@zeroxyz/cli 0.0.23 → 0.0.25

package/dist/index.js

@@ -1,12 +1,12 @@
 #!/usr/bin/env node
 
 // src/app.ts
-import { Command as Command9 } from "commander";
+import { Command as Command11 } from "commander";
 
 // package.json
 var package_default = {
   name: "@zeroxyz/cli",
-  version: "0.0.23",
+  version: "0.0.25",
   type: "module",
   bin: {
     zero: "dist/index.js",
@@ -59,21 +59,481 @@ var package_default = {
   }
 };
 
+// src/commands/bug-report-command.ts
+import { createHash as createHash2 } from "crypto";
+import { readFileSync } from "fs";
+import { Command } from "commander";
+import { z as z2 } from "zod";
+
+// src/services/api-service.ts
+import { createHash } from "crypto";
+import z from "zod";
+var searchResultSchema = z.object({
+  id: z.string(),
+  position: z.number(),
+  slug: z.string(),
+  name: z.string(),
+  canonicalName: z.string().nullable().optional(),
+  description: z.string(),
+  whatItDoes: z.string().nullable().optional(),
+  url: z.string(),
+  cost: z.object({ amount: z.string(), asset: z.string() }),
+  rating: z.object({
+    score: z.string(),
+    successRate: z.string(),
+    reviews: z.number(),
+    stars: z.string().nullable().optional(),
+    state: z.enum(["unrated", "rated"]).optional()
+  }),
+  trustScore: z.number().nullable().optional(),
+  trustSignalCount: z.number().optional(),
+  availabilityStatus: z.enum(["healthy", "degraded", "down", "unknown"]).nullable().optional(),
+  relevanceScore: z.number().optional()
+});
+var searchResponseSchema = z.object({
+  searchId: z.string(),
+  total: z.number().optional().default(0),
+  offset: z.number().optional().default(0),
+  hasMore: z.boolean().optional().default(false),
+  capabilities: z.array(searchResultSchema)
+});
+var capabilityResponseSchema = z.object({
+  uid: z.string(),
+  slug: z.string(),
+  name: z.string(),
+  description: z.string(),
+  url: z.string(),
+  method: z.string(),
+  headers: z.record(z.string(), z.string()).nullable(),
+  bodySchema: z.record(z.string(), z.unknown()).nullable(),
+  responseSchema: z.record(z.string(), z.unknown()).nullable(),
+  example: z.object({ request: z.unknown(), response: z.unknown() }).nullable(),
+  tags: z.array(z.string()).nullable(),
+  displayCostAmount: z.string(),
+  displayCostAsset: z.string(),
+  rating: z.object({
+    score: z.string(),
+    successRate: z.string(),
+    reviews: z.number(),
+    stars: z.string().nullable().optional(),
+    state: z.enum(["unrated", "rated"]).optional()
+  }),
+  priceObserved: z.object({
+    medianCents: z.string(),
+    p95Cents: z.string(),
+    sampleCount: z.number(),
+    varies: z.boolean()
+  }).nullable().optional(),
+  paymentMethods: z.array(
+    z.object({
+      uid: z.string(),
+      protocol: z.string(),
+      methodType: z.string(),
+      chain: z.string().nullable(),
+      mode: z.string(),
+      costAmount: z.string(),
+      costPer: z.string(),
+      priority: z.number()
+    })
+  ).nullable(),
+  trustScore: z.number().nullable().optional(),
+  trustComponents: z.object({
+    apiQuality: z.number().nullable(),
+    blockchainActivity: z.number().nullable(),
+    performance: z.number().nullable()
+  }).nullable().optional(),
+  availabilityStatus: z.enum(["healthy", "degraded", "down", "unknown"]).nullable().optional()
+});
+var createRunResponseSchema = z.object({
+  runId: z.string()
+});
+var createReviewResponseSchema = z.object({
+  reviewId: z.string(),
+  recorded: z.boolean()
+});
+var BUG_REPORT_CATEGORIES = [
+  "search_relevance",
+  "ranking_issue",
+  "missing_capability",
+  "wrong_schema",
+  "misleading_description",
+  "broken_execution",
+  "payment_failure",
+  "billing_anomaly",
+  "cli_bug",
+  "security",
+  "other"
+];
+var createBugReportResponseSchema = z.object({
+  bugReportId: z.string(),
+  status: z.string(),
+  deduped: z.boolean(),
+  category: z.enum(BUG_REPORT_CATEGORIES).nullable(),
+  title: z.string().nullable(),
+  attached: z.object({
+    capabilityId: z.number().nullable(),
+    runId: z.number().nullable(),
+    searchId: z.number().nullable()
+  })
+});
+var runListItemSchema = z.object({
+  uid: z.string(),
+  capabilityUid: z.string(),
+  capabilitySlug: z.string(),
+  capabilityName: z.string(),
+  status: z.number().nullable(),
+  latencyMs: z.number().nullable(),
+  cost: z.object({ amount: z.string(), asset: z.string().nullable() }).nullable(),
+  payment: z.object({
+    protocol: z.string(),
+    chain: z.string().nullable(),
+    txHash: z.string().nullable(),
+    mode: z.string().nullable()
+  }).nullable(),
+  createdAt: z.coerce.date(),
+  reviewed: z.boolean()
+});
+var listRunsResponseSchema = z.object({
+  runs: z.array(runListItemSchema),
+  nextCursor: z.string().nullable()
+});
+var buildCanonicalMessage = (method, path, body, timestamp, nonce) => {
+  const bodyHash = createHash("sha256").update(body ?? "").digest("hex");
+  return `${method}:${path}:${bodyHash}:${timestamp}:${nonce}`;
+};
+var ApiService = class {
+  constructor(baseUrl, account) {
+    this.baseUrl = baseUrl;
+    this.account = account;
+    this.walletAddress = this.account?.address ?? null;
+  }
+  walletAddress;
+  account;
+  signRequest = async (method, path, body) => {
+    if (!this.account) throw new Error("No private key configured");
+    const timestamp = Math.floor(Date.now() / 1e3).toString();
+    const nonce = crypto.randomUUID();
+    const message = buildCanonicalMessage(method, path, body, timestamp, nonce);
+    const signature = await this.account.signMessage({ message });
+    return {
+      "x-zero-address": this.account.address,
+      "x-zero-timestamp": timestamp,
+      "x-zero-nonce": nonce,
+      "x-zero-signature": signature
+    };
+  };
+  request = async (method, path, body) => {
+    const url = `${this.baseUrl}${path}`;
+    const bodyStr = body ? JSON.stringify(body) : void 0;
+    const headers = {
+      "content-type": "application/json"
+    };
+    if (this.account) {
+      const walletHeaders = await this.signRequest(method, path, bodyStr);
+      Object.assign(headers, walletHeaders);
+    }
+    const response = await fetch(url, {
+      method,
+      headers,
+      body: bodyStr
+    });
+    if (!response.ok) {
+      const errorBody = await response.json().catch(() => ({ error: "Unknown error" }));
+      throw new Error(
+        errorBody.error ?? `HTTP ${response.status}`
+      );
+    }
+    return response.json();
+  };
+  search = async (options) => {
+    const json = await this.request("POST", "/v1/search", options);
+    return searchResponseSchema.parse(json);
+  };
+  getCapability = async (id, searchId) => {
+    const qs = searchId ? `?searchId=${encodeURIComponent(searchId)}` : "";
+    const json = await this.request(
+      "GET",
+      `/v1/capabilities/${encodeURIComponent(id)}${qs}`
+    );
+    return capabilityResponseSchema.parse(json);
+  };
+  createRun = async (data) => {
+    const json = await this.request("POST", "/v1/runs", data);
+    return createRunResponseSchema.parse(json);
+  };
+  listRuns = async (params = {}) => {
+    const qs = new URLSearchParams();
+    if (params.capabilityId) qs.set("capabilityId", params.capabilityId);
+    if (params.unreviewed) qs.set("unreviewed", "true");
+    if (params.limit) qs.set("limit", String(params.limit));
+    if (params.cursor) qs.set("cursor", params.cursor);
+    const suffix = qs.toString() ? `?${qs.toString()}` : "";
+    const json = await this.request("GET", `/v1/runs${suffix}`);
+    return listRunsResponseSchema.parse(json);
+  };
+  createReview = async (data) => {
+    const json = await this.request("POST", "/v1/reviews", data);
+    return createReviewResponseSchema.parse(json);
+  };
+  createBugReport = async (data) => {
+    const json = await this.request("POST", "/v1/bug-reports", data);
+    return createBugReportResponseSchema.parse(json);
+  };
+  getFundingUrl = async (amount, provider = "coinbase") => {
+    try {
+      const params = new URLSearchParams({ provider });
+      if (amount) params.set("amount", amount);
+      const json = await this.request(
+        "GET",
+        `/v1/wallet/fund-url?${params.toString()}`
+      );
+      const parsed = z.object({ url: z.string() }).parse(json);
+      return parsed.url;
+    } catch {
+      return null;
+    }
+  };
+};
+
+// src/commands/bug-report-command.ts
+var bulkEntrySchema = z2.object({
+  description: z2.string().min(1),
+  category: z2.enum(BUG_REPORT_CATEGORIES).optional(),
+  title: z2.string().min(1).max(200).optional(),
+  severity: z2.number().int().min(1).max(3).optional(),
+  reproduction: z2.string().optional(),
+  capabilityId: z2.string().optional(),
+  runId: z2.string().optional(),
+  searchId: z2.string().optional(),
+  idempotencyKey: z2.string().min(1).max(200).optional()
+});
+var buildCliContext = () => ({
+  cliVersion: package_default.version,
+  os: process.platform,
+  node: process.version
+});
+var TEN_MIN_MS = 10 * 60 * 1e3;
+var autoIdempotencyKey = (description, contextSeed) => {
+  const bucket = Math.floor(Date.now() / TEN_MIN_MS);
+  const seed = `${description}|${contextSeed ?? ""}|${bucket}`;
+  return `auto-${createHash2("sha256").update(seed).digest("hex").slice(0, 16)}`;
+};
+var bugReportCommand = (appContext) => new Command("bug-report").description(
+  "Report a Zero platform bug \u2014 bad search ranking, wrong indexed URL, CLI bugs, billing issues. The CLI auto-attaches your most recent context (last search + last run), auto-derives a title, and lets the server classify the category. For 'this capability returned a bad result', use `zero review` instead."
+).addHelpText(
+  "after",
+  `
+Minimum surface \u2014 just describe the bug:
+  zero bug-report "Search ranked generic crypto API above exact match for BTC price"
+
+The CLI will:
+  - Attach your most recent search + run as context (use --no-context to skip)
+  - Auto-derive a title from your description
+  - Generate an idempotency key so accidental retries dedupe within 10 minutes
+  - Capture cliContext (cli version, os, node)
+
+The server will:
+  - Pick a category from your description (override with --category if it gets it wrong)
+  - Default severity to 2 (override with --severity)
+  - Echo back what it picked + attached so you can verify
+
+Overrides (only when needed):
+  --capability cap_xyz   Attach a specific capability (overrides auto-context)
+  --run run_xyz          Attach a specific run
+  --search sea_xyz       Attach a specific search
+  --no-context           Skip auto-attached context (file a standalone platform bug)
+  --category <c>         Force a category (otherwise classifier picks)
+  --severity 1|2|3       Override default severity 2
+  --title "..."          Override auto-derived title
+  --reproduction "..."   Add reproduction notes
+  --idempotency-key <k>  Override auto-key (e.g. for explicit retries)
+  --json                 Machine-readable output
+  --from-file <path>     Bulk submit from JSONL (each line: {description, ...overrides})
+
+Categories the classifier picks from:
+  search & discovery: search_relevance, ranking_issue, missing_capability
+  indexed-data quality: wrong_schema, misleading_description, broken_execution
+  platform infra: payment_failure, billing_anomaly, cli_bug
+  cross-cutting: security, other`
+).argument(
+  "[description]",
+  "What broke (free-form text). Required unless --from-file is used."
+).option(
+  "--capability <id>",
+  "Attach this capability uid (cap_*) or slug as context, overriding auto-context"
+).option(
+  "--run <runId>",
+  "Attach this run uid (run_*) as context, overriding auto-context"
+).option(
+  "--search <searchId>",
+  "Attach this search uid (sea_*) as context, overriding auto-context"
+).option("--no-context", "Skip auto-attached context entirely").option(
+  "--category <category>",
+  `Force a category (skips classifier). One of: ${BUG_REPORT_CATEGORIES.join(", ")}`
+).option(
+  "--severity <n>",
+  "Severity 1 (low), 2 (med, default), 3 (high)",
+  Number.parseInt
+).option("--title <text>", "Override auto-derived title (\u2264200 chars)").option(
+  "--reproduction <text>",
+  "Optional reproduction steps (e.g. equivalent curl)"
+).option("--idempotency-key <key>", "Override the auto-generated dedup key").option(
+  "--from-file <path>",
+  "Submit bug reports in bulk from a JSONL file (one report per line)"
+).option("--json", "Emit the API result as JSON on stdout (for batch use)").action(
+  async (description, options) => {
+    try {
+      const { analyticsService, apiService, stateService } = appContext.services;
+      if (!apiService.walletAddress) {
+        console.error(
+          "Wallet auth required \u2014 run `zero wallet import` or set ZERO_PRIVATE_KEY."
+        );
+        process.exitCode = 1;
+        return;
+      }
+      if (options.fromFile) {
+        const contents = readFileSync(options.fromFile, "utf8");
+        const lines = contents.split("\n").map((l) => l.trim()).filter((l) => l.length > 0 && !l.startsWith("#"));
+        let ok = 0;
+        let failed = 0;
+        const cliContext = buildCliContext();
+        for (const [idx, line] of lines.entries()) {
+          const lineNum = idx + 1;
+          try {
+            const parsed = bulkEntrySchema.parse(JSON.parse(line));
+            const result2 = await apiService.createBugReport({
+              description: parsed.description,
+              category: parsed.category,
+              severity: parsed.severity,
+              title: parsed.title,
+              reproduction: parsed.reproduction,
+              capabilityId: parsed.capabilityId,
+              runId: parsed.runId,
+              searchId: parsed.searchId,
+              cliContext,
+              idempotencyKey: parsed.idempotencyKey ?? autoIdempotencyKey(parsed.description, parsed.runId)
+            });
+            ok += 1;
+            console.log(
+              `[${lineNum}] ${result2.bugReportId} category=${result2.category ?? "unclassified"}${result2.deduped ? " (deduped)" : ""}`
+            );
+            analyticsService.capture("bug_report_submitted", {
+              category: result2.category,
+              severity: parsed.severity ?? 2,
+              bulk: true,
+              deduped: result2.deduped
+            });
+          } catch (err) {
+            failed += 1;
+            console.error(
+              `[${lineNum}] FAILED: ${err instanceof Error ? err.message : String(err)}`
+            );
+          }
+        }
+        console.log(
+          `
+Bulk bug-report complete: ${ok} ok, ${failed} failed`
+        );
+        if (failed > 0) process.exitCode = 1;
+        return;
+      }
+      if (!description || description.trim().length === 0) {
+        console.error(
+          'Provide a description: zero bug-report "what broke"'
+        );
+        process.exitCode = 1;
+        return;
+      }
+      if (options.category && !BUG_REPORT_CATEGORIES.includes(
+        options.category
+      )) {
+        console.error(
+          `Invalid --category. Valid: ${BUG_REPORT_CATEGORIES.join(", ")}`
+        );
+        process.exitCode = 1;
+        return;
+      }
+      if (options.severity !== void 0 && (Number.isNaN(options.severity) || options.severity < 1 || options.severity > 3)) {
+        console.error("--severity must be 1, 2, or 3");
+        process.exitCode = 1;
+        return;
+      }
+      let { capability, run, search } = options;
+      const useAutoContext = options.context !== false;
+      if (useAutoContext) {
+        const lastSearch = stateService.loadLastSearch();
+        if (lastSearch) {
+          search = search ?? lastSearch.searchId;
+          const recent = lastSearch.capabilities[0];
+          capability = capability ?? recent?.id;
+        }
+        if (!run) {
+          try {
+            const list = await apiService.listRuns({ limit: 1 });
+            const [latest] = list.runs;
+            if (latest) {
+              run = latest.uid;
+              capability = capability ?? latest.capabilityUid;
+            }
+          } catch {
+          }
+        }
+      }
+      const idempotencyKey = options.idempotencyKey ?? autoIdempotencyKey(description, run ?? capability ?? null);
+      const result = await apiService.createBugReport({
+        description,
+        category: options.category,
+        severity: options.severity,
+        title: options.title,
+        reproduction: options.reproduction,
+        capabilityId: capability,
+        runId: run,
+        searchId: search,
+        cliContext: buildCliContext(),
+        idempotencyKey
+      });
+      if (options.json) {
+        console.log(JSON.stringify(result));
+      } else {
+        const cat = result.category ?? "unclassified";
+        const dedupeNote = result.deduped ? " (deduped \u2014 same description within 10 min)" : "";
+        console.log(
+          `Bug report filed: ${result.bugReportId}${dedupeNote}
+  category: ${cat}
+  title:    ${result.title ?? "(none)"}
+  attached: capability=${result.attached.capabilityId ?? "\u2014"} run=${result.attached.runId ?? "\u2014"} search=${result.attached.searchId ?? "\u2014"}`
+        );
+      }
+      analyticsService.capture("bug_report_submitted", {
+        category: result.category,
+        severity: options.severity ?? 2,
+        deduped: result.deduped,
+        autoContext: useAutoContext
+      });
+    } catch (err) {
+      console.error(
+        err instanceof Error ? err.message : "Bug report failed"
+      );
+      process.exitCode = 1;
+    }
+  }
+);
+
 // src/commands/config-command.ts
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { existsSync, mkdirSync, readFileSync as readFileSync2, writeFileSync } from "fs";
 import { homedir } from "os";
 import { join } from "path";
-import { Command } from "commander";
+import { Command as Command2 } from "commander";
 var VALID_KEYS = ["lowBalanceWarning", "auth", "telemetry"];
 var loadConfig = (configPath) => {
   try {
     if (!existsSync(configPath)) return {};
-    return JSON.parse(readFileSync(configPath, "utf8"));
+    return JSON.parse(readFileSync2(configPath, "utf8"));
   } catch {
     return {};
   }
 };
-var configCommand = (_appContext) => new Command("config").description("View or update CLI configuration").option("--set <keyValue>", "Set a config value (key=value)").action((options) => {
+var configCommand = (_appContext) => new Command2("config").description("View or update CLI configuration").option("--set <keyValue>", "Set a config value (key=value)").action((options) => {
   const configPath = join(homedir(), ".zero", "config.json");
   if (!options.set) {
     const config2 = loadConfig(configPath);
@@ -110,128 +570,637 @@ var configCommand = (_appContext) => new Command("config").description("View or
 });
 
 // src/commands/fetch-command.ts
-import { Command as Command2 } from "commander";
+import { Command as Command3 } from "commander";
+import { formatUnits as formatUnits2 } from "viem";
 
-// src/util/infer-schema.ts
-var inferSchema = (value, depth = 0) => {
-  if (depth > 6) return { type: typeOf(value) };
-  if (value === null) return { type: "null" };
-  if (Array.isArray(value)) {
-    const itemSchemas = value.slice(0, 3).map((v) => inferSchema(v, depth + 1));
-    return {
-      type: "array",
-      items: itemSchemas[0] ?? { type: "unknown" }
-    };
-  }
-  if (typeof value === "object") {
-    const obj = value;
-    const properties = {};
-    const required = [];
-    for (const [k, v] of Object.entries(obj)) {
-      properties[k] = inferSchema(v, depth + 1);
-      required.push(k);
-    }
-    return { type: "object", properties, required };
+// src/services/payment-service.ts
+import {
+  adaptViemWallet,
+  convertViemChainToRelayChain,
+  createClient as createRelayClient,
+  getClient as getRelayClient,
+  MAINNET_RELAY_API
+} from "@relayprotocol/relay-sdk";
+import { x402Client as X402Client } from "@x402/core/client";
+import { decodePaymentResponseHeader, x402HTTPClient } from "@x402/core/http";
+import { ExactEvmScheme } from "@x402/evm/exact/client";
+import { createSIWxClientHook } from "@x402/extensions/sign-in-with-x";
+import { wrapFetchWithPayment } from "@x402/fetch";
+import { Challenge, Receipt } from "mppx";
+import { Mppx, tempo } from "mppx/client";
+import {
+  createPublicClient,
+  createWalletClient,
+  formatUnits,
+  http
+} from "viem";
+import { base, baseSepolia } from "viem/chains";
+var SessionCloseFailedError = class extends Error {
+  session;
+  response;
+  capturedAmount;
+  constructor(params) {
+    super(params.message);
+    this.name = "SessionCloseFailedError";
+    this.session = params.session;
+    this.response = params.response;
+    this.capturedAmount = params.capturedAmount;
   }
-  return { type: typeOf(value) };
 };
-var typeOf = (v) => {
-  if (v === null) return "null";
-  if (Array.isArray(v)) return "array";
-  return typeof v;
+var USDC_BASE = "0x833589fcd6edb6e08f4c7c32d4f71b54bda02913";
+var USDC_BASE_SEPOLIA = "0x036CbD53842c5426634e7929541eC2318f3dCF7e";
+var USDC_TEMPO = "0x20c000000000000000000000b9537d11c60e8b50";
+var PATHUSD_TEMPO = "0x20c0000000000000000000000000000000000000";
+var BASE_CHAIN_ID = 8453;
+var TEMPO_CHAIN_ID = 4217;
+var TEMPO_TESTNET_CHAIN_ID = 42431;
+var DEFAULT_MAX_DEPOSIT = "100";
+var KNOWN_EIP712_DOMAINS = {
+  // USDC on Base
+  [USDC_BASE.toLowerCase()]: { name: "USDC", version: "2" },
+  // USDC on Base Sepolia
+  [USDC_BASE_SEPOLIA.toLowerCase()]: { name: "USDC", version: "2" }
 };
-var tryParseJson = (text) => {
+var buildRelayClientOptions = () => ({
+  baseApiUrl: MAINNET_RELAY_API,
+  source: "zero-cli",
+  chains: [convertViemChainToRelayChain(base)]
+});
+var calculateBuffer = (baseBalance) => {
+  const twentyFivePercent = baseBalance / 4n;
+  const twoDollars = 2000000n;
+  return twentyFivePercent < twoDollars ? twentyFivePercent : twoDollars;
+};
+var tempoChain = {
+  id: TEMPO_CHAIN_ID,
+  name: "Tempo",
+  nativeCurrency: { name: "USD", symbol: "USD", decimals: 18 },
+  rpcUrls: {
+    default: { http: ["https://rpc.tempo.xyz"] }
+  }
+};
+var tempoTestnetChain = {
+  id: TEMPO_TESTNET_CHAIN_ID,
+  name: "Tempo Testnet",
+  nativeCurrency: { name: "USD", symbol: "USD", decimals: 18 },
+  rpcUrls: {
+    default: { http: ["https://rpc.moderato.tempo.xyz"] }
+  }
+};
+var ERC20_BALANCE_ABI = [
+  {
+    inputs: [{ name: "account", type: "address" }],
+    name: "balanceOf",
+    outputs: [{ name: "", type: "uint256" }],
+    stateMutability: "view",
+    type: "function"
+  }
+];
+var decodeSessionReceiptHeader = (header) => {
+  if (!header) return null;
   try {
-    return JSON.parse(text);
+    const padLen = (4 - header.length % 4) % 4;
+    const padded = header.replace(/-/g, "+").replace(/_/g, "/") + "=".repeat(padLen);
+    const json = Buffer.from(padded, "base64").toString("utf8");
+    const parsed = JSON.parse(json);
+    if (typeof parsed.channelId !== "string" || typeof parsed.acceptedCumulative !== "string" || typeof parsed.spent !== "string" || typeof parsed.challengeId !== "string") {
+      return null;
+    }
+    return parsed;
   } catch {
     return null;
   }
 };
-
-// src/commands/fetch-command.ts
-var detectPaymentRequirement = (headers, status) => {
-  if (status !== 402) return null;
-  const x402Header = headers.get("payment-required") ?? headers.get("x-payment-required");
-  if (x402Header) {
-    try {
-      const decoded = JSON.parse(
-        Buffer.from(x402Header, "base64").toString("utf8")
+var readSessionReceipt = (response) => decodeSessionReceiptHeader(
+  response.headers.get("Payment-Receipt") ?? response.headers.get("payment-receipt")
+);
+var pickSessionCloseAmount = (receipt, openTimeCumulative) => {
+  if (!receipt) return openTimeCumulative;
+  const accepted = BigInt(receipt.acceptedCumulative);
+  const spent = BigInt(receipt.spent);
+  const fromReceipt = accepted > spent ? accepted : spent;
+  return fromReceipt > openTimeCumulative ? fromReceipt : openTimeCumulative;
+};
+var PaymentService = class {
+  constructor(account, config, deps = {}) {
+    this.account = account;
+    this.config = config;
+    this.fetchOverride = deps.fetchImpl;
+  }
+  relayInitialized = false;
+  fetchOverride;
+  /**
+   * Resolve the fetch implementation lazily so tests can `vi.stubGlobal`
+   * the global `fetch` after the service is constructed.
+   */
+  get fetchImpl() {
+    return this.fetchOverride ?? globalThis.fetch;
+  }
+  getAccount = () => this.account;
+  ensureRelayClient = () => {
+    if (!this.relayInitialized) {
+      createRelayClient(buildRelayClientOptions());
+      this.relayInitialized = true;
+    }
+  };
+  bridgeToTempo = async (requiredAmount, onProgress) => {
+    if (!this.account) throw new Error("No wallet configured");
+    this.ensureRelayClient();
+    const baseBalance = await this.getBalanceRaw("base");
+    const buffer = calculateBuffer(baseBalance);
+    const bridgeAmount = requiredAmount + buffer;
+    if (baseBalance < bridgeAmount) {
+      throw new Error(
+        `Insufficient Base USDC to bridge: have ${formatUnits(baseBalance, 6)}, need ${formatUnits(bridgeAmount, 6)} (${formatUnits(requiredAmount, 6)} + ${formatUnits(buffer, 6)} buffer)`
       );
-      return { protocol: "x402", raw: decoded };
-    } catch {
-      return { protocol: "x402", raw: { encoded: x402Header } };
     }
-  }
-  const wwwAuth = headers.get("www-authenticate");
-  if (wwwAuth?.toLowerCase().includes("payment")) {
-    return { protocol: "mpp", raw: { "www-authenticate": wwwAuth } };
-  }
-  return { protocol: "unknown", raw: {} };
-};
-var fetchCommand = (appContext) => new Command2("fetch").description("Fetch a capability URL with automatic payment handling").argument("<url>", "URL to fetch").option(
-  "-X, --method <method>",
-  "HTTP method (GET, POST, PUT, PATCH, DELETE). Defaults to POST when -d is set, otherwise GET"
-).option("-d, --data <body>", "Request body (JSON string)").option("-H, --header <header...>", "Headers in Key:Value format").option("--max-pay <amount>", "Maximum amount willing to pay (USDC)").option(
-  "--capability <id>",
-  "Bind this fetch to a capability (uid or slug) so a reviewable run is recorded even without a prior `zero search`"
-).option(
-  "--json",
-  "Emit {runId, status, latencyMs, payment, body} as JSON on stdout (for batch/non-TTY use)"
-).action(
-  async (url, options) => {
-    try {
-      const {
-        analyticsService,
-        apiService,
-        paymentService,
-        stateService,
-        walletService
-      } = appContext.services;
-      const startTime = Date.now();
-      const headers = {};
-      if (options.header) {
-        for (const h of options.header) {
-          const colonIdx = h.indexOf(":");
-          if (colonIdx > 0) {
-            headers[h.slice(0, colonIdx).trim()] = h.slice(colonIdx + 1).trim();
-          }
+    onProgress?.(
+      `Bridging ${formatUnits(bridgeAmount, 6)} USDC from Base to Tempo...`
+    );
+    const walletClient = createWalletClient({
+      account: this.account,
+      chain: base,
+      transport: http()
+    });
+    const quote = await getRelayClient().actions.getQuote({
+      chainId: BASE_CHAIN_ID,
+      toChainId: TEMPO_CHAIN_ID,
+      currency: USDC_BASE,
+      toCurrency: USDC_TEMPO,
+      amount: bridgeAmount.toString(),
+      tradeType: "EXACT_INPUT",
+      user: this.account.address,
+      recipient: this.account.address,
+      options: {
+        usePermit: true
+      }
+    });
+    let bridgeTxHash = null;
+    await getRelayClient().actions.execute({
+      quote,
+      wallet: adaptViemWallet(walletClient),
+      onProgress: ({ txHashes }) => {
+        if (txHashes?.length && !bridgeTxHash) {
+          bridgeTxHash = txHashes[0]?.txHash ?? null;
         }
       }
-      const hasContentType = Object.keys(headers).some(
-        (k) => k.toLowerCase() === "content-type"
+    });
+    return bridgeTxHash;
+  };
+  handlePayment = async (url, request, paymentRequirement, maxPay, onProgress) => {
+    if (!this.account) {
+      throw new Error(
+        "No wallet configured \u2014 run `zero init` or set ZERO_PRIVATE_KEY"
       );
-      if (options.data && !hasContentType) {
-        headers["content-type"] = "application/json";
+    }
+    if (paymentRequirement.protocol === "x402") {
+      onProgress?.("Paying via x402 on Base...");
+      return this.payX402(url, request, paymentRequirement.raw, maxPay);
+    }
+    if (paymentRequirement.protocol === "mpp") {
+      onProgress?.("Paying via MPP on Tempo...");
+      return this.payMpp(
+        url,
+        request,
+        paymentRequirement.raw,
+        maxPay,
+        onProgress
+      );
+    }
+    throw new Error("Unrecognized 402 payment protocol");
+  };
+  payX402 = async (url, request, _raw, maxPay) => {
+    if (!this.account) throw new Error("No wallet configured");
+    let capturedAmount = "0";
+    const client = new X402Client().register(
+      "eip155:*",
+      new ExactEvmScheme(this.account)
+    );
+    client.onBeforePaymentCreation(async (context) => {
+      const selected = context.selectedRequirements;
+      if (selected && (!selected.extra?.name || !selected.extra?.version)) {
+        const known = KNOWN_EIP712_DOMAINS[selected.asset?.toLowerCase() ?? ""];
+        if (known) {
+          selected.extra = { ...selected.extra, ...known };
+        }
       }
-      const log = (msg) => console.error(`  ${msg}`);
-      const method = options.method ? options.method.toUpperCase() : options.data ? "POST" : "GET";
-      const requestInit = {
-        method,
-        headers,
-        body: options.data
-      };
-      const lastSearch = stateService.loadLastSearch();
-      const matchedCapability = lastSearch?.capabilities.find(
-        (c) => url.startsWith(c.url)
+      const requirement = context.paymentRequired.accepts[0];
+      if (!requirement) return;
+      capturedAmount = formatUnits(BigInt(requirement.amount), 6);
+      if (maxPay && Number.parseFloat(capturedAmount) > Number.parseFloat(maxPay)) {
+        return {
+          abort: true,
+          reason: `Payment of ${capturedAmount} USDC exceeds --max-pay ${maxPay}`
+        };
+      }
+    });
+    const httpClient = new x402HTTPClient(client).onPaymentRequired(
+      createSIWxClientHook(this.account)
+    );
+    const wrappedFetch = wrapFetchWithPayment(fetch, httpClient);
+    const response = await wrappedFetch(url, {
+      method: request.method,
+      headers: request.headers,
+      body: request.body
+    });
+    let txHash = null;
+    const paymentResponseHeader = response.headers.get("payment-response") ?? response.headers.get("x-payment-response");
+    if (paymentResponseHeader) {
+      try {
+        const settlement = decodePaymentResponseHeader(paymentResponseHeader);
+        txHash = settlement.transaction ?? null;
+      } catch {
+      }
+    }
+    return {
+      response,
+      protocol: "x402",
+      chain: "base",
+      txHash,
+      amount: capturedAmount,
+      asset: "USDC"
+    };
+  };
+  /**
+   * Shared pre-payment work: compute the Tempo amount we need, enforce
+   * --max-pay, and bridge from Base USDC if the Tempo balance is short.
+   * Invoked from mppx's `onChallenge` — i.e. AFTER the server's 402 and
+   * BEFORE mppx signs a credential — so balance/bridge logic runs in-band
+   * without adding a pre-probe round-trip.
+   */
+  prepareTempoFunds = async (challenge, maxPay, onProgress) => {
+    const challengeRequest = challenge.request;
+    let requiredRaw;
+    if (challenge.intent === "session") {
+      const suggestedDeposit = challengeRequest.suggestedDeposit;
+      requiredRaw = suggestedDeposit ? BigInt(suggestedDeposit) : BigInt(
+        Math.floor(
+          Number.parseFloat(maxPay ?? DEFAULT_MAX_DEPOSIT) * 1e6
+        )
       );
-      const capabilityId = options.capability ?? matchedCapability?.id ?? null;
-      const searchId = matchedCapability ? lastSearch?.searchId : void 0;
-      const skipReasons = [];
-      if (!apiService.walletAddress) {
-        skipReasons.push(
-          "no wallet configured (run `zero wallet import` / set ZERO_PRIVATE_KEY)"
+    } else {
+      requiredRaw = BigInt(challengeRequest.amount);
+    }
+    const capturedAmount = formatUnits(requiredRaw, 6);
+    if (maxPay && Number.parseFloat(capturedAmount) > Number.parseFloat(maxPay)) {
+      throw new Error(
+        `Payment of ${capturedAmount} USDC exceeds --max-pay ${maxPay}`
+      );
+    }
+    const methodDetails = challengeRequest.methodDetails;
+    const challengeChainId = challengeRequest.chainId ?? methodDetails?.chainId;
+    const isTestnet = challengeChainId === TEMPO_TESTNET_CHAIN_ID;
+    onProgress?.(`Checking Tempo balance...`);
+    const tempoBalance = await this.getBalanceRaw(
+      isTestnet ? "tempo-testnet" : "tempo"
+    );
+    if (tempoBalance < requiredRaw) {
+      if (isTestnet) {
+        throw new Error(
+          `Insufficient pathUSD on Tempo testnet: have ${formatUnits(tempoBalance, 6)}, need ${capturedAmount}. Fund your wallet with the Tempo testnet faucet: https://docs.tempo.xyz/quickstart/faucet`
         );
       }
-      if (!capabilityId) {
-        skipReasons.push(
-          "no capability resolved \u2014 pass --capability <uid|slug> or run `zero search` first so the URL can be matched"
+      await this.bridgeToTempo(requiredRaw, onProgress);
+    }
+    return capturedAmount;
+  };
+  /**
+   * MPP payment entrypoint. Runs a SINGLE `mppx.fetch` and uses mppx's
+   * `onChallenge` callback to run balance/bridge/max-pay logic in-band
+   * with the server's 402. After the 200 comes back, we branch on the
+   * captured challenge intent + whether the tempo method reported the
+   * channel as opened (only session lifecycle fires `onChannelUpdate`).
+   *
+   * Why no pre-probe: a pre-probe adds an extra unauthenticated POST
+   * before mppx's own 402 dance (2 → 3 server-side requests). Session-
+   * intent facilitators that re-run the LLM per request can't reconcile
+   * the extra state and return `410 "channel not found"` on the close.
+   * This mirrors the working production v0.0.21 single-fetch flow.
+   */
+  payMpp = async (url, request, _raw, maxPay, onProgress) => {
+    const account = this.account;
+    if (!account) throw new Error("No wallet configured");
+    let capturedAmount = "0";
+    let capturedChallenge;
+    let channelEntry;
+    const mppx = Mppx.create({
+      polyfill: false,
+      fetch: this.fetchImpl,
+      methods: [
+        tempo({
+          account,
+          maxDeposit: maxPay ?? DEFAULT_MAX_DEPOSIT,
+          onChannelUpdate: (entry) => {
+            channelEntry = {
+              channelId: entry.channelId,
+              escrowContract: entry.escrowContract,
+              cumulativeAmount: entry.cumulativeAmount,
+              opened: entry.opened
+            };
+          }
+        })
+      ],
+      onChallenge: async (challenge) => {
+        capturedChallenge = challenge;
+        capturedAmount = await this.prepareTempoFunds(
+          challenge,
+          maxPay,
+          onProgress
         );
+        return void 0;
       }
-      let finalResponse;
-      let body = "";
-      let paymentMeta;
-      let fetchError;
-      try {
+    });
+    const response = await mppx.fetch(url, {
+      method: request.method,
+      headers: request.headers,
+      body: request.body
+    });
+    if (capturedChallenge?.intent === "session" && channelEntry?.opened) {
+      return this.completeMppSession({
+        url,
+        request,
+        challenge: capturedChallenge,
+        channelEntry,
+        response,
+        capturedAmount,
+        mppx
+      });
+    }
+    let txHash = null;
+    try {
+      const receipt = Receipt.fromResponse(response);
+      txHash = receipt.reference ?? null;
+    } catch {
+    }
+    return {
+      response,
+      protocol: "mpp",
+      chain: "tempo",
+      txHash,
+      amount: capturedAmount,
+      asset: "USDC"
+    };
+  };
+  /**
+   * Close an opened MPP session channel after the seller returns a 200.
+   *
+   * Decodes the server's `Payment-Receipt` to get the settled
+   * `acceptedCumulative`/`spent`, signs a close voucher at that amount
+   * (never below on-chain settled), and POSTs it back to the seller.
+   * Needed for dynamic-pricing sellers whose open-time `amount` is `0` —
+   * signing close with `cumulativeAmount=0` would be rejected with
+   * `voucher cumulativeAmount is below on-chain settled amount`.
+   *
+   * When the seller's facilitator rejects the close (e.g. strict matching
+   * of fresh challenge IDs per request), `SessionCloseFailedError` is
+   * thrown carrying the session metadata so the caller can record the run
+   * against the orphaned channel.
+   */
+  completeMppSession = async (params) => {
+    const {
+      url,
+      request,
+      challenge,
+      channelEntry,
+      response,
+      capturedAmount,
+      mppx
+    } = params;
+    const challengeRequest = challenge.request;
+    const recipient = challengeRequest.recipient;
+    const methodDetails = challengeRequest.methodDetails;
+    const challengeEscrow = methodDetails?.escrowContract;
+    const challengeChainId = challengeRequest.chainId ?? methodDetails?.chainId;
+    if (!recipient || !challengeEscrow) {
+      throw new Error("session challenge missing recipient/escrowContract");
+    }
+    if (!challengeChainId) {
+      throw new Error("session challenge missing chainId");
+    }
+    const {
+      channelId,
+      escrowContract,
+      cumulativeAmount: openTimeCumulative
+    } = channelEntry;
+    const receipt = readSessionReceipt(response);
+    const closeAmount = pickSessionCloseAmount(receipt, openTimeCumulative);
+    const orphanedSession = {
+      channelId,
+      escrowContract,
+      chainId: challengeChainId,
+      recipient,
+      cumulativeAmount: closeAmount.toString()
+    };
+    const closeFailed = (message) => new SessionCloseFailedError({
+      message,
+      session: orphanedSession,
+      response,
+      capturedAmount
+    });
+    const closeChallengeResponse = new Response("", {
+      status: 402,
+      headers: { "WWW-Authenticate": Challenge.serialize(challenge) }
+    });
+    let closeCredential;
+    try {
+      closeCredential = await mppx.createCredential(closeChallengeResponse, {
+        action: "close",
+        channelId,
+        cumulativeAmountRaw: closeAmount.toString()
+      });
+    } catch (err) {
+      throw closeFailed(
+        `Session close credential build failed for channel ${channelId}: ${err instanceof Error ? err.message : String(err)}`
+      );
+    }
+    const closeMethod = request.method.toUpperCase();
+    const methodCarriesBody = closeMethod === "POST" || closeMethod === "PUT" || closeMethod === "PATCH";
+    const closeResponse = await this.fetchImpl(url, {
+      method: closeMethod,
+      headers: {
+        ...request.headers,
+        // biome-ignore lint/style/useNamingConvention: HTTP header name
+        Authorization: closeCredential
+      },
+      ...methodCarriesBody && request.body ? { body: request.body } : {}
+    });
+    if (!closeResponse.ok) {
+      const body = await closeResponse.text().catch(() => "");
+      throw closeFailed(
+        `Seller rejected close credential (status ${closeResponse.status}${body ? `: ${body.slice(0, 200)}` : ""}) for channel ${channelId}`
+      );
+    }
+    const closeReceipt = readSessionReceipt(closeResponse);
+    return {
+      response,
+      protocol: "mpp",
+      chain: "tempo",
+      txHash: null,
+      amount: capturedAmount,
+      asset: "USDC",
+      session: {
+        channelId,
+        escrowContract,
+        chainId: challengeChainId,
+        recipient,
+        cumulativeAmount: closeReceipt?.acceptedCumulative ?? closeAmount.toString()
+      }
+    };
+  };
+  resolveChainConfig = (chain) => {
+    switch (chain) {
+      case "base":
+        return { viemChain: base, token: USDC_BASE };
+      case "base-sepolia":
+        return { viemChain: baseSepolia, token: USDC_BASE_SEPOLIA };
+      case "tempo":
+        return { viemChain: tempoChain, token: USDC_TEMPO };
+      case "tempo-testnet":
+        return { viemChain: tempoTestnetChain, token: PATHUSD_TEMPO };
+    }
+  };
+  getBalanceRaw = async (chain) => {
+    if (!this.account) return 0n;
+    const { viemChain, token } = this.resolveChainConfig(chain);
+    const client = createPublicClient({
+      chain: viemChain,
+      transport: http()
+    });
+    const balance = await client.readContract({
+      address: token,
+      abi: ERC20_BALANCE_ABI,
+      functionName: "balanceOf",
+      args: [this.account.address]
+    });
+    return balance;
+  };
+  getBalance = async (chain) => {
+    const raw = await this.getBalanceRaw(chain);
+    return { amount: formatUnits(raw, 6), asset: "USDC" };
+  };
+};
+
+// src/util/infer-schema.ts
+var inferSchema = (value, depth = 0) => {
+  if (depth > 6) return { type: typeOf(value) };
+  if (value === null) return { type: "null" };
+  if (Array.isArray(value)) {
+    const itemSchemas = value.slice(0, 3).map((v) => inferSchema(v, depth + 1));
+    return {
+      type: "array",
+      items: itemSchemas[0] ?? { type: "unknown" }
+    };
+  }
+  if (typeof value === "object") {
+    const obj = value;
+    const properties = {};
+    const required = [];
+    for (const [k, v] of Object.entries(obj)) {
+      properties[k] = inferSchema(v, depth + 1);
+      required.push(k);
+    }
+    return { type: "object", properties, required };
+  }
+  return { type: typeOf(value) };
+};
+var typeOf = (v) => {
+  if (v === null) return "null";
+  if (Array.isArray(v)) return "array";
+  return typeof v;
+};
+var tryParseJson = (text) => {
+  try {
+    return JSON.parse(text);
+  } catch {
+    return null;
+  }
+};
+
+// src/commands/fetch-command.ts
+var detectPaymentRequirement = (headers, status) => {
+  if (status !== 402) return null;
+  const x402Header = headers.get("payment-required") ?? headers.get("x-payment-required");
+  if (x402Header) {
+    try {
+      const decoded = JSON.parse(
+        Buffer.from(x402Header, "base64").toString("utf8")
+      );
+      return { protocol: "x402", raw: decoded };
+    } catch {
+      return { protocol: "x402", raw: { encoded: x402Header } };
+    }
+  }
+  const wwwAuth = headers.get("www-authenticate");
+  if (wwwAuth?.toLowerCase().includes("payment")) {
+    return { protocol: "mpp", raw: { "www-authenticate": wwwAuth } };
+  }
+  return { protocol: "unknown", raw: {} };
+};
+var fetchCommand = (appContext) => new Command3("fetch").description("Fetch a capability URL with automatic payment handling").argument("<url>", "URL to fetch").option(
+  "-X, --method <method>",
+  "HTTP method (GET, POST, PUT, PATCH, DELETE). Defaults to POST when -d is set, otherwise GET"
+).option("-d, --data <body>", "Request body (JSON string)").option("-H, --header <header...>", "Headers in Key:Value format").option("--max-pay <amount>", "Maximum amount willing to pay (USDC)").option(
+  "--capability <id>",
+  "Bind this fetch to a capability (uid or slug) so a reviewable run is recorded even without a prior `zero search`"
+).option(
+  "--json",
+  "Emit {runId, status, latencyMs, payment, body} as JSON on stdout (for batch/non-TTY use)"
+).action(
+  async (url, options) => {
+    try {
+      const {
+        analyticsService,
+        apiService,
+        paymentService,
+        stateService,
+        walletService
+      } = appContext.services;
+      const startTime = Date.now();
+      const headers = {};
+      if (options.header) {
+        for (const h of options.header) {
+          const colonIdx = h.indexOf(":");
+          if (colonIdx > 0) {
+            headers[h.slice(0, colonIdx).trim()] = h.slice(colonIdx + 1).trim();
+          }
+        }
+      }
+      const hasContentType = Object.keys(headers).some(
+        (k) => k.toLowerCase() === "content-type"
+      );
+      if (options.data && !hasContentType) {
+        headers["content-type"] = "application/json";
+      }
+      const log = (msg) => console.error(`  ${msg}`);
+      const method = options.method ? options.method.toUpperCase() : options.data ? "POST" : "GET";
+      const requestInit = {
+        method,
+        headers,
+        body: options.data
+      };
+      const lastSearch = stateService.loadLastSearch();
+      const matchedCapability = lastSearch?.capabilities.find(
+        (c) => url.startsWith(c.url)
+      );
+      const capabilityId = options.capability ?? matchedCapability?.id ?? null;
+      const searchId = matchedCapability ? lastSearch?.searchId : void 0;
+      const skipReasons = [];
+      if (!apiService.walletAddress) {
+        skipReasons.push(
+          "no wallet configured (run `zero wallet import` / set ZERO_PRIVATE_KEY)"
+        );
+      }
+      if (!capabilityId) {
+        skipReasons.push(
+          "no capability resolved \u2014 pass --capability <uid|slug> or run `zero search` first so the URL can be matched"
+        );
+      }
+      let finalResponse;
+      let body = "";
+      let paymentMeta;
+      let sessionMeta;
+      let fetchError;
+      try {
         log(`Calling ${url}...`);
         const response = await fetch(url, requestInit);
         const paymentReq = detectPaymentRequirement(
@@ -255,17 +1224,50 @@ var fetchCommand = (appContext) => new Command2("fetch").description("Fetch a ca
             chain: result.chain,
             txHash: result.txHash,
             amount: result.amount,
-            asset: result.asset
+            asset: result.asset,
+            ...result.session && { session: result.session }
           };
           log(
             `Paid ${result.amount} ${result.asset} via ${result.protocol} on ${result.chain}`
           );
+          if (result.session) {
+            sessionMeta = result.session;
+            log(
+              `MPP session closed \u2014 channel ${result.session.channelId.slice(0, 10)}... \u2192 ${result.session.recipient.slice(0, 8)}... (${formatUnits2(BigInt(result.session.cumulativeAmount), 6)} USDC settled)`
+            );
+          }
         } else {
           finalResponse = response;
         }
         body = await finalResponse.text();
       } catch (err) {
-        fetchError = err instanceof Error ? err : new Error(String(err));
+        if (err instanceof SessionCloseFailedError) {
+          finalResponse = err.response;
+          body = await err.response.text().catch(() => "");
+          paymentMeta = {
+            protocol: "mpp",
+            chain: "tempo",
+            txHash: null,
+            amount: err.capturedAmount,
+            asset: "USDC",
+            session: err.session
+          };
+          sessionMeta = err.session;
+          fetchError = err;
+          console.error(
+            [
+              "",
+              "  WARNING: failed to auto-close MPP session.",
+              `  ${err.message}`,
+              `  Channel ${err.session.channelId} is still open on chain \u2014 see payment.session in --json output.`,
+              "  Contact the seller to settle the channel from their facilitator, or use",
+              "  your wallet to call escrow.close/requestClose directly.",
+              ""
+            ].join("\n")
+          );
+        } else {
+          fetchError = err instanceof Error ? err : new Error(String(err));
+        }
       }
       const latencyMs = Date.now() - startTime;
       if (finalResponse && !options.json) {
@@ -326,7 +1328,7 @@ var fetchCommand = (appContext) => new Command2("fetch").description("Fetch a ca
               paymentProtocol: paymentMeta.protocol,
               paymentChain: paymentMeta.chain,
               paymentTxHash: paymentMeta.txHash ?? void 0,
-              paymentMode: "charge"
+              paymentMode: sessionMeta ? "session" : "charge"
             }
           });
           runId = runResult.runId;
@@ -391,7 +1393,7 @@ var fetchCommand = (appContext) => new Command2("fetch").description("Fetch a ca
 );
 
 // src/commands/get-command.ts
-import { Command as Command3 } from "commander";
+import { Command as Command4 } from "commander";
 var formatReviewCount = (count) => {
   if (count >= 1e3) return `${(count / 1e3).toFixed(1)}k`;
   return count.toString();
@@ -446,7 +1448,7 @@ var formatCapability = (capability) => {
   lines.push(`  Method: ${capability.method}`);
   return lines.join("\n");
 };
-var getCommand = (appContext) => new Command3("get").description(
+var getCommand = (appContext) => new Command4("get").description(
   "Get details for a capability by position from last search, or by slug"
 ).argument(
   "<identifier>",
@@ -500,20 +1502,21 @@ var getCommand = (appContext) => new Command3("get").description(
 });
 
 // src/commands/init-command.ts
-import { createHash } from "crypto";
+import { createHash as createHash3 } from "crypto";
 import {
   chmodSync,
   cpSync,
   existsSync as existsSync2,
   mkdirSync as mkdirSync2,
   readdirSync,
-  readFileSync as readFileSync2,
+  readFileSync as readFileSync3,
+  rmSync,
   writeFileSync as writeFileSync2
 } from "fs";
 import { homedir as homedir2 } from "os";
 import { dirname, join as join2, relative } from "path";
 import { fileURLToPath } from "url";
-import { Command as Command4 } from "commander";
+import { Command as Command5 } from "commander";
 import { generatePrivateKey, privateKeyToAccount } from "viem/accounts";
 var AGENT_TOOLS = [
   { name: "Claude Code", configDir: ".claude" },
@@ -535,7 +1538,7 @@ var getPackageRoot = () => {
   }
   return dir;
 };
-var sha256File = (filePath) => createHash("sha256").update(readFileSync2(filePath)).digest("hex");
+var sha256File = (filePath) => createHash3("sha256").update(readFileSync3(filePath)).digest("hex");
 var verifyFileCopy = (src, dest) => {
   if (!existsSync2(dest)) return false;
   return sha256File(src) === sha256File(dest);
@@ -577,7 +1580,7 @@ var installHook = (home) => {
   let settings = {};
   if (existsSync2(settingsPath)) {
     try {
-      settings = JSON.parse(readFileSync2(settingsPath, "utf-8"));
+      settings = JSON.parse(readFileSync3(settingsPath, "utf-8"));
     } catch {
     }
   }
@@ -654,6 +1657,36 @@ var installHook = (home) => {
 `);
   return true;
 };
+var CONFLICTING_SKILL_PATTERNS = ["zam", "tempo"];
+var findConflictingSkills = (home) => {
+  const found = [];
+  for (const tool of AGENT_TOOLS) {
+    const toolSkillsPath = join2(home, tool.configDir, "skills");
+    if (!existsSync2(toolSkillsPath)) continue;
+    const entries = readdirSync(toolSkillsPath, { withFileTypes: true });
+    for (const entry of entries) {
+      if (!entry.isDirectory()) continue;
+      const lower = entry.name.toLowerCase();
+      if (CONFLICTING_SKILL_PATTERNS.some((p) => lower.includes(p))) {
+        found.push({
+          tool: tool.name,
+          skillPath: join2(toolSkillsPath, entry.name),
+          skillName: entry.name
+        });
+      }
+    }
+  }
+  return found;
+};
+var removeConflictingSkills = (home) => {
+  const conflicts = findConflictingSkills(home);
+  const removed = [];
+  for (const { skillPath, tool, skillName } of conflicts) {
+    rmSync(skillPath, { recursive: true, force: true });
+    removed.push(`${tool}: ${skillName}`);
+  }
+  return removed;
+};
 var installSkills = (home) => {
   const skillsSourceDir = join2(getPackageRoot(), "skills");
   const skillDirs = readdirSync(skillsSourceDir, { withFileTypes: true }).filter((d) => d.isDirectory()).map((d) => d.name);
@@ -683,7 +1716,7 @@ var installSkills = (home) => {
   }
   return installed;
 };
-var initCommand = (appContext) => new Command4("init").description("Initialize Zero CLI for usage").option("--force", "Overwrite existing configuration").action(async (options) => {
+var initCommand = (appContext) => new Command5("init").description("Initialize Zero CLI for usage").option("--force", "Overwrite existing configuration").action(async (options) => {
   const home = homedir2();
   const zeroDir = join2(home, ".zero");
   const configPath = join2(zeroDir, "config.json");
@@ -692,7 +1725,7 @@ var initCommand = (appContext) => new Command4("init").description("Initialize Z
   const walletExists = (() => {
     if (!existsSync2(configPath)) return false;
     try {
-      const existing = JSON.parse(readFileSync2(configPath, "utf8"));
+      const existing = JSON.parse(readFileSync3(configPath, "utf8"));
       return !!existing.privateKey;
     } catch {
       return false;
@@ -702,7 +1735,7 @@ var initCommand = (appContext) => new Command4("init").description("Initialize Z
     const privateKey = generatePrivateKey();
     const account = privateKeyToAccount(privateKey);
     mkdirSync2(zeroDir, { recursive: true });
-    const existing = existsSync2(configPath) ? JSON.parse(readFileSync2(configPath, "utf8")) : {};
+    const existing = existsSync2(configPath) ? JSON.parse(readFileSync3(configPath, "utf8")) : {};
     writeFileSync2(
       configPath,
       JSON.stringify(
@@ -716,7 +1749,7 @@ var initCommand = (appContext) => new Command4("init").description("Initialize Z
     console.log(`Wallet address: ${account.address}`);
   } else {
     try {
-      const existing = JSON.parse(readFileSync2(configPath, "utf8"));
+      const existing = JSON.parse(readFileSync3(configPath, "utf8"));
       const account = privateKeyToAccount(existing.privateKey);
       walletAddress = account.address;
     } catch {
@@ -748,8 +1781,19 @@ var initCommand = (appContext) => new Command4("init").description("Initialize Z
   } catch (err) {
     hookError = err instanceof Error ? err.message : "unknown hook error";
   }
+  const conflictingSkills = findConflictingSkills(home);
+  if (conflictingSkills.length > 0) {
+    const skillList = conflictingSkills.map((s) => `  - ${s.tool}: ${s.skillName}`).join("\n");
+    console.error(
+      `
+Found deprecated skills that may conflict with Zero:
+${skillList}
+
+To remove them, run: zero init cleanup`
+    );
+  }
   console.error(
-    'Zero is ready! Run `zero search` to find capabilities.\n\nTry:\n  zero search "translate text to Spanish"\n  zero search "generate an image"\n  zero search "weather forecast"'
+    'Zero is ready! Run `zero search` to find capabilities.\n\nBy using Zero, you agree to our Terms of Service:\n  https://zero.xyz/terms-of-service\n\nRun `zero terms` to view the full terms.\n\nTry:\n  zero search "translate text to Spanish"\n  zero search "generate an image"\n  zero search "weather forecast"'
   );
   appContext.services.analyticsService.capture("wallet_initialized", {
     // biome-ignore lint/style/useNamingConvention: snake_case for analytics
@@ -770,23 +1814,45 @@ var initCommand = (appContext) => new Command4("init").description("Initialize Z
     hook_installed: hookInstalled,
     // biome-ignore lint/style/useNamingConvention: snake_case for analytics
     hook_error: hookError,
+    // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+    conflicting_skills_found: conflictingSkills.length,
     force: options.force ?? false
   });
-});
+}).addCommand(
+  new Command5("cleanup").description(
+    "Remove deprecated skills (zam, tempo) that conflict with Zero"
+  ).action(() => {
+    const home = homedir2();
+    const removed = removeConflictingSkills(home);
+    if (removed.length === 0) {
+      console.error("No conflicting skills found. Nothing to remove.");
+      return;
+    }
+    const removedList = removed.map((s) => `  - ${s}`).join("\n");
+    console.error(`Removed deprecated skills:
+${removedList}`);
+    appContext.services.analyticsService.capture("skills_cleanup", {
+      // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+      skills_removed: removed,
+      // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+      skills_removed_count: removed.length
+    });
+  })
+);
 
 // src/commands/review-command.ts
-import { readFileSync as readFileSync3 } from "fs";
-import { Command as Command5 } from "commander";
-import { z } from "zod";
-var bulkEntrySchema = z.object({
-  runId: z.string(),
-  success: z.boolean(),
-  accuracy: z.number().int().min(1).max(5),
-  value: z.number().int().min(1).max(5),
-  reliability: z.number().int().min(1).max(5),
-  content: z.string().optional()
+import { readFileSync as readFileSync4 } from "fs";
+import { Command as Command6 } from "commander";
+import { z as z3 } from "zod";
+var bulkEntrySchema2 = z3.object({
+  runId: z3.string(),
+  success: z3.boolean(),
+  accuracy: z3.number().int().min(1).max(5),
+  value: z3.number().int().min(1).max(5),
+  reliability: z3.number().int().min(1).max(5),
+  content: z3.string().optional()
 });
-var reviewCommand = (appContext) => new Command5("review").description("Submit a review for a capability run").addHelpText(
+var reviewCommand = (appContext) => new Command6("review").description("Submit a review for a capability run").addHelpText(
   "after",
   `
 Tips for a great review:
@@ -814,14 +1880,14 @@ Examples:
     try {
       const { analyticsService, apiService } = appContext.services;
       if (options.fromFile) {
-        const contents = readFileSync3(options.fromFile, "utf8");
+        const contents = readFileSync4(options.fromFile, "utf8");
         const lines = contents.split("\n").map((l) => l.trim()).filter((l) => l.length > 0 && !l.startsWith("#"));
         let ok = 0;
         let failed = 0;
         for (const [idx, line] of lines.entries()) {
           const lineNum = idx + 1;
           try {
-            const parsed = bulkEntrySchema.parse(JSON.parse(line));
+            const parsed = bulkEntrySchema2.parse(JSON.parse(line));
             const result2 = await apiService.createReview(parsed);
             ok += 1;
             console.log(
@@ -922,8 +1988,8 @@ Bulk review complete: ${ok} ok, ${failed} failed`);
 );
 
 // src/commands/runs-command.ts
-import { Command as Command6 } from "commander";
-var runsCommand = (appContext) => new Command6("runs").description("List your recent capability runs").addHelpText(
+import { Command as Command7 } from "commander";
+var runsCommand = (appContext) => new Command7("runs").description("List your recent capability runs").addHelpText(
   "after",
   `
 View your recent capability runs \u2014 status, latency, cost, and payment info.
@@ -971,7 +2037,7 @@ Examples:
 );
 
 // src/commands/search-command.ts
-import { Command as Command7 } from "commander";
+import { Command as Command8 } from "commander";
 var formatReviewCount2 = (count) => {
   if (count >= 1e3) return `${(count / 1e3).toFixed(1)}k`;
   return count.toString();
@@ -1009,7 +2075,7 @@ var formatSearchResults = (results) => {
      "${displayDescription}"`;
   }).join("\n");
 };
-var searchCommand = (appContext) => new Command7("search").description("Search for capabilities").argument("<query>", "Search query").option("--json", "Output raw JSON to stdout").option("--offset <n>", "Pagination offset", Number).option("--limit <n>", "Results per page", Number).option("--free", "Only show free capabilities").option("--max-cost <amount>", "Maximum cost per call").option("--min-rating <stars>", "Minimum star rating (1-5)", Number).option("--protocol <protocol>", "Payment protocol (x402 or mpp)").option("--min-trust <n>", "Minimum trust score (0-100)", Number).option(
+var searchCommand = (appContext) => new Command8("search").description("Search for capabilities").argument("<query>", "Search query").option("--json", "Output raw JSON to stdout").option("--offset <n>", "Pagination offset", Number).option("--limit <n>", "Results per page", Number).option("--free", "Only show free capabilities").option("--max-cost <amount>", "Maximum cost per call").option("--min-rating <stars>", "Minimum star rating (1-5)", Number).option("--protocol <protocol>", "Payment protocol (x402 or mpp)").option("--min-trust <n>", "Minimum trust score (0-100)", Number).option(
   "--status <status>",
   "Filter by availability (healthy, degraded, down)"
 ).option("--all", "Show all results (no trust or health filtering)").option(
@@ -1086,14 +2152,34 @@ var searchCommand = (appContext) => new Command7("search").description("Search f
   }
 );
 
+// src/commands/terms-command.ts
+import { Command as Command9 } from "commander";
+var TERMS_URL = "https://zero.xyz/terms-of-service";
+var termsCommand = (_appContext) => new Command9("terms").description("View the ZeroClick Terms of Service").action(async () => {
+  console.log(
+    `ZeroClick Agentic Capability Search \u2014 Terms of Service
+
+By using Zero, you agree to our Terms of Service.
+
+Read the full terms at: ${TERMS_URL}
+`
+  );
+  try {
+    const { exec } = await import("child_process");
+    const openCmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
+    exec(`${openCmd} ${TERMS_URL}`);
+  } catch {
+  }
+});
+
 // src/commands/wallet-command.ts
-import { existsSync as existsSync3, mkdirSync as mkdirSync3, readFileSync as readFileSync4, writeFileSync as writeFileSync3 } from "fs";
+import { existsSync as existsSync3, mkdirSync as mkdirSync3, readFileSync as readFileSync5, writeFileSync as writeFileSync3 } from "fs";
 import { homedir as homedir3 } from "os";
 import { join as join3 } from "path";
-import { Command as Command8 } from "commander";
+import { Command as Command10 } from "commander";
 import open from "open";
 import { privateKeyToAccount as privateKeyToAccount2 } from "viem/accounts";
-var walletBalanceCommand = (appContext) => new Command8("balance").description("Show wallet balance").action(async () => {
+var walletBalanceCommand = (appContext) => new Command10("balance").description("Show wallet balance").action(async () => {
   const { walletService } = appContext.services;
   const balance = await walletService.getBalance();
   if (balance === null) {
@@ -1108,7 +2194,11 @@ var walletBalanceCommand = (appContext) => new Command8("balance").description("
   }
   console.log(`${balance.amount} ${balance.asset}`);
 });
-var walletFundCommand = (appContext) => new Command8("fund").description("Fund your wallet").argument("[amount]", "Amount to fund in USDC").option("--manual", "Show wallet address for manual transfer").action(
+var walletFundCommand = (appContext) => new Command10("fund").description("Fund your wallet").argument("[amount]", "Amount to fund in USDC").option("--manual", "Show wallet address for manual transfer").option(
+  "--use <provider>",
+  "Onramp provider: coinbase or stripe",
+  "coinbase"
+).action(
   async (amount, options) => {
     const { analyticsService, walletService } = appContext.services;
     const address = walletService.getAddress();
@@ -1126,7 +2216,11 @@ ${address}`);
       });
       return;
     }
-    const url = await appContext.services.apiService.getFundingUrl(amount);
+    const provider = options.use === "stripe" ? "stripe" : "coinbase";
+    const url = await appContext.services.apiService.getFundingUrl(
+      amount,
+      provider
+    );
     if (url) {
       await open(url);
       console.log("Opened funding page in your browser.");
@@ -1145,7 +2239,7 @@ ${address}`);
     }
   }
 );
-var walletAddressCommand = (appContext) => new Command8("address").description("Show wallet address").action(() => {
+var walletAddressCommand = (appContext) => new Command10("address").description("Show wallet address").action(() => {
   const { walletService } = appContext.services;
   const address = walletService.getAddress();
   if (!address) {
@@ -1155,7 +2249,7 @@ var walletAddressCommand = (appContext) => new Command8("address").description("
   }
   console.log(address);
 });
-var walletSetCommand = (appContext) => new Command8("set").description("Set wallet from an existing private key").argument("<privateKey>", "Hex-encoded private key (0x-prefixed)").option("--force", "Overwrite existing wallet without prompting").action(async (privateKey, options) => {
+var walletSetCommand = (appContext) => new Command10("set").description("Set wallet from an existing private key").argument("<privateKey>", "Hex-encoded private key (0x-prefixed)").option("--force", "Overwrite existing wallet without prompting").action(async (privateKey, options) => {
   const { analyticsService } = appContext.services;
   if (!privateKey.startsWith("0x")) {
     console.error("Private key must be 0x-prefixed hex string.");
@@ -1174,7 +2268,7 @@ var walletSetCommand = (appContext) => new Command8("set").description("Set wall
   const configPath = join3(zeroDir, "config.json");
   if (!options.force && existsSync3(configPath)) {
     try {
-      const existing2 = JSON.parse(readFileSync4(configPath, "utf8"));
+      const existing2 = JSON.parse(readFileSync5(configPath, "utf8"));
       if (existing2.privateKey) {
         console.error(
           "Wallet already configured. Use --force to overwrite."
@@ -1186,7 +2280,7 @@ var walletSetCommand = (appContext) => new Command8("set").description("Set wall
     }
   }
   mkdirSync3(zeroDir, { recursive: true });
-  const existing = existsSync3(configPath) ? JSON.parse(readFileSync4(configPath, "utf8")) : {};
+  const existing = existsSync3(configPath) ? JSON.parse(readFileSync5(configPath, "utf8")) : {};
   writeFileSync3(
     configPath,
     JSON.stringify(
@@ -1207,7 +2301,7 @@ var walletSetCommand = (appContext) => new Command8("set").description("Set wall
   });
 });
 var walletCommand = (appContext) => {
-  const cmd = new Command8("wallet").description("Manage your wallet");
+  const cmd = new Command10("wallet").description("Manage your wallet");
   cmd.addCommand(walletBalanceCommand(appContext));
   cmd.addCommand(walletFundCommand(appContext));
   cmd.addCommand(walletAddressCommand(appContext));
@@ -1218,7 +2312,7 @@ var walletCommand = (appContext) => {
 // src/app.ts
 var createApp = (appContext) => {
   const { analyticsService } = appContext.services;
-  const program = new Command9().name("zero").description("Zero CLI \u2014 Search engine and payment platform for AI agents").version(package_default.version, "-v, --version").exitOverride().hook("preAction", (_thisCommand, actionCommand) => {
+  const program = new Command11().name("zero").description("Zero CLI \u2014 Search engine and payment platform for AI agents").version(package_default.version, "-v, --version").exitOverride().hook("preAction", async (_thisCommand, actionCommand) => {
     analyticsService.capture("command_executed", {
       command: actionCommand.name()
     });
@@ -1229,16 +2323,18 @@ var createApp = (appContext) => {
   program.addCommand(fetchCommand(appContext));
   program.addCommand(reviewCommand(appContext));
   program.addCommand(runsCommand(appContext));
+  program.addCommand(bugReportCommand(appContext));
   program.addCommand(walletCommand(appContext));
   program.addCommand(configCommand(appContext));
+  program.addCommand(termsCommand(appContext));
   return program;
 };
 
 // src/app/app-env.ts
-import z2 from "zod";
-var envSchema = z2.object({
-  ZERO_API_URL: z2.string().default("https://api.zero.xyz"),
-  ZERO_PRIVATE_KEY: z2.string().optional()
+import z4 from "zod";
+var envSchema = z4.object({
+  ZERO_API_URL: z4.string().default("https://api.zero.xyz"),
+  ZERO_PRIVATE_KEY: z4.string().optional()
 });
 var getEnv = () => {
   try {
@@ -1251,14 +2347,14 @@ var getEnv = () => {
 };
 
 // src/app/app-services.ts
-import { existsSync as existsSync6, readFileSync as readFileSync7 } from "fs";
+import { existsSync as existsSync6, readFileSync as readFileSync8 } from "fs";
 import { homedir as homedir4 } from "os";
 import { join as join5 } from "path";
 import { privateKeyToAccount as privateKeyToAccount3 } from "viem/accounts";
 
 // src/services/analytics-service.ts
 import { randomUUID } from "crypto";
-import { existsSync as existsSync4, mkdirSync as mkdirSync4, readFileSync as readFileSync5, writeFileSync as writeFileSync4 } from "fs";
+import { existsSync as existsSync4, mkdirSync as mkdirSync4, readFileSync as readFileSync6, writeFileSync as writeFileSync4 } from "fs";
 import { dirname as dirname2 } from "path";
 import { PostHog } from "posthog-node";
 var POSTHOG_API_KEY = "phc_B2vLyNxAf2mnqvdPQajf4d4b2iXc35dep2ZrvebMJLuX";
@@ -1273,7 +2369,7 @@ var AnalyticsService = class {
     let persistedAnonId;
     try {
       if (existsSync4(opts.configPath)) {
-        const config = JSON.parse(readFileSync5(opts.configPath, "utf8"));
+        const config = JSON.parse(readFileSync6(opts.configPath, "utf8"));
         if (config.telemetry === false) {
           telemetryEnabled = false;
         }
@@ -1298,7 +2394,7 @@ var AnalyticsService = class {
       try {
         const dir = dirname2(opts.configPath);
         mkdirSync4(dir, { recursive: true });
-        const existing = existsSync4(opts.configPath) ? JSON.parse(readFileSync5(opts.configPath, "utf8")) : {};
+        const existing = existsSync4(opts.configPath) ? JSON.parse(readFileSync6(opts.configPath, "utf8")) : {};
         writeFileSync4(
           opts.configPath,
           JSON.stringify({ ...existing, anonId: newAnonId }, null, 2)
@@ -1344,510 +2440,8 @@ var AnalyticsService = class {
   }
 };
 
-// src/services/api-service.ts
-import { createHash as createHash2 } from "crypto";
-import z3 from "zod";
-var searchResultSchema = z3.object({
-  id: z3.string(),
-  position: z3.number(),
-  slug: z3.string(),
-  name: z3.string(),
-  canonicalName: z3.string().nullable().optional(),
-  description: z3.string(),
-  whatItDoes: z3.string().nullable().optional(),
-  url: z3.string(),
-  cost: z3.object({ amount: z3.string(), asset: z3.string() }),
-  rating: z3.object({
-    score: z3.string(),
-    successRate: z3.string(),
-    reviews: z3.number(),
-    stars: z3.string().nullable().optional(),
-    state: z3.enum(["unrated", "rated"]).optional()
-  }),
-  trustScore: z3.number().nullable().optional(),
-  trustSignalCount: z3.number().optional(),
-  availabilityStatus: z3.enum(["healthy", "degraded", "down", "unknown"]).nullable().optional(),
-  relevanceScore: z3.number().optional()
-});
-var searchResponseSchema = z3.object({
-  searchId: z3.string(),
-  total: z3.number().optional().default(0),
-  offset: z3.number().optional().default(0),
-  hasMore: z3.boolean().optional().default(false),
-  capabilities: z3.array(searchResultSchema)
-});
-var capabilityResponseSchema = z3.object({
-  uid: z3.string(),
-  slug: z3.string(),
-  name: z3.string(),
-  description: z3.string(),
-  url: z3.string(),
-  method: z3.string(),
-  headers: z3.record(z3.string(), z3.string()).nullable(),
-  bodySchema: z3.record(z3.string(), z3.unknown()).nullable(),
-  responseSchema: z3.record(z3.string(), z3.unknown()).nullable(),
-  example: z3.object({ request: z3.unknown(), response: z3.unknown() }).nullable(),
-  tags: z3.array(z3.string()).nullable(),
-  displayCostAmount: z3.string(),
-  displayCostAsset: z3.string(),
-  rating: z3.object({
-    score: z3.string(),
-    successRate: z3.string(),
-    reviews: z3.number(),
-    stars: z3.string().nullable().optional(),
-    state: z3.enum(["unrated", "rated"]).optional()
-  }),
-  priceObserved: z3.object({
-    medianCents: z3.string(),
-    p95Cents: z3.string(),
-    sampleCount: z3.number(),
-    varies: z3.boolean()
-  }).nullable().optional(),
-  paymentMethods: z3.array(
-    z3.object({
-      uid: z3.string(),
-      protocol: z3.string(),
-      methodType: z3.string(),
-      chain: z3.string().nullable(),
-      mode: z3.string(),
-      costAmount: z3.string(),
-      costPer: z3.string(),
-      priority: z3.number()
-    })
-  ).nullable(),
-  trustScore: z3.number().nullable().optional(),
-  trustComponents: z3.object({
-    apiQuality: z3.number().nullable(),
-    blockchainActivity: z3.number().nullable(),
-    performance: z3.number().nullable()
-  }).nullable().optional(),
-  availabilityStatus: z3.enum(["healthy", "degraded", "down", "unknown"]).nullable().optional()
-});
-var createRunResponseSchema = z3.object({
-  runId: z3.string()
-});
-var createReviewResponseSchema = z3.object({
-  reviewId: z3.string(),
-  recorded: z3.boolean()
-});
-var runListItemSchema = z3.object({
-  uid: z3.string(),
-  capabilityUid: z3.string(),
-  capabilitySlug: z3.string(),
-  capabilityName: z3.string(),
-  status: z3.number().nullable(),
-  latencyMs: z3.number().nullable(),
-  cost: z3.object({ amount: z3.string(), asset: z3.string().nullable() }).nullable(),
-  payment: z3.object({
-    protocol: z3.string(),
-    chain: z3.string().nullable(),
-    txHash: z3.string().nullable(),
-    mode: z3.string().nullable()
-  }).nullable(),
-  createdAt: z3.coerce.date(),
-  reviewed: z3.boolean()
-});
-var listRunsResponseSchema = z3.object({
-  runs: z3.array(runListItemSchema),
-  nextCursor: z3.string().nullable()
-});
-var buildCanonicalMessage = (method, path, body, timestamp, nonce) => {
-  const bodyHash = createHash2("sha256").update(body ?? "").digest("hex");
-  return `${method}:${path}:${bodyHash}:${timestamp}:${nonce}`;
-};
-var ApiService = class {
-  constructor(baseUrl, account) {
-    this.baseUrl = baseUrl;
-    this.account = account;
-    this.walletAddress = this.account?.address ?? null;
-  }
-  walletAddress;
-  account;
-  signRequest = async (method, path, body) => {
-    if (!this.account) throw new Error("No private key configured");
-    const timestamp = Math.floor(Date.now() / 1e3).toString();
-    const nonce = crypto.randomUUID();
-    const message = buildCanonicalMessage(method, path, body, timestamp, nonce);
-    const signature = await this.account.signMessage({ message });
-    return {
-      "x-zero-address": this.account.address,
-      "x-zero-timestamp": timestamp,
-      "x-zero-nonce": nonce,
-      "x-zero-signature": signature
-    };
-  };
-  request = async (method, path, body) => {
-    const url = `${this.baseUrl}${path}`;
-    const bodyStr = body ? JSON.stringify(body) : void 0;
-    const headers = {
-      "content-type": "application/json"
-    };
-    if (this.account) {
-      const walletHeaders = await this.signRequest(method, path, bodyStr);
-      Object.assign(headers, walletHeaders);
-    }
-    const response = await fetch(url, {
-      method,
-      headers,
-      body: bodyStr
-    });
-    if (!response.ok) {
-      const errorBody = await response.json().catch(() => ({ error: "Unknown error" }));
-      throw new Error(
-        errorBody.error ?? `HTTP ${response.status}`
-      );
-    }
-    return response.json();
-  };
-  search = async (options) => {
-    const json = await this.request("POST", "/v1/search", options);
-    return searchResponseSchema.parse(json);
-  };
-  getCapability = async (id, searchId) => {
-    const qs = searchId ? `?searchId=${encodeURIComponent(searchId)}` : "";
-    const json = await this.request(
-      "GET",
-      `/v1/capabilities/${encodeURIComponent(id)}${qs}`
-    );
-    return capabilityResponseSchema.parse(json);
-  };
-  createRun = async (data) => {
-    const json = await this.request("POST", "/v1/runs", data);
-    return createRunResponseSchema.parse(json);
-  };
-  listRuns = async (params = {}) => {
-    const qs = new URLSearchParams();
-    if (params.capabilityId) qs.set("capabilityId", params.capabilityId);
-    if (params.unreviewed) qs.set("unreviewed", "true");
-    if (params.limit) qs.set("limit", String(params.limit));
-    if (params.cursor) qs.set("cursor", params.cursor);
-    const suffix = qs.toString() ? `?${qs.toString()}` : "";
-    const json = await this.request("GET", `/v1/runs${suffix}`);
-    return listRunsResponseSchema.parse(json);
-  };
-  createReview = async (data) => {
-    const json = await this.request("POST", "/v1/reviews", data);
-    return createReviewResponseSchema.parse(json);
-  };
-  getFundingUrl = async (amount) => {
-    try {
-      const qs = amount ? `?amount=${encodeURIComponent(amount)}` : "";
-      const json = await this.request("GET", `/v1/wallet/fund-url${qs}`);
-      const parsed = z3.object({ url: z3.string() }).parse(json);
-      return parsed.url;
-    } catch {
-      return null;
-    }
-  };
-};
-
-// src/services/payment-service.ts
-import {
-  adaptViemWallet,
-  convertViemChainToRelayChain,
-  createClient as createRelayClient,
-  getClient as getRelayClient,
-  MAINNET_RELAY_API
-} from "@relayprotocol/relay-sdk";
-import { x402Client as X402Client } from "@x402/core/client";
-import { decodePaymentResponseHeader, x402HTTPClient } from "@x402/core/http";
-import { ExactEvmScheme } from "@x402/evm/exact/client";
-import { createSIWxClientHook } from "@x402/extensions/sign-in-with-x";
-import { wrapFetchWithPayment } from "@x402/fetch";
-import { Receipt } from "mppx";
-import { Mppx, tempo } from "mppx/client";
-import {
-  createPublicClient,
-  createWalletClient,
-  formatUnits,
-  http
-} from "viem";
-import { base, baseSepolia } from "viem/chains";
-var USDC_BASE = "0x833589fcd6edb6e08f4c7c32d4f71b54bda02913";
-var USDC_BASE_SEPOLIA = "0x036CbD53842c5426634e7929541eC2318f3dCF7e";
-var USDC_TEMPO = "0x20c000000000000000000000b9537d11c60e8b50";
-var PATHUSD_TEMPO = "0x20c0000000000000000000000000000000000000";
-var BASE_CHAIN_ID = 8453;
-var TEMPO_CHAIN_ID = 4217;
-var TEMPO_TESTNET_CHAIN_ID = 42431;
-var DEFAULT_MAX_DEPOSIT = "100";
-var KNOWN_EIP712_DOMAINS = {
-  // USDC on Base
-  [USDC_BASE.toLowerCase()]: { name: "USDC", version: "2" },
-  // USDC on Base Sepolia
-  [USDC_BASE_SEPOLIA.toLowerCase()]: { name: "USDC", version: "2" }
-};
-var buildRelayClientOptions = () => ({
-  baseApiUrl: MAINNET_RELAY_API,
-  source: "zero-cli",
-  chains: [convertViemChainToRelayChain(base)]
-});
-var calculateBuffer = (baseBalance) => {
-  const twentyFivePercent = baseBalance / 4n;
-  const twoDollars = 2000000n;
-  return twentyFivePercent < twoDollars ? twentyFivePercent : twoDollars;
-};
-var tempoChain = {
-  id: TEMPO_CHAIN_ID,
-  name: "Tempo",
-  nativeCurrency: { name: "USD", symbol: "USD", decimals: 18 },
-  rpcUrls: {
-    default: { http: ["https://rpc.tempo.xyz"] }
-  }
-};
-var tempoTestnetChain = {
-  id: TEMPO_TESTNET_CHAIN_ID,
-  name: "Tempo Testnet",
-  nativeCurrency: { name: "USD", symbol: "USD", decimals: 18 },
-  rpcUrls: {
-    default: { http: ["https://rpc.moderato.tempo.xyz"] }
-  }
-};
-var ERC20_BALANCE_ABI = [
-  {
-    inputs: [{ name: "account", type: "address" }],
-    name: "balanceOf",
-    outputs: [{ name: "", type: "uint256" }],
-    stateMutability: "view",
-    type: "function"
-  }
-];
-var PaymentService = class {
-  constructor(account, config) {
-    this.account = account;
-    this.config = config;
-  }
-  relayInitialized = false;
-  ensureRelayClient = () => {
-    if (!this.relayInitialized) {
-      createRelayClient(buildRelayClientOptions());
-      this.relayInitialized = true;
-    }
-  };
-  bridgeToTempo = async (requiredAmount, onProgress) => {
-    if (!this.account) throw new Error("No wallet configured");
-    this.ensureRelayClient();
-    const baseBalance = await this.getBalanceRaw("base");
-    const buffer = calculateBuffer(baseBalance);
-    const bridgeAmount = requiredAmount + buffer;
-    if (baseBalance < bridgeAmount) {
-      throw new Error(
-        `Insufficient Base USDC to bridge: have ${formatUnits(baseBalance, 6)}, need ${formatUnits(bridgeAmount, 6)} (${formatUnits(requiredAmount, 6)} + ${formatUnits(buffer, 6)} buffer)`
-      );
-    }
-    onProgress?.(
-      `Bridging ${formatUnits(bridgeAmount, 6)} USDC from Base to Tempo...`
-    );
-    const walletClient = createWalletClient({
-      account: this.account,
-      chain: base,
-      transport: http()
-    });
-    const quote = await getRelayClient().actions.getQuote({
-      chainId: BASE_CHAIN_ID,
-      toChainId: TEMPO_CHAIN_ID,
-      currency: USDC_BASE,
-      toCurrency: USDC_TEMPO,
-      amount: bridgeAmount.toString(),
-      tradeType: "EXACT_INPUT",
-      user: this.account.address,
-      recipient: this.account.address,
-      options: {
-        usePermit: true
-      }
-    });
-    let bridgeTxHash = null;
-    await getRelayClient().actions.execute({
-      quote,
-      wallet: adaptViemWallet(walletClient),
-      onProgress: ({ txHashes }) => {
-        if (txHashes?.length && !bridgeTxHash) {
-          bridgeTxHash = txHashes[0]?.txHash ?? null;
-        }
-      }
-    });
-    return bridgeTxHash;
-  };
-  handlePayment = async (url, request, paymentRequirement, maxPay, onProgress) => {
-    if (!this.account) {
-      throw new Error(
-        "No wallet configured \u2014 run `zero init` or set ZERO_PRIVATE_KEY"
-      );
-    }
-    if (paymentRequirement.protocol === "x402") {
-      onProgress?.("Paying via x402 on Base...");
-      return this.payX402(url, request, paymentRequirement.raw, maxPay);
-    }
-    if (paymentRequirement.protocol === "mpp") {
-      onProgress?.("Paying via MPP on Tempo...");
-      return this.payMpp(
-        url,
-        request,
-        paymentRequirement.raw,
-        maxPay,
-        onProgress
-      );
-    }
-    throw new Error("Unrecognized 402 payment protocol");
-  };
-  payX402 = async (url, request, _raw, maxPay) => {
-    if (!this.account) throw new Error("No wallet configured");
-    let capturedAmount = "0";
-    const client = new X402Client().register(
-      "eip155:*",
-      new ExactEvmScheme(this.account)
-    );
-    client.onBeforePaymentCreation(async (context) => {
-      const selected = context.selectedRequirements;
-      if (selected && (!selected.extra?.name || !selected.extra?.version)) {
-        const known = KNOWN_EIP712_DOMAINS[selected.asset?.toLowerCase() ?? ""];
-        if (known) {
-          selected.extra = { ...selected.extra, ...known };
-        }
-      }
-      const requirement = context.paymentRequired.accepts[0];
-      if (!requirement) return;
-      capturedAmount = formatUnits(BigInt(requirement.amount), 6);
-      if (maxPay && Number.parseFloat(capturedAmount) > Number.parseFloat(maxPay)) {
-        return {
-          abort: true,
-          reason: `Payment of ${capturedAmount} USDC exceeds --max-pay ${maxPay}`
-        };
-      }
-    });
-    const httpClient = new x402HTTPClient(client).onPaymentRequired(
-      createSIWxClientHook(this.account)
-    );
-    const wrappedFetch = wrapFetchWithPayment(fetch, httpClient);
-    const response = await wrappedFetch(url, {
-      method: request.method,
-      headers: request.headers,
-      body: request.body
-    });
-    let txHash = null;
-    const paymentResponseHeader = response.headers.get("payment-response") ?? response.headers.get("x-payment-response");
-    if (paymentResponseHeader) {
-      try {
-        const settlement = decodePaymentResponseHeader(paymentResponseHeader);
-        txHash = settlement.transaction ?? null;
-      } catch {
-      }
-    }
-    return {
-      response,
-      protocol: "x402",
-      chain: "base",
-      txHash,
-      amount: capturedAmount,
-      asset: "USDC"
-    };
-  };
-  payMpp = async (url, request, _raw, maxPay, onProgress) => {
-    if (!this.account) throw new Error("No wallet configured");
-    let capturedAmount = "0";
-    const mppx = Mppx.create({
-      polyfill: false,
-      methods: [
-        tempo({
-          account: this.account,
-          maxDeposit: maxPay ?? DEFAULT_MAX_DEPOSIT
-        })
-      ],
-      onChallenge: async (challenge) => {
-        const challengeRequest = challenge.request;
-        const intent = challenge.intent;
-        let requiredRaw;
-        if (intent === "session") {
-          const suggestedDeposit = challengeRequest.suggestedDeposit;
-          if (suggestedDeposit) {
-            requiredRaw = BigInt(suggestedDeposit);
-          } else {
-            const depositStr = maxPay ?? DEFAULT_MAX_DEPOSIT;
-            requiredRaw = BigInt(
-              Math.floor(Number.parseFloat(depositStr) * 1e6)
-            );
-          }
-        } else {
-          requiredRaw = BigInt(challengeRequest.amount);
-        }
-        capturedAmount = formatUnits(requiredRaw, 6);
-        if (maxPay && Number.parseFloat(capturedAmount) > Number.parseFloat(maxPay)) {
-          throw new Error(
-            `Payment of ${capturedAmount} USDC exceeds --max-pay ${maxPay}`
-          );
-        }
-        const methodDetails = challengeRequest.methodDetails;
-        const challengeChainId = challengeRequest.chainId ?? methodDetails?.chainId;
-        const isTestnet = challengeChainId === TEMPO_TESTNET_CHAIN_ID;
-        const balanceChain = isTestnet ? "tempo-testnet" : "tempo";
-        onProgress?.(`Checking Tempo balance...`);
-        const tempoBalance = await this.getBalanceRaw(balanceChain);
-        if (tempoBalance < requiredRaw) {
-          if (isTestnet) {
-            throw new Error(
-              `Insufficient pathUSD on Tempo testnet: have ${formatUnits(tempoBalance, 6)}, need ${capturedAmount}. Fund your wallet with the Tempo testnet faucet: https://docs.tempo.xyz/quickstart/faucet`
-            );
-          }
-          await this.bridgeToTempo(requiredRaw, onProgress);
-        }
-        return void 0;
-      }
-    });
-    const response = await mppx.fetch(url, {
-      method: request.method,
-      headers: request.headers,
-      body: request.body
-    });
-    let txHash = null;
-    try {
-      const receipt = Receipt.fromResponse(response);
-      txHash = receipt.reference ?? null;
-    } catch {
-    }
-    return {
-      response,
-      protocol: "mpp",
-      chain: "tempo",
-      txHash,
-      amount: capturedAmount,
-      asset: "USDC"
-    };
-  };
-  resolveChainConfig = (chain) => {
-    switch (chain) {
-      case "base":
-        return { viemChain: base, token: USDC_BASE };
-      case "base-sepolia":
-        return { viemChain: baseSepolia, token: USDC_BASE_SEPOLIA };
-      case "tempo":
-        return { viemChain: tempoChain, token: USDC_TEMPO };
-      case "tempo-testnet":
-        return { viemChain: tempoTestnetChain, token: PATHUSD_TEMPO };
-    }
-  };
-  getBalanceRaw = async (chain) => {
-    if (!this.account) return 0n;
-    const { viemChain, token } = this.resolveChainConfig(chain);
-    const client = createPublicClient({
-      chain: viemChain,
-      transport: http()
-    });
-    const balance = await client.readContract({
-      address: token,
-      abi: ERC20_BALANCE_ABI,
-      functionName: "balanceOf",
-      args: [this.account.address]
-    });
-    return balance;
-  };
-  getBalance = async (chain) => {
-    const raw = await this.getBalanceRaw(chain);
-    return { amount: formatUnits(raw, 6), asset: "USDC" };
-  };
-};
-
 // src/services/state-service.ts
-import { existsSync as existsSync5, mkdirSync as mkdirSync5, readFileSync as readFileSync6, writeFileSync as writeFileSync5 } from "fs";
+import { existsSync as existsSync5, mkdirSync as mkdirSync5, readFileSync as readFileSync7, writeFileSync as writeFileSync5 } from "fs";
 import { join as join4 } from "path";
 var StateService = class {
   constructor(zeroDir) {
@@ -1862,7 +2456,7 @@ var StateService = class {
   loadLastSearch = () => {
     try {
       if (!existsSync5(this.lastSearchPath)) return null;
-      const raw = readFileSync6(this.lastSearchPath, "utf8");
+      const raw = readFileSync7(this.lastSearchPath, "utf8");
       return JSON.parse(raw);
     } catch {
       return null;
@@ -1906,7 +2500,7 @@ var getServices = (env) => {
   if (!privateKey) {
     try {
       if (existsSync6(configPath)) {
-        const config = JSON.parse(readFileSync7(configPath, "utf8"));
+        const config = JSON.parse(readFileSync8(configPath, "utf8"));
         if (typeof config.privateKey === "string") {
           privateKey = config.privateKey;
         }
@@ -1918,7 +2512,7 @@ var getServices = (env) => {
   let lowBalanceWarning = 1;
   try {
     if (existsSync6(configPath)) {
-      const config = JSON.parse(readFileSync7(configPath, "utf8"));
+      const config = JSON.parse(readFileSync8(configPath, "utf8"));
       if (typeof config.lowBalanceWarning === "number") {
         lowBalanceWarning = config.lowBalanceWarning;
       }