@zoralabs/cli 1.2.0 → 1.4.0

package/dist/index.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 // src/index.tsx
-import { Command as Command16 } from "commander";
+import { Command as Command17 } from "commander";
 import { ExitPromptError } from "@inquirer/core";
 import "fs";
 import { setApiBaseUrl } from "@zoralabs/coins-sdk";
@@ -175,6 +175,9 @@ function bannedCoinMessage(address) {
 function bannedCoinBuyMessage(address) {
   return `Unable to buy ${address} because it violates the Zora terms of service. Already own this coin? Run zora sell ${address} --all to exit your position.`;
 }
+function bannedProfileMessage(identifier) {
+  return `This account (${identifier}) has been blocked for violating the Zora terms of service.`;
+}
 function fsErrorMessage(err, path) {
   if (!(err instanceof Error)) return String(err);
   const code = err.code;
@@ -1466,7 +1469,7 @@ var getClient = () => {
   return client;
 };
 var commonProperties = () => ({
-  cli_version: true ? "1.2.0" : "development",
+  cli_version: true ? "1.4.0" : "development",
   os: process.platform,
   arch: process.arch,
   node_version: process.version
@@ -2754,6 +2757,23 @@ async function createFirstPost(params) {
   };
 }
 
+// src/lib/agent/api-key.ts
+var CREATE_API_KEY_MUTATION = "mutation CreateApiKeyMutation($apiKeyName: String!, $hosts: [String!]) { createApiKey(apiKeyName: $apiKeyName, hosts: $hosts) { apiKey }}";
+async function createApiKey(token, apiKeyName, hosts) {
+  const { data, errors, status } = await graphqlRequest(
+    token,
+    CREATE_API_KEY_MUTATION,
+    "CreateApiKeyMutation",
+    { apiKeyName, hosts: hosts ?? null }
+  );
+  const apiKey = data?.createApiKey?.apiKey;
+  if (apiKey) {
+    return apiKey;
+  }
+  const lastError = errors?.[0]?.message ?? `HTTP ${status}`;
+  throw new Error(`createApiKey failed: ${lastError}`);
+}
+
 // src/lib/agent/onboard.ts
 var DEFAULT_BASE_RPC = "https://mainnet.base.org";
 var ZORA_BASE_URL = "https://zora.co";
@@ -2777,6 +2797,15 @@ async function onboardAgent(opts) {
   const isNewUser = session.isNewUser;
   progress("profile", "creating the Zora profile");
   let profile = await createAgentProfile(session.accessToken);
+  progress("apiKey", "creating an API key");
+  const apiKey = await createApiKey(session.accessToken, "AGENT_API_KEY");
+  try {
+    saveApiKey(apiKey);
+  } catch (err) {
+    throw new Error(
+      `Failed to save API key: ${fsErrorMessage(err, getConfigPath())}`
+    );
+  }
   if (opts.username !== void 0 || opts.bio !== void 0 || opts.avatar !== void 0) {
     const chosen = [
       opts.username !== void 0 ? "username" : void 0,
@@ -2839,7 +2868,7 @@ async function onboardAgent(opts) {
     dryRun,
     profileUrl: `${ZORA_BASE_URL}/@${profile.username}`
   };
-  if (opts.withCoin) {
+  if (!opts.skipCoin) {
     progress(
       "coin",
       dryRun ? "simulating the creator coin" : "minting the creator coin"
@@ -3068,12 +3097,12 @@ function resolveAgentKey(json, override, { allowGenerate = true } = {}) {
   return { key: generated, source: getWalletPath(), generated: true };
 }
 var agentCommand = new Command("agent").description(
-  "Create and manage a Zora agent identity.\nStands up an identity from an EOA \u2014 Privy account, profile, and smart wallet \u2014 with no human interaction. The creator coin is opt-in: add it with `agent create --with-coin` or later with `agent coin`."
+  "Create and manage a Zora agent identity.\nStands up an identity from an EOA \u2014 Privy account, profile, smart wallet, and creator coin \u2014 with no human interaction."
 ).action(function() {
   this.outputHelp();
 });
 agentCommand.command("create").description(
-  "Create a Zora agent from an EOA, end to end and unattended: headless Privy account, profile, and smart wallet. The creator coin is opt-in (--with-coin, or `agent coin` later); a first post is published when --caption and --image are supplied. Every on-chain step is sponsored, so the agent needs no ETH."
+  "Create a Zora agent from an EOA, end to end and unattended: headless Privy account, profile, smart wallet, and creator coin. A first post is published when --caption and --image are supplied. Every on-chain step is sponsored, so the agent needs no ETH. Skip the coin with --skip-coin."
 ).option(
   "--private-key <key>",
   "EOA private key to sign in with (default: ZORA_PRIVATE_KEY, then your saved wallet, else a new one is generated)"
@@ -3083,8 +3112,8 @@ agentCommand.command("create").description(
   String(DEFAULT_SIWE_CHAIN_ID)
 ).option("--rpc-url <url>", "Base RPC URL (defaults to the public endpoint)").option(
   "--dry-run",
-  "Create the account, profile, and smart wallet, but simulate the opted-in coin + post instead of minting them"
-).option("--with-coin", "Also create the agent's creator coin").option("--skip-post", "Skip publishing the first post").option(
+  "Create the account, profile, and smart wallet, but simulate the coin + post instead of minting them"
+).option("--skip-coin", "Skip minting the agent's creator coin").option("--skip-post", "Skip publishing the first post").option(
   "--username <name>",
   "Set the agent's username (also sets the display name; must be available). Default: an auto-assigned handle."
 ).option("--bio <text>", "Set the agent's bio. Default: an auto-assigned bio.").option(
@@ -3158,16 +3187,29 @@ agentCommand.command("create").description(
     }
   }
   const resolved = resolveAgentKey(json, options.privateKey);
-  const wouldMint = Boolean(options.withCoin) || hasCaption && hasImage;
+  const wouldMint = !options.skipCoin || hasCaption && hasImage;
   if (!options.dryRun && wouldMint) {
     const existingAgent = peekAgentWallet();
     if (existingAgent) {
       await confirmAgentAction({
         json,
         force: options.force,
-        warning: `You already have an agent: @${existingAgent.username} (smart wallet ${existingAgent.smartWalletAddress}).
-Re-running 'agent create' will mint another creator coin and/or first post for it.`,
-        question: `Create another coin/post for @${existingAgent.username}?`
+        warning: (() => {
+          const willMintCoin = !options.skipCoin;
+          const willMintPost = hasCaption && hasImage;
+          const what = [
+            willMintCoin && "creator coin",
+            willMintPost && "first post"
+          ].filter(Boolean).join(" and ");
+          return `You already have an agent: @${existingAgent.username} (smart wallet ${existingAgent.smartWalletAddress}).
+Re-running 'agent create' will mint another ${what} for it.`;
+        })(),
+        question: (() => {
+          const willMintCoin = !options.skipCoin;
+          const willMintPost = hasCaption && hasImage;
+          const what = [willMintCoin && "coin", willMintPost && "post"].filter(Boolean).join("/");
+          return `Create another ${what} for @${existingAgent.username}?`;
+        })()
       });
     }
   }
@@ -3180,7 +3222,7 @@ Re-running 'agent create' will mint another creator coin and/or first post for i
       chainId,
       rpcUrl: options.rpcUrl,
       dryRun: Boolean(options.dryRun),
-      withCoin: Boolean(options.withCoin),
+      skipCoin: Boolean(options.skipCoin),
       skipPost: Boolean(options.skipPost),
       username: options.username,
       bio: options.bio,
@@ -3196,7 +3238,7 @@ Re-running 'agent create' will mint another creator coin and/or first post for i
     return outputErrorAndExit(
       json,
       `Agent onboarding failed: ${formatError(err)}`,
-      "Re-run to retry \u2014 the profile and smart wallet are idempotent. Add the creator coin later with `zora agent coin`."
+      "Re-run to retry \u2014 the profile and smart wallet are idempotent."
     );
   }
   const walletPath = getWalletPath();
@@ -3224,7 +3266,7 @@ Re-running 'agent create' will mint another creator coin and/or first post for i
     generated_wallet: resolved.generated,
     saved_to_wallet: savedToWallet,
     dry_run: result.dryRun,
-    with_coin: Boolean(options.withCoin),
+    skip_coin: Boolean(options.skipCoin),
     minted_coin: Boolean(result.coin?.hash),
     minted_post: Boolean(result.post?.hash),
     coin_failed: Boolean(result.coinError),
@@ -3249,8 +3291,10 @@ Re-running 'agent create' will mint another creator coin and/or first post for i
     },
     render: () => {
       const simulated = result.dryRun && (result.coin || result.post);
+      const simulatedWhat = [result.coin && "coin", result.post && "post"].filter(Boolean).join(" + ");
       console.log(
-        simulated ? "\n\u2713 Agent ready (dry run \u2014 coin + post simulated, not minted)" : result.dryRun ? "\n\u2713 Agent ready (dry run \u2014 account + smart wallet created; no coin/post requested)" : "\n\u2713 Agent ready"
+        simulated ? `
+\u2713 Agent ready (dry run \u2014 ${simulatedWhat} simulated, not minted)` : result.dryRun ? "\n\u2713 Agent ready (dry run \u2014 account + smart wallet created; coin + post skipped)" : "\n\u2713 Agent ready"
       );
       console.log(`  Profile:      @${result.username}`);
       if (options.bio !== void 0) {
@@ -3270,8 +3314,11 @@ Re-running 'agent create' will mint another creator coin and/or first post for i
         );
       } else if (result.coinError) {
         console.log(`  Creator coin: failed \u2014 ${result.coinError}`);
-      } else if (!result.dryRun) {
-        console.log("  Creator coin: none \u2014 add one with `zora agent coin`");
+        console.log("  Retry with `zora agent coin`.");
+      } else if (!result.dryRun && options.skipCoin) {
+        console.log(
+          "  Creator coin: skipped \u2014 add one later with `zora agent coin`"
+        );
       }
       if (result.post) {
         console.log(
@@ -3929,9 +3976,7 @@ budgetCommand.command("record").description(
             "\u2022 No global budget configured \u2014 nothing to record. Set one with `zora agent budget set <amount>`."
           );
         } else {
-          console.log(
-            "\u2022 Budget opted out (no limit) \u2014 nothing to record."
-          );
+          console.log("\u2022 Budget opted out (no limit) \u2014 nothing to record.");
         }
       }
     });
@@ -6917,10 +6962,17 @@ var fetchProfile = async (address) => {
       address,
       handle,
       displayName: profile?.displayName ?? handle,
-      avatarUrl: profile?.avatar?.previewImage?.small ?? null
+      avatarUrl: profile?.avatar?.previewImage?.small ?? null,
+      platformBlocked: profile?.platformBlocked ?? false
     };
   } catch {
-    return { address, handle: null, displayName: null, avatarUrl: null };
+    return {
+      address,
+      handle: null,
+      displayName: null,
+      avatarUrl: null,
+      platformBlocked: false
+    };
   }
 };
 var resolveProfiles = async (addresses, _token, onProgress) => {
@@ -6935,7 +6987,8 @@ var resolveProfiles = async (addresses, _token, onProgress) => {
         address,
         handle: cached.handle,
         displayName: cached.displayName,
-        avatarUrl: cached.avatarUrl
+        avatarUrl: cached.avatarUrl,
+        platformBlocked: cached.platformBlocked ?? false
       });
     } else {
       stale.push(address);
@@ -6960,6 +7013,7 @@ var resolveProfiles = async (addresses, _token, onProgress) => {
           handle: profile.handle,
           displayName: profile.displayName,
           avatarUrl: profile.avatarUrl,
+          platformBlocked: profile.platformBlocked,
           fetchedAt: now
         };
       }
@@ -7085,7 +7139,7 @@ var resolveClient = async (json) => {
     );
   }
   const token = await auth.getApiToken();
-  const { createMessagingClient } = await import("./client-4HW4ZUHD.js");
+  const { createMessagingClient } = await import("./client-M3K6L2ZM.js");
   const client2 = await createMessagingClient(auth.signerSpec, {
     // Register the CLI installation with the Zora backend so it shows up in the
     // user's device list and counts against the install cap. Best-effort — see
@@ -7293,6 +7347,19 @@ dmCommand.command("send").description(
 ).argument("<address>", "Recipient: Zora handle (@name) or 0x address").argument("[message]", "Message text").action(async function(address, message) {
   const json = getJson(this);
   const peer = await resolvePeer(json, address);
+  const profiles = await resolveProfiles([peer]);
+  const profile = profiles.get(peer);
+  if (profile?.platformBlocked) {
+    track("cli_dm_send", {
+      output_format: json ? "json" : "text",
+      success: false,
+      blocked_profile: true
+    });
+    return outputErrorAndExit(
+      json,
+      bannedProfileMessage(profile.handle ?? peer)
+    );
+  }
   if (!message || !message.trim()) {
     return outputErrorAndExit(
       json,
@@ -7330,6 +7397,64 @@ dmCommand.command("send").description(
     await client2.close();
   }
 });
+dmCommand.command("listen").description(
+  "Stream incoming DMs in real time (no polling \u2014 uses XMTP's server-push stream to avoid rate limits)"
+).action(async function() {
+  const json = getJson(this);
+  const { client: client2 } = await resolveClient(json);
+  if (!json) {
+    console.log("Listening for new DMs\u2026 (Ctrl+C to stop)\n");
+  }
+  const shutdown = () => {
+    client2.close().finally(() => process.exit(0));
+  };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+  const labelCache = /* @__PURE__ */ new Map();
+  const cachedPeerLabel = async (peer) => {
+    const cached = labelCache.get(peer);
+    if (cached) return cached;
+    const label = await peerLabel(peer);
+    labelCache.set(peer, label);
+    return label;
+  };
+  let messageCount = 0;
+  track("cli_dm_listen_start", {
+    output_format: json ? "json" : "text"
+  });
+  try {
+    for await (const msg of client2.streamAllMessages()) {
+      if (msg.fromSelf) continue;
+      messageCount++;
+      const who = msg.peerAddress ? await cachedPeerLabel(msg.peerAddress) : "unknown";
+      if (json) {
+        console.log(
+          JSON.stringify({
+            from: who,
+            address: msg.peerAddress,
+            text: msg.text,
+            contentType: msg.contentType,
+            sentAt: new Date(msg.sentAtMs).toISOString()
+          })
+        );
+      } else {
+        const body = msg.text ? sanitizeMessageText(msg.text) : `[${msg.contentType}]`;
+        const [first = "", ...rest] = body.split("\n");
+        console.log(
+          `\u2190 ${who} ${dim(formatAge(msg.sentAtMs))}
+  ${first}`
+        );
+        for (const line of rest) console.log(`  ${line}`);
+      }
+    }
+  } finally {
+    track("cli_dm_listen_end", {
+      output_format: json ? "json" : "text",
+      message_count: messageCount
+    });
+    await client2.close();
+  }
+});
 var consentSubcommand = (name, consent, description) => {
   dmCommand.command(name).description(description).argument("<address>", "Zora handle (@name) or 0x address").action(async function(address) {
     const json = getJson(this);
@@ -7688,10 +7813,219 @@ var exploreCommand = new Command8("explore").description("Browse top, new, and h
   }
 });
 
-// src/commands/get.tsx
+// src/commands/follow.ts
+import { getProfile as getProfile2, setApiKey as setApiKey6 } from "@zoralabs/coins-sdk";
 import { Command as Command9 } from "commander";
+import { erc20Abi as erc20Abi3, isAddress as isAddress7 } from "viem";
+
+// src/lib/follow.ts
+var FOLLOW_MUTATION = "mutation CliFollow($followeeId: String!) { follow(followeeId: $followeeId) { handle profileId vcFollowingStatus } }";
+var UNFOLLOW_MUTATION = "mutation CliUnfollow($followeeId: String!) { unfollow(followeeId: $followeeId) { handle profileId vcFollowingStatus } }";
+async function mutateFollow(token, followeeId, mutation, operationName, field) {
+  const { data, errors, status } = await graphqlRequest(
+    token,
+    mutation,
+    operationName,
+    { followeeId }
+  );
+  const profile = data?.[field];
+  if (profile?.profileId) {
+    return {
+      // The API returns the full address as both fields when the target has no
+      // profile; fall back to profileId so handle is never empty.
+      handle: profile.handle ?? profile.profileId,
+      profileId: profile.profileId,
+      followingStatus: profile.vcFollowingStatus ?? "UNKNOWN"
+    };
+  }
+  const lastError = errors?.[0]?.message ?? `HTTP ${status}`;
+  throw new Error(`${field} failed: ${lastError}`);
+}
+function followProfile(token, followeeId) {
+  return mutateFollow(
+    token,
+    followeeId,
+    FOLLOW_MUTATION,
+    "CliFollow",
+    "follow"
+  );
+}
+function unfollowProfile(token, followeeId) {
+  return mutateFollow(
+    token,
+    followeeId,
+    UNFOLLOW_MUTATION,
+    "CliUnfollow",
+    "unfollow"
+  );
+}
+
+// src/commands/follow.ts
+function isPlaceholderName(name) {
+  return name.startsWith("0x") || name.includes("\u2026") || name.includes("...");
+}
+function displayName(result) {
+  return isPlaceholderName(result.handle) ? result.profileId : `@${result.handle}`;
+}
+function relationshipNote(status) {
+  if (status === "MUTUAL_FOLLOWING") return "You follow each other.";
+  if (status === "FOLLOWED") return "They still follow you.";
+  return void 0;
+}
+async function requireCreatorCoinHolding(json, identifier) {
+  const apiKey = getApiKey();
+  if (apiKey) setApiKey6(apiKey);
+  let profile;
+  try {
+    const response = await getProfile2({ identifier });
+    profile = response?.data?.profile;
+  } catch (err) {
+    return outputErrorAndExit(
+      json,
+      `Couldn't look up "${identifier}": ${formatError(err)}`
+    );
+  }
+  if (!profile) {
+    return outputErrorAndExit(
+      json,
+      `No Zora profile found for "${identifier}".`,
+      "Provide an existing Zora username or wallet address."
+    );
+  }
+  const label = profile.handle && !isPlaceholderName(profile.handle) ? `@${profile.handle}` : identifier;
+  const coinAddress = profile.creatorCoin?.address;
+  if (!coinAddress || !isAddress7(coinAddress)) {
+    return outputErrorAndExit(
+      json,
+      `${label} doesn't have a creator coin yet, so there's nothing to buy.`,
+      "Following requires holding the profile's creator coin."
+    );
+  }
+  const { privateKeyAccount, smartWalletAccount } = await resolveAccounts();
+  const wallet = smartWalletAccount?.address ?? privateKeyAccount.address;
+  const { publicClient } = createClients(privateKeyAccount, smartWalletAccount);
+  let balance;
+  try {
+    balance = await publicClient.readContract({
+      abi: erc20Abi3,
+      address: coinAddress,
+      functionName: "balanceOf",
+      args: [wallet]
+    });
+  } catch (err) {
+    return outputErrorAndExit(
+      json,
+      `Couldn't check your creator-coin balance: ${formatError(err)}`
+    );
+  }
+  if (balance === 0n) {
+    return outputErrorAndExit(
+      json,
+      `You must hold ${label}'s creator coin to follow them.`,
+      `Buy some first: zora buy ${coinAddress} --eth 0.001`
+    );
+  }
+}
+async function resolveToken(json, key) {
+  try {
+    const session = await ensurePrivySession({ privateKey: normalizeKey(key) });
+    return session.accessToken;
+  } catch (err) {
+    return outputErrorAndExit(json, `Sign-in failed: ${formatError(err)}`);
+  }
+}
+async function runFollow(command, action, identifierArg) {
+  const json = getJson(command);
+  const followeeId = (identifierArg ?? "").replace(/^@/, "").trim();
+  if (!followeeId) {
+    return outputErrorAndExit(
+      json,
+      `Missing user to ${action}.`,
+      `Usage: zora ${action} <username | address>`
+    );
+  }
+  const key = process.env.ZORA_PRIVATE_KEY || getPrivateKey();
+  if (!key) {
+    return outputErrorAndExit(
+      json,
+      "No wallet configured.",
+      "Run 'zora agent create' to set up your Zora agent."
+    );
+  }
+  if (action === "follow") {
+    await requireCreatorCoinHolding(json, followeeId);
+  }
+  const token = await resolveToken(json, key);
+  let result;
+  try {
+    result = action === "follow" ? await followProfile(token, followeeId) : await unfollowProfile(token, followeeId);
+  } catch (err) {
+    track("cli_follow", {
+      action,
+      output_format: json ? "json" : "static",
+      success: false,
+      error_type: err instanceof Error ? err.constructor.name : "unknown"
+    });
+    await shutdownAnalytics();
+    const message = formatError(err);
+    if (action === "follow" && /yourself/i.test(message)) {
+      return outputErrorAndExit(json, "You can't follow yourself.");
+    }
+    return outputErrorAndExit(
+      json,
+      `Failed to ${action} "${followeeId}": ${message}`,
+      "Check the username or address is a real Zora profile and try again."
+    );
+  }
+  if (result.followingStatus === "SELF") {
+    track("cli_follow", {
+      action,
+      output_format: json ? "json" : "static",
+      success: false,
+      error_type: "self"
+    });
+    await shutdownAnalytics();
+    return outputErrorAndExit(json, `You can't ${action} yourself.`);
+  }
+  const label = displayName(result);
+  const profileUrl = isPlaceholderName(result.handle) ? void 0 : `https://zora.co/@${result.handle}`;
+  const note2 = relationshipNote(result.followingStatus);
+  track("cli_follow", {
+    action,
+    output_format: json ? "json" : "static",
+    success: true,
+    following_status: result.followingStatus
+  });
+  outputData(json, {
+    json: {
+      action,
+      followee: result.profileId,
+      handle: result.handle,
+      followingStatus: result.followingStatus,
+      ...profileUrl ? { profileUrl } : {}
+    },
+    render: () => {
+      console.log(
+        `
+\u2713 ${action === "follow" ? "Following" : "Unfollowed"} ${label}`
+      );
+      if (note2) console.log(`  ${note2}`);
+      if (profileUrl) console.log(`  ${profileUrl}`);
+      console.log("");
+    }
+  });
+}
+var followCommand = new Command9("follow").description("Follow a Zora user whose creator coin you hold").argument("[identifier]", "Username (@handle), wallet address, or account id").action(async function(identifier) {
+  await runFollow(this, "follow", identifier);
+});
+var unfollowCommand = new Command9("unfollow").description("Unfollow a Zora user by username or address").argument("[identifier]", "Username (@handle), wallet address, or account id").action(async function(identifier) {
+  await runFollow(this, "unfollow", identifier);
+});
+
+// src/commands/get.tsx
+import { Command as Command10 } from "commander";
 import { Box as Box12, Text as Text12 } from "ink";
-import { setApiKey as setApiKey6, getCoinHolders, getCoinSwaps } from "@zoralabs/coins-sdk";
+import { setApiKey as setApiKey7, getCoinHolders, getCoinSwaps } from "@zoralabs/coins-sdk";
 
 // src/components/CoinDetail.tsx
 import { Box as Box7, Text as Text7 } from "ink";
@@ -8186,7 +8520,7 @@ function formatCoinJson(coin) {
 var resolveApiKey2 = () => {
   const apiKey = getApiKey();
   if (apiKey) {
-    setApiKey6(apiKey);
+    setApiKey7(apiKey);
   }
 };
 var CoinResolutionError = class extends Error {
@@ -8315,7 +8649,7 @@ async function fetchRecentTrades(address) {
     return [];
   }
 }
-var getCommand = new Command9("get").description("Look up a coin by address or name").argument("[typeOrId]", "Type prefix (creator-coin, trend) or identifier").argument(
+var getCommand = new Command10("get").description("Look up a coin by address or name").argument("[typeOrId]", "Type prefix (creator-coin, trend) or identifier").argument(
   "[identifier]",
   "Coin address (0x...) or name (when type prefix is given)"
 ).option("--live", "Interactive live-updating display (default)").option("--static", "Static snapshot").option(
@@ -8845,15 +9179,15 @@ import confirm6 from "@inquirer/confirm";
 import {
   createQuote as createQuote2,
   getCoin as getCoin4,
-  setApiKey as setApiKey7,
+  setApiKey as setApiKey8,
   tradeCoin as tradeCoin2,
   tradeCoinSmartWallet as tradeCoinSmartWallet2
 } from "@zoralabs/coins-sdk";
-import { Command as Command10 } from "commander";
+import { Command as Command11 } from "commander";
 import {
-  erc20Abi as erc20Abi3,
+  erc20Abi as erc20Abi4,
   formatUnits as formatUnits5,
-  isAddress as isAddress7,
+  isAddress as isAddress8,
   parseUnits as parseUnits2
 } from "viem";
 function printSellQuote(output, info) {
@@ -8930,7 +9264,7 @@ function printSellResult(output, info) {
   console.log(`   Tx           ${info.txHash}
 `);
 }
-var sellCommand = new Command10("sell").description("Sell a coin").argument(
+var sellCommand = new Command11("sell").description("Sell a coin").argument(
   "[typeOrId]",
   "Type prefix (creator-coin, trend) or coin address/name"
 ).argument("[identifier]", "Coin name (when type prefix is given)").option("--amount <value>", "Sell specific number of coins").option("--usd <value>", "Sell USD equivalent worth of coins").option("--percent <value>", "Sell percentage of coin balance").option("--all", "Sell entire coin balance").option("--to <asset>", "Receive asset: eth, usdc, zora", "eth").option("--token <asset>", "Receive asset: eth, usdc, zora (alias for --to)").option("--quote", "Print quote and exit without trading").option("--yes", "Skip confirmation and execute directly").option("--slippage <pct>", "Slippage tolerance percent", "1").option("--debug", "Print full quote request/response JSON").action(async function(typeOrId, identifier, opts) {
@@ -8947,12 +9281,12 @@ var sellCommand = new Command10("sell").description("Sell a coin").argument(
   }
   const apiKey = getApiKey();
   if (apiKey) {
-    setApiKey7(apiKey);
+    setApiKey8(apiKey);
   }
   let coinAddress;
   let earlyAccounts;
   if (parsed.kind === "address") {
-    if (!isAddress7(parsed.address)) {
+    if (!isAddress8(parsed.address)) {
       return outputErrorAndExit(json, `Invalid address: ${parsed.address}`);
     }
     coinAddress = parsed.address;
@@ -8968,7 +9302,7 @@ var sellCommand = new Command10("sell").description("Sell a coin").argument(
       ambResult = await resolveAmbiguousByNameAndBalance(
         parsed.name,
         (addr) => earlyPublicClient.readContract({
-          abi: erc20Abi3,
+          abi: erc20Abi4,
           address: addr,
           functionName: "balanceOf",
           args: [earlyWalletAddress]
@@ -9112,7 +9446,7 @@ var sellCommand = new Command10("sell").description("Sell a coin").argument(
     }
   } else {
     const balance = await publicClient.readContract({
-      abi: erc20Abi3,
+      abi: erc20Abi4,
       address: coinAddress,
       functionName: "balanceOf",
       args: [walletAddress]
@@ -9374,13 +9708,13 @@ ${err instanceof Error ? err.stack || err.message : String(err)}
 });
 
 // src/commands/profile.tsx
-import { Command as Command11 } from "commander";
+import { Command as Command12 } from "commander";
 import { Box as Box17, Text as Text17 } from "ink";
 import {
   getProfileCoins,
   getProfileBalances as getProfileBalances2,
   getWalletTradeActivity,
-  setApiKey as setApiKey8
+  setApiKey as setApiKey9
 } from "@zoralabs/coins-sdk";
 import { privateKeyToAccount as privateKeyToAccount8 } from "viem/accounts";
 
@@ -9762,7 +10096,7 @@ import { jsx as jsx18, jsxs as jsxs17 } from "react/jsx-runtime";
 var resolveApiKey3 = () => {
   const apiKey = getApiKey();
   if (apiKey) {
-    setApiKey8(apiKey);
+    setApiKey9(apiKey);
   }
 };
 var formatTradeJson2 = (trade, rank) => ({
@@ -9885,7 +10219,7 @@ var resolveIdentifier = (identifierArg, json) => {
     );
   }
 };
-var profileCommand = new Command11("profile").description("View profile activity (posts, holdings, and trades)").argument(
+var profileCommand = new Command12("profile").description("View profile activity (posts, holdings, and trades)").argument(
   "[identifier]",
   "Wallet address or profile handle (defaults to your wallet)"
 ).option("--live", "Interactive live-updating display (default)").option("--static", "Static snapshot").option(
@@ -10429,18 +10763,18 @@ profileCommand.command("trades").description("View profile trade activity (buys
 // src/commands/send.ts
 import confirm7 from "@inquirer/confirm";
 import {
-  getProfile as getProfile2,
+  getProfile as getProfile3,
   prepareUserOperation as prepareUserOperation2,
-  setApiKey as setApiKey9,
+  setApiKey as setApiKey10,
   submitUserOperation as submitUserOperation2,
   toGenericCall as toGenericCall2,
   toUserOperationCalls as toUserOperationCalls2
 } from "@zoralabs/coins-sdk";
-import { Command as Command12 } from "commander";
+import { Command as Command13 } from "commander";
 import {
-  erc20Abi as erc20Abi4,
+  erc20Abi as erc20Abi5,
   formatUnits as formatUnits6,
-  isAddress as isAddress8,
+  isAddress as isAddress9,
   parseUnits as parseUnits3
 } from "viem";
 var SEND_AMOUNT_CHECKS = {
@@ -10449,16 +10783,16 @@ var SEND_AMOUNT_CHECKS = {
   all: (opts) => opts.all === true
 };
 var KNOWN_TOKEN_NAMES = /* @__PURE__ */ new Set(["eth", "usdc", "zora"]);
-function isPlaceholderName(name) {
+function isPlaceholderName2(name) {
   return name.startsWith("0x") || name.includes("\u2026") || name.includes("...");
 }
 async function resolveRecipient(identifier, json = false) {
-  const isIdentifierAddress = isAddress8(identifier);
+  const isIdentifierAddress = isAddress9(identifier);
   try {
-    const response = await getProfile2({ identifier });
+    const response = await getProfile3({ identifier });
     const profile = response?.data?.profile;
     const address = isIdentifierAddress ? identifier : profile?.publicWallet?.walletAddress;
-    if (!address || !isAddress8(address)) {
+    if (!address || !isAddress9(address)) {
       return outputErrorAndExit(
         json,
         !address ? `No Zora profile or wallet found for "${identifier}".` : "Provide a valid 0x address or an existing Zora profile name."
@@ -10466,9 +10800,10 @@ async function resolveRecipient(identifier, json = false) {
     }
     return {
       address,
-      handle: profile?.handle && !isPlaceholderName(profile.handle) ? `@${profile.handle}` : void 0,
-      username: profile?.username && !isPlaceholderName(profile.username) ? profile.username : void 0,
-      displayName: profile?.displayName && !isPlaceholderName(profile.displayName) ? profile.displayName : void 0
+      handle: profile?.handle && !isPlaceholderName2(profile.handle) ? `@${profile.handle}` : void 0,
+      username: profile?.username && !isPlaceholderName2(profile.username) ? profile.username : void 0,
+      displayName: profile?.displayName && !isPlaceholderName2(profile.displayName) ? profile.displayName : void 0,
+      platformBlocked: profile?.platformBlocked ?? false
     };
   } catch (err) {
     return isIdentifierAddress ? { address: identifier } : outputErrorAndExit(
@@ -10547,7 +10882,7 @@ async function sendCallViaSmartWallet(call, bundlerClient, account) {
   }
   return receipt.receipt.transactionHash;
 }
-var sendCommand = new Command12("send").description("Send coins or ETH to an address or Zora profile").argument(
+var sendCommand = new Command13("send").description("Send coins or ETH to an address or Zora profile").argument(
   "[typeOrId]",
   "Token (eth, usdc, zora), type prefix (creator-coin, trend), or coin address/name"
 ).argument("[identifier]", "Coin name (when type prefix is given)").option("--to <recipient>", "Recipient: address (0x...) or Zora profile name").option("--amount <value>", "Send specific amount").option("--percent <value>", "Send percentage of balance (1-100)").option("--all", "Send entire balance").option("--yes", "Skip confirmation").action(async function(firstArg, secondArg, opts) {
@@ -10561,9 +10896,22 @@ var sendCommand = new Command12("send").description("Send coins or ETH to an add
   }
   const apiKey = getApiKey();
   if (apiKey) {
-    setApiKey9(apiKey);
+    setApiKey10(apiKey);
   }
   const resolvedRecipient = await resolveRecipient(opts.to, json);
+  if (resolvedRecipient.platformBlocked) {
+    track("cli_send", {
+      output_format: json ? "json" : "text",
+      success: false,
+      blocked_profile: true
+    });
+    return outputErrorAndExit(
+      json,
+      bannedProfileMessage(
+        resolvedRecipient.handle ?? resolvedRecipient.address
+      )
+    );
+  }
   const amountMode = getAmountMode(
     json,
     opts,
@@ -10824,7 +11172,7 @@ var sendCommand = new Command12("send").description("Send coins or ETH to an add
     let symbol;
     if (knownToken) {
       balance = await publicClient.readContract({
-        abi: erc20Abi4,
+        abi: erc20Abi5,
         address: tokenAddress,
         functionName: "balanceOf",
         args: [walletAddress]
@@ -10834,18 +11182,18 @@ var sendCommand = new Command12("send").description("Send coins or ETH to an add
     } else {
       const results = await Promise.all([
         publicClient.readContract({
-          abi: erc20Abi4,
+          abi: erc20Abi5,
           address: tokenAddress,
           functionName: "balanceOf",
           args: [walletAddress]
         }),
         publicClient.readContract({
-          abi: erc20Abi4,
+          abi: erc20Abi5,
           address: tokenAddress,
           functionName: "decimals"
         }),
         publicClient.readContract({
-          abi: erc20Abi4,
+          abi: erc20Abi5,
           address: tokenAddress,
           functionName: "symbol"
         })
@@ -10955,7 +11303,7 @@ var sendCommand = new Command12("send").description("Send coins or ETH to an add
     try {
       txHash = smartWalletAccount ? await sendCallViaSmartWallet(
         {
-          abi: erc20Abi4,
+          abi: erc20Abi5,
           address: tokenAddress,
           functionName: "transfer",
           args: [resolvedRecipient.address, amount]
@@ -10963,7 +11311,7 @@ var sendCommand = new Command12("send").description("Send coins or ETH to an add
         bundlerClient,
         smartWalletAccount
       ) : await walletClient.writeContract({
-        abi: erc20Abi4,
+        abi: erc20Abi5,
         address: tokenAddress,
         functionName: "transfer",
         args: [resolvedRecipient.address, amount]
@@ -11028,7 +11376,7 @@ var sendCommand = new Command12("send").description("Send coins or ETH to an add
 });
 
 // src/commands/setup.tsx
-import { Command as Command13 } from "commander";
+import { Command as Command14 } from "commander";
 import { Text as Text18, Box as Box18 } from "ink";
 
 // src/lib/strings.ts
@@ -11196,7 +11544,7 @@ ${BOLD}${DIM}[${step}/${total}]${RESET} ${BOLD}${title}${RESET}`
   console.log(`${DIM}${"\u2500".repeat(Math.max(cols, 20))}${RESET}
 `);
 }
-var setupCommand = new Command13("setup").description("Guided first-time setup").option("--create", "Create a new wallet without prompting").option("--force", "Overwrite existing wallet without prompting").option("--yes", "Skip interactive prompt and execute directly").action(async function(options) {
+var setupCommand = new Command14("setup").description("Guided first-time setup").option("--create", "Create a new wallet without prompting").option("--force", "Overwrite existing wallet without prompting").option("--yes", "Skip interactive prompt and execute directly").action(async function(options) {
   const json = getJson(this);
   const nonInteractive = getYes(this);
   if (!json) stepLine(1, 3, "Set up wallet");
@@ -11333,91 +11681,114 @@ async function promptAndSaveApiKey(json, nonInteractive = false) {
 }
 
 // src/commands/skills.ts
-import { Command as Command14 } from "commander";
+import { Command as Command15 } from "commander";
+import { createHash as createHash2 } from "crypto";
 import { writeFileSync as writeFileSync3, mkdirSync as mkdirSync3, existsSync as existsSync4 } from "fs";
 import { resolve, join as join3 } from "path";
 var DEFAULT_SKILLS_BASE_URL = "https://agents.zora.com/skill";
 var getSkillsBaseUrl = () => process.env.ZORA_SKILLS_BASE_URL || DEFAULT_SKILLS_BASE_URL;
 var SKILLS = [
+  // Core
+  {
+    name: "cli",
+    category: "Core",
+    description: "The agent's full interface to Zora \u2014 set up an identity and trade, browse, look up coins, send tokens, and handle DMs from the CLI",
+    integrity: "sha256-PyvDxJ7pbQ8PI5Lg/p4k7ryJNGHapqt9lRSjAV1KBDY="
+  },
   // Onboarding
   {
     name: "onboarding",
     category: "Onboarding",
-    description: "Set up on Zora for the first time \u2014 publish your profile, create your smart wallet and creator coin, and post your first meme"
+    description: "Set up on Zora for the first time \u2014 publish your profile, create your smart wallet and creator coin, and post your first meme",
+    integrity: "sha256-8ZSloIyoC232S4QZDyb6PXL94n3OWlhBopHuTpt4Txo="
   },
   // Discovery
   {
     name: "early-buyer",
     category: "Discovery",
-    description: "Auto-buy new coin launches from creators you follow"
+    description: "Auto-buy new coin launches from creators you follow",
+    integrity: "sha256-MsU1e7kShm2X8jLY4nqNh8N+2ZNTKs0FVTzOVXf/rTQ="
   },
   {
     name: "watchlist",
     category: "Discovery",
-    description: "Track coins and alert when market cap hits configured thresholds"
+    description: "Track coins and alert when market cap hits configured thresholds",
+    integrity: "sha256-jWtGdWJ5gZBE4449BPOA6csCLP8b6dq5svubs/cljBk="
   },
   {
     name: "trend-sniper",
     category: "Discovery",
-    description: "Watch the global trending feed and snipe new trend coins on appearance or a volume spike"
+    description: "Watch the global trending feed and snipe new trend coins on appearance or a volume spike",
+    integrity: "sha256-eb6f+uK43inyv10TEXCLOTxZcaMiatnrbhilUdkIm/0="
   },
   {
     name: "new-coin-screener",
     category: "Discovery",
-    description: "Poll the global new-coin feed and auto-buy launches that pass a market-cap/holder screen"
+    description: "Poll the global new-coin feed and auto-buy launches that pass a market-cap/holder screen",
+    integrity: "sha256-P/IZ6vn94w+vTwNhxhxMyJInv90ZTlFJJbDJbWGNESs="
   },
   {
     name: "whale-watcher",
     category: "Discovery",
-    description: "Watch top holders and large trades on chosen coins, then alert or auto-trade on whale moves"
+    description: "Watch top holders and large trades on chosen coins, then alert or auto-trade on whale moves",
+    integrity: "sha256-9SMJMageM2VlxlMmoZpja2s0VecSymwSQUP0XSaodfI="
   },
   // Social
   {
     name: "copy-trader",
     category: "Social",
-    description: "Mirror another user's trades \u2014 existing holdings, future trades, or both"
+    description: "Mirror another user's trades \u2014 existing holdings, future trades, or both",
+    integrity: "sha256-Pj6Idrr52zzdwC+byLwRFjcS9EfVItemygm1q2+hbmQ="
   },
   {
     name: "dm-responder",
     category: "Social",
-    description: "Auto-triage and respond to DMs \u2014 approve/deny requests, greet new conversations, and flag keyword matches by rule"
+    description: "Auto-triage and respond to DMs \u2014 approve/deny requests, greet new conversations, and flag keyword matches by rule",
+    integrity: "sha256-ankYlTwsh6xdjL+uZZhKn4y9jZSwHRzYXxAcfrb3yqU="
   },
   {
     name: "comment-engager",
     category: "Social",
-    description: "Read and reply to comments on coins you hold, in your own voice, to build social presence"
+    description: "Read and reply to comments on coins you hold, in your own voice, to build social presence",
+    integrity: "sha256-oHbXs3JIOwaEJ/yubo/xIDC3rMIU5Rq7u3SGT7vIKv0="
   },
   {
     name: "social-trader",
     category: "Social",
-    description: "Follow specific creators and buy their new post coins or growing creator coins"
+    description: "Follow specific creators and buy their new post coins or growing creator coins",
+    integrity: "sha256-T/txP3ctq2NNaWkXOr7nWj4JuZJlKTMMMCWjh6qsmk8="
   },
   {
     name: "auto-poster",
     category: "Social",
-    description: "Publish a new post on a schedule to keep your agent active and in-character"
+    description: "Publish a new post on a schedule to keep your agent active and in-character",
+    integrity: "sha256-7vhcFa9fCArAOKu5hDUaMmR0Pw4SvTjXeVXU8BB9550="
   },
   // Risk
   {
     name: "take-profit",
     category: "Risk",
-    description: "Auto-sell positions at configured take-profit or stop-loss price targets"
+    description: "Auto-sell positions at configured take-profit or stop-loss price targets",
+    integrity: "sha256-CHtXieeBhnmfYAzazwIGHk7af1sJYHO2ox3nVDJD3yg="
   },
   {
     name: "dca",
     category: "Risk",
-    description: "Dollar-cost-average a fixed amount into chosen coins each iteration, with budget caps"
+    description: "Dollar-cost-average a fixed amount into chosen coins each iteration, with budget caps",
+    integrity: "sha256-xiSCYid81h0btfQV5gNlfsV0sLjc+1DvQSU3ORgYGJI="
   },
   {
     name: "portfolio-rebalancer",
     category: "Risk",
-    description: "Rebalance holdings back to target allocations when they drift past a tolerance band"
+    description: "Rebalance holdings back to target allocations when they drift past a tolerance band",
+    integrity: "sha256-LzeWI1kfOhOr1oeXmLABAfrrUtJ3jm+llOb+wGjo5/Q="
   },
   // Reporting
   {
     name: "portfolio-digest",
     category: "Reporting",
-    description: "Read-only periodic portfolio and PnL digest, optionally delivered to the operator by DM"
+    description: "Read-only periodic portfolio and PnL digest, optionally delivered to the operator by DM",
+    integrity: "sha256-tp8GQTSzRfqdKKT1H/ox8GOv3nRHSDLXbh9iaHTmjp4="
   }
 ];
 var AGENT_ORDER = [
@@ -11448,7 +11819,11 @@ var detectAgent = (cwd) => {
   }
   return null;
 };
-var fetchSkill = async (name) => {
+var computeIntegrity = (content) => {
+  const hash = createHash2("sha256").update(content, "utf8").digest("base64");
+  return `sha256-${hash}`;
+};
+var fetchSkill = async (name, expectedIntegrity, skipVerify) => {
   const url = `${getSkillsBaseUrl()}/${name}.md`;
   const response = await fetch(url);
   if (!response.ok) {
@@ -11456,17 +11831,30 @@ var fetchSkill = async (name) => {
       `Failed to fetch ${url}: ${response.status} ${response.statusText}`
     );
   }
-  return response.text();
+  const content = await response.text();
+  if (!skipVerify) {
+    const actual = computeIntegrity(content);
+    if (actual !== expectedIntegrity) {
+      throw new Error(
+        `Skill integrity check failed for "${name}".
+Expected: ${expectedIntegrity}
+Received: ${actual}
+This could indicate a compromised download. If you trust the source, use --skip-verify.`
+      );
+    }
+  }
+  return content;
 };
-var skillsCommand = new Command14("skills").description(
+var skillsCommand = new Command15("skills").description(
   "Install pre-built agent skills \u2014 onboarding plus discovery, social, risk, and reporting strategies (run `skills list` to see them all)"
 ).action(function() {
   this.outputHelp();
 });
+var getPublicSkills = () => SKILLS.map(({ integrity: _, ...rest }) => rest);
 skillsCommand.command("list").description("List available skills").action(function() {
   const json = getJson(this);
   outputData(json, {
-    json: { skills: SKILLS },
+    json: { skills: getPublicSkills() },
     render: () => {
       console.log("Available skills:\n");
       for (const s of SKILLS) {
@@ -11482,12 +11870,13 @@ skillsCommand.command("add [name]").description(
 ).option("--all", "Install all skills").option(
   "--agent <agent>",
   "Target agent: claude, cursor, windsurf, openclaw, hermes (default: auto-detect)"
-).option("--dir <path>", "Explicit directory to install into").action(async function(name) {
+).option("--dir <path>", "Explicit directory to install into").option("--skip-verify", "Skip integrity verification (development only)").action(async function(name) {
   const json = getJson(this);
   const opts = this.opts();
   const installAll = opts.all === true;
   const agentFlag = opts.agent;
   const dirFlag = opts.dir;
+  const skipVerify = opts.skipVerify === true;
   if (!installAll && !name) {
     return outputErrorAndExit(
       json,
@@ -11534,28 +11923,72 @@ skillsCommand.command("add [name]").description(
   mkdirSync3(outDir, { recursive: true });
   const installed = [];
   const errors = [];
-  for (const file of names) {
+  for (const skillName of names) {
+    const skill = SKILLS.find((s) => s.name === skillName);
     try {
-      const content = await fetchSkill(file);
-      const skillDir = join3(outDir, `${SKILL_PREFIX}${file}`);
+      const content = await fetchSkill(
+        skillName,
+        skill.integrity,
+        skipVerify
+      );
+      const skillDir = join3(outDir, `${SKILL_PREFIX}${skillName}`);
       mkdirSync3(skillDir, { recursive: true });
       const outPath = join3(skillDir, "SKILL.md");
       writeFileSync3(outPath, content);
-      installed.push({ name: `${SKILL_PREFIX}${file}`, path: outPath });
+      installed.push({ name: `${SKILL_PREFIX}${skillName}`, path: outPath });
     } catch (err) {
       errors.push({
-        name: file,
+        name: skillName,
         error: err instanceof Error ? err.message : String(err)
       });
     }
   }
   if (errors.length > 0 && installed.length === 0) {
+    const integrityError = errors.find(
+      (e) => e.error.includes("integrity check failed")
+    );
     return outputErrorAndExit(
       json,
       `Failed to install: ${errors.map((e) => e.name).join(", ")}`,
-      "Check your network connection and retry."
+      integrityError ? integrityError.error : "Check your network connection and retry."
     );
   }
+  const hasIntegrityErrors = errors.some(
+    (e) => e.error.includes("integrity check failed")
+  );
+  if (hasIntegrityErrors) {
+    outputData(json, {
+      json: {
+        installed,
+        errors,
+        agent: resolvedAgent,
+        dir: outDir
+      },
+      render: () => {
+        if (resolvedAgent && resolvedAgent !== "custom") {
+          console.log(`\x1B[2mDetected agent: ${resolvedAgent}\x1B[0m`);
+        }
+        for (const { name: name2, path } of installed) {
+          console.log(`\x1B[32m\u2713\x1B[0m Installed ${name2} \u2192 ${path}`);
+        }
+        for (const { name: name2, error } of errors) {
+          console.error(`\x1B[31m\u2717\x1B[0m ${name2}: ${error}`);
+        }
+        console.error(
+          "\n\x1B[31mIntegrity check failed for some skills. This could indicate compromised downloads.\x1B[0m"
+        );
+      }
+    });
+    track("cli_skills_add", {
+      installed_count: installed.length,
+      error_count: errors.length,
+      integrity_errors: true,
+      all: installAll,
+      agent: resolvedAgent ?? "unknown",
+      output_format: json ? "json" : "text"
+    });
+    process.exit(1);
+  }
   outputData(json, {
     json: {
       installed,
@@ -11592,8 +12025,8 @@ Invoke by typing /${firstSkill} in your agent to get started.`
 });
 
 // src/commands/wallet.ts
-import { Command as Command15 } from "commander";
-import { isAddress as isAddress9 } from "viem";
+import { Command as Command16 } from "commander";
+import { isAddress as isAddress10 } from "viem";
 import { privateKeyToAccount as privateKeyToAccount10 } from "viem/accounts";
 var resolvePrivateKey2 = () => {
   const envKey = process.env.ZORA_PRIVATE_KEY;
@@ -11609,15 +12042,15 @@ var resolvePrivateKey2 = () => {
 var resolveSmartWalletAddress3 = () => {
   const envAddress = process.env.ZORA_SMART_WALLET_ADDRESS;
   if (envAddress) {
-    return isAddress9(envAddress) ? { address: envAddress, source: "env" } : { invalid: true, source: "env" };
+    return isAddress10(envAddress) ? { address: envAddress, source: "env" } : { invalid: true, source: "env" };
   }
   const fileAddress = getSmartWalletAddress();
   if (fileAddress !== void 0) {
-    return isAddress9(fileAddress) ? { address: fileAddress, source: "file" } : { invalid: true, source: "file" };
+    return isAddress10(fileAddress) ? { address: fileAddress, source: "file" } : { invalid: true, source: "file" };
   }
   return void 0;
 };
-var walletCommand = new Command15("wallet").description("Manage your Zora wallet").action(function() {
+var walletCommand = new Command16("wallet").description("Manage your Zora wallet").action(function() {
   this.outputHelp();
 });
 walletCommand.command("info").description("Show wallet address and storage location").action(function() {
@@ -12113,7 +12546,7 @@ async function maybeNotifyNewDms() {
       privateKey: normalizeKey(key)
     });
     const auth = createSmartWalletAuth(provider);
-    const { createMessagingClient } = await import("./client-4HW4ZUHD.js");
+    const { createMessagingClient } = await import("./client-M3K6L2ZM.js");
     const client2 = await createMessagingClient(auth.signerSpec);
     try {
       await client2.sync(["unknown"]);
@@ -12154,7 +12587,7 @@ import { jsx as jsx24 } from "react/jsx-runtime";
 if (process.env.ZORA_API_TARGET) {
   setApiBaseUrl(process.env.ZORA_API_TARGET);
 }
-var version = true ? "1.2.0" : JSON.parse(
+var version = true ? "1.4.0" : JSON.parse(
   readFileSync5(new URL("../package.json", import.meta.url), "utf-8")
 ).version;
 function styledHelpWriteOut(showHeader) {
@@ -12174,7 +12607,7 @@ function styledHelpWriteOut(showHeader) {
   };
 }
 var buildProgram = () => {
-  const program2 = new Command16().name("zora").description("Trade what's trending. Run `zora setup` to get started.").version(version).option("--json", "Output as JSON (for scripts and automation)", false);
+  const program2 = new Command17().name("zora").description("Trade what's trending. Run `zora setup` to get started.").version(version).option("--json", "Output as JSON (for scripts and automation)", false);
   const helpWidth = (process.stdout.columns || 80) - 4;
   program2.configureHelp({
     helpWidth,
@@ -12195,6 +12628,8 @@ var buildProgram = () => {
   program2.addCommand(createCommand);
   program2.addCommand(dmCommand);
   program2.addCommand(exploreCommand);
+  program2.addCommand(followCommand);
+  program2.addCommand(unfollowCommand);
   program2.addCommand(getCommand);
   program2.addCommand(profileCommand);
   program2.addCommand(setupCommand);
@@ -12210,7 +12645,11 @@ var buildProgram = () => {
     }
   };
   applyToSubcommands(program2);
-  const argOptionalCommands = /* @__PURE__ */ new Set(["profile", "agent budget set"]);
+  const argOptionalCommands = /* @__PURE__ */ new Set([
+    "profile",
+    "agent budget set",
+    "skills add"
+  ]);
   const fullCommandPath = (cmd) => {
     const parts = [];
     let c = cmd;