npm - agentstore - Versions diffs - 1.0.1 → 1.0.3 - Mend

agentstore 1.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -4,27 +4,19 @@ Open-source marketplace CLI for Claude Code plugins. Browse, install, publish, a
 ## Install
-```bash
-npm install -g agentstore
-```
+**Native plugin** (recommended — no npm needed):
-Or use directly:
-```bash
-npx agentstore browse
+```
+/plugin marketplace add techgangboss/agentstore
+/plugin install code-reviewer@agentstore
 ```
-## Quick Start
+**npm CLI** (adds wallet, payments, and publishing):
 ```bash
-# Browse available agents
+npm install -g agentstore
 agentstore browse
-# Install a free agent
-agentstore install techgangboss.wallet-assistant
-# Setup the MCP gateway (routes agent tools through Claude Code)
-agentstore gateway-setup
+agentstore install techgangboss.code-reviewer
 ```
 ## For Publishers

package/dist/index.js CHANGED Viewed

@@ -7,15 +7,39 @@ import * as crypto from 'crypto';
 import * as readline from 'readline';
 import { fileURLToPath } from 'url';
 import { generatePrivateKey, privateKeyToAccount, } from 'viem/accounts';
-import { createPublicClient, createWalletClient, http, formatEther, parseEther, } from 'viem';
+import { createPublicClient, http, parseAbi, formatUnits, parseUnits, } from 'viem';
 import { mainnet } from 'viem/chains';
 import * as keytar from 'keytar';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 const API_BASE = 'https://api.agentstore.tools';
-const MEV_COMMIT_RPC = 'https://fastrpc.mev-commit.xyz';
+const ETHEREUM_RPC = 'https://ethereum-rpc.publicnode.com';
 const KEYCHAIN_SERVICE = 'agentstore-wallet';
 const KEYCHAIN_ACCOUNT = 'encryption-key';
+// USDC contract on Ethereum mainnet
+const USDC_ADDRESS = '0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48';
+const USDC_DECIMALS = 6;
+const ERC20_BALANCE_ABI = parseAbi([
+    'function balanceOf(address owner) view returns (uint256)',
+]);
+// EIP-712 domain for USDC (EIP-3009 transferWithAuthorization)
+const USDC_EIP712_DOMAIN = {
+    name: 'USD Coin',
+    version: '2',
+    chainId: 1,
+    verifyingContract: USDC_ADDRESS,
+};
+// EIP-712 types for TransferWithAuthorization
+const TRANSFER_WITH_AUTHORIZATION_TYPES = {
+    TransferWithAuthorization: [
+        { name: 'from', type: 'address' },
+        { name: 'to', type: 'address' },
+        { name: 'value', type: 'uint256' },
+        { name: 'validAfter', type: 'uint256' },
+        { name: 'validBefore', type: 'uint256' },
+        { name: 'nonce', type: 'bytes32' },
+    ],
+};
 // File paths
 const HOME_DIR = os.homedir();
 const AGENTSTORE_DIR = path.join(HOME_DIR, '.agentstore');
@@ -29,7 +53,7 @@ const TX_HISTORY_FILE = path.join(AGENTSTORE_DIR, 'tx_history.json');
 // Create public client for reading blockchain state
 const publicClient = createPublicClient({
     chain: mainnet,
-    transport: http(MEV_COMMIT_RPC),
+    transport: http(ETHEREUM_RPC),
 });
 // Ensure directories exist
 function ensureDirectories() {
@@ -190,7 +214,7 @@ async function createNewWallet() {
         address: account.address,
         createdAt: new Date().toISOString(),
         network: 'mainnet',
-        rpcEndpoint: MEV_COMMIT_RPC,
+        rpcEndpoint: ETHEREUM_RPC,
         spendLimits: {
             perTransaction: 100,
             daily: 500,
@@ -219,7 +243,7 @@ async function ensureWalletExists() {
         address: account.address,
         createdAt: new Date().toISOString(),
         network: 'mainnet',
-        rpcEndpoint: MEV_COMMIT_RPC,
+        rpcEndpoint: ETHEREUM_RPC,
         spendLimits: {
             perTransaction: 100,
             daily: 500,
@@ -234,41 +258,50 @@ async function ensureWalletExists() {
     fs.writeFileSync(TX_HISTORY_FILE, JSON.stringify([]), { mode: 0o600 });
     return { address: account.address, created: true };
 }
-// Trigger funding flow and wait for funds
-async function triggerFundingFlow(requiredUsd) {
+// Get USDC balance for an address
+async function getUsdcBalance(address) {
+    return publicClient.readContract({
+        address: USDC_ADDRESS,
+        abi: ERC20_BALANCE_ABI,
+        functionName: 'balanceOf',
+        args: [address],
+    });
+}
+// Format USDC from raw bigint (6 decimals) to human-readable string
+function formatUsdc(raw) {
+    return formatUnits(raw, USDC_DECIMALS);
+}
+// Parse USDC from human-readable string to raw bigint
+function parseUsdc(amount) {
+    const str = typeof amount === 'number' ? amount.toFixed(USDC_DECIMALS) : amount;
+    return parseUnits(str, USDC_DECIMALS);
+}
+// Trigger funding flow and wait for USDC funds
+async function triggerFundingFlow(requiredUsdc) {
     const config = loadWalletConfig();
     if (!config)
         return false;
-    console.log('\n💳 Opening Coinbase to fund your wallet...\n');
+    console.log('\n💳 Fund your wallet with USDC\n');
     console.log(`   Wallet: ${config.address}`);
-    console.log(`   Required: ~$${requiredUsd} USD\n`);
-    // Get initial balance
-    const initialBalance = await publicClient.getBalance({
-        address: config.address,
-    });
-    // Get onramp URL from API
+    console.log(`   Required: $${requiredUsdc.toFixed(2)} USDC\n`);
+    // Get initial USDC balance
+    const initialBalance = await getUsdcBalance(config.address);
+    // Try to get onramp URL from API
     const response = await fetch(`${API_BASE}/api/onramp/session`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({
             wallet_address: config.address,
-            amount_usd: Math.ceil(requiredUsd * 1.1), // Add 10% buffer for gas
+            amount_usd: Math.ceil(requiredUsdc),
+            asset: 'USDC',
         }),
     });
     const result = await response.json();
     if (!response.ok || !result.success) {
-        if (result.manual_instructions) {
-            console.log('⚠️  Coinbase Onramp not configured.\n');
-            console.log('   Manual funding instructions:');
-            console.log(`   1. ${result.manual_instructions.step1}`);
-            console.log(`   2. ${result.manual_instructions.step2}`);
-            console.log(`   3. ${result.manual_instructions.step3}`);
-            console.log(`\n   Your wallet address: ${config.address}`);
-            console.log('\n   After funding, run the install command again.');
-        }
+        showFundingOptions(config.address, requiredUsdc);
         return false;
     }
-    // Open browser
+    // Open browser for Coinbase onramp
     const { exec } = await import('child_process');
     const openCmd = process.platform === 'darwin'
         ? `open "${result.onramp_url}"`
@@ -277,47 +310,61 @@ async function triggerFundingFlow(requiredUsd) {
             : `xdg-open "${result.onramp_url}"`;
     exec(openCmd);
     console.log('🌐 Coinbase opened in your browser.\n');
-    console.log('   Complete the purchase, then wait for funds to arrive.');
-    console.log('⏳ Waiting for funds (Ctrl+C to cancel)...\n');
-    // Poll for balance
+    console.log('   Complete the USDC purchase, then wait for funds to arrive.');
+    console.log('   Or use one of the other options below while waiting.\n');
+    showFundingOptionsShort(config.address);
+    console.log('\n⏳ Waiting for USDC (Ctrl+C to cancel)...\n');
+    // Poll for USDC balance
+    const requiredRaw = parseUsdc(requiredUsdc);
     const startTime = Date.now();
     const maxWaitTime = 10 * 60 * 1000; // 10 minutes
     const pollInterval = 10 * 1000; // 10 seconds
     while (Date.now() - startTime < maxWaitTime) {
         await new Promise((resolve) => setTimeout(resolve, pollInterval));
         try {
-            const currentBalance = await publicClient.getBalance({
-                address: config.address,
-            });
-            if (currentBalance > initialBalance) {
+            const currentBalance = await getUsdcBalance(config.address);
+            if (currentBalance >= requiredRaw && currentBalance > initialBalance) {
                 const added = currentBalance - initialBalance;
-                console.log(`\n✅ Funds received! +${formatEther(added)} ETH\n`);
+                console.log(`\n✅ USDC received! +$${formatUsdc(added)} USDC\n`);
                 return true;
             }
             const elapsed = Math.floor((Date.now() - startTime) / 1000);
-            process.stdout.write(`\r   Checking balance... (${elapsed}s elapsed)`);
+            process.stdout.write(`\r   Checking USDC balance... (${elapsed}s elapsed)`);
         }
         catch {
             // Ignore poll errors
         }
     }
-    console.log('\n⚠️  Timeout waiting for funds. Run install again after funding.');
+    console.log('\n⚠️  Timeout waiting for USDC. Run install again after funding.');
     return false;
 }
-// Get wallet balance
+// Show all funding options
+function showFundingOptions(address, requiredUsdc) {
+    console.log('   Three ways to fund your wallet:\n');
+    console.log('   1. Buy with card (Coinbase):');
+    console.log('      agentstore wallet fund --wait\n');
+    console.log('   2. Send USDC directly (from any wallet/exchange):');
+    console.log(`      Send $${requiredUsdc.toFixed(2)} USDC (Ethereum) to:`);
+    console.log(`      ${address}\n`);
+    console.log('   3. Import an existing wallet with USDC:');
+    console.log('      agentstore wallet import\n');
+    console.log('   After funding, run the install command again.');
+}
+// Short version for inline display
+function showFundingOptionsShort(address) {
+    console.log('   Other ways to add USDC:');
+    console.log(`   - Send USDC (Ethereum) to: ${address}`);
+    console.log('   - Import existing wallet: agentstore wallet import');
+}
+// Get wallet balance (USDC)
 async function getWalletBalance() {
     const config = loadWalletConfig();
     if (!config)
         throw new Error('Wallet not initialized');
-    const balanceWei = await publicClient.getBalance({
-        address: config.address,
-    });
-    const ethBalance = formatEther(balanceWei);
-    const ethPrice = await getEthPrice();
-    const usdBalance = parseFloat(ethBalance) * ethPrice;
+    const raw = await getUsdcBalance(config.address);
     return {
-        eth: ethBalance,
-        usd: Math.round(usdBalance * 100) / 100,
+        usdc: formatUsdc(raw),
+        usdcRaw: raw,
     };
 }
 // Check spend limits
@@ -353,100 +400,6 @@ function checkSpendLimit(amountUsd, config, txHistory) {
     }
     return { allowed: true };
 }
-// Send payment for agent
-async function sendAgentPayment(params) {
-    const config = loadWalletConfig();
-    if (!config)
-        throw new Error('Wallet not initialized');
-    const privateKey = await loadPrivateKey();
-    if (!privateKey)
-        throw new Error('Could not load wallet private key');
-    const txHistory = loadTxHistory();
-    // Check spend limits
-    const limitCheck = checkSpendLimit(params.amountUsd, config, txHistory);
-    if (!limitCheck.allowed) {
-        throw new Error(limitCheck.reason);
-    }
-    // Check publisher allowlist
-    if (config.allowedPublishers.length > 0 && !config.allowedPublishers.includes(params.to.toLowerCase())) {
-        throw new Error(`Publisher ${params.to} is not in your allowed publishers list`);
-    }
-    // Get current ETH price
-    const ethPrice = await getEthPrice();
-    const amountEth = params.amountUsd / ethPrice;
-    const amountWei = parseEther(amountEth.toFixed(18));
-    // Check balance
-    const balance = await getWalletBalance();
-    if (parseFloat(balance.eth) < amountEth) {
-        throw new Error(`Insufficient balance: have ${balance.eth} ETH, need ${amountEth.toFixed(6)} ETH`);
-    }
-    // Create wallet client for signing
-    const account = privateKeyToAccount(privateKey);
-    const walletClient = createWalletClient({
-        account,
-        chain: mainnet,
-        transport: http(MEV_COMMIT_RPC),
-    });
-    console.log('Sending transaction...');
-    // Send transaction
-    const txHash = await walletClient.sendTransaction({
-        to: params.to,
-        value: amountWei,
-    });
-    // Record transaction
-    const txRecord = {
-        txHash,
-        to: params.to,
-        amountEth: amountEth.toFixed(6),
-        amountUsd: params.amountUsd,
-        agentId: params.agentId,
-        timestamp: new Date().toISOString(),
-        status: 'pending',
-    };
-    txHistory.push(txRecord);
-    saveTxHistory(txHistory);
-    console.log(`Transaction sent: ${txHash}`);
-    // Wait for confirmation
-    try {
-        console.log('Waiting for confirmation...');
-        const receipt = await publicClient.waitForTransactionReceipt({
-            hash: txHash,
-            confirmations: 2,
-            timeout: 120_000,
-        });
-        const txIndex = txHistory.findIndex((tx) => tx.txHash === txHash);
-        const txRecord = txHistory[txIndex];
-        if (txIndex !== -1 && txRecord) {
-            txRecord.status = receipt.status === 'success' ? 'confirmed' : 'failed';
-            saveTxHistory(txHistory);
-        }
-        if (receipt.status !== 'success') {
-            throw new Error('Transaction failed on chain');
-        }
-        console.log('✓ Transaction confirmed!');
-    }
-    catch (error) {
-        const txIndex = txHistory.findIndex((tx) => tx.txHash === txHash);
-        const txRecord = txHistory[txIndex];
-        if (txIndex !== -1 && txRecord) {
-            txRecord.status = 'failed';
-            saveTxHistory(txHistory);
-        }
-        throw error;
-    }
-    return { txHash, amountEth: amountEth.toFixed(6) };
-}
-// Get ETH price from CoinGecko
-async function getEthPrice() {
-    try {
-        const response = await fetch('https://api.coingecko.com/api/v3/simple/price?ids=ethereum&vs_currencies=usd');
-        const data = (await response.json());
-        return data.ethereum?.usd || 2000;
-    }
-    catch {
-        return 2000;
-    }
-}
 // Prompt user for confirmation
 function prompt(question) {
     const rl = readline.createInterface({
@@ -460,27 +413,138 @@ function prompt(question) {
         });
     });
 }
-// Purchase agent via API
-async function purchaseAgent(agentId, walletAddress, txHash) {
+// Prompt for secret input (masked)
+function promptSecret(question) {
+    return new Promise((resolve) => {
+        process.stdout.write(question);
+        const stdin = process.stdin;
+        const wasRaw = stdin.isRaw;
+        stdin.setRawMode?.(true);
+        stdin.resume();
+        stdin.setEncoding('utf8');
+        let input = '';
+        const onData = (ch) => {
+            if (ch === '\n' || ch === '\r') {
+                stdin.setRawMode?.(wasRaw ?? false);
+                stdin.pause();
+                stdin.removeListener('data', onData);
+                process.stdout.write('\n');
+                resolve(input);
+            }
+            else if (ch === '\u0003') {
+                // Ctrl+C
+                process.exit(0);
+            }
+            else if (ch === '\u007f' || ch === '\b') {
+                if (input.length > 0) {
+                    input = input.slice(0, -1);
+                    process.stdout.write('\b \b');
+                }
+            }
+            else {
+                input += ch;
+                process.stdout.write('*');
+            }
+        };
+        stdin.on('data', onData);
+    });
+}
+// Check agent access — returns entitlement if already purchased, or 402 payment params
+async function getPaymentRequired(agentId, walletAddress) {
+    try {
+        const response = await fetch(`${API_BASE}/api/agents/${encodeURIComponent(agentId)}/access`, {
+            headers: { 'X-Wallet-Address': walletAddress },
+        });
+        if (response.status === 200) {
+            const data = await response.json();
+            return { status: 'granted', entitlement: data.entitlement, install: data.install };
+        }
+        if (response.status === 402) {
+            const data = await response.json();
+            return { status: 'payment_required', payment: data.payment };
+        }
+        const data = await response.json();
+        return { status: 'error', error: data.error || `HTTP ${response.status}` };
+    }
+    catch (error) {
+        return { status: 'error', error: error instanceof Error ? error.message : String(error) };
+    }
+}
+// Sign EIP-3009 TransferWithAuthorization typed data
+async function signTransferAuthorization(payment, privateKey, walletAddress) {
+    const account = privateKeyToAccount(privateKey);
+    const value = parseUsdc(payment.amount);
+    const validBefore = BigInt(Math.floor(new Date(payment.expires_at).getTime() / 1000));
+    const authNonce = ('0x' + crypto.randomBytes(32).toString('hex'));
+    const signature = await account.signTypedData({
+        domain: USDC_EIP712_DOMAIN,
+        types: TRANSFER_WITH_AUTHORIZATION_TYPES,
+        primaryType: 'TransferWithAuthorization',
+        message: {
+            from: walletAddress,
+            to: payment.payTo,
+            value,
+            validAfter: 0n,
+            validBefore,
+            nonce: authNonce,
+        },
+    });
+    // Parse signature into v, r, s components
+    const r = ('0x' + signature.slice(2, 66));
+    const s = ('0x' + signature.slice(66, 130));
+    const v = parseInt(signature.slice(130, 132), 16);
+    return {
+        from: walletAddress,
+        to: payment.payTo,
+        value: value.toString(),
+        validAfter: '0',
+        validBefore: validBefore.toString(),
+        nonce: authNonce,
+        v,
+        r,
+        s,
+    };
+}
+// Submit signed x402 payment to API
+async function submitX402Payment(agentId, walletAddress, payment, authorization) {
     try {
-        const response = await fetch(`${API_BASE}/api/purchase`, {
+        const response = await fetch(`${API_BASE}/api/payments/submit`, {
             method: 'POST',
             headers: { 'Content-Type': 'application/json' },
             body: JSON.stringify({
                 agent_id: agentId,
                 wallet_address: walletAddress,
-                tx_hash: txHash,
+                payment_required: {
+                    amount: payment.amount,
+                    currency: payment.currency,
+                    payTo: payment.payTo,
+                    nonce: payment.nonce,
+                    expires_at: payment.expires_at,
+                },
+                authorization,
             }),
         });
         if (!response.ok) {
-            const error = (await response.json());
-            console.error(`Purchase failed: ${error.error || response.statusText}`);
+            const error = await response.json();
+            if (response.status === 409) {
+                // Already purchased — re-check /access for the entitlement
+                console.log('Agent already purchased. Retrieving entitlement...');
+                const access = await getPaymentRequired(agentId, walletAddress);
+                if (access.status === 'granted' && access.entitlement) {
+                    return {
+                        entitlement_token: access.entitlement.token,
+                        install: access.install,
+                        proof: null,
+                    };
+                }
+            }
+            console.error(`Payment failed: ${error.error || response.statusText}`);
             return null;
         }
-        return (await response.json());
+        return await response.json();
     }
     catch (error) {
-        console.error(`Purchase error: ${error instanceof Error ? error.message : error}`);
+        console.error(`Payment error: ${error instanceof Error ? error.message : error}`);
         return null;
     }
 }
@@ -559,6 +623,9 @@ This is a prompt-based agent. Reference it by asking Claude to follow the instru
 }
 // Install command
 async function installAgent(agentId, options) {
+    // --pay is a true alias for --yes
+    if (options.pay)
+        options.yes = true;
     ensureDirectories();
     console.log(`Fetching agent: ${agentId}...`);
     const agent = await fetchAgent(agentId);
@@ -592,57 +659,71 @@ async function installAgent(agentId, options) {
         }
     }
     console.log('└─────────────────────────────────────────────────┘');
-    // For paid agents, handle payment flow
+    // For paid agents, handle x402 USDC payment flow
     let entitlementToken = null;
     let expiresAt = null;
     if (agent.type === 'proprietary' && agent.pricing.model !== 'free') {
-        // Lazy wallet creation - create if doesn't exist
+        const priceUsd = getPriceUsd(agent.pricing);
+        // Lazy wallet creation
         const { address: walletAddress, created: walletCreated } = await ensureWalletExists();
         if (walletCreated) {
             console.log('\n🔐 Wallet created automatically');
             console.log(`   Address: ${walletAddress}`);
         }
-        const wallet = loadWalletConfig();
-        const ethPrice = await getEthPrice();
-        const priceEth = getPriceUsd(agent.pricing) / ethPrice;
         console.log('\n💰 Payment Required:');
-        console.log(`   Price: $${getPriceUsd(agent.pricing)} (~${priceEth.toFixed(6)} ETH)`);
-        console.log(`   Your wallet: ${wallet.address}`);
-        console.log(`   ETH Price: $${ethPrice}`);
-        // Check if already purchased
-        const entitlements = loadEntitlements();
-        const existing = entitlements.find((e) => e.agentId === agent.agent_id);
-        if (existing) {
+        console.log(`   Price: $${priceUsd.toFixed(2)} USDC`);
+        console.log(`   Your wallet: ${walletAddress}`);
+        // Check local entitlements first (skip API call if already purchased)
+        const localEntitlements = loadEntitlements();
+        const localEntitlement = localEntitlements.find((e) => e.agentId === agent.agent_id);
+        if (localEntitlement) {
             console.log('\n✓ Already purchased! Using existing entitlement.');
-            entitlementToken = existing.token;
-            expiresAt = existing.expiresAt;
+            entitlementToken = localEntitlement.token;
+            expiresAt = localEntitlement.expiresAt;
         }
-        else {
-            let txHash = options.txHash;
-            // Direct payment with --pay flag
-            if (options.pay && !txHash) {
-                const payoutAddress = agent.publisher.payout_address;
-                if (!payoutAddress) {
-                    console.log('\n❌ Publisher has no payout address configured.');
-                    console.log('   Contact the publisher or use --tx-hash with manual payment.');
+        // If no local entitlement, check server
+        if (!entitlementToken) {
+            const accessResult = await getPaymentRequired(agent.agent_id, walletAddress);
+            if (accessResult.status === 'error') {
+                console.log(`\n❌ Access check failed: ${accessResult.error}`);
+                process.exit(1);
+            }
+            if (accessResult.status === 'granted' && accessResult.entitlement) {
+                console.log('\n✓ Already purchased! Using existing entitlement.');
+                entitlementToken = accessResult.entitlement.token;
+                expiresAt = accessResult.entitlement.expires_at;
+            }
+        }
+        if (!entitlementToken) {
+            // Need to pay — fetch 402 details
+            const accessResult = await getPaymentRequired(agent.agent_id, walletAddress);
+            if (accessResult.status !== 'payment_required') {
+                if (accessResult.status === 'granted') {
+                    console.log('\n✓ Access granted (no payment needed).');
+                }
+                else {
+                    console.log(`\n❌ Unexpected access status: ${accessResult.status}`);
                     process.exit(1);
                 }
-                // Check balance and trigger funding if needed
+            }
+            else {
+                const paymentRequired = accessResult.payment;
+                // Check USDC balance
                 try {
                     const balance = await getWalletBalance();
-                    console.log(`\n   Your balance: ${balance.eth} ETH ($${balance.usd})`);
-                    // Auto-trigger funding flow if insufficient balance
-                    if (balance.usd < getPriceUsd(agent.pricing)) {
-                        console.log(`\n⚠️  Insufficient balance. Need $${getPriceUsd(agent.pricing)}, have $${balance.usd}`);
-                        const funded = await triggerFundingFlow(getPriceUsd(agent.pricing));
+                    const requiredRaw = parseUsdc(paymentRequired.amount);
+                    console.log(`   Your USDC balance: $${balance.usdc}`);
+                    if (balance.usdcRaw < requiredRaw) {
+                        console.log(`\n⚠️  Insufficient USDC. Need $${paymentRequired.amount}, have $${balance.usdc}`);
+                        const funded = await triggerFundingFlow(priceUsd);
                         if (!funded) {
                             process.exit(1);
                         }
                         // Re-check balance after funding
                         const newBalance = await getWalletBalance();
-                        console.log(`   New balance: ${newBalance.eth} ETH ($${newBalance.usd})`);
-                        if (newBalance.usd < getPriceUsd(agent.pricing)) {
-                            console.log(`\n❌ Still insufficient. Need $${getPriceUsd(agent.pricing)}, have $${newBalance.usd}`);
+                        console.log(`   New USDC balance: $${newBalance.usdc}`);
+                        if (newBalance.usdcRaw < requiredRaw) {
+                            console.log(`\n❌ Still insufficient. Need $${paymentRequired.amount}, have $${newBalance.usdc}`);
                             process.exit(1);
                         }
                     }
@@ -651,47 +732,53 @@ async function installAgent(agentId, options) {
                     console.log(`\n❌ Could not check balance: ${error instanceof Error ? error.message : error}`);
                     process.exit(1);
                 }
-                // Confirm payment
+                // Check spend limits
+                const config = loadWalletConfig();
+                const txHistory = loadTxHistory();
+                const limitCheck = checkSpendLimit(priceUsd, config, txHistory);
+                if (!limitCheck.allowed) {
+                    console.log(`\n❌ Spend limit exceeded: ${limitCheck.reason}`);
+                    process.exit(1);
+                }
+                // Confirm payment (skip with --yes or --pay)
                 if (!options.yes) {
-                    const confirm = await prompt(`\nPay $${getPriceUsd(agent.pricing)} (~${priceEth.toFixed(6)} ETH) to ${payoutAddress.slice(0, 10)}...? (y/n) `);
+                    const confirm = await prompt(`\nPay $${paymentRequired.amount} USDC for "${agent.name}"? (y/n) `);
                     if (confirm !== 'y' && confirm !== 'yes') {
                         console.log('Payment cancelled.');
                         process.exit(0);
                     }
                 }
-                // Send payment
-                try {
-                    console.log('\n🔄 Processing payment...');
-                    const payment = await sendAgentPayment({
-                        to: payoutAddress,
-                        amountUsd: getPriceUsd(agent.pricing),
-                        agentId: agent.agent_id,
-                    });
-                    txHash = payment.txHash;
-                    console.log(`✓ Payment sent: ${txHash}`);
+                // Sign the EIP-3009 authorization
+                const privateKey = await loadPrivateKey();
+                if (!privateKey) {
+                    console.log('\n❌ Could not load wallet private key');
+                    process.exit(1);
                 }
-                catch (error) {
-                    console.log(`\n❌ Payment failed: ${error instanceof Error ? error.message : error}`);
+                console.log('\n🔐 Signing USDC authorization...');
+                const authorization = await signTransferAuthorization(paymentRequired, privateKey, walletAddress);
+                // Submit to API for facilitator relay
+                console.log('🔄 Processing payment via x402...');
+                const result = await submitX402Payment(agent.agent_id, walletAddress, paymentRequired, authorization);
+                if (!result) {
+                    console.log('❌ Payment processing failed.');
                     process.exit(1);
                 }
+                entitlementToken = result.entitlement_token;
+                expiresAt = null;
+                console.log('✓ Payment confirmed! (gasless USDC via x402)');
+                // Record in local tx history
+                const txProof = result.proof;
+                txHistory.push({
+                    txHash: txProof?.tx_hash || 'x402-' + Date.now(),
+                    to: paymentRequired.payTo,
+                    amountUsdc: paymentRequired.amount,
+                    amountUsd: priceUsd,
+                    agentId: agent.agent_id,
+                    timestamp: new Date().toISOString(),
+                    status: 'confirmed',
+                });
+                saveTxHistory(txHistory);
             }
-            // Verify payment with API
-            if (!txHash) {
-                console.log('\n💳 Payment options:');
-                console.log('   1. Auto-pay: agentstore install ' + agent.agent_id + ' --pay');
-                console.log('   2. Manual:   Send ' + priceEth.toFixed(6) + ' ETH to ' + (agent.publisher.payout_address || '[publisher]'));
-                console.log('                Then: agentstore install ' + agent.agent_id + ' --tx-hash 0x...');
-                process.exit(1);
-            }
-            console.log('\nVerifying payment with marketplace...');
-            const purchase = await purchaseAgent(agent.agent_id, wallet.address, txHash);
-            if (!purchase) {
-                console.log('❌ Payment verification failed.');
-                process.exit(1);
-            }
-            entitlementToken = purchase.entitlement_token;
-            expiresAt = purchase.expires_at;
-            console.log('✓ Payment verified!');
         }
     }
     console.log('\nInstalling...');
@@ -890,9 +977,8 @@ program
 program
     .command('install <agent_id>')
     .description('Install an agent from the marketplace')
-    .option('-y, --yes', 'Skip confirmation / force reinstall')
-    .option('--pay', 'Pay for agent directly from wallet')
-    .option('--tx-hash <hash>', 'Transaction hash for manual payment verification')
+    .option('-y, --yes', 'Skip confirmation / auto-confirm payment')
+    .option('--pay', 'Auto-confirm payment (alias for --yes)')
     .action(installAgent);
 program
     .command('list')
@@ -952,7 +1038,7 @@ program
             console.log();
         }
         console.log('Install with: agentstore install <agent_id>');
-        console.log('For paid agents: agentstore install <agent_id> --pay');
+        console.log('Paid agents prompt for USDC payment automatically.');
     }
     catch (error) {
         console.error(`Error: ${error instanceof Error ? error.message : error}`);
@@ -978,8 +1064,11 @@ walletCmd
         const { address } = await createNewWallet();
         console.log('\n✅ Wallet created!');
         console.log(`\nAddress: ${address}`);
-        console.log('\n⚠️  Fund this address with ETH to purchase paid agents.');
-        console.log('   Use any exchange or wallet to send ETH to this address.');
+        console.log('\n⚠️  Fund this address with USDC to purchase paid agents.');
+        console.log('   Options:');
+        console.log('   1. Buy with card: agentstore wallet fund');
+        console.log(`   2. Send USDC (Ethereum) from any wallet to: ${address}`);
+        console.log('   3. Import existing wallet: agentstore wallet import');
     }
     catch (error) {
         console.error(`Error: ${error instanceof Error ? error.message : error}`);
@@ -988,7 +1077,7 @@ walletCmd
 });
 walletCmd
     .command('balance')
-    .description('Show wallet balance')
+    .description('Show wallet USDC balance')
     .action(async () => {
     try {
         if (!walletExists()) {
@@ -996,10 +1085,11 @@ walletCmd
             process.exit(1);
         }
         const config = loadWalletConfig();
-        console.log(`\nAddress: ${config?.address}`);
-        console.log('Fetching balance...');
+        console.log(`\nWallet: ${config?.address}`);
+        console.log('Fetching USDC balance...');
         const balance = await getWalletBalance();
-        console.log(`\n💰 Balance: ${balance.eth} ETH (~$${balance.usd})`);
+        console.log(`USDC Balance: $${balance.usdc}`);
+        console.log('Network: Ethereum Mainnet');
         // Show spending stats
         const txHistory = loadTxHistory();
         const oneDayAgo = Date.now() - 24 * 60 * 60 * 1000;
@@ -1041,7 +1131,7 @@ walletCmd
             const date = new Date(tx.timestamp).toLocaleDateString();
             const statusIcon = tx.status === 'confirmed' ? '✓' : tx.status === 'pending' ? '⏳' : '✗';
             console.log(`  ${statusIcon} ${date} | ${tx.agentId}`);
-            console.log(`    ${tx.amountEth} ETH ($${tx.amountUsd}) → ${tx.to.slice(0, 10)}...`);
+            console.log(`    $${tx.amountUsdc || tx.amountUsd} USDC → ${tx.to.slice(0, 10)}...`);
             console.log(`    ${tx.txHash.slice(0, 20)}...`);
             console.log();
         }
@@ -1068,12 +1158,52 @@ walletCmd
         process.exit(1);
     }
 });
+walletCmd
+    .command('import')
+    .description('Import an existing wallet by private key')
+    .action(async () => {
+    try {
+        if (walletExists()) {
+            console.log('Wallet already exists. Delete ~/.agentstore/wallet.* files to import a new one.');
+            process.exit(1);
+        }
+        const key = await promptSecret('Enter private key (0x...): ');
+        if (!key.startsWith('0x') || key.length !== 66) {
+            console.log('Invalid private key format. Must be a 0x-prefixed 64-character hex string.');
+            process.exit(1);
+        }
+        ensureDirectories();
+        const account = privateKeyToAccount(key);
+        const config = {
+            address: account.address,
+            createdAt: new Date().toISOString(),
+            network: 'mainnet',
+            rpcEndpoint: ETHEREUM_RPC,
+            spendLimits: { perTransaction: 100, daily: 500, weekly: 2000 },
+            allowedPublishers: [],
+        };
+        const password = await getOrCreatePassword();
+        const encrypted = encryptKey(key, password);
+        fs.writeFileSync(KEYSTORE_FILE, JSON.stringify(encrypted), { mode: 0o600 });
+        fs.writeFileSync(WALLET_FILE, JSON.stringify(config, null, 2), { mode: 0o600 });
+        fs.writeFileSync(TX_HISTORY_FILE, JSON.stringify([]), { mode: 0o600 });
+        // Show USDC balance
+        const usdcRaw = await getUsdcBalance(account.address);
+        console.log(`\n✅ Wallet imported!`);
+        console.log(`   Address: ${account.address}`);
+        console.log(`   USDC Balance: $${formatUsdc(usdcRaw)}`);
+    }
+    catch (error) {
+        console.error(`Error: ${error instanceof Error ? error.message : error}`);
+        process.exit(1);
+    }
+});
 walletCmd
     .command('fund')
-    .description('Fund your wallet with a credit card via Coinbase')
+    .description('Fund your wallet with USDC')
     .option('-a, --amount <usd>', 'Amount in USD to purchase', parseFloat)
     .option('--no-open', 'Print URL instead of opening browser')
-    .option('--wait', 'Wait and poll for funds to arrive')
+    .option('--wait', 'Wait and poll for USDC to arrive')
     .action(async (options) => {
     try {
         if (!walletExists()) {
@@ -1085,23 +1215,19 @@ walletCmd
             console.log('Failed to load wallet config');
             process.exit(1);
         }
-        console.log('\n💳 Coinbase Onramp - Fund Your Wallet\n');
+        console.log('\n💳 Fund Your Wallet with USDC\n');
         console.log(`   Wallet: ${config.address}`);
-        // Get initial balance for comparison
+        // Get initial USDC balance for comparison
         let initialBalance;
-        if (options.wait) {
-            try {
-                initialBalance = await publicClient.getBalance({
-                    address: config.address,
-                });
-                console.log(`   Current balance: ${formatEther(initialBalance)} ETH`);
-            }
-            catch {
-                // Ignore balance fetch errors
-            }
+        try {
+            initialBalance = await getUsdcBalance(config.address);
+            console.log(`   Current USDC: $${formatUsdc(initialBalance)}`);
+        }
+        catch {
+            // Ignore balance fetch errors
         }
         if (options.amount) {
-            console.log(`   Amount: $${options.amount} USD`);
+            console.log(`   Amount: $${options.amount} USDC`);
         }
         console.log('\n🔄 Generating secure onramp session...');
         // Call API to get onramp URL
@@ -1111,38 +1237,22 @@ walletCmd
             body: JSON.stringify({
                 wallet_address: config.address,
                 amount_usd: options.amount,
+                asset: 'USDC',
             }),
         });
         const result = await response.json();
         if (!response.ok || !result.success) {
-            // Handle fallback for when CDP credentials aren't configured
-            if (result.manual_instructions) {
-                console.log('\n⚠️  Coinbase Onramp not configured on server.\n');
-                console.log('   Manual funding instructions:');
-                console.log(`   1. ${result.manual_instructions.step1}`);
-                console.log(`   2. ${result.manual_instructions.step2}`);
-                console.log(`   3. ${result.manual_instructions.step3}`);
-                console.log(`\n   Your wallet address: ${config.address}`);
-            }
-            else {
-                console.log(`\n❌ Error: ${result.error || result.message || 'Unknown error'}`);
-                if (result.fallback) {
-                    console.log(`\n   ${result.fallback.message}`);
-                    console.log(`   1. ${result.fallback.step1}`);
-                    console.log(`   2. ${result.fallback.step2}`);
-                }
-            }
+            console.log('\n⚠️  Coinbase Onramp unavailable.\n');
+            showFundingOptions(config.address, options.amount || 10);
             process.exit(1);
         }
         const onrampUrl = result.onramp_url;
         if (options.open === false) {
-            // Just print the URL
             console.log('\n✅ Onramp URL generated:\n');
             console.log(`   ${onrampUrl}\n`);
-            console.log('   Open this URL in your browser to complete the purchase.');
+            console.log('   Open this URL in your browser to purchase USDC.');
         }
         else {
-            // Open in default browser
             console.log('\n🌐 Opening Coinbase in your browser...\n');
             const { exec } = await import('child_process');
             const openCmd = process.platform === 'darwin'
@@ -1156,38 +1266,35 @@ walletCmd
                     console.log(`   ${onrampUrl}\n`);
                 }
             });
-            console.log('   Complete the purchase in your browser.');
-            console.log('   ETH will be sent to your wallet within a few minutes.\n');
+            console.log('   Complete the USDC purchase in your browser.');
+            console.log('   USDC will arrive in your wallet within a few minutes.\n');
+            showFundingOptionsShort(config.address);
         }
-        // Poll for balance changes if --wait flag is set
+        // Poll for USDC balance changes if --wait flag is set
         if (options.wait && initialBalance !== undefined) {
-            console.log('⏳ Waiting for funds to arrive (Ctrl+C to cancel)...\n');
+            console.log('\n⏳ Waiting for USDC to arrive (Ctrl+C to cancel)...\n');
             const startTime = Date.now();
             const maxWaitTime = 10 * 60 * 1000; // 10 minutes
             const pollInterval = 15 * 1000; // 15 seconds
             while (Date.now() - startTime < maxWaitTime) {
                 await new Promise((resolve) => setTimeout(resolve, pollInterval));
                 try {
-                    const currentBalance = await publicClient.getBalance({
-                        address: config.address,
-                    });
+                    const currentBalance = await getUsdcBalance(config.address);
                     if (currentBalance > initialBalance) {
                         const added = currentBalance - initialBalance;
-                        const ethPrice = await getEthPrice();
-                        const addedUsd = parseFloat(formatEther(added)) * ethPrice;
-                        console.log('✅ Funds received!\n');
-                        console.log(`   Added: ${formatEther(added)} ETH (~$${addedUsd.toFixed(2)})`);
-                        console.log(`   New balance: ${formatEther(currentBalance)} ETH`);
+                        console.log('\n✅ USDC received!\n');
+                        console.log(`   Added: $${formatUsdc(added)} USDC`);
+                        console.log(`   New balance: $${formatUsdc(currentBalance)} USDC`);
                         process.exit(0);
                     }
                     const elapsed = Math.floor((Date.now() - startTime) / 1000);
-                    process.stdout.write(`\r   Checking... (${elapsed}s elapsed)`);
+                    process.stdout.write(`\r   Checking USDC... (${elapsed}s elapsed)`);
                 }
                 catch {
                     // Ignore individual poll errors
                 }
             }
-            console.log('\n\n⚠️  Timed out waiting for funds.');
+            console.log('\n\n⚠️  Timed out waiting for USDC.');
             console.log('   Funds may still arrive - check your balance later with:');
             console.log('   agentstore wallet balance\n');
         }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "agentstore",
-  "version": "1.0.1",
+  "version": "1.0.3",
   "description": "AgentStore CLI - Browse, install, and pay for Claude Code agents",
   "type": "module",
   "main": "dist/index.js",