clawmoney 0.16.0 → 0.17.0

package/dist/commands/gig.js

@@ -3,8 +3,9 @@ import chalk from "chalk";
 import ora from "ora";
 import { requireConfig } from "../utils/config.js";
 import { apiGet, apiPost } from "../utils/api.js";
-import { awalExec } from "../utils/awal.js";
 import { uploadFile } from "../hub/media.js";
+import { CdpProvider } from "../wallet/cdp-provider.js";
+import { x402Fetch } from "../wallet/x402-client.js";
 export async function gigCreateCommand(options) {
     const config = requireConfig();
     const budget = parseFloat(options.budget);
@@ -43,17 +44,19 @@ export async function gigCreateCommand(options) {
         // Auto-fund: check wallet balance and pay
         spinner.start("Checking wallet balance...");
         try {
-            const balanceResult = await awalExec(["balance"]);
-            const baseBalances = balanceResult.data.base;
-            const usdcBalance = baseBalances?.balances
-                ? baseBalances.balances.USDC?.formatted
-                : undefined;
-            const balance = parseFloat(String(usdcBalance || "0"));
+            const wallet = new CdpProvider(config.api_key);
+            const bal = await wallet.getBalance("usdc");
+            const atomic = BigInt(bal.amount);
+            const divisor = 10n ** BigInt(bal.decimals || 6);
+            const balance = Number(atomic / divisor) + Number(atomic % divisor) / Number(divisor);
             if (balance >= budget) {
                 // Enough USDC — pay via x402
                 spinner.text = `Funding $${budget.toFixed(2)} USDC via x402...`;
                 try {
-                    await awalExec(["x402", "pay", `https://pay.clawmoney.ai/market/escrow/${task.id}?price=${budget}`]);
+                    const res = await x402Fetch(wallet, `https://pay.clawmoney.ai/market/escrow/${task.id}?price=${budget}`, { method: "POST" });
+                    if (!res.ok) {
+                        throw new Error(`Payment endpoint returned ${res.status}`);
+                    }
                     spinner.succeed(chalk.green(`Funded! $${budget.toFixed(2)} USDC`));
                     console.log(chalk.dim("  Task is now live and accepting submissions."));
                 }
@@ -82,7 +85,7 @@ export async function gigCreateCommand(options) {
                 }
                 else {
                     spinner.warn(chalk.yellow("Stripe checkout not available."));
-                    console.log(chalk.dim(`  Fund via x402: npx awal x402 pay "https://pay.clawmoney.ai/market/escrow/${task.id}?price=${budget}"`));
+                    console.log(chalk.dim(`  Fund via x402 in another client, or use Stripe checkout above.`));
                 }
             }
         }

package/dist/commands/hub.js

@@ -5,8 +5,9 @@ import chalk from "chalk";
 import ora from "ora";
 import { requireConfig } from "../utils/config.js";
 import { apiGet, apiPost } from "../utils/api.js";
-import { awalExec } from "../utils/awal.js";
 import { readPid, isPidAlive, removePid } from "../hub/provider.js";
+import { CdpProvider } from "../wallet/cdp-provider.js";
+import { x402Fetch } from "../wallet/x402-client.js";
 const LOG_FILE = join(homedir(), ".clawmoney", "provider.log");
 // ── hub start ──
 export async function hubStartCommand(options) {
@@ -219,7 +220,11 @@ export async function hubCallCommand(options) {
             if (options.pay) {
                 spinner.text = `Funding task $${budget} USDC via x402...`;
                 try {
-                    await awalExec(["x402", "pay", `https://pay.clawmoney.ai/market/escrow/${taskId}?price=${budget}`]);
+                    const wallet = new CdpProvider(config.api_key);
+                    const res = await x402Fetch(wallet, `https://pay.clawmoney.ai/market/escrow/${taskId}?price=${budget}`, { method: "POST" });
+                    if (!res.ok) {
+                        throw new Error(`Payment endpoint returned ${res.status}`);
+                    }
                 }
                 catch (err) {
                     spinner.fail(chalk.red(`Funding failed: ${err.message}`));
@@ -239,25 +244,28 @@ export async function hubCallCommand(options) {
         if (options.pay) {
             // x402 payment flow via pay.clawmoney.ai Worker
             const skillPrice = skillInfo?.price ?? 0.01;
-            // Step 2: Pay via awal x402 → pay.clawmoney.ai Worker
+            // Step 2: Pay via x402 → pay.clawmoney.ai Worker
             spinner.text = `Paying $${skillPrice} USDC for ${options.agent}/${options.skill}...`;
             const payUrl = `https://pay.clawmoney.ai/market/${encodeURIComponent(options.agent)}/${encodeURIComponent(options.skill)}?price=${skillPrice}`;
-            let payResult;
+            let payData;
             try {
-                payResult = await awalExec(["x402", "pay", payUrl]);
+                const wallet = new CdpProvider(config.api_key);
+                const res = await x402Fetch(wallet, payUrl, { method: "POST" });
+                if (!res.ok) {
+                    throw new Error(`Payment endpoint returned ${res.status}`);
+                }
+                payData = (await res.json());
             }
             catch (err) {
                 spinner.fail(chalk.red(`Payment failed: ${err.message}`));
                 process.exit(1);
             }
             // Extract payment_token from Worker response
-            // awal returns {status, statusText, data: {payment_token, ...}, headers}
-            const payData = payResult.data;
             const innerData = payData.data ?? payData;
             const paymentToken = innerData.payment_token ?? payData.payment_token;
             if (!paymentToken) {
                 spinner.fail(chalk.red("Payment succeeded but no payment_token returned"));
-                console.error(chalk.dim(`  Raw response: ${JSON.stringify(payResult.data).slice(0, 200)}`));
+                console.error(chalk.dim(`  Raw response: ${JSON.stringify(payData).slice(0, 200)}`));
                 process.exit(1);
             }
             // Step 3: Invoke with payment_token

package/dist/commands/promote.js

@@ -1,8 +1,9 @@
 import chalk from 'chalk';
 import ora from 'ora';
 import { apiGet, apiPost } from '../utils/api.js';
-import { awalExec } from '../utils/awal.js';
 import { requireConfig } from '../utils/config.js';
+import { CdpProvider } from '../wallet/cdp-provider.js';
+import { x402PayJson } from '../wallet/x402-client.js';
 export async function promoteSubmitCommand(taskId, options) {
     const config = requireConfig();
     // 自动检测平台（从 task 获取）
@@ -82,9 +83,8 @@ export async function promoteVerifyCommand(submissionId, options) {
         const witnessSpinner = ora('Fetching witness proof via x402 ($0.01)...').start();
         let witnessData;
         try {
-            witnessData = await awalExec([
-                'x402', 'pay', `https://witness.bnbot.ai/x/${tweetId}`,
-            ]);
+            const wallet = new CdpProvider(config.api_key);
+            witnessData = await x402PayJson(wallet, `https://witness.bnbot.ai/x/${tweetId}`);
             witnessSpinner.succeed('Witness proof obtained');
         }
         catch (err) {
@@ -92,8 +92,9 @@ export async function promoteVerifyCommand(submissionId, options) {
             console.error(chalk.red(err.message));
             return;
         }
-        // Parse witness response — awalExec wraps: { success, data: { status, data: { code, data: {...}, proof: {...} } } }
-        const proof = witnessData?.data?.data?.proof || witnessData?.data?.proof || witnessData?.proof;
+        // Parse witness response — x402PayJson returns the response body directly.
+        const wdInner = witnessData?.data;
+        const proof = (wdInner?.proof ?? witnessData?.proof);
         if (!proof) {
             console.error(chalk.red('  No proof in witness response'));
             console.log(chalk.dim(`  Raw: ${JSON.stringify(witnessData).slice(0, 200)}`));

package/dist/commands/setup.js

@@ -1,252 +1,136 @@
 import chalk from 'chalk';
 import ora from 'ora';
-import { awalExec } from '../utils/awal.js';
 import { apiGet, apiPost } from '../utils/api.js';
 import { loadConfig, saveConfig, getConfigPath } from '../utils/config.js';
 import { prompt } from '../utils/prompt.js';
-import { execSync } from 'node:child_process';
+const CLAIM_POLL_INTERVAL_MS = 4_000;
+const CLAIM_POLL_TIMEOUT_MS = 15 * 60 * 1000; // 15 minutes
+async function pollForClaim(apiKey, onTick) {
+    const start = Date.now();
+    while (Date.now() - start < CLAIM_POLL_TIMEOUT_MS) {
+        try {
+            const resp = await apiGet('/api/v1/claw-agents/me', apiKey);
+            // Claim completion is detected via wallet_address being populated.
+            // Agent.status stays "unclaimed" by design until X account verification
+            // (see crud.claim_claw_agent), so we can't gate on status here — the
+            // wallet address is only set by complete_claim_with_key, so its
+            // presence is a reliable claim-completed signal.
+            if (resp.ok && resp.data && resp.data.wallet_address) {
+                return resp.data;
+            }
+        }
+        catch {
+            // Network blip — keep polling.
+        }
+        onTick?.();
+        await new Promise((r) => setTimeout(r, CLAIM_POLL_INTERVAL_MS));
+    }
+    return null;
+}
 export async function setupCommand() {
     console.log(chalk.bold('\n  ClawMoney Setup\n'));
-    // Non-interactive mode: if no TTY (e.g. AI agent running the command),
-    // install the skill and instruct the AI to proceed with onboarding.
+    // Non-interactive mode: skill-install path.
     if (!process.stdin.isTTY) {
         console.log('ClawMoney skill installed successfully.');
         console.log('');
         console.log('NEXT STEP: Run /clawmoney now to complete onboarding.');
-        console.log('The skill will walk you through wallet setup, agent registration, and earning.');
+        console.log('The skill will walk you through agent registration and earning.');
         console.log('');
         return;
     }
-    // Step 1: Check and install dependencies
-    const depSpinner = ora('Checking dependencies...').start();
-    try {
-        // Check if awal is available
-        try {
-            execSync('npx awal --version', { stdio: 'pipe' });
-            depSpinner.succeed('awal is available');
-        }
-        catch {
-            depSpinner.text = 'Installing awal...';
-            try {
-                execSync('npm install -g awal', { stdio: 'pipe' });
-                depSpinner.succeed('awal installed');
-            }
-            catch {
-                depSpinner.warn('Could not install awal globally. Will use npx.');
-            }
-        }
-    }
-    catch (err) {
-        depSpinner.fail('Failed to check dependencies');
-        console.error(chalk.red(err.message));
-        return;
-    }
-    // Step 2: Check wallet status
-    //
-    // We try to get the wallet address directly — if awal returns one, the
-    // wallet is signed in, end of story. This avoids the awal `status` command
-    // returning an unrecognized shape (observed field-name drift: some versions
-    // return `authenticated`, others `signedIn`/`account`/nested objects)
-    // which would otherwise force us into the login flow even when the user
-    // is already signed in, and awal would then refuse with "already signed in".
-    const walletSpinner = ora('Checking wallet status...').start();
-    let walletAddress = '';
-    let needsLogin = false;
-    try {
-        const addrResult = await awalExec(['address']);
-        const addrData = addrResult.data;
-        const addr = addrData.address || '';
-        if (addr) {
-            walletAddress = addr;
-            walletSpinner.succeed(`Wallet connected: ${walletAddress}`);
-        }
-        else {
-            // Fall back to legacy `status` shape in case some awal version only
-            // exposes authentication through that command.
-            const status = await awalExec(['status']);
-            const statusData = status.data;
-            if (statusData.authenticated || statusData.loggedIn || statusData.address) {
-                walletAddress = statusData.address || '';
-                walletSpinner.succeed(`Wallet connected${walletAddress ? `: ${walletAddress}` : ''}`);
-            }
-            else {
-                needsLogin = true;
-                walletSpinner.info('Wallet not authenticated');
-            }
-        }
-    }
-    catch {
-        needsLogin = true;
-        walletSpinner.info('Wallet not authenticated');
-    }
-    // Step 3: Ask for email
+    // Step 1: Ask for email.
     const email = await prompt(chalk.cyan('? ') + 'Enter your email: ');
     if (!email || !email.includes('@')) {
         console.log(chalk.red('Invalid email address.'));
         return;
     }
-    // Step 4: Login wallet if needed
-    if (needsLogin) {
-        const loginSpinner = ora('Logging in to wallet...').start();
-        try {
-            const loginResult = await awalExec(['auth', 'login', email]);
-            const loginData = loginResult.data;
-            const flowId = loginData.flowId || loginData.flow_id;
-            if (!flowId) {
-                loginSpinner.fail('Login failed: no flow ID returned');
-                console.log(chalk.dim('Response:'), loginResult.raw);
-                return;
-            }
-            loginSpinner.info('OTP sent to your email');
-            const otp = await prompt(chalk.cyan('? ') + 'Enter OTP from email: ');
-            if (!otp) {
-                console.log(chalk.red('OTP is required.'));
-                return;
-            }
-            const verifySpinner = ora('Verifying OTP...').start();
-            try {
-                const verifyResult = await awalExec(['auth', 'verify', String(flowId), otp]);
-                verifySpinner.succeed('Wallet authenticated');
-                // Get wallet address
-                const addrResult = await awalExec(['address']);
-                const addrData = addrResult.data;
-                walletAddress = addrData.address || '';
-                if (walletAddress) {
-                    console.log(chalk.dim(`  Wallet: ${walletAddress}`));
-                }
-            }
-            catch (err) {
-                verifySpinner.fail('OTP verification failed');
-                console.error(chalk.red(err.message));
-                return;
-            }
-        }
-        catch (err) {
-            // If awal reports "already signed in" we're actually in the happy path
-            // — the wallet is authenticated, the address check at the top just
-            // failed to detect it. Try once more to fetch the address directly.
-            const msg = err.message || '';
-            if (/already\s*signed\s*in/i.test(msg)) {
-                loginSpinner.info('Wallet already signed in');
-                try {
-                    const addrResult = await awalExec(['address']);
-                    const addrData = addrResult.data;
-                    walletAddress = addrData.address || '';
-                    if (walletAddress) {
-                        console.log(chalk.dim(`  Wallet: ${walletAddress}`));
-                    }
-                }
-                catch {
-                    // Address fetch still failed — continue anyway; the agent
-                    // register/login flow below doesn't strictly require a wallet.
-                }
-            }
-            else {
-                loginSpinner.fail('Wallet login failed');
-                console.error(chalk.red(msg));
-                return;
-            }
-        }
-    }
-    // If we still don't have address, try fetching it
-    if (!walletAddress) {
-        try {
-            const addrResult = await awalExec(['address']);
-            const addrData = addrResult.data;
-            walletAddress = addrData.address || '';
-        }
-        catch {
-            // continue without address
-        }
-    }
-    // Step 5: Check agent status
+    // Step 2: Check if this email already has an agent.
     const agentSpinner = ora('Checking agent status...').start();
+    let existingStatus = '';
     try {
         const checkResp = await apiGet(`/api/v1/claw-agents/check-email?email=${encodeURIComponent(email)}`);
-        if (!checkResp.ok) {
-            agentSpinner.fail(`API error: ${checkResp.status}`);
-            return;
-        }
-        const checkData = checkResp.data;
-        // Backend returns agent details nested under `agent` now; fall back
-        // to legacy top-level fields so an older backend still works.
-        // Status is normalized to uppercase so case differences between
-        // backend builds (active vs ACTIVE) don't trip the branch select.
-        const agentInfo = checkData.agent ?? {};
-        const agentStatus = (agentInfo.status ?? checkData.status ?? '').toUpperCase();
-        const agentSlug = agentInfo.slug ?? checkData.slug;
-        const agentIdFromCheck = agentInfo.id ?? checkData.agent_id;
-        if (!checkData.exists || agentStatus === 'UNCLAIMED') {
-            // Step 6: Register new agent
-            agentSpinner.text = 'Registering agent...';
-            // Backend generates the anonymous provider slug from email hash
-            // — we deliberately do NOT send a name here so users can't pick
-            // something that leaks PII.
-            const registerBody = { email };
-            if (walletAddress) {
-                registerBody.wallet_address = walletAddress;
-            }
-            const regResp = await apiPost('/api/v1/claw-agents/register', registerBody);
-            if (!regResp.ok) {
-                agentSpinner.fail('Registration failed');
-                console.error(chalk.red(JSON.stringify(regResp.data)));
-                return;
-            }
-            const regData = regResp.data;
-            agentSpinner.succeed(`Agent registered: ${regData.slug}`);
-            saveConfig({
-                api_key: regData.api_key,
-                agent_id: regData.agent_id,
-                agent_slug: regData.slug,
-                email,
-                wallet_address: walletAddress || undefined,
-            });
+        if (checkResp.ok) {
+            const info = checkResp.data.agent ?? {};
+            existingStatus = (info.status ?? checkResp.data.status ?? '').toUpperCase();
         }
-        else if (agentStatus === 'ACTIVE') {
-            // Step 7: Login existing agent via OTP
-            agentSpinner.info(`Agent found: ${agentSlug || agentIdFromCheck}`);
-            const loginSpinner2 = ora('Sending login OTP...').start();
-            const loginResp = await apiPost('/api/v1/claw-agents/login', { email });
-            if (!loginResp.ok) {
-                loginSpinner2.fail('Agent login failed');
-                console.error(chalk.red(JSON.stringify(loginResp.data)));
-                return;
-            }
-            loginSpinner2.info('OTP sent to your email');
-            const agentOtp = await prompt(chalk.cyan('? ') + 'Enter agent login OTP: ');
-            const verifySpinner2 = ora('Verifying...').start();
-            const verifyResp = await apiPost('/api/v1/claw-agents/login/verify', {
-                email,
-                otp: agentOtp,
-                flow_id: loginResp.data.flow_id,
-            });
-            if (!verifyResp.ok) {
-                verifySpinner2.fail('Agent login verification failed');
-                console.error(chalk.red(JSON.stringify(verifyResp.data)));
-                return;
-            }
-            const loginData = verifyResp.data;
-            verifySpinner2.succeed('Agent authenticated');
-            saveConfig({
-                api_key: loginData.api_key,
-                agent_id: loginData.agent_id,
-                agent_slug: loginData.slug,
-                email,
-                wallet_address: walletAddress || undefined,
-            });
+    }
+    catch {
+        // Fall through — if the check fails, we still try registering.
+    }
+    if (existingStatus === 'ACTIVE') {
+        agentSpinner.warn('An active agent already exists for this email.');
+        console.log('');
+        console.log(chalk.yellow('If you have lost your API key, re-register and a new claim link will be sent.'));
+        const proceed = await prompt(chalk.cyan('? ') + 'Continue with re-registration? (y/N): ');
+        if (!/^y(es)?$/i.test(proceed.trim())) {
+            return;
         }
-        else {
-            agentSpinner.warn(`Agent status: ${agentStatus || '(unknown)'}`);
-            console.log(chalk.yellow('Please contact support if you need help.'));
+        agentSpinner.start('Checking agent status...');
+    }
+    // Step 3: Register agent (or re-send claim link for an UNCLAIMED agent).
+    // The backend generates the anonymous slug from email hash; we never send a name.
+    agentSpinner.text = 'Registering agent...';
+    let regData;
+    try {
+        const regResp = await apiPost('/api/v1/claw-agents/register', { email });
+        if (!regResp.ok) {
+            agentSpinner.fail('Registration failed');
+            console.error(chalk.red(JSON.stringify(regResp.data)));
             return;
         }
+        regData = regResp.data;
     }
     catch (err) {
-        agentSpinner.fail('Failed to check agent status');
+        agentSpinner.fail('Registration failed');
         console.error(chalk.red(err.message));
         return;
     }
-    // Step 8: Print summary
+    agentSpinner.succeed(`Agent registered: ${regData.agent.slug}`);
+    // Persist the api_key and agent_id immediately — the key only activates
+    // after the claim link is clicked, but we save it now so nothing is lost
+    // if the user ctrl-C's during the claim step.
+    saveConfig({
+        api_key: regData.api_key,
+        agent_id: regData.agent.id,
+        agent_slug: regData.agent.slug,
+        email,
+    });
+    // Step 4: Instruct the user to click the claim link in their email.
+    console.log('');
+    console.log(chalk.bold('  Check your email'));
+    console.log('');
+    console.log(chalk.dim('  We sent a claim link to'), chalk.cyan(email));
+    console.log(chalk.dim('  Click the link to complete setup. Your CDP wallet will be'));
+    console.log(chalk.dim('  provisioned automatically and this CLI will unlock.'));
+    console.log('');
+    // Step 5: Poll for claim completion.
+    const pollSpinner = ora('Waiting for claim link to be clicked...').start();
+    let tickCount = 0;
+    const completed = await pollForClaim(regData.api_key, () => {
+        tickCount++;
+        if (tickCount % 5 === 0) {
+            pollSpinner.text = `Waiting for claim link... (${Math.floor((tickCount * CLAIM_POLL_INTERVAL_MS) / 1000)}s)`;
+        }
+    });
+    if (!completed) {
+        pollSpinner.warn('Claim not completed within 15 minutes.');
+        console.log('');
+        console.log(chalk.yellow('  You can re-run'), chalk.cyan('clawmoney setup'), chalk.yellow('later to resume.'));
+        console.log(chalk.dim('  Your API key is already saved and will activate once you click the claim link.'));
+        console.log('');
+        return;
+    }
+    const walletAddress = completed.wallet_address ?? '';
+    pollSpinner.succeed('Agent claimed');
+    // Step 6: Update config with the now-known wallet address.
+    saveConfig({
+        api_key: regData.api_key,
+        agent_id: completed.id,
+        agent_slug: completed.slug,
+        email,
+        wallet_address: walletAddress || undefined,
+    });
+    // Step 7: Summary.
     const config = loadConfig();
     console.log('');
     console.log(chalk.green.bold('  Setup complete!'));
@@ -256,6 +140,7 @@ export async function setupCommand() {
         console.log(chalk.dim(`  Agent Slug:  ${config.agent_slug}`));
         if (walletAddress) {
             console.log(chalk.dim(`  Wallet:      ${walletAddress}`));
+            console.log(chalk.dim(`  Custody:     Coinbase CDP Server Wallet`));
         }
         console.log(chalk.dim(`  Config:      ${getConfigPath()}`));
     }

package/dist/commands/wallet.js

@@ -1,12 +1,10 @@
 import chalk from 'chalk';
 import ora from 'ora';
-import { awalExec, awalExecSafe } from '../utils/awal.js';
 import { apiGet } from '../utils/api.js';
-import { loadConfig, saveConfig } from '../utils/config.js';
-// Base mainnet USDC contract + balanceOf(address) ABI selector.
-// Keeping on-chain reads as a first-class path lets `wallet balance`
-// skip the awal Electron bridge entirely, which is notorious for
-// cold-starting slowly or hanging if the daemon isn't warm.
+import { loadConfig, requireConfig, saveConfig } from '../utils/config.js';
+import { CdpProvider } from '../wallet/cdp-provider.js';
+// On-chain balance is read directly over public RPC to avoid a hot-path
+// round-trip through the backend for a plain USDC balance query.
 const BASE_RPC_URL = 'https://mainnet.base.org';
 const BASE_USDC_CONTRACT = '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913';
 const BALANCE_OF_SELECTOR = '0x70a08231';
@@ -43,14 +41,14 @@ async function readBaseUsdcBalance(walletAddress, timeoutMs = 8000) {
 export async function walletStatusCommand() {
     const spinner = ora('Getting wallet status...').start();
     try {
-        // Read-only, safe to auto-retry after killing a wedged awal.
-        const result = await awalExecSafe(['status'], { timeoutMs: 8_000 });
+        const config = requireConfig();
+        const wallet = new CdpProvider(config.api_key);
+        const address = await wallet.getAddress();
         spinner.succeed('Wallet Status');
         console.log('');
-        const data = result.data;
-        for (const [key, value] of Object.entries(data)) {
-            console.log(`  ${chalk.dim(key + ':')} ${value}`);
-        }
+        console.log(`  ${chalk.dim('Address:')} ${chalk.cyan(address)}`);
+        console.log(`  ${chalk.dim('Custody:')} Coinbase CDP Server Wallet`);
+        console.log(`  ${chalk.dim('Network:')} Base`);
         console.log('');
     }
     catch (err) {
@@ -58,53 +56,19 @@ export async function walletStatusCommand() {
         console.error(chalk.red(err.message));
     }
 }
-// Wrap a promise in a hard timeout so a hung awal process can't
-// swallow the whole command. On timeout we surface a specific
-// error string the caller can tell apart from generic spawn errors.
-function withTimeout(p, ms, label) {
-    return new Promise((resolve, reject) => {
-        const timer = setTimeout(() => {
-            reject(new Error(`${label} timed out after ${ms}ms`));
-        }, ms);
-        p.then((v) => {
-            clearTimeout(timer);
-            resolve(v);
-        }, (e) => {
-            clearTimeout(timer);
-            reject(e);
-        });
-    });
-}
 export async function walletBalanceCommand() {
     const spinner = ora('Getting wallet balance...').start();
-    // Source of truth for on-chain balance: direct JSON-RPC to Base
-    // mainnet USDC, not `awal balance`. Reasons:
-    //   - awal is an Electron app; cold-starting it via `npx` takes 3-10s
-    //     and occasionally wedges under load (see GH issues around
-    //     DEP0190 / pipe buffers).
-    //   - We already store the wallet address in ~/.clawmoney/config.yaml
-    //     at setup time, so we don't need awal to look it up.
-    //   - RPC reads are idempotent, cacheable, and cost nothing.
-    // Relay earnings are fetched in parallel from the clawmoney backend.
-    // Either half is allowed to fail — we print "(unavailable)" for the
-    // broken section and keep going.
+    // Source of truth for on-chain balance: direct JSON-RPC to Base mainnet
+    // USDC. The wallet address comes from config.yaml (set at setup time) or
+    // the backend /me endpoint. Relay earnings are fetched in parallel.
     const config = loadConfig();
-    // Wallet address lookup order:
-    //   1. ~/.clawmoney/config.yaml cache (instant)
-    //   2. Backend /api/v1/claw-agents/me (authoritative, ~200ms)
-    //   3. awal address (Electron cold-start, last resort, 5s cap)
-    // After a successful #2 we write the result back to the config so
-    // every future `wallet balance` hits path #1.
     let walletAddress = config?.wallet_address ?? null;
-    let addressSource = 'config';
     let addressError = null;
     if (!walletAddress && config?.api_key) {
         try {
             const resp = await apiGet('/api/v1/claw-agents/me', config.api_key);
             if (resp.ok && typeof resp.data?.wallet_address === 'string' && resp.data.wallet_address) {
                 walletAddress = resp.data.wallet_address;
-                addressSource = 'api';
-                // Cache it so the next run is instant.
                 try {
                     saveConfig({ wallet_address: walletAddress });
                 }
@@ -117,22 +81,6 @@ export async function walletBalanceCommand() {
             addressError = err.message;
         }
     }
-    if (!walletAddress) {
-        // Last resort: cold-start awal. Uses awalExecSafe so a wedged
-        // Electron is automatically killed + retried before surfacing
-        // the error. Capped at 6s per attempt.
-        try {
-            const awalResult = await awalExecSafe(['address'], { timeoutMs: 6_000 });
-            const data = awalResult.data;
-            if (typeof data?.address === 'string' && data.address) {
-                walletAddress = data.address;
-                addressSource = 'awal';
-            }
-        }
-        catch (err) {
-            addressError = err.message;
-        }
-    }
     const relayPromise = config?.api_key
         ? apiGet("/api/v1/relay/providers/me", config.api_key)
             .then((resp) => (resp.ok && Array.isArray(resp.data) ? resp.data : null))
@@ -151,7 +99,6 @@ export async function walletBalanceCommand() {
     else {
         onchainError = addressError ?? 'no wallet address in config';
     }
-    void addressSource; // reserved for future debug display
     const relayRows = await relayPromise;
     spinner.stop();
     console.log('');
@@ -170,12 +117,6 @@ export async function walletBalanceCommand() {
     console.log('');
     console.log(chalk.bold('  Pending payout (Relay)'));
     if (relayRows && relayRows.length > 0) {
-        // "Earned lifetime" is vanity — the only thing that matters for
-        // the wallet view is: how much is already in the on-chain wallet
-        // (shown above as USDC), and how much is still owed to the user
-        // (pending = earned - withdrawn). Those two numbers together
-        // tell the full story; showing "earned" separately would double-
-        // count the wallet USDC that came from relay payouts.
         const earned = relayRows.reduce((s, p) => s + (p.total_earned_usd ?? 0), 0);
         const withdrawn = relayRows.reduce((s, p) => s + (p.total_withdrawn_usd ?? 0), 0);
         const pending = Math.max(0, earned - withdrawn);
@@ -194,13 +135,27 @@ export async function walletBalanceCommand() {
 export async function walletAddressCommand() {
     const spinner = ora('Getting wallet address...').start();
     try {
-        // Read-only, safe to auto-retry on awal wedge.
-        const result = await awalExecSafe(['address'], { timeoutMs: 8_000 });
+        const config = requireConfig();
+        // Fast path: config.yaml cache (written at setup).
+        if (config.wallet_address) {
+            spinner.succeed('Wallet Address');
+            console.log('');
+            console.log(`  ${chalk.cyan(config.wallet_address)}`);
+            console.log('');
+            return;
+        }
+        const wallet = new CdpProvider(config.api_key);
+        const address = await wallet.getAddress();
+        // Cache back to config.
+        try {
+            saveConfig({ wallet_address: address });
+        }
+        catch {
+            // Non-fatal.
+        }
         spinner.succeed('Wallet Address');
         console.log('');
-        const data = result.data;
-        const address = data.address || result.raw.trim();
-        console.log(`  ${chalk.cyan(String(address))}`);
+        console.log(`  ${chalk.cyan(address)}`);
         console.log('');
     }
     catch (err) {
@@ -210,22 +165,26 @@ export async function walletAddressCommand() {
 }
 export async function walletSendCommand(amount, to) {
     console.log('');
-    console.log(chalk.bold('  Send Transaction'));
+    console.log(chalk.bold('  Send USDC'));
     console.log(chalk.dim(`  Amount: ${amount}`));
     console.log(chalk.dim(`  To:     ${to}`));
     console.log('');
     const spinner = ora('Sending...').start();
     try {
-        const result = await awalExec(['send', amount, to]);
+        const config = requireConfig();
+        const wallet = new CdpProvider(config.api_key);
+        // `amount` is the user-facing decimal (e.g. "1.5"); convert to atomic (6dp for USDC).
+        const [whole, frac = ''] = amount.split('.');
+        const paddedFrac = (frac + '000000').slice(0, 6);
+        const atomic = BigInt(whole || '0') * 1000000n + BigInt(paddedFrac || '0');
+        const result = await wallet.send(to, atomic.toString(), 'usdc');
         spinner.succeed('Transaction sent');
         console.log('');
-        const data = result.data;
-        if (data.txHash || data.hash || data.transactionHash) {
-            const hash = data.txHash || data.hash || data.transactionHash;
-            console.log(`  ${chalk.dim('TX Hash:')} ${chalk.cyan(String(hash))}`);
+        if (result.transaction_hash) {
+            console.log(`  ${chalk.dim('TX Hash:')} ${chalk.cyan(result.transaction_hash)}`);
         }
-        else {
-            console.log(`  ${result.raw}`);
+        if (result.transaction_link) {
+            console.log(`  ${chalk.dim('Link:')}    ${chalk.cyan(result.transaction_link)}`);
         }
         console.log('');
     }

package/dist/promote/auto-verify.js

@@ -1,6 +1,7 @@
 import { apiGet, apiPost } from "../utils/api.js";
-import { awalExec, awalExecSafe } from "../utils/awal.js";
 import { requireConfig } from "../utils/config.js";
+import { CdpProvider } from "../wallet/cdp-provider.js";
+import { x402PayJson } from "../wallet/x402-client.js";
 const POLL_INTERVAL_MS = 15 * 60 * 1000; // 15 minutes
 const MAX_PER_CYCLE = 3;
 const MIN_BALANCE_USD = 0.05;
@@ -9,15 +10,16 @@ function log(msg) {
     const ts = new Date().toISOString().replace("T", " ").slice(0, 19);
     console.log(`[${ts}] ${msg}`);
 }
-async function getUsdcBalance() {
+async function getUsdcBalance(apiKey) {
     try {
-        // Read-only balance check inside a long-running daemon loop —
-        // must auto-recover if awal wedges during the day.
-        const result = await awalExecSafe(["balance"], { timeoutMs: 10_000 });
-        const base = result.data.base;
-        const balances = base?.balances;
-        const usdc = balances?.USDC;
-        return parseFloat(String(usdc?.formatted || "0"));
+        const wallet = new CdpProvider(apiKey);
+        const bal = await wallet.getBalance("usdc");
+        // `amount` is in atomic units; USDC has 6 decimals.
+        const atomic = BigInt(bal.amount);
+        const divisor = 10n ** BigInt(bal.decimals || 6);
+        const whole = Number(atomic / divisor);
+        const frac = Number(atomic % divisor) / Number(divisor);
+        return whole + frac;
     }
     catch {
         return 0;
@@ -65,19 +67,15 @@ async function verifySubmission(task, submission, apiKey) {
     const tweetId = tweetMatch[1];
     let witnessData;
     try {
-        witnessData = await awalExec([
-            "x402",
-            "pay",
-            `https://witness.bnbot.ai/x/${tweetId}`,
-        ]);
+        const wallet = new CdpProvider(apiKey);
+        witnessData = await x402PayJson(wallet, `https://witness.bnbot.ai/x/${tweetId}`);
     }
     catch (err) {
         log(`  Witness failed: ${err.message}`);
         return false;
     }
-    const wd = witnessData.data;
-    const wdInner = wd?.data;
-    const proof = (wdInner?.proof ?? wd?.proof ?? null);
+    const wdInner = witnessData?.data;
+    const proof = (wdInner?.proof ?? witnessData?.proof ?? null);
     if (!proof) {
         log(`  No proof in witness response`);
         return false;
@@ -108,7 +106,7 @@ async function verifySubmission(task, submission, apiKey) {
 }
 async function runCycle(apiKey) {
     // Check balance
-    const balance = await getUsdcBalance();
+    const balance = await getUsdcBalance(apiKey);
     if (balance < MIN_BALANCE_USD) {
         log(`Balance $${balance.toFixed(3)} below minimum $${MIN_BALANCE_USD}. Pausing.`);
         return;

package/dist/wallet/cdp-provider.d.ts

@@ -0,0 +1,15 @@
+import type { Asset, Balance, Eip712TypedData, SendResult, SignedTypedData, WalletProvider } from './provider.js';
+/**
+ * CdpProvider: routes all wallet operations through bnbot-api's
+ * /api/v1/claw-agents/me/wallet/* endpoints. The underlying keys live
+ * in Coinbase CDP (Server Wallet v2) — this CLI never sees them.
+ */
+export declare class CdpProvider implements WalletProvider {
+    private readonly apiKey;
+    constructor(apiKey: string);
+    getAddress(): Promise<string>;
+    getBalance(asset?: Asset): Promise<Balance>;
+    signTypedData(typed: Eip712TypedData, idempotencyKey?: string): Promise<SignedTypedData>;
+    send(to: string, amount: string, asset?: Asset, network?: string): Promise<SendResult>;
+    getOnrampUrl(amountUsd?: number, network?: string): Promise<string>;
+}

package/dist/wallet/cdp-provider.js

@@ -0,0 +1,52 @@
+import { apiGet, apiPost } from '../utils/api.js';
+/**
+ * CdpProvider: routes all wallet operations through bnbot-api's
+ * /api/v1/claw-agents/me/wallet/* endpoints. The underlying keys live
+ * in Coinbase CDP (Server Wallet v2) — this CLI never sees them.
+ */
+export class CdpProvider {
+    apiKey;
+    constructor(apiKey) {
+        this.apiKey = apiKey;
+    }
+    async getAddress() {
+        const res = await apiGet('/api/v1/claw-agents/me', this.apiKey);
+        if (!res.ok || !res.data?.wallet_address) {
+            throw new Error(res.ok
+                ? 'Agent has no wallet yet; claim your agent via the link sent to your email.'
+                : `Failed to fetch agent: ${res.status}`);
+        }
+        return res.data.wallet_address;
+    }
+    async getBalance(asset = 'usdc') {
+        const res = await apiGet(`/api/v1/claw-agents/me/wallet/balance?asset=${asset}`, this.apiKey);
+        if (!res.ok) {
+            throw new Error(`Failed to get balance: ${res.status}`);
+        }
+        return res.data;
+    }
+    async signTypedData(typed, idempotencyKey) {
+        const res = await apiPost('/api/v1/claw-agents/me/wallet/sign-typed-data', { ...typed, idempotency_key: idempotencyKey }, this.apiKey);
+        if (!res.ok) {
+            const err = res.data?.detail ?? `HTTP ${res.status}`;
+            throw new Error(`signTypedData failed: ${err}`);
+        }
+        return res.data;
+    }
+    async send(to, amount, asset = 'usdc', network) {
+        const res = await apiPost('/api/v1/claw-agents/me/wallet/send', { to, amount, asset, network }, this.apiKey);
+        if (!res.ok) {
+            const err = res.data?.detail ?? `HTTP ${res.status}`;
+            throw new Error(`send failed: ${err}`);
+        }
+        return res.data;
+    }
+    async getOnrampUrl(amountUsd = 5, network = 'base') {
+        const res = await apiPost('/api/v1/claw-agents/me/wallet/onramp-url', { amount_usd: amountUsd, network }, this.apiKey);
+        if (!res.ok) {
+            const err = res.data?.detail ?? `HTTP ${res.status}`;
+            throw new Error(`onramp url failed: ${err}`);
+        }
+        return res.data.url;
+    }
+}

package/dist/wallet/provider.d.ts

@@ -0,0 +1,28 @@
+export interface Balance {
+    asset: string;
+    amount: string;
+    decimals: number;
+}
+export interface SendResult {
+    transaction_hash: string;
+    transaction_link?: string;
+    network?: string;
+}
+export interface SignedTypedData {
+    signature: string;
+    address: string;
+}
+export type Eip712TypedData = {
+    domain: Record<string, unknown>;
+    types: Record<string, unknown>;
+    primary_type: string;
+    message: Record<string, unknown>;
+};
+export type Asset = 'usdc' | 'eth';
+export interface WalletProvider {
+    getAddress(): Promise<string>;
+    getBalance(asset?: Asset): Promise<Balance>;
+    signTypedData(typed: Eip712TypedData, idempotencyKey?: string): Promise<SignedTypedData>;
+    send(to: string, amount: string, asset?: Asset, network?: string): Promise<SendResult>;
+    getOnrampUrl(amountUsd?: number, network?: string): Promise<string>;
+}

package/dist/wallet/provider.js

@@ -0,0 +1 @@
+export {};

package/dist/wallet/x402-client.d.ts

@@ -0,0 +1,41 @@
+import type { WalletProvider } from './provider.js';
+export interface X402PaymentRequirement {
+    scheme: string;
+    network: string;
+    maxAmountRequired: string;
+    resource: string;
+    description?: string;
+    mimeType?: string;
+    payTo: string;
+    maxTimeoutSeconds: number;
+    asset: string;
+    extra?: {
+        name?: string;
+        version?: string;
+    };
+}
+export interface X402Challenge {
+    x402Version: number;
+    accepts: X402PaymentRequirement[];
+    error?: string;
+}
+export interface X402PayOptions {
+    method?: string;
+    body?: unknown;
+    headers?: Record<string, string>;
+    maxAmountAtomic?: string;
+}
+/**
+ * Execute an x402-protected HTTP request, handling the 402 challenge
+ * by signing a EIP-3009 TransferWithAuthorization via the wallet
+ * provider and retrying with an X-Payment header.
+ *
+ * Returns the final (paid) Response. If the server does not challenge
+ * with 402, returns the original response unchanged.
+ */
+export declare function x402Fetch(wallet: WalletProvider, url: string, options?: X402PayOptions): Promise<Response>;
+/**
+ * Convenience: run x402Fetch and return parsed JSON body.
+ * Throws on non-2xx after payment.
+ */
+export declare function x402PayJson<T = unknown>(wallet: WalletProvider, url: string, options?: X402PayOptions): Promise<T>;

package/dist/wallet/x402-client.js

@@ -0,0 +1,145 @@
+import { bytesToHex, keccak256, stringToBytes } from 'viem';
+const CHAIN_IDS = {
+    base: 8453,
+    'base-sepolia': 84532,
+    ethereum: 1,
+    'ethereum-sepolia': 11155111,
+    polygon: 137,
+    arbitrum: 42161,
+    optimism: 10,
+    avalanche: 43114,
+};
+const EIP3009_TYPES = {
+    EIP712Domain: [
+        { name: 'name', type: 'string' },
+        { name: 'version', type: 'string' },
+        { name: 'chainId', type: 'uint256' },
+        { name: 'verifyingContract', type: 'address' },
+    ],
+    TransferWithAuthorization: [
+        { name: 'from', type: 'address' },
+        { name: 'to', type: 'address' },
+        { name: 'value', type: 'uint256' },
+        { name: 'validAfter', type: 'uint256' },
+        { name: 'validBefore', type: 'uint256' },
+        { name: 'nonce', type: 'bytes32' },
+    ],
+};
+function randomNonce32() {
+    const bytes = new Uint8Array(32);
+    crypto.getRandomValues(bytes);
+    return bytesToHex(bytes);
+}
+function pickAccepts(challenge) {
+    const exact = challenge.accepts.filter((a) => a.scheme === 'exact');
+    if (exact.length === 0) {
+        throw new Error(`No supported x402 scheme. Server accepts: ${challenge.accepts.map((a) => a.scheme).join(', ')}`);
+    }
+    // Prefer Base mainnet; otherwise first match.
+    return exact.find((a) => a.network === 'base') ?? exact[0];
+}
+async function signPaymentAuthorization(wallet, req, fromAddress) {
+    const chainId = CHAIN_IDS[req.network];
+    if (!chainId) {
+        throw new Error(`Unsupported x402 network: ${req.network}`);
+    }
+    const now = Math.floor(Date.now() / 1000);
+    const validAfter = 0;
+    const validBefore = now + req.maxTimeoutSeconds;
+    const nonce = randomNonce32();
+    const authorization = {
+        from: fromAddress,
+        to: req.payTo,
+        value: req.maxAmountRequired,
+        validAfter,
+        validBefore,
+        nonce,
+    };
+    const typed = {
+        domain: {
+            name: req.extra?.name ?? 'USD Coin',
+            version: req.extra?.version ?? '2',
+            chainId,
+            verifyingContract: req.asset,
+        },
+        types: {
+            TransferWithAuthorization: EIP3009_TYPES.TransferWithAuthorization,
+        },
+        primary_type: 'TransferWithAuthorization',
+        message: authorization,
+    };
+    // Idempotency key: deterministic hash of the authorization so a retry
+    // producing the same nonce won't double-sign.
+    const idempotencyKey = keccak256(stringToBytes(JSON.stringify(authorization)));
+    const signed = await wallet.signTypedData(typed, idempotencyKey);
+    return { signature: signed.signature, authorization };
+}
+function encodePaymentHeader(params) {
+    const payload = {
+        x402Version: 1,
+        scheme: params.scheme,
+        network: params.network,
+        payload: {
+            signature: params.signature,
+            authorization: params.authorization,
+        },
+    };
+    return Buffer.from(JSON.stringify(payload), 'utf-8').toString('base64');
+}
+/**
+ * Execute an x402-protected HTTP request, handling the 402 challenge
+ * by signing a EIP-3009 TransferWithAuthorization via the wallet
+ * provider and retrying with an X-Payment header.
+ *
+ * Returns the final (paid) Response. If the server does not challenge
+ * with 402, returns the original response unchanged.
+ */
+export async function x402Fetch(wallet, url, options = {}) {
+    const method = options.method ?? 'GET';
+    const headers = { ...(options.headers ?? {}) };
+    const body = options.body === undefined ? undefined
+        : typeof options.body === 'string' ? options.body
+            : JSON.stringify(options.body);
+    if (body && !headers['Content-Type']) {
+        headers['Content-Type'] = 'application/json';
+    }
+    const initialRes = await fetch(url, { method, headers, body });
+    if (initialRes.status !== 402) {
+        return initialRes;
+    }
+    const challenge = (await initialRes.json());
+    const requirement = pickAccepts(challenge);
+    if (options.maxAmountAtomic) {
+        const cap = BigInt(options.maxAmountAtomic);
+        const asked = BigInt(requirement.maxAmountRequired);
+        if (asked > cap) {
+            throw new Error(`x402 payment ${asked} exceeds --max-amount cap ${cap} (network=${requirement.network})`);
+        }
+    }
+    const fromAddress = await wallet.getAddress();
+    const { signature, authorization } = await signPaymentAuthorization(wallet, requirement, fromAddress);
+    const paymentHeader = encodePaymentHeader({
+        scheme: requirement.scheme,
+        network: requirement.network,
+        signature,
+        authorization,
+    });
+    const retryRes = await fetch(url, {
+        method,
+        headers: { ...headers, 'X-Payment': paymentHeader },
+        body,
+    });
+    return retryRes;
+}
+/**
+ * Convenience: run x402Fetch and return parsed JSON body.
+ * Throws on non-2xx after payment.
+ */
+export async function x402PayJson(wallet, url, options = {}) {
+    const res = await x402Fetch(wallet, url, options);
+    if (!res.ok) {
+        const text = await res.text().catch(() => '');
+        throw new Error(`x402 request failed: HTTP ${res.status} ${text}`);
+    }
+    return (await res.json());
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clawmoney",
-  "version": "0.16.0",
+  "version": "0.17.0",
   "description": "ClawMoney CLI -- Earn rewards with your AI agent",
   "type": "module",
   "bin": {
@@ -18,12 +18,12 @@
     "prepublishOnly": "npm run build"
   },
   "dependencies": {
-    "awal": "^2.2.0",
     "@bnbot/cli": "^0.3.0",
     "@clack/prompts": "^0.7.0",
     "chalk": "^5.3.0",
     "commander": "^12.0.0",
     "ora": "^8.0.0",
+    "viem": "^2.48.1",
     "ws": "^8.20.0",
     "yaml": "^2.4.0"
   },