bloby-bot 0.28.0 → 0.29.0

package/LICENSE

@@ -0,0 +1,75 @@
+License text copyright (c) 2020 MariaDB Corporation Ab, All Rights Reserved.
+"Business Source License" is a trademark of MariaDB Corporation Ab.
+
+Parameters
+
+Licensor:             BERTA ONE LLC
+Licensed Work:        bloby-bot. The Licensed Work is (c) 2026 BERTA ONE LLC.
+Additional Use Grant: You may make production use of the Licensed Work,
+                      including for commercial purposes, provided that Your
+                      use does not consist of offering to third parties a
+                      hosted, managed, or multi-tenant service that (a)
+                      provides Bloby agent functionality as a service, and
+                      (b) operates a relay, marketplace, or equivalent
+                      backend that substitutes for the services offered at
+                      bloby.bot.
+
+                      For clarity: deploying Bloby on behalf of a client,
+                      reselling installation or configuration services,
+                      running Bloby for Your own internal or single-tenant
+                      use, and replacing the bloby.bot relay with Your own
+                      private infrastructure (e.g., Tailscale, custom
+                      tunnel) for non-competing use are all permitted.
+
+                      For interpretive guidance, please contact
+                      legal@bloby.bot.
+Change Date:          2028-04-30
+Change License:       Apache License, Version 2.0
+
+For information about alternative licensing arrangements for the Licensed
+Work, please contact legal@bloby.bot.
+
+Notice
+
+Business Source License 1.1
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative
+works, redistribute, and make non-production use of the Licensed Work. The
+Licensor may make an Additional Use Grant, above, permitting limited production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly
+available distribution of a specific version of the Licensed Work under this
+License, whichever comes first, the Licensor hereby grants you rights under
+the terms of the Change License, and the rights granted in the paragraph
+above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or authorized
+resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works
+of the Licensed Work, are subject to this License. This License applies
+separately for each version of the Licensed Work and the Change Date may vary
+for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy
+of the Licensed Work. If you receive the Licensed Work in original or
+modified form from a third party, the terms and conditions set forth in this
+License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically
+terminate your rights under this License for the current and all other
+versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or logo of
+Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+AN "AS IS" BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+TITLE.

package/README.md

@@ -591,3 +591,15 @@ Quick Tunnel is the default for simplicity -- zero configuration, no Cloudflare
 
 **Why memory files instead of a database for agent memory?**
 Files are the natural interface for the Claude Agent SDK -- it can read and write them with its built-in tools. No custom tool needed, no API integration. The agent manages its own memory with the same tools it uses to edit code.
+
+---
+
+## License
+
+Bloby is licensed under the **Business Source License 1.1** (BSL 1.1).
+
+- **Permitted:** self-hosted personal/internal use, modifications, redistribution, deploying Bloby for clients (consulting/integration), and replacing the `bloby.bot` relay with your own private infrastructure.
+- **Restricted:** offering Bloby as a hosted/managed/multi-tenant service that operates a relay or marketplace competing with `bloby.bot`.
+- **Change Date:** 2028-04-30 — on this date the license auto-converts to **Apache License 2.0**.
+
+See [LICENSE](./LICENSE) for the full terms. For commercial licensing inquiries, contact `legal@bloby.bot`.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bloby-bot",
-  "version": "0.28.0",
+  "version": "0.29.0",
   "releaseNotes": [
     "1. # voice note (PTT bubble)",
     "2. # audio file + caption",
@@ -9,11 +9,12 @@
   ],
   "description": "Self-hosted, self-evolving AI agent with its own dashboard.",
   "type": "module",
-  "license": "MIT",
+  "license": "BUSL-1.1",
   "bin": {
     "bloby": "./bin/cli.js"
   },
   "files": [
+    "LICENSE",
     "bin/",
     "cli/",
     "dist-bloby/",

package/scripts/tempo-balance.ts

@@ -0,0 +1,71 @@
+// Read on-chain USDC balances for one or more Tempo addresses.
+//
+// Fill in the CONFIG block below, then run from repo root:
+//   cp scripts/tempo-balance.ts /tmp/tempo-transfer/ && \
+//     (cd /tmp/tempo-transfer && ./node_modules/.bin/tsx tempo-balance.ts)
+//
+// (The script must be executed from inside the isolated /tmp/tempo-transfer/
+// install — the repo's own node_modules has a @noble/hashes version conflict
+// that breaks viem's ESM import resolution. To rebuild the isolated dir if
+// missing: mkdir -p /tmp/tempo-transfer && cd /tmp/tempo-transfer \
+//   && npm init -y && npm install viem@2.47.6 tsx)
+//
+// Each entry prints: USDC balance, nonce (0 = wallet has never sent a tx),
+// and whether the address is an EOA or a contract.
+
+// ─── CONFIG ──────────────────────────────────────────────────────────────────
+
+const ACCOUNTS = [
+  { label: 'Bot wallet', wallet: '0xc65d8a0dB80f637337B87e42b8BEb5D86D46f942' },
+  { label: 'Treasury',   wallet: '0x084A80e395FaE8Aaf58F591f47F63DA1EeF06bbC' },
+];
+
+// ─────────────────────────────────────────────────────────────────────────────
+
+import { createPublicClient, http, formatUnits } from 'viem';
+import { tempo } from 'viem/chains';
+
+const USDC = '0x20c000000000000000000000b9537d11c60e8b50' as const;
+const DECIMALS = 6;
+const RPC = 'https://rpc.tempo.xyz';
+
+const erc20Abi = [{
+  name: 'balanceOf',
+  type: 'function',
+  stateMutability: 'view',
+  inputs: [{ name: 'account', type: 'address' }],
+  outputs: [{ name: '', type: 'uint256' }],
+}] as const;
+
+async function main() {
+  const client = createPublicClient({ chain: tempo, transport: http(RPC) });
+  const block = await client.getBlockNumber();
+
+  console.log(`Block: ${block}`);
+  console.log('');
+
+  for (const { label, wallet } of ACCOUNTS) {
+    const address = wallet as `0x${string}`;
+
+    const [balance, nonce, code] = await Promise.all([
+      client.readContract({
+        address: USDC, abi: erc20Abi, functionName: 'balanceOf', args: [address],
+      }),
+      client.getTransactionCount({ address }),
+      client.getCode({ address }),
+    ]);
+
+    const isContract = code && code !== '0x';
+
+    console.log(`${label}  ${address}`);
+    console.log(`  USDC:  ${formatUnits(balance, DECIMALS)}`);
+    console.log(`  nonce: ${nonce}${nonce === 0 ? '  (never sent a tx)' : ''}`);
+    console.log(`  type:  ${isContract ? 'contract' : 'EOA'}`);
+    console.log('');
+  }
+}
+
+main().catch((err) => {
+  console.error(err);
+  process.exit(1);
+});

package/scripts/test-mpp-buy.ts

@@ -0,0 +1,153 @@
+// End-to-end test for the marketplace single-product MPP buy flow.
+//
+// Fill in the CONFIG block, then run:
+//   cp scripts/test-mpp-buy.ts /tmp/tempo-transfer/ && \
+//     (cd /tmp/tempo-transfer && ./node_modules/.bin/tsx test-mpp-buy.ts)
+//
+// (The script must run inside the isolated /tmp/tempo-transfer/ install — the
+// repo's @noble/hashes version conflicts with viem's ESM imports here. To
+// rebuild that dir: mkdir -p /tmp/tempo-transfer && cd /tmp/tempo-transfer \
+//   && npm init -y && npm install viem@2.47.6 mppx tsx)
+//
+// What it does:
+//   1. Reads the bot wallet's USDC balance + treasury + (optionally) seller.
+//   2. POSTs to /api/marketplace/buy/:productId via the mppx client.
+//   3. If the product has a seller with a wallet, the on-chain charge splits
+//      80/20 — verify both wallets move in the same block.
+//   4. Follows the first download URL to confirm the JWT-gated download works.
+
+// ─── CONFIG ──────────────────────────────────────────────────────────────────
+
+const RELAY = 'https://api.bloby.bot';
+const PRODUCT_ID = '<FILL_ME — e.g. sebastians-skill>';
+
+const BOT = {
+  relayToken: '<FILL_ME — 64-hex-char relay token>',
+  privateKey: '<FILL_ME — bot wallet private key, with or without 0x prefix>',
+  wallet:     '<FILL_ME — bot wallet address>',
+};
+
+// Optional: seller wallet to monitor for the 80% split landing.
+// Leave null if the product has no seller (then 100% goes to treasury).
+const SELLER_WALLET: string | null = null;
+
+const TREASURY = '0x084A80e395FaE8Aaf58F591f47F63DA1EeF06bbC';
+
+// ─────────────────────────────────────────────────────────────────────────────
+
+import { Mppx, tempo } from 'mppx/client';
+import { privateKeyToAccount } from 'viem/accounts';
+import { createPublicClient, http, formatUnits } from 'viem';
+import { tempo as tempoChain } from 'viem/chains';
+
+const USDC = '0x20c000000000000000000000b9537d11c60e8b50' as const;
+const RPC = 'https://rpc.tempo.xyz';
+
+const erc20Abi = [{
+  name: 'balanceOf',
+  type: 'function',
+  stateMutability: 'view',
+  inputs: [{ name: 'account', type: 'address' }],
+  outputs: [{ name: '', type: 'uint256' }],
+}] as const;
+
+function normalizePk(pk: string): `0x${string}` {
+  const t = pk.trim();
+  return (t.startsWith('0x') ? t : `0x${t}`) as `0x${string}`;
+}
+
+async function balanceOf(client: any, address: `0x${string}`) {
+  return client.readContract({
+    address: USDC, abi: erc20Abi, functionName: 'balanceOf', args: [address],
+  });
+}
+
+async function main() {
+  for (const [k, v] of [['PRODUCT_ID', PRODUCT_ID], ['BOT.relayToken', BOT.relayToken], ['BOT.privateKey', BOT.privateKey], ['BOT.wallet', BOT.wallet]]) {
+    if (typeof v !== 'string' || v.startsWith('<')) {
+      console.error(`Fill in ${k} before running.`);
+      process.exit(1);
+    }
+  }
+
+  const account = privateKeyToAccount(normalizePk(BOT.privateKey));
+  if (account.address.toLowerCase() !== BOT.wallet.toLowerCase()) {
+    console.error(`privateKey derives ${account.address}, but BOT.wallet is ${BOT.wallet}`);
+    process.exit(1);
+  }
+
+  const publicClient = createPublicClient({ chain: tempoChain, transport: http(RPC) });
+
+  const [botBefore, treasuryBefore, sellerBefore] = await Promise.all([
+    balanceOf(publicClient, account.address),
+    balanceOf(publicClient, TREASURY as `0x${string}`),
+    SELLER_WALLET ? balanceOf(publicClient, SELLER_WALLET as `0x${string}`) : Promise.resolve(0n),
+  ]);
+
+  console.log(`Wallet:           ${account.address}`);
+  console.log(`Balance before:   ${formatUnits(botBefore, 6)} USDC`);
+  console.log(`Treasury before:  ${formatUnits(treasuryBefore, 6)} USDC`);
+  if (SELLER_WALLET) console.log(`Seller before:    ${formatUnits(sellerBefore, 6)} USDC`);
+  console.log('');
+
+  const mppx = Mppx.create({
+    polyfill: false,
+    methods: [tempo({ account })],
+  });
+
+  const url = `${RELAY}/api/marketplace/buy/${PRODUCT_ID}`;
+  console.log(`POST ${url}`);
+
+  const res = await mppx.fetch(url, {
+    method: 'POST',
+    headers: {
+      'X-Bloby-Token': BOT.relayToken,
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify({}),
+  });
+
+  const body = await res.text();
+  const receipt = res.headers.get('Payment-Receipt');
+  console.log(`Status:           ${res.status}`);
+  console.log(`Body:             ${body}`);
+  console.log(`Payment-Receipt:  ${receipt ?? '(none)'}`);
+  console.log('');
+
+  if (!res.ok) {
+    process.exit(1);
+  }
+
+  const parsed = JSON.parse(body);
+  if (parsed.skills?.length) {
+    console.log(`Bought ${parsed.skills.length} skill(s) via "${parsed.paidVia}":`);
+    for (const skill of parsed.skills) {
+      console.log(`  - ${skill.name}@${skill.version} → ${skill.url}`);
+    }
+    console.log('');
+
+    // Verify the first download URL actually returns a tarball
+    const dlUrl = parsed.skills[0].url;
+    console.log(`Probing download: HEAD ${dlUrl}`);
+    const dl = await fetch(dlUrl, { method: 'GET' });
+    const contentLength = dl.headers.get('Content-Length');
+    console.log(`  status: ${dl.status}  content-type: ${dl.headers.get('Content-Type')}  size: ${contentLength ?? '?'} bytes`);
+    // drain body to release connection
+    if (dl.body) await dl.arrayBuffer();
+    console.log('');
+  }
+
+  const [botAfter, treasuryAfter, sellerAfter] = await Promise.all([
+    balanceOf(publicClient, account.address),
+    balanceOf(publicClient, TREASURY as `0x${string}`),
+    SELLER_WALLET ? balanceOf(publicClient, SELLER_WALLET as `0x${string}`) : Promise.resolve(0n),
+  ]);
+  console.log(`Balance after:    ${formatUnits(botAfter, 6)} USDC  (Δ ${formatUnits(botAfter - botBefore, 6)})`);
+  console.log(`Treasury after:   ${formatUnits(treasuryAfter, 6)} USDC  (Δ +${formatUnits(treasuryAfter - treasuryBefore, 6)})`);
+  if (SELLER_WALLET) console.log(`Seller after:     ${formatUnits(sellerAfter, 6)} USDC  (Δ +${formatUnits(sellerAfter - sellerBefore, 6)})`);
+}
+
+main().catch((err) => {
+  console.error(err);
+  process.exit(1);
+});

package/worker/prompts/bloby-system-prompt.txt

@@ -325,13 +325,16 @@ curl -s -X POST https://api.bloby.bot/api/services/test-mpp/use \
 # → "PINEAPPLE-MPP-OK · paid via {free|balance|mpp} · 2026-…"
 ```
 
-For services that may fall back to MPP, use the `mppx` CLI to auto-handle the 402 → sign → retry loop (it reads your wallet from `~/.bloby/config.json`):
+For services that may fall back to MPP, use the `mppx` CLI to auto-handle the 402 → sign → retry loop. **The mppx CLI uses its own OS-keychain by default and does NOT know about your wallet** — pass your private key inline via `MPPX_PRIVATE_KEY` (which mppx checks before the keychain):
 
 ```bash
-npx -y mppx http://api.bloby.bot/api/services/test-mpp/use \
+MPPX_PRIVATE_KEY=$(jq -r .wallet.privateKey ~/.bloby/config.json) \
+  npx -y mppx http://api.bloby.bot/api/services/test-mpp/use \
   -X POST -H "X-Bloby-Token: $RELAY_TOKEN"
 ```
 
+If you see `ACCOUNT_NOT_FOUND - No account found.`, you forgot to set `MPPX_PRIVATE_KEY` — the CLI looked in its empty keychain. Re-run with the env var.
+
 **Wallet on disk:** `~/.bloby/config.json` field `wallet` — `address` is public, `privateKey` is secret. Never print the private key in chat. The address is fine to share.
 
 **Running low?** Tell your human you need funds. Don't mention USDC, Tempo, or crypto unless they ask — to them, it's just adding dollars to your wallet via the "Add Funds" button in the chat header.
@@ -369,6 +372,21 @@ Always prefer editing existing files over creating new ones. This prevents file
 ## Careful Execution
 Consider the reversibility and blast radius of actions. Prefer `trash` over `rm` — recoverable beats gone forever. If something fails, pivot — don't retry the same thing blindly. Read error messages carefully and address root causes.
 
+## Stop looping (HARD RULE)
+
+If your second attempt at fixing a problem produces the same error as the first, **STOP**. Do not try a third variation of the same family of fix.
+
+- If the error is identical, your diagnosis is wrong. Re-read the error from scratch, ignoring your previous theory.
+- Run a different *kind* of check (read the file, check the filesystem, inspect logs) — not another *kind* of fix.
+- If you genuinely can't identify the root cause after re-diagnosing, escalate: tell your human plainly what's broken, what you tried, and ask them to restart bloby (`bloby restart` from their terminal). Asking for help is faster than burning their time on a doomed loop.
+
+Examples of patterns that count as "the same family of fix":
+- Clearing Vite cache → installing dummy dep → touching files → adding new dep — these are all "force Vite to re-bundle" and count as ONE attempt, not four.
+- Restarting the same process twice in a row.
+- Running `npm install` repeatedly when the underlying error is unchanged.
+
+A user staring at a black dashboard while you try the seventh variation of the same fix is worse off than a user who got told "I think node_modules is in a bad state, can you restart bloby?" after the second failure.
+
 ## Parallel Operations
 Run independent tool calls in parallel. Don't serialize what can run concurrently. When you need to read multiple files, read them all at once.
 
@@ -503,6 +521,26 @@ Before installing, check if a suitable package is already in `node_modules/`. Pr
 
 **Never** run `npm install` from the parent directory or modify the parent's `package.json`. Your dependencies are sandboxed to workspace — this boundary is enforced at the runtime level.
 
+### Hard rule: imports MUST have matching installed packages
+
+Every `import` statement you add to a file must correspond to a real package in `node_modules/`. Workflow:
+
+1. **Install first, import second.** Run `npm install <pkg>` BEFORE you save a file that imports it. Never write `import X from 'foo'` and then plan to install later — the file will be loaded by Vite/the backend the moment it's saved, and a missing package will crash the dashboard.
+2. **Confirm it landed.** After `npm install`, verify with `ls workspace/node_modules/<pkg>/package.json` (or `cat` the workspace `package.json` to confirm it was added to `dependencies`). If the directory isn't there, the install didn't actually take.
+3. **Same rule for delegated work.** If you offload coding to a background task, the work isn't "done" until every new import resolves. When the task completes, do a quick sanity check: scan the diff for new `import` lines and confirm each package exists in `node_modules/`.
+4. **Never use `--no-save`.** Always let `npm install` write to `package.json`. Transient installs disappear the moment something else runs `npm install` or `npm prune`, and the dashboard breaks with `ENOENT` errors that look mysterious.
+
+### Diagnosing Vite / dev-server errors
+
+When the dashboard shows a black screen or Vite logs an error, READ the error before acting. Don't reflexively clear caches.
+
+- **`Error: ENOENT: no such file or directory, open '.../node_modules/<pkg>/...'`** → The package is **physically missing on disk**. The fix is `npm install <pkg>` — full stop. Clearing `.vite/deps/`, touching files, adding dummy deps, or restarting will NOT recreate the missing file.
+- **`Failed to resolve import "<pkg>"`** with no path in the error → Same diagnosis: package isn't installed. Run `npm install <pkg>`.
+- **Pre-bundling / optimizer errors that don't reference a missing path, OR errors that persist after dependency changes** → Vite's dep cache is stale. Clear it: `rm -rf workspace/node_modules/.vite` and reload. (This is the ONLY case where clearing the cache helps.)
+- **Backend crash loop** → Read `.backend.log`. Don't guess.
+
+If you've tried a fix and the same error recurs, do NOT try a variation of the same fix. Re-diagnose from the error message, or stop and ask your human to restart bloby. See "Stop looping" below.
+
 ## Backend Lifecycle (Critical)
 
 The supervisor manages the backend process. You don't need to manage it yourself.