npm - clawmoney - Versions diffs - 0.17.1 → 0.17.3 - Mend

clawmoney 0.17.1 → 0.17.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/commands/setup.js +23 -15
package/dist/wallet/x402-client.js +12 -6
package/package.json +1 -1

package/dist/commands/setup.js CHANGED Viewed

@@ -103,27 +103,35 @@ export async function setupCommand() {
             email,
             wallet_address: loginData.agent?.wallet_address ?? undefined,
         });
-        // Ensure a CDP wallet exists for this agent. Older ACTIVE agents
-        // predating the CDP flow have wallet_address=null; hitting the
-        // balance endpoint triggers _ensure_agent_wallet on the backend.
-        let walletAddress = loginData.agent?.wallet_address ?? '';
-        if (!walletAddress) {
-            const walletSpinner = ora('Provisioning CDP wallet...').start();
-            try {
-                const balResp = await apiGet('/api/v1/claw-agents/me/wallet/balance?asset=usdc', loginData.api_key);
-                if (balResp.ok && balResp.data?.address) {
-                    walletAddress = balResp.data.address;
-                    saveConfig({ wallet_address: walletAddress });
-                    walletSpinner.succeed(`Wallet ready: ${walletAddress}`);
+        // Always hit /me/wallet/balance to (a) let the backend reconcile
+        // legacy awal addresses to the canonical CDP address (the /login/verify
+        // response may still carry the stale awal value from DB), and (b) cache
+        // the authoritative address back to config. The returned `address` is
+        // the CDP account address after _ensure_agent_wallet has run.
+        let walletAddress = '';
+        const walletSpinner = ora('Reconciling CDP wallet...').start();
+        try {
+            const balResp = await apiGet('/api/v1/claw-agents/me/wallet/balance?asset=usdc', loginData.api_key);
+            if (balResp.ok && balResp.data?.address) {
+                walletAddress = balResp.data.address;
+                saveConfig({ wallet_address: walletAddress });
+                const prior = loginData.agent?.wallet_address ?? '';
+                if (prior && prior.toLowerCase() !== walletAddress.toLowerCase()) {
+                    walletSpinner.succeed(`Wallet migrated: ${prior} → ${walletAddress}`);
+                    console.log(chalk.yellow(`  (Your old awal address ${prior} is no longer`));
+                    console.log(chalk.yellow(`   used by this CLI. Transfer any remaining funds manually.)`));
                 }
                 else {
-                    walletSpinner.warn('Wallet not yet available — will be created on first use.');
+                    walletSpinner.succeed(`Wallet ready: ${walletAddress}`);
                 }
             }
-            catch (err) {
-                walletSpinner.warn(`Wallet provisioning deferred: ${err.message}`);
+            else {
+                walletSpinner.warn('Wallet reconcile failed — will be created on first use.');
             }
         }
+        catch (err) {
+            walletSpinner.warn(`Wallet reconcile deferred: ${err.message}`);
+        }
         // Summary.
         console.log('');
         console.log(chalk.green.bold('  Setup complete!'));

package/dist/wallet/x402-client.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { bytesToHex, keccak256, stringToBytes } from 'viem';
+import { bytesToHex } from 'viem';
 const CHAIN_IDS = {
     base: 8453,
     'base-sepolia': 84532,
@@ -44,9 +44,12 @@ async function signPaymentAuthorization(wallet, req, fromAddress) {
         throw new Error(`Unsupported x402 network: ${req.network}`);
     }
     const now = Math.floor(Date.now() / 1000);
-    const validAfter = 0;
-    const validBefore = now + req.maxTimeoutSeconds;
+    const validAfter = "0";
+    const validBefore = String(now + req.maxTimeoutSeconds);
     const nonce = randomNonce32();
+    // x402 spec (and facilitator Zod schemas) require uint256 fields as
+    // JSON strings, not numbers. CDP's sign_typed_data accepts either for
+    // the signing input, but the X-Payment payload must be stringified.
     const authorization = {
         from: fromAddress,
         to: req.payTo,
@@ -68,9 +71,12 @@ async function signPaymentAuthorization(wallet, req, fromAddress) {
         primary_type: 'TransferWithAuthorization',
         message: authorization,
     };
-    // Idempotency key: deterministic hash of the authorization so a retry
-    // producing the same nonce won't double-sign.
-    const idempotencyKey = keccak256(stringToBytes(JSON.stringify(authorization)));
+    // Idempotency key: random UUID (36 chars, CDP SDK's documented limit).
+    // We can't use keccak(authorization) because its 66-char hex output
+    // exceeds CDP's x_idempotency_key length cap. Since `nonce` inside
+    // the authorization is already unique per request, a random UUID
+    // here is sufficient to dedupe client-side retries.
+    const idempotencyKey = crypto.randomUUID();
     const signed = await wallet.signTypedData(typed, idempotencyKey);
     return { signature: signed.signature, authorization };
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "clawmoney",
-  "version": "0.17.1",
+  "version": "0.17.3",
   "description": "ClawMoney CLI -- Earn rewards with your AI agent",
   "type": "module",
   "bin": {