ardabot 0.1.0

package/LICENSE

@@ -0,0 +1,14 @@
+Copyright (c) 2025 r4v3n LLC. All rights reserved.
+
+This software and associated documentation files (the "Software") are the
+proprietary property of r4v3n LLC. No part of the Software may be reproduced,
+distributed, modified, or transmitted in any form or by any means without the
+prior written permission of r4v3n LLC.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/index.js

@@ -0,0 +1,1161 @@
+#!/usr/bin/env node
+
+// src/index.ts
+import { Command } from "commander";
+
+// src/commands/login.ts
+import { createInterface } from "readline/promises";
+import chalk from "chalk";
+import ora from "ora";
+
+// src/config.ts
+import Conf from "conf";
+var DEFAULT_API_URL = true ? "https://bot.ardabot.ai" : "https://bot.ardabot.ai";
+var store = new Conf({
+  projectName: "arda",
+  defaults: {
+    apiUrl: DEFAULT_API_URL
+  }
+});
+function getApiUrl() {
+  return store.get("apiUrl");
+}
+function getJwt() {
+  return store.get("jwt");
+}
+function setJwt(jwt) {
+  store.set("jwt", jwt);
+}
+function getApiKey() {
+  return store.get("apiKey");
+}
+function setApiKey(key) {
+  store.set("apiKey", key);
+}
+function setInstanceId(id) {
+  store.set("instanceId", id);
+}
+function clearAll() {
+  store.clear();
+  store.set("apiUrl", DEFAULT_API_URL);
+}
+var GATE_COOKIE_MAX_AGE_MS = 7 * 24 * 60 * 60 * 1e3;
+function getGateCookie() {
+  const cookie = store.get("gateCookie");
+  if (cookie === void 0) {
+    return void 0;
+  }
+  const match = /=(\d+)\./.exec(cookie);
+  if (match?.[1]) {
+    const ts = parseInt(match[1], 10);
+    if (!isNaN(ts) && Date.now() - ts > GATE_COOKIE_MAX_AGE_MS) {
+      store.delete("gateCookie");
+      return void 0;
+    }
+  }
+  return cookie;
+}
+function setGateCookie(cookie) {
+  store.set("gateCookie", cookie);
+}
+function hasCredentials() {
+  return store.get("apiKey") !== void 0;
+}
+
+// src/api/client.ts
+var GateVerifyError = class extends Error {
+  status;
+  constructor(message, status) {
+    super(message);
+    this.name = "GateVerifyError";
+    this.status = status;
+  }
+};
+var ApiClient = class {
+  baseUrl;
+  jwt;
+  apiKey;
+  gateCookie;
+  constructor(options) {
+    this.baseUrl = options?.baseUrl ?? getApiUrl();
+    this.jwt = options?.jwt ?? getJwt();
+    this.apiKey = options?.apiKey ?? getApiKey();
+    this.gateCookie = getGateCookie();
+  }
+  jwtHeaders() {
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.jwt) {
+      headers["Authorization"] = `Bearer ${this.jwt}`;
+    }
+    if (this.gateCookie) {
+      headers["Cookie"] = this.gateCookie;
+    }
+    return headers;
+  }
+  apiKeyHeaders() {
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.apiKey) {
+      headers["Authorization"] = `Bearer ${this.apiKey}`;
+    }
+    return headers;
+  }
+  authHeaders() {
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.gateCookie) {
+      headers["Cookie"] = this.gateCookie;
+    }
+    return headers;
+  }
+  // =========================================================================
+  // Gate endpoints (staging TOTP protection)
+  // =========================================================================
+  async getGateStatus() {
+    const headers = {};
+    if (this.gateCookie) {
+      headers["Cookie"] = this.gateCookie;
+    }
+    const res = await fetch(`${this.baseUrl}/gate/status`, { headers });
+    if (!res.ok) {
+      throw new Error("Failed to check gate status");
+    }
+    return await res.json();
+  }
+  /**
+   * Verify an access code (TOTP or promo) for gate access.
+   * Returns the raw Set-Cookie header value and the verification type.
+   */
+  async verifyGate(code) {
+    const res = await fetch(`${this.baseUrl}/gate/verify`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ code }),
+      redirect: "manual"
+    });
+    if (!res.ok) {
+      const body = await res.json();
+      throw new GateVerifyError(body.error ?? "Invalid code", res.status);
+    }
+    const data = await res.json();
+    const setCookie = res.headers.get("set-cookie");
+    if (!setCookie) {
+      throw new Error("Gate verification succeeded but no session cookie received");
+    }
+    const cookieValue = setCookie.split(";")[0];
+    if (!cookieValue) {
+      throw new Error("Invalid cookie format from gate verification");
+    }
+    this.gateCookie = cookieValue;
+    const result = {
+      cookie: cookieValue,
+      type: data.type
+    };
+    if (data.promoCode !== void 0) {
+      result.promoCode = data.promoCode;
+    }
+    return result;
+  }
+  // =========================================================================
+  // Auth endpoints (no auth required, but may need gate cookie)
+  // =========================================================================
+  async sendSmsCode(phoneNumber) {
+    const res = await fetch(`${this.baseUrl}/api/v1/auth/sms/send`, {
+      method: "POST",
+      headers: this.authHeaders(),
+      body: JSON.stringify({ phoneNumber })
+    });
+    if (!res.ok) {
+      const err = await res.json();
+      throw new Error(err.error.message);
+    }
+    return await res.json();
+  }
+  async verifySmsCode(phoneNumber, code) {
+    const res = await fetch(`${this.baseUrl}/api/v1/auth/sms/verify`, {
+      method: "POST",
+      headers: this.authHeaders(),
+      body: JSON.stringify({ phoneNumber, code })
+    });
+    if (!res.ok) {
+      const err = await res.json();
+      if (err.error.type === "gate_required") {
+        return { gateRequired: true };
+      }
+      throw new Error(err.error.message);
+    }
+    return await res.json();
+  }
+  /**
+   * Verify a Telegram CLI linking code.
+   * Returns a JWT token or indicates gate verification is required.
+   */
+  async verifyTelegramLinkCode(code) {
+    const res = await fetch(`${this.baseUrl}/api/v1/auth/telegram/cli-verify`, {
+      method: "POST",
+      headers: this.authHeaders(),
+      body: JSON.stringify({ code })
+    });
+    if (!res.ok) {
+      const err = await res.json();
+      if (err.error.type === "gate_required") {
+        return { gateRequired: true };
+      }
+      throw new Error(err.error.message);
+    }
+    return await res.json();
+  }
+  /**
+   * Create an anonymous account via CLI-only signup.
+   * Returns a JWT token or indicates gate verification is required.
+   */
+  async cliSignup() {
+    const res = await fetch(`${this.baseUrl}/api/v1/auth/cli`, {
+      method: "POST",
+      headers: this.authHeaders()
+    });
+    if (!res.ok) {
+      const err = await res.json();
+      if (err.error.type === "gate_required") {
+        return { gateRequired: true };
+      }
+      throw new Error(err.error.message);
+    }
+    return await res.json();
+  }
+  // =========================================================================
+  // Account endpoints (JWT auth)
+  // =========================================================================
+  /**
+   * Get current account info for polling subscription/instance status.
+   */
+  async getAccount() {
+    const res = await fetch(`${this.baseUrl}/api/v1/account`, {
+      headers: this.jwtHeaders()
+    });
+    if (!res.ok) {
+      const err = await res.json();
+      throw new Error(err.error.message);
+    }
+    return await res.json();
+  }
+  /**
+   * Start free trial - returns Stripe checkout URL.
+   */
+  async startTrial() {
+    const res = await fetch(`${this.baseUrl}/api/v1/account/start-trial`, {
+      method: "POST",
+      headers: this.jwtHeaders()
+    });
+    if (!res.ok) {
+      const err = await res.json();
+      throw new Error(err.error.message);
+    }
+    return await res.json();
+  }
+  /**
+   * Redeem a promo code.
+   */
+  async redeemPromo(code) {
+    const res = await fetch(`${this.baseUrl}/api/v1/promo/redeem`, {
+      method: "POST",
+      headers: this.jwtHeaders(),
+      body: JSON.stringify({ code })
+    });
+    if (!res.ok) {
+      const err = await res.json();
+      throw new Error(err.error.message);
+    }
+    return await res.json();
+  }
+  // =========================================================================
+  // Device management endpoints (JWT auth)
+  // =========================================================================
+  /**
+   * List linked devices (auth methods).
+   */
+  async getDevices() {
+    const res = await fetch(`${this.baseUrl}/api/v1/account/devices`, {
+      headers: this.jwtHeaders()
+    });
+    if (!res.ok) {
+      const err = await res.json();
+      throw new Error(err.error.message);
+    }
+    const data = await res.json();
+    return data.devices;
+  }
+  /**
+   * Send SMS code for device linking.
+   */
+  async sendDeviceSmsCode(phoneNumber) {
+    const res = await fetch(`${this.baseUrl}/api/v1/account/devices/sms/send`, {
+      method: "POST",
+      headers: this.jwtHeaders(),
+      body: JSON.stringify({ phoneNumber })
+    });
+    if (!res.ok) {
+      const err = await res.json();
+      throw new Error(err.error.message);
+    }
+    return await res.json();
+  }
+  /**
+   * Verify SMS code and link device.
+   */
+  async verifyDeviceSmsCode(phoneNumber, code) {
+    const res = await fetch(`${this.baseUrl}/api/v1/account/devices/sms/verify`, {
+      method: "POST",
+      headers: this.jwtHeaders(),
+      body: JSON.stringify({ phoneNumber, code })
+    });
+    if (!res.ok) {
+      const err = await res.json();
+      throw new Error(err.error.message);
+    }
+    return await res.json();
+  }
+  /**
+   * Verify Telegram linking code and link device.
+   */
+  async verifyDeviceTelegram(code) {
+    const res = await fetch(`${this.baseUrl}/api/v1/account/devices/telegram/verify`, {
+      method: "POST",
+      headers: this.jwtHeaders(),
+      body: JSON.stringify({ code })
+    });
+    if (!res.ok) {
+      const err = await res.json();
+      throw new Error(err.error.message);
+    }
+    return await res.json();
+  }
+  /**
+   * Unlink a device.
+   */
+  async unlinkDevice(id) {
+    const res = await fetch(`${this.baseUrl}/api/v1/account/devices/${id}`, {
+      method: "DELETE",
+      headers: this.jwtHeaders()
+    });
+    if (!res.ok) {
+      const err = await res.json();
+      throw new Error(err.error.message);
+    }
+    return await res.json();
+  }
+  // =========================================================================
+  // Instance endpoints (JWT auth)
+  // =========================================================================
+  async getInstance() {
+    const res = await fetch(`${this.baseUrl}/api/v1/instance`, {
+      headers: this.jwtHeaders()
+    });
+    if (res.status === 404) {
+      return null;
+    }
+    if (!res.ok) {
+      const err = await res.json();
+      throw new Error(err.error.message);
+    }
+    return await res.json();
+  }
+  async createApiKeyForInstance(name) {
+    const res = await fetch(`${this.baseUrl}/api/v1/instance/api-keys`, {
+      method: "POST",
+      headers: this.jwtHeaders(),
+      body: JSON.stringify({ name })
+    });
+    if (!res.ok) {
+      const err = await res.json();
+      throw new Error(err.error.message);
+    }
+    return await res.json();
+  }
+  // =========================================================================
+  // Agent endpoints (API key auth)
+  // =========================================================================
+  async getAgentStatus() {
+    const res = await fetch(`${this.baseUrl}/api/v1/agent/status`, {
+      headers: this.apiKeyHeaders()
+    });
+    if (!res.ok) {
+      const err = await res.json();
+      throw new Error(err.error.message);
+    }
+    return await res.json();
+  }
+  async getAgentSettings() {
+    const res = await fetch(`${this.baseUrl}/api/v1/agent/settings`, {
+      headers: this.apiKeyHeaders()
+    });
+    if (!res.ok) {
+      const err = await res.json();
+      throw new Error(err.error.message);
+    }
+    return await res.json();
+  }
+  async chat(message, sessionId) {
+    const res = await fetch(`${this.baseUrl}/api/v1/agent/chat`, {
+      method: "POST",
+      headers: this.apiKeyHeaders(),
+      body: JSON.stringify({ message, sessionId })
+    });
+    if (!res.ok) {
+      const err = await res.json();
+      throw new Error(err.error.message);
+    }
+    return await res.json();
+  }
+  async chatStream(message, sessionId) {
+    const res = await fetch(`${this.baseUrl}/api/v1/agent/chat/stream`, {
+      method: "POST",
+      headers: this.apiKeyHeaders(),
+      body: JSON.stringify({ message, sessionId })
+    });
+    if (!res.ok) {
+      const err = await res.json();
+      throw new Error(err.error.message);
+    }
+    if (res.body === null) {
+      throw new Error("Empty response body from stream endpoint");
+    }
+    return res.body;
+  }
+  setJwt(jwt) {
+    this.jwt = jwt;
+  }
+  setApiKey(apiKey) {
+    this.apiKey = apiKey;
+  }
+};
+
+// src/commands/login.ts
+function prompt(rl, question) {
+  return rl.question(question);
+}
+async function loginCommand(options) {
+  const rl = createInterface({ input: process.stdin, output: process.stdout });
+  try {
+    const baseUrl = options.url ?? getApiUrl();
+    const client = new ApiClient({ baseUrl });
+    console.log(chalk.bold("\n  Welcome to Arda\n"));
+    const gateResult = await handleGateIfNeeded(rl, client);
+    if (!gateResult.passed) {
+      return;
+    }
+    const promoCode = options.promo ?? gateResult.promoCode;
+    const action = await promptChoice(rl, "What would you like to do?", [
+      "Link existing account",
+      "Sign up"
+    ]);
+    if (action === null) return;
+    const authOptions = action === 2 ? ["SMS", "Telegram", "CLI only"] : ["SMS", "Telegram"];
+    const authMethod = await promptChoice(rl, "How would you like to verify?", authOptions);
+    if (authMethod === null) return;
+    let jwt;
+    const isAnonymous = action === 2 && authMethod === 3;
+    if (authMethod === 1) {
+      const result = await authenticateViaSms(rl, client);
+      if (result === null) return;
+      jwt = result.jwt;
+    } else if (authMethod === 2) {
+      const result = await authenticateViaTelegram(rl, client);
+      if (result === null) return;
+      jwt = result.jwt;
+    } else {
+      const result = await authenticateViaCli(rl, client);
+      if (result === null) return;
+      jwt = result.jwt;
+    }
+    client.setJwt(jwt);
+    setJwt(jwt);
+    if (action === 1) {
+      await handleLinkExisting(client);
+    } else {
+      await handleSignUp(rl, client, promoCode, isAnonymous);
+    }
+    console.log(chalk.green("\nYou're ready to go! Run `ardabot chat` to talk to your agent.\n"));
+  } finally {
+    rl.close();
+  }
+}
+async function authenticateViaSms(rl, client) {
+  const phoneNumber = await prompt(rl, "Phone number (e.g. +1234567890):\n");
+  if (!phoneNumber.startsWith("+")) {
+    console.log(chalk.red("Please include your country code (e.g. +1 for US)"));
+    return null;
+  }
+  const sendSpinner = ora({ text: "Sending you a code...", discardStdin: false }).start();
+  try {
+    await client.sendSmsCode(phoneNumber);
+    sendSpinner.succeed("Code sent! Check your messages.");
+  } catch (err) {
+    sendSpinner.fail("Couldn't send the code");
+    console.log(chalk.red(err.message));
+    return null;
+  }
+  const code = await prompt(rl, "Enter the 6-digit code:\n");
+  if (!/^\d{6}$/.test(code)) {
+    console.log(chalk.red("That doesn't look right \u2014 enter the 6-digit code from your SMS."));
+    return null;
+  }
+  const verifySpinner = ora({ text: "Checking...", discardStdin: false }).start();
+  try {
+    const result = await client.verifySmsCode(phoneNumber, code);
+    if ("gateRequired" in result) {
+      verifySpinner.fail("Access verification needed");
+      console.log(chalk.yellow("This environment requires access verification for new signups."));
+      rl.resume();
+      const gateResult = await handleGateIfNeeded(rl, client, true);
+      if (!gateResult.passed) return null;
+      const retrySpinner = ora({ text: "Trying again...", discardStdin: false }).start();
+      const retryResult = await client.verifySmsCode(phoneNumber, code);
+      if ("gateRequired" in retryResult) {
+        retrySpinner.fail("Still need access verification \u2014 please try again later.");
+        return null;
+      }
+      retrySpinner.succeed(retryResult.isNew ? "Account created \u2014 welcome!" : "Welcome back!");
+      return { jwt: retryResult.token, isNew: retryResult.isNew };
+    }
+    verifySpinner.succeed(result.isNew ? "Account created \u2014 welcome!" : "Welcome back!");
+    return { jwt: result.token, isNew: result.isNew };
+  } catch (err) {
+    verifySpinner.fail("Couldn't verify that code");
+    console.log(chalk.red(err.message));
+    return null;
+  }
+}
+async function authenticateViaTelegram(rl, client) {
+  console.log(
+    chalk.cyan("\nSend /link to @ArdaBot on Telegram, then enter the code below.\n")
+  );
+  const code = await prompt(rl, "Linking code:\n");
+  if (!/^[A-Za-z0-9]{6}$/.test(code)) {
+    console.log(chalk.red("That doesn't look right \u2014 enter the 6-character code from Telegram."));
+    return null;
+  }
+  const verifySpinner = ora({ text: "Checking...", discardStdin: false }).start();
+  try {
+    const result = await client.verifyTelegramLinkCode(code.toUpperCase());
+    if ("gateRequired" in result) {
+      verifySpinner.fail("Access verification needed");
+      console.log(chalk.yellow("This environment requires access verification for new signups."));
+      rl.resume();
+      const gateResult = await handleGateIfNeeded(rl, client, true);
+      if (!gateResult.passed) return null;
+      const retrySpinner = ora({ text: "Trying again...", discardStdin: false }).start();
+      const retryResult = await client.verifyTelegramLinkCode(code.toUpperCase());
+      if ("gateRequired" in retryResult) {
+        retrySpinner.fail("Still need access verification \u2014 please try again later.");
+        return null;
+      }
+      retrySpinner.succeed(retryResult.isNew ? "Account created \u2014 welcome!" : "Welcome back!");
+      return { jwt: retryResult.token, isNew: retryResult.isNew };
+    }
+    verifySpinner.succeed(result.isNew ? "Account created \u2014 welcome!" : "Welcome back!");
+    return { jwt: result.token, isNew: result.isNew };
+  } catch (err) {
+    verifySpinner.fail("Couldn't verify that code");
+    console.log(chalk.red(err.message));
+    return null;
+  }
+}
+async function authenticateViaCli(rl, client) {
+  const spinner = ora({ text: "Creating account...", discardStdin: false }).start();
+  try {
+    const result = await client.cliSignup();
+    if ("gateRequired" in result) {
+      spinner.fail("Access verification needed");
+      console.log(chalk.yellow("This environment requires access verification for new signups."));
+      rl.resume();
+      const gateResult = await handleGateIfNeeded(rl, client, true);
+      if (!gateResult.passed) return null;
+      const retrySpinner = ora({ text: "Trying again...", discardStdin: false }).start();
+      const retryResult = await client.cliSignup();
+      if ("gateRequired" in retryResult) {
+        retrySpinner.fail("Still need access verification \u2014 please try again later.");
+        return null;
+      }
+      retrySpinner.succeed("Account created \u2014 welcome!");
+      return { jwt: retryResult.token };
+    }
+    spinner.succeed("Account created \u2014 welcome!");
+    return { jwt: result.token };
+  } catch (err) {
+    spinner.fail("Couldn't create account");
+    console.log(chalk.red(err.message));
+    return null;
+  }
+}
+async function handleLinkExisting(client) {
+  const instanceSpinner = ora({ text: "Finding your agent...", discardStdin: false }).start();
+  try {
+    const instance = await client.getInstance();
+    if (instance === null) {
+      instanceSpinner.warn("No agent found. Choose Sign up instead to create one.");
+      return;
+    }
+    setInstanceId(instance.id);
+    instanceSpinner.succeed(`Agent found (${instance.podStatus ?? "unknown"})`);
+  } catch (err) {
+    instanceSpinner.fail("Couldn't find your agent");
+    console.log(chalk.red(err.message));
+    return;
+  }
+  await createCliApiKey(client);
+}
+async function handleSignUp(_rl, client, promoCode, isAnonymous = false) {
+  if (promoCode) {
+    const promoSpinner = ora({ text: "Redeeming promo code...", discardStdin: false }).start();
+    try {
+      const result = await client.redeemPromo(promoCode);
+      promoSpinner.succeed(`Promo redeemed! Pro tier until ${result.expiresAtFormatted}.`);
+      setInstanceId(result.instanceId);
+    } catch (err) {
+      promoSpinner.fail("Couldn't redeem promo code");
+      console.log(chalk.red(err.message));
+      return;
+    }
+  } else {
+    const trialSpinner = ora({ text: "Starting trial...", discardStdin: false }).start();
+    try {
+      const { checkoutUrl } = await client.startTrial();
+      trialSpinner.stop();
+      console.log(chalk.bold("\nOpen this link to add a payment method and start your free trial:"));
+      console.log(chalk.cyan(`  ${checkoutUrl}
+`));
+    } catch (err) {
+      trialSpinner.fail("Couldn't start trial");
+      console.log(chalk.red(err.message));
+      return;
+    }
+    const pollSpinner = ora({
+      text: "Waiting for payment... (press Ctrl+C to cancel)",
+      discardStdin: false
+    }).start();
+    const subStatus = await waitForSubscription(client);
+    if (subStatus === null) {
+      pollSpinner.fail("Payment not detected. Complete payment and run `ardabot login` to link.");
+      return;
+    }
+    if (subStatus === "card_rejected") {
+      pollSpinner.fail("This card has already been used for a free trial.");
+      console.log(chalk.yellow("Please use a different card or subscribe directly."));
+      return;
+    }
+    pollSpinner.succeed("Payment confirmed!");
+  }
+  const instanceSpinner = ora({ text: "Waiting for your agent to start...", discardStdin: false }).start();
+  const instanceOk = await waitForInstance(client);
+  if (!instanceOk) {
+    instanceSpinner.warn("Agent is still starting. Run `ardabot login` again once it's ready.");
+    return;
+  }
+  instanceSpinner.succeed("Agent is running!");
+  await createCliApiKey(client, isAnonymous);
+}
+var POLL_INTERVAL_MS = 3e3;
+var POLL_TIMEOUT_MS = 5 * 60 * 1e3;
+async function waitForSubscription(client) {
+  const deadline = Date.now() + POLL_TIMEOUT_MS;
+  while (Date.now() < deadline) {
+    try {
+      const account = await client.getAccount();
+      if (account.subscriptionStatus !== "signup") {
+        return account.subscriptionStatus;
+      }
+    } catch {
+    }
+    await sleep(POLL_INTERVAL_MS);
+  }
+  return null;
+}
+async function waitForInstance(client) {
+  const deadline = Date.now() + POLL_TIMEOUT_MS;
+  while (Date.now() < deadline) {
+    try {
+      const account = await client.getAccount();
+      if (account.instance !== null) {
+        setInstanceId(account.instance.id);
+        if (account.instance.podStatus === "running") {
+          return true;
+        }
+      }
+    } catch {
+    }
+    await sleep(POLL_INTERVAL_MS);
+  }
+  return false;
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+async function createCliApiKey(client, isAnonymous = false) {
+  const keySpinner = ora({ text: "Setting up CLI access...", discardStdin: false }).start();
+  try {
+    const { key } = await client.createApiKeyForInstance("cli");
+    setApiKey(key);
+    keySpinner.succeed("All set!");
+    if (isAnonymous) {
+      console.log();
+      console.log(chalk.yellow.bold("  Important: Save your API key!"));
+      console.log(chalk.yellow("  Your account has no linked phone or Telegram."));
+      console.log(chalk.yellow("  If you lose access, run `ardabot devices` to link one."));
+      console.log();
+      console.log(`  API key: ${chalk.cyan(key)}`);
+      console.log();
+    }
+  } catch (err) {
+    keySpinner.fail("Couldn't set up CLI access");
+    console.log(chalk.red(err.message));
+  }
+}
+async function promptChoice(rl, question, options) {
+  const optionList = options.map((o, i) => `(${i + 1}) ${o}`).join("  ");
+  const answer = await prompt(rl, `${question} ${optionList}
+`);
+  const num = parseInt(answer.trim(), 10);
+  if (isNaN(num) || num < 1 || num > options.length) {
+    console.log(chalk.red(`Please enter a number between 1 and ${options.length}.`));
+    return null;
+  }
+  return num;
+}
+async function handleGateIfNeeded(rl, client, force = false) {
+  const gateSpinner = ora({ text: "Connecting...", discardStdin: false }).start();
+  try {
+    const gateStatus = await client.getGateStatus();
+    if (!gateStatus.gated) {
+      gateSpinner.succeed("Connected");
+      return { passed: true };
+    }
+    if (gateStatus.passed && !force) {
+      gateSpinner.succeed("Connected (staging)");
+      return { passed: true };
+    }
+    gateSpinner.info("We are currently in closed beta. If you have an access code, enter it now.");
+    console.log();
+  } catch {
+    gateSpinner.succeed("Connected");
+    return { passed: true };
+  }
+  const maxAttempts = 3;
+  const maxServerErrors = 2;
+  let serverErrors = 0;
+  for (let attempt = 1; attempt <= maxAttempts; ) {
+    const accessCode = await prompt(rl, "Access code:\n");
+    const trimmed = accessCode.trim();
+    if (trimmed.length === 0) {
+      console.log(chalk.red("Please enter your access code."));
+      continue;
+    }
+    const codeSpinner = ora({ text: "Verifying...", discardStdin: false }).start();
+    try {
+      const result = await client.verifyGate(trimmed);
+      setGateCookie(result.cookie);
+      if (result.type === "promo") {
+        codeSpinner.succeed("Access code accepted!");
+        const gateResult = { passed: true };
+        if (result.promoCode !== void 0) {
+          gateResult.promoCode = result.promoCode;
+        }
+        return gateResult;
+      }
+      codeSpinner.succeed("Access granted");
+      return { passed: true };
+    } catch (err) {
+      const isClientError = err instanceof GateVerifyError && err.status >= 400 && err.status < 500;
+      if (!isClientError) {
+        serverErrors++;
+        if (serverErrors >= maxServerErrors) {
+          codeSpinner.fail("Unable to verify your code right now");
+          console.log(chalk.red("Please try again later."));
+          return { passed: false };
+        }
+        codeSpinner.fail("Temporary problem verifying your code. Please try again.");
+        continue;
+      }
+      if (attempt < maxAttempts) {
+        codeSpinner.fail(`Invalid code (${attempt}/${maxAttempts} attempts)`);
+      } else {
+        codeSpinner.fail("Too many attempts");
+        console.log(chalk.red("Please wait a moment and try again."));
+      }
+      attempt++;
+    }
+  }
+  return { passed: false };
+}
+
+// src/commands/auth.ts
+import chalk2 from "chalk";
+import ora2 from "ora";
+async function authCommand(options) {
+  const baseUrl = options.url ?? getApiUrl();
+  const client = new ApiClient({ baseUrl, apiKey: options.apiKey });
+  console.log(chalk2.bold("\n  Welcome to Arda\n"));
+  const spinner = ora2("Checking your API key...").start();
+  try {
+    const status = await client.getAgentStatus();
+    setApiKey(options.apiKey);
+    setInstanceId(status.instanceId);
+    spinner.succeed(`Logged in \u2014 agent is ${status.status}`);
+    console.log(chalk2.green("\nYou're ready to go! Run `ardabot chat` to talk to your agent.\n"));
+  } catch (err) {
+    spinner.fail("That API key didn't work");
+    console.log(chalk2.red(err.message));
+    process.exitCode = 1;
+  }
+}
+
+// src/commands/chat.ts
+import { createInterface as createInterface2 } from "readline/promises";
+import chalk3 from "chalk";
+
+// src/utils/markdown.ts
+import { Marked } from "marked";
+var markedInstance = null;
+async function getMarked() {
+  if (markedInstance === null) {
+    try {
+      const { default: markedTerminal } = await import("marked-terminal");
+      const extension = markedTerminal();
+      markedInstance = new Marked(extension);
+    } catch {
+      markedInstance = new Marked();
+    }
+  }
+  return markedInstance;
+}
+async function renderMarkdown(text) {
+  const marked = await getMarked();
+  const rendered = marked.parse(text);
+  if (typeof rendered === "string") {
+    return rendered.replace(/\n+$/, "");
+  }
+  return text;
+}
+
+// src/commands/chat.ts
+import { EventSourceParserStream } from "eventsource-parser/stream";
+async function chatCommand(options) {
+  if (!hasCredentials()) {
+    console.log(chalk3.yellow("Not logged in. Run `ardabot login` or `ardabot auth` first."));
+    process.exitCode = 1;
+    return;
+  }
+  const client = new ApiClient();
+  const sessionId = options.session ?? `cli:${Date.now()}`;
+  let botName = "agent";
+  try {
+    const settings = await client.getAgentSettings();
+    if (settings.botName) {
+      botName = settings.botName;
+    }
+  } catch {
+  }
+  console.log(chalk3.bold(`
+  ${botName}`));
+  console.log(chalk3.gray("  Type a message to get started. Ctrl+C to exit.\n"));
+  const rl = createInterface2({ input: process.stdin, output: process.stdout });
+  rl.on("close", () => {
+    console.log(chalk3.gray("\nSee you later."));
+    process.exit(0);
+  });
+  while (true) {
+    let input;
+    try {
+      input = await rl.question(chalk3.cyan("you> "));
+    } catch {
+      break;
+    }
+    const trimmed = input.trim();
+    if (trimmed === "") {
+      continue;
+    }
+    try {
+      process.stdout.write(chalk3.magenta(`${botName}> `));
+      await streamResponse(client, trimmed, sessionId);
+      console.log("\n");
+    } catch (err) {
+      console.log();
+      console.log(chalk3.red(`Error: ${err.message}`));
+      console.log();
+    }
+  }
+  rl.close();
+}
+async function streamResponse(client, message, sessionId) {
+  let responseBody;
+  try {
+    responseBody = await client.chatStream(message, sessionId);
+  } catch {
+    const result = await client.chat(message, sessionId);
+    process.stdout.write(await renderMarkdown(result.response));
+    return;
+  }
+  const eventStream = responseBody.pipeThrough(new TextDecoderStream()).pipeThrough(
+    new EventSourceParserStream()
+  );
+  let fullResponse = "";
+  for await (const event of eventStream) {
+    if (event.data === "[DONE]") {
+      break;
+    }
+    try {
+      const chunk = JSON.parse(event.data);
+      switch (chunk.type) {
+        case "text":
+          if (chunk.text) {
+            process.stdout.write(chunk.text);
+            fullResponse += chunk.text;
+          }
+          break;
+        case "thinking":
+          if (chunk.thinking) {
+            process.stdout.write(chalk3.gray(chunk.thinking));
+          }
+          break;
+        case "tool_start":
+          process.stdout.write(chalk3.gray("\n[tool] "));
+          break;
+        case "tool_end":
+          process.stdout.write(chalk3.gray(" done\n"));
+          break;
+        case "done":
+          if (fullResponse === "" && chunk.output?.response) {
+            process.stdout.write(await renderMarkdown(chunk.output.response));
+          }
+          break;
+        case "error":
+          if (chunk.error) {
+            process.stdout.write(chalk3.red(`
+Error: ${chunk.error}`));
+          }
+          break;
+      }
+    } catch {
+    }
+  }
+}
+
+// src/commands/status.ts
+import chalk4 from "chalk";
+import ora3 from "ora";
+async function statusCommand() {
+  if (!hasCredentials()) {
+    console.log(chalk4.yellow("Not logged in. Run `ardabot login` or `ardabot auth` first."));
+    process.exitCode = 1;
+    return;
+  }
+  const client = new ApiClient();
+  const spinner = ora3("Checking on your agent...").start();
+  try {
+    const status = await client.getAgentStatus();
+    spinner.stop();
+    const balance = `$${(status.balanceCents / 100).toFixed(2)}`;
+    console.log(chalk4.bold("\n  Your Agent\n"));
+    console.log(`  Status     ${formatStatus(status.status)}`);
+    console.log(`  Runtime    ${status.runtimeId}`);
+    console.log(`  Balance    ${status.balanceCents > 0 ? chalk4.green(balance) : chalk4.red(balance)}`);
+    console.log(`  Tier       ${formatTier(status.tier)}`);
+    console.log(`  Instance   ${chalk4.gray(status.instanceId)}`);
+    console.log();
+  } catch (err) {
+    spinner.fail("Couldn't reach your agent");
+    console.log(chalk4.red(err.message));
+    process.exitCode = 1;
+  }
+}
+function formatStatus(status) {
+  switch (status) {
+    case "running":
+      return chalk4.green("Running");
+    case "provisioning":
+      return chalk4.yellow("Starting up...");
+    case "stopped":
+      return chalk4.gray("Stopped");
+    case "error":
+      return chalk4.red("Error");
+    default:
+      return status;
+  }
+}
+function formatTier(tier) {
+  const tierNames = {
+    "0": "Free",
+    "1": "Pro",
+    "2": "Team",
+    "3": "Enterprise"
+  };
+  return tierNames[String(tier)] ?? String(tier);
+}
+
+// src/commands/logout.ts
+async function logoutCommand() {
+  clearAll();
+  console.log("Logged out. See you next time!");
+}
+
+// src/commands/devices.ts
+import { createInterface as createInterface3 } from "readline/promises";
+import chalk5 from "chalk";
+import ora4 from "ora";
+function prompt2(rl, question) {
+  return rl.question(question);
+}
+async function devicesCommand(options) {
+  if (!hasCredentials()) {
+    console.log(chalk5.yellow("Not logged in. Run `ardabot login` first."));
+    process.exitCode = 1;
+    return;
+  }
+  const rl = createInterface3({ input: process.stdin, output: process.stdout });
+  try {
+    const baseUrl = options.url ?? getApiUrl();
+    const client = new ApiClient({ baseUrl });
+    let running = true;
+    while (running) {
+      const fetchSpinner = ora4({ text: "Loading devices...", discardStdin: false }).start();
+      let devices;
+      try {
+        devices = await client.getDevices();
+        fetchSpinner.stop();
+      } catch (err) {
+        fetchSpinner.fail("Couldn't load devices");
+        console.log(chalk5.red(err.message));
+        return;
+      }
+      console.log(chalk5.bold("\n  Linked devices\n"));
+      if (devices.length === 0) {
+        console.log(chalk5.gray("  No devices linked.\n"));
+      } else {
+        for (let i = 0; i < devices.length; i++) {
+          const d = devices[i];
+          const typePad = d.type === "sms" ? "SMS     " : "Telegram";
+          const date = d.verifiedAt ? new Date(d.verifiedAt).toLocaleDateString("en-US", {
+            year: "numeric",
+            month: "short",
+            day: "numeric"
+          }) : "unknown";
+          console.log(`  ${i + 1}. ${typePad} ${d.identifier}   ${chalk5.gray(`(linked ${date})`)}`);
+        }
+        console.log();
+      }
+      const actionList = "(1) Link new device  (2) Unlink device  (3) Done";
+      const answer = await prompt2(rl, `What would you like to do? ${actionList}
+`);
+      const choice = parseInt(answer.trim(), 10);
+      switch (choice) {
+        case 1:
+          await linkDevice(rl, client);
+          break;
+        case 2:
+          await unlinkDevice(rl, client, devices);
+          break;
+        case 3:
+          running = false;
+          break;
+        default:
+          console.log(chalk5.red("Please enter 1, 2, or 3."));
+      }
+    }
+  } finally {
+    rl.close();
+  }
+}
+async function linkDevice(rl, client) {
+  const typeAnswer = await prompt2(rl, "Device type? (1) SMS  (2) Telegram\n");
+  const typeChoice = parseInt(typeAnswer.trim(), 10);
+  if (typeChoice === 1) {
+    await linkSmsDev(rl, client);
+  } else if (typeChoice === 2) {
+    await linkTelegramDevice(rl, client);
+  } else {
+    console.log(chalk5.red("Please enter 1 or 2."));
+  }
+}
+async function linkSmsDev(rl, client) {
+  const phoneNumber = await prompt2(rl, "Phone number (e.g. +1234567890):\n");
+  if (!phoneNumber.startsWith("+")) {
+    console.log(chalk5.red("Please include your country code (e.g. +1 for US)"));
+    return;
+  }
+  const sendSpinner = ora4({ text: "Sending you a code...", discardStdin: false }).start();
+  try {
+    await client.sendDeviceSmsCode(phoneNumber);
+    sendSpinner.succeed("Code sent!");
+  } catch (err) {
+    sendSpinner.fail("Couldn't send the code");
+    console.log(chalk5.red(err.message));
+    return;
+  }
+  const code = await prompt2(rl, "Enter the 6-digit code:\n");
+  if (!/^\d{6}$/.test(code)) {
+    console.log(chalk5.red("That doesn't look right \u2014 enter the 6-digit code from your SMS."));
+    return;
+  }
+  const verifySpinner = ora4({ text: "Checking...", discardStdin: false }).start();
+  try {
+    await client.verifyDeviceSmsCode(phoneNumber, code);
+    verifySpinner.succeed("Device linked!");
+  } catch (err) {
+    verifySpinner.fail("Couldn't link device");
+    console.log(chalk5.red(err.message));
+  }
+}
+async function linkTelegramDevice(rl, client) {
+  console.log(chalk5.cyan("\nSend /link to @ArdaBot on Telegram, then enter the code below.\n"));
+  const code = await prompt2(rl, "Linking code:\n");
+  if (!/^[A-Za-z0-9]{6}$/.test(code)) {
+    console.log(chalk5.red("That doesn't look right \u2014 enter the 6-character code from Telegram."));
+    return;
+  }
+  const verifySpinner = ora4({ text: "Checking...", discardStdin: false }).start();
+  try {
+    await client.verifyDeviceTelegram(code.toUpperCase());
+    verifySpinner.succeed("Device linked!");
+  } catch (err) {
+    verifySpinner.fail("Couldn't link device");
+    console.log(chalk5.red(err.message));
+  }
+}
+async function unlinkDevice(rl, client, devices) {
+  if (devices.length === 0) {
+    console.log(chalk5.yellow("No devices to unlink."));
+    return;
+  }
+  const optionList = devices.map((d, i) => `(${i + 1}) ${d.type === "sms" ? "SMS" : "Telegram"} ${d.identifier}`).join("  ");
+  const answer = await prompt2(rl, `Which device? ${optionList}
+`);
+  const idx = parseInt(answer.trim(), 10) - 1;
+  if (isNaN(idx) || idx < 0 || idx >= devices.length) {
+    console.log(chalk5.red("Invalid selection."));
+    return;
+  }
+  const device = devices[idx];
+  const unlinkSpinner = ora4({ text: "Unlinking...", discardStdin: false }).start();
+  try {
+    await client.unlinkDevice(device.id);
+    unlinkSpinner.succeed("Done!");
+  } catch (err) {
+    unlinkSpinner.fail("Couldn't unlink device");
+    console.log(chalk5.red(err.message));
+  }
+}
+
+// src/index.ts
+var program = new Command();
+program.name("ardabot").description("Your AI sidekick, from the terminal.").version("0.1.0");
+program.command("login").description("Log in or sign up").option("--url <url>", "API base URL").option("--promo <code>", "Redeem a promo code during signup").action(loginCommand);
+program.command("auth").description("Log in with an API key").requiredOption("--api-key <key>", "API key (arda_sk_...)").option("--url <url>", "API base URL").action(authCommand);
+program.command("chat").description("Talk to your agent").option("--session <id>", "Session ID for conversation continuity").action(chatCommand);
+program.command("status").description("Check on your agent").action(statusCommand);
+program.command("devices").description("Manage linked devices (SMS, Telegram)").option("--url <url>", "API base URL").action(devicesCommand);
+program.command("logout").description("Log out and clear credentials").action(logoutCommand);
+program.parse();

package/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "ardabot",
+  "version": "0.1.0",
+  "description": "Terminal client for the Arda platform",
+  "author": "r4v3n LLC",
+  "license": "SEE LICENSE IN LICENSE",
+  "homepage": "https://ardabot.ai",
+  "type": "module",
+  "bin": {
+    "ardabot": "dist/index.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "ARDA_DEFAULT_URL=https://staging-bot.ardabot.ai tsup --watch",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "clean": "rm -rf dist"
+  },
+  "dependencies": {
+    "commander": "^12.1.0",
+    "ink": "^5.1.0",
+    "react": "^18.3.1",
+    "ink-text-input": "^6.0.0",
+    "conf": "^13.0.1",
+    "chalk": "^5.4.1",
+    "ora": "^8.1.1",
+    "marked": "^15.0.0",
+    "marked-terminal": "^7.3.0",
+    "eventsource-parser": "^3.0.0"
+  },
+  "devDependencies": {
+    "@arda/tsconfig": "workspace:*",
+    "@types/node": "^22.19.7",
+    "@types/react": "^18.3.18",
+    "tsup": "^8.3.0",
+    "typescript": "^5.9.0",
+    "vitest": "^3.0.0"
+  }
+}