clishop 1.4.7 → 1.5.1

package/README.md

@@ -74,13 +74,37 @@ npm link
 
 ## Quick Start
 
-You can create your account on [clishop.ai](https://clishop.ai) or do everything from the CLI:
+You can create your account on [clishop.ai](https://clishop.ai) or do everything from the CLI.
+
+### Human-friendly setup
 
 ```bash
 clishop setup
 ```
 
-The setup wizard walks you through creating an account, adding an address, and linking a payment method. After that:
+This starts the interactive setup flow, creates a resumable setup session, shows a secure payment link, and waits for completion.
+
+### Agent-safe setup
+
+For OpenClaw, MCP clients, Claude-style shells, and other tool runners, use the explicit setup session commands instead of scraping terminal output:
+
+```bash
+clishop setup start --email user@example.com --json
+clishop setup status --setup-id <setup_id> --json
+clishop setup wait --setup-id <setup_id> --timeout 300 --json
+clishop setup cancel --setup-id <setup_id> --json
+```
+
+`setup start` returns immediately with:
+
+- `setup_id`: the resumable setup session handle for the agent
+- `setup_url`: the link the human must open in a browser
+- `expires_at`: when the session expires
+- `poll_after_seconds`: suggested polling interval
+
+The agent sends `setup_url` to the human and keeps `setup_id` locally for `status`, `wait`, or `cancel`.
+
+After setup is complete, add a shipping address and start ordering:
 
 ```
 $ clishop search "wireless headphones"
@@ -179,6 +203,11 @@ clishop-mcp              # If installed globally
 npx -y clishop --mcp     # Without installing
 ```
 
+The MCP onboarding tools now follow the same resumable setup session model:
+
+- `setup` starts the session and returns `setup_id` plus `setup_url`
+- `setup_status` checks progress and finalizes auth when setup is complete
+
 See the [MCP setup guides](https://clishop.ai/docs#mcp-overview) for VS Code, Claude Desktop, Cursor, and Windsurf configuration.
 
 ---

package/dist/{chunk-EAXPWOMT.js → chunk-EM4ZGZOU.js}

@@ -141,6 +141,76 @@ async function storeAuthFromSetup(data) {
   await storeRefreshToken(data.refreshToken);
   await storeUserInfo(data.user);
 }
+async function postSetupRequest(path, body) {
+  const baseUrl = getApiBaseUrl();
+  try {
+    const res = await axios.post(`${baseUrl}${path}`, body);
+    return res.data;
+  } catch (error) {
+    if (error?.response?.data) {
+      return error.response.data;
+    }
+    throw error;
+  }
+}
+async function startSetupSession(email) {
+  const data = await postSetupRequest("/auth/setup-link", { email });
+  if (!data.setupUrl || !(data.setupId || data.deviceCode) || !data.expiresIn || !data.pollInterval) {
+    throw new Error(data?.message || "Failed to create setup session.");
+  }
+  const setupId = data.setupId || data.deviceCode;
+  const expiresAt = data.expiresAt || new Date(Date.now() + data.expiresIn * 1e3).toISOString();
+  return {
+    ok: true,
+    setup_id: setupId,
+    status: "pending_user_action",
+    next_action: "open_setup_url",
+    setup_url: data.setupUrl,
+    expires_at: expiresAt,
+    poll_after_seconds: data.pollInterval,
+    human_message: "Open this link to securely connect your payment method."
+  };
+}
+async function getSetupStatus(setupId) {
+  return postSetupRequest("/auth/setup/status", { setupId });
+}
+async function cancelSetupSession(setupId) {
+  return postSetupRequest("/auth/setup/cancel", { setupId });
+}
+async function claimSetupSession(setupId, { storeAuth = true } = {}) {
+  const data = await postSetupRequest("/auth/setup/claim", { setupId });
+  if (storeAuth && data.ok && data.token && data.refreshToken && data.user) {
+    await storeAuthFromSetup({
+      token: data.token,
+      refreshToken: data.refreshToken,
+      user: data.user
+    });
+  }
+  return data;
+}
+async function waitForSetupSession(setupId, { timeout = 3e5 } = {}) {
+  const deadline = Date.now() + timeout;
+  while (Date.now() < deadline) {
+    const status = await getSetupStatus(setupId);
+    if (status.status === "completed") {
+      return claimSetupSession(setupId);
+    }
+    if (status.status === "expired" || status.status === "cancelled" || status.status === "failed") {
+      return status;
+    }
+    const waitMs = Math.max(1, status.poll_after_seconds || 5) * 1e3;
+    await new Promise((resolve) => setTimeout(resolve, waitMs));
+  }
+  return {
+    ok: false,
+    setup_id: setupId,
+    status: "pending_user_action",
+    error: {
+      code: "human_action_required",
+      message: "Timed out waiting for payment setup to complete."
+    }
+  };
+}
 async function logout() {
   const baseUrl = getApiBaseUrl();
   const token = await getToken();
@@ -261,7 +331,11 @@ export {
   getToken,
   getUserInfo,
   isLoggedIn,
-  storeAuthFromSetup,
+  startSetupSession,
+  getSetupStatus,
+  cancelSetupSession,
+  claimSetupSession,
+  waitForSetupSession,
   logout,
   getApiClient,
   ensureAgentOnBackend,

package/dist/index.js

@@ -1,7 +1,10 @@
 #!/usr/bin/env node
 import {
+  cancelSetupSession,
+  claimSetupSession,
   ensureAgentOnBackend,
   getApiClient,
+  getSetupStatus,
   getToken,
   getUserInfo,
   handleApiError,
@@ -9,8 +12,9 @@ import {
   isLoggedIn,
   logout,
   resolveBackend,
-  storeAuthFromSetup
-} from "./chunk-EAXPWOMT.js";
+  startSetupSession,
+  waitForSetupSession
+} from "./chunk-EM4ZGZOU.js";
 import {
   createAgent,
   deleteAgent,
@@ -51,6 +55,7 @@ function registerAuthCommands(program2) {
   program2.command("whoami").description("Show the currently logged-in user").action(async () => {
     if (!await isLoggedIn()) {
       console.log(chalk.yellow("Not set up yet. Run: clishop setup"));
+      console.log(chalk.dim("For agent runners, use: clishop setup start --email <email> --json"));
       return;
     }
     const user = await getUserInfo();
@@ -783,19 +788,19 @@ import chalk4 from "chalk";
 import inquirer3 from "inquirer";
 import open from "open";
 import { execFileSync } from "child_process";
-import axios from "axios";
+var DEFAULT_SETUP_TIMEOUT_MS = 30 * 60 * 1e3;
 async function openBrowser(url) {
   try {
     if (process.platform === "win32") {
       execFileSync("cmd", ["/c", "start", "", url], { stdio: "ignore" });
       return true;
-    } else if (process.platform === "darwin") {
+    }
+    if (process.platform === "darwin") {
       execFileSync("open", [url], { stdio: "ignore" });
       return true;
-    } else {
-      execFileSync("xdg-open", [url], { stdio: "ignore" });
-      return true;
     }
+    execFileSync("xdg-open", [url], { stdio: "ignore" });
+    return true;
   } catch {
   }
   try {
@@ -808,6 +813,29 @@ async function openBrowser(url) {
 function divider(color = chalk4.cyan) {
   console.log("  " + color("\u2500".repeat(48)));
 }
+function writeJson(payload) {
+  process.stdout.write(JSON.stringify(payload, null, 2) + "\n");
+}
+function isInteractiveSession() {
+  return Boolean(process.stdin.isTTY && process.stdout.isTTY);
+}
+function isLikelyEmail(value) {
+  return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(value.trim());
+}
+function buildCliError(code, message, extra = {}) {
+  return {
+    ok: false,
+    error: {
+      code,
+      message,
+      ...extra
+    }
+  };
+}
+function sanitizeSetupPayload(payload) {
+  const { token, refreshToken, user, ...rest } = payload;
+  return rest;
+}
 function printSetupLink(message, setupUrl) {
   console.log();
   console.log(chalk4.bold(`  ${message}`));
@@ -818,14 +846,225 @@ function printSetupLink(message, setupUrl) {
   console.log("  " + setupUrl);
   console.log();
 }
+function printSetupStartResult(result) {
+  console.log();
+  console.log(chalk4.bold("  Setup session created."));
+  console.log(chalk4.dim(`  Setup ID: ${result.setup_id}`));
+  console.log(chalk4.dim(`  Expires:  ${new Date(result.expires_at).toLocaleString()}`));
+  printSetupLink("Give this link to your human to configure the payment method:", result.setup_url);
+  console.log(chalk4.dim("  Check progress later with:"));
+  console.log(chalk4.white(`    clishop setup status --setup-id ${result.setup_id}`));
+  console.log(chalk4.white(`    clishop setup wait --setup-id ${result.setup_id}`));
+  console.log();
+}
+function printSetupStatusResult(result) {
+  console.log();
+  if (!result.ok) {
+    console.log(chalk4.red(`  \u2717 ${result.error?.message || "Setup failed."}`));
+    if (result.setup_id) {
+      console.log(chalk4.dim(`  Setup ID: ${result.setup_id}`));
+    }
+    console.log();
+    return;
+  }
+  switch (result.status) {
+    case "pending_user_action":
+      console.log(chalk4.yellow("  Waiting for the human to complete payment setup."));
+      console.log(chalk4.dim(`  Setup ID: ${result.setup_id}`));
+      if (result.expires_at) {
+        console.log(chalk4.dim(`  Expires:  ${new Date(result.expires_at).toLocaleString()}`));
+      }
+      console.log();
+      break;
+    case "completed":
+      console.log(chalk4.green("  \u2713 Payment linked and account activated!"));
+      console.log(chalk4.dim(`  Setup ID: ${result.setup_id}`));
+      if (result.account_id) {
+        console.log(chalk4.dim(`  Account:  ${result.account_id}`));
+      }
+      console.log();
+      break;
+    case "cancelled":
+      console.log(chalk4.yellow("  Setup session cancelled."));
+      console.log(chalk4.dim(`  Setup ID: ${result.setup_id}`));
+      console.log();
+      break;
+    case "expired":
+      console.log(chalk4.red("  Setup session expired."));
+      console.log(chalk4.dim(`  Setup ID: ${result.setup_id}`));
+      console.log();
+      break;
+    case "processing":
+      console.log(chalk4.dim("  Setup is being processed."));
+      console.log(chalk4.dim(`  Setup ID: ${result.setup_id}`));
+      console.log();
+      break;
+    default:
+      console.log(chalk4.red("  Setup failed."));
+      if (result.setup_id) {
+        console.log(chalk4.dim(`  Setup ID: ${result.setup_id}`));
+      }
+      console.log();
+      break;
+  }
+}
+async function activateCompletedSetup(result) {
+  if (!result.ok || result.status !== "completed" || !result.setup_id) {
+    return result;
+  }
+  const config = getConfig();
+  const currentUser = await getUserInfo();
+  if (currentUser && (!result.account_id || currentUser.id === result.account_id)) {
+    config.set("setupCompleted", true);
+    return result;
+  }
+  const claimed = await claimSetupSession(result.setup_id);
+  if (claimed.ok) {
+    config.set("setupCompleted", true);
+  }
+  return claimed;
+}
+async function runSetupStartCommand(email, json = false) {
+  const normalizedEmail = email.trim();
+  if (!isLikelyEmail(normalizedEmail)) {
+    const payload = buildCliError("invalid_email", "A valid email address is required.");
+    if (json) {
+      writeJson(payload);
+    } else {
+      console.error(chalk4.red(`
+\u2717 ${payload.error.message}
+`));
+    }
+    process.exitCode = 1;
+    return;
+  }
+  try {
+    const result = await startSetupSession(normalizedEmail);
+    if (json) {
+      writeJson(sanitizeSetupPayload(result));
+      return;
+    }
+    printSetupStartResult(result);
+  } catch (error) {
+    const payload = buildCliError("internal_error", error?.message || "Failed to create setup session.");
+    if (json) {
+      writeJson(payload);
+    } else {
+      console.error(chalk4.red(`
+\u2717 ${payload.error.message}
+`));
+    }
+    process.exitCode = 1;
+  }
+}
+async function runSetupStatusCommand(setupId, json = false) {
+  try {
+    let result = await getSetupStatus(setupId);
+    result = await activateCompletedSetup(result);
+    if (json) {
+      writeJson(sanitizeSetupPayload(result));
+    } else {
+      printSetupStatusResult(result);
+    }
+    if (!result.ok) {
+      process.exitCode = 1;
+    }
+  } catch (error) {
+    const payload = buildCliError("internal_error", error?.message || "Failed to fetch setup status.");
+    if (json) {
+      writeJson(payload);
+    } else {
+      console.error(chalk4.red(`
+\u2717 ${payload.error.message}
+`));
+    }
+    process.exitCode = 1;
+  }
+}
+async function runSetupCancelCommand(setupId, json = false) {
+  try {
+    const result = await cancelSetupSession(setupId);
+    if (json) {
+      writeJson(sanitizeSetupPayload(result));
+    } else {
+      printSetupStatusResult(result);
+    }
+    if (!result.ok) {
+      process.exitCode = 1;
+    }
+  } catch (error) {
+    const payload = buildCliError("internal_error", error?.message || "Failed to cancel setup session.");
+    if (json) {
+      writeJson(payload);
+    } else {
+      console.error(chalk4.red(`
+\u2717 ${payload.error.message}
+`));
+    }
+    process.exitCode = 1;
+  }
+}
+async function runSetupWaitCommand(setupId, timeoutSeconds, json = false) {
+  try {
+    if (!json) {
+      console.log();
+      console.log(chalk4.dim(`  Waiting up to ${timeoutSeconds}s for payment setup to complete...`));
+      console.log(chalk4.dim(`  Setup ID: ${setupId}`));
+      console.log();
+    }
+    const result = await waitForSetupSession(setupId, {
+      timeout: timeoutSeconds * 1e3
+    });
+    if (result.ok && result.status === "completed") {
+      getConfig().set("setupCompleted", true);
+    }
+    if (json) {
+      writeJson(sanitizeSetupPayload(result));
+    } else {
+      printSetupStatusResult(result);
+    }
+    if (!result.ok) {
+      process.exitCode = 1;
+    }
+  } catch (error) {
+    const payload = buildCliError("internal_error", error?.message || "Failed while waiting for setup.");
+    if (json) {
+      writeJson(payload);
+    } else {
+      console.error(chalk4.red(`
+\u2717 ${payload.error.message}
+`));
+    }
+    process.exitCode = 1;
+  }
+}
 function registerSetupCommand(program2) {
-  program2.command("setup").description(
-    "Set up your CLISHOP account \u2014 links your payment method via a secure browser link"
-  ).option("--email <email>", "Email address (skips prompt)").action(async (opts) => {
-    await runSetupWizard(opts.email);
+  const setup = program2.command("setup").description("Set up your CLISHOP account or manage setup sessions").argument("[email]", "Email address for the human-friendly wrapper").action(async (email) => {
+    await runSetupWizard(email);
+  });
+  setup.command("start").description("Create a setup session and return immediately").requiredOption("--email <email>", "Email address").option("--json", "Output machine-readable JSON").action(async (opts) => {
+    await runSetupStartCommand(opts.email, opts.json);
+  });
+  setup.command("status").description("Check the status of a setup session").requiredOption("--setup-id <setupId>", "Setup session ID").option("--json", "Output machine-readable JSON").action(async (opts) => {
+    await runSetupStatusCommand(opts.setupId, opts.json);
+  });
+  setup.command("cancel").description("Cancel a setup session").requiredOption("--setup-id <setupId>", "Setup session ID").option("--json", "Output machine-readable JSON").action(async (opts) => {
+    await runSetupCancelCommand(opts.setupId, opts.json);
+  });
+  setup.command("wait").description("Wait for setup completion until timeout").requiredOption("--setup-id <setupId>", "Setup session ID").option("--timeout <seconds>", "Timeout in seconds", (value) => parseInt(value, 10), 300).option("--json", "Output machine-readable JSON").action(async (opts) => {
+    await runSetupWaitCommand(opts.setupId, opts.timeout, opts.json);
   });
 }
-async function runSetupWizard(emailArg) {
+async function runSetupWizard(emailArg, { json = false } = {}) {
+  if (json) {
+    if (!emailArg) {
+      writeJson(buildCliError("invalid_email", "Use --email when running setup in JSON mode."));
+      process.exitCode = 1;
+      return;
+    }
+    await runSetupStartCommand(emailArg, true);
+    return;
+  }
   const config = getConfig();
   const loggedIn = await isLoggedIn();
   if (loggedIn) {
@@ -856,94 +1095,61 @@ async function runSetupWizard(emailArg) {
   console.log();
   console.log(chalk4.bold.cyan("      W E L C O M E   T O   C L I S H O P"));
   console.log(chalk4.dim("      Order anything from your terminal."));
-  console.log(chalk4.dim(`      npm:   v${"1.4.7"}`));
-  console.log(chalk4.dim(`      Build: ${"2026-04-04T18:17:20.412Z"}`));
+  console.log(chalk4.dim(`      npm:   v${"1.5.1"}`));
+  console.log(chalk4.dim(`      Build: ${"2026-04-04T20:33:18.769Z"}`));
   console.log();
   divider(chalk4.cyan);
   console.log();
-  console.log(
-    chalk4.dim("  Set up your account in one step. You'll get a link to")
-  );
-  console.log(
-    chalk4.dim("  securely link your payment method in the browser.")
-  );
-  console.log(
-    chalk4.dim("  Your AI agent can then add addresses and place orders for you.")
-  );
+  console.log(chalk4.dim("  Set up your account in one step. You'll get a link to"));
+  console.log(chalk4.dim("  securely link your payment method in the browser."));
+  console.log(chalk4.dim("  Your AI agent can then add addresses and place orders for you."));
   console.log();
-  console.log(
-    chalk4.dim("  By creating an account you agree to the CLISHOP")
-  );
-  console.log(
-    chalk4.dim("  Terms & Conditions: ") + chalk4.cyan.underline("https://clishop.ai/terms")
-  );
-  console.log(
-    chalk4.dim("  Privacy Policy:     ") + chalk4.cyan.underline("https://clishop.ai/privacy")
-  );
+  console.log(chalk4.dim("  By creating an account you agree to the CLISHOP"));
+  console.log(chalk4.dim("  Terms & Conditions: ") + chalk4.cyan.underline("https://clishop.ai/terms"));
+  console.log(chalk4.dim("  Privacy Policy:     ") + chalk4.cyan.underline("https://clishop.ai/privacy"));
   console.log();
-  let email = emailArg;
+  let email = emailArg?.trim();
   if (!email) {
+    if (!isInteractiveSession()) {
+      console.error(chalk4.red("\n\u2717 Email is required in non-interactive mode. Use: clishop setup start --email <email> --json\n"));
+      process.exitCode = 1;
+      return;
+    }
     const answers = await inquirer3.prompt([
       { type: "input", name: "email", message: "Email:" }
     ]);
-    email = answers.email;
+    email = answers.email?.trim();
+  }
+  if (!email || !isLikelyEmail(email)) {
+    console.error(chalk4.red("\n\u2717 A valid email address is required.\n"));
+    process.exitCode = 1;
+    return;
   }
-  console.log(chalk4.dim("  Creating your account and payment link..."));
-  let setupUrl;
-  let deviceCode;
+  let startResult;
   try {
-    const baseUrl2 = getApiBaseUrl();
-    const res = await axios.post(`${baseUrl2}/auth/setup-link`, { email });
-    setupUrl = res.data.setupUrl;
-    deviceCode = res.data.deviceCode;
+    console.log(chalk4.dim("  Creating your account and payment link..."));
+    startResult = await startSetupSession(email);
   } catch (error) {
-    const msg = error?.response?.data?.message || error.message;
-    console.log(chalk4.red(`  \u2717 Setup failed: ${msg}`));
+    console.log(chalk4.red(`  \u2717 Setup failed: ${error?.message || "Unknown error"}`));
     console.log();
     console.log(chalk4.dim("  You can try again with: ") + chalk4.white("clishop setup"));
     console.log();
     process.exitCode = 1;
     return;
   }
-  printSetupLink(
-    "Give this link to your human to configure the payment method:",
-    setupUrl
-  );
+  printSetupStartResult(startResult);
   console.log(chalk4.dim("  Waiting for you to complete payment setup..."));
-  console.log(chalk4.dim("  If your terminal UI hides earlier output, use the plain-text URL above."));
+  console.log(chalk4.dim("  You can resume later with the setup ID shown above."));
   console.log();
-  const baseUrl = getApiBaseUrl();
-  const maxAttempts = 120;
-  let completed = false;
-  for (let i = 0; i < maxAttempts; i++) {
-    await new Promise((r) => setTimeout(r, 5e3));
-    try {
-      const res = await axios.post(`${baseUrl}/auth/device/poll`, { deviceCode });
-      const data = res.data;
-      if (data.status === "complete" && data.token && data.refreshToken && data.user) {
-        await storeAuthFromSetup({
-          token: data.token,
-          refreshToken: data.refreshToken,
-          user: data.user
-        });
-        config.set("setupCompleted", true);
-        console.log(chalk4.green("  \u2713 Payment linked and account activated!"));
-        completed = true;
-        break;
-      }
-      if (data.status === "expired") {
-        console.log(chalk4.red("  Setup link expired. Run ") + chalk4.white("clishop setup") + chalk4.red(" to try again."));
-        process.exitCode = 1;
-        return;
-      }
-    } catch {
-    }
-  }
-  if (!completed) {
-    console.log(chalk4.red("  Timed out waiting for setup. Run ") + chalk4.white("clishop setup") + chalk4.red(" to try again."));
+  const result = await waitForSetupSession(startResult.setup_id, {
+    timeout: DEFAULT_SETUP_TIMEOUT_MS
+  });
+  if (!result.ok || result.status !== "completed") {
+    printSetupStatusResult(result);
     process.exitCode = 1;
     return;
   }
+  config.set("setupCompleted", true);
   console.log();
   divider(chalk4.green);
   console.log();
@@ -955,18 +1161,10 @@ async function runSetupWizard(emailArg) {
   console.log();
   console.log(chalk4.dim("  Here are some commands to get you started:"));
   console.log();
-  console.log(
-    chalk4.white("    clishop search <query>  ") + chalk4.dim("Search for products")
-  );
-  console.log(
-    chalk4.white("    clishop buy <id>        ") + chalk4.dim("Quick-buy a product")
-  );
-  console.log(
-    chalk4.white("    clishop order list      ") + chalk4.dim("View your orders")
-  );
-  console.log(
-    chalk4.white("    clishop --help          ") + chalk4.dim("See all commands")
-  );
+  console.log(chalk4.white("    clishop search <query>  ") + chalk4.dim("Search for products"));
+  console.log(chalk4.white("    clishop buy <id>        ") + chalk4.dim("Quick-buy a product"));
+  console.log(chalk4.white("    clishop order list      ") + chalk4.dim("View your orders"));
+  console.log(chalk4.white("    clishop --help          ") + chalk4.dim("See all commands"));
   console.log();
   divider(chalk4.green);
   console.log();
@@ -2974,6 +3172,7 @@ function registerStatusCommand(program2) {
     try {
       if (!await isLoggedIn()) {
         console.log(chalk11.yellow("\nNot set up yet. Run: clishop setup\n"));
+        console.log(chalk11.dim("For agent runners, use: clishop setup start --email <email> --json\n"));
         return;
       }
       const spinner = ora8("Fetching account overview...").start();
@@ -4036,7 +4235,7 @@ import chalk15 from "chalk";
 import { join } from "path";
 import { homedir } from "os";
 import { mkdirSync } from "fs";
-import axios2 from "axios";
+import axios from "axios";
 function registerDoctorCommand(program2) {
   program2.command("doctor").description("Check system compatibility and auth status").action(async () => {
     const checks = [];
@@ -4071,7 +4270,7 @@ function registerDoctorCommand(program2) {
     });
     const apiUrl = getApiBaseUrl();
     try {
-      await axios2.get(`${apiUrl}/health`, { timeout: 5e3 });
+      await axios.get(`${apiUrl}/health`, { timeout: 5e3 });
       checks.push({ name: "API reachable", ok: true, detail: apiUrl });
     } catch {
       checks.push({
@@ -4091,10 +4290,11 @@ function registerDoctorCommand(program2) {
 
 // src/index.ts
 var program = new Command();
-program.name("clishop").version("1.4.7").description(
+program.name("clishop").version("1.5.1").description(
   chalk16.bold("CLISHOP") + ` \u2014 Order anything from your terminal.
 
-  Run 'clishop setup' to get started with a single payment link.
+  Run 'clishop setup' for the human-friendly flow, or
+  'clishop setup start --email <email> --json' for agent-safe setup.
   Use agents to set safety limits, addresses, and payment methods.
   The "default" agent is used when no agent is specified.`
 ).option("--agent <name>", "Use a specific agent for this command").hook("preAction", (thisCommand) => {
@@ -4133,7 +4333,16 @@ async function main() {
   if (!hasSubcommand) {
     const config = getConfig();
     if (!config.get("setupCompleted")) {
-      await runSetupWizard();
+      if (process.stdin.isTTY && process.stdout.isTTY) {
+        await runSetupWizard();
+        return;
+      }
+      console.error(
+        chalk16.yellow(
+          "CLISHOP setup is incomplete. Run 'clishop setup start --email <email> --json' in non-interactive environments."
+        )
+      );
+      process.exit(1);
       return;
     }
   }

package/dist/mcp.js

@@ -1,14 +1,15 @@
 #!/usr/bin/env node
 import {
+  claimSetupSession,
   getApiClient,
+  getSetupStatus,
   getUserInfo,
   isLoggedIn,
-  storeAuthFromSetup
-} from "./chunk-EAXPWOMT.js";
+  startSetupSession
+} from "./chunk-EM4ZGZOU.js";
 import {
   __export,
   getActiveAgent,
-  getApiBaseUrl,
   getConfig
 } from "./chunk-X3H7SYR4.js";
 
@@ -13785,7 +13786,6 @@ function date4(params) {
 config(en_default());
 
 // src/mcp.ts
-import axios from "axios";
 function formatPrice(cents, currency) {
   return new Intl.NumberFormat("en-US", { style: "currency", currency }).format(
     cents / 100
@@ -13823,7 +13823,7 @@ var server = new McpServer(
 );
 server.registerTool("setup", {
   title: "Setup",
-  description: "Onboard a new user by creating their account and generating a Stripe payment setup link. The user must open this link in their browser to link their payment method. This is the ONLY step requiring human interaction. After the user completes the link, call setup_status with the returned deviceCode to get auth tokens. The agent can then use add_address to set up shipping autonomously.",
+  description: "Start a resumable setup session. Returns a setup URL for the human and a setup_id for the agent to check later. After the human completes the link, call setup_status with the returned setup_id.",
   inputSchema: {
     email: external_exports.string().email().describe("User's email address")
   },
@@ -13834,21 +13834,18 @@ server.registerTool("setup", {
   }
 }, async (args) => {
   return safeCall(async () => {
-    const baseUrl = getApiBaseUrl();
-    const res = await axios.post(`${baseUrl}/auth/setup-link`, {
-      email: args.email
-    });
+    const data = await startSetupSession(args.email);
     return {
-      ...res.data,
-      message: "Give this link to your human to configure their payment method in the browser. Then call setup_status with the deviceCode to check when they're done."
+      ...data,
+      message: "Give this link to your human to configure their payment method in the browser. Then call setup_status with the setup_id to check when they're done."
     };
   });
 });
 server.registerTool("setup_status", {
   title: "Setup Status",
-  description: "Poll the setup status after the user was given a payment link via the setup tool. Returns 'pending' while waiting, 'complete' with auth tokens when done, or 'expired' if timed out.",
+  description: "Check the current setup state using the setup_id returned by the setup tool. If setup is complete, auth is stored locally so later CLISHOP calls can proceed.",
   inputSchema: {
-    deviceCode: external_exports.string().describe("The deviceCode returned by the setup tool")
+    setupId: external_exports.string().describe("The setup_id returned by the setup tool")
   },
   annotations: {
     title: "Setup Status",
@@ -13856,19 +13853,13 @@ server.registerTool("setup_status", {
   }
 }, async (args) => {
   return safeCall(async () => {
-    const baseUrl = getApiBaseUrl();
-    const res = await axios.post(`${baseUrl}/auth/device/poll`, {
-      deviceCode: args.deviceCode
-    });
-    const data = res.data;
-    if (data.status === "complete" && data.token) {
-      await storeAuthFromSetup({
-        token: data.token,
-        refreshToken: data.refreshToken,
-        user: data.user
-      });
-      const config2 = getConfig();
-      config2.set("setupCompleted", true);
+    let data = await getSetupStatus(args.setupId);
+    if (data.ok && data.status === "completed") {
+      data = await claimSetupSession(args.setupId);
+      if (data.ok) {
+        const config2 = getConfig();
+        config2.set("setupCompleted", true);
+      }
     }
     return data;
   });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clishop",
-  "version": "1.4.7",
+  "version": "1.5.1",
   "mcpName": "io.github.StefDCL/clishop",
   "description": "CLISHOP — Order anything from your terminal",
   "main": "dist/index.js",