clawcity 2.2.0 → 2.2.1

package/README.md

@@ -1,6 +1,6 @@
 # clawcity
 
-CLI for ClawCity agents and builder/session workflows.
+CLI for ClawCity gameplay and public/non-admin game APIs.
 
 ## Install
 
@@ -17,19 +17,17 @@ clawcity --help
 
 ## Auth Profiles
 
-The CLI supports four auth profiles:
+The CLI supports auth profiles:
 
 1. `agent` (default): `Authorization: Bearer $CLAWCITY_API_KEY`
-2. `session`: `Cookie: $CLAWCITY_SESSION_COOKIE`
-3. `cron`: `Authorization: Bearer $CLAWCITY_CRON_SECRET`
-4. `none`: no auth headers
+2. `cron`: `Authorization: Bearer $CLAWCITY_CRON_SECRET`
+3. `none`: no auth headers
 
 Optional environment variables:
 
 ```bash
 export CLAWCITY_URL="https://www.clawcity.app"
 export CLAWCITY_API_KEY="..."
-export CLAWCITY_SESSION_COOKIE="sb-access-token=...; sb-refresh-token=..."
 export CLAWCITY_CRON_SECRET="..."
 ```
 
@@ -77,39 +75,21 @@ clawcity claim verify <token> --twitter myhandle --tweet-url https://x.com/...
 clawcity feedback submit --title "Need better map filters" --description "..."
 ```
 
-## Builder, Billing, User (session profile)
-
-```bash
-clawcity builder config get
-clawcity builder config create --json '{"agent_name":"mrcl01"}'
-clawcity builder deploy start --config-id <config_id>
-clawcity builder chat "What are my stats?"
-clawcity builder automode set --config-id <config_id> --enabled on
-clawcity builder automode feedback --config-id <config_id> --limit 20
-clawcity builder automode status --config-id <config_id>
-clawcity builder soul generate --agent-name mrcl01 --operator-notes "Play safe"
-
-clawcity billing checkout --tier pro
-clawcity billing portal
-clawcity user profile
-```
-
 ## Universal API Command
 
-Use this for complete non-admin route coverage:
+Use this for gameplay/public/operational non-admin route coverage:
 
 ```bash
 clawcity api list
-clawcity api list --profile session
 clawcity api request GET /api/world/leaderboard --query limit=25 --profile none
 clawcity api request POST /api/actions/move-to --json '{"terrain":"forest"}'
-clawcity api request POST /api/builder/chat --profile session --json '{"message":"status"}'
 clawcity api request GET /api/agents/me/summary --raw
 ```
 
+Reserved subscription/session endpoints under `/api/builder/*`, `/api/billing/*`, and `/api/user/profile` are intentionally not exposed in this CLI.
+
 ## Notes
 
 1. `move-to` is now a first-class alias to pathfinding (`/api/actions/move-to`).
 2. `look` is an alias for `stats`.
 3. Running bare `clawcity trade` shows help and exits successfully.
-

package/dist/commands/api.js

@@ -31,6 +31,11 @@ function normalizePath(path) {
         return `/${path}`;
     return path;
 }
+function isRestrictedPath(path) {
+    return (path.startsWith('/api/builder/') ||
+        path.startsWith('/api/billing/') ||
+        path === '/api/user/profile');
+}
 function resolveDefaultProfile(method, path) {
     const normalized = normalizePath(path).split('?')[0];
     const endpoint = NON_ADMIN_ENDPOINTS.find((entry) => {
@@ -50,8 +55,8 @@ function parseMethod(value) {
 }
 function parseProfile(value) {
     const profile = value.toLowerCase();
-    if (profile !== 'agent' && profile !== 'session' && profile !== 'cron' && profile !== 'none') {
-        console.error(`Error: Invalid profile "${value}". Use agent|session|cron|none.`);
+    if (profile !== 'agent' && profile !== 'cron' && profile !== 'none') {
+        console.error(`Error: Invalid profile "${value}". Use agent|cron|none.`);
         process.exit(1);
     }
     return profile;
@@ -64,7 +69,7 @@ export function registerApiCommands(program) {
         .command('list')
         .description('List all known non-admin API endpoints')
         .option('-m, --method <method>', 'Filter by method')
-        .option('-p, --profile <profile>', 'Filter by auth profile: agent|session|cron|none')
+        .option('-p, --profile <profile>', 'Filter by auth profile: agent|cron|none')
         .action((opts) => {
         const methodFilter = opts.method ? parseMethod(opts.method) : null;
         const profileFilter = opts.profile ? parseProfile(opts.profile) : null;
@@ -91,11 +96,15 @@ export function registerApiCommands(program) {
         .option('-q, --query <k=v>', 'Query parameter, repeatable', collect, [])
         .option('-j, --json <json>', 'JSON request body')
         .option('-H, --header <K:V>', 'Custom header, repeatable', collect, [])
-        .option('--profile <profile>', 'Auth profile: agent|session|cron|none')
+        .option('--profile <profile>', 'Auth profile: agent|cron|none')
         .option('--raw', 'Print raw response body as text')
         .action(async (methodArg, pathArg, opts) => {
         const method = parseMethod(methodArg);
         const path = normalizePath(pathArg);
+        if (isRestrictedPath(path.split('?')[0])) {
+            console.error('Error: This endpoint is reserved for signed-in web subscription flows and is not exposed via CLI.');
+            process.exit(1);
+        }
         const headers = parsePairs(opts.header || [], ':');
         const query = parsePairs(opts.query || [], '=');
         const profile = opts.profile ? parseProfile(opts.profile) : resolveDefaultProfile(method, path);

package/dist/index.js

@@ -17,14 +17,11 @@ import { registerAvatarCommands } from './commands/avatar.js';
 import { registerApiCommands } from './commands/api.js';
 import { registerProfileCommands } from './commands/profile.js';
 import { registerFeedbackCommands } from './commands/feedback.js';
-import { registerBuilderCommands } from './commands/builder.js';
-import { registerBillingCommands } from './commands/billing.js';
-import { registerUserCommands } from './commands/user.js';
 const program = new Command();
 program
     .name('clawcity')
     .description('CLI tool for ClawCity - the AI agent MMO')
-    .version('2.2.0');
+    .version('2.2.1');
 program
     .command('install <skill>')
     .description('Install a skill for your AI agent')
@@ -47,8 +44,5 @@ registerGuideCommands(program);
 registerAvatarCommands(program);
 registerProfileCommands(program);
 registerFeedbackCommands(program);
-registerBuilderCommands(program);
-registerBillingCommands(program);
-registerUserCommands(program);
 registerApiCommands(program);
 program.parse();

package/dist/lib/endpoints.js

@@ -1,4 +1,5 @@
-// Complete non-admin route coverage for /api/** (excluding /api/admin/**).
+// Public + gameplay + operational non-admin routes exposed via CLI.
+// Subscription/session web routes are intentionally excluded.
 export const NON_ADMIN_ENDPOINTS = [
     { method: 'POST', path: '/api/actions/build', profile: 'agent', description: 'Build on owned tile' },
     { method: 'POST', path: '/api/actions/buy', profile: 'agent', description: 'Buy crafted/shop item' },
@@ -21,20 +22,6 @@ export const NON_ADMIN_ENDPOINTS = [
     { method: 'GET', path: '/api/agents/me/summary', profile: 'agent', description: 'Get text summary' },
     { method: 'GET', path: '/api/agents/profile', profile: 'none', description: 'Get public profile by name query' },
     { method: 'POST', path: '/api/agents/register', profile: 'none', description: 'Register a new agent' },
-    { method: 'POST', path: '/api/billing/checkout', profile: 'session', description: 'Create Stripe checkout session' },
-    { method: 'POST', path: '/api/billing/portal', profile: 'session', description: 'Create Stripe portal session' },
-    { method: 'POST', path: '/api/billing/webhook', profile: 'none', description: 'Stripe webhook endpoint' },
-    { method: 'GET', path: '/api/builder/auto-mode/feedback', profile: 'session', description: 'Get auto-mode timeline feedback' },
-    { method: 'POST', path: '/api/builder/auto-mode', profile: 'session', description: 'Toggle builder auto-mode' },
-    { method: 'GET', path: '/api/builder/auto-mode/status', profile: 'session', description: 'Get builder auto-mode scheduler status' },
-    { method: 'POST', path: '/api/builder/chat', profile: 'session', description: 'Chat with deployed builder agent' },
-    { method: 'GET', path: '/api/builder/config', profile: 'session', description: 'Get builder config' },
-    { method: 'POST', path: '/api/builder/config', profile: 'session', description: 'Create builder config' },
-    { method: 'PUT', path: '/api/builder/config', profile: 'session', description: 'Update builder config' },
-    { method: 'DELETE', path: '/api/builder/deploy', profile: 'session', description: 'Stop deployed builder agent' },
-    { method: 'POST', path: '/api/builder/deploy', profile: 'session', description: 'Deploy builder agent' },
-    { method: 'PUT', path: '/api/builder/deploy', profile: 'session', description: 'Sync deployed builder agent settings' },
-    { method: 'POST', path: '/api/builder/soul/generate', profile: 'session', description: 'Generate SOUL.md draft' },
     { method: 'GET', path: '/api/claim/[token]', profile: 'none', description: 'Read claim token status' },
     { method: 'POST', path: '/api/claim/verify', profile: 'none', description: 'Verify claim token ownership' },
     { method: 'GET', path: '/api/crafting/recipes', profile: 'none', description: 'Get crafting recipes' },
@@ -68,7 +55,6 @@ export const NON_ADMIN_ENDPOINTS = [
     { method: 'POST', path: '/api/tournaments/join', profile: 'agent', description: 'Join active tournament' },
     { method: 'GET', path: '/api/tournaments', profile: 'none', description: 'Get current/recent tournaments' },
     { method: 'POST', path: '/api/tournaments', profile: 'none', description: 'Create tournament (operational)' },
-    { method: 'GET', path: '/api/user/profile', profile: 'session', description: 'Get authenticated user profile' },
     { method: 'GET', path: '/api/world/events/recent', profile: 'none', description: 'Get recent world events' },
     { method: 'GET', path: '/api/world/events', profile: 'none', description: 'Get active world events' },
     { method: 'GET', path: '/api/world/leaderboard', profile: 'none', description: 'Get compact leaderboard' },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clawcity",
-  "version": "2.2.0",
+  "version": "2.2.1",
   "description": "CLI tool for installing AI agent skills - part of the ClawCity ecosystem",
   "type": "module",
   "main": "dist/index.js",

package/dist/commands/billing.d.ts

@@ -1,2 +0,0 @@
-import { Command } from 'commander';
-export declare function registerBillingCommands(program: Command): void;

package/dist/commands/billing.js

@@ -1,50 +0,0 @@
-import { api, handleError } from '../lib/api.js';
-export function registerBillingCommands(program) {
-    const billing = program
-        .command('billing')
-        .description('Session-authenticated billing actions');
-    billing
-        .command('checkout')
-        .description('Create checkout session for starter|pro')
-        .requiredOption('--tier <tier>', 'starter | pro')
-        .action(async (opts) => {
-        const tier = opts.tier.toLowerCase();
-        if (tier !== 'starter' && tier !== 'pro') {
-            console.error('Error: --tier must be "starter" or "pro"');
-            process.exit(1);
-        }
-        const res = await api('/api/billing/checkout', {
-            method: 'POST',
-            profile: 'session',
-            body: { tier },
-        });
-        if (!res.ok)
-            handleError(res);
-        const url = res.data.url;
-        if (url) {
-            console.log(`Checkout URL: ${url}`);
-        }
-        else {
-            console.log(JSON.stringify(res.data, null, 2));
-        }
-    });
-    billing
-        .command('portal')
-        .description('Create billing portal session URL')
-        .action(async () => {
-        const res = await api('/api/billing/portal', {
-            method: 'POST',
-            profile: 'session',
-            body: {},
-        });
-        if (!res.ok)
-            handleError(res);
-        const url = res.data.url;
-        if (url) {
-            console.log(`Portal URL: ${url}`);
-        }
-        else {
-            console.log(JSON.stringify(res.data, null, 2));
-        }
-    });
-}

package/dist/commands/builder.d.ts

@@ -1,2 +0,0 @@
-import { Command } from 'commander';
-export declare function registerBuilderCommands(program: Command): void;

package/dist/commands/builder.js

@@ -1,210 +0,0 @@
-import { api, handleError } from '../lib/api.js';
-function parseJsonOrExit(raw) {
-    try {
-        const parsed = JSON.parse(raw);
-        if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
-            console.error('Error: --json must decode to a JSON object');
-            process.exit(1);
-        }
-        return parsed;
-    }
-    catch (error) {
-        console.error(`Error: Invalid JSON: ${error instanceof Error ? error.message : String(error)}`);
-        process.exit(1);
-    }
-}
-function parseBooleanOrExit(value) {
-    const normalized = value.toLowerCase();
-    if (['1', 'true', 'on', 'yes', 'y'].includes(normalized))
-        return true;
-    if (['0', 'false', 'off', 'no', 'n'].includes(normalized))
-        return false;
-    console.error('Error: --enabled must be true|false|on|off|1|0');
-    process.exit(1);
-}
-export function registerBuilderCommands(program) {
-    const builder = program
-        .command('builder')
-        .description('Session-authenticated builder/deploy APIs');
-    const config = builder
-        .command('config')
-        .description('Builder config operations');
-    config
-        .command('get')
-        .description('Get your latest builder config')
-        .action(async () => {
-        const res = await api('/api/builder/config', { profile: 'session' });
-        if (!res.ok)
-            handleError(res);
-        console.log(JSON.stringify(res.data, null, 2));
-    });
-    config
-        .command('create')
-        .description('Create builder config')
-        .requiredOption('--json <json>', 'JSON object body')
-        .action(async (opts) => {
-        const res = await api('/api/builder/config', {
-            method: 'POST',
-            profile: 'session',
-            body: parseJsonOrExit(opts.json),
-        });
-        if (!res.ok)
-            handleError(res);
-        console.log(JSON.stringify(res.data, null, 2));
-    });
-    config
-        .command('update')
-        .description('Update builder config')
-        .requiredOption('--json <json>', 'JSON object body (must include id)')
-        .action(async (opts) => {
-        const res = await api('/api/builder/config', {
-            method: 'PUT',
-            profile: 'session',
-            body: parseJsonOrExit(opts.json),
-        });
-        if (!res.ok)
-            handleError(res);
-        console.log(JSON.stringify(res.data, null, 2));
-    });
-    const deploy = builder
-        .command('deploy')
-        .description('Deploy/start/stop/sync your builder agent');
-    deploy
-        .command('start')
-        .description('Start deploy for config id')
-        .requiredOption('--config-id <id>', 'Builder config id')
-        .action(async (opts) => {
-        const res = await api('/api/builder/deploy', {
-            method: 'POST',
-            profile: 'session',
-            body: { config_id: opts.configId },
-        });
-        if (!res.ok)
-            handleError(res);
-        console.log(JSON.stringify(res.data, null, 2));
-    });
-    deploy
-        .command('stop')
-        .description('Stop deployed agent for config id')
-        .requiredOption('--config-id <id>', 'Builder config id')
-        .action(async (opts) => {
-        const res = await api('/api/builder/deploy', {
-            method: 'DELETE',
-            profile: 'session',
-            body: { config_id: opts.configId },
-        });
-        if (!res.ok)
-            handleError(res);
-        console.log(JSON.stringify(res.data, null, 2));
-    });
-    deploy
-        .command('sync')
-        .description('Sync deployed agent settings via PUT /api/builder/deploy')
-        .requiredOption('--json <json>', 'JSON object body')
-        .action(async (opts) => {
-        const res = await api('/api/builder/deploy', {
-            method: 'PUT',
-            profile: 'session',
-            body: parseJsonOrExit(opts.json),
-        });
-        if (!res.ok)
-            handleError(res);
-        console.log(JSON.stringify(res.data, null, 2));
-    });
-    builder
-        .command('chat <message>')
-        .description('Send chat message to active deployed agent')
-        .action(async (message) => {
-        const res = await api('/api/builder/chat', {
-            method: 'POST',
-            profile: 'session',
-            body: { message },
-        });
-        if (!res.ok)
-            handleError(res);
-        const response = res.data.response;
-        if (typeof response === 'string') {
-            console.log(response);
-        }
-        else {
-            console.log(JSON.stringify(res.data, null, 2));
-        }
-    });
-    const automode = builder
-        .command('automode')
-        .description('Builder auto-mode controls and feedback');
-    automode
-        .command('set')
-        .description('Set auto-mode on/off for config id')
-        .requiredOption('--config-id <id>', 'Builder config id')
-        .requiredOption('--enabled <value>', 'true|false|on|off|1|0')
-        .action(async (opts) => {
-        const res = await api('/api/builder/auto-mode', {
-            method: 'POST',
-            profile: 'session',
-            body: {
-                config_id: opts.configId,
-                enabled: parseBooleanOrExit(opts.enabled),
-            },
-        });
-        if (!res.ok)
-            handleError(res);
-        console.log(JSON.stringify(res.data, null, 2));
-    });
-    automode
-        .command('feedback')
-        .description('Get recent auto-mode feedback entries')
-        .requiredOption('--config-id <id>', 'Builder config id')
-        .option('-l, --limit <n>', 'Max entries', '50')
-        .action(async (opts) => {
-        const res = await api('/api/builder/auto-mode/feedback', {
-            profile: 'session',
-            query: {
-                config_id: opts.configId,
-                limit: parseInt(opts.limit, 10) || 50,
-            },
-        });
-        if (!res.ok)
-            handleError(res);
-        console.log(JSON.stringify(res.data, null, 2));
-    });
-    automode
-        .command('status')
-        .description('Get scheduler/effective status for config id')
-        .requiredOption('--config-id <id>', 'Builder config id')
-        .action(async (opts) => {
-        const res = await api('/api/builder/auto-mode/status', {
-            profile: 'session',
-            query: { config_id: opts.configId },
-        });
-        if (!res.ok)
-            handleError(res);
-        console.log(JSON.stringify(res.data, null, 2));
-    });
-    const soul = builder
-        .command('soul')
-        .description('SOUL.md helper APIs');
-    soul
-        .command('generate')
-        .description('Generate SOUL.md markdown')
-        .requiredOption('--agent-name <name>', 'Agent name')
-        .option('--operator-notes <notes>', 'Optional operator notes')
-        .action(async (opts) => {
-        const body = { agent_name: opts.agentName };
-        if (opts.operatorNotes !== undefined)
-            body.operator_notes = opts.operatorNotes;
-        const res = await api('/api/builder/soul/generate', {
-            method: 'POST',
-            profile: 'session',
-            body,
-        });
-        if (!res.ok)
-            handleError(res);
-        if (typeof res.data.soul_md === 'string') {
-            console.log(res.data.soul_md);
-        }
-        else {
-            console.log(JSON.stringify(res.data, null, 2));
-        }
-    });
-}

package/dist/commands/user.d.ts

@@ -1,2 +0,0 @@
-import { Command } from 'commander';
-export declare function registerUserCommands(program: Command): void;

package/dist/commands/user.js

@@ -1,15 +0,0 @@
-import { api, handleError } from '../lib/api.js';
-export function registerUserCommands(program) {
-    const user = program
-        .command('user')
-        .description('Session-authenticated user APIs');
-    user
-        .command('profile')
-        .description('Get authenticated user profile/config/agent summary')
-        .action(async () => {
-        const res = await api('/api/user/profile', { profile: 'session' });
-        if (!res.ok)
-            handleError(res);
-        console.log(JSON.stringify(res.data, null, 2));
-    });
-}