cyberdyne-mcp 0.6.0 → 0.6.2

package/README.md

@@ -31,13 +31,42 @@ wallet is then used automatically for pool-budget signing — zero env vars.
 An agent already running inside an LLM with this MCP connected can **self-onboard
 with zero web interaction** by calling the `onboard` tool — it's the one tool that
 works without an existing key and bootstraps everything else. After that it can
-fund (`get_deposit_address` → send USDC on Base → `deposit`) and `post_task`.
+fund (`get_deposit_address` → send USDC on Base → `deposit`) and `post_task` — and
+`withdraw_treasury` to recover unspent treasury to your wallet.
 
 > Mirrors the Bankr CLI UX (`bankr login` → wallet + API key in one shot). The
 > human **submit-proof** step is intentionally still in the app (human-only); every
 > agent-side action — onboard, fund, post, assign, authorize, review, close — is
 > headless.
 
+## CLI
+
+Beyond `onboard`/`login`, the package ships Bankr-style convenience subcommands —
+each runs once, prints a summary, and exits (no MCP needed). They use the wallet +
+`cyb_` key saved by `onboard`.
+
+```bash
+npx -y cyberdyne-mcp onboard                       # generate a wallet + mint your cyb_ key (run this first)
+npx -y cyberdyne-mcp treasury                       # balance + where to send USDC   (alias: balance, fees)
+npx -y cyberdyne-mcp post --title "Like our launch tweet" --token BNKR --reward 100 --quantity 1
+npx -y cyberdyne-mcp tasks                          # list your posted tasks + status
+```
+
+| Command | Usage | What it does |
+|---|---|---|
+| `treasury` | `cyberdyne-mcp treasury` (alias `balance`, `fees`) | Like `bankr fees`. Prints balance, total funded, total spent, **and** the deposit address to send USDC to. |
+| `post` | `cyberdyne-mcp post --title <t> --reward <n> [--token USDC\|BNKR\|GITLAWB] [--quantity <n>] [--category <c>] [--action follow\|retweet\|reply\|quote\|original-post] [--url <x.com/…>] [--rail pool\|custodial]` | Like `bankr launch`. Opens a task. On the **pool** rail (default for BNKR/GITLAWB or `--quantity>1`) it autonomously signs the budget, pays the deploy fee from your wallet, and authorizes — printing each stage and the final task id + `escrow_status`. On the custodial rail it just prints the posted task. |
+| `tasks` | `cyberdyne-mcp tasks` | Lists your own posted tasks: id, title, token, quantity, filled/remaining, status. |
+
+Flags accept both `--flag value` and `--flag=value`. `--title` and `--reward` (per
+unit, in the pay token) are required for `post`; everything else has a default
+(`--token USDC`, `--quantity 1`, `--category social`). The pool rail needs the saved
+signing wallet — if none is present, `post` tells you to run `onboard` first.
+
+> The human **submit-proof** step still happens in the app (human-only). After a
+> pool launch, humans claim + submit FCFS; review each submission (via the
+> `review_submission` MCP tool) to capture a unit.
+
 ## Configuration (environment)
 
 stdio MCP servers take their credentials from the environment. Set:
@@ -101,6 +130,7 @@ post_task (quantity > 1)                            → { task, authIntent, depl
 | `fund_treasury` | `POST /api/treasury/fund` | **Testnet/demo** top-up (disabled on the live rail). |
 | `get_deposit_address` | `GET /api/treasury/deposit` | Where to send real USDC to fund the treasury (live rail). |
 | `deposit` | `POST /api/treasury/deposit` | Credit the treasury from a real on-chain USDC deposit (tx hash). |
+| `withdraw_treasury` | `POST /api/treasury/withdraw` | Recover unspent treasury to your wallet — pull USDC back to your own verified deposit wallet on Base (live rail; no destination param, so funds can only go to you). |
 | `post_task` | `POST /api/tasks` | Open a task. `reward_usd` is the budget; not charged until authorize. Pool/FCFS response also carries `authIntent` + `deployFee`. |
 | `assign_task` | `POST /api/tasks/[id]/assign` | Direct hire: assign to a human; returns `{ task, authIntent }` (authIntent is `null` on the custodial/manual rail). |
 | `authorize_task` | `POST /api/tasks/[id]/authorize` | Open the escrow hold. Custodial/manual: just `task_id`. On-chain direct hire: `auth_intent`/`signed_payment`. Pool/FCFS: also `deploy_fee`/`fee_tx_hash`. |

package/dist/cli.js

@@ -0,0 +1,226 @@
+/**
+ * Bankr-style convenience CLI for CYBERDYNE — `treasury` / `post` / `tasks`.
+ *
+ * These are ADDITIONAL command-line entry points (not MCP tools). They run, print
+ * a human-readable summary to stderr, and exit — exactly like `onboard`/`login`.
+ * They mirror the Bankr CLI UX (`bankr fees`, `bankr launch`): a single command
+ * that does the full thing autonomously using the saved `cyb_` key + wallet.
+ *
+ *   treasury (alias balance, fees) — your balance + where to send USDC (bankr fees)
+ *   post                           — open a task; on the pool rail, sign + pay +
+ *                                    authorize in one shot (bankr launch)
+ *   tasks                          — list your own posted tasks with status
+ *
+ * Networking reuses CyberdyneClient (the saved Bearer key); pool signing/fee
+ * payment reuses src/evm-signer.ts — no signing logic is reinvented here.
+ */
+import { CyberdyneClient, readConfig, ApiError, MissingTokenError } from "./client.js";
+// ── tiny argv parser ───────────────────────────────────────────────────────
+// Supports `--flag value` and `--flag=value`. Bare `--flag` (no value) ⇒ "true".
+export function parseFlags(argv) {
+    const out = {};
+    for (let i = 0; i < argv.length; i++) {
+        const tok = argv[i];
+        if (!tok.startsWith("--"))
+            continue;
+        const body = tok.slice(2);
+        const eq = body.indexOf("=");
+        if (eq >= 0) {
+            out[body.slice(0, eq)] = body.slice(eq + 1);
+            continue;
+        }
+        const next = argv[i + 1];
+        if (next !== undefined && !next.startsWith("--")) {
+            out[body] = next;
+            i++;
+        }
+        else {
+            out[body] = "true";
+        }
+    }
+    return out;
+}
+function client() {
+    return new CyberdyneClient(readConfig());
+}
+function hasKey() {
+    return !!readConfig().token;
+}
+const NO_KEY = "No CYBERDYNE key saved. Run:  npx -y cyberdyne-mcp onboard";
+/** Format a USD-ish numeric value (handles string/number/null) to 2dp. */
+function usd(v) {
+    const n = typeof v === "number" ? v : Number(v);
+    return Number.isFinite(n) ? `$${n.toFixed(2)}` : "—";
+}
+function fail(msg) {
+    console.error(`✗ ${msg}`);
+    process.exit(1);
+}
+/** Map a thrown client error to a clean one-line message. */
+function describe(e) {
+    if (e instanceof MissingTokenError)
+        return NO_KEY;
+    if (e instanceof ApiError)
+        return e.message;
+    return e instanceof Error ? e.message : String(e);
+}
+// ── treasury (alias: balance, fees) ─────────────────────────────────────────
+// `bankr fees` equivalent: your balance + the deposit address to fund it.
+export async function runTreasury() {
+    if (!hasKey())
+        fail(NO_KEY);
+    const c = client();
+    try {
+        const { treasury } = await c.rest("GET", "/api/treasury");
+        // The deposit address only resolves on the live rail; treat a 403/503 as
+        // "not available yet" rather than failing the whole command.
+        let deposit = null;
+        try {
+            deposit = await c.rest("GET", "/api/treasury/deposit");
+        }
+        catch {
+            deposit = null;
+        }
+        const lines = ["CYBERDYNE treasury"];
+        if (!treasury) {
+            lines.push("  balance        : — (no treasury yet — fund it to create one)");
+        }
+        else {
+            lines.push(`  balance        : ${usd(treasury.balance_usd)}`);
+            lines.push(`  total funded   : ${usd(treasury.total_funded ?? treasury.total_funded_usd)}`);
+            lines.push(`  total spent    : ${usd(treasury.total_spent ?? treasury.total_spent_usd)}`);
+        }
+        if (deposit?.deposit_address) {
+            lines.push("");
+            lines.push(`  deposit USDC to: ${deposit.deposit_address}`);
+            lines.push(`  chain          : Base (chain id ${deposit.chain_id ?? 8453})`);
+            lines.push("  → send USDC from your verified wallet, then credit it with the `deposit` MCP tool.");
+        }
+        else {
+            lines.push("");
+            lines.push("  deposit address: not available (live deposits not enabled on this rail yet).");
+        }
+        console.error(lines.join("\n"));
+        process.exit(0);
+    }
+    catch (e) {
+        fail(describe(e));
+    }
+}
+// ── post (bankr launch) ──────────────────────────────────────────────────────
+// Open a task. Per-unit `--reward` × `--quantity` = the budget. On the pool rail
+// (BNKR/GITLAWB or quantity>1) the response carries authIntent + deployFee: sign
+// the budget + pay the fee + authorize, all from the saved wallet, autonomously.
+const PAY_TOKENS = new Set(["USDC", "BNKR", "GITLAWB"]);
+export async function runPost(argv) {
+    if (!hasKey())
+        fail(NO_KEY);
+    const f = parseFlags(argv);
+    const title = f.title?.trim();
+    if (!title)
+        fail("--title is required");
+    const rewardPerUnit = Number(f.reward);
+    if (!Number.isFinite(rewardPerUnit) || rewardPerUnit <= 0)
+        fail("--reward <n> is required (per-unit, in the pay token)");
+    const token = (f.token ?? "USDC").toUpperCase();
+    if (!PAY_TOKENS.has(token))
+        fail(`--token must be one of USDC, BNKR, GITLAWB (got ${token})`);
+    const quantity = f.quantity != null ? Math.trunc(Number(f.quantity)) : 1;
+    if (!Number.isFinite(quantity) || quantity < 1)
+        fail("--quantity must be a positive integer");
+    const category = (f.category ?? "social").trim();
+    const action = f.action?.trim();
+    const url = f.url?.trim();
+    // Rail: default pool when token is a real ecosystem token (BNKR/GITLAWB) or it's
+    // a multi-unit bounty; else custodial single-hold. `--rail` overrides.
+    const railFlag = f.rail?.trim().toLowerCase();
+    const rail = railFlag === "pool" || railFlag === "custodial"
+        ? railFlag
+        : token === "BNKR" || token === "GITLAWB" || quantity > 1
+            ? "pool"
+            : "custodial";
+    // reward_usd is the TOTAL budget (= per-unit × quantity). For non-USDC tokens this
+    // figure is the TOKEN amount (the platform settles in-token on the pool rail).
+    const reward_usd = Number((rewardPerUnit * quantity).toFixed(6));
+    const body = {
+        title,
+        category,
+        reward_usd,
+        quantity,
+        pay_token: token,
+        rail,
+    };
+    if (category === "social" && action)
+        body.social_action = action;
+    if (category === "social" && url)
+        body.social_target_url = url;
+    const c = client();
+    try {
+        console.error(`→ posting "${title}"  (${rewardPerUnit} ${token} × ${quantity} = ${reward_usd} ${token}, ${rail} rail)…`);
+        const res = await c.rest("POST", "/api/tasks", { body });
+        const taskId = res.task?.id;
+        console.error(`  ✓ posted — task ${taskId}`);
+        // Custodial rail (no authIntent): nothing else to do; the hold opens later.
+        if (!res.authIntent || !res.deployFee) {
+            console.error(`\n✓ Task ${taskId} is open (custodial rail). Next: assign a human + authorize, then release on a valid proof.`);
+            process.exit(0);
+        }
+        // POOL rail — the autonomous `bankr launch` path. Sign the budget with the saved
+        // wallet, pay the separate deploy fee, then authorize. Reuses evm-signer (the
+        // exact logic the authorize_task MCP tool uses).
+        const { hasEvmKey, signAuthCapture, payDeployFee } = await import("./evm-signer.js");
+        if (!hasEvmKey()) {
+            fail("pool rail needs a signing wallet, but none is saved. Run `npx -y cyberdyne-mcp onboard` " +
+                `(the task ${taskId} is posted but not yet funded).`);
+        }
+        const requirements = res.authIntent.requirements ?? res.authIntent;
+        console.error("→ signing the budget authorization…");
+        const signedPayment = await signAuthCapture(requirements);
+        const fee = res.deployFee;
+        console.error(`→ paying the deploy fee (${usd(fee.usd)} in ${fee.token}) from your wallet…`);
+        const feeTx = await payDeployFee({ amountUsd: fee.usd, recipient: fee.recipient, token: fee.token });
+        console.error(`  ✓ fee paid — ${feeTx}`);
+        console.error("→ freezing the budget (authorize)…");
+        const authed = await c.rest("POST", `/api/tasks/${taskId}/authorize`, { body: { signedPayment, fee_tx_hash: feeTx } });
+        const escrow = authed.task?.escrow_status ?? "held";
+        console.error(`\n✓ Launched. task ${taskId} — escrow_status: ${escrow}. ` +
+            "Humans can now claim + submit FCFS; review each submission to capture a unit.");
+        process.exit(0);
+    }
+    catch (e) {
+        fail(describe(e));
+    }
+}
+// ── tasks ─────────────────────────────────────────────────────────────────
+// List the agent's own posted tasks (GET /api/tasks?mine=posted — works with the
+// agent key). Short: id, title, token, qty, filled/remaining, status.
+export async function runTasks() {
+    if (!hasKey())
+        fail(NO_KEY);
+    const c = client();
+    try {
+        const { tasks } = await c.rest("GET", "/api/tasks", {
+            query: { mine: "posted", limit: 50 },
+        });
+        if (!tasks || tasks.length === 0) {
+            console.error("No posted tasks yet. Post one:  npx -y cyberdyne-mcp post --title \"…\" --reward 1");
+            process.exit(0);
+        }
+        const lines = [`Your posted tasks (${tasks.length}):`];
+        for (const t of tasks) {
+            const qty = Number(t.quantity ?? 1) || 1;
+            const filled = Number(t.filled_count ?? t.captured_count ?? 0) || 0;
+            const remaining = Math.max(qty - filled, 0);
+            const token = String(t.pay_token ?? "USDC");
+            const status = String(t.escrow_status ? `${t.status}/${t.escrow_status}` : t.status ?? "—");
+            const id = String(t.id ?? "—");
+            const title = String(t.title ?? "").slice(0, 40);
+            lines.push(`  ${id}  ${title.padEnd(40)}  ${token.padEnd(7)}  qty ${qty}  filled ${filled}/${qty} (rem ${remaining})  ${status}`);
+        }
+        console.error(lines.join("\n"));
+        process.exit(0);
+    }
+    catch (e) {
+        fail(describe(e));
+    }
+}

package/dist/server.js

@@ -12,6 +12,7 @@
  *   fund_treasury    — POST /api/treasury/fund            → demo top-up (testnet only)
  *   get_deposit_address — GET  /api/treasury/deposit      → where to send real USDC (live)
  *   deposit          — POST /api/treasury/deposit         → credit treasury from a real USDC tx
+ *   withdraw_treasury — POST /api/treasury/withdraw        → pull unspent treasury back to your wallet (live)
  *   post_task        — POST /api/tasks                    → open a task
  *   assign_task      — POST /api/tasks/[id]/assign        → pick a human (→ authIntent)
  *   authorize_task   — POST /api/tasks/[id]/authorize     → open the escrow hold
@@ -112,6 +113,23 @@ if (process.argv[2] === "login") {
         "Now run:  claude mcp add cyberdyne -- npx -y cyberdyne-mcp");
     process.exit(0);
 }
+// Bankr-style convenience CLI subcommands (additional entry points, not MCP tools).
+// Each runs autonomously with the saved key/wallet, prints a summary, and exits.
+//   treasury (alias balance, fees) — balance + deposit address  (like `bankr fees`)
+//   post                           — open a task; pool rail auto sign+pay+authorize (like `bankr launch`)
+//   tasks                          — list your own posted tasks with status
+if (["treasury", "balance", "fees"].includes(process.argv[2] ?? "")) {
+    const { runTreasury } = await import("./cli.js");
+    await runTreasury();
+}
+if (process.argv[2] === "post") {
+    const { runPost } = await import("./cli.js");
+    await runPost(process.argv.slice(3));
+}
+if (process.argv[2] === "tasks") {
+    const { runTasks } = await import("./cli.js");
+    await runTasks();
+}
 const config = readConfig();
 const client = new CyberdyneClient(config);
 // ---- Result helpers -------------------------------------------------------
@@ -136,7 +154,7 @@ async function guard(fn) {
     }
 }
 // ---- Server ---------------------------------------------------------------
-const server = new McpServer({ name: "cyberdyne", version: "0.6.0" });
+const server = new McpServer({ name: "cyberdyne", version: "0.6.2" });
 server.tool("list_categories", "List the kinds of real-world work CYBERDYNE humans can do. Static (no network). Use this to learn the valid `category` values before posting a task.", {}, async () => json(Object.entries(CATEGORIES).map(([id, blurb]) => ({ id, blurb }))));
 server.tool("onboard", "BOOTSTRAP (works WITHOUT an existing key — the one tool that self-onboards). Zero-browser: generates a fresh wallet if you don't have one, signs in to CYBERDYNE with it (SIWE), mints your `cyb_` agent API key, and saves both to ~/.cyberdyne/config.json (0600) so every other tool here authenticates automatically. No web dashboard, no env vars. Returns your wallet address, the cyb_ key (shown once), and the next steps (fund via get_deposit_address+deposit → post_task → assign → authorize → release). The same generated wallet auto-signs pool budgets. Idempotent-ish: re-running with a saved wallet reuses it and mints a fresh key.", {}, async () => guard(async () => {
     const r = await onboard();
@@ -170,6 +188,7 @@ server.tool("deposit", "Credit your treasury from a REAL on-chain USDC deposit (
         .regex(/^0x[0-9a-fA-F]{64}$/)
         .describe("The Base tx hash of your USDC transfer to the deposit address."),
 }, async ({ tx_hash }) => guard(() => client.rest("POST", "/api/treasury/deposit", { body: { tx_hash } })));
+server.tool("withdraw_treasury", "Recover UNSPENT treasury to your wallet (live rail): pull USDC out of your treasury back to your own VERIFIED deposit wallet on Base — no browser. Available balance is your treasury balance net of any open escrow holds. Funds can ONLY go to your verified wallet (no destination param), so a leaked key can't redirect them. Returns { ok, tx_hash, amount_usd, to }. 400 insufficient_treasury if the balance can't cover it; 403 withdraws_disabled on the demo rail.", { amount_usd: z.number().positive().describe("USD to withdraw from your treasury to your verified wallet.") }, async ({ amount_usd }) => guard(() => client.rest("POST", "/api/treasury/withdraw", { body: { amount_usd } })));
 server.tool("post_task", "Open a task on the marketplace. Funds are NOT charged at post — the escrow hold opens later at authorize_task. `reward_usd` is the total budget; with quantity>1 each unit holds reward_usd/quantity (each unit must be >= $0.01). Returns the created task (with its id). DIRECT-HIRE / custodial rail (the path live today): the platform checks the prefunded treasury can cover the budget (402 insufficient_treasury otherwise); response is { task }. POOL/FCFS rail (only when the server enables it): response also includes `authIntent` (the budget authorization to sign) and `deployFee` { usd, bps, recipient, token } (a SEPARATE non-refundable fee tx) — pass both to authorize_task.", {
     title: z.string().min(2).max(160).describe("Short task title."),
     category: z.enum(TASK_CATEGORIES),
@@ -311,4 +330,5 @@ const transport = new StdioServerTransport();
 await server.connect(transport);
 console.error(`CYBERDYNE MCP server running on stdio → ${config.apiUrl}` +
     (config.token ? "" : " (no key — run `npx cyberdyne-mcp onboard` to self-generate a wallet + key, or `login cyb_…`, or set CYBERDYNE_IDENTITY_TOKEN; networked tools error until then)") +
-    ". Tools (14): onboard, list_categories, search_humans, get_treasury, fund_treasury, get_deposit_address, deposit, post_task, assign_task, authorize_task, get_task, release_payment, review_submission, close_task.");
+    ". Tools (15): onboard, list_categories, search_humans, get_treasury, fund_treasury, get_deposit_address, deposit, withdraw_treasury, post_task, assign_task, authorize_task, get_task, release_payment, review_submission, close_task." +
+    " CLI: onboard, login, treasury (alias balance/fees), post, tasks.");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cyberdyne-mcp",
-  "version": "0.6.0",
+  "version": "0.6.2",
   "publishConfig": {
     "access": "public"
   },

package/src/cli.ts

@@ -0,0 +1,253 @@
+/**
+ * Bankr-style convenience CLI for CYBERDYNE — `treasury` / `post` / `tasks`.
+ *
+ * These are ADDITIONAL command-line entry points (not MCP tools). They run, print
+ * a human-readable summary to stderr, and exit — exactly like `onboard`/`login`.
+ * They mirror the Bankr CLI UX (`bankr fees`, `bankr launch`): a single command
+ * that does the full thing autonomously using the saved `cyb_` key + wallet.
+ *
+ *   treasury (alias balance, fees) — your balance + where to send USDC (bankr fees)
+ *   post                           — open a task; on the pool rail, sign + pay +
+ *                                    authorize in one shot (bankr launch)
+ *   tasks                          — list your own posted tasks with status
+ *
+ * Networking reuses CyberdyneClient (the saved Bearer key); pool signing/fee
+ * payment reuses src/evm-signer.ts — no signing logic is reinvented here.
+ */
+import { CyberdyneClient, readConfig, ApiError, MissingTokenError } from "./client.js";
+
+// ── tiny argv parser ───────────────────────────────────────────────────────
+// Supports `--flag value` and `--flag=value`. Bare `--flag` (no value) ⇒ "true".
+export function parseFlags(argv: string[]): Record<string, string> {
+  const out: Record<string, string> = {};
+  for (let i = 0; i < argv.length; i++) {
+    const tok = argv[i];
+    if (!tok.startsWith("--")) continue;
+    const body = tok.slice(2);
+    const eq = body.indexOf("=");
+    if (eq >= 0) {
+      out[body.slice(0, eq)] = body.slice(eq + 1);
+      continue;
+    }
+    const next = argv[i + 1];
+    if (next !== undefined && !next.startsWith("--")) {
+      out[body] = next;
+      i++;
+    } else {
+      out[body] = "true";
+    }
+  }
+  return out;
+}
+
+function client(): CyberdyneClient {
+  return new CyberdyneClient(readConfig());
+}
+
+function hasKey(): boolean {
+  return !!readConfig().token;
+}
+
+const NO_KEY = "No CYBERDYNE key saved. Run:  npx -y cyberdyne-mcp onboard";
+
+/** Format a USD-ish numeric value (handles string/number/null) to 2dp. */
+function usd(v: unknown): string {
+  const n = typeof v === "number" ? v : Number(v);
+  return Number.isFinite(n) ? `$${n.toFixed(2)}` : "—";
+}
+
+function fail(msg: string): never {
+  console.error(`✗ ${msg}`);
+  process.exit(1);
+}
+
+/** Map a thrown client error to a clean one-line message. */
+function describe(e: unknown): string {
+  if (e instanceof MissingTokenError) return NO_KEY;
+  if (e instanceof ApiError) return e.message;
+  return e instanceof Error ? e.message : String(e);
+}
+
+// ── treasury (alias: balance, fees) ─────────────────────────────────────────
+// `bankr fees` equivalent: your balance + the deposit address to fund it.
+export async function runTreasury(): Promise<void> {
+  if (!hasKey()) fail(NO_KEY);
+  const c = client();
+  try {
+    const { treasury } = await c.rest<{ treasury: Record<string, unknown> | null }>("GET", "/api/treasury");
+
+    // The deposit address only resolves on the live rail; treat a 403/503 as
+    // "not available yet" rather than failing the whole command.
+    let deposit: { deposit_address?: string; chain_id?: number; usdc_address?: string } | null = null;
+    try {
+      deposit = await c.rest("GET", "/api/treasury/deposit");
+    } catch {
+      deposit = null;
+    }
+
+    const lines: string[] = ["CYBERDYNE treasury"];
+    if (!treasury) {
+      lines.push("  balance        : — (no treasury yet — fund it to create one)");
+    } else {
+      lines.push(`  balance        : ${usd(treasury.balance_usd)}`);
+      lines.push(`  total funded   : ${usd(treasury.total_funded ?? treasury.total_funded_usd)}`);
+      lines.push(`  total spent    : ${usd(treasury.total_spent ?? treasury.total_spent_usd)}`);
+    }
+    if (deposit?.deposit_address) {
+      lines.push("");
+      lines.push(`  deposit USDC to: ${deposit.deposit_address}`);
+      lines.push(`  chain          : Base (chain id ${deposit.chain_id ?? 8453})`);
+      lines.push("  → send USDC from your verified wallet, then credit it with the `deposit` MCP tool.");
+    } else {
+      lines.push("");
+      lines.push("  deposit address: not available (live deposits not enabled on this rail yet).");
+    }
+    console.error(lines.join("\n"));
+    process.exit(0);
+  } catch (e) {
+    fail(describe(e));
+  }
+}
+
+// ── post (bankr launch) ──────────────────────────────────────────────────────
+// Open a task. Per-unit `--reward` × `--quantity` = the budget. On the pool rail
+// (BNKR/GITLAWB or quantity>1) the response carries authIntent + deployFee: sign
+// the budget + pay the fee + authorize, all from the saved wallet, autonomously.
+const PAY_TOKENS = new Set(["USDC", "BNKR", "GITLAWB"]);
+
+export async function runPost(argv: string[]): Promise<void> {
+  if (!hasKey()) fail(NO_KEY);
+  const f = parseFlags(argv);
+
+  const title = f.title?.trim();
+  if (!title) fail("--title is required");
+  const rewardPerUnit = Number(f.reward);
+  if (!Number.isFinite(rewardPerUnit) || rewardPerUnit <= 0) fail("--reward <n> is required (per-unit, in the pay token)");
+
+  const token = (f.token ?? "USDC").toUpperCase();
+  if (!PAY_TOKENS.has(token)) fail(`--token must be one of USDC, BNKR, GITLAWB (got ${token})`);
+
+  const quantity = f.quantity != null ? Math.trunc(Number(f.quantity)) : 1;
+  if (!Number.isFinite(quantity) || quantity < 1) fail("--quantity must be a positive integer");
+
+  const category = (f.category ?? "social").trim();
+  const action = f.action?.trim();
+  const url = f.url?.trim();
+
+  // Rail: default pool when token is a real ecosystem token (BNKR/GITLAWB) or it's
+  // a multi-unit bounty; else custodial single-hold. `--rail` overrides.
+  const railFlag = f.rail?.trim().toLowerCase();
+  const rail =
+    railFlag === "pool" || railFlag === "custodial"
+      ? railFlag
+      : token === "BNKR" || token === "GITLAWB" || quantity > 1
+        ? "pool"
+        : "custodial";
+
+  // reward_usd is the TOTAL budget (= per-unit × quantity). For non-USDC tokens this
+  // figure is the TOKEN amount (the platform settles in-token on the pool rail).
+  const reward_usd = Number((rewardPerUnit * quantity).toFixed(6));
+
+  const body: Record<string, unknown> = {
+    title,
+    category,
+    reward_usd,
+    quantity,
+    pay_token: token,
+    rail,
+  };
+  if (category === "social" && action) body.social_action = action;
+  if (category === "social" && url) body.social_target_url = url;
+
+  const c = client();
+  try {
+    console.error(
+      `→ posting "${title}"  (${rewardPerUnit} ${token} × ${quantity} = ${reward_usd} ${token}, ${rail} rail)…`,
+    );
+    const res = await c.rest<{
+      task: { id: string; escrow_status?: string };
+      authIntent?: { requirements?: unknown };
+      deployFee?: { usd: number; recipient: string; token: string };
+    }>("POST", "/api/tasks", { body });
+    const taskId = res.task?.id;
+    console.error(`  ✓ posted — task ${taskId}`);
+
+    // Custodial rail (no authIntent): nothing else to do; the hold opens later.
+    if (!res.authIntent || !res.deployFee) {
+      console.error(
+        `\n✓ Task ${taskId} is open (custodial rail). Next: assign a human + authorize, then release on a valid proof.`,
+      );
+      process.exit(0);
+    }
+
+    // POOL rail — the autonomous `bankr launch` path. Sign the budget with the saved
+    // wallet, pay the separate deploy fee, then authorize. Reuses evm-signer (the
+    // exact logic the authorize_task MCP tool uses).
+    const { hasEvmKey, signAuthCapture, payDeployFee } = await import("./evm-signer.js");
+    if (!hasEvmKey()) {
+      fail(
+        "pool rail needs a signing wallet, but none is saved. Run `npx -y cyberdyne-mcp onboard` " +
+          `(the task ${taskId} is posted but not yet funded).`,
+      );
+    }
+
+    const requirements =
+      (res.authIntent as { requirements?: unknown }).requirements ?? res.authIntent;
+    console.error("→ signing the budget authorization…");
+    const signedPayment = await signAuthCapture(requirements);
+
+    const fee = res.deployFee;
+    console.error(`→ paying the deploy fee (${usd(fee.usd)} in ${fee.token}) from your wallet…`);
+    const feeTx = await payDeployFee({ amountUsd: fee.usd, recipient: fee.recipient, token: fee.token });
+    console.error(`  ✓ fee paid — ${feeTx}`);
+
+    console.error("→ freezing the budget (authorize)…");
+    const authed = await c.rest<{ task?: { escrow_status?: string } }>(
+      "POST",
+      `/api/tasks/${taskId}/authorize`,
+      { body: { signedPayment, fee_tx_hash: feeTx } },
+    );
+    const escrow = authed.task?.escrow_status ?? "held";
+    console.error(
+      `\n✓ Launched. task ${taskId} — escrow_status: ${escrow}. ` +
+        "Humans can now claim + submit FCFS; review each submission to capture a unit.",
+    );
+    process.exit(0);
+  } catch (e) {
+    fail(describe(e));
+  }
+}
+
+// ── tasks ─────────────────────────────────────────────────────────────────
+// List the agent's own posted tasks (GET /api/tasks?mine=posted — works with the
+// agent key). Short: id, title, token, qty, filled/remaining, status.
+export async function runTasks(): Promise<void> {
+  if (!hasKey()) fail(NO_KEY);
+  const c = client();
+  try {
+    const { tasks } = await c.rest<{ tasks: Array<Record<string, unknown>> }>("GET", "/api/tasks", {
+      query: { mine: "posted", limit: 50 },
+    });
+    if (!tasks || tasks.length === 0) {
+      console.error("No posted tasks yet. Post one:  npx -y cyberdyne-mcp post --title \"…\" --reward 1");
+      process.exit(0);
+    }
+    const lines = [`Your posted tasks (${tasks.length}):`];
+    for (const t of tasks) {
+      const qty = Number(t.quantity ?? 1) || 1;
+      const filled = Number(t.filled_count ?? t.captured_count ?? 0) || 0;
+      const remaining = Math.max(qty - filled, 0);
+      const token = String(t.pay_token ?? "USDC");
+      const status = String(t.escrow_status ? `${t.status}/${t.escrow_status}` : t.status ?? "—");
+      const id = String(t.id ?? "—");
+      const title = String(t.title ?? "").slice(0, 40);
+      lines.push(
+        `  ${id}  ${title.padEnd(40)}  ${token.padEnd(7)}  qty ${qty}  filled ${filled}/${qty} (rem ${remaining})  ${status}`,
+      );
+    }
+    console.error(lines.join("\n"));
+    process.exit(0);
+  } catch (e) {
+    fail(describe(e));
+  }
+}

package/src/server.ts

@@ -12,6 +12,7 @@
  *   fund_treasury    — POST /api/treasury/fund            → demo top-up (testnet only)
  *   get_deposit_address — GET  /api/treasury/deposit      → where to send real USDC (live)
  *   deposit          — POST /api/treasury/deposit         → credit treasury from a real USDC tx
+ *   withdraw_treasury — POST /api/treasury/withdraw        → pull unspent treasury back to your wallet (live)
  *   post_task        — POST /api/tasks                    → open a task
  *   assign_task      — POST /api/tasks/[id]/assign        → pick a human (→ authIntent)
  *   authorize_task   — POST /api/tasks/[id]/authorize     → open the escrow hold
@@ -121,6 +122,24 @@ if (process.argv[2] === "login") {
   process.exit(0);
 }
 
+// Bankr-style convenience CLI subcommands (additional entry points, not MCP tools).
+// Each runs autonomously with the saved key/wallet, prints a summary, and exits.
+//   treasury (alias balance, fees) — balance + deposit address  (like `bankr fees`)
+//   post                           — open a task; pool rail auto sign+pay+authorize (like `bankr launch`)
+//   tasks                          — list your own posted tasks with status
+if (["treasury", "balance", "fees"].includes(process.argv[2] ?? "")) {
+  const { runTreasury } = await import("./cli.js");
+  await runTreasury();
+}
+if (process.argv[2] === "post") {
+  const { runPost } = await import("./cli.js");
+  await runPost(process.argv.slice(3));
+}
+if (process.argv[2] === "tasks") {
+  const { runTasks } = await import("./cli.js");
+  await runTasks();
+}
+
 const config = readConfig();
 const client = new CyberdyneClient(config);
 
@@ -147,7 +166,7 @@ async function guard<T>(fn: () => Promise<T>) {
 
 // ---- Server ---------------------------------------------------------------
 
-const server = new McpServer({ name: "cyberdyne", version: "0.6.0" });
+const server = new McpServer({ name: "cyberdyne", version: "0.6.2" });
 
 server.tool(
   "list_categories",
@@ -230,6 +249,14 @@ server.tool(
     guard(() => client.rest("POST", "/api/treasury/deposit", { body: { tx_hash } })),
 );
 
+server.tool(
+  "withdraw_treasury",
+  "Recover UNSPENT treasury to your wallet (live rail): pull USDC out of your treasury back to your own VERIFIED deposit wallet on Base — no browser. Available balance is your treasury balance net of any open escrow holds. Funds can ONLY go to your verified wallet (no destination param), so a leaked key can't redirect them. Returns { ok, tx_hash, amount_usd, to }. 400 insufficient_treasury if the balance can't cover it; 403 withdraws_disabled on the demo rail.",
+  { amount_usd: z.number().positive().describe("USD to withdraw from your treasury to your verified wallet.") },
+  async ({ amount_usd }) =>
+    guard(() => client.rest("POST", "/api/treasury/withdraw", { body: { amount_usd } })),
+);
+
 server.tool(
   "post_task",
   "Open a task on the marketplace. Funds are NOT charged at post — the escrow hold opens later at authorize_task. `reward_usd` is the total budget; with quantity>1 each unit holds reward_usd/quantity (each unit must be >= $0.01). Returns the created task (with its id). DIRECT-HIRE / custodial rail (the path live today): the platform checks the prefunded treasury can cover the budget (402 insufficient_treasury otherwise); response is { task }. POOL/FCFS rail (only when the server enables it): response also includes `authIntent` (the budget authorization to sign) and `deployFee` { usd, bps, recipient, token } (a SEPARATE non-refundable fee tx) — pass both to authorize_task.",
@@ -433,5 +460,6 @@ await server.connect(transport);
 console.error(
   `CYBERDYNE MCP server running on stdio → ${config.apiUrl}` +
     (config.token ? "" : " (no key — run `npx cyberdyne-mcp onboard` to self-generate a wallet + key, or `login cyb_…`, or set CYBERDYNE_IDENTITY_TOKEN; networked tools error until then)") +
-    ". Tools (14): onboard, list_categories, search_humans, get_treasury, fund_treasury, get_deposit_address, deposit, post_task, assign_task, authorize_task, get_task, release_payment, review_submission, close_task.",
+    ". Tools (15): onboard, list_categories, search_humans, get_treasury, fund_treasury, get_deposit_address, deposit, withdraw_treasury, post_task, assign_task, authorize_task, get_task, release_payment, review_submission, close_task." +
+    " CLI: onboard, login, treasury (alias balance/fees), post, tasks.",
 );