clawmarketbot 0.1.2 → 0.1.4

package/README.md

@@ -1,12 +1,12 @@
 # clawmarketbot
 
-CLI for [ClawMarket](https://clawmarket.cc) — download and install OpenClaw agent configs directly from the marketplace or from npm.
+CLI for [ClawMarket](https://clawmarket.cc) — download and install OpenClaw agent configs directly from the marketplace.
 
 ## Requirements
 
 - Node.js 18+
 - OpenClaw installed and configured (`~/.openclaw/openclaw.json` must exist)
-- `unzip` or `tar` available in your PATH
+- `unzip` available in your PATH (macOS and most Linux distros include it)
 
 ## Install
 
@@ -16,55 +16,85 @@ npm install -g clawmarketbot
 
 ## Usage
 
-### Install a bot from an npm package
+### Install an agent from a download token
 
 ```bash
-clawmarketbot config install-npm @clawmarket/my-bot
+clawmarketbot config install <token>
 ```
 
-Optionally pin a version:
+Tokens are obtained from the ClawMarket download modal on the config detail page.
 
-```bash
-clawmarketbot config install-npm @clawmarket/my-bot@1.2.0
-```
+The command will:
 
-### Install a bot from a one-time download token
+1. Download the bot package from ClawMarket and verify its checksum
+2. Locate the `source/bot-config.json` manifest inside the zip
+3. Prompt you for an agent ID (a unique name for this instance)
+4. Resolve source → target install paths using the manifest
+5. Stage workspace and agent state into a temp directory
+6. Patch `openclaw.json` with the new agent entry (heartbeat, identity, tools.web)
+7. Prompt you to install any packaged cron jobs
+8. Atomically commit everything — workspace, agent state, memory DB, cron jobs, and config update — with full rollback on failure
+9. Prompt for any required API keys and save them to `openclaw.json` / `.env`
+10. Run an optional `installer.sh` post-hook if bundled in the package
+11. Validate required workspace files and directories
+12. Print a summary
+
+### Download a config artifact to disk (without installing)
 
 ```bash
-clawmarketbot config install <token>
+clawmarketbot config download <token>
 ```
 
-Tokens are obtained from the ClawMarket download modal.
+Saves the raw zip file to the current directory.
 
-### Download a config artifact to disk
+### Authentication
 
 ```bash
-clawmarketbot config download <token>
+clawmarketbot auth login     # save a ClawMarket API key
+clawmarketbot auth status    # check current login status
+clawmarketbot auth logout    # clear saved credentials
 ```
 
-### Auth
+You can also pass the API key via stdin (recommended for automation):
 
 ```bash
-clawmarketbot auth login    # save an API key
-clawmarketbot auth status   # check current auth
-clawmarketbot auth logout   # clear credentials
+echo "$MY_API_KEY" | clawmarketbot auth login --stdin
 ```
 
 ## Environment Variables
 
 | Variable | Default | Purpose |
 |---|---|---|
-| `CLAWMARKET_API_URL` | `https://api.clawmarket.cc` | ClawMarket backend URL |
-| `OPENCLAW_HOME` | `os.homedir()` | OpenClaw home directory |
-| `OPENCLAW_STATE_DIR` | `~/.openclaw` | OpenClaw state directory |
-| `OPENCLAW_CONFIG_PATH` | `~/.openclaw/openclaw.json` | OpenClaw config file |
+| `CLAWMARKET_API_URL` | *(required)* | ClawMarket backend base URL — set this to your ClawMarket instance |
+| `OPENCLAW_HOME` | `os.homedir()` | Override the home directory used for tilde expansion |
+| `OPENCLAW_STATE_DIR` | `~/.openclaw` | Override the OpenClaw state directory |
+| `OPENCLAW_CONFIG_PATH` | `~/.openclaw/openclaw.json` | Override the OpenClaw config file path |
 
-## How npm-based install works
+Example:
 
-When you run `clawmarketbot config install-npm @clawmarket/some-bot`:
+```bash
+export CLAWMARKET_API_URL=https://api.clawmarket.cc
+clawmarketbot config install <token>
+```
+
+## What gets installed
+
+When you run `config install`, the CLI installs:
+
+| What | Where |
+|---|---|
+| Agent workspace | `~/.openclaw/workspace-<agent-id>/` |
+| Agent state dir | `~/.openclaw/agents/<agent-id>/` |
+| Memory database (SQLite) | `~/.openclaw/memory/<agent-id>.sqlite` *(if bundled)* |
+| Cron jobs | `~/.openclaw/cron/jobs.json` *(merged, not overwritten)* |
+| Agent registration | `~/.openclaw/openclaw.json` *(appended to agents.list)* |
+| API keys | `~/.openclaw/openclaw.json` and/or `~/.openclaw/.env` |
 
-1. Package metadata is fetched from the npm registry
-2. The tarball is downloaded and its integrity verified
-3. A `bot.zip` bundled inside the package is extracted
-4. The bot's `installer.sh` is run, registering the agent in your OpenClaw config
-5. All temp files are cleaned up automatically
+All install paths are declared inside the package's `bot-config.json` manifest and may use `{agent_id}` template substitution.
+
+## After installing
+
+```bash
+openclaw agents list      # confirm the new agent appears
+openclaw gateway restart  # pick up the new config
+```

package/dist/index.js

@@ -3,9 +3,27 @@
 // src/index.ts
 import { Command } from "commander";
 
-// src/commands/auth.ts
+// src/commands/config.ts
+import fs3 from "fs/promises";
+import path2 from "path";
+import os2 from "os";
+import { createHash, randomUUID } from "crypto";
+import { spawn } from "child_process";
+import JSON52 from "json5";
 import fetch from "node-fetch";
 
+// ../../contracts/token.js
+var CLAWMARKET_DOWNLOAD_TOKEN_PATTERN = "[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}";
+var CLAWMARKET_DOWNLOAD_TOKEN_REGEX = new RegExp(
+  `^${CLAWMARKET_DOWNLOAD_TOKEN_PATTERN}$`,
+  "i"
+);
+var CLAWMARKET_ARTIFACT_SHA256_HEADER = "x-clawmarket-sha256";
+function isClawMarketDownloadToken(value) {
+  if (typeof value !== "string") return false;
+  return CLAWMARKET_DOWNLOAD_TOKEN_REGEX.test(value.trim());
+}
+
 // src/lib/prompts.ts
 import { checkbox, confirm as promptConfirm, input, password, select } from "@inquirer/prompts";
 
@@ -44,10 +62,6 @@ async function askWithDefault(question, defaultValue) {
   });
   return value.trim() || defaultValue.trim();
 }
-async function askSecret(question) {
-  const value = await password({ message: question.trim() || "Secret", mask: true });
-  return value.trim();
-}
 async function askOptional(question, hintUrl) {
   if (hintUrl) {
     console.log(`  Get one at: ${hintUrl}`);
@@ -60,10 +74,11 @@ async function confirm(question, defaultYes = true) {
   return promptConfirm({ message: question, default: defaultYes });
 }
 
-// src/lib/auth-config.ts
+// src/lib/openclaw.ts
 import path from "path";
 import fs2 from "fs/promises";
 import os from "os";
+import JSON5 from "json5";
 
 // src/lib/fs.ts
 import fs from "fs/promises";
@@ -76,167 +91,7 @@ async function fileExists(filePath) {
   }
 }
 
-// src/lib/auth-config.ts
-function authConfigDir() {
-  return path.join(os.homedir(), ".clawmarket");
-}
-function authConfigPath() {
-  return path.join(authConfigDir(), "clawmarket.json");
-}
-async function readStoredApiKey() {
-  const configPath = authConfigPath();
-  if (!await fileExists(configPath)) return null;
-  try {
-    const raw = await fs2.readFile(configPath, "utf-8");
-    const parsed = JSON.parse(raw);
-    const apiKey = typeof parsed.api_key === "string" ? parsed.api_key.trim() : "";
-    return apiKey.length > 0 ? apiKey : null;
-  } catch {
-    return null;
-  }
-}
-async function writeStoredApiKey(apiKey) {
-  const configDir = authConfigDir();
-  const configPath = authConfigPath();
-  await fs2.mkdir(configDir, { recursive: true, mode: 448 });
-  await fs2.chmod(configDir, 448).catch(() => void 0);
-  const payload = { api_key: apiKey };
-  await fs2.writeFile(configPath, JSON.stringify(payload, null, 2), { mode: 384 });
-  await fs2.chmod(configPath, 384).catch(() => void 0);
-}
-async function clearStoredApiKey() {
-  const configPath = authConfigPath();
-  if (!await fileExists(configPath)) return false;
-  await fs2.unlink(configPath);
-  return true;
-}
-
-// src/commands/auth.ts
-var DEFAULT_SERVER = process.env.CLAWMARKET_API_URL || "http://localhost:8000";
-function resolveUsername(payload) {
-  return payload.data?.user?.username || payload.user?.username || "user";
-}
-function resolveError(payload, fallback) {
-  return payload.error || payload.message || fallback;
-}
-async function readJsonSafe(response) {
-  const text = await response.text();
-  if (!text.trim()) return {};
-  try {
-    return JSON.parse(text);
-  } catch {
-    return { message: text };
-  }
-}
-async function readApiKeyFromStdin() {
-  if (process.stdin.isTTY) {
-    throw new Error("`--stdin` requires piped input");
-  }
-  const chunks = [];
-  for await (const chunk of process.stdin) {
-    chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk)));
-  }
-  return Buffer.concat(chunks).toString("utf-8").trim();
-}
-async function resolveApiKeyInput(apiKeyArg, fromStdin) {
-  if (apiKeyArg && apiKeyArg.trim()) {
-    console.warn("Warning: using `<api-key>` argument stores it in shell history. Prefer prompt input or `--stdin`.");
-    return apiKeyArg.trim();
-  }
-  if (fromStdin) {
-    const fromPipe = await readApiKeyFromStdin();
-    if (!fromPipe) throw new Error("No API key received from stdin");
-    return fromPipe;
-  }
-  const entered = await askSecret("API key");
-  if (!entered) throw new Error("API key is required");
-  return entered;
-}
-async function validateApiKey(server, apiKey) {
-  const response = await fetch(`${server}/auth/api-key`, {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ api_key: apiKey })
-  });
-  const payload = await readJsonSafe(response);
-  return { ok: response.ok, payload };
-}
-function registerAuthCommands(program2) {
-  const authCommand = program2.command("auth").description("Manage authentication");
-  authCommand.command("login").description("Login with your ClawMarket API key").argument("[api-key]", "API key (less secure; shows in shell history)").option("--stdin", "Read API key from stdin (recommended for automation)").option("-s, --server <url>", "Server URL", DEFAULT_SERVER).action(async (apiKeyArg, options) => {
-    console.log("Validating API key...");
-    try {
-      const apiKey = await resolveApiKeyInput(apiKeyArg, Boolean(options.stdin));
-      const validation = await validateApiKey(options.server, apiKey);
-      if (!validation.ok) {
-        console.error(`Error: ${resolveError(validation.payload, "Invalid API key")}`);
-        process.exit(1);
-      }
-      const username = resolveUsername(validation.payload);
-      await writeStoredApiKey(apiKey);
-      console.log(`
-Hey ${username}! You're now logged in.
-`);
-    } catch (error) {
-      const message = error instanceof Error ? error.message : "";
-      if (message.includes("`--stdin`") || message.includes("No API key received") || message.includes("API key is required")) {
-        console.error(message);
-        process.exit(1);
-      }
-      console.error("Failed to connect to server. Are you online?");
-      process.exit(1);
-    }
-  });
-  authCommand.command("status").description("Check authentication status").option("-s, --server <url>", "Server URL", DEFAULT_SERVER).action(async (options) => {
-    const apiKey = await readStoredApiKey();
-    if (!apiKey) {
-      console.log("Not logged in. Run: clawmarketbot auth login");
-      return;
-    }
-    try {
-      const validation = await validateApiKey(options.server, apiKey);
-      if (!validation.ok) {
-        console.log("Session expired. Run: clawmarketbot auth login");
-        return;
-      }
-      const username = resolveUsername(validation.payload);
-      console.log(`Logged in as ${username}`);
-    } catch {
-      console.log("Logged in (could not verify with server)");
-    }
-  });
-  authCommand.command("logout").description("Logout and clear credentials").action(async () => {
-    const removed = await clearStoredApiKey();
-    console.log(removed ? "Logged out successfully" : "Not logged in");
-  });
-}
-
-// src/commands/config.ts
-import fs4 from "fs/promises";
-import path3 from "path";
-import os3 from "os";
-import { createHash, randomUUID } from "crypto";
-import { spawn } from "child_process";
-import JSON52 from "json5";
-import fetch2 from "node-fetch";
-
-// ../../contracts/token.js
-var CLAWMARKET_DOWNLOAD_TOKEN_PATTERN = "[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}";
-var CLAWMARKET_DOWNLOAD_TOKEN_REGEX = new RegExp(
-  `^${CLAWMARKET_DOWNLOAD_TOKEN_PATTERN}$`,
-  "i"
-);
-var CLAWMARKET_ARTIFACT_SHA256_HEADER = "x-clawmarket-sha256";
-function isClawMarketDownloadToken(value) {
-  if (typeof value !== "string") return false;
-  return CLAWMARKET_DOWNLOAD_TOKEN_REGEX.test(value.trim());
-}
-
 // src/lib/openclaw.ts
-import path2 from "path";
-import fs3 from "fs/promises";
-import os2 from "os";
-import JSON5 from "json5";
 var MAX_INCLUDE_DEPTH = 10;
 var DEBUG_LOGGING = process.env.CLAWMARKET_DEBUG === "1";
 function debug(message) {
@@ -249,14 +104,14 @@ function asObject(value) {
 }
 function resolveTilde(inputPath, homeDir) {
   if (inputPath === "~") return homeDir;
-  if (inputPath.startsWith("~/")) return path2.join(homeDir, inputPath.slice(2));
+  if (inputPath.startsWith("~/")) return path.join(homeDir, inputPath.slice(2));
   return inputPath;
 }
 function resolvePathLike(value, fallback, homeDir, baseDir = process.cwd()) {
   if (typeof value !== "string" || value.trim().length === 0) return fallback;
   const expanded = resolveTilde(value, homeDir);
-  if (path2.isAbsolute(expanded)) return path2.normalize(expanded);
-  return path2.resolve(baseDir, expanded);
+  if (path.isAbsolute(expanded)) return path.normalize(expanded);
+  return path.resolve(baseDir, expanded);
 }
 function isPlainObject(value) {
   return !!value && typeof value === "object" && !Array.isArray(value);
@@ -274,7 +129,7 @@ function deepMerge(base, override) {
   return result;
 }
 async function parseJson5File(filePath) {
-  const content = await fs3.readFile(filePath, "utf-8");
+  const content = await fs2.readFile(filePath, "utf-8");
   let parsed;
   try {
     parsed = JSON5.parse(content);
@@ -288,8 +143,8 @@ async function parseJson5File(filePath) {
   return parsed;
 }
 async function resolveIncludeTarget(includePath, includingFilePath, depth, stack) {
-  const rawPath = resolveTilde(includePath, os2.homedir());
-  const absPath = path2.isAbsolute(rawPath) ? path2.normalize(rawPath) : path2.resolve(path2.dirname(includingFilePath), rawPath);
+  const rawPath = resolveTilde(includePath, os.homedir());
+  const absPath = path.isAbsolute(rawPath) ? path.normalize(rawPath) : path.resolve(path.dirname(includingFilePath), rawPath);
   if (!absPath) {
     throw new Error(`Invalid include path "${includePath}" in "${includingFilePath}"`);
   }
@@ -357,10 +212,10 @@ function parseAgentName(agentConfig) {
 function parseAgents(config, paths) {
   const agentsRoot = asObject(config.agents);
   const defaults = asObject(agentsRoot?.defaults);
-  const configDir = path2.dirname(paths.configPath);
+  const configDir = path.dirname(paths.configPath);
   const defaultWorkspace = resolvePathLike(
     defaults?.workspace,
-    path2.join(paths.stateDir, "workspace"),
+    path.join(paths.stateDir, "workspace"),
     paths.homeDir,
     configDir
   );
@@ -370,7 +225,7 @@ function parseAgents(config, paths) {
       id: "main",
       name: "Main Agent",
       workspace: defaultWorkspace,
-      agentDir: path2.join(paths.stateDir, "agents", "main", "agent"),
+      agentDir: path.join(paths.stateDir, "agents", "main", "agent"),
       isDefault: true
     };
     return { agents: [defaultAgent], defaultAgentId: defaultAgent.id };
@@ -382,7 +237,7 @@ function parseAgents(config, paths) {
     if (!id) continue;
     const workspaceFallback = defaultWorkspace;
     const workspace = resolvePathLike(item.workspace, workspaceFallback, paths.homeDir, configDir);
-    const agentDirFallback = path2.join(paths.stateDir, "agents", id, "agent");
+    const agentDirFallback = path.join(paths.stateDir, "agents", id, "agent");
     const agentDir = resolvePathLike(item.agentDir, agentDirFallback, paths.homeDir, configDir);
     const name = parseAgentName(item) || id;
     const isDefault = item.default === true;
@@ -401,7 +256,7 @@ function parseAgents(config, paths) {
 }
 async function parseSkillName(skillFilePath, fallbackName) {
   try {
-    const content = await fs3.readFile(skillFilePath, "utf-8");
+    const content = await fs2.readFile(skillFilePath, "utf-8");
     if (!content.startsWith("---")) return fallbackName;
     const lines = content.split(/\r?\n/).slice(1);
     for (const line of lines) {
@@ -420,12 +275,12 @@ async function parseSkillName(skillFilePath, fallbackName) {
 }
 async function discoverSkillsInDirectory(dirPath, source) {
   if (!await fileExists(dirPath)) return [];
-  const entries = await fs3.readdir(dirPath, { withFileTypes: true }).catch(() => []);
+  const entries = await fs2.readdir(dirPath, { withFileTypes: true }).catch(() => []);
   const skills = [];
   for (const entry of entries) {
     if (!entry.isDirectory()) continue;
-    const skillDirPath = path2.join(dirPath, entry.name);
-    const skillFilePath = path2.join(skillDirPath, "SKILL.md");
+    const skillDirPath = path.join(dirPath, entry.name);
+    const skillFilePath = path.join(skillDirPath, "SKILL.md");
     if (!await fileExists(skillFilePath)) continue;
     const key = entry.name;
     const name = await parseSkillName(skillFilePath, key);
@@ -456,10 +311,10 @@ function skillPriority(source) {
 async function discoverSkillsForAgent(agent, config, paths) {
   const skillsRoot = asObject(config.skills);
   const loadConfig = asObject(skillsRoot?.load);
-  const configDir = path2.dirname(paths.configPath);
+  const configDir = path.dirname(paths.configPath);
   const extraDirs = Array.isArray(loadConfig?.extraDirs) ? loadConfig.extraDirs.filter((v) => typeof v === "string") : [];
   const aggregated = [];
-  aggregated.push(...await discoverSkillsInDirectory(path2.join(agent.workspace, "skills"), "workspace"));
+  aggregated.push(...await discoverSkillsInDirectory(path.join(agent.workspace, "skills"), "workspace"));
   aggregated.push(...await discoverSkillsInDirectory(paths.managedSkillsDir, "managed"));
   for (const dir of extraDirs) {
     const resolvedDir = resolvePathLike(dir, dir, paths.homeDir, configDir);
@@ -526,16 +381,16 @@ function parseCronJobs(rawCron) {
 }
 async function readCronJobs(config, paths) {
   const cronConfig = asObject(config.cron);
-  const configDir = path2.dirname(paths.configPath);
+  const configDir = path.dirname(paths.configPath);
   const cronStorePath = resolvePathLike(
     cronConfig?.store,
-    path2.join(paths.stateDir, "cron", "jobs.json"),
+    path.join(paths.stateDir, "cron", "jobs.json"),
     paths.homeDir,
     configDir
   );
   if (!await fileExists(cronStorePath)) return [];
   try {
-    const raw = await fs3.readFile(cronStorePath, "utf-8");
+    const raw = await fs2.readFile(cronStorePath, "utf-8");
     const parsed = JSON5.parse(raw);
     return parseCronJobs(parsed);
   } catch (error) {
@@ -545,12 +400,12 @@ async function readCronJobs(config, paths) {
   }
 }
 function resolveOpenClawPaths() {
-  const osHome = os2.homedir();
+  const osHome = os.homedir();
   const homeDir = resolveTilde(process.env.OPENCLAW_HOME || osHome, osHome);
-  const stateDir = resolvePathLike(process.env.OPENCLAW_STATE_DIR, path2.join(homeDir, ".openclaw"), osHome, osHome);
+  const stateDir = resolvePathLike(process.env.OPENCLAW_STATE_DIR, path.join(homeDir, ".openclaw"), osHome, osHome);
   const configPath = resolvePathLike(
     process.env.OPENCLAW_CONFIG_PATH,
-    path2.join(stateDir, "openclaw.json"),
+    path.join(stateDir, "openclaw.json"),
     osHome,
     osHome
   );
@@ -558,9 +413,9 @@ function resolveOpenClawPaths() {
     homeDir,
     stateDir,
     configPath,
-    envPath: path2.join(stateDir, ".env"),
-    managedSkillsDir: path2.join(stateDir, "skills"),
-    cronStorePath: path2.join(stateDir, "cron", "jobs.json")
+    envPath: path.join(stateDir, ".env"),
+    managedSkillsDir: path.join(stateDir, "skills"),
+    cronStorePath: path.join(stateDir, "cron", "jobs.json")
   };
 }
 async function loadOpenClawContext() {
@@ -569,7 +424,7 @@ async function loadOpenClawContext() {
     throw new Error(`OpenClaw config not found at "${paths.configPath}". Is OpenClaw installed?`);
   }
   const rawConfig = await parseJson5File(paths.configPath);
-  const resolvedConfig = await resolveIncludes(rawConfig, paths.configPath, 0, [path2.resolve(paths.configPath)]);
+  const resolvedConfig = await resolveIncludes(rawConfig, paths.configPath, 0, [path.resolve(paths.configPath)]);
   const { agents, defaultAgentId } = parseAgents(resolvedConfig, paths);
   const skillsByAgent = {};
   for (const agent of agents) {
@@ -597,13 +452,13 @@ function assertValidDownloadToken(token) {
   }
 }
 async function resolveSafeDownloadPath(targetPath) {
-  const resolved = path3.resolve(targetPath);
+  const resolved = path2.resolve(targetPath);
   if (!await fileExists(resolved)) {
     return { outputPath: resolved, renamed: false };
   }
-  const parsed = path3.parse(resolved);
+  const parsed = path2.parse(resolved);
   for (let i = 1; i <= 1e3; i += 1) {
-    const candidate = path3.join(parsed.dir, `${parsed.name}-${i}${parsed.ext}`);
+    const candidate = path2.join(parsed.dir, `${parsed.name}-${i}${parsed.ext}`);
     if (!await fileExists(candidate)) {
       return { outputPath: candidate, renamed: true };
     }
@@ -631,7 +486,7 @@ function sanitizeSlugPart(value) {
   return value.trim().toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "").slice(0, 32);
 }
 function sanitizeFileName(value) {
-  const base = path3.basename(value || "").replace(/[^A-Za-z0-9._-]/g, "-");
+  const base = path2.basename(value || "").replace(/[^A-Za-z0-9._-]/g, "-");
   return base || "download.bin";
 }
 function parseContentDispositionFileName(headerValue) {
@@ -678,7 +533,7 @@ async function readJsonError(response) {
   }
 }
 async function fetchDownloadArtifact(server, token) {
-  const response = await fetch2(`${server}/download/${encodeURIComponent(token)}?format=file`, {
+  const response = await fetch(`${server}/download/${encodeURIComponent(token)}?format=file`, {
     method: "GET"
   });
   if (!response.ok) {
@@ -749,7 +604,7 @@ async function readBotInstallerConfig(configPath) {
   if (!await fileExists(configPath)) {
     throw new Error(`Package is missing required config file: ${configPath}`);
   }
-  const raw = await fs4.readFile(configPath, "utf-8");
+  const raw = await fs3.readFile(configPath, "utf-8");
   try {
     return JSON.parse(raw);
   } catch (error) {
@@ -768,68 +623,68 @@ function resolveInstallPaths(botConfig, agentId, stateDir, sourceBase) {
   const tplWorkspace = botConfig.paths?.targetWorkspace ?? "workspace-{agent_id}";
   const tplAgentState = botConfig.paths?.targetAgentState ?? "agents/{agent_id}";
   const tplMemoryDb = botConfig.paths?.targetMemoryDb ?? null;
-  const targetAgentRoot = path3.join(stateDir, applyTemplate(tplAgentState));
+  const targetAgentRoot = path2.join(stateDir, applyTemplate(tplAgentState));
   return {
-    sourceWorkspace: path3.join(sourceBase, srcWorkspace),
-    sourceAgentState: path3.join(sourceBase, srcAgentState),
-    sourceMemoryDb: srcMemoryDb ? path3.join(sourceBase, srcMemoryDb) : null,
-    sourceCronJobs: srcCronJobs ? path3.join(sourceBase, srcCronJobs) : null,
-    targetWorkspace: path3.join(stateDir, applyTemplate(tplWorkspace)),
+    sourceWorkspace: path2.join(sourceBase, srcWorkspace),
+    sourceAgentState: path2.join(sourceBase, srcAgentState),
+    sourceMemoryDb: srcMemoryDb ? path2.join(sourceBase, srcMemoryDb) : null,
+    sourceCronJobs: srcCronJobs ? path2.join(sourceBase, srcCronJobs) : null,
+    targetWorkspace: path2.join(stateDir, applyTemplate(tplWorkspace)),
     targetAgentRoot,
-    targetAgentDir: path3.join(targetAgentRoot, "agent"),
-    targetMemoryDb: tplMemoryDb ? path3.join(stateDir, applyTemplate(tplMemoryDb)) : null
+    targetAgentDir: path2.join(targetAgentRoot, "agent"),
+    targetMemoryDb: tplMemoryDb ? path2.join(stateDir, applyTemplate(tplMemoryDb)) : null
   };
 }
 async function findSourceRoot(extractedDir) {
-  const queue = [path3.resolve(extractedDir)];
+  const queue = [path2.resolve(extractedDir)];
   const seen = /* @__PURE__ */ new Set();
   while (queue.length > 0) {
     const current = queue.shift();
     if (!current || seen.has(current)) continue;
     seen.add(current);
-    if (await fileExists(path3.join(current, "source", "bot-config.json"))) {
+    if (await fileExists(path2.join(current, "source", "bot-config.json"))) {
       return current;
     }
     let entries;
     try {
-      entries = await fs4.readdir(current, { withFileTypes: true });
+      entries = await fs3.readdir(current, { withFileTypes: true });
     } catch {
       continue;
     }
     for (const entry of entries) {
       if (!entry.isDirectory() || entry.name === "__MACOSX") continue;
-      queue.push(path3.join(current, entry.name));
+      queue.push(path2.join(current, entry.name));
     }
   }
   return null;
 }
 async function copyDirRecursive(src, dest) {
-  await fs4.mkdir(dest, { recursive: true });
-  const entries = await fs4.readdir(src, { withFileTypes: true });
+  await fs3.mkdir(dest, { recursive: true });
+  const entries = await fs3.readdir(src, { withFileTypes: true });
   for (const entry of entries) {
-    const srcPath = path3.join(src, entry.name);
-    const destPath = path3.join(dest, entry.name);
+    const srcPath = path2.join(src, entry.name);
+    const destPath = path2.join(dest, entry.name);
     if (entry.isDirectory()) {
       await copyDirRecursive(srcPath, destPath);
     } else {
-      await fs4.copyFile(srcPath, destPath);
+      await fs3.copyFile(srcPath, destPath);
     }
   }
 }
 async function stripMacOsJunk(dir) {
-  const macosDir = path3.join(dir, "__MACOSX");
-  await fs4.rm(macosDir, { recursive: true, force: true }).catch(() => void 0);
+  const macosDir = path2.join(dir, "__MACOSX");
+  await fs3.rm(macosDir, { recursive: true, force: true }).catch(() => void 0);
   async function removeDsStore(d) {
     let entries;
     try {
-      entries = await fs4.readdir(d, { withFileTypes: true });
+      entries = await fs3.readdir(d, { withFileTypes: true });
     } catch {
       return;
     }
     for (const entry of entries) {
-      const full = path3.join(d, entry.name);
+      const full = path2.join(d, entry.name);
       if (entry.isFile() && entry.name === ".DS_Store") {
-        await fs4.rm(full, { force: true }).catch(() => void 0);
+        await fs3.rm(full, { force: true }).catch(() => void 0);
       } else if (entry.isDirectory()) {
         await removeDsStore(full);
       }
@@ -838,7 +693,7 @@ async function stripMacOsJunk(dir) {
   await removeDsStore(dir);
 }
 async function buildOpenClawConfigPatch(configPath, agentId, agentName, botConfig, installPaths) {
-  const raw = await fs4.readFile(configPath, "utf-8");
+  const raw = await fs3.readFile(configPath, "utf-8");
   const config = JSON52.parse(raw);
   const agentEntry = {
     id: agentId,
@@ -875,7 +730,7 @@ async function buildOpenClawConfigPatch(configPath, agentId, agentName, botConfi
 }
 async function prepareCronJobsFromBundle(sourceCronPath, cronStorePath, agentId) {
   if (!sourceCronPath || !await fileExists(sourceCronPath)) return null;
-  const raw = await fs4.readFile(sourceCronPath, "utf-8");
+  const raw = await fs3.readFile(sourceCronPath, "utf-8");
   const bundleJobs = normalizeCronJobs(JSON.parse(raw));
   if (bundleJobs.length === 0) return null;
   const shouldInstall = await resolveCronChoice(true);
@@ -891,7 +746,7 @@ async function prepareCronJobsFromBundle(sourceCronPath, cronStorePath, agentId)
   let existingJobs = [];
   if (await fileExists(cronStorePath)) {
     existed = true;
-    backupContent = await fs4.readFile(cronStorePath, "utf-8");
+    backupContent = await fs3.readFile(cronStorePath, "utf-8");
     existingJobs = normalizeCronJobs(JSON52.parse(backupContent));
   }
   const existingKeys = new Set(
@@ -924,7 +779,7 @@ async function setupApiKeysFromConfig(botConfig, configPath, envPath) {
     console.log("");
     const key = await askOptional(brave.prompt ?? "Brave Search API key", brave.url);
     if (key) {
-      const raw = await fs4.readFile(configPath, "utf-8");
+      const raw = await fs3.readFile(configPath, "utf-8");
       const config = JSON52.parse(raw);
       const tools = config.tools ?? {};
       const web = tools.web ?? {};
@@ -933,7 +788,7 @@ async function setupApiKeysFromConfig(botConfig, configPath, envPath) {
       web.search = search;
       tools.web = web;
       config.tools = tools;
-      await fs4.writeFile(configPath, JSON.stringify(config, null, 2) + "\n", "utf-8");
+      await fs3.writeFile(configPath, JSON.stringify(config, null, 2) + "\n", "utf-8");
       console.log("  Brave Search key saved to openclaw.json");
     } else {
       console.log("  Skipped Brave Search key.");
@@ -941,10 +796,10 @@ async function setupApiKeysFromConfig(botConfig, configPath, envPath) {
   }
   const envKeys = botConfig.apiKeys.env ?? [];
   if (envKeys.length > 0) {
-    await fs4.mkdir(path3.dirname(envPath), { recursive: true });
+    await fs3.mkdir(path2.dirname(envPath), { recursive: true });
     let envContent = "";
     try {
-      envContent = await fs4.readFile(envPath, "utf-8");
+      envContent = await fs3.readFile(envPath, "utf-8");
     } catch {
     }
     let keysWritten = 0;
@@ -963,7 +818,7 @@ ${keyDef.key}=${val}`;
       }
     }
     if (keysWritten > 0) {
-      await fs4.writeFile(envPath, envContent.trim() + "\n", "utf-8");
+      await fs3.writeFile(envPath, envContent.trim() + "\n", "utf-8");
       console.log(`
   ${keysWritten} key(s) saved to .env`);
     }
@@ -975,13 +830,13 @@ async function validateInstalledWorkspace(workspacePath, botConfig) {
   if (requiredFiles.length === 0 && requiredDirs.length === 0) return;
   const warnings = [];
   for (const file of requiredFiles) {
-    if (!await fileExists(path3.join(workspacePath, file))) {
+    if (!await fileExists(path2.join(workspacePath, file))) {
       warnings.push(`Missing expected file: ${file}`);
     }
   }
   for (const dir of requiredDirs) {
     try {
-      const stat = await fs4.stat(path3.join(workspacePath, dir));
+      const stat = await fs3.stat(path2.join(workspacePath, dir));
       if (!stat.isDirectory()) warnings.push(`Expected directory but found file: ${dir}`);
     } catch {
       warnings.push(`Missing expected directory: ${dir}`);
@@ -1016,39 +871,39 @@ async function commitInstallTransaction(input2) {
   let movedAgentDir = false;
   let copiedMemoryDb = false;
   try {
-    await fs4.mkdir(path3.dirname(input2.workspacePath), { recursive: true });
-    await fs4.rename(input2.stagedWorkspacePath, input2.workspacePath);
+    await fs3.mkdir(path2.dirname(input2.workspacePath), { recursive: true });
+    await fs3.rename(input2.stagedWorkspacePath, input2.workspacePath);
     movedWorkspace = true;
-    await fs4.mkdir(path3.dirname(input2.agentDirPath), { recursive: true });
-    await fs4.rename(input2.stagedAgentDirPath, input2.agentDirPath);
+    await fs3.mkdir(path2.dirname(input2.agentDirPath), { recursive: true });
+    await fs3.rename(input2.stagedAgentDirPath, input2.agentDirPath);
     movedAgentDir = true;
     if (input2.memoryDbStagedPath && input2.memoryDbTargetPath && await fileExists(input2.memoryDbStagedPath)) {
-      await fs4.mkdir(path3.dirname(input2.memoryDbTargetPath), { recursive: true });
-      await fs4.copyFile(input2.memoryDbStagedPath, input2.memoryDbTargetPath);
+      await fs3.mkdir(path2.dirname(input2.memoryDbTargetPath), { recursive: true });
+      await fs3.copyFile(input2.memoryDbStagedPath, input2.memoryDbTargetPath);
       copiedMemoryDb = true;
     }
     if (input2.cronContent !== null) {
-      await fs4.mkdir(path3.dirname(input2.cronStorePath), { recursive: true });
-      await fs4.writeFile(input2.cronStorePath, input2.cronContent, "utf-8");
+      await fs3.mkdir(path2.dirname(input2.cronStorePath), { recursive: true });
+      await fs3.writeFile(input2.cronStorePath, input2.cronContent, "utf-8");
     }
-    await fs4.writeFile(input2.configPath, input2.configContent, "utf-8");
+    await fs3.writeFile(input2.configPath, input2.configContent, "utf-8");
   } catch (error) {
     if (input2.cronContent !== null) {
       if (input2.cronExisted && input2.cronBackupContent !== null) {
-        await fs4.writeFile(input2.cronStorePath, input2.cronBackupContent, "utf-8").catch(() => void 0);
+        await fs3.writeFile(input2.cronStorePath, input2.cronBackupContent, "utf-8").catch(() => void 0);
       } else {
-        await fs4.rm(input2.cronStorePath, { force: true }).catch(() => void 0);
+        await fs3.rm(input2.cronStorePath, { force: true }).catch(() => void 0);
       }
     }
     if (copiedMemoryDb && input2.memoryDbTargetPath) {
-      await fs4.rm(input2.memoryDbTargetPath, { force: true }).catch(() => void 0);
+      await fs3.rm(input2.memoryDbTargetPath, { force: true }).catch(() => void 0);
     }
-    await fs4.writeFile(input2.configPath, input2.configBackupContent, "utf-8").catch(() => void 0);
+    await fs3.writeFile(input2.configPath, input2.configBackupContent, "utf-8").catch(() => void 0);
     if (movedWorkspace) {
-      await fs4.rm(input2.workspacePath, { recursive: true, force: true }).catch(() => void 0);
+      await fs3.rm(input2.workspacePath, { recursive: true, force: true }).catch(() => void 0);
     }
     if (movedAgentDir) {
-      await fs4.rm(input2.agentRootPath, { recursive: true, force: true }).catch(() => void 0);
+      await fs3.rm(input2.agentRootPath, { recursive: true, force: true }).catch(() => void 0);
     }
     const message = error instanceof Error ? error.message : "unknown failure";
     throw new Error(`Install failed and was rolled back: ${message}`);
@@ -1060,7 +915,7 @@ function registerConfigCommands(program2) {
     try {
       assertValidDownloadToken(token);
       const server = getDefaultServer();
-      const response = await fetch2(`${server}/download/${encodeURIComponent(token)}?format=file`, {
+      const response = await fetch(`${server}/download/${encodeURIComponent(token)}?format=file`, {
         method: "GET"
       });
       if (!response.ok) {
@@ -1068,12 +923,12 @@ function registerConfigCommands(program2) {
       }
       const fileFromHeader = parseContentDispositionFileName(response.headers.get("content-disposition"));
       const fallbackFile = `clawmarket-${token}.bin`;
-      const preferredPath = path3.resolve(fileFromHeader || fallbackFile);
+      const preferredPath = path2.resolve(fileFromHeader || fallbackFile);
       const { outputPath, renamed } = await resolveSafeDownloadPath(preferredPath);
       const bytes = Buffer.from(await response.arrayBuffer());
       verifyDownloadedArtifactChecksum(bytes, response.headers.get(CLAWMARKET_ARTIFACT_SHA256_HEADER));
-      await fs4.mkdir(path3.dirname(outputPath), { recursive: true });
-      await fs4.writeFile(outputPath, bytes);
+      await fs3.mkdir(path2.dirname(outputPath), { recursive: true });
+      await fs3.writeFile(outputPath, bytes);
       if (renamed) {
         console.log(`Existing file detected, saved as: ${outputPath}`);
       }
@@ -1090,14 +945,14 @@ function registerConfigCommands(program2) {
       const server = getDefaultServer();
       const context = await loadOpenClawContext();
       const artifact = await fetchDownloadArtifact(server, token);
-      const tempRoot = await fs4.mkdtemp(
-        path3.join(os3.tmpdir(), `.clawmarket-install-${randomUUID().slice(0, 8)}-`)
+      const tempRoot = await fs3.mkdtemp(
+        path2.join(os2.tmpdir(), `.clawmarket-install-${randomUUID().slice(0, 8)}-`)
       );
       try {
-        const artifactPath = path3.join(tempRoot, sanitizeFileName(artifact.fileName));
-        const extractedPath = path3.join(tempRoot, "extracted");
-        await fs4.mkdir(extractedPath, { recursive: true });
-        await fs4.writeFile(artifactPath, artifact.bytes);
+        const artifactPath = path2.join(tempRoot, sanitizeFileName(artifact.fileName));
+        const extractedPath = path2.join(tempRoot, "extracted");
+        await fs3.mkdir(extractedPath, { recursive: true });
+        await fs3.writeFile(artifactPath, artifact.bytes);
         await extractZipArtifact(artifactPath, extractedPath);
         await stripMacOsJunk(extractedPath);
         const sourceRoot = await findSourceRoot(extractedPath);
@@ -1106,8 +961,8 @@ function registerConfigCommands(program2) {
             "Downloaded artifact is not an installable bot package (missing source/bot-config.json)."
           );
         }
-        const sourceBase = path3.join(sourceRoot, "source");
-        const botConfig = await readBotInstallerConfig(path3.join(sourceBase, "bot-config.json"));
+        const sourceBase = path2.join(sourceRoot, "source");
+        const botConfig = await readBotInstallerConfig(path2.join(sourceBase, "bot-config.json"));
         if (typeof botConfig.installerSpecVersion === "number" && botConfig.installerSpecVersion !== 1) {
           console.warn(
             `Warning: installerSpecVersion=${botConfig.installerSpecVersion} (this CLI currently expects version 1).`
@@ -1122,8 +977,8 @@ function registerConfigCommands(program2) {
           throw new Error(`Agent id "${agentId}" already exists. Choose another id.`);
         }
         const installPaths = resolveInstallPaths(botConfig, agentId, context.paths.stateDir, sourceBase);
-        const stagedWorkspacePath = path3.join(tempRoot, "staged-workspace");
-        const stagedAgentDirPath = path3.join(tempRoot, "staged-agent");
+        const stagedWorkspacePath = path2.join(tempRoot, "staged-workspace");
+        const stagedAgentDirPath = path2.join(tempRoot, "staged-agent");
         await copyDirRecursive(installPaths.sourceWorkspace, stagedWorkspacePath);
         await copyDirRecursive(installPaths.sourceAgentState, stagedAgentDirPath);
         const { configContent, configBackupContent } = await buildOpenClawConfigPatch(
@@ -1156,7 +1011,7 @@ function registerConfigCommands(program2) {
           memoryDbTargetPath: installPaths.targetMemoryDb
         });
         await setupApiKeysFromConfig(botConfig, context.paths.configPath, context.paths.envPath);
-        const installerShPath = path3.join(sourceBase, "installer.sh");
+        const installerShPath = path2.join(sourceBase, "installer.sh");
         if (await fileExists(installerShPath)) {
           console.log("\nRunning post-install hook (installer.sh)...");
           await runCommand("bash", [installerShPath, context.paths.stateDir], {
@@ -1187,7 +1042,7 @@ function registerConfigCommands(program2) {
         console.log("  1) openclaw agents list");
         console.log("  2) openclaw gateway restart");
       } finally {
-        await fs4.rm(tempRoot, { recursive: true, force: true }).catch(() => void 0);
+        await fs3.rm(tempRoot, { recursive: true, force: true }).catch(() => void 0);
       }
     } catch (error) {
       const message = error instanceof Error ? error.message : "Install failed";
@@ -1199,7 +1054,6 @@ function registerConfigCommands(program2) {
 
 // src/index.ts
 var program = new Command();
-program.name("clawmarketbot").description("CLI tool for ClawMarket - discover, download, and install OpenClaw configs").version("0.1.0");
-registerAuthCommands(program);
+program.name("clawmarketbot").description("CLI tool for ClawMarket - discover, download, and install OpenClaw configs").version("0.1.4");
 registerConfigCommands(program);
 program.parse();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clawmarketbot",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "private": false,
   "description": "CLI tool for ClawMarket - discover, download, and install OpenClaw configs",
   "type": "module",