().int().min(1).max(5),
+  value: z3.number().int().min(1).max(5),
+  reliability: z3.number().int().min(1).max(5),
+  content: z3.string().optional()
 });
-var reviewCommand = (appContext) => new Command5("review").description("Submit a review for a capability run").addHelpText(
+var reviewCommand = (appContext) => new Command6("review").description("Submit a review for a capability run").addHelpText(
   "after",
   `
 Tips for a great review:
@@ -814,14 +1334,14 @@ Examples:
     try {
       const { analyticsService, apiService } = appContext.services;
       if (options.fromFile) {
-        const contents = readFileSync3(options.fromFile, "utf8");
+        const contents = readFileSync4(options.fromFile, "utf8");
         const lines = contents.split("\n").map((l) => l.trim()).filter((l) => l.length > 0 && !l.startsWith("#"));
         let ok = 0;
         let failed = 0;
         for (const [idx, line] of lines.entries()) {
           const lineNum = idx + 1;
           try {
-            const parsed = bulkEntrySchema.parse(JSON.parse(line));
+            const parsed = bulkEntrySchema2.parse(JSON.parse(line));
             const result2 = await apiService.createReview(parsed);
             ok += 1;
             console.log(
@@ -922,8 +1442,8 @@ Bulk review complete: ${ok} ok, ${failed} failed`);
 );
 
 // src/commands/runs-command.ts
-import { Command as Command6 } from "commander";
-var runsCommand = (appContext) => new Command6("runs").description("List your recent capability runs").addHelpText(
+import { Command as Command7 } from "commander";
+var runsCommand = (appContext) => new Command7("runs").description("List your recent capability runs").addHelpText(
   "after",
   `
 View your recent capability runs \u2014 status, latency, cost, and payment info.
@@ -971,7 +1491,7 @@ Examples:
 );
 
 // src/commands/search-command.ts
-import { Command as Command7 } from "commander";
+import { Command as Command8 } from "commander";
 var formatReviewCount2 = (count) => {
   if (count >= 1e3) return `${(count / 1e3).toFixed(1)}k`;
   return count.toString();
@@ -1009,7 +1529,7 @@ var formatSearchResults = (results) => {
      "${displayDescription}"`;
   }).join("\n");
 };
-var searchCommand = (appContext) => new Command7("search").description("Search for capabilities").argument("<query>", "Search query").option("--json", "Output raw JSON to stdout").option("--offset <n>", "Pagination offset", Number).option("--limit <n>", "Results per page", Number).option("--free", "Only show free capabilities").option("--max-cost <amount>", "Maximum cost per call").option("--min-rating <stars>", "Minimum star rating (1-5)", Number).option("--protocol <protocol>", "Payment protocol (x402 or mpp)").option("--min-trust <n>", "Minimum trust score (0-100)", Number).option(
+var searchCommand = (appContext) => new Command8("search").description("Search for capabilities").argument("<query>", "Search query").option("--json", "Output raw JSON to stdout").option("--offset <n>", "Pagination offset", Number).option("--limit <n>", "Results per page", Number).option("--free", "Only show free capabilities").option("--max-cost <amount>", "Maximum cost per call").option("--min-rating <stars>", "Minimum star rating (1-5)", Number).option("--protocol <protocol>", "Payment protocol (x402 or mpp)").option("--min-trust <n>", "Minimum trust score (0-100)", Number).option(
   "--status <status>",
   "Filter by availability (healthy, degraded, down)"
 ).option("--all", "Show all results (no trust or health filtering)").option(
@@ -1087,13 +1607,13 @@ var searchCommand = (appContext) => new Command7("search").description("Search f
 );
 
 // src/commands/wallet-command.ts
-import { existsSync as existsSync3, mkdirSync as mkdirSync3, readFileSync as readFileSync4, writeFileSync as writeFileSync3 } from "fs";
+import { existsSync as existsSync3, mkdirSync as mkdirSync3, readFileSync as readFileSync5, writeFileSync as writeFileSync3 } from "fs";
 import { homedir as homedir3 } from "os";
 import { join as join3 } from "path";
-import { Command as Command8 } from "commander";
+import { Command as Command9 } from "commander";
 import open from "open";
 import { privateKeyToAccount as privateKeyToAccount2 } from "viem/accounts";
-var walletBalanceCommand = (appContext) => new Command8("balance").description("Show wallet balance").action(async () => {
+var walletBalanceCommand = (appContext) => new Command9("balance").description("Show wallet balance").action(async () => {
   const { walletService } = appContext.services;
   const balance = await walletService.getBalance();
   if (balance === null) {
@@ -1108,7 +1628,7 @@ var walletBalanceCommand = (appContext) => new Command8("balance").description("
   }
   console.log(`${balance.amount} ${balance.asset}`);
 });
-var walletFundCommand = (appContext) => new Command8("fund").description("Fund your wallet").argument("[amount]", "Amount to fund in USDC").option("--manual", "Show wallet address for manual transfer").action(
+var walletFundCommand = (appContext) => new Command9("fund").description("Fund your wallet").argument("[amount]", "Amount to fund in USDC").option("--manual", "Show wallet address for manual transfer").action(
   async (amount, options) => {
     const { analyticsService, walletService } = appContext.services;
     const address = walletService.getAddress();
@@ -1145,7 +1665,7 @@ ${address}`);
     }
   }
 );
-var walletAddressCommand = (appContext) => new Command8("address").description("Show wallet address").action(() => {
+var walletAddressCommand = (appContext) => new Command9("address").description("Show wallet address").action(() => {
   const { walletService } = appContext.services;
   const address = walletService.getAddress();
   if (!address) {
@@ -1155,7 +1675,7 @@ var walletAddressCommand = (appContext) => new Command8("address").description("
   }
   console.log(address);
 });
-var walletSetCommand = (appContext) => new Command8("set").description("Set wallet from an existing private key").argument("<privateKey>", "Hex-encoded private key (0x-prefixed)").option("--force", "Overwrite existing wallet without prompting").action(async (privateKey, options) => {
+var walletSetCommand = (appContext) => new Command9("set").description("Set wallet from an existing private key").argument("<privateKey>", "Hex-encoded private key (0x-prefixed)").option("--force", "Overwrite existing wallet without prompting").action(async (privateKey, options) => {
   const { analyticsService } = appContext.services;
   if (!privateKey.startsWith("0x")) {
     console.error("Private key must be 0x-prefixed hex string.");
@@ -1174,7 +1694,7 @@ var walletSetCommand = (appContext) => new Command8("set").description("Set wall
   const configPath = join3(zeroDir, "config.json");
   if (!options.force && existsSync3(configPath)) {
     try {
-      const existing2 = JSON.parse(readFileSync4(configPath, "utf8"));
+      const existing2 = JSON.parse(readFileSync5(configPath, "utf8"));
       if (existing2.privateKey) {
         console.error(
           "Wallet already configured. Use --force to overwrite."
@@ -1186,7 +1706,7 @@ var walletSetCommand = (appContext) => new Command8("set").description("Set wall
     }
   }
   mkdirSync3(zeroDir, { recursive: true });
-  const existing = existsSync3(configPath) ? JSON.parse(readFileSync4(configPath, "utf8")) : {};
+  const existing = existsSync3(configPath) ? JSON.parse(readFileSync5(configPath, "utf8")) : {};
   writeFileSync3(
     configPath,
     JSON.stringify(
@@ -1207,7 +1727,7 @@ var walletSetCommand = (appContext) => new Command8("set").description("Set wall
   });
 });
 var walletCommand = (appContext) => {
-  const cmd = new Command8("wallet").description("Manage your wallet");
+  const cmd = new Command9("wallet").description("Manage your wallet");
   cmd.addCommand(walletBalanceCommand(appContext));
   cmd.addCommand(walletFundCommand(appContext));
   cmd.addCommand(walletAddressCommand(appContext));
@@ -1218,7 +1738,7 @@ var walletCommand = (appContext) => {
 // src/app.ts
 var createApp = (appContext) => {
   const { analyticsService } = appContext.services;
-  const program = new Command9().name("zero").description("Zero CLI \u2014 Search engine and payment platform for AI agents").version(package_default.version, "-v, --version").exitOverride().hook("preAction", (_thisCommand, actionCommand) => {
+  const program = new Command10().name("zero").description("Zero CLI \u2014 Search engine and payment platform for AI agents").version(package_default.version, "-v, --version").exitOverride().hook("preAction", (_thisCommand, actionCommand) => {
     analyticsService.capture("command_executed", {
       command: actionCommand.name()
     });
@@ -1229,16 +1749,17 @@ var createApp = (appContext) => {
   program.addCommand(fetchCommand(appContext));
   program.addCommand(reviewCommand(appContext));
   program.addCommand(runsCommand(appContext));
+  program.addCommand(bugReportCommand(appContext));
   program.addCommand(walletCommand(appContext));
   program.addCommand(configCommand(appContext));
   return program;
 };
 
 // src/app/app-env.ts
-import z2 from "zod";
-var envSchema = z2.object({
-  ZERO_API_URL: z2.string().default("https://api.zero.xyz"),
-  ZERO_PRIVATE_KEY: z2.string().optional()
+import z4 from "zod";
+var envSchema = z4.object({
+  ZERO_API_URL: z4.string().default("https://api.zero.xyz"),
+  ZERO_PRIVATE_KEY: z4.string().optional()
 });
 var getEnv = () => {
   try {
@@ -1251,14 +1772,14 @@ var getEnv = () => {
 };
 
 // src/app/app-services.ts
-import { existsSync as existsSync6, readFileSync as readFileSync7 } from "fs";
+import { existsSync as existsSync6, readFileSync as readFileSync8 } from "fs";
 import { homedir as homedir4 } from "os";
 import { join as join5 } from "path";
 import { privateKeyToAccount as privateKeyToAccount3 } from "viem/accounts";
 
 // src/services/analytics-service.ts
 import { randomUUID } from "crypto";
-import { existsSync as existsSync4, mkdirSync as mkdirSync4, readFileSync as readFileSync5, writeFileSync as writeFileSync4 } from "fs";
+import { existsSync as existsSync4, mkdirSync as mkdirSync4, readFileSync as readFileSync6, writeFileSync as writeFileSync4 } from "fs";
 import { dirname as dirname2 } from "path";
 import { PostHog } from "posthog-node";
 var POSTHOG_API_KEY = "phc_B2vLyNxAf2mnqvdPQajf4d4b2iXc35dep2ZrvebMJLuX";
@@ -1273,7 +1794,7 @@ var AnalyticsService = class {
     let persistedAnonId;
     try {
       if (existsSync4(opts.configPath)) {
-        const config = JSON.parse(readFileSync5(opts.configPath, "utf8"));
+        const config = JSON.parse(readFileSync6(opts.configPath, "utf8"));
         if (config.telemetry === false) {
           telemetryEnabled = false;
         }
@@ -1298,7 +1819,7 @@ var AnalyticsService = class {
       try {
         const dir = dirname2(opts.configPath);
         mkdirSync4(dir, { recursive: true });
-        const existing = existsSync4(opts.configPath) ? JSON.parse(readFileSync5(opts.configPath, "utf8")) : {};
+        const existing = existsSync4(opts.configPath) ? JSON.parse(readFileSync6(opts.configPath, "utf8")) : {};
         writeFileSync4(
           opts.configPath,
           JSON.stringify({ ...existing, anonId: newAnonId }, null, 2)
@@ -1344,203 +1865,6 @@ var AnalyticsService = class {
   }
 };
 
-// src/services/api-service.ts
-import { createHash as createHash2 } from "crypto";
-import z3 from "zod";
-var searchResultSchema = z3.object({
-  id: z3.string(),
-  position: z3.number(),
-  slug: z3.string(),
-  name: z3.string(),
-  canonicalName: z3.string().nullable().optional(),
-  description: z3.string(),
-  whatItDoes: z3.string().nullable().optional(),
-  url: z3.string(),
-  cost: z3.object({ amount: z3.string(), asset: z3.string() }),
-  rating: z3.object({
-    score: z3.string(),
-    successRate: z3.string(),
-    reviews: z3.number(),
-    stars: z3.string().nullable().optional(),
-    state: z3.enum(["unrated", "rated"]).optional()
-  }),
-  trustScore: z3.number().nullable().optional(),
-  trustSignalCount: z3.number().optional(),
-  availabilityStatus: z3.enum(["healthy", "degraded", "down", "unknown"]).nullable().optional(),
-  relevanceScore: z3.number().optional()
-});
-var searchResponseSchema = z3.object({
-  searchId: z3.string(),
-  total: z3.number().optional().default(0),
-  offset: z3.number().optional().default(0),
-  hasMore: z3.boolean().optional().default(false),
-  capabilities: z3.array(searchResultSchema)
-});
-var capabilityResponseSchema = z3.object({
-  uid: z3.string(),
-  slug: z3.string(),
-  name: z3.string(),
-  description: z3.string(),
-  url: z3.string(),
-  method: z3.string(),
-  headers: z3.record(z3.string(), z3.string()).nullable(),
-  bodySchema: z3.record(z3.string(), z3.unknown()).nullable(),
-  responseSchema: z3.record(z3.string(), z3.unknown()).nullable(),
-  example: z3.object({ request: z3.unknown(), response: z3.unknown() }).nullable(),
-  tags: z3.array(z3.string()).nullable(),
-  displayCostAmount: z3.string(),
-  displayCostAsset: z3.string(),
-  rating: z3.object({
-    score: z3.string(),
-    successRate: z3.string(),
-    reviews: z3.number(),
-    stars: z3.string().nullable().optional(),
-    state: z3.enum(["unrated", "rated"]).optional()
-  }),
-  priceObserved: z3.object({
-    medianCents: z3.string(),
-    p95Cents: z3.string(),
-    sampleCount: z3.number(),
-    varies: z3.boolean()
-  }).nullable().optional(),
-  paymentMethods: z3.array(
-    z3.object({
-      uid: z3.string(),
-      protocol: z3.string(),
-      methodType: z3.string(),
-      chain: z3.string().nullable(),
-      mode: z3.string(),
-      costAmount: z3.string(),
-      costPer: z3.string(),
-      priority: z3.number()
-    })
-  ).nullable(),
-  trustScore: z3.number().nullable().optional(),
-  trustComponents: z3.object({
-    apiQuality: z3.number().nullable(),
-    blockchainActivity: z3.number().nullable(),
-    performance: z3.number().nullable()
-  }).nullable().optional(),
-  availabilityStatus: z3.enum(["healthy", "degraded", "down", "unknown"]).nullable().optional()
-});
-var createRunResponseSchema = z3.object({
-  runId: z3.string()
-});
-var createReviewResponseSchema = z3.object({
-  reviewId: z3.string(),
-  recorded: z3.boolean()
-});
-var runListItemSchema = z3.object({
-  uid: z3.string(),
-  capabilityUid: z3.string(),
-  capabilitySlug: z3.string(),
-  capabilityName: z3.string(),
-  status: z3.number().nullable(),
-  latencyMs: z3.number().nullable(),
-  cost: z3.object({ amount: z3.string(), asset: z3.string().nullable() }).nullable(),
-  payment: z3.object({
-    protocol: z3.string(),
-    chain: z3.string().nullable(),
-    txHash: z3.string().nullable(),
-    mode: z3.string().nullable()
-  }).nullable(),
-  createdAt: z3.coerce.date(),
-  reviewed: z3.boolean()
-});
-var listRunsResponseSchema = z3.object({
-  runs: z3.array(runListItemSchema),
-  nextCursor: z3.string().nullable()
-});
-var buildCanonicalMessage = (method, path, body, timestamp, nonce) => {
-  const bodyHash = createHash2("sha256").update(body ?? "").digest("hex");
-  return `${method}:${path}:${bodyHash}:${timestamp}:${nonce}`;
-};
-var ApiService = class {
-  constructor(baseUrl, account) {
-    this.baseUrl = baseUrl;
-    this.account = account;
-    this.walletAddress = this.account?.address ?? null;
-  }
-  walletAddress;
-  account;
-  signRequest = async (method, path, body) => {
-    if (!this.account) throw new Error("No private key configured");
-    const timestamp = Math.floor(Date.now() / 1e3).toString();
-    const nonce = crypto.randomUUID();
-    const message = buildCanonicalMessage(method, path, body, timestamp, nonce);
-    const signature = await this.account.signMessage({ message });
-    return {
-      "x-zero-address": this.account.address,
-      "x-zero-timestamp": timestamp,
-      "x-zero-nonce": nonce,
-      "x-zero-signature": signature
-    };
-  };
-  request = async (method, path, body) => {
-    const url = `${this.baseUrl}${path}`;
-    const bodyStr = body ? JSON.stringify(body) : void 0;
-    const headers = {
-      "content-type": "application/json"
-    };
-    if (this.account) {
-      const walletHeaders = await this.signRequest(method, path, bodyStr);
-      Object.assign(headers, walletHeaders);
-    }
-    const response = await fetch(url, {
-      method,
-      headers,
-      body: bodyStr
-    });
-    if (!response.ok) {
-      const errorBody = await response.json().catch(() => ({ error: "Unknown error" }));
-      throw new Error(
-        errorBody.error ?? `HTTP ${response.status}`
-      );
-    }
-    return response.json();
-  };
-  search = async (options) => {
-    const json = await this.request("POST", "/v1/search", options);
-    return searchResponseSchema.parse(json);
-  };
-  getCapability = async (id, searchId) => {
-    const qs = searchId ? `?searchId=${encodeURIComponent(searchId)}` : "";
-    const json = await this.request(
-      "GET",
-      `/v1/capabilities/${encodeURIComponent(id)}${qs}`
-    );
-    return capabilityResponseSchema.parse(json);
-  };
-  createRun = async (data) => {
-    const json = await this.request("POST", "/v1/runs", data);
-    return createRunResponseSchema.parse(json);
-  };
-  listRuns = async (params = {}) => {
-    const qs = new URLSearchParams();
-    if (params.capabilityId) qs.set("capabilityId", params.capabilityId);
-    if (params.unreviewed) qs.set("unreviewed", "true");
-    if (params.limit) qs.set("limit", String(params.limit));
-    if (params.cursor) qs.set("cursor", params.cursor);
-    const suffix = qs.toString() ? `?${qs.toString()}` : "";
-    const json = await this.request("GET", `/v1/runs${suffix}`);
-    return listRunsResponseSchema.parse(json);
-  };
-  createReview = async (data) => {
-    const json = await this.request("POST", "/v1/reviews", data);
-    return createReviewResponseSchema.parse(json);
-  };
-  getFundingUrl = async (amount) => {
-    try {
-      const qs = amount ? `?amount=${encodeURIComponent(amount)}` : "";
-      const json = await this.request("GET", `/v1/wallet/fund-url${qs}`);
-      const parsed = z3.object({ url: z3.string() }).parse(json);
-      return parsed.url;
-    } catch {
-      return null;
-    }
-  };
-};
-
 // src/services/payment-service.ts
 import {
   adaptViemWallet,
@@ -1847,7 +2171,7 @@ var PaymentService = class {
 };
 
 // src/services/state-service.ts
-import { existsSync as existsSync5, mkdirSync as mkdirSync5, readFileSync as readFileSync6, writeFileSync as writeFileSync5 } from "fs";
+import { existsSync as existsSync5, mkdirSync as mkdirSync5, readFileSync as readFileSync7, writeFileSync as writeFileSync5 } from "fs";
 import { join as join4 } from "path";
 var StateService = class {
   constructor(zeroDir) {
@@ -1862,7 +2186,7 @@ var StateService = class {
   loadLastSearch = () => {
     try {
       if (!existsSync5(this.lastSearchPath)) return null;
-      const raw = readFileSync6(this.lastSearchPath, "utf8");
+      const raw = readFileSync7(this.lastSearchPath, "utf8");
       return JSON.parse(raw);
     } catch {
       return null;
@@ -1906,7 +2230,7 @@ var getServices = (env) => {
   if (!privateKey) {
     try {
       if (existsSync6(configPath)) {
-        const config = JSON.parse(readFileSync7(configPath, "utf8"));
+        const config = JSON.parse(readFileSync8(configPath, "utf8"));
         if (typeof config.privateKey === "string") {
           privateKey = config.privateKey;
         }
@@ -1918,7 +2242,7 @@ var getServices = (env) => {
   let lowBalanceWarning = 1;
   try {
     if (existsSync6(configPath)) {
-      const config = JSON.parse(readFileSync7(configPath, "utf8"));
+      const config = JSON.parse(readFileSync8(configPath, "utf8"));
       if (typeof config.lowBalanceWarning === "number") {
         lowBalanceWarning = config.lowBalanceWarning;
       }

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@zeroxyz/cli",
-	"version": "0.0.23",
+	"version": "0.0.24",
 	"type": "module",
 	"bin": {
 		"zero": "dist/index.js",

package/skills/zero/SKILL.md

@@ -125,6 +125,14 @@ zero config                              # view current config
 zero config --set lowBalanceWarning=2.0  # warn when balance drops below $2
 ```
 
+## Reporting a Zero Platform Bug
+
+`zero bug-report "<what broke>"` exists for **Zero platform issues** — bad search ranking, indexed URL is wrong, billing was off, CLI itself misbehaved. **Only use it when the user explicitly asks** ("file a bug", "report a bug to Zero"). Never substitute it for `zero review` — capability quality (good/bad result, accuracy, value) always belongs in a review.
+
+```bash
+zero bug-report "Search ranked the wrong API first for BTC price"
+```
+
 ## Examples
 
 ### Translate text