agentspend 0.1.10 → 0.2.1

package/dist/commands/search.js

@@ -0,0 +1,16 @@
+import { resolveApiKeyWithAutoClaim } from "../lib/auth-flow.js";
+export async function runSearch(apiClient, query) {
+    const apiKey = await resolveApiKeyWithAutoClaim(apiClient);
+    const response = await apiClient.search(apiKey, query);
+    if (response.services.length === 0) {
+        console.log(`No services matched "${response.query}".`);
+        return;
+    }
+    for (const service of response.services) {
+        console.log(service.name);
+        console.log(`Description: ${service.description}`);
+        console.log(`Domain: ${service.domain}`);
+        console.log(`Skill URL: ${service.skill_url ?? "n/a"}`);
+        console.log("");
+    }
+}

package/dist/commands/setup.js

@@ -0,0 +1,36 @@
+import bcrypt from "bcryptjs";
+import crypto from "node:crypto";
+import { saveCredentials } from "../lib/credentials.js";
+const POLL_INTERVAL_MS = 2_000;
+const SETUP_TIMEOUT_MS = 10 * 60 * 1000;
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function generateApiKey() {
+    return `sk_agent_${crypto.randomBytes(32).toString("hex")}`;
+}
+export async function runSetup(apiClient) {
+    const setup = await apiClient.createSetup();
+    console.log(`Open this URL to complete setup:\n${setup.setup_url}\n`);
+    console.log("Waiting for setup to complete...");
+    const started = Date.now();
+    while (Date.now() - started < SETUP_TIMEOUT_MS) {
+        const status = await apiClient.getSetupStatus(setup.setup_id);
+        if (status.status === "ready") {
+            const apiKey = generateApiKey();
+            const apiKeyHash = await bcrypt.hash(apiKey, 12);
+            await apiClient.claimSetup(setup.setup_id, apiKeyHash);
+            await saveCredentials(apiKey);
+            console.log("Ready! Your agent can now spend.");
+            return;
+        }
+        if (status.status === "claimed") {
+            throw new Error("This setup session was already claimed. Run agentspend setup again.");
+        }
+        if (status.status === "expired") {
+            throw new Error("Setup timed out. Run agentspend setup again.");
+        }
+        await sleep(POLL_INTERVAL_MS);
+    }
+    throw new Error("Setup timed out. Run agentspend setup again.");
+}

package/dist/commands/status.js

@@ -0,0 +1,7 @@
+import { resolveApiKeyWithAutoClaim } from "../lib/auth-flow.js";
+import { printStatus } from "../lib/output.js";
+export async function runStatus(apiClient) {
+    const apiKey = await resolveApiKeyWithAutoClaim(apiClient);
+    const status = await apiClient.status(apiKey);
+    printStatus(status);
+}

package/dist/dev-index.js

@@ -0,0 +1,10 @@
+#!/usr/bin/env node
+import { runCli } from "./cli.js";
+const LOCAL_API_BASE_URL = "http://127.0.0.1:8787";
+runCli({
+    baseUrl: LOCAL_API_BASE_URL,
+    programName: "agentspend-dev",
+}).catch((error) => {
+    console.error(error instanceof Error ? error.message : String(error));
+    process.exitCode = 1;
+});

package/dist/index.js

@@ -1,16 +1,6 @@
 #!/usr/bin/env node
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const commander_1 = require("commander");
-const card_js_1 = require("./commands/card.js");
-const wallet_js_1 = require("./commands/wallet.js");
-const pay_js_1 = require("./commands/pay.js");
-const program = new commander_1.Command();
-program
-    .name("agentspend")
-    .description("AgentSpend CLI — manage cards and billing")
-    .version("0.1.0");
-(0, card_js_1.registerCardCommands)(program);
-(0, wallet_js_1.registerWalletCommands)(program);
-(0, pay_js_1.registerPayCommand)(program);
-program.parse();
+import { runCli } from "./cli.js";
+runCli().catch((error) => {
+    console.error(error instanceof Error ? error.message : String(error));
+    process.exitCode = 1;
+});

package/dist/lib/api.js

@@ -0,0 +1,98 @@
+const API_URL = "https://api.agentspend.co";
+export class ApiError extends Error {
+    status;
+    body;
+    constructor(message, status, body) {
+        super(message);
+        this.name = "ApiError";
+        this.status = status;
+        this.body = body;
+    }
+}
+async function parseBody(response) {
+    const contentType = response.headers.get("content-type") ?? "";
+    if (contentType.includes("application/json")) {
+        try {
+            return await response.json();
+        }
+        catch {
+            return null;
+        }
+    }
+    return response.text();
+}
+function errorMessageFromBody(body, fallback) {
+    if (body && typeof body === "object" && "error" in body && typeof body.error === "string") {
+        return body.error;
+    }
+    if (typeof body === "string" && body.length > 0) {
+        return body;
+    }
+    return fallback;
+}
+export class AgentspendApiClient {
+    baseUrl;
+    constructor(baseUrl = API_URL) {
+        this.baseUrl = baseUrl;
+    }
+    async request(path, init = {}, apiKey) {
+        const headers = {
+            ...init.headers,
+        };
+        if (apiKey) {
+            headers.Authorization = `Bearer ${apiKey}`;
+        }
+        if (init.body && !headers["content-type"] && !headers["Content-Type"]) {
+            headers["content-type"] = "application/json";
+        }
+        const response = await fetch(`${this.baseUrl}${path}`, {
+            ...init,
+            headers,
+        });
+        const body = await parseBody(response);
+        if (!response.ok) {
+            throw new ApiError(errorMessageFromBody(body, `Request failed (${response.status})`), response.status, body);
+        }
+        return body;
+    }
+    pay(apiKey, payload) {
+        return this.request("/pay", {
+            method: "POST",
+            body: JSON.stringify(payload),
+        }, apiKey);
+    }
+    check(apiKey, payload) {
+        return this.request("/check", {
+            method: "POST",
+            body: JSON.stringify(payload),
+        }, apiKey);
+    }
+    status(apiKey) {
+        return this.request("/status", {
+            method: "GET",
+        }, apiKey);
+    }
+    configure(payload, apiKey) {
+        return this.request("/configure", {
+            method: "POST",
+            body: payload ? JSON.stringify(payload) : undefined,
+        }, apiKey);
+    }
+    configureStatus(token) {
+        return this.request(`/configure/${encodeURIComponent(token)}/status`, {
+            method: "GET",
+        });
+    }
+    claimConfigure(token, apiKeyHash) {
+        return this.request(`/configure/${encodeURIComponent(token)}/claim`, {
+            method: "POST",
+            body: JSON.stringify({ api_key_hash: apiKeyHash }),
+        });
+    }
+    search(apiKey, query) {
+        const params = new URLSearchParams({ q: query });
+        return this.request(`/search?${params.toString()}`, {
+            method: "GET",
+        }, apiKey);
+    }
+}

package/dist/lib/auth-flow.js

@@ -0,0 +1,56 @@
+import bcrypt from "bcryptjs";
+import crypto from "node:crypto";
+import { ApiError } from "./api.js";
+import { clearPendingConfigureToken, readCredentials, readPendingConfigureToken, saveCredentials, } from "./credentials.js";
+function generateApiKey() {
+    return `sk_agent_${crypto.randomBytes(32).toString("hex")}`;
+}
+async function getConfigureStatusOrNull(apiClient, token) {
+    try {
+        return await apiClient.configureStatus(token);
+    }
+    catch (error) {
+        if (error instanceof ApiError && (error.status === 401 || error.status === 404 || error.status === 410)) {
+            return null;
+        }
+        throw error;
+    }
+}
+export async function claimConfigureToken(apiClient, token) {
+    const apiKey = generateApiKey();
+    const apiKeyHash = await bcrypt.hash(apiKey, 12);
+    await apiClient.claimConfigure(token, apiKeyHash);
+    await saveCredentials(apiKey);
+    await clearPendingConfigureToken();
+    return apiKey;
+}
+export async function getPendingConfigureStatus(apiClient) {
+    const token = await readPendingConfigureToken();
+    if (!token) {
+        return null;
+    }
+    const status = await getConfigureStatusOrNull(apiClient, token);
+    if (!status || status.claim_status === "expired") {
+        await clearPendingConfigureToken();
+        return null;
+    }
+    return { token, status };
+}
+export async function resolveApiKeyWithAutoClaim(apiClient) {
+    const credentials = await readCredentials();
+    if (credentials) {
+        return credentials.api_key;
+    }
+    const pending = await getPendingConfigureStatus(apiClient);
+    if (!pending) {
+        throw new Error("No API key found. Run `agentspend configure` first.");
+    }
+    if (pending.status.claim_status === "ready_to_claim") {
+        return claimConfigureToken(apiClient, pending.token);
+    }
+    if (pending.status.claim_status === "awaiting_card") {
+        throw new Error(`Card setup required. Open this URL:\n${pending.status.configure_url}`);
+    }
+    await clearPendingConfigureToken();
+    throw new Error("Configure session already claimed. Run `agentspend configure` again.");
+}

package/dist/lib/credentials.js

@@ -0,0 +1,65 @@
+import { mkdir, readFile, writeFile, chmod, unlink } from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+const CREDENTIALS_DIR = path.join(os.homedir(), ".agentspend");
+const CREDENTIALS_FILE = path.join(CREDENTIALS_DIR, "credentials.json");
+const PENDING_CONFIGURE_FILE = path.join(CREDENTIALS_DIR, "pending-configure.json");
+export async function readCredentials() {
+    try {
+        const raw = await readFile(CREDENTIALS_FILE, "utf-8");
+        const parsed = JSON.parse(raw);
+        if (!parsed.api_key || !parsed.api_key.startsWith("sk_agent_")) {
+            return null;
+        }
+        return parsed;
+    }
+    catch {
+        return null;
+    }
+}
+export async function saveCredentials(apiKey) {
+    const payload = {
+        api_key: apiKey,
+        created_at: new Date().toISOString(),
+    };
+    await mkdir(CREDENTIALS_DIR, { recursive: true, mode: 0o700 });
+    await writeFile(CREDENTIALS_FILE, `${JSON.stringify(payload, null, 2)}\n`, "utf-8");
+    try {
+        await chmod(CREDENTIALS_FILE, 0o600);
+    }
+    catch {
+        // no-op when chmod is not available on the host filesystem
+    }
+}
+export async function requireApiKey() {
+    const credentials = await readCredentials();
+    if (!credentials) {
+        throw new Error(`No API key found at ${CREDENTIALS_FILE}. Run \`agentspend configure\` first.`);
+    }
+    return credentials.api_key;
+}
+export async function readPendingConfigureToken() {
+    try {
+        const raw = await readFile(PENDING_CONFIGURE_FILE, "utf-8");
+        const parsed = JSON.parse(raw);
+        if (!parsed.token || !parsed.token.startsWith("cfs_")) {
+            return null;
+        }
+        return parsed.token;
+    }
+    catch {
+        return null;
+    }
+}
+export async function savePendingConfigureToken(token) {
+    await mkdir(CREDENTIALS_DIR, { recursive: true, mode: 0o700 });
+    await writeFile(PENDING_CONFIGURE_FILE, `${JSON.stringify({ token, created_at: new Date().toISOString() }, null, 2)}\n`, "utf-8");
+}
+export async function clearPendingConfigureToken() {
+    try {
+        await unlink(PENDING_CONFIGURE_FILE);
+    }
+    catch {
+        // no-op
+    }
+}

package/dist/lib/output.js

@@ -0,0 +1,76 @@
+const USD6_SCALE = 1_000_000;
+function formatUsdNumber(value, minDecimals = 2, maxDecimals = 6) {
+    const fixed = value.toFixed(maxDecimals);
+    const trimmed = fixed.replace(/(\.\d*?)0+$/, "$1").replace(/\.$/, "");
+    if (!trimmed.includes(".")) {
+        return minDecimals > 0 ? `${trimmed}.${"0".repeat(minDecimals)}` : trimmed;
+    }
+    const [whole, frac = ""] = trimmed.split(".");
+    if (frac.length >= minDecimals) {
+        return trimmed;
+    }
+    return `${whole}.${frac.padEnd(minDecimals, "0")}`;
+}
+export function usd6ToUsd(usd6) {
+    return usd6 / USD6_SCALE;
+}
+export function formatUsd(usd) {
+    if (!Number.isFinite(usd)) {
+        return "unknown";
+    }
+    return `$${formatUsdNumber(usd, 2, 6)}`;
+}
+export function formatUsdEstimate(estimatedUsd, fallbackUsd) {
+    if (typeof estimatedUsd === "number") {
+        return formatUsd(estimatedUsd);
+    }
+    if (typeof fallbackUsd === "number") {
+        return formatUsd(fallbackUsd);
+    }
+    return "unknown";
+}
+export function formatJson(value) {
+    if (typeof value === "string") {
+        return value;
+    }
+    return JSON.stringify(value, null, 2);
+}
+export function relativeTime(iso) {
+    const timestamp = new Date(iso).getTime();
+    const diffMs = Date.now() - timestamp;
+    const abs = Math.max(0, Math.floor(diffMs / 1000));
+    if (abs < 60) {
+        return `${abs}s ago`;
+    }
+    const minutes = Math.floor(abs / 60);
+    if (minutes < 60) {
+        return `${minutes}m ago`;
+    }
+    const hours = Math.floor(minutes / 60);
+    if (hours < 24) {
+        return `${hours}h ago`;
+    }
+    const days = Math.floor(hours / 24);
+    return `${days}d ago`;
+}
+function formatCharge(charge) {
+    const amountUsd = charge.amount_usd ?? usd6ToUsd(charge.amount_usd6);
+    const amount = formatUsd(amountUsd).padEnd(10);
+    const domain = charge.target_domain.padEnd(24);
+    const when = relativeTime(charge.created_at);
+    return `  ${amount} ${domain} ${when}`;
+}
+export function printStatus(status) {
+    console.log(`Weekly budget:   ${formatUsd(status.weekly_budget_usd)}`);
+    console.log(`Spent this week: ${formatUsd(status.spent_this_week_usd)}`);
+    console.log(`Remaining:       ${formatUsd(status.remaining_budget_usd)}`);
+    console.log("");
+    if (status.recent_charges.length === 0) {
+        console.log("Recent charges: none");
+        return;
+    }
+    console.log("Recent charges:");
+    for (const charge of status.recent_charges) {
+        console.log(formatCharge(charge));
+    }
+}

package/dist/lib/request-options.js

@@ -0,0 +1,35 @@
+const METHOD_TOKEN_PATTERN = /^[!#$%&'*+.^_`|~0-9A-Za-z-]+$/;
+export function normalizeMethod(method) {
+    const normalized = (method ?? "GET").trim().toUpperCase();
+    if (!normalized || !METHOD_TOKEN_PATTERN.test(normalized)) {
+        throw new Error(`Invalid HTTP method: ${method ?? ""}`);
+    }
+    return normalized;
+}
+export function parseHeaders(rawHeaders) {
+    const parsed = {};
+    for (const header of rawHeaders ?? []) {
+        const separator = header.indexOf(":");
+        if (separator === -1) {
+            throw new Error(`Invalid header format: ${header}. Expected key:value.`);
+        }
+        const key = header.slice(0, separator).trim();
+        const value = header.slice(separator + 1).trim();
+        if (!key || !value) {
+            throw new Error(`Invalid header format: ${header}. Expected key:value.`);
+        }
+        parsed[key] = value;
+    }
+    return parsed;
+}
+export function parseBody(rawBody) {
+    if (rawBody === undefined) {
+        return undefined;
+    }
+    try {
+        return JSON.parse(rawBody);
+    }
+    catch {
+        return rawBody;
+    }
+}

package/dist/types.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,27 +1,26 @@
 {
   "name": "agentspend",
-  "version": "0.1.10",
-  "description": "CLI for AgentSpend — manage cards and crypto wallets for AI agent payments",
-  "homepage": "https://github.com/jpbonch/agentspend",
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/jpbonch/agentspend.git"
-  },
-  "engines": {
-    "node": ">=18"
-  },
+  "version": "0.2.1",
+  "description": "AgentSpend CLI for managed x402 spending",
+  "files": ["dist", "SKILL.md"],
+  "type": "module",
   "bin": {
     "agentspend": "dist/index.js"
   },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "dev": "tsx src/index.ts",
+    "dev:local": "tsx src/dev-index.ts",
+    "typecheck": "tsc -p tsconfig.json --noEmit"
+  },
   "dependencies": {
-    "@x402/core": "^2.3.1",
-    "@x402/evm": "^2.3.1",
-    "commander": "^13.0.0",
-    "viem": "^2.0.0"
+    "bcryptjs": "^2.4.3",
+    "commander": "^12.1.0"
   },
-  "scripts": {
-    "build": "tsc",
-    "typecheck": "tsc --noEmit"
+  "devDependencies": {
+    "@types/bcryptjs": "^2.4.6",
+    "@types/node": "^22.10.2",
+    "tsx": "^4.19.2",
+    "typescript": "^5.7.2"
   }
 }

package/dist/commands/card.d.ts

@@ -1,2 +0,0 @@
-import { Command } from "commander";
-export declare function registerCardCommands(program: Command): void;

package/dist/commands/card.js

@@ -1,179 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.registerCardCommands = registerCardCommands;
-const promises_1 = require("node:fs/promises");
-const node_os_1 = require("node:os");
-const node_path_1 = require("node:path");
-const node_child_process_1 = require("node:child_process");
-const node_process_1 = require("node:process");
-const CONFIG_DIR = (0, node_path_1.join)((0, node_os_1.homedir)(), ".agentspend");
-const SETUP_FILE = (0, node_path_1.join)(CONFIG_DIR, "setup.json");
-const CARD_FILE = (0, node_path_1.join)(CONFIG_DIR, "card.json");
-const API_BASE = process.env.AGENTSPEND_API_URL ?? "https://api.agentspend.co";
-async function ensureConfigDir() {
-    await (0, promises_1.mkdir)(CONFIG_DIR, { recursive: true });
-    await (0, promises_1.chmod)(CONFIG_DIR, 0o700);
-}
-function openUrl(url) {
-    const cmd = node_process_1.platform === "darwin" ? "open" : node_process_1.platform === "win32" ? "start" : "xdg-open";
-    (0, node_child_process_1.exec)(`${cmd} ${JSON.stringify(url)}`);
-}
-async function readSetupId() {
-    try {
-        const data = JSON.parse(await (0, promises_1.readFile)(SETUP_FILE, "utf-8"));
-        if (typeof data.setup_id === "string" && data.setup_id) {
-            return data.setup_id;
-        }
-    }
-    catch {
-        // file doesn't exist or is invalid
-    }
-    throw new Error("No setup_id found. Run 'agentspend card configure' first.");
-}
-async function readCardFile() {
-    try {
-        const data = JSON.parse(await (0, promises_1.readFile)(CARD_FILE, "utf-8"));
-        if (typeof data.card_id === "string" && typeof data.card_secret === "string") {
-            return { card_id: data.card_id, card_secret: data.card_secret };
-        }
-    }
-    catch {
-        // file doesn't exist or is invalid
-    }
-    return null;
-}
-async function createCard() {
-    const response = await fetch(`${API_BASE}/v1/card/create`, {
-        method: "POST",
-        headers: { "content-type": "application/json" },
-        body: JSON.stringify({})
-    });
-    if (!response.ok) {
-        const body = await response.text();
-        throw new Error(`Failed to create card (${response.status}): ${body}`);
-    }
-    return (await response.json());
-}
-async function requestConfigure(cardId, cardSecret) {
-    const response = await fetch(`${API_BASE}/v1/card/configure`, {
-        method: "POST",
-        headers: { "content-type": "application/json" },
-        body: JSON.stringify({ card_id: cardId, card_secret: cardSecret })
-    });
-    if (!response.ok) {
-        const body = await response.text();
-        throw new Error(`Failed to open configure page (${response.status}): ${body}`);
-    }
-    return (await response.json());
-}
-async function getSetupStatus(setupId) {
-    const response = await fetch(`${API_BASE}/v1/card/setup/${encodeURIComponent(setupId)}`);
-    if (!response.ok) {
-        const body = await response.text();
-        throw new Error(`Failed to get setup status (${response.status}): ${body}`);
-    }
-    return (await response.json());
-}
-async function getCardStatus(cardId, cardSecret) {
-    const response = await fetch(`${API_BASE}/v1/card/${encodeURIComponent(cardId)}/status`, {
-        headers: { "x-card-secret": cardSecret }
-    });
-    if (!response.ok) {
-        const body = await response.text();
-        throw new Error(`Failed to get card status (${response.status}): ${body}`);
-    }
-    return (await response.json());
-}
-function sleep(ms) {
-    return new Promise((resolve) => setTimeout(resolve, ms));
-}
-function formatCents(cents) {
-    return `$${(cents / 100).toFixed(2)}`;
-}
-function registerCardCommands(program) {
-    const card = program
-        .command("card")
-        .description("Manage AgentSpend cards");
-    card
-        .command("status")
-        .description("Show card dashboard: weekly budget, services, and recent charges")
-        .action(async () => {
-        try {
-            // If card.json exists, show full dashboard
-            const cardData = await readCardFile();
-            if (cardData) {
-                const status = await getCardStatus(cardData.card_id, cardData.card_secret);
-                console.log(`Card ID:   ${status.card_id}`);
-                console.log(`Weekly budget: ${formatCents(status.weekly_spent_cents)} / ${formatCents(status.weekly_limit_cents)} used this week`);
-                console.log(`Remaining: ${formatCents(status.weekly_remaining_cents)}`);
-                console.log();
-                if (status.services.length > 0) {
-                    console.log("Authorized services:");
-                    for (const svc of status.services) {
-                        console.log(`  - ${svc.name} (${svc.status}, since ${new Date(svc.created_at).toLocaleDateString()})`);
-                    }
-                }
-                else {
-                    console.log("Authorized services: No services authorized yet");
-                }
-                console.log();
-                if (status.recent_charges.length > 0) {
-                    console.log("Recent charges:");
-                    for (const ch of status.recent_charges) {
-                        console.log(`  - ${ch.service_name}: ${formatCents(ch.amount_cents)} on ${new Date(ch.created_at).toLocaleDateString()}`);
-                    }
-                }
-                else {
-                    console.log("Recent charges: No charges yet");
-                }
-                return;
-            }
-            // Fall back to checking pending setup status
-            const setupId = await readSetupId();
-            const status = await getSetupStatus(setupId);
-            console.log(`Setup ID:  ${status.setup_id}`);
-            console.log(`Status:    ${status.status}`);
-            console.log(`Expires:   ${status.expires_at}`);
-            if (status.card_id) {
-                console.log(`Card ID: ${status.card_id}`);
-            }
-        }
-        catch (err) {
-            console.error(`Error: ${err instanceof Error ? err.message : err}`);
-            process.exit(1);
-        }
-    });
-    card
-        .command("configure")
-        .description("Get configuration URL to set up or reconfigure your card")
-        .action(async () => {
-        try {
-            // Check if card.json exists — reconfigure flow
-            const cardData = await readCardFile();
-            if (cardData) {
-                const result = await requestConfigure(cardData.card_id, cardData.card_secret);
-                console.log(`Configuration URL: ${result.configure_url}`);
-                console.log();
-                console.log("Open this URL in your browser to reconfigure (change weekly limit, swap card, or remove).");
-                return;
-            }
-            // First-time setup flow
-            const result = await createCard();
-            await ensureConfigDir();
-            await (0, promises_1.writeFile)(SETUP_FILE, JSON.stringify({ setup_id: result.setup_id }, null, 2));
-            await (0, promises_1.chmod)(SETUP_FILE, 0o600);
-            console.log(`Configuration URL: ${result.setup_url}`);
-            console.log(`Expires: ${result.expires_at}`);
-            console.log();
-            console.log("Complete setup in your browser:");
-            console.log("  1. Set your weekly spending limit");
-            console.log("  2. Add your card via Stripe");
-            console.log();
-            console.log("Then run 'agentspend card status' to verify completion.");
-        }
-        catch (err) {
-            console.error(`\nError: ${err instanceof Error ? err.message : err}`);
-            process.exit(1);
-        }
-    });
-}

package/dist/commands/crypto-wallet.d.ts

@@ -1,2 +0,0 @@
-import { Command } from "commander";
-export declare function registerCryptoWalletCommands(program: Command): void;