npm - @zeroxyz/cli - Versions diffs - 0.0.24 → 0.0.26 - Mend

@zeroxyz/cli 0.0.24 → 0.0.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -1,12 +1,12 @@
 #!/usr/bin/env node
 // src/app.ts
-import { Command as Command10 } from "commander";
+import { Command as Command11 } from "commander";
 // package.json
 var package_default = {
   name: "@zeroxyz/cli",
-  version: "0.0.24",
+  version: "0.0.26",
   type: "module",
   bin: {
     zero: "dist/index.js",
@@ -24,8 +24,8 @@ var package_default = {
     build: "tsup src/index.ts --format esm --out-dir dist --clean",
     "build:binary": "tsup --config tsup.binary.ts && cp -r skills hooks dist/pkg/ && pnpm exec pkg dist/pkg/index.cjs --config pkg.json --targets node24-macos-arm64,node24-macos-x64,node24-linux-x64 --output dist/bin/zero",
     prepublishOnly: "pnpm run build",
-    dev: "tsx src/index.ts",
-    cli: "ZERO_API_URL=http://localhost:1111 tsx src/index.ts",
+    dev: "ZERO_ENV=development tsx src/index.ts",
+    cli: "ZERO_ENV=development ZERO_API_URL=http://localhost:1111 tsx src/index.ts",
     "test:integration": "vitest run --project integration",
     "test:online": "vitest run --project online",
     "test:unit": "vitest run --project unit",
@@ -279,10 +279,14 @@ var ApiService = class {
     const json = await this.request("POST", "/v1/bug-reports", data);
     return createBugReportResponseSchema.parse(json);
   };
-  getFundingUrl = async (amount) => {
+  getFundingUrl = async (amount, provider = "coinbase") => {
     try {
-      const qs = amount ? `?amount=${encodeURIComponent(amount)}` : "";
-      const json = await this.request("GET", `/v1/wallet/fund-url${qs}`);
+      const params = new URLSearchParams({ provider });
+      if (amount) params.set("amount", amount);
+      const json = await this.request(
+        "GET",
+        `/v1/wallet/fund-url?${params.toString()}`
+      );
       const parsed = z.object({ url: z.string() }).parse(json);
       return parsed.url;
     } catch {
@@ -376,7 +380,10 @@ Categories the classifier picks from:
 ).option("--idempotency-key <key>", "Override the auto-generated dedup key").option(
   "--from-file <path>",
   "Submit bug reports in bulk from a JSONL file (one report per line)"
-).option("--json", "Emit the API result as JSON on stdout (for batch use)").action(
+).option("--json", "Emit the API result as JSON on stdout (for batch use)").option(
+  "--agent <name>",
+  "Identify your agent host for this invocation. Overrides auto-detect for this call only."
+).action(
   async (description, options) => {
     try {
       const { analyticsService, apiService, stateService } = appContext.services;
@@ -417,7 +424,10 @@ Categories the classifier picks from:
               category: result2.category,
               severity: parsed.severity ?? 2,
               bulk: true,
-              deduped: result2.deduped
+              deduped: result2.deduped,
+              hasCapability: !!result2.attached.capabilityId,
+              hasRun: !!result2.attached.runId,
+              hasSearch: !!result2.attached.searchId
             });
           } catch (err) {
             failed += 1;
@@ -502,9 +512,15 @@ Bulk bug-report complete: ${ok} ok, ${failed} failed`
       }
       analyticsService.capture("bug_report_submitted", {
         category: result.category,
+        categoryOverridden: !!options.category,
         severity: options.severity ?? 2,
         deduped: result.deduped,
-        autoContext: useAutoContext
+        autoContext: useAutoContext,
+        hasCapability: !!result.attached.capabilityId,
+        hasRun: !!result.attached.runId,
+        hasSearch: !!result.attached.searchId,
+        hasTitle: !!options.title,
+        hasReproduction: !!options.reproduction
       });
     } catch (err) {
       console.error(
@@ -567,125 +583,677 @@ var configCommand = (_appContext) => new Command2("config").description("View or
 // src/commands/fetch-command.ts
 import { Command as Command3 } from "commander";
+import { formatUnits as formatUnits2 } from "viem";
-// src/util/infer-schema.ts
-var inferSchema = (value, depth = 0) => {
-  if (depth > 6) return { type: typeOf(value) };
-  if (value === null) return { type: "null" };
-  if (Array.isArray(value)) {
-    const itemSchemas = value.slice(0, 3).map((v) => inferSchema(v, depth + 1));
-    return {
-      type: "array",
-      items: itemSchemas[0] ?? { type: "unknown" }
-    };
+// src/services/payment-service.ts
+import {
+  adaptViemWallet,
+  convertViemChainToRelayChain,
+  createClient as createRelayClient,
+  getClient as getRelayClient,
+  MAINNET_RELAY_API
+} from "@relayprotocol/relay-sdk";
+import { x402Client as X402Client } from "@x402/core/client";
+import { decodePaymentResponseHeader, x402HTTPClient } from "@x402/core/http";
+import { ExactEvmScheme } from "@x402/evm/exact/client";
+import { createSIWxClientHook } from "@x402/extensions/sign-in-with-x";
+import { wrapFetchWithPayment } from "@x402/fetch";
+import { Challenge, Receipt } from "mppx";
+import { Mppx, tempo } from "mppx/client";
+import {
+  createPublicClient,
+  createWalletClient,
+  formatUnits,
+  http
+} from "viem";
+import { base, baseSepolia } from "viem/chains";
+var SessionCloseFailedError = class extends Error {
+  session;
+  response;
+  capturedAmount;
+  constructor(params) {
+    super(params.message);
+    this.name = "SessionCloseFailedError";
+    this.session = params.session;
+    this.response = params.response;
+    this.capturedAmount = params.capturedAmount;
   }
-  if (typeof value === "object") {
-    const obj = value;
-    const properties = {};
-    const required = [];
-    for (const [k, v] of Object.entries(obj)) {
-      properties[k] = inferSchema(v, depth + 1);
-      required.push(k);
-    }
-    return { type: "object", properties, required };
+};
+var USDC_BASE = "0x833589fcd6edb6e08f4c7c32d4f71b54bda02913";
+var USDC_BASE_SEPOLIA = "0x036CbD53842c5426634e7929541eC2318f3dCF7e";
+var USDC_TEMPO = "0x20c000000000000000000000b9537d11c60e8b50";
+var PATHUSD_TEMPO = "0x20c0000000000000000000000000000000000000";
+var BASE_CHAIN_ID = 8453;
+var TEMPO_CHAIN_ID = 4217;
+var TEMPO_TESTNET_CHAIN_ID = 42431;
+var DEFAULT_MAX_DEPOSIT = "100";
+var KNOWN_EIP712_DOMAINS = {
+  // USDC on Base
+  [USDC_BASE.toLowerCase()]: { name: "USDC", version: "2" },
+  // USDC on Base Sepolia
+  [USDC_BASE_SEPOLIA.toLowerCase()]: { name: "USDC", version: "2" }
+};
+var buildRelayClientOptions = () => ({
+  baseApiUrl: MAINNET_RELAY_API,
+  source: "zero-cli",
+  chains: [convertViemChainToRelayChain(base)]
+});
+var calculateBuffer = (baseBalance) => {
+  const twentyFivePercent = baseBalance / 4n;
+  const twoDollars = 2000000n;
+  return twentyFivePercent < twoDollars ? twentyFivePercent : twoDollars;
+};
+var tempoChain = {
+  id: TEMPO_CHAIN_ID,
+  name: "Tempo",
+  nativeCurrency: { name: "USD", symbol: "USD", decimals: 18 },
+  rpcUrls: {
+    default: { http: ["https://rpc.tempo.xyz"] }
   }
-  return { type: typeOf(value) };
 };
-var typeOf = (v) => {
-  if (v === null) return "null";
-  if (Array.isArray(v)) return "array";
-  return typeof v;
+var tempoTestnetChain = {
+  id: TEMPO_TESTNET_CHAIN_ID,
+  name: "Tempo Testnet",
+  nativeCurrency: { name: "USD", symbol: "USD", decimals: 18 },
+  rpcUrls: {
+    default: { http: ["https://rpc.moderato.tempo.xyz"] }
+  }
 };
-var tryParseJson = (text) => {
+var ERC20_BALANCE_ABI = [
+  {
+    inputs: [{ name: "account", type: "address" }],
+    name: "balanceOf",
+    outputs: [{ name: "", type: "uint256" }],
+    stateMutability: "view",
+    type: "function"
+  }
+];
+var decodeSessionReceiptHeader = (header) => {
+  if (!header) return null;
   try {
-    return JSON.parse(text);
+    const padLen = (4 - header.length % 4) % 4;
+    const padded = header.replace(/-/g, "+").replace(/_/g, "/") + "=".repeat(padLen);
+    const json = Buffer.from(padded, "base64").toString("utf8");
+    const parsed = JSON.parse(json);
+    if (typeof parsed.channelId !== "string" || typeof parsed.acceptedCumulative !== "string" || typeof parsed.spent !== "string" || typeof parsed.challengeId !== "string") {
+      return null;
+    }
+    return parsed;
   } catch {
     return null;
   }
 };
-// src/commands/fetch-command.ts
-var detectPaymentRequirement = (headers, status) => {
-  if (status !== 402) return null;
-  const x402Header = headers.get("payment-required") ?? headers.get("x-payment-required");
-  if (x402Header) {
-    try {
-      const decoded = JSON.parse(
-        Buffer.from(x402Header, "base64").toString("utf8")
+var readSessionReceipt = (response) => decodeSessionReceiptHeader(
+  response.headers.get("Payment-Receipt") ?? response.headers.get("payment-receipt")
+);
+var pickSessionCloseAmount = (receipt, openTimeCumulative) => {
+  if (!receipt) return openTimeCumulative;
+  const accepted = BigInt(receipt.acceptedCumulative);
+  const spent = BigInt(receipt.spent);
+  const fromReceipt = accepted > spent ? accepted : spent;
+  return fromReceipt > openTimeCumulative ? fromReceipt : openTimeCumulative;
+};
+var PaymentService = class {
+  constructor(account, config, deps = {}) {
+    this.account = account;
+    this.config = config;
+    this.fetchOverride = deps.fetchImpl;
+  }
+  relayInitialized = false;
+  fetchOverride;
+  /**
+   * Resolve the fetch implementation lazily so tests can `vi.stubGlobal`
+   * the global `fetch` after the service is constructed.
+   */
+  get fetchImpl() {
+    return this.fetchOverride ?? globalThis.fetch;
+  }
+  getAccount = () => this.account;
+  ensureRelayClient = () => {
+    if (!this.relayInitialized) {
+      createRelayClient(buildRelayClientOptions());
+      this.relayInitialized = true;
+    }
+  };
+  bridgeToTempo = async (requiredAmount, onProgress) => {
+    if (!this.account) throw new Error("No wallet configured");
+    this.ensureRelayClient();
+    const baseBalance = await this.getBalanceRaw("base");
+    const buffer = calculateBuffer(baseBalance);
+    const bridgeAmount = requiredAmount + buffer;
+    if (baseBalance < bridgeAmount) {
+      throw new Error(
+        `Insufficient Base USDC to bridge: have ${formatUnits(baseBalance, 6)}, need ${formatUnits(bridgeAmount, 6)} (${formatUnits(requiredAmount, 6)} + ${formatUnits(buffer, 6)} buffer)`
       );
-      return { protocol: "x402", raw: decoded };
-    } catch {
-      return { protocol: "x402", raw: { encoded: x402Header } };
     }
-  }
-  const wwwAuth = headers.get("www-authenticate");
-  if (wwwAuth?.toLowerCase().includes("payment")) {
-    return { protocol: "mpp", raw: { "www-authenticate": wwwAuth } };
-  }
-  return { protocol: "unknown", raw: {} };
-};
-var fetchCommand = (appContext) => new Command3("fetch").description("Fetch a capability URL with automatic payment handling").argument("<url>", "URL to fetch").option(
-  "-X, --method <method>",
-  "HTTP method (GET, POST, PUT, PATCH, DELETE). Defaults to POST when -d is set, otherwise GET"
-).option("-d, --data <body>", "Request body (JSON string)").option("-H, --header <header...>", "Headers in Key:Value format").option("--max-pay <amount>", "Maximum amount willing to pay (USDC)").option(
-  "--capability <id>",
-  "Bind this fetch to a capability (uid or slug) so a reviewable run is recorded even without a prior `zero search`"
-).option(
-  "--json",
-  "Emit {runId, status, latencyMs, payment, body} as JSON on stdout (for batch/non-TTY use)"
-).action(
-  async (url, options) => {
-    try {
-      const {
-        analyticsService,
-        apiService,
-        paymentService,
-        stateService,
-        walletService
-      } = appContext.services;
-      const startTime = Date.now();
-      const headers = {};
-      if (options.header) {
-        for (const h of options.header) {
-          const colonIdx = h.indexOf(":");
-          if (colonIdx > 0) {
-            headers[h.slice(0, colonIdx).trim()] = h.slice(colonIdx + 1).trim();
-          }
+    onProgress?.(
+      `Bridging ${formatUnits(bridgeAmount, 6)} USDC from Base to Tempo...`
+    );
+    const walletClient = createWalletClient({
+      account: this.account,
+      chain: base,
+      transport: http()
+    });
+    const quote = await getRelayClient().actions.getQuote({
+      chainId: BASE_CHAIN_ID,
+      toChainId: TEMPO_CHAIN_ID,
+      currency: USDC_BASE,
+      toCurrency: USDC_TEMPO,
+      amount: bridgeAmount.toString(),
+      tradeType: "EXACT_INPUT",
+      user: this.account.address,
+      recipient: this.account.address,
+      options: {
+        usePermit: true
+      }
+    });
+    let bridgeTxHash = null;
+    await getRelayClient().actions.execute({
+      quote,
+      wallet: adaptViemWallet(walletClient),
+      onProgress: ({ txHashes }) => {
+        if (txHashes?.length && !bridgeTxHash) {
+          bridgeTxHash = txHashes[0]?.txHash ?? null;
         }
       }
-      const hasContentType = Object.keys(headers).some(
-        (k) => k.toLowerCase() === "content-type"
+    });
+    return bridgeTxHash;
+  };
+  handlePayment = async (url, request, paymentRequirement, maxPay, onProgress) => {
+    if (!this.account) {
+      throw new Error(
+        "No wallet configured \u2014 run `zero init` or set ZERO_PRIVATE_KEY"
       );
-      if (options.data && !hasContentType) {
-        headers["content-type"] = "application/json";
-      }
-      const log = (msg) => console.error(`  ${msg}`);
-      const method = options.method ? options.method.toUpperCase() : options.data ? "POST" : "GET";
-      const requestInit = {
-        method,
-        headers,
-        body: options.data
-      };
-      const lastSearch = stateService.loadLastSearch();
-      const matchedCapability = lastSearch?.capabilities.find(
-        (c) => url.startsWith(c.url)
+    }
+    if (paymentRequirement.protocol === "x402") {
+      onProgress?.("Paying via x402 on Base...");
+      return this.payX402(url, request, paymentRequirement.raw, maxPay);
+    }
+    if (paymentRequirement.protocol === "mpp") {
+      onProgress?.("Paying via MPP on Tempo...");
+      return this.payMpp(
+        url,
+        request,
+        paymentRequirement.raw,
+        maxPay,
+        onProgress
       );
-      const capabilityId = options.capability ?? matchedCapability?.id ?? null;
-      const searchId = matchedCapability ? lastSearch?.searchId : void 0;
-      const skipReasons = [];
-      if (!apiService.walletAddress) {
-        skipReasons.push(
-          "no wallet configured (run `zero wallet import` / set ZERO_PRIVATE_KEY)"
-        );
+    }
+    throw new Error("Unrecognized 402 payment protocol");
+  };
+  payX402 = async (url, request, _raw, maxPay) => {
+    if (!this.account) throw new Error("No wallet configured");
+    let capturedAmount = "0";
+    const client = new X402Client().register(
+      "eip155:*",
+      new ExactEvmScheme(this.account)
+    );
+    client.onBeforePaymentCreation(async (context) => {
+      const selected = context.selectedRequirements;
+      if (selected && (!selected.extra?.name || !selected.extra?.version)) {
+        const known = KNOWN_EIP712_DOMAINS[selected.asset?.toLowerCase() ?? ""];
+        if (known) {
+          selected.extra = { ...selected.extra, ...known };
+        }
       }
-      if (!capabilityId) {
-        skipReasons.push(
+      const requirement = context.paymentRequired.accepts[0];
+      if (!requirement) return;
+      capturedAmount = formatUnits(BigInt(requirement.amount), 6);
+      if (maxPay && Number.parseFloat(capturedAmount) > Number.parseFloat(maxPay)) {
+        return {
+          abort: true,
+          reason: `Payment of ${capturedAmount} USDC exceeds --max-pay ${maxPay}`
+        };
+      }
+    });
+    const httpClient = new x402HTTPClient(client).onPaymentRequired(
+      createSIWxClientHook(this.account)
+    );
+    const wrappedFetch = wrapFetchWithPayment(fetch, httpClient);
+    const response = await wrappedFetch(url, {
+      method: request.method,
+      headers: request.headers,
+      body: request.body
+    });
+    let txHash = null;
+    const paymentResponseHeader = response.headers.get("payment-response") ?? response.headers.get("x-payment-response");
+    if (paymentResponseHeader) {
+      try {
+        const settlement = decodePaymentResponseHeader(paymentResponseHeader);
+        txHash = settlement.transaction ?? null;
+      } catch {
+      }
+    }
+    return {
+      response,
+      protocol: "x402",
+      chain: "base",
+      txHash,
+      amount: capturedAmount,
+      asset: "USDC"
+    };
+  };
+  /**
+   * Shared pre-payment work: compute the Tempo amount we need, enforce
+   * --max-pay, and bridge from Base USDC if the Tempo balance is short.
+   * Invoked from mppx's `onChallenge` — i.e. AFTER the server's 402 and
+   * BEFORE mppx signs a credential — so balance/bridge logic runs in-band
+   * without adding a pre-probe round-trip.
+   */
+  prepareTempoFunds = async (challenge, maxPay, onProgress) => {
+    const challengeRequest = challenge.request;
+    let requiredRaw;
+    if (challenge.intent === "session") {
+      const suggestedDeposit = challengeRequest.suggestedDeposit;
+      requiredRaw = suggestedDeposit ? BigInt(suggestedDeposit) : BigInt(
+        Math.floor(
+          Number.parseFloat(maxPay ?? DEFAULT_MAX_DEPOSIT) * 1e6
+        )
+      );
+    } else {
+      requiredRaw = BigInt(challengeRequest.amount);
+    }
+    const capturedAmount = formatUnits(requiredRaw, 6);
+    if (maxPay && Number.parseFloat(capturedAmount) > Number.parseFloat(maxPay)) {
+      throw new Error(
+        `Payment of ${capturedAmount} USDC exceeds --max-pay ${maxPay}`
+      );
+    }
+    const methodDetails = challengeRequest.methodDetails;
+    const challengeChainId = challengeRequest.chainId ?? methodDetails?.chainId;
+    const isTestnet = challengeChainId === TEMPO_TESTNET_CHAIN_ID;
+    onProgress?.(`Checking Tempo balance...`);
+    const tempoBalance = await this.getBalanceRaw(
+      isTestnet ? "tempo-testnet" : "tempo"
+    );
+    if (tempoBalance < requiredRaw) {
+      if (isTestnet) {
+        throw new Error(
+          `Insufficient pathUSD on Tempo testnet: have ${formatUnits(tempoBalance, 6)}, need ${capturedAmount}. Fund your wallet with the Tempo testnet faucet: https://docs.tempo.xyz/quickstart/faucet`
+        );
+      }
+      await this.bridgeToTempo(requiredRaw, onProgress);
+    }
+    return capturedAmount;
+  };
+  /**
+   * MPP payment entrypoint. Runs a SINGLE `mppx.fetch` and uses mppx's
+   * `onChallenge` callback to run balance/bridge/max-pay logic in-band
+   * with the server's 402. After the 200 comes back, we branch on the
+   * captured challenge intent + whether the tempo method reported the
+   * channel as opened (only session lifecycle fires `onChannelUpdate`).
+   *
+   * Why no pre-probe: a pre-probe adds an extra unauthenticated POST
+   * before mppx's own 402 dance (2 → 3 server-side requests). Session-
+   * intent facilitators that re-run the LLM per request can't reconcile
+   * the extra state and return `410 "channel not found"` on the close.
+   * This mirrors the working production v0.0.21 single-fetch flow.
+   */
+  payMpp = async (url, request, _raw, maxPay, onProgress) => {
+    const account = this.account;
+    if (!account) throw new Error("No wallet configured");
+    let capturedAmount = "0";
+    let capturedChallenge;
+    let channelEntry;
+    const mppx = Mppx.create({
+      polyfill: false,
+      fetch: this.fetchImpl,
+      methods: [
+        tempo({
+          account,
+          maxDeposit: maxPay ?? DEFAULT_MAX_DEPOSIT,
+          onChannelUpdate: (entry) => {
+            channelEntry = {
+              channelId: entry.channelId,
+              escrowContract: entry.escrowContract,
+              cumulativeAmount: entry.cumulativeAmount,
+              opened: entry.opened
+            };
+          }
+        })
+      ],
+      onChallenge: async (challenge) => {
+        capturedChallenge = challenge;
+        capturedAmount = await this.prepareTempoFunds(
+          challenge,
+          maxPay,
+          onProgress
+        );
+        return void 0;
+      }
+    });
+    const response = await mppx.fetch(url, {
+      method: request.method,
+      headers: request.headers,
+      body: request.body
+    });
+    if (capturedChallenge?.intent === "session" && channelEntry?.opened) {
+      return this.completeMppSession({
+        url,
+        request,
+        challenge: capturedChallenge,
+        channelEntry,
+        response,
+        capturedAmount,
+        mppx
+      });
+    }
+    let txHash = null;
+    try {
+      const receipt = Receipt.fromResponse(response);
+      txHash = receipt.reference ?? null;
+    } catch {
+    }
+    return {
+      response,
+      protocol: "mpp",
+      chain: "tempo",
+      txHash,
+      amount: capturedAmount,
+      asset: "USDC"
+    };
+  };
+  /**
+   * Close an opened MPP session channel after the seller returns a 200.
+   *
+   * Decodes the server's `Payment-Receipt` to get the settled
+   * `acceptedCumulative`/`spent`, signs a close voucher at that amount
+   * (never below on-chain settled), and POSTs it back to the seller.
+   * Needed for dynamic-pricing sellers whose open-time `amount` is `0` —
+   * signing close with `cumulativeAmount=0` would be rejected with
+   * `voucher cumulativeAmount is below on-chain settled amount`.
+   *
+   * When the seller's facilitator rejects the close (e.g. strict matching
+   * of fresh challenge IDs per request), `SessionCloseFailedError` is
+   * thrown carrying the session metadata so the caller can record the run
+   * against the orphaned channel.
+   */
+  completeMppSession = async (params) => {
+    const {
+      url,
+      request,
+      challenge,
+      channelEntry,
+      response,
+      capturedAmount,
+      mppx
+    } = params;
+    const challengeRequest = challenge.request;
+    const recipient = challengeRequest.recipient;
+    const methodDetails = challengeRequest.methodDetails;
+    const challengeEscrow = methodDetails?.escrowContract;
+    const challengeChainId = challengeRequest.chainId ?? methodDetails?.chainId;
+    if (!recipient || !challengeEscrow) {
+      throw new Error("session challenge missing recipient/escrowContract");
+    }
+    if (!challengeChainId) {
+      throw new Error("session challenge missing chainId");
+    }
+    const {
+      channelId,
+      escrowContract,
+      cumulativeAmount: openTimeCumulative
+    } = channelEntry;
+    const receipt = readSessionReceipt(response);
+    const closeAmount = pickSessionCloseAmount(receipt, openTimeCumulative);
+    const orphanedSession = {
+      channelId,
+      escrowContract,
+      chainId: challengeChainId,
+      recipient,
+      cumulativeAmount: closeAmount.toString()
+    };
+    const closeFailed = (message) => new SessionCloseFailedError({
+      message,
+      session: orphanedSession,
+      response,
+      capturedAmount
+    });
+    const closeChallengeResponse = new Response("", {
+      status: 402,
+      headers: { "WWW-Authenticate": Challenge.serialize(challenge) }
+    });
+    let closeCredential;
+    try {
+      closeCredential = await mppx.createCredential(closeChallengeResponse, {
+        action: "close",
+        channelId,
+        cumulativeAmountRaw: closeAmount.toString()
+      });
+    } catch (err) {
+      throw closeFailed(
+        `Session close credential build failed for channel ${channelId}: ${err instanceof Error ? err.message : String(err)}`
+      );
+    }
+    const closeMethod = request.method.toUpperCase();
+    const methodCarriesBody = closeMethod === "POST" || closeMethod === "PUT" || closeMethod === "PATCH";
+    const closeResponse = await this.fetchImpl(url, {
+      method: closeMethod,
+      headers: {
+        ...request.headers,
+        // biome-ignore lint/style/useNamingConvention: HTTP header name
+        Authorization: closeCredential
+      },
+      ...methodCarriesBody && request.body ? { body: request.body } : {}
+    });
+    if (!closeResponse.ok) {
+      const body = await closeResponse.text().catch(() => "");
+      throw closeFailed(
+        `Seller rejected close credential (status ${closeResponse.status}${body ? `: ${body.slice(0, 200)}` : ""}) for channel ${channelId}`
+      );
+    }
+    const closeReceipt = readSessionReceipt(closeResponse);
+    return {
+      response,
+      protocol: "mpp",
+      chain: "tempo",
+      txHash: null,
+      amount: capturedAmount,
+      asset: "USDC",
+      session: {
+        channelId,
+        escrowContract,
+        chainId: challengeChainId,
+        recipient,
+        cumulativeAmount: closeReceipt?.acceptedCumulative ?? closeAmount.toString()
+      }
+    };
+  };
+  resolveChainConfig = (chain) => {
+    switch (chain) {
+      case "base":
+        return { viemChain: base, token: USDC_BASE };
+      case "base-sepolia":
+        return { viemChain: baseSepolia, token: USDC_BASE_SEPOLIA };
+      case "tempo":
+        return { viemChain: tempoChain, token: USDC_TEMPO };
+      case "tempo-testnet":
+        return { viemChain: tempoTestnetChain, token: PATHUSD_TEMPO };
+    }
+  };
+  getBalanceRaw = async (chain) => {
+    if (!this.account) return 0n;
+    const { viemChain, token } = this.resolveChainConfig(chain);
+    const client = createPublicClient({
+      chain: viemChain,
+      transport: http()
+    });
+    const balance = await client.readContract({
+      address: token,
+      abi: ERC20_BALANCE_ABI,
+      functionName: "balanceOf",
+      args: [this.account.address]
+    });
+    return balance;
+  };
+  getBalance = async (chain) => {
+    const raw = await this.getBalanceRaw(chain);
+    return { amount: formatUnits(raw, 6), asset: "USDC" };
+  };
+  /**
+   * Total spendable USDC across Base and Tempo. Users (and their agents)
+   * shouldn't need to know which chain holds funds — the CLI bridges to
+   * Tempo on demand, so the reported balance sums both sides.
+   */
+  getTotalBalance = async () => {
+    const [baseRaw, tempoRaw] = await Promise.all([
+      this.getBalanceRaw("base"),
+      this.getBalanceRaw("tempo")
+    ]);
+    return { amount: formatUnits(baseRaw + tempoRaw, 6), asset: "USDC" };
+  };
+};
+// src/util/infer-schema.ts
+var inferSchema = (value, depth = 0) => {
+  if (depth > 6) return { type: typeOf(value) };
+  if (value === null) return { type: "null" };
+  if (Array.isArray(value)) {
+    const itemSchemas = value.slice(0, 3).map((v) => inferSchema(v, depth + 1));
+    return {
+      type: "array",
+      items: itemSchemas[0] ?? { type: "unknown" }
+    };
+  }
+  if (typeof value === "object") {
+    const obj = value;
+    const properties = {};
+    const required = [];
+    for (const [k, v] of Object.entries(obj)) {
+      properties[k] = inferSchema(v, depth + 1);
+      required.push(k);
+    }
+    return { type: "object", properties, required };
+  }
+  return { type: typeOf(value) };
+};
+var typeOf = (v) => {
+  if (v === null) return "null";
+  if (Array.isArray(v)) return "array";
+  return typeof v;
+};
+var tryParseJson = (text) => {
+  try {
+    return JSON.parse(text);
+  } catch {
+    return null;
+  }
+};
+// src/util/redact.ts
+var ERROR_MAX = 500;
+var QUERY_MAX = 200;
+var redactUrl = (raw) => {
+  try {
+    const parsed = new URL(raw);
+    return `${parsed.origin}${parsed.pathname}`;
+  } catch {
+    return raw;
+  }
+};
+var truncateQuery = (raw) => raw.length > QUERY_MAX ? `${raw.slice(0, QUERY_MAX)}\u2026` : raw;
+var truncateError = (raw) => raw.length > ERROR_MAX ? `${raw.slice(0, ERROR_MAX)}\u2026` : raw;
+// src/commands/fetch-command.ts
+var isTextContentType = (contentType) => {
+  if (!contentType) return true;
+  const ct = contentType.toLowerCase().split(";")[0]?.trim() ?? "";
+  if (ct.startsWith("text/")) return true;
+  if (ct === "application/json" || ct.endsWith("+json")) return true;
+  if (ct === "application/xml" || ct.endsWith("+xml")) return true;
+  if (ct === "application/javascript" || ct === "application/ecmascript") {
+    return true;
+  }
+  if (ct === "application/x-www-form-urlencoded") return true;
+  return false;
+};
+var detectPaymentRequirement = (headers, status) => {
+  if (status !== 402) return null;
+  const x402Header = headers.get("payment-required") ?? headers.get("x-payment-required");
+  if (x402Header) {
+    try {
+      const decoded = JSON.parse(
+        Buffer.from(x402Header, "base64").toString("utf8")
+      );
+      return { protocol: "x402", raw: decoded };
+    } catch {
+      return { protocol: "x402", raw: { encoded: x402Header } };
+    }
+  }
+  const wwwAuth = headers.get("www-authenticate");
+  if (wwwAuth?.toLowerCase().includes("payment")) {
+    return { protocol: "mpp", raw: { "www-authenticate": wwwAuth } };
+  }
+  return { protocol: "unknown", raw: {} };
+};
+var fetchCommand = (appContext) => new Command3("fetch").description("Fetch a capability URL with automatic payment handling").argument("<url>", "URL to fetch").option(
+  "-X, --method <method>",
+  "HTTP method (GET, POST, PUT, PATCH, DELETE). Defaults to POST when -d is set, otherwise GET"
+).option("-d, --data <body>", "Request body (JSON string)").option("-H, --header <header...>", "Headers in Key:Value format").option("--max-pay <amount>", "Maximum amount willing to pay (USDC)").option(
+  "--capability <id>",
+  "Bind this fetch to a capability (uid or slug) so a reviewable run is recorded even without a prior `zero search`"
+).option(
+  "--json",
+  "Emit {runId, status, latencyMs, payment, body} as JSON on stdout (for batch/non-TTY use)"
+).option(
+  "--agent <name>",
+  "Identify your agent host for this invocation (e.g. claude-web, codex). Overrides auto-detect for this call only."
+).action(
+  async (url, options) => {
+    try {
+      const {
+        analyticsService,
+        apiService,
+        paymentService,
+        stateService,
+        walletService
+      } = appContext.services;
+      const startTime = Date.now();
+      const headers = {};
+      if (options.header) {
+        for (const h of options.header) {
+          const colonIdx = h.indexOf(":");
+          if (colonIdx > 0) {
+            headers[h.slice(0, colonIdx).trim()] = h.slice(colonIdx + 1).trim();
+          }
+        }
+      }
+      const hasContentType = Object.keys(headers).some(
+        (k) => k.toLowerCase() === "content-type"
+      );
+      if (options.data && !hasContentType) {
+        headers["content-type"] = "application/json";
+      }
+      const log = (msg) => console.error(`  ${msg}`);
+      const method = options.method ? options.method.toUpperCase() : options.data ? "POST" : "GET";
+      const requestInit = {
+        method,
+        headers,
+        body: options.data
+      };
+      const lastSearch = stateService.loadLastSearch();
+      const matchedCapability = lastSearch?.capabilities.find(
+        (c) => url.startsWith(c.url)
+      );
+      const capabilityId = options.capability ?? matchedCapability?.id ?? null;
+      const searchId = matchedCapability ? lastSearch?.searchId : void 0;
+      const skipReasons = [];
+      if (!apiService.walletAddress) {
+        skipReasons.push(
+          "no wallet configured (run `zero wallet import` / set ZERO_PRIVATE_KEY)"
+        );
+      }
+      if (!capabilityId) {
+        skipReasons.push(
           "no capability resolved \u2014 pass --capability <uid|slug> or run `zero search` first so the URL can be matched"
         );
       }
       let finalResponse;
+      let bodyBytes;
       let body = "";
+      let bodyIsBinary = false;
       let paymentMeta;
+      let sessionMeta;
       let fetchError;
       try {
         log(`Calling ${url}...`);
@@ -711,30 +1279,73 @@ var fetchCommand = (appContext) => new Command3("fetch").description("Fetch a ca
             chain: result.chain,
             txHash: result.txHash,
             amount: result.amount,
-            asset: result.asset
+            asset: result.asset,
+            ...result.session && { session: result.session }
           };
           log(
             `Paid ${result.amount} ${result.asset} via ${result.protocol} on ${result.chain}`
           );
+          if (result.session) {
+            sessionMeta = result.session;
+            log(
+              `MPP session closed \u2014 channel ${result.session.channelId.slice(0, 10)}... \u2192 ${result.session.recipient.slice(0, 8)}... (${formatUnits2(BigInt(result.session.cumulativeAmount), 6)} USDC settled)`
+            );
+          }
         } else {
           finalResponse = response;
         }
-        body = await finalResponse.text();
+        const buf = Buffer.from(await finalResponse.arrayBuffer());
+        bodyBytes = buf;
+        bodyIsBinary = !isTextContentType(
+          finalResponse.headers.get("content-type")
+        );
+        body = bodyIsBinary ? "" : buf.toString("utf8");
       } catch (err) {
-        fetchError = err instanceof Error ? err : new Error(String(err));
+        if (err instanceof SessionCloseFailedError) {
+          finalResponse = err.response;
+          try {
+            const buf = Buffer.from(await err.response.arrayBuffer());
+            bodyBytes = buf;
+            bodyIsBinary = !isTextContentType(
+              err.response.headers.get("content-type")
+            );
+            body = bodyIsBinary ? "" : buf.toString("utf8");
+          } catch {
+            body = "";
+          }
+          paymentMeta = {
+            protocol: "mpp",
+            chain: "tempo",
+            txHash: null,
+            amount: err.capturedAmount,
+            asset: "USDC",
+            session: err.session
+          };
+          sessionMeta = err.session;
+          fetchError = err;
+          console.error(
+            [
+              "",
+              "  WARNING: failed to auto-close MPP session.",
+              `  ${err.message}`,
+              `  Channel ${err.session.channelId} is still open on chain \u2014 see payment.session in --json output.`,
+              "  Contact the seller to settle the channel from their facilitator, or use",
+              "  your wallet to call escrow.close/requestClose directly.",
+              ""
+            ].join("\n")
+          );
+        } else {
+          fetchError = err instanceof Error ? err : new Error(String(err));
+        }
       }
       const latencyMs = Date.now() - startTime;
       if (finalResponse && !options.json) {
-        console.log(body);
+        if (bodyIsBinary && bodyBytes) {
+          process.stdout.write(bodyBytes);
+        } else {
+          console.log(body);
+        }
       }
-      analyticsService.capture("fetch_executed", {
-        url,
-        status: finalResponse?.status,
-        hasPayment: !!paymentMeta,
-        paymentProtocol: paymentMeta?.protocol,
-        paymentAmount: paymentMeta?.amount,
-        ...fetchError && { error: fetchError.message }
-      });
       if (paymentMeta) {
         try {
           const balance = await walletService.getBalance();
@@ -747,6 +1358,11 @@ var fetchCommand = (appContext) => new Command3("fetch").description("Fetch a ca
   Warning: Balance is $${balance.amount} \u2014 run \`zero wallet fund\` soon.
 `
               );
+              analyticsService.capture("low_balance_warning_shown", {
+                balance: balance.amount,
+                threshold,
+                paymentProtocol: paymentMeta.protocol
+              });
             }
           }
         } catch {
@@ -782,7 +1398,7 @@ var fetchCommand = (appContext) => new Command3("fetch").description("Fetch a ca
               paymentProtocol: paymentMeta.protocol,
               paymentChain: paymentMeta.chain,
               paymentTxHash: paymentMeta.txHash ?? void 0,
-              paymentMode: "charge"
+              paymentMode: sessionMeta ? "session" : "charge"
             }
           });
           runId = runResult.runId;
@@ -792,17 +1408,35 @@ var fetchCommand = (appContext) => new Command3("fetch").description("Fetch a ca
           );
         }
       }
+      const status = finalResponse?.status;
+      const outcome = !finalResponse ? "network_error" : status === 402 && !paymentMeta ? "payment_failed" : status !== void 0 && status >= 400 && status !== 402 ? "server_error" : "success";
+      analyticsService.capture("fetch_executed", {
+        url: redactUrl(url),
+        status,
+        outcome,
+        latencyMs,
+        hasPayment: !!paymentMeta,
+        paymentProtocol: paymentMeta?.protocol,
+        paymentAmount: paymentMeta?.amount,
+        capabilityId: capabilityId ?? void 0,
+        searchId: searchId ?? void 0,
+        runId: runId ?? void 0,
+        runTracked: !!runId,
+        ...fetchError && { error: truncateError(fetchError.message) }
+      });
       if (fetchError && !options.json) {
         console.error(`  Fetch failed: ${fetchError.message}`);
       }
       if (options.json) {
+        const jsonBody = !finalResponse ? null : bodyIsBinary ? (bodyBytes ?? Buffer.alloc(0)).toString("base64") : body;
         console.log(
           JSON.stringify({
             runId,
             status: finalResponse?.status ?? null,
             latencyMs,
             payment: paymentMeta ?? null,
-            body: finalResponse ? body : null,
+            body: jsonBody,
+            ...bodyIsBinary && { bodyEncoding: "base64" },
             ...fetchError && { error: fetchError.message },
             ...skipReasons.length > 0 && {
               runTrackingSkipped: skipReasons
@@ -907,7 +1541,10 @@ var getCommand = (appContext) => new Command4("get").description(
 ).argument(
   "<identifier>",
   "Position number from search results, or a capability slug"
-).option("--formatted", "Output formatted trust breakdown").action(async (identifier, options) => {
+).option("--formatted", "Output formatted trust breakdown").option(
+  "--agent <name>",
+  "Identify your agent host for this invocation. Overrides auto-detect for this call only."
+).action(async (identifier, options) => {
   try {
     const { analyticsService, apiService, stateService } = appContext.services;
     const position = Number.parseInt(identifier, 10);
@@ -947,7 +1584,9 @@ var getCommand = (appContext) => new Command4("get").description(
     }
     analyticsService.capture("capability_viewed", {
       capabilityId,
-      ...isPosition ? { position } : {}
+      fromLastSearch: isPosition,
+      ...isPosition ? { position } : {},
+      ...searchId ? { searchId } : {}
     });
   } catch (err) {
     console.error(err instanceof Error ? err.message : "Get failed");
@@ -1171,107 +1810,126 @@ var installSkills = (home) => {
   return installed;
 };
 var initCommand = (appContext) => new Command5("init").description("Initialize Zero CLI for usage").option("--force", "Overwrite existing configuration").action(async (options) => {
-  const home = homedir2();
-  const zeroDir = join2(home, ".zero");
-  const configPath = join2(zeroDir, "config.json");
-  let walletCreated = false;
-  let walletAddress = null;
-  const walletExists = (() => {
-    if (!existsSync2(configPath)) return false;
-    try {
-      const existing = JSON.parse(readFileSync3(configPath, "utf8"));
-      return !!existing.privateKey;
-    } catch {
-      return false;
-    }
-  })();
-  if (!walletExists || options.force) {
-    const privateKey = generatePrivateKey();
-    const account = privateKeyToAccount(privateKey);
-    mkdirSync2(zeroDir, { recursive: true });
-    const existing = existsSync2(configPath) ? JSON.parse(readFileSync3(configPath, "utf8")) : {};
-    writeFileSync2(
-      configPath,
-      JSON.stringify(
-        { ...existing, privateKey, lowBalanceWarning: 1 },
-        null,
-        2
-      )
-    );
-    walletCreated = true;
-    walletAddress = account.address;
-    console.log(`Wallet address: ${account.address}`);
-  } else {
-    try {
-      const existing = JSON.parse(readFileSync3(configPath, "utf8"));
-      const account = privateKeyToAccount(existing.privateKey);
+  appContext.services.analyticsService.capture("init_started", {
+    force: options.force ?? false
+  });
+  let currentStep = "wallet";
+  try {
+    const home = homedir2();
+    const zeroDir = join2(home, ".zero");
+    const configPath = join2(zeroDir, "config.json");
+    let walletCreated = false;
+    let walletAddress = null;
+    const walletExists = (() => {
+      if (!existsSync2(configPath)) return false;
+      try {
+        const existing = JSON.parse(readFileSync3(configPath, "utf8"));
+        return !!existing.privateKey;
+      } catch {
+        return false;
+      }
+    })();
+    if (!walletExists || options.force) {
+      const privateKey = generatePrivateKey();
+      const account = privateKeyToAccount(privateKey);
+      mkdirSync2(zeroDir, { recursive: true });
+      const existing = existsSync2(configPath) ? JSON.parse(readFileSync3(configPath, "utf8")) : {};
+      writeFileSync2(
+        configPath,
+        JSON.stringify(
+          { ...existing, privateKey, lowBalanceWarning: 1 },
+          null,
+          2
+        )
+      );
+      walletCreated = true;
       walletAddress = account.address;
-    } catch {
+      console.log(`Wallet address: ${account.address}`);
+    } else {
+      try {
+        const existing = JSON.parse(readFileSync3(configPath, "utf8"));
+        const account = privateKeyToAccount(existing.privateKey);
+        walletAddress = account.address;
+      } catch {
+      }
     }
-  }
-  const agentsDetected = [];
-  const agentsWithSkills = [];
-  let skillsError = null;
-  let hookInstalled = false;
-  let hookError = null;
-  for (const tool of AGENT_TOOLS) {
-    if (existsSync2(join2(home, tool.configDir))) {
-      agentsDetected.push(tool.name);
+    const agentsDetected = [];
+    const agentsWithSkills = [];
+    let skillsError = null;
+    let hookInstalled = false;
+    let hookError = null;
+    for (const tool of AGENT_TOOLS) {
+      if (existsSync2(join2(home, tool.configDir))) {
+        agentsDetected.push(tool.name);
+      }
     }
-  }
-  try {
-    const installed = installSkills(home);
-    for (const entry of installed) {
-      const toolName = entry.split(":")[0];
-      if (toolName && !agentsWithSkills.includes(toolName)) {
-        agentsWithSkills.push(toolName);
+    currentStep = "skills";
+    try {
+      const installed = installSkills(home);
+      for (const entry of installed) {
+        const toolName = entry.split(":")[0];
+        if (toolName && !agentsWithSkills.includes(toolName)) {
+          agentsWithSkills.push(toolName);
+        }
       }
+    } catch (err) {
+      skillsError = err instanceof Error ? err.message : "unknown skills error";
     }
-  } catch (err) {
-    skillsError = err instanceof Error ? err.message : "unknown skills error";
-  }
-  try {
-    hookInstalled = installHook(home);
-  } catch (err) {
-    hookError = err instanceof Error ? err.message : "unknown hook error";
-  }
-  const conflictingSkills = findConflictingSkills(home);
-  if (conflictingSkills.length > 0) {
-    const skillList = conflictingSkills.map((s) => `  - ${s.tool}: ${s.skillName}`).join("\n");
-    console.error(
-      `
+    currentStep = "hook";
+    try {
+      hookInstalled = installHook(home);
+    } catch (err) {
+      hookError = err instanceof Error ? err.message : "unknown hook error";
+    }
+    currentStep = "cleanup_scan";
+    const conflictingSkills = findConflictingSkills(home);
+    if (conflictingSkills.length > 0) {
+      const skillList = conflictingSkills.map((s) => `  - ${s.tool}: ${s.skillName}`).join("\n");
+      console.error(
+        `
 Found deprecated skills that may conflict with Zero:
 ${skillList}
 To remove them, run: zero init cleanup`
+      );
+    }
+    console.error(
+      'Zero is ready! Run `zero search` to find capabilities.\n\nBy using Zero, you agree to our Terms of Service:\n  https://zero.xyz/terms-of-service\n\nRun `zero terms` to view the full terms.\n\nTry:\n  zero search "translate text to Spanish"\n  zero search "generate an image"\n  zero search "weather forecast"'
     );
+    currentStep = "complete";
+    appContext.services.analyticsService.capture("wallet_initialized", {
+      // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+      wallet_created: walletCreated,
+      // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+      wallet_address: walletAddress,
+      // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+      agents_detected: agentsDetected,
+      // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+      agents_detected_count: agentsDetected.length,
+      // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+      skills_installed: agentsWithSkills.length > 0,
+      // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+      skills_installed_for: agentsWithSkills,
+      // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+      skills_error: skillsError,
+      // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+      hook_installed: hookInstalled,
+      // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+      hook_error: hookError,
+      // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+      conflicting_skills_found: conflictingSkills.length,
+      force: options.force ?? false
+    });
+  } catch (err) {
+    appContext.services.analyticsService.capture("init_failed", {
+      step: currentStep,
+      error: truncateError(
+        err instanceof Error ? err.message : String(err)
+      ),
+      force: options.force ?? false
+    });
+    throw err;
   }
-  console.error(
-    'Zero is ready! Run `zero search` to find capabilities.\n\nTry:\n  zero search "translate text to Spanish"\n  zero search "generate an image"\n  zero search "weather forecast"'
-  );
-  appContext.services.analyticsService.capture("wallet_initialized", {
-    // biome-ignore lint/style/useNamingConvention: snake_case for analytics
-    wallet_created: walletCreated,
-    // biome-ignore lint/style/useNamingConvention: snake_case for analytics
-    wallet_address: walletAddress,
-    // biome-ignore lint/style/useNamingConvention: snake_case for analytics
-    agents_detected: agentsDetected,
-    // biome-ignore lint/style/useNamingConvention: snake_case for analytics
-    agents_detected_count: agentsDetected.length,
-    // biome-ignore lint/style/useNamingConvention: snake_case for analytics
-    skills_installed: agentsWithSkills.length > 0,
-    // biome-ignore lint/style/useNamingConvention: snake_case for analytics
-    skills_installed_for: agentsWithSkills,
-    // biome-ignore lint/style/useNamingConvention: snake_case for analytics
-    skills_error: skillsError,
-    // biome-ignore lint/style/useNamingConvention: snake_case for analytics
-    hook_installed: hookInstalled,
-    // biome-ignore lint/style/useNamingConvention: snake_case for analytics
-    hook_error: hookError,
-    // biome-ignore lint/style/useNamingConvention: snake_case for analytics
-    conflicting_skills_found: conflictingSkills.length,
-    force: options.force ?? false
-  });
 }).addCommand(
   new Command5("cleanup").description(
     "Remove deprecated skills (zam, tempo) that conflict with Zero"
@@ -1285,7 +1943,7 @@ To remove them, run: zero init cleanup`
     const removedList = removed.map((s) => `  - ${s}`).join("\n");
     console.error(`Removed deprecated skills:
 ${removedList}`);
-    appContext.services.analyticsService.capture("skills_cleanup", {
+    appContext.services.analyticsService.capture("skills_cleaned_up", {
       // biome-ignore lint/style/useNamingConvention: snake_case for analytics
       skills_removed: removed,
       // biome-ignore lint/style/useNamingConvention: snake_case for analytics
@@ -1329,6 +1987,9 @@ Examples:
 ).option("--success", "The capability succeeded").option("--no-success", "The capability failed").option("--accuracy <n>", "Accuracy rating (1-5)", Number.parseInt).option("--value <n>", "Value rating (1-5)", Number.parseInt).option("--reliability <n>", "Reliability rating (1-5)", Number.parseInt).option("--content <text>", "Optional review text").option(
   "--from-file <path>",
   "Submit reviews in bulk from a JSONL file (one review object per line: {runId, success, accuracy, value, reliability, content?})"
+).option(
+  "--agent <name>",
+  "Identify your agent host for this invocation. Overrides auto-detect for this call only."
 ).action(
   async (runId, options) => {
     try {
@@ -1350,6 +2011,10 @@ Examples:
             analyticsService.capture("review_submitted", {
               runId: parsed.runId,
               success: parsed.success,
+              accuracy: parsed.accuracy,
+              value: parsed.value,
+              reliability: parsed.reliability,
+              hasContent: !!parsed.content,
               bulk: true
             });
           } catch (err) {
@@ -1432,7 +2097,12 @@ Bulk review complete: ${ok} ok, ${failed} failed`);
       console.log(`Review submitted: ${result.reviewId}`);
       analyticsService.capture("review_submitted", {
         runId,
-        success: options.success
+        success: options.success,
+        accuracy,
+        value,
+        reliability,
+        hasContent: !!options.content,
+        resolvedByCapability: !!options.capability
       });
     } catch (err) {
       console.error(err instanceof Error ? err.message : "Review failed");
@@ -1457,6 +2127,9 @@ Examples:
   "--limit <n>",
   "Max rows (1-100, default 25)",
   (v) => Number.parseInt(v, 10)
+).option(
+  "--agent <name>",
+  "Identify your agent host for this invocation. Overrides auto-detect for this call only."
 ).action(
   async (options) => {
     try {
@@ -1538,6 +2211,9 @@ var searchCommand = (appContext) => new Command8("search").description("Search f
 ).option(
   "--exclude-source <source>",
   "Exclude results from this crawl source"
+).option(
+  "--agent <name>",
+  "Identify your agent host for this invocation (e.g. claude-web, codex). Overrides auto-detect for this call only."
 ).action(
   async (query, options) => {
     try {
@@ -1572,8 +2248,24 @@ var searchCommand = (appContext) => new Command8("search").description("Search f
         excludeSource: options.excludeSource
       });
       analyticsService.capture("search_executed", {
-        query,
-        resultCount: result.capabilities.length
+        query: truncateQuery(query),
+        queryLength: query.length,
+        resultCount: result.capabilities.length,
+        searchId: result.searchId,
+        total: result.total,
+        hasMore: result.hasMore,
+        offset: options.offset,
+        limit: options.limit,
+        freeOnly: options.free ?? false,
+        maxCost: options.maxCost,
+        minRating: options.minRating,
+        protocol: options.protocol,
+        minTrust: options.minTrust,
+        availabilityStatus: options.status,
+        includeAll: options.all ?? false,
+        source: options.source,
+        excludeSource: options.excludeSource,
+        json: options.json ?? false
       });
       if (options.json) {
         console.log(JSON.stringify(result, null, 2));
@@ -1606,14 +2298,34 @@ var searchCommand = (appContext) => new Command8("search").description("Search f
   }
 );
+// src/commands/terms-command.ts
+import { Command as Command9 } from "commander";
+var TERMS_URL = "https://zero.xyz/terms-of-service";
+var termsCommand = (_appContext) => new Command9("terms").description("View the ZeroClick Terms of Service").action(async () => {
+  console.log(
+    `ZeroClick Agentic Capability Search \u2014 Terms of Service
+By using Zero, you agree to our Terms of Service.
+Read the full terms at: ${TERMS_URL}
+`
+  );
+  try {
+    const { exec } = await import("child_process");
+    const openCmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
+    exec(`${openCmd} ${TERMS_URL}`);
+  } catch {
+  }
+});
 // src/commands/wallet-command.ts
 import { existsSync as existsSync3, mkdirSync as mkdirSync3, readFileSync as readFileSync5, writeFileSync as writeFileSync3 } from "fs";
 import { homedir as homedir3 } from "os";
 import { join as join3 } from "path";
-import { Command as Command9 } from "commander";
+import { Command as Command10 } from "commander";
 import open from "open";
 import { privateKeyToAccount as privateKeyToAccount2 } from "viem/accounts";
-var walletBalanceCommand = (appContext) => new Command9("balance").description("Show wallet balance").action(async () => {
+var walletBalanceCommand = (appContext) => new Command10("balance").description("Show wallet balance").action(async () => {
   const { walletService } = appContext.services;
   const balance = await walletService.getBalance();
   if (balance === null) {
@@ -1628,7 +2340,11 @@ var walletBalanceCommand = (appContext) => new Command9("balance").description("
   }
   console.log(`${balance.amount} ${balance.asset}`);
 });
-var walletFundCommand = (appContext) => new Command9("fund").description("Fund your wallet").argument("[amount]", "Amount to fund in USDC").option("--manual", "Show wallet address for manual transfer").action(
+var walletFundCommand = (appContext) => new Command10("fund").description("Fund your wallet").argument("[amount]", "Amount to fund in USDC").option("--manual", "Show wallet address for manual transfer").option(
+  "--use <provider>",
+  "Onramp provider: coinbase or stripe",
+  "coinbase"
+).action(
   async (amount, options) => {
     const { analyticsService, walletService } = appContext.services;
     const address = walletService.getAddress();
@@ -1646,7 +2362,11 @@ ${address}`);
       });
       return;
     }
-    const url = await appContext.services.apiService.getFundingUrl(amount);
+    const provider = options.use === "stripe" ? "stripe" : "coinbase";
+    const url = await appContext.services.apiService.getFundingUrl(
+      amount,
+      provider
+    );
     if (url) {
       await open(url);
       console.log("Opened funding page in your browser.");
@@ -1665,7 +2385,7 @@ ${address}`);
     }
   }
 );
-var walletAddressCommand = (appContext) => new Command9("address").description("Show wallet address").action(() => {
+var walletAddressCommand = (appContext) => new Command10("address").description("Show wallet address").action(() => {
   const { walletService } = appContext.services;
   const address = walletService.getAddress();
   if (!address) {
@@ -1675,7 +2395,7 @@ var walletAddressCommand = (appContext) => new Command9("address").description("
   }
   console.log(address);
 });
-var walletSetCommand = (appContext) => new Command9("set").description("Set wallet from an existing private key").argument("<privateKey>", "Hex-encoded private key (0x-prefixed)").option("--force", "Overwrite existing wallet without prompting").action(async (privateKey, options) => {
+var walletSetCommand = (appContext) => new Command10("set").description("Set wallet from an existing private key").argument("<privateKey>", "Hex-encoded private key (0x-prefixed)").option("--force", "Overwrite existing wallet without prompting").action(async (privateKey, options) => {
   const { analyticsService } = appContext.services;
   if (!privateKey.startsWith("0x")) {
     console.error("Private key must be 0x-prefixed hex string.");
@@ -1727,7 +2447,7 @@ var walletSetCommand = (appContext) => new Command9("set").description("Set wall
   });
 });
 var walletCommand = (appContext) => {
-  const cmd = new Command9("wallet").description("Manage your wallet");
+  const cmd = new Command10("wallet").description("Manage your wallet");
   cmd.addCommand(walletBalanceCommand(appContext));
   cmd.addCommand(walletFundCommand(appContext));
   cmd.addCommand(walletAddressCommand(appContext));
@@ -1738,436 +2458,191 @@ var walletCommand = (appContext) => {
 // src/app.ts
 var createApp = (appContext) => {
   const { analyticsService } = appContext.services;
-  const program = new Command10().name("zero").description("Zero CLI \u2014 Search engine and payment platform for AI agents").version(package_default.version, "-v, --version").exitOverride().hook("preAction", (_thisCommand, actionCommand) => {
+  const program = new Command11().name("zero").description("Zero CLI \u2014 Search engine and payment platform for AI agents").version(package_default.version, "-v, --version").exitOverride().hook("preAction", async (_thisCommand, actionCommand) => {
+    const agentFlag = actionCommand.opts().agent;
+    if (typeof agentFlag === "string" && agentFlag.trim().length > 0) {
+      analyticsService.setAgentHost(agentFlag.trim());
+    }
+    appContext.invocation.current = {
+      command: actionCommand.name(),
+      startMs: Date.now()
+    };
     analyticsService.capture("command_executed", {
       command: actionCommand.name()
     });
   });
   program.addCommand(initCommand(appContext));
   program.addCommand(searchCommand(appContext));
-  program.addCommand(getCommand(appContext));
-  program.addCommand(fetchCommand(appContext));
-  program.addCommand(reviewCommand(appContext));
-  program.addCommand(runsCommand(appContext));
-  program.addCommand(bugReportCommand(appContext));
-  program.addCommand(walletCommand(appContext));
-  program.addCommand(configCommand(appContext));
-  return program;
-};
-// src/app/app-env.ts
-import z4 from "zod";
-var envSchema = z4.object({
-  ZERO_API_URL: z4.string().default("https://api.zero.xyz"),
-  ZERO_PRIVATE_KEY: z4.string().optional()
-});
-var getEnv = () => {
-  try {
-    return envSchema.parse(process.env);
-  } catch (error) {
-    console.error("Error parsing environment variables");
-    console.error(error);
-    return null;
-  }
-};
-// src/app/app-services.ts
-import { existsSync as existsSync6, readFileSync as readFileSync8 } from "fs";
-import { homedir as homedir4 } from "os";
-import { join as join5 } from "path";
-import { privateKeyToAccount as privateKeyToAccount3 } from "viem/accounts";
-// src/services/analytics-service.ts
-import { randomUUID } from "crypto";
-import { existsSync as existsSync4, mkdirSync as mkdirSync4, readFileSync as readFileSync6, writeFileSync as writeFileSync4 } from "fs";
-import { dirname as dirname2 } from "path";
-import { PostHog } from "posthog-node";
-var POSTHOG_API_KEY = "phc_B2vLyNxAf2mnqvdPQajf4d4b2iXc35dep2ZrvebMJLuX";
-var POSTHOG_HOST = "https://us.i.posthog.com";
-var AnalyticsService = class {
-  posthog;
-  distinctId;
-  cliVersion;
-  constructor(opts) {
-    this.cliVersion = opts.cliVersion;
-    let telemetryEnabled = true;
-    let persistedAnonId;
-    try {
-      if (existsSync4(opts.configPath)) {
-        const config = JSON.parse(readFileSync6(opts.configPath, "utf8"));
-        if (config.telemetry === false) {
-          telemetryEnabled = false;
-        }
-        if (typeof config.anonId === "string") {
-          persistedAnonId = config.anonId;
-        }
-      }
-    } catch {
-    }
-    if (!telemetryEnabled) {
-      this.posthog = null;
-      this.distinctId = "";
-      return;
-    }
-    if (opts.walletAddress) {
-      this.distinctId = opts.walletAddress;
-    } else if (persistedAnonId) {
-      this.distinctId = persistedAnonId;
-    } else {
-      const newAnonId = randomUUID();
-      this.distinctId = newAnonId;
-      try {
-        const dir = dirname2(opts.configPath);
-        mkdirSync4(dir, { recursive: true });
-        const existing = existsSync4(opts.configPath) ? JSON.parse(readFileSync6(opts.configPath, "utf8")) : {};
-        writeFileSync4(
-          opts.configPath,
-          JSON.stringify({ ...existing, anonId: newAnonId }, null, 2)
-        );
-      } catch {
-      }
-    }
-    const originalConsoleError = console.error;
-    console.error = (...args) => {
-      const first = args[0];
-      if (typeof first === "string" && first.includes("Error while flushing PostHog")) {
-        return;
-      }
-      originalConsoleError.apply(console, args);
-    };
-    this.posthog = new PostHog(POSTHOG_API_KEY, {
-      host: POSTHOG_HOST,
-      flushAt: 1,
-      flushInterval: 0
-    });
-    this.posthog.on("error", () => {
-    });
-  }
-  capture(event, properties) {
-    if (!this.posthog) return;
-    this.posthog.capture({
-      distinctId: this.distinctId,
-      event,
-      properties: {
-        source: "cli",
-        // biome-ignore lint/style/useNamingConvention: snake_case is standard for analytics event properties
-        cli_version: this.cliVersion,
-        ...properties
-      }
-    });
-  }
-  async shutdown() {
-    if (!this.posthog) return;
-    try {
-      await this.posthog.shutdown();
-    } catch {
-    }
-  }
-};
-// src/services/payment-service.ts
-import {
-  adaptViemWallet,
-  convertViemChainToRelayChain,
-  createClient as createRelayClient,
-  getClient as getRelayClient,
-  MAINNET_RELAY_API
-} from "@relayprotocol/relay-sdk";
-import { x402Client as X402Client } from "@x402/core/client";
-import { decodePaymentResponseHeader, x402HTTPClient } from "@x402/core/http";
-import { ExactEvmScheme } from "@x402/evm/exact/client";
-import { createSIWxClientHook } from "@x402/extensions/sign-in-with-x";
-import { wrapFetchWithPayment } from "@x402/fetch";
-import { Receipt } from "mppx";
-import { Mppx, tempo } from "mppx/client";
-import {
-  createPublicClient,
-  createWalletClient,
-  formatUnits,
-  http
-} from "viem";
-import { base, baseSepolia } from "viem/chains";
-var USDC_BASE = "0x833589fcd6edb6e08f4c7c32d4f71b54bda02913";
-var USDC_BASE_SEPOLIA = "0x036CbD53842c5426634e7929541eC2318f3dCF7e";
-var USDC_TEMPO = "0x20c000000000000000000000b9537d11c60e8b50";
-var PATHUSD_TEMPO = "0x20c0000000000000000000000000000000000000";
-var BASE_CHAIN_ID = 8453;
-var TEMPO_CHAIN_ID = 4217;
-var TEMPO_TESTNET_CHAIN_ID = 42431;
-var DEFAULT_MAX_DEPOSIT = "100";
-var KNOWN_EIP712_DOMAINS = {
-  // USDC on Base
-  [USDC_BASE.toLowerCase()]: { name: "USDC", version: "2" },
-  // USDC on Base Sepolia
-  [USDC_BASE_SEPOLIA.toLowerCase()]: { name: "USDC", version: "2" }
-};
-var buildRelayClientOptions = () => ({
-  baseApiUrl: MAINNET_RELAY_API,
-  source: "zero-cli",
-  chains: [convertViemChainToRelayChain(base)]
-});
-var calculateBuffer = (baseBalance) => {
-  const twentyFivePercent = baseBalance / 4n;
-  const twoDollars = 2000000n;
-  return twentyFivePercent < twoDollars ? twentyFivePercent : twoDollars;
-};
-var tempoChain = {
-  id: TEMPO_CHAIN_ID,
-  name: "Tempo",
-  nativeCurrency: { name: "USD", symbol: "USD", decimals: 18 },
-  rpcUrls: {
-    default: { http: ["https://rpc.tempo.xyz"] }
-  }
-};
-var tempoTestnetChain = {
-  id: TEMPO_TESTNET_CHAIN_ID,
-  name: "Tempo Testnet",
-  nativeCurrency: { name: "USD", symbol: "USD", decimals: 18 },
-  rpcUrls: {
-    default: { http: ["https://rpc.moderato.tempo.xyz"] }
-  }
-};
-var ERC20_BALANCE_ABI = [
-  {
-    inputs: [{ name: "account", type: "address" }],
-    name: "balanceOf",
-    outputs: [{ name: "", type: "uint256" }],
-    stateMutability: "view",
-    type: "function"
-  }
-];
-var PaymentService = class {
-  constructor(account, config) {
-    this.account = account;
-    this.config = config;
-  }
-  relayInitialized = false;
-  ensureRelayClient = () => {
-    if (!this.relayInitialized) {
-      createRelayClient(buildRelayClientOptions());
-      this.relayInitialized = true;
-    }
-  };
-  bridgeToTempo = async (requiredAmount, onProgress) => {
-    if (!this.account) throw new Error("No wallet configured");
-    this.ensureRelayClient();
-    const baseBalance = await this.getBalanceRaw("base");
-    const buffer = calculateBuffer(baseBalance);
-    const bridgeAmount = requiredAmount + buffer;
-    if (baseBalance < bridgeAmount) {
-      throw new Error(
-        `Insufficient Base USDC to bridge: have ${formatUnits(baseBalance, 6)}, need ${formatUnits(bridgeAmount, 6)} (${formatUnits(requiredAmount, 6)} + ${formatUnits(buffer, 6)} buffer)`
-      );
-    }
-    onProgress?.(
-      `Bridging ${formatUnits(bridgeAmount, 6)} USDC from Base to Tempo...`
-    );
-    const walletClient = createWalletClient({
-      account: this.account,
-      chain: base,
-      transport: http()
-    });
-    const quote = await getRelayClient().actions.getQuote({
-      chainId: BASE_CHAIN_ID,
-      toChainId: TEMPO_CHAIN_ID,
-      currency: USDC_BASE,
-      toCurrency: USDC_TEMPO,
-      amount: bridgeAmount.toString(),
-      tradeType: "EXACT_INPUT",
-      user: this.account.address,
-      recipient: this.account.address,
-      options: {
-        usePermit: true
-      }
-    });
-    let bridgeTxHash = null;
-    await getRelayClient().actions.execute({
-      quote,
-      wallet: adaptViemWallet(walletClient),
-      onProgress: ({ txHashes }) => {
-        if (txHashes?.length && !bridgeTxHash) {
-          bridgeTxHash = txHashes[0]?.txHash ?? null;
+  program.addCommand(getCommand(appContext));
+  program.addCommand(fetchCommand(appContext));
+  program.addCommand(reviewCommand(appContext));
+  program.addCommand(runsCommand(appContext));
+  program.addCommand(bugReportCommand(appContext));
+  program.addCommand(walletCommand(appContext));
+  program.addCommand(configCommand(appContext));
+  program.addCommand(termsCommand(appContext));
+  return program;
+};
+// src/app/app-env.ts
+import z4 from "zod";
+var envSchema = z4.object({
+  ZERO_API_URL: z4.string().default("https://api.zero.xyz"),
+  ZERO_PRIVATE_KEY: z4.string().optional(),
+  ZERO_ENV: z4.enum(["development", "production"]).default("production")
+});
+var getEnv = () => {
+  try {
+    return envSchema.parse(process.env);
+  } catch (error) {
+    console.error("Error parsing environment variables");
+    console.error(error);
+    return null;
+  }
+};
+// src/app/app-services.ts
+import { randomUUID as randomUUID2 } from "crypto";
+import { existsSync as existsSync6, readFileSync as readFileSync8 } from "fs";
+import { homedir as homedir4 } from "os";
+import { join as join5 } from "path";
+import { privateKeyToAccount as privateKeyToAccount3 } from "viem/accounts";
+// src/services/analytics-service.ts
+import { randomUUID } from "crypto";
+import { existsSync as existsSync4, mkdirSync as mkdirSync4, readFileSync as readFileSync6, writeFileSync as writeFileSync4 } from "fs";
+import { dirname as dirname2 } from "path";
+import { PostHog } from "posthog-node";
+var POSTHOG_API_KEY = "phc_B2vLyNxAf2mnqvdPQajf4d4b2iXc35dep2ZrvebMJLuX";
+var POSTHOG_HOST = "https://us.i.posthog.com";
+var AnalyticsService = class {
+  posthog;
+  distinctId;
+  walletAddress;
+  cliVersion;
+  environment;
+  requestId;
+  agentHost;
+  constructor(opts) {
+    this.cliVersion = opts.cliVersion;
+    this.environment = opts.environment;
+    this.walletAddress = opts.walletAddress;
+    this.requestId = opts.requestId;
+    this.agentHost = opts.agentHost;
+    let telemetryEnabled = true;
+    let persistedAnonId;
+    try {
+      if (existsSync4(opts.configPath)) {
+        const config = JSON.parse(readFileSync6(opts.configPath, "utf8"));
+        if (config.telemetry === false) {
+          telemetryEnabled = false;
+        }
+        if (typeof config.anonId === "string") {
+          persistedAnonId = config.anonId;
         }
       }
-    });
-    return bridgeTxHash;
-  };
-  handlePayment = async (url, request, paymentRequirement, maxPay, onProgress) => {
-    if (!this.account) {
-      throw new Error(
-        "No wallet configured \u2014 run `zero init` or set ZERO_PRIVATE_KEY"
-      );
-    }
-    if (paymentRequirement.protocol === "x402") {
-      onProgress?.("Paying via x402 on Base...");
-      return this.payX402(url, request, paymentRequirement.raw, maxPay);
+    } catch {
     }
-    if (paymentRequirement.protocol === "mpp") {
-      onProgress?.("Paying via MPP on Tempo...");
-      return this.payMpp(
-        url,
-        request,
-        paymentRequirement.raw,
-        maxPay,
-        onProgress
-      );
+    if (!telemetryEnabled) {
+      this.posthog = null;
+      this.distinctId = "";
+      return;
     }
-    throw new Error("Unrecognized 402 payment protocol");
-  };
-  payX402 = async (url, request, _raw, maxPay) => {
-    if (!this.account) throw new Error("No wallet configured");
-    let capturedAmount = "0";
-    const client = new X402Client().register(
-      "eip155:*",
-      new ExactEvmScheme(this.account)
-    );
-    client.onBeforePaymentCreation(async (context) => {
-      const selected = context.selectedRequirements;
-      if (selected && (!selected.extra?.name || !selected.extra?.version)) {
-        const known = KNOWN_EIP712_DOMAINS[selected.asset?.toLowerCase() ?? ""];
-        if (known) {
-          selected.extra = { ...selected.extra, ...known };
-        }
-      }
-      const requirement = context.paymentRequired.accepts[0];
-      if (!requirement) return;
-      capturedAmount = formatUnits(BigInt(requirement.amount), 6);
-      if (maxPay && Number.parseFloat(capturedAmount) > Number.parseFloat(maxPay)) {
-        return {
-          abort: true,
-          reason: `Payment of ${capturedAmount} USDC exceeds --max-pay ${maxPay}`
-        };
-      }
-    });
-    const httpClient = new x402HTTPClient(client).onPaymentRequired(
-      createSIWxClientHook(this.account)
-    );
-    const wrappedFetch = wrapFetchWithPayment(fetch, httpClient);
-    const response = await wrappedFetch(url, {
-      method: request.method,
-      headers: request.headers,
-      body: request.body
-    });
-    let txHash = null;
-    const paymentResponseHeader = response.headers.get("payment-response") ?? response.headers.get("x-payment-response");
-    if (paymentResponseHeader) {
+    if (opts.walletAddress) {
+      this.distinctId = opts.walletAddress;
+    } else if (persistedAnonId) {
+      this.distinctId = persistedAnonId;
+    } else {
+      const newAnonId = randomUUID();
+      this.distinctId = newAnonId;
       try {
-        const settlement = decodePaymentResponseHeader(paymentResponseHeader);
-        txHash = settlement.transaction ?? null;
+        const dir = dirname2(opts.configPath);
+        mkdirSync4(dir, { recursive: true });
+        const existing = existsSync4(opts.configPath) ? JSON.parse(readFileSync6(opts.configPath, "utf8")) : {};
+        writeFileSync4(
+          opts.configPath,
+          JSON.stringify({ ...existing, anonId: newAnonId }, null, 2)
+        );
       } catch {
       }
     }
-    return {
-      response,
-      protocol: "x402",
-      chain: "base",
-      txHash,
-      amount: capturedAmount,
-      asset: "USDC"
-    };
-  };
-  payMpp = async (url, request, _raw, maxPay, onProgress) => {
-    if (!this.account) throw new Error("No wallet configured");
-    let capturedAmount = "0";
-    const mppx = Mppx.create({
-      polyfill: false,
-      methods: [
-        tempo({
-          account: this.account,
-          maxDeposit: maxPay ?? DEFAULT_MAX_DEPOSIT
-        })
-      ],
-      onChallenge: async (challenge) => {
-        const challengeRequest = challenge.request;
-        const intent = challenge.intent;
-        let requiredRaw;
-        if (intent === "session") {
-          const suggestedDeposit = challengeRequest.suggestedDeposit;
-          if (suggestedDeposit) {
-            requiredRaw = BigInt(suggestedDeposit);
-          } else {
-            const depositStr = maxPay ?? DEFAULT_MAX_DEPOSIT;
-            requiredRaw = BigInt(
-              Math.floor(Number.parseFloat(depositStr) * 1e6)
-            );
-          }
-        } else {
-          requiredRaw = BigInt(challengeRequest.amount);
-        }
-        capturedAmount = formatUnits(requiredRaw, 6);
-        if (maxPay && Number.parseFloat(capturedAmount) > Number.parseFloat(maxPay)) {
-          throw new Error(
-            `Payment of ${capturedAmount} USDC exceeds --max-pay ${maxPay}`
-          );
-        }
-        const methodDetails = challengeRequest.methodDetails;
-        const challengeChainId = challengeRequest.chainId ?? methodDetails?.chainId;
-        const isTestnet = challengeChainId === TEMPO_TESTNET_CHAIN_ID;
-        const balanceChain = isTestnet ? "tempo-testnet" : "tempo";
-        onProgress?.(`Checking Tempo balance...`);
-        const tempoBalance = await this.getBalanceRaw(balanceChain);
-        if (tempoBalance < requiredRaw) {
-          if (isTestnet) {
-            throw new Error(
-              `Insufficient pathUSD on Tempo testnet: have ${formatUnits(tempoBalance, 6)}, need ${capturedAmount}. Fund your wallet with the Tempo testnet faucet: https://docs.tempo.xyz/quickstart/faucet`
-            );
-          }
-          await this.bridgeToTempo(requiredRaw, onProgress);
-        }
-        return void 0;
+    const originalConsoleError = console.error;
+    console.error = (...args) => {
+      const first = args[0];
+      if (typeof first === "string" && first.includes("Error while flushing PostHog")) {
+        return;
       }
+      originalConsoleError.apply(console, args);
+    };
+    this.posthog = new PostHog(POSTHOG_API_KEY, {
+      host: POSTHOG_HOST,
+      flushAt: 1,
+      flushInterval: 0
     });
-    const response = await mppx.fetch(url, {
-      method: request.method,
-      headers: request.headers,
-      body: request.body
+    this.posthog.on("error", () => {
     });
-    let txHash = null;
+    if (opts.walletAddress && persistedAnonId) {
+      this.maybeAliasAnonToWallet(
+        opts.configPath,
+        persistedAnonId,
+        opts.walletAddress
+      );
+    }
+  }
+  maybeAliasAnonToWallet(configPath, anonId, walletAddress) {
+    if (!this.posthog) return;
+    if (anonId === walletAddress) return;
+    let aliasedTo;
     try {
-      const receipt = Receipt.fromResponse(response);
-      txHash = receipt.reference ?? null;
+      const config = JSON.parse(readFileSync6(configPath, "utf8"));
+      if (typeof config.aliasedTo === "string") {
+        aliasedTo = config.aliasedTo;
+      }
     } catch {
     }
-    return {
-      response,
-      protocol: "mpp",
-      chain: "tempo",
-      txHash,
-      amount: capturedAmount,
-      asset: "USDC"
-    };
-  };
-  resolveChainConfig = (chain) => {
-    switch (chain) {
-      case "base":
-        return { viemChain: base, token: USDC_BASE };
-      case "base-sepolia":
-        return { viemChain: baseSepolia, token: USDC_BASE_SEPOLIA };
-      case "tempo":
-        return { viemChain: tempoChain, token: USDC_TEMPO };
-      case "tempo-testnet":
-        return { viemChain: tempoTestnetChain, token: PATHUSD_TEMPO };
+    if (aliasedTo === walletAddress) return;
+    this.posthog.alias({ distinctId: walletAddress, alias: anonId });
+    try {
+      const config = existsSync4(configPath) ? JSON.parse(readFileSync6(configPath, "utf8")) : {};
+      writeFileSync4(
+        configPath,
+        JSON.stringify({ ...config, aliasedTo: walletAddress }, null, 2)
+      );
+    } catch {
     }
-  };
-  getBalanceRaw = async (chain) => {
-    if (!this.account) return 0n;
-    const { viemChain, token } = this.resolveChainConfig(chain);
-    const client = createPublicClient({
-      chain: viemChain,
-      transport: http()
-    });
-    const balance = await client.readContract({
-      address: token,
-      abi: ERC20_BALANCE_ABI,
-      functionName: "balanceOf",
-      args: [this.account.address]
+  }
+  // Per-invocation override applied by the preAction hook when `--agent`
+  // is passed. Stateless — affects only this process.
+  setAgentHost(next) {
+    this.agentHost = next;
+  }
+  capture(event, properties) {
+    if (!this.posthog) return;
+    this.posthog.capture({
+      distinctId: this.distinctId,
+      event,
+      properties: {
+        source: "cli",
+        // biome-ignore lint/style/useNamingConvention: snake_case is standard for analytics event properties
+        cli_version: this.cliVersion,
+        environment: this.environment,
+        // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+        wallet_address: this.walletAddress,
+        // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+        request_id: this.requestId,
+        // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+        agent_host: this.agentHost,
+        ...properties
+      }
     });
-    return balance;
-  };
-  getBalance = async (chain) => {
-    const raw = await this.getBalanceRaw(chain);
-    return { amount: formatUnits(raw, 6), asset: "USDC" };
-  };
+  }
+  async shutdown() {
+    if (!this.posthog) return;
+    try {
+      await this.posthog.shutdown();
+    } catch {
+    }
+  }
 };
 // src/services/state-service.ts
@@ -2206,7 +2681,7 @@ var WalletService = class {
     if (!this.address) return null;
     if (this.balanceGetter) {
       try {
-        const result = await this.balanceGetter("base");
+        const result = await this.balanceGetter();
         return { amount: result.amount, asset: result.asset };
       } catch {
         return {
@@ -2221,6 +2696,15 @@ var WalletService = class {
   getLowBalanceWarning = () => this.config.lowBalanceWarning;
 };
+// src/util/agent-host.ts
+var detectAgentHost = (env = process.env) => {
+  if (env.ZERO_AGENT) return env.ZERO_AGENT;
+  if (env.CLAUDECODE === "1") return "claude-code";
+  if (env.CURSOR_TRACE_ID) return "cursor";
+  if (env.TERM_PROGRAM === "vscode") return "vscode";
+  return "unknown";
+};
 // src/app/app-services.ts
 var CLI_VERSION = package_default.version;
 var getServices = (env) => {
@@ -2257,12 +2741,15 @@ var getServices = (env) => {
     {
       lowBalanceWarning
     },
-    paymentService.getBalance
+    paymentService.getTotalBalance
   );
   const analyticsService = new AnalyticsService({
     walletAddress: account?.address ?? null,
     configPath,
-    cliVersion: CLI_VERSION
+    cliVersion: CLI_VERSION,
+    environment: env.ZERO_ENV,
+    requestId: randomUUID2(),
+    agentHost: detectAgentHost()
   });
   return {
     analyticsService,
@@ -2281,7 +2768,8 @@ var createAppContext = () => {
   }
   return {
     env,
-    services: getServices(env)
+    services: getServices(env),
+    invocation: { current: null }
   };
 };
@@ -2293,15 +2781,27 @@ var main = async () => {
     process.exit(1);
   }
   const app = createApp(appContext);
+  let caughtError = null;
   try {
     await app.parseAsync(process.argv);
   } catch (err) {
     const isCommanderExit = err instanceof Error && "exitCode" in err && err.exitCode === 0;
     if (!isCommanderExit) {
-      console.error(err instanceof Error ? err.message : "Unexpected error");
+      caughtError = err instanceof Error ? err : new Error(String(err));
+      console.error(caughtError.message);
       process.exitCode = 1;
     }
   } finally {
+    const invocation = appContext.invocation.current;
+    if (invocation) {
+      appContext.services.analyticsService.capture("command_completed", {
+        command: invocation.command,
+        success: !caughtError && process.exitCode !== 1,
+        // biome-ignore lint/style/useNamingConvention: snake_case for analytics
+        duration_ms: Date.now() - invocation.startMs,
+        ...caughtError && { error: truncateError(caughtError.message) }
+      });
+    }
     await appContext.services.analyticsService.shutdown();
   }
 };