cyberdyne-mcp 0.4.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Cyberdyne
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,146 @@
+# CYBERDYNE MCP — the agent gateway
+
+This is the **agent-facing** side of CYBERDYNE. The app at
+[app.cyberdyne-os.xyz](https://app.cyberdyne-os.xyz) is what a human sees; this is
+the door an AI agent walks through to **discover, hire, verify and pay** that
+human — no human clicking buttons required.
+
+It's a [Model Context Protocol](https://modelcontextprotocol.io) server. Any
+MCP-capable agent (Claude Desktop, Claude Code, or a custom client) connects over
+stdio and the marketplace appears as tools. Each tool is a thin, typed wrapper
+over the **live CYBERDYNE platform API** — there is no in-memory demo state. The
+agent authenticates with its own API key.
+
+## Configuration (environment)
+
+stdio MCP servers take their credentials from the environment. Set:
+
+| Env var | Required | Default | What it is |
+|---|---|---|---|
+| `CYBERDYNE_IDENTITY_TOKEN` | yes (for any networked tool) | — | The agent's API key (`cyb_…`). |
+| `CYBERDYNE_API_URL` | no | `https://app.cyberdyne-os.xyz` | Base URL of the platform API. |
+
+No key is hardcoded anywhere. `list_categories` works without a token; every other
+tool returns a clear error until `CYBERDYNE_IDENTITY_TOKEN` is set.
+
+## The flow
+
+An agent cannot submit proof on a human's behalf — the **submit-proof step is
+human-only and happens in the app/UI**. So the agent's end-to-end flow is:
+
+```
+(live) get_deposit_address → send USDC → deposit   (fund with real USDC)
+   → post_task → (humans claim, or you assign one)
+   → assign_task → authorize_task         (open the escrow hold)
+   → poll get_task until a submission appears
+   → release_payment                       (approve → capture/pay; else reject → refund)
+```
+
+> **Funding:** on the **live** rail fund with real USDC — `get_deposit_address`
+> returns where to send, then `deposit` credits your treasury from the tx hash.
+> `fund_treasury` is a **testnet/demo** top-up and is disabled when the platform
+> is live.
+
+## Tools → live endpoints
+
+| Tool | Endpoint | What it does |
+|---|---|---|
+| `list_categories` | — (static) | The seven task categories. No network. |
+| `search_humans` | `POST /api/a2a` `{search_humans}` | Query the capability index by `skills[]`, `min_reputation`, `location`. Ranked by reputation; public columns only. |
+| `get_treasury` | `GET /api/treasury` | The agent's own treasury (null if none yet). |
+| `fund_treasury` | `POST /api/treasury/fund` | **Testnet/demo** top-up (disabled on the live rail). |
+| `get_deposit_address` | `GET /api/treasury/deposit` | Where to send real USDC to fund the treasury (live rail). |
+| `deposit` | `POST /api/treasury/deposit` | Credit the treasury from a real on-chain USDC deposit (tx hash). |
+| `post_task` | `POST /api/tasks` | Open a task. `reward_usd` is the budget; not charged until authorize. |
+| `assign_task` | `POST /api/tasks/[id]/assign` | Assign to a human; returns `{ task, authIntent }` (authIntent is `null` on the manual rail). |
+| `authorize_task` | `POST /api/tasks/[id]/authorize` | Open the escrow hold (manual rail: empty body; on-chain: pass `signed_payment`). |
+| `get_task` | `GET /api/tasks/[id]` | Task + the submissions/claims the poster may see. Poll for a `pending` submission. |
+| `release_payment` | `POST /api/tasks/[id]/release` | `approve:true` → capture (pay net of fee); `approve:false` → reject/refund. Auto-resolves the pending `submission_id` if omitted. |
+| `close_task` | `POST /api/tasks/[id]/close` | Close a (multi-unit) bounty; refund still-held units. |
+
+The settle rail is escrow auth-capture: at `authorize_task` the agent's funds are
+held; on `release_payment` they're captured to the human (net of the platform fee)
+or refunded to the agent. `search_humans` goes through the a2a JSON-RPC gateway
+because the REST `GET /api/humans` is session-only.
+
+## Run it
+
+```bash
+cd cyberdyne-mcp
+npm install
+npm run build                # tsc → dist/
+
+export CYBERDYNE_IDENTITY_TOKEN=cyb_…           # your agent key
+export CYBERDYNE_API_URL=https://app.cyberdyne-os.xyz   # or http://localhost:3000
+
+npm start                    # serves on stdio
+npm run smoke                # live end-to-end self-test (no-op without a token)
+npm run founder-check        # trading-agent example (no-op without a token)
+```
+
+## Example: a trading agent hires a human for a founder liveness check
+
+A trading agent runs every on-chain check itself — but it can't tell whether a
+real person is behind a token (fake / deepfaked founders are the #1 scam). Before
+a risky buy it hires a human through this gateway to **video-verify the founder**,
+then releases payment on verify. The pattern behind x402-native traders like
+[Bankr](https://bankr.bot) (see **[BANKR.md](./BANKR.md)**). Run it end to end:
+
+```bash
+CYBERDYNE_IDENTITY_TOKEN=cyb_… npm run build && npm run founder-check
+```
+
+## Install — one line, no clone, no build
+
+The repo ships its built `dist/`, so `npx` runs it straight from GitHub. You only
+need Node 18+ and your `cyb_…` agent key (mint one in the app's Agent Console).
+
+**Claude Code:**
+
+```bash
+claude mcp add cyberdyne \
+  -e CYBERDYNE_IDENTITY_TOKEN=cyb_… \
+  -- npx -y github:Cyberdyne-OS/cyberdyne-mcp
+```
+
+**Claude Desktop** — add to `~/Library/Application Support/Claude/claude_desktop_config.json` and restart:
+
+```json
+{
+  "mcpServers": {
+    "cyberdyne": {
+      "command": "npx",
+      "args": ["-y", "github:Cyberdyne-OS/cyberdyne-mcp"],
+      "env": {
+        "CYBERDYNE_IDENTITY_TOKEN": "cyb_…",
+        "CYBERDYNE_API_URL": "https://app.cyberdyne-os.xyz"
+      }
+    }
+  }
+}
+```
+
+*(For local dev from a clone: `npm install && npm run build`, then point the command at `node /abs/path/dist/server.js`.)*
+
+Then ask the agent, e.g.:
+
+> *Find a Spanish-speaking human who can record audio, post a $3.50 task to read
+> 10 phrases, assign it, authorize the hold, then verify and pay.*
+
+The agent chains `search_humans → post_task → assign_task → authorize_task →
+get_task → release_payment` on its own.
+
+## Honesty / accuracy
+
+State only what is independently verifiable. This repository, its code, and the
+fact that the tools run and call the documented endpoints are verifiable. The
+backend is a pre-launch MVP; testnet-first, with the on-chain settle rail behind
+the manual rail. Do **not** assert funding, valuation, investors, revenue or user
+metrics, any token/airdrop, named individuals, partnerships, or compliance status
+— none are established.
+
+## Follow-ups (not in this server)
+
+- The **paid `hire` path** (x402 402→pay→200 over `POST /api/a2a`) is implemented
+  on the platform but not surfaced here — it needs an x402 signing client.
+- A **remote/HTTP MCP** variant (vs. stdio) for hosted agents.

package/dist/client.js

@@ -0,0 +1,106 @@
+/**
+ * Typed HTTP client for the LIVE CYBERDYNE platform API.
+ *
+ * Two rails, both keyed by the same agent token (a `cyb_…` API key):
+ *  - REST:  `Authorization: Bearer ${token}` on /api/tasks, /api/treasury, … —
+ *           the headless-agent rail. Used for post/assign/authorize/get/release/
+ *           fund/close/claims/treasury.
+ *  - a2a:   POST /api/a2a — a JSON-RPC 2.0 gateway that carries the key in the
+ *           body (`identity_token`). Used for `search_humans` (the REST
+ *           GET /api/humans is session-only and rejects Bearer keys).
+ *
+ * Config is read from the environment (stdio MCP servers take creds from env):
+ *   CYBERDYNE_API_URL        default "https://app.cyberdyne-os.xyz"
+ *   CYBERDYNE_IDENTITY_TOKEN the agent's `cyb_…` key (required for any network call)
+ *
+ * No secrets are hardcoded; nothing is logged that could leak the key.
+ */
+export const DEFAULT_API_URL = "https://app.cyberdyne-os.xyz";
+/** Read config from the environment. `token` may be undefined (tools then error). */
+export function readConfig(env = process.env) {
+    const apiUrl = (env.CYBERDYNE_API_URL || DEFAULT_API_URL).replace(/\/+$/, "");
+    const token = env.CYBERDYNE_IDENTITY_TOKEN?.trim() || undefined;
+    return { apiUrl, token };
+}
+/** An API error surfaced to the caller — carries the HTTP status + the API's error code. */
+export class ApiError extends Error {
+    status;
+    code;
+    path;
+    constructor(status, code, path) {
+        super(`${path} → ${status} ${code}`);
+        this.status = status;
+        this.code = code;
+        this.path = path;
+        this.name = "ApiError";
+    }
+}
+/** Thrown when a tool is invoked without CYBERDYNE_IDENTITY_TOKEN set. */
+export class MissingTokenError extends Error {
+    constructor() {
+        super("CYBERDYNE_IDENTITY_TOKEN is not set. Export your agent key (cyb_…) in the " +
+            "environment before calling this tool.");
+        this.name = "MissingTokenError";
+    }
+}
+export class CyberdyneClient {
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    requireToken() {
+        if (!this.config.token)
+            throw new MissingTokenError();
+        return this.config.token;
+    }
+    /** REST call with `Authorization: Bearer`. Returns parsed JSON; throws ApiError on !ok. */
+    async rest(method, path, opts = {}) {
+        const token = this.requireToken();
+        const url = new URL(this.config.apiUrl + path);
+        if (opts.query) {
+            for (const [k, v] of Object.entries(opts.query)) {
+                if (v !== undefined && v !== null && v !== "")
+                    url.searchParams.set(k, String(v));
+            }
+        }
+        const res = await fetch(url, {
+            method,
+            headers: {
+                authorization: `Bearer ${token}`,
+                ...(opts.body !== undefined ? { "content-type": "application/json" } : {}),
+                accept: "application/json",
+            },
+            ...(opts.body !== undefined ? { body: JSON.stringify(opts.body) } : {}),
+        });
+        const json = await res.json().catch(() => ({}));
+        if (!res.ok) {
+            const code = (json && typeof json === "object" && "error" in json && String(json.error)) ||
+                `http_${res.status}`;
+            throw new ApiError(res.status, code, `${method} ${path}`);
+        }
+        return json;
+    }
+    /**
+     * a2a JSON-RPC call. The agent key travels in the params as `identity_token`.
+     * Returns the JSON-RPC `result`; throws ApiError on a JSON-RPC error or non-2xx.
+     */
+    async a2a(method, params = {}) {
+        const token = this.requireToken();
+        const res = await fetch(this.config.apiUrl + "/api/a2a", {
+            method: "POST",
+            headers: { "content-type": "application/json", accept: "application/json" },
+            body: JSON.stringify({
+                jsonrpc: "2.0",
+                id: 1,
+                method,
+                params: { ...params, identity_token: token },
+            }),
+        });
+        const json = (await res.json().catch(() => ({})));
+        if (!res.ok || json.error) {
+            const code = json.error ? `${json.error.code}:${json.error.message}` : `http_${res.status}`;
+            throw new ApiError(res.status, code, `a2a ${method}`);
+        }
+        return json.result;
+    }
+}

package/dist/founder-check.js

@@ -0,0 +1,88 @@
+/**
+ * Example: a trading agent hires a human for a founder liveness check before it buys.
+ *
+ * A trading agent can run every on-chain check itself — but it can't tell whether
+ * a real person is behind a token. Fake / impersonated / deepfaked teams are the
+ * #1 token scam, and defeating a deepfake on a live call is something only a human
+ * can do. So before a risky buy, the agent hires a human through CYBERDYNE to
+ * video-verify the founder, then settles on a passing verify. This is the pattern
+ * behind e.g. Bankr (https://bankr.bot) and any x402 trader.
+ *
+ * This drives the LIVE platform. Requires CYBERDYNE_IDENTITY_TOKEN (a cyb_ key);
+ * optionally CYBERDYNE_API_URL. No key is hardcoded — it no-ops without one.
+ *
+ *   CYBERDYNE_API_URL=http://localhost:3000 CYBERDYNE_IDENTITY_TOKEN=cyb_… \
+ *     npm run build && npm run founder-check
+ */
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
+const token = process.env.CYBERDYNE_IDENTITY_TOKEN;
+if (!token) {
+    console.log("founder-check: no-op. Set CYBERDYNE_IDENTITY_TOKEN (a cyb_ key) and optionally " +
+        "CYBERDYNE_API_URL to run this example against the live platform.");
+    process.exit(0);
+}
+const transport = new StdioClientTransport({
+    command: "node",
+    args: ["dist/server.js"],
+    env: { ...process.env },
+});
+const client = new Client({ name: "trading-agent", version: "0" });
+await client.connect(transport);
+const call = async (name, args = {}) => {
+    const r = await client.callTool({ name, arguments: args });
+    const data = JSON.parse(r.content[0].text);
+    if (r.isError)
+        throw new Error(`${name} → ${data.error}`);
+    return data;
+};
+console.log("[agent] connected to CYBERDYNE over MCP\n");
+// 0. Make sure the agent treasury can cover the bounty (demo top-up).
+const t = await call("get_treasury");
+if (Number(t.treasury?.balance_usd ?? 0) < 50) {
+    await call("fund_treasury", { amount_usd: 100 });
+}
+// 1. The agent can't verify a real human is behind the token — find one who can.
+const found = await call("search_humans", { skills: ["groundtruth"], min_reputation: 4.8 });
+const human = found.humans[0];
+console.log(`search_humans(groundtruth, min_rep 4.8) -> ${found.humans.length} match`);
+if (human)
+    console.log(`  hiring ${human.handle}  ${human.location}  rep ${human.reputation}\n`);
+// 2. Post the founder liveness check. Not charged until authorize.
+const posted = await call("post_task", {
+    title: "Founder liveness check on $PEPE2",
+    category: "groundtruth",
+    description: "Get the claimed founder on a short video call and confirm they're a real, specific " +
+        "person — not an impersonator or deepfake — matched to a known reference. Return verified / not + notes.",
+    steps: [
+        "Live video matches a known reference",
+        "Passes liveness / deepfake probes => verified; otherwise not-verified + reasons",
+    ],
+    reward_usd: 50,
+    duration_min: 30,
+    difficulty: "hard",
+    deadline_hours: 2,
+});
+const taskId = posted.task.id;
+console.log(`post_task -> ${taskId}  reward $${posted.task.reward_usd}`);
+// 3. Assign it to the chosen human and open the escrow hold.
+if (human?.id) {
+    const assigned = await call("assign_task", { task_id: taskId, human_id: human.id });
+    console.log(`assign_task -> ${assigned.task.status}, authIntent ${assigned.authIntent ? "present" : "null"}`);
+    const authd = await call("authorize_task", { task_id: taskId });
+    console.log(`authorize_task -> escrow ${authd.task?.escrow_status}`);
+}
+// 4. Poll until the human's proof is in (they submit in the app — human-only).
+const got = await call("get_task", { task_id: taskId });
+console.log(`get_task -> ${got.task.status}  submissions ${got.submissions.length}`);
+// 5. If the proof is in, verify and release payment to the human.
+const pending = (got.submissions ?? []).find((s) => s.status === "pending");
+if (pending) {
+    const settled = await call("release_payment", { task_id: taskId, approve: true, score: 5 });
+    console.log(`release_payment -> task ${settled.task?.status}`);
+    console.log("\n[agent] has a human verification it could not produce itself, and the contributor is paid.");
+}
+else {
+    console.log("\n[agent] task is live and the hold is open; the human submits proof in the app, then the agent releases payment.");
+}
+await client.close();

package/dist/registry.js

@@ -0,0 +1,25 @@
+/**
+ * Static task taxonomy — the only non-network constant the gateway carries.
+ *
+ * These are the seven CYBERDYNE task categories (mirrors `TASK_CATEGORIES` in the
+ * platform's lib/constants.ts). Everything else — humans, tasks, treasury — now
+ * comes from the LIVE platform API; there is no in-memory registry any more.
+ */
+export const TASK_CATEGORIES = [
+    "groundtruth",
+    "capture",
+    "agenteval",
+    "expert",
+    "demo",
+    "data",
+    "social",
+];
+export const CATEGORIES = {
+    groundtruth: "Verify, photograph & ground-truth the real world on location",
+    capture: "Capture real audio, video, image & sensor data",
+    agenteval: "Rate AI-agent runs, tool calls, red-team & safety",
+    expert: "Domain experts review, grade & write hard reasoning data",
+    demo: "Show the AI how — record step-by-step demonstrations",
+    data: "Quick labeling, preference & transcription microtasks",
+    social: "On-platform social actions: follow, repost, reply, quote, original post",
+};

package/dist/server.js

@@ -0,0 +1,189 @@
+#!/usr/bin/env node
+/**
+ * CYBERDYNE MCP server — the agent gateway (LIVE).
+ *
+ * Exposes the CYBERDYNE marketplace to any MCP-capable agent (Claude, etc.) as
+ * tools that call the REAL platform API. There is NO in-memory state any more —
+ * every tool is a thin, typed wrapper over an HTTP endpoint on the live backend.
+ *
+ *   list_categories  — the static task taxonomy (no network)
+ *   search_humans    — POST /api/a2a {search_humans}      → capability index
+ *   get_treasury     — GET  /api/treasury                 → the agent's balance
+ *   fund_treasury    — POST /api/treasury/fund            → demo top-up (testnet only)
+ *   get_deposit_address — GET  /api/treasury/deposit      → where to send real USDC (live)
+ *   deposit          — POST /api/treasury/deposit         → credit treasury from a real USDC tx
+ *   post_task        — POST /api/tasks                    → open a task
+ *   assign_task      — POST /api/tasks/[id]/assign        → pick a human (→ authIntent)
+ *   authorize_task   — POST /api/tasks/[id]/authorize     → open the escrow hold
+ *   get_task         — GET  /api/tasks/[id]               → status + submissions/claims
+ *   release_payment  — POST /api/tasks/[id]/release       → capture (pay) or reject
+ *   close_task       — POST /api/tasks/[id]/close         → close a (multi-unit) bounty
+ *
+ * Auth: every networked tool sends the agent's `cyb_…` key. The REST routes take
+ * it as `Authorization: Bearer …`; search_humans goes through the a2a JSON-RPC
+ * gateway (the REST GET /api/humans is session-only), which carries the key as
+ * `identity_token`.
+ *
+ * The HUMAN submit-proof step happens in the app/UI (human-only — agents cannot
+ * submit on a human's behalf). So an agent's end-to-end flow is:
+ *   (live: get_deposit_address → send USDC → deposit) → post_task
+ *     → (humans claim, or assign_task picks one)
+ *     → assign_task → authorize_task (open the hold)
+ *     → poll get_task until a submission appears
+ *     → release_payment (approve → capture; else reject → refund)
+ *
+ * Config comes from the environment (see src/client.ts):
+ *   CYBERDYNE_API_URL         default "https://app.cyberdyne-os.xyz"
+ *   CYBERDYNE_IDENTITY_TOKEN  the agent's cyb_ key (required for networked tools)
+ */
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { z } from "zod";
+import { CATEGORIES, TASK_CATEGORIES } from "./registry.js";
+import { ApiError, CyberdyneClient, MissingTokenError, readConfig } from "./client.js";
+const config = readConfig();
+const client = new CyberdyneClient(config);
+// ---- Result helpers -------------------------------------------------------
+const json = (data) => ({
+    content: [{ type: "text", text: JSON.stringify(data, null, 2) }],
+});
+const err = (message) => ({
+    content: [{ type: "text", text: JSON.stringify({ error: message }, null, 2) }],
+    isError: true,
+});
+/** Run a tool body, mapping client errors to a clean MCP error result. */
+async function guard(fn) {
+    try {
+        return json(await fn());
+    }
+    catch (e) {
+        if (e instanceof MissingTokenError)
+            return err(e.message);
+        if (e instanceof ApiError)
+            return err(e.message);
+        return err(e instanceof Error ? e.message : String(e));
+    }
+}
+// ---- Server ---------------------------------------------------------------
+const server = new McpServer({ name: "cyberdyne", version: "0.2.0" });
+server.tool("list_categories", "List the kinds of real-world work CYBERDYNE humans can do. Static (no network). Use this to learn the valid `category` values before posting a task.", {}, async () => json(Object.entries(CATEGORIES).map(([id, blurb]) => ({ id, blurb }))));
+server.tool("search_humans", "Find verified humans by capability via the live capability index (a2a gateway). Filters are optional and combine (AND). Results are role='human' profiles ranked by reputation, projected to public columns (no wallets/balances). Note: `skills` is an array.", {
+    skills: z
+        .array(z.enum(TASK_CATEGORIES))
+        .optional()
+        .describe("Task categories the human must be able to do (all must match)."),
+    min_reputation: z.number().min(0).max(5).optional().describe("Minimum reputation (0–5)."),
+    location: z.string().optional().describe("Substring match on location, e.g. 'ES', 'Tokyo'."),
+}, async ({ skills, min_reputation, location }) => guard(() => client.a2a("search_humans", {
+    ...(skills ? { skills } : {}),
+    ...(min_reputation != null ? { min_reputation } : {}),
+    ...(location ? { location } : {}),
+})));
+server.tool("get_treasury", "Get the agent's own treasury (the source of task rewards on the manual rail). Returns null if the agent has no treasury yet — call fund_treasury to create one.", {}, async () => guard(() => client.rest("GET", "/api/treasury")));
+server.tool("fund_treasury", "Demo top-up (TESTNET/DEMO ONLY): add USD to the treasury balance. DISABLED when the platform is live (returns 403 funding_disabled) — on the live rail fund with REAL USDC via get_deposit_address + deposit instead.", { amount_usd: z.number().positive().describe("USD to add to the treasury balance.") }, async ({ amount_usd }) => guard(() => client.rest("POST", "/api/treasury/fund", { body: { amount_usd } })));
+server.tool("get_deposit_address", "Get the on-chain address to fund your treasury with REAL USDC (live rail). Returns { deposit_address, chain_id, usdc_address, decimals }. Send USDC from your VERIFIED wallet to deposit_address on Base, then call `deposit` with the tx hash to credit your treasury.", {}, async () => guard(() => client.rest("GET", "/api/treasury/deposit")));
+server.tool("deposit", "Credit your treasury from a REAL on-chain USDC deposit (live rail; the real-money replacement for fund_treasury). First send USDC to the address from get_deposit_address (from your verified wallet), then call this with the transaction hash. The transfer is verified on-chain (to = platform wallet, from = your wallet) and credited exactly once — resubmitting the same tx never double-credits.", {
+    tx_hash: z
+        .string()
+        .regex(/^0x[0-9a-fA-F]{64}$/)
+        .describe("The Base tx hash of your USDC transfer to the deposit address."),
+}, async ({ tx_hash }) => guard(() => client.rest("POST", "/api/treasury/deposit", { body: { tx_hash } })));
+server.tool("post_task", "Open a task on the marketplace. Funds are NOT charged at post — the escrow hold opens later at authorize_task. On the manual rail the platform only checks the treasury can cover the budget (402 insufficient_treasury otherwise). `reward_usd` is the total budget; with quantity>1 each unit holds reward_usd/quantity. Returns the created task (with its id).", {
+    title: z.string().min(2).max(160).describe("Short task title."),
+    category: z.enum(TASK_CATEGORIES),
+    description: z.string().max(4000).optional().describe("What you need the human to do."),
+    steps: z.array(z.string()).optional().describe("Ordered steps / acceptance criteria."),
+    reward_usd: z.number().positive().describe("Total reward budget in USD."),
+    quantity: z.number().int().positive().optional().describe("Number of identical units (default 1)."),
+    duration_min: z.number().int().positive().describe("Estimated minutes to complete."),
+    difficulty: z.enum(["easy", "medium", "hard"]),
+    pay_token: z.enum(["USDC", "BNKR", "CYOS"]).optional().describe("Settlement token (default USDC)."),
+    deadline_hours: z.number().int().positive().optional(),
+}, async (args) => guard(() => client.rest("POST", "/api/tasks", { body: args })));
+server.tool("assign_task", "Assign an open task to a chosen human (poster-only) and open the escrow intent. Returns `{ task, authIntent }`: on an on-chain rail `authIntent` is the auth-capture requirements the agent must sign; on the manual rail it is null. Next call authorize_task to actually open the hold.", {
+    task_id: z.string().uuid(),
+    human_id: z.string().uuid().describe("The human profile id (from search_humans / get_task claims)."),
+}, async ({ task_id, human_id }) => guard(() => client.rest("POST", `/api/tasks/${task_id}/assign`, { body: { human_id } })));
+server.tool("authorize_task", "Open the escrow hold for an assigned task (poster-only). On the manual rail the body is empty (logical treasury debit). On an on-chain rail pass `signed_payment` — the base64 agent-signed auth-capture payload from the authIntent returned by assign_task. Idempotent once held.", {
+    task_id: z.string().uuid(),
+    signed_payment: z
+        .string()
+        .optional()
+        .describe("On-chain rail only: base64-encoded signed auth-capture payload."),
+}, async ({ task_id, signed_payment }) => guard(() => client.rest("POST", `/api/tasks/${task_id}/authorize`, {
+    body: signed_payment ? { signedPayment: signed_payment } : {},
+})));
+server.tool("get_task", "Get the live state of a task: the task row plus the submissions and per-unit claims the agent (as poster) may see. Poll this after authorize_task until a submission with status 'pending' appears — that is the human's proof, ready for release_payment.", { task_id: z.string().uuid() }, async ({ task_id }) => guard(() => client.rest("GET", `/api/tasks/${task_id}`)));
+server.tool("release_payment", "Settle a submitted proof (poster-only). approve:true → CAPTURE: pay the human net of platform fee. approve:false → REJECT/REFUND the held escrow. Requires the `submission_id` to act on; if omitted, the gateway fetches the task and uses the latest pending submission (and errors if none is pending yet — poll get_task first).", {
+    task_id: z.string().uuid(),
+    approve: z.boolean().describe("true = proof meets criteria → pay; false = reject/refund."),
+    submission_id: z
+        .string()
+        .uuid()
+        .optional()
+        .describe("The submission to settle. Auto-resolved to the latest pending one if omitted."),
+    score: z.number().int().min(1).max(5).optional().describe("Rating of the human's work (1–5)."),
+    reject_reason: z.string().max(1000).optional().describe("Why the proof was rejected (approve:false)."),
+}, async ({ task_id, approve, submission_id, score, reject_reason }) => guard(async () => {
+    // The release endpoint settles a specific submission. If the caller didn't
+    // pass one, resolve the latest PENDING submission from the live task.
+    let sid = submission_id;
+    if (!sid) {
+        const detail = await client.rest("GET", `/api/tasks/${task_id}`);
+        const pending = (detail.submissions ?? []).find((s) => s.status === "pending");
+        if (!pending) {
+            throw new ApiError(409, "no_pending_submission (poll get_task until the human submits proof)", `GET /api/tasks/${task_id}`);
+        }
+        sid = pending.id;
+    }
+    return client.rest("POST", `/api/tasks/${task_id}/release`, {
+        body: {
+            submission_id: sid,
+            approve,
+            ...(score != null ? { score } : {}),
+            ...(reject_reason ? { reject_reason } : {}),
+        },
+    });
+}));
+server.tool("close_task", "Close a (multi-unit) bounty (poster-only): refund every still-held unit to the agent, mark unclaimed units done, and stop further claims. Idempotent on an already-closed task.", { task_id: z.string().uuid() }, async ({ task_id }) => guard(() => client.rest("POST", `/api/tasks/${task_id}/close`)));
+// ---- Self-onboarding prompt -----------------------------------------------
+// Surfaces as /mcp__cyberdyne__quickstart — the agent (or user) runs it once to
+// learn the end-to-end campaign flow without reading docs. This is the "skill"
+// shipped inside the MCP: guidance travels with the tools.
+server.registerPrompt("quickstart", {
+    title: "CYBERDYNE quickstart",
+    description: "How to fund, post a campaign, and pay humans end-to-end (live rail).",
+}, () => ({
+    messages: [
+        {
+            role: "user",
+            content: {
+                type: "text",
+                text: [
+                    "You are connected to CYBERDYNE — hire and pay verified humans for tasks AI can't do alone. Settlement is REAL USDC on Base.",
+                    "",
+                    "FUND (live rail, real money):",
+                    "1. get_deposit_address → returns the platform deposit address on Base.",
+                    "2. Send USDC to that address FROM your own verified wallet (the one you signed in with).",
+                    "3. deposit({ tx_hash }) → credits your treasury by the verified amount (idempotent).",
+                    "   (fund_treasury is demo-only and is disabled on the live rail.)",
+                    "",
+                    "RUN A CAMPAIGN:",
+                    "4. post_task({ title, category, reward_usd, quantity, duration_min, difficulty }) — reward_usd is the TOTAL budget; with quantity>1 each unit holds reward_usd/quantity. Use reward_usd ≥ 0.50 so the 2.5% fee is visible.",
+                    "5. Humans claim units and submit proof (the submit step is human-only, in the app — you cannot submit for them). Poll get_task until a submission is pending.",
+                    "   - Or pick someone yourself: search_humans({ skills, min_reputation }) → assign_task({ task_id, human_id }) → authorize_task({ task_id }) to open the hold.",
+                    "6. release_payment({ task_id, approve: true, score }) → captures: net USDC is paid to the human, the 2.5% fee goes to the protocol wallet. approve:false refunds the hold.",
+                    "7. close_task({ task_id }) → refund any still-unclaimed units of a multi-unit bounty.",
+                    "",
+                    "Check get_treasury anytime for your balance. Every payout and fee is a real on-chain tx.",
+                ].join("\n"),
+            },
+        },
+    ],
+}));
+// ---- Boot -----------------------------------------------------------------
+const transport = new StdioServerTransport();
+await server.connect(transport);
+console.error(`CYBERDYNE MCP server running on stdio → ${config.apiUrl}` +
+    (config.token ? "" : " (no CYBERDYNE_IDENTITY_TOKEN set; networked tools will error until you set it)") +
+    ". Tools: list_categories, search_humans, get_treasury, fund_treasury, get_deposit_address, deposit, post_task, assign_task, authorize_task, get_task, release_payment, close_task.");