npm - cyberdyne-mcp - Versions diffs - 0.6.1 → 0.6.3 - Mend

cyberdyne-mcp 0.6.1 → 0.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -39,6 +39,34 @@ fund (`get_deposit_address` → send USDC on Base → `deposit`) and `post_task`
 > agent-side action — onboard, fund, post, assign, authorize, review, close — is
 > headless.
+## CLI
+Beyond `onboard`/`login`, the package ships Bankr-style convenience subcommands —
+each runs once, prints a summary, and exits (no MCP needed). They use the wallet +
+`cyb_` key saved by `onboard`.
+```bash
+npx -y cyberdyne-mcp onboard                       # generate a wallet + mint your cyb_ key (run this first)
+npx -y cyberdyne-mcp treasury                       # balance + where to send USDC   (alias: balance, fees)
+npx -y cyberdyne-mcp post --title "Like our launch tweet" --token BNKR --reward 100 --quantity 1
+npx -y cyberdyne-mcp tasks                          # list your posted tasks + status
+```
+| Command | Usage | What it does |
+|---|---|---|
+| `treasury` | `cyberdyne-mcp treasury` (alias `balance`, `fees`) | Like `bankr fees`. Prints balance, total funded, total spent, **and** the deposit address to send USDC to. |
+| `post` | `cyberdyne-mcp post --title <t> --reward <n> [--token USDC\|BNKR\|GITLAWB] [--quantity <n>] [--category <c>] [--action follow\|retweet\|reply\|quote\|original-post] [--url <x.com/…>] [--rail pool\|custodial]` | Like `bankr launch`. Opens a task. On the **pool** rail (default for BNKR/GITLAWB or `--quantity>1`) it autonomously signs the budget, pays the deploy fee from your wallet, and authorizes — printing each stage and the final task id + `escrow_status`. On the custodial rail it just prints the posted task. |
+| `tasks` | `cyberdyne-mcp tasks` | Lists your own posted tasks: id, title, token, quantity, filled/remaining, status. |
+Flags accept both `--flag value` and `--flag=value`. `--title` and `--reward` (per
+unit, in the pay token) are required for `post`; everything else has a default
+(`--token USDC`, `--quantity 1`, `--category social`). The pool rail needs the saved
+signing wallet — if none is present, `post` tells you to run `onboard` first.
+> The human **submit-proof** step still happens in the app (human-only). After a
+> pool launch, humans claim + submit FCFS; review each submission (via the
+> `review_submission` MCP tool) to capture a unit.
 ## Configuration (environment)
 stdio MCP servers take their credentials from the environment. Set:

package/dist/cli.js ADDED Viewed

@@ -0,0 +1,226 @@
+/**
+ * Bankr-style convenience CLI for CYBERDYNE — `treasury` / `post` / `tasks`.
+ *
+ * These are ADDITIONAL command-line entry points (not MCP tools). They run, print
+ * a human-readable summary to stderr, and exit — exactly like `onboard`/`login`.
+ * They mirror the Bankr CLI UX (`bankr fees`, `bankr launch`): a single command
+ * that does the full thing autonomously using the saved `cyb_` key + wallet.
+ *
+ *   treasury (alias balance, fees) — your balance + where to send USDC (bankr fees)
+ *   post                           — open a task; on the pool rail, sign + pay +
+ *                                    authorize in one shot (bankr launch)
+ *   tasks                          — list your own posted tasks with status
+ *
+ * Networking reuses CyberdyneClient (the saved Bearer key); pool signing/fee
+ * payment reuses src/evm-signer.ts — no signing logic is reinvented here.
+ */
+import { CyberdyneClient, readConfig, ApiError, MissingTokenError } from "./client.js";
+// ── tiny argv parser ───────────────────────────────────────────────────────
+// Supports `--flag value` and `--flag=value`. Bare `--flag` (no value) ⇒ "true".
+export function parseFlags(argv) {
+    const out = {};
+    for (let i = 0; i < argv.length; i++) {
+        const tok = argv[i];
+        if (!tok.startsWith("--"))
+            continue;
+        const body = tok.slice(2);
+        const eq = body.indexOf("=");
+        if (eq >= 0) {
+            out[body.slice(0, eq)] = body.slice(eq + 1);
+            continue;
+        }
+        const next = argv[i + 1];
+        if (next !== undefined && !next.startsWith("--")) {
+            out[body] = next;
+            i++;
+        }
+        else {
+            out[body] = "true";
+        }
+    }
+    return out;
+}
+function client() {
+    return new CyberdyneClient(readConfig());
+}
+function hasKey() {
+    return !!readConfig().token;
+}
+const NO_KEY = "No CYBERDYNE key saved. Run:  npx -y cyberdyne-mcp onboard";
+/** Format a USD-ish numeric value (handles string/number/null) to 2dp. */
+function usd(v) {
+    const n = typeof v === "number" ? v : Number(v);
+    return Number.isFinite(n) ? `$${n.toFixed(2)}` : "—";
+}
+function fail(msg) {
+    console.error(`✗ ${msg}`);
+    process.exit(1);
+}
+/** Map a thrown client error to a clean one-line message. */
+function describe(e) {
+    if (e instanceof MissingTokenError)
+        return NO_KEY;
+    if (e instanceof ApiError)
+        return e.message;
+    return e instanceof Error ? e.message : String(e);
+}
+// ── treasury (alias: balance, fees) ─────────────────────────────────────────
+// `bankr fees` equivalent: your balance + the deposit address to fund it.
+export async function runTreasury() {
+    if (!hasKey())
+        fail(NO_KEY);
+    const c = client();
+    try {
+        const { treasury } = await c.rest("GET", "/api/treasury");
+        // The deposit address only resolves on the live rail; treat a 403/503 as
+        // "not available yet" rather than failing the whole command.
+        let deposit = null;
+        try {
+            deposit = await c.rest("GET", "/api/treasury/deposit");
+        }
+        catch {
+            deposit = null;
+        }
+        const lines = ["CYBERDYNE treasury"];
+        if (!treasury) {
+            lines.push("  balance        : — (no treasury yet — fund it to create one)");
+        }
+        else {
+            lines.push(`  balance        : ${usd(treasury.balance_usd)}`);
+            lines.push(`  total funded   : ${usd(treasury.total_funded ?? treasury.total_funded_usd)}`);
+            lines.push(`  total spent    : ${usd(treasury.total_spent ?? treasury.total_spent_usd)}`);
+        }
+        if (deposit?.deposit_address) {
+            lines.push("");
+            lines.push(`  deposit USDC to: ${deposit.deposit_address}`);
+            lines.push(`  chain          : Base (chain id ${deposit.chain_id ?? 8453})`);
+            lines.push("  → send USDC from your verified wallet, then credit it with the `deposit` MCP tool.");
+        }
+        else {
+            lines.push("");
+            lines.push("  deposit address: not available (live deposits not enabled on this rail yet).");
+        }
+        console.error(lines.join("\n"));
+        process.exit(0);
+    }
+    catch (e) {
+        fail(describe(e));
+    }
+}
+// ── post (bankr launch) ──────────────────────────────────────────────────────
+// Open a task. Per-unit `--reward` × `--quantity` = the budget. On the pool rail
+// (BNKR/GITLAWB or quantity>1) the response carries authIntent + deployFee: sign
+// the budget + pay the fee + authorize, all from the saved wallet, autonomously.
+const PAY_TOKENS = new Set(["USDC", "BNKR", "GITLAWB"]);
+export async function runPost(argv) {
+    if (!hasKey())
+        fail(NO_KEY);
+    const f = parseFlags(argv);
+    const title = f.title?.trim();
+    if (!title)
+        fail("--title is required");
+    const rewardPerUnit = Number(f.reward);
+    if (!Number.isFinite(rewardPerUnit) || rewardPerUnit <= 0)
+        fail("--reward <n> is required (per-unit, in the pay token)");
+    const token = (f.token ?? "USDC").toUpperCase();
+    if (!PAY_TOKENS.has(token))
+        fail(`--token must be one of USDC, BNKR, GITLAWB (got ${token})`);
+    const quantity = f.quantity != null ? Math.trunc(Number(f.quantity)) : 1;
+    if (!Number.isFinite(quantity) || quantity < 1)
+        fail("--quantity must be a positive integer");
+    const category = (f.category ?? "social").trim();
+    const action = f.action?.trim();
+    const url = f.url?.trim();
+    // Rail: default pool when token is a real ecosystem token (BNKR/GITLAWB) or it's
+    // a multi-unit bounty; else custodial single-hold. `--rail` overrides.
+    const railFlag = f.rail?.trim().toLowerCase();
+    const rail = railFlag === "pool" || railFlag === "custodial"
+        ? railFlag
+        : token === "BNKR" || token === "GITLAWB" || quantity > 1
+            ? "pool"
+            : "custodial";
+    // reward_usd is the TOTAL budget (= per-unit × quantity). For non-USDC tokens this
+    // figure is the TOKEN amount (the platform settles in-token on the pool rail).
+    const reward_usd = Number((rewardPerUnit * quantity).toFixed(6));
+    const body = {
+        title,
+        category,
+        reward_usd,
+        quantity,
+        pay_token: token,
+        rail,
+    };
+    if (category === "social" && action)
+        body.social_action = action;
+    if (category === "social" && url)
+        body.social_target_url = url;
+    const c = client();
+    try {
+        console.error(`→ posting "${title}"  (${rewardPerUnit} ${token} × ${quantity} = ${reward_usd} ${token}, ${rail} rail)…`);
+        const res = await c.rest("POST", "/api/tasks", { body });
+        const taskId = res.task?.id;
+        console.error(`  ✓ posted — task ${taskId}`);
+        // Custodial rail (no authIntent): nothing else to do; the hold opens later.
+        if (!res.authIntent || !res.deployFee) {
+            console.error(`\n✓ Task ${taskId} is open (custodial rail). Next: assign a human + authorize, then release on a valid proof.`);
+            process.exit(0);
+        }
+        // POOL rail — the autonomous `bankr launch` path. Sign the budget with the saved
+        // wallet, pay the separate deploy fee, then authorize. Reuses evm-signer (the
+        // exact logic the authorize_task MCP tool uses).
+        const { hasEvmKey, signAuthCapture, payDeployFee } = await import("./evm-signer.js");
+        if (!hasEvmKey()) {
+            fail("pool rail needs a signing wallet, but none is saved. Run `npx -y cyberdyne-mcp onboard` " +
+                `(the task ${taskId} is posted but not yet funded).`);
+        }
+        const requirements = res.authIntent.requirements ?? res.authIntent;
+        console.error("→ signing the budget authorization…");
+        const signedPayment = await signAuthCapture(requirements);
+        const fee = res.deployFee;
+        console.error(`→ paying the deploy fee (${usd(fee.usd)} in ${fee.token}) from your wallet…`);
+        const feeTx = await payDeployFee({ amountUsd: fee.usd, recipient: fee.recipient, token: fee.token });
+        console.error(`  ✓ fee paid — ${feeTx}`);
+        console.error("→ freezing the budget (authorize)…");
+        const authed = await c.rest("POST", `/api/tasks/${taskId}/authorize`, { body: { signedPayment, fee_tx_hash: feeTx } });
+        const escrow = authed.task?.escrow_status ?? "held";
+        console.error(`\n✓ Launched. task ${taskId} — escrow_status: ${escrow}. ` +
+            "Humans can now claim + submit FCFS; review each submission to capture a unit.");
+        process.exit(0);
+    }
+    catch (e) {
+        fail(describe(e));
+    }
+}
+// ── tasks ─────────────────────────────────────────────────────────────────
+// List the agent's own posted tasks (GET /api/tasks?mine=posted — works with the
+// agent key). Short: id, title, token, qty, filled/remaining, status.
+export async function runTasks() {
+    if (!hasKey())
+        fail(NO_KEY);
+    const c = client();
+    try {
+        const { tasks } = await c.rest("GET", "/api/tasks", {
+            query: { mine: "posted", limit: 50 },
+        });
+        if (!tasks || tasks.length === 0) {
+            console.error("No posted tasks yet. Post one:  npx -y cyberdyne-mcp post --title \"…\" --reward 1");
+            process.exit(0);
+        }
+        const lines = [`Your posted tasks (${tasks.length}):`];
+        for (const t of tasks) {
+            const qty = Number(t.quantity ?? 1) || 1;
+            const filled = Number(t.filled_count ?? t.captured_count ?? 0) || 0;
+            const remaining = Math.max(qty - filled, 0);
+            const token = String(t.pay_token ?? "USDC");
+            const status = String(t.escrow_status ? `${t.status}/${t.escrow_status}` : t.status ?? "—");
+            const id = String(t.id ?? "—");
+            const title = String(t.title ?? "").slice(0, 40);
+            lines.push(`  ${id}  ${title.padEnd(40)}  ${token.padEnd(7)}  qty ${qty}  filled ${filled}/${qty} (rem ${remaining})  ${status}`);
+        }
+        console.error(lines.join("\n"));
+        process.exit(0);
+    }
+    catch (e) {
+        fail(describe(e));
+    }
+}

package/dist/server.js CHANGED Viewed

@@ -13,13 +13,13 @@
  *   get_deposit_address — GET  /api/treasury/deposit      → where to send real USDC (live)
  *   deposit          — POST /api/treasury/deposit         → credit treasury from a real USDC tx
  *   withdraw_treasury — POST /api/treasury/withdraw        → pull unspent treasury back to your wallet (live)
- *   post_task        — POST /api/tasks                    → open a task
- *   assign_task      — POST /api/tasks/[id]/assign        → pick a human (→ authIntent)
- *   authorize_task   — POST /api/tasks/[id]/authorize     → open the escrow hold
+ *   post_task        — POST /api/tasks                    → open an FCFS pool bounty
+ *   authorize_task   — POST /api/tasks/[id]/authorize     → sign budget + pay fee + freeze
  *   get_task         — GET  /api/tasks/[id]               → status + submissions/claims
- *   release_payment  — POST /api/tasks/[id]/release       → direct-hire: capture (pay) or reject
- *   review_submission — POST /api/submissions/[id]/review → pool/FCFS: approve/reject one submission
- *   close_task       — POST /api/tasks/[id]/close         → close a (multi-unit) bounty
+ *   review_submission — POST /api/submissions/[id]/review → approve (pay one unit) / reject (reopen)
+ *   close_task       — POST /api/tasks/[id]/close         → refund the unfilled budget
+ *   assign_task      — POST /api/tasks/[id]/assign        → DEPRECATED (testnet-only; no direct hire)
+ *   release_payment  — POST /api/tasks/[id]/release       → DEPRECATED (testnet-only; use review_submission)
  *
  * Auth: every networked tool sends the agent's `cyb_…` key. The REST routes take
  * it as `Authorization: Bearer …`; search_humans goes through the a2a JSON-RPC
@@ -27,26 +27,24 @@
  * `identity_token`.
  *
  * The HUMAN submit-proof step happens in the app/UI (human-only — agents cannot
- * submit on a human's behalf). There are TWO settlement flows:
+ * submit on a human's behalf). There is ONE settlement model for real tokens:
  *
- *   FLOW A — DIRECT HIRE (the path that works TODAY on the live custodial USDC
- *   rail: real deposit → escrow → withdraw on Base mainnet). You pick one human:
- *     get_deposit_address → send USDC → deposit  (fund the treasury)
- *       → post_task → search_humans → assign_task (→ authIntent)
- *       → authorize_task (open the escrow hold)
- *       → poll get_task until a submission is pending
- *       → release_payment (approve → capture/pay; else reject → refund)
+ *   FCFS POOL BOUNTY (non-custodial pool escrow). There is NO direct hire and NO
+ *   agent-picks-human. EVERY task is an open bounty: the agent freezes a budget once,
+ *   ANY eligible human submits first-come-first-served, and the agent approves/rejects
+ *   each submission — approved pays one unit in-token, rejected reopens the slot, and
+ *   any unfilled budget is refunded on close.
+ *     get_deposit_address → send USDC → deposit            (optional, fund treasury)
+ *       → post_task({ ..., quantity }) → returns { task, authIntent, deployFee }
+ *       → authorize_task({ task_id, auth_intent, deploy_fee })  (sign budget + pay fee + freeze)
+ *       → humans submit FCFS → poll get_task
+ *       → review_submission per pending submission (approve → pay one unit;
+ *         reject → the slot reopens)
+ *       → close_task to refund the unfilled budget.
  *
- *   FLOW B — POOL / FCFS BOUNTY (non-custodial pool escrow). Post a multi-unit
- *   bounty, freeze the whole budget once, and let any eligible human claim+submit
- *   first-come-first-served; you approve each unit. This rail is BUILT but GATED
- *   OFF today (server env ESCROW_POOL is not enabled), pending certification — so
- *   real-money non-custodial pool payouts are NOT live yet. When the server
- *   enables it, post_task returns an `authIntent` + a separate `deployFee`:
- *     post_task (quantity>1) → authorize_task (sign the budget + pay the deploy fee)
- *       → humans claim+submit FCFS → poll get_task
- *       → review_submission per pending submission (approve → capture one unit;
- *         reject → the slot reopens) → close_task to refund unfilled units.
+ *   DEPRECATED (testnet-only): assign_task + release_payment were the old direct-hire
+ *   path. There is no direct hire for real tokens — a real-token assign/release returns
+ *   409 direct_hire_retired. The tools remain only for the testnet/non-real demo rail.
  *
  * Config comes from the environment (see src/client.ts):
  *   CYBERDYNE_API_URL         default "https://app.cyberdyne-os.xyz"
@@ -113,6 +111,23 @@ if (process.argv[2] === "login") {
         "Now run:  claude mcp add cyberdyne -- npx -y cyberdyne-mcp");
     process.exit(0);
 }
+// Bankr-style convenience CLI subcommands (additional entry points, not MCP tools).
+// Each runs autonomously with the saved key/wallet, prints a summary, and exits.
+//   treasury (alias balance, fees) — balance + deposit address  (like `bankr fees`)
+//   post                           — open a task; pool rail auto sign+pay+authorize (like `bankr launch`)
+//   tasks                          — list your own posted tasks with status
+if (["treasury", "balance", "fees"].includes(process.argv[2] ?? "")) {
+    const { runTreasury } = await import("./cli.js");
+    await runTreasury();
+}
+if (process.argv[2] === "post") {
+    const { runPost } = await import("./cli.js");
+    await runPost(process.argv.slice(3));
+}
+if (process.argv[2] === "tasks") {
+    const { runTasks } = await import("./cli.js");
+    await runTasks();
+}
 const config = readConfig();
 const client = new CyberdyneClient(config);
 // ---- Result helpers -------------------------------------------------------
@@ -137,7 +152,7 @@ async function guard(fn) {
     }
 }
 // ---- Server ---------------------------------------------------------------
-const server = new McpServer({ name: "cyberdyne", version: "0.6.1" });
+const server = new McpServer({ name: "cyberdyne", version: "0.6.3" });
 server.tool("list_categories", "List the kinds of real-world work CYBERDYNE humans can do. Static (no network). Use this to learn the valid `category` values before posting a task.", {}, async () => json(Object.entries(CATEGORIES).map(([id, blurb]) => ({ id, blurb }))));
 server.tool("onboard", "BOOTSTRAP (works WITHOUT an existing key — the one tool that self-onboards). Zero-browser: generates a fresh wallet if you don't have one, signs in to CYBERDYNE with it (SIWE), mints your `cyb_` agent API key, and saves both to ~/.cyberdyne/config.json (0600) so every other tool here authenticates automatically. No web dashboard, no env vars. Returns your wallet address, the cyb_ key (shown once), and the next steps (fund via get_deposit_address+deposit → post_task → assign → authorize → release). The same generated wallet auto-signs pool budgets. Idempotent-ish: re-running with a saved wallet reuses it and mints a fresh key.", {}, async () => guard(async () => {
     const r = await onboard();
@@ -172,7 +187,7 @@ server.tool("deposit", "Credit your treasury from a REAL on-chain USDC deposit (
         .describe("The Base tx hash of your USDC transfer to the deposit address."),
 }, async ({ tx_hash }) => guard(() => client.rest("POST", "/api/treasury/deposit", { body: { tx_hash } })));
 server.tool("withdraw_treasury", "Recover UNSPENT treasury to your wallet (live rail): pull USDC out of your treasury back to your own VERIFIED deposit wallet on Base — no browser. Available balance is your treasury balance net of any open escrow holds. Funds can ONLY go to your verified wallet (no destination param), so a leaked key can't redirect them. Returns { ok, tx_hash, amount_usd, to }. 400 insufficient_treasury if the balance can't cover it; 403 withdraws_disabled on the demo rail.", { amount_usd: z.number().positive().describe("USD to withdraw from your treasury to your verified wallet.") }, async ({ amount_usd }) => guard(() => client.rest("POST", "/api/treasury/withdraw", { body: { amount_usd } })));
-server.tool("post_task", "Open a task on the marketplace. Funds are NOT charged at post — the escrow hold opens later at authorize_task. `reward_usd` is the total budget; with quantity>1 each unit holds reward_usd/quantity (each unit must be >= $0.01). Returns the created task (with its id). DIRECT-HIRE / custodial rail (the path live today): the platform checks the prefunded treasury can cover the budget (402 insufficient_treasury otherwise); response is { task }. POOL/FCFS rail (only when the server enables it): response also includes `authIntent` (the budget authorization to sign) and `deployFee` { usd, bps, recipient, token } (a SEPARATE non-refundable fee tx) — pass both to authorize_task.", {
+server.tool("post_task", "Open an FCFS pool bounty on the marketplace. There is NO direct hire and NO agent-picks-human — every task is an open bounty: you freeze a budget, ANY eligible human submits first-come-first-served, and you approve/reject each submission. Funds are NOT charged at post — the budget is frozen later at authorize_task. `reward_usd` is the total budget; `quantity` is how many identical units (humans) it pays — each unit holds reward_usd/quantity (each unit must be >= $0.01). Returns the created task (with its id). REAL-TOKEN POOL rail (USDC/BNKR on Base): the response also includes `authIntent` (the budget authorization to sign) and `deployFee` { usd, bps, recipient, token } (a SEPARATE non-refundable fee tx) — pass BOTH to authorize_task. TESTNET/non-real token (CYOS): no on-chain freeze; response is just { task } (treasury-checked, 402 insufficient_treasury if low).", {
     title: z.string().min(2).max(160).describe("Short task title."),
     category: z.enum(TASK_CATEGORIES),
     description: z.string().max(4000).optional().describe("What you need the human to do."),
@@ -184,11 +199,11 @@ server.tool("post_task", "Open a task on the marketplace. Funds are NOT charged
     pay_token: z.enum(["USDC", "BNKR", "CYOS"]).optional().describe("Settlement token (default USDC)."),
     deadline_hours: z.number().int().positive().optional(),
 }, async (args) => guard(() => client.rest("POST", "/api/tasks", { body: args })));
-server.tool("assign_task", "Assign an open task to a chosen human (poster-only) and open the escrow intent. Returns `{ task, authIntent }`: on an on-chain rail `authIntent` is the auth-capture requirements the agent must sign; on the manual rail it is null. Next call authorize_task to actually open the hold.", {
+server.tool("assign_task", "DEPRECATED — TESTNET/DEMO ONLY. There is NO direct hire: every real-token task is an open FCFS pool bounty, so a real-token assign returns 409 direct_hire_retired ('post with a budget; humans submit FCFS; review each submission'). Do NOT use this to hire — post_task + authorize_task + review_submission is the flow. This tool remains only for the testnet/non-real (CYOS) demo rail, where it assigns an open task to a chosen human and returns `{ task, authIntent: null }`.", {
     task_id: z.string().uuid(),
     human_id: z.string().uuid().describe("The human profile id (from search_humans / get_task claims)."),
 }, async ({ task_id, human_id }) => guard(() => client.rest("POST", `/api/tasks/${task_id}/assign`, { body: { human_id } })));
-server.tool("authorize_task", "Open the escrow hold for a task. CUSTODIAL/MANUAL rail (the path live today): call with just { task_id } — the prefunded treasury is debited into a logical escrow hold, no signature needed. TRUSTLESS on-chain DIRECT-HIRE rail: the agent signs an auth-capture authorization — if CYBERDYNE_EVM_PRIVATE_KEY is set pass `auth_intent` (the authIntent from assign_task) and the MCP signs automatically, else pass a pre-signed `signed_payment`. POOL/FCFS rail (only when the server enables it): pass BOTH `auth_intent` (from post_task) AND `deploy_fee` (the deployFee object from post_task) — the MCP signs the budget and pays the separate 2.5% USDC / 5% other-token fee tx from its wallet, then submits both; or pass a pre-signed `signed_payment` and a pre-paid `fee_tx_hash`. Idempotent once held.", {
+server.tool("authorize_task", "Freeze the bounty budget on-chain (the second step of the FCFS flow). REAL-TOKEN POOL rail: pass BOTH `auth_intent` (the authIntent from post_task) AND `deploy_fee` (the deployFee object from post_task) — with CYBERDYNE_EVM_PRIVATE_KEY set, the MCP signs the whole-budget authorization AND pays the separate 2.5% USDC / 5% other-token deploy fee tx from its wallet, then freezes the budget on the audited escrow; or pass a pre-signed `signed_payment` and a pre-paid `fee_tx_hash`. After this, any eligible human submits FCFS and you review_submission each. TESTNET/non-real (CYOS) rail: call with just { task_id } — the prefunded treasury opens a logical hold, no signature. Idempotent once frozen.", {
     task_id: z.string().uuid(),
     signed_payment: z.string().optional().describe("Pre-signed base64 auth-capture payload (external/Bankr signer)."),
     auth_intent: z.unknown().optional().describe("The authIntent from assign_task/post — required for MCP wallet auto-signing."),
@@ -220,8 +235,8 @@ server.tool("authorize_task", "Open the escrow hold for a task. CUSTODIAL/MANUAL
         },
     });
 }));
-server.tool("get_task", "Get the live state of a task: the task row plus the submissions and per-unit claims the agent (as poster) may see. Poll this after authorize_task until a submission with status 'pending' appears — that is the human's proof, ready for release_payment.", { task_id: z.string().uuid() }, async ({ task_id }) => guard(() => client.rest("GET", `/api/tasks/${task_id}`)));
-server.tool("release_payment", "DIRECT-HIRE settle (poster-only): settle a submitted proof for a single-human task (the custodial-rail path live today). approve:true → CAPTURE: pay the human net of the platform fee. approve:false → REJECT/REFUND the held escrow. Requires the `submission_id` to act on; if omitted, the gateway fetches the task and uses the latest pending submission (and errors if none is pending yet — poll get_task first). For POOL/FCFS bounties use review_submission instead (this path captures the whole task hold, not one unit).", {
+server.tool("get_task", "Get the live state of a task: the task row plus the submissions and per-unit claims the agent (as poster) may see. Poll this after authorize_task until a submission with status 'pending' appears — that is the human's proof, ready for review_submission (approve pays one unit; reject reopens the slot).", { task_id: z.string().uuid() }, async ({ task_id }) => guard(() => client.rest("GET", `/api/tasks/${task_id}`)));
+server.tool("release_payment", "DEPRECATED — TESTNET/DEMO ONLY. There is NO direct hire: a real-token task is an FCFS pool bounty whose units settle ONE per approved submission, so a real-token release returns 409 direct_hire_retired — use review_submission instead (approve pays one unit, reject reopens the slot). This tool remains only for the testnet/non-real (CYOS) demo rail, where it settles a submitted proof for a single-human task: approve:true → pay net of fee, approve:false → reject/refund. `submission_id` auto-resolves to the latest pending one if omitted.", {
     task_id: z.string().uuid(),
     approve: z.boolean().describe("true = proof meets criteria → pay; false = reject/refund."),
     submission_id: z
@@ -252,7 +267,7 @@ server.tool("release_payment", "DIRECT-HIRE settle (poster-only): settle a submi
         },
     });
 }));
-server.tool("review_submission", "POOL / FCFS settle (poster-only): approve or reject ONE submission on a pool bounty. approve:true → CAPTURE one unit from the frozen pool budget to the human and consume a slot; approve:false → reject (the slot reopens for the next submitter — no spot-blocking). For single-human direct-hire tasks use release_payment instead. Poll get_task for pending submissions. NOTE: the pool/FCFS rail is gated off on the server until certification — this tool acts on pool tasks once the operator enables that rail.", {
+server.tool("review_submission", "THE settle tool (poster-only): approve or reject ONE submission on your FCFS pool bounty — this is how you pay humans (there is no direct hire). approve:true → CAPTURE one unit from the frozen budget to the human (full reward, in-token) and consume a slot; approve:false → reject (the slot reopens for the next submitter — no spot-blocking). Poll get_task for pending submissions and review each one. When the budget is consumed (or you're done) call close_task to refund the unfilled remainder.", {
     submission_id: z.string().uuid().describe("The pending submission to review (from get_task)."),
     approve: z.boolean().describe("true = proof meets criteria → capture one unit; false = reject (slot reopens)."),
     score: z.number().int().min(1).max(5).optional().describe("Rating of the human's work (1–5)."),
@@ -266,14 +281,14 @@ server.tool("review_submission", "POOL / FCFS settle (poster-only): approve or r
         ...(reject_reason ? { reject_reason } : {}),
     },
 })));
-server.tool("close_task", "Close a (multi-unit) bounty (poster-only): refund every still-held unit to the agent, mark unclaimed units done, and stop further claims. Idempotent on an already-closed task.", { task_id: z.string().uuid() }, async ({ task_id }) => guard(() => client.rest("POST", `/api/tasks/${task_id}/close`)));
+server.tool("close_task", "Close your FCFS pool bounty (poster-only): refund the unfilled budget back to your wallet on-chain (the uncaptured remainder = unfilled units × per-unit reward) and stop further submissions. The deploy fee is non-refundable. Idempotent on an already-closed task.", { task_id: z.string().uuid() }, async ({ task_id }) => guard(() => client.rest("POST", `/api/tasks/${task_id}/close`)));
 // ---- Self-onboarding prompt -----------------------------------------------
 // Surfaces as /mcp__cyberdyne__quickstart — the agent (or user) runs it once to
 // learn the end-to-end campaign flow without reading docs. This is the "skill"
 // shipped inside the MCP: guidance travels with the tools.
 server.registerPrompt("quickstart", {
     title: "CYBERDYNE quickstart",
-    description: "How to fund, post a task, and pay humans end-to-end — both the direct-hire and pool/FCFS flows.",
+    description: "How to fund, post an FCFS pool bounty, and pay verified humans end-to-end.",
 }, () => ({
     messages: [
         {
@@ -281,26 +296,20 @@ server.registerPrompt("quickstart", {
             content: {
                 type: "text",
                 text: [
-                    "You are connected to CYBERDYNE — hire and pay verified humans for tasks AI can't do alone. The live settlement rail is REAL USDC on Base (custodial: deposit -> escrow -> withdraw). The human submit-proof step is human-only, in the app; you drive everything else.",
+                    "You are connected to CYBERDYNE — pay verified humans for tasks AI can't do alone. There is ONE model: every task is an open FCFS pool bounty. There is NO direct hire and NO picking a human — you freeze a budget, ANY eligible human submits first-come-first-served, and you approve/reject each submission (approved = paid one unit in-token, rejected = the slot reopens). The live settlement rail is REAL tokens on Base (non-custodial freeze-at-deploy). The human submit-proof step is human-only, in the app; you drive everything else.",
                     "",
-                    "FUND (real money, custodial rail):",
+                    "FUND (optional — the pool freezes from your wallet at deploy, but a treasury can cover fees):",
                     "1. get_deposit_address -> the platform deposit address on Base.",
-                    "2. Send USDC to it FROM your own verified wallet (the one you signed in with).",
-                    "3. deposit({ tx_hash }) -> credits your treasury by the verified amount (idempotent).",
-                    "   (fund_treasury is demo/testnet only and is disabled on the live rail.)",
-                    "Check get_treasury anytime for your balance.",
+                    "2. Send USDC to it FROM your own verified wallet, then deposit({ tx_hash }) -> credits your treasury (idempotent).",
+                    "   (fund_treasury is demo/testnet only and is disabled on the live rail.) Check get_treasury anytime.",
                     "",
-                    "FLOW A - DIRECT HIRE (works today): pick one human, hold, then pay.",
-                    "4. post_task({ title, category, reward_usd, duration_min, difficulty }). Returns { task }. Use reward_usd >= 0.50 so the 2.5% fee is visible; each unit must be >= $0.01.",
-                    "5. search_humans({ skills, min_reputation }) -> assign_task({ task_id, human_id }) -> authorize_task({ task_id }) to open the escrow hold (custodial rail = no signature; just task_id).",
-                    "6. Poll get_task until a submission is pending (the human's proof).",
-                    "7. release_payment({ task_id, approve: true, score }) -> CAPTURE: net USDC to the human, the 2.5% fee to the protocol wallet. approve:false rejects and refunds the hold.",
+                    "POST + PAY (the single FCFS flow):",
+                    "3. post_task({ title, category, reward_usd, quantity, duration_min, difficulty }) -> returns { task, authIntent, deployFee }. reward_usd is the TOTAL budget; quantity is how many humans it pays (each unit must be >= $0.01). authIntent is the whole-budget authorization; deployFee is a SEPARATE non-refundable fee tx (2.5% USDC / 5% other token).",
+                    "4. authorize_task({ task_id, auth_intent, deploy_fee }) -> with CYBERDYNE_EVM_PRIVATE_KEY set, the MCP signs the budget AND pays the deploy fee, then FREEZES the whole budget on the audited escrow (or pass pre-made signed_payment + fee_tx_hash).",
+                    "5. Any eligible human submits FCFS. Poll get_task; for EACH pending submission call review_submission({ submission_id, approve, score }) -> approve captures one unit (full reward to the human, in-token); reject reopens the slot for the next submitter.",
+                    "6. close_task({ task_id }) -> refunds the unfilled budget back to your wallet (the deploy fee is non-refundable).",
                     "",
-                    "FLOW B - POOL / FCFS BOUNTY: one frozen budget, many humans claim+submit first-come-first-served. NOTE: this non-custodial pool rail is BUILT but GATED OFF on the server today (pending certification) - real-money pool payouts are not live yet. When the operator enables it:",
-                    "8. post_task({ ..., quantity: N }) -> returns { task, authIntent, deployFee }. authIntent is the budget authorization; deployFee is a SEPARATE non-refundable fee tx (2.5% USDC / 5% other token).",
-                    "9. authorize_task({ task_id, auth_intent, deploy_fee }) -> with CYBERDYNE_EVM_PRIVATE_KEY set, the MCP signs the budget AND pays the deploy fee, then freezes the whole budget (or pass pre-made signed_payment + fee_tx_hash).",
-                    "10. Humans claim+submit FCFS. Poll get_task; for each pending submission call review_submission({ submission_id, approve, score }) -> approve captures one unit; reject reopens the slot.",
-                    "11. close_task({ task_id }) -> refund any still-unfilled units (the deploy fee is non-refundable).",
+                    "DEPRECATED: assign_task + release_payment were the old direct-hire path and now return 409 direct_hire_retired for real tokens — use post_task + authorize_task + review_submission instead. They remain only for the testnet/non-real (CYOS) demo rail.",
                     "",
                     "Every payout and fee on the live rail is a real on-chain transaction.",
                 ].join("\n"),
@@ -313,4 +322,5 @@ const transport = new StdioServerTransport();
 await server.connect(transport);
 console.error(`CYBERDYNE MCP server running on stdio → ${config.apiUrl}` +
     (config.token ? "" : " (no key — run `npx cyberdyne-mcp onboard` to self-generate a wallet + key, or `login cyb_…`, or set CYBERDYNE_IDENTITY_TOKEN; networked tools error until then)") +
-    ". Tools (15): onboard, list_categories, search_humans, get_treasury, fund_treasury, get_deposit_address, deposit, withdraw_treasury, post_task, assign_task, authorize_task, get_task, release_payment, review_submission, close_task.");
+    ". Tools (15): onboard, list_categories, search_humans, get_treasury, fund_treasury, get_deposit_address, deposit, withdraw_treasury, post_task, assign_task, authorize_task, get_task, release_payment, review_submission, close_task." +
+    " CLI: onboard, login, treasury (alias balance/fees), post, tasks.");

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "cyberdyne-mcp",
-  "version": "0.6.1",
+  "version": "0.6.3",
   "publishConfig": {
     "access": "public"
   },

package/src/cli.ts ADDED Viewed

@@ -0,0 +1,253 @@
+/**
+ * Bankr-style convenience CLI for CYBERDYNE — `treasury` / `post` / `tasks`.
+ *
+ * These are ADDITIONAL command-line entry points (not MCP tools). They run, print
+ * a human-readable summary to stderr, and exit — exactly like `onboard`/`login`.
+ * They mirror the Bankr CLI UX (`bankr fees`, `bankr launch`): a single command
+ * that does the full thing autonomously using the saved `cyb_` key + wallet.
+ *
+ *   treasury (alias balance, fees) — your balance + where to send USDC (bankr fees)
+ *   post                           — open a task; on the pool rail, sign + pay +
+ *                                    authorize in one shot (bankr launch)
+ *   tasks                          — list your own posted tasks with status
+ *
+ * Networking reuses CyberdyneClient (the saved Bearer key); pool signing/fee
+ * payment reuses src/evm-signer.ts — no signing logic is reinvented here.
+ */
+import { CyberdyneClient, readConfig, ApiError, MissingTokenError } from "./client.js";
+// ── tiny argv parser ───────────────────────────────────────────────────────
+// Supports `--flag value` and `--flag=value`. Bare `--flag` (no value) ⇒ "true".
+export function parseFlags(argv: string[]): Record<string, string> {
+  const out: Record<string, string> = {};
+  for (let i = 0; i < argv.length; i++) {
+    const tok = argv[i];
+    if (!tok.startsWith("--")) continue;
+    const body = tok.slice(2);
+    const eq = body.indexOf("=");
+    if (eq >= 0) {
+      out[body.slice(0, eq)] = body.slice(eq + 1);
+      continue;
+    }
+    const next = argv[i + 1];
+    if (next !== undefined && !next.startsWith("--")) {
+      out[body] = next;
+      i++;
+    } else {
+      out[body] = "true";
+    }
+  }
+  return out;
+}
+function client(): CyberdyneClient {
+  return new CyberdyneClient(readConfig());
+}
+function hasKey(): boolean {
+  return !!readConfig().token;
+}
+const NO_KEY = "No CYBERDYNE key saved. Run:  npx -y cyberdyne-mcp onboard";
+/** Format a USD-ish numeric value (handles string/number/null) to 2dp. */
+function usd(v: unknown): string {
+  const n = typeof v === "number" ? v : Number(v);
+  return Number.isFinite(n) ? `$${n.toFixed(2)}` : "—";
+}
+function fail(msg: string): never {
+  console.error(`✗ ${msg}`);
+  process.exit(1);
+}
+/** Map a thrown client error to a clean one-line message. */
+function describe(e: unknown): string {
+  if (e instanceof MissingTokenError) return NO_KEY;
+  if (e instanceof ApiError) return e.message;
+  return e instanceof Error ? e.message : String(e);
+}
+// ── treasury (alias: balance, fees) ─────────────────────────────────────────
+// `bankr fees` equivalent: your balance + the deposit address to fund it.
+export async function runTreasury(): Promise<void> {
+  if (!hasKey()) fail(NO_KEY);
+  const c = client();
+  try {
+    const { treasury } = await c.rest<{ treasury: Record<string, unknown> | null }>("GET", "/api/treasury");
+    // The deposit address only resolves on the live rail; treat a 403/503 as
+    // "not available yet" rather than failing the whole command.
+    let deposit: { deposit_address?: string; chain_id?: number; usdc_address?: string } | null = null;
+    try {
+      deposit = await c.rest("GET", "/api/treasury/deposit");
+    } catch {
+      deposit = null;
+    }
+    const lines: string[] = ["CYBERDYNE treasury"];
+    if (!treasury) {
+      lines.push("  balance        : — (no treasury yet — fund it to create one)");
+    } else {
+      lines.push(`  balance        : ${usd(treasury.balance_usd)}`);
+      lines.push(`  total funded   : ${usd(treasury.total_funded ?? treasury.total_funded_usd)}`);
+      lines.push(`  total spent    : ${usd(treasury.total_spent ?? treasury.total_spent_usd)}`);
+    }
+    if (deposit?.deposit_address) {
+      lines.push("");
+      lines.push(`  deposit USDC to: ${deposit.deposit_address}`);
+      lines.push(`  chain          : Base (chain id ${deposit.chain_id ?? 8453})`);
+      lines.push("  → send USDC from your verified wallet, then credit it with the `deposit` MCP tool.");
+    } else {
+      lines.push("");
+      lines.push("  deposit address: not available (live deposits not enabled on this rail yet).");
+    }
+    console.error(lines.join("\n"));
+    process.exit(0);
+  } catch (e) {
+    fail(describe(e));
+  }
+}
+// ── post (bankr launch) ──────────────────────────────────────────────────────
+// Open a task. Per-unit `--reward` × `--quantity` = the budget. On the pool rail
+// (BNKR/GITLAWB or quantity>1) the response carries authIntent + deployFee: sign
+// the budget + pay the fee + authorize, all from the saved wallet, autonomously.
+const PAY_TOKENS = new Set(["USDC", "BNKR", "GITLAWB"]);
+export async function runPost(argv: string[]): Promise<void> {
+  if (!hasKey()) fail(NO_KEY);
+  const f = parseFlags(argv);
+  const title = f.title?.trim();
+  if (!title) fail("--title is required");
+  const rewardPerUnit = Number(f.reward);
+  if (!Number.isFinite(rewardPerUnit) || rewardPerUnit <= 0) fail("--reward <n> is required (per-unit, in the pay token)");
+  const token = (f.token ?? "USDC").toUpperCase();
+  if (!PAY_TOKENS.has(token)) fail(`--token must be one of USDC, BNKR, GITLAWB (got ${token})`);
+  const quantity = f.quantity != null ? Math.trunc(Number(f.quantity)) : 1;
+  if (!Number.isFinite(quantity) || quantity < 1) fail("--quantity must be a positive integer");
+  const category = (f.category ?? "social").trim();
+  const action = f.action?.trim();
+  const url = f.url?.trim();
+  // Rail: default pool when token is a real ecosystem token (BNKR/GITLAWB) or it's
+  // a multi-unit bounty; else custodial single-hold. `--rail` overrides.
+  const railFlag = f.rail?.trim().toLowerCase();
+  const rail =
+    railFlag === "pool" || railFlag === "custodial"
+      ? railFlag
+      : token === "BNKR" || token === "GITLAWB" || quantity > 1
+        ? "pool"
+        : "custodial";
+  // reward_usd is the TOTAL budget (= per-unit × quantity). For non-USDC tokens this
+  // figure is the TOKEN amount (the platform settles in-token on the pool rail).
+  const reward_usd = Number((rewardPerUnit * quantity).toFixed(6));
+  const body: Record<string, unknown> = {
+    title,
+    category,
+    reward_usd,
+    quantity,
+    pay_token: token,
+    rail,
+  };
+  if (category === "social" && action) body.social_action = action;
+  if (category === "social" && url) body.social_target_url = url;
+  const c = client();
+  try {
+    console.error(
+      `→ posting "${title}"  (${rewardPerUnit} ${token} × ${quantity} = ${reward_usd} ${token}, ${rail} rail)…`,
+    );
+    const res = await c.rest<{
+      task: { id: string; escrow_status?: string };
+      authIntent?: { requirements?: unknown };
+      deployFee?: { usd: number; recipient: string; token: string };
+    }>("POST", "/api/tasks", { body });
+    const taskId = res.task?.id;
+    console.error(`  ✓ posted — task ${taskId}`);
+    // Custodial rail (no authIntent): nothing else to do; the hold opens later.
+    if (!res.authIntent || !res.deployFee) {
+      console.error(
+        `\n✓ Task ${taskId} is open (custodial rail). Next: assign a human + authorize, then release on a valid proof.`,
+      );
+      process.exit(0);
+    }
+    // POOL rail — the autonomous `bankr launch` path. Sign the budget with the saved
+    // wallet, pay the separate deploy fee, then authorize. Reuses evm-signer (the
+    // exact logic the authorize_task MCP tool uses).
+    const { hasEvmKey, signAuthCapture, payDeployFee } = await import("./evm-signer.js");
+    if (!hasEvmKey()) {
+      fail(
+        "pool rail needs a signing wallet, but none is saved. Run `npx -y cyberdyne-mcp onboard` " +
+          `(the task ${taskId} is posted but not yet funded).`,
+      );
+    }
+    const requirements =
+      (res.authIntent as { requirements?: unknown }).requirements ?? res.authIntent;
+    console.error("→ signing the budget authorization…");
+    const signedPayment = await signAuthCapture(requirements);
+    const fee = res.deployFee;
+    console.error(`→ paying the deploy fee (${usd(fee.usd)} in ${fee.token}) from your wallet…`);
+    const feeTx = await payDeployFee({ amountUsd: fee.usd, recipient: fee.recipient, token: fee.token });
+    console.error(`  ✓ fee paid — ${feeTx}`);
+    console.error("→ freezing the budget (authorize)…");
+    const authed = await c.rest<{ task?: { escrow_status?: string } }>(
+      "POST",
+      `/api/tasks/${taskId}/authorize`,
+      { body: { signedPayment, fee_tx_hash: feeTx } },
+    );
+    const escrow = authed.task?.escrow_status ?? "held";
+    console.error(
+      `\n✓ Launched. task ${taskId} — escrow_status: ${escrow}. ` +
+        "Humans can now claim + submit FCFS; review each submission to capture a unit.",
+    );
+    process.exit(0);
+  } catch (e) {
+    fail(describe(e));
+  }
+}
+// ── tasks ─────────────────────────────────────────────────────────────────
+// List the agent's own posted tasks (GET /api/tasks?mine=posted — works with the
+// agent key). Short: id, title, token, qty, filled/remaining, status.
+export async function runTasks(): Promise<void> {
+  if (!hasKey()) fail(NO_KEY);
+  const c = client();
+  try {
+    const { tasks } = await c.rest<{ tasks: Array<Record<string, unknown>> }>("GET", "/api/tasks", {
+      query: { mine: "posted", limit: 50 },
+    });
+    if (!tasks || tasks.length === 0) {
+      console.error("No posted tasks yet. Post one:  npx -y cyberdyne-mcp post --title \"…\" --reward 1");
+      process.exit(0);
+    }
+    const lines = [`Your posted tasks (${tasks.length}):`];
+    for (const t of tasks) {
+      const qty = Number(t.quantity ?? 1) || 1;
+      const filled = Number(t.filled_count ?? t.captured_count ?? 0) || 0;
+      const remaining = Math.max(qty - filled, 0);
+      const token = String(t.pay_token ?? "USDC");
+      const status = String(t.escrow_status ? `${t.status}/${t.escrow_status}` : t.status ?? "—");
+      const id = String(t.id ?? "—");
+      const title = String(t.title ?? "").slice(0, 40);
+      lines.push(
+        `  ${id}  ${title.padEnd(40)}  ${token.padEnd(7)}  qty ${qty}  filled ${filled}/${qty} (rem ${remaining})  ${status}`,
+      );
+    }
+    console.error(lines.join("\n"));
+    process.exit(0);
+  } catch (e) {
+    fail(describe(e));
+  }
+}

package/src/server.ts CHANGED Viewed

@@ -13,13 +13,13 @@
  *   get_deposit_address — GET  /api/treasury/deposit      → where to send real USDC (live)
  *   deposit          — POST /api/treasury/deposit         → credit treasury from a real USDC tx
  *   withdraw_treasury — POST /api/treasury/withdraw        → pull unspent treasury back to your wallet (live)
- *   post_task        — POST /api/tasks                    → open a task
- *   assign_task      — POST /api/tasks/[id]/assign        → pick a human (→ authIntent)
- *   authorize_task   — POST /api/tasks/[id]/authorize     → open the escrow hold
+ *   post_task        — POST /api/tasks                    → open an FCFS pool bounty
+ *   authorize_task   — POST /api/tasks/[id]/authorize     → sign budget + pay fee + freeze
  *   get_task         — GET  /api/tasks/[id]               → status + submissions/claims
- *   release_payment  — POST /api/tasks/[id]/release       → direct-hire: capture (pay) or reject
- *   review_submission — POST /api/submissions/[id]/review → pool/FCFS: approve/reject one submission
- *   close_task       — POST /api/tasks/[id]/close         → close a (multi-unit) bounty
+ *   review_submission — POST /api/submissions/[id]/review → approve (pay one unit) / reject (reopen)
+ *   close_task       — POST /api/tasks/[id]/close         → refund the unfilled budget
+ *   assign_task      — POST /api/tasks/[id]/assign        → DEPRECATED (testnet-only; no direct hire)
+ *   release_payment  — POST /api/tasks/[id]/release       → DEPRECATED (testnet-only; use review_submission)
  *
  * Auth: every networked tool sends the agent's `cyb_…` key. The REST routes take
  * it as `Authorization: Bearer …`; search_humans goes through the a2a JSON-RPC
@@ -27,26 +27,24 @@
  * `identity_token`.
  *
  * The HUMAN submit-proof step happens in the app/UI (human-only — agents cannot
- * submit on a human's behalf). There are TWO settlement flows:
+ * submit on a human's behalf). There is ONE settlement model for real tokens:
  *
- *   FLOW A — DIRECT HIRE (the path that works TODAY on the live custodial USDC
- *   rail: real deposit → escrow → withdraw on Base mainnet). You pick one human:
- *     get_deposit_address → send USDC → deposit  (fund the treasury)
- *       → post_task → search_humans → assign_task (→ authIntent)
- *       → authorize_task (open the escrow hold)
- *       → poll get_task until a submission is pending
- *       → release_payment (approve → capture/pay; else reject → refund)
+ *   FCFS POOL BOUNTY (non-custodial pool escrow). There is NO direct hire and NO
+ *   agent-picks-human. EVERY task is an open bounty: the agent freezes a budget once,
+ *   ANY eligible human submits first-come-first-served, and the agent approves/rejects
+ *   each submission — approved pays one unit in-token, rejected reopens the slot, and
+ *   any unfilled budget is refunded on close.
+ *     get_deposit_address → send USDC → deposit            (optional, fund treasury)
+ *       → post_task({ ..., quantity }) → returns { task, authIntent, deployFee }
+ *       → authorize_task({ task_id, auth_intent, deploy_fee })  (sign budget + pay fee + freeze)
+ *       → humans submit FCFS → poll get_task
+ *       → review_submission per pending submission (approve → pay one unit;
+ *         reject → the slot reopens)
+ *       → close_task to refund the unfilled budget.
  *
- *   FLOW B — POOL / FCFS BOUNTY (non-custodial pool escrow). Post a multi-unit
- *   bounty, freeze the whole budget once, and let any eligible human claim+submit
- *   first-come-first-served; you approve each unit. This rail is BUILT but GATED
- *   OFF today (server env ESCROW_POOL is not enabled), pending certification — so
- *   real-money non-custodial pool payouts are NOT live yet. When the server
- *   enables it, post_task returns an `authIntent` + a separate `deployFee`:
- *     post_task (quantity>1) → authorize_task (sign the budget + pay the deploy fee)
- *       → humans claim+submit FCFS → poll get_task
- *       → review_submission per pending submission (approve → capture one unit;
- *         reject → the slot reopens) → close_task to refund unfilled units.
+ *   DEPRECATED (testnet-only): assign_task + release_payment were the old direct-hire
+ *   path. There is no direct hire for real tokens — a real-token assign/release returns
+ *   409 direct_hire_retired. The tools remain only for the testnet/non-real demo rail.
  *
  * Config comes from the environment (see src/client.ts):
  *   CYBERDYNE_API_URL         default "https://app.cyberdyne-os.xyz"
@@ -122,6 +120,24 @@ if (process.argv[2] === "login") {
   process.exit(0);
 }
+// Bankr-style convenience CLI subcommands (additional entry points, not MCP tools).
+// Each runs autonomously with the saved key/wallet, prints a summary, and exits.
+//   treasury (alias balance, fees) — balance + deposit address  (like `bankr fees`)
+//   post                           — open a task; pool rail auto sign+pay+authorize (like `bankr launch`)
+//   tasks                          — list your own posted tasks with status
+if (["treasury", "balance", "fees"].includes(process.argv[2] ?? "")) {
+  const { runTreasury } = await import("./cli.js");
+  await runTreasury();
+}
+if (process.argv[2] === "post") {
+  const { runPost } = await import("./cli.js");
+  await runPost(process.argv.slice(3));
+}
+if (process.argv[2] === "tasks") {
+  const { runTasks } = await import("./cli.js");
+  await runTasks();
+}
 const config = readConfig();
 const client = new CyberdyneClient(config);
@@ -148,7 +164,7 @@ async function guard<T>(fn: () => Promise<T>) {
 // ---- Server ---------------------------------------------------------------
-const server = new McpServer({ name: "cyberdyne", version: "0.6.1" });
+const server = new McpServer({ name: "cyberdyne", version: "0.6.3" });
 server.tool(
   "list_categories",
@@ -241,7 +257,7 @@ server.tool(
 server.tool(
   "post_task",
-  "Open a task on the marketplace. Funds are NOT charged at post — the escrow hold opens later at authorize_task. `reward_usd` is the total budget; with quantity>1 each unit holds reward_usd/quantity (each unit must be >= $0.01). Returns the created task (with its id). DIRECT-HIRE / custodial rail (the path live today): the platform checks the prefunded treasury can cover the budget (402 insufficient_treasury otherwise); response is { task }. POOL/FCFS rail (only when the server enables it): response also includes `authIntent` (the budget authorization to sign) and `deployFee` { usd, bps, recipient, token } (a SEPARATE non-refundable fee tx) — pass both to authorize_task.",
+  "Open an FCFS pool bounty on the marketplace. There is NO direct hire and NO agent-picks-human — every task is an open bounty: you freeze a budget, ANY eligible human submits first-come-first-served, and you approve/reject each submission. Funds are NOT charged at post — the budget is frozen later at authorize_task. `reward_usd` is the total budget; `quantity` is how many identical units (humans) it pays — each unit holds reward_usd/quantity (each unit must be >= $0.01). Returns the created task (with its id). REAL-TOKEN POOL rail (USDC/BNKR on Base): the response also includes `authIntent` (the budget authorization to sign) and `deployFee` { usd, bps, recipient, token } (a SEPARATE non-refundable fee tx) — pass BOTH to authorize_task. TESTNET/non-real token (CYOS): no on-chain freeze; response is just { task } (treasury-checked, 402 insufficient_treasury if low).",
   {
     title: z.string().min(2).max(160).describe("Short task title."),
     category: z.enum(TASK_CATEGORIES),
@@ -259,7 +275,7 @@ server.tool(
 server.tool(
   "assign_task",
-  "Assign an open task to a chosen human (poster-only) and open the escrow intent. Returns `{ task, authIntent }`: on an on-chain rail `authIntent` is the auth-capture requirements the agent must sign; on the manual rail it is null. Next call authorize_task to actually open the hold.",
+  "DEPRECATED — TESTNET/DEMO ONLY. There is NO direct hire: every real-token task is an open FCFS pool bounty, so a real-token assign returns 409 direct_hire_retired ('post with a budget; humans submit FCFS; review each submission'). Do NOT use this to hire — post_task + authorize_task + review_submission is the flow. This tool remains only for the testnet/non-real (CYOS) demo rail, where it assigns an open task to a chosen human and returns `{ task, authIntent: null }`.",
   {
     task_id: z.string().uuid(),
     human_id: z.string().uuid().describe("The human profile id (from search_humans / get_task claims)."),
@@ -270,7 +286,7 @@ server.tool(
 server.tool(
   "authorize_task",
-  "Open the escrow hold for a task. CUSTODIAL/MANUAL rail (the path live today): call with just { task_id } — the prefunded treasury is debited into a logical escrow hold, no signature needed. TRUSTLESS on-chain DIRECT-HIRE rail: the agent signs an auth-capture authorization — if CYBERDYNE_EVM_PRIVATE_KEY is set pass `auth_intent` (the authIntent from assign_task) and the MCP signs automatically, else pass a pre-signed `signed_payment`. POOL/FCFS rail (only when the server enables it): pass BOTH `auth_intent` (from post_task) AND `deploy_fee` (the deployFee object from post_task) — the MCP signs the budget and pays the separate 2.5% USDC / 5% other-token fee tx from its wallet, then submits both; or pass a pre-signed `signed_payment` and a pre-paid `fee_tx_hash`. Idempotent once held.",
+  "Freeze the bounty budget on-chain (the second step of the FCFS flow). REAL-TOKEN POOL rail: pass BOTH `auth_intent` (the authIntent from post_task) AND `deploy_fee` (the deployFee object from post_task) — with CYBERDYNE_EVM_PRIVATE_KEY set, the MCP signs the whole-budget authorization AND pays the separate 2.5% USDC / 5% other-token deploy fee tx from its wallet, then freezes the budget on the audited escrow; or pass a pre-signed `signed_payment` and a pre-paid `fee_tx_hash`. After this, any eligible human submits FCFS and you review_submission each. TESTNET/non-real (CYOS) rail: call with just { task_id } — the prefunded treasury opens a logical hold, no signature. Idempotent once frozen.",
   {
     task_id: z.string().uuid(),
     signed_payment: z.string().optional().describe("Pre-signed base64 auth-capture payload (external/Bankr signer)."),
@@ -309,14 +325,14 @@ server.tool(
 server.tool(
   "get_task",
-  "Get the live state of a task: the task row plus the submissions and per-unit claims the agent (as poster) may see. Poll this after authorize_task until a submission with status 'pending' appears — that is the human's proof, ready for release_payment.",
+  "Get the live state of a task: the task row plus the submissions and per-unit claims the agent (as poster) may see. Poll this after authorize_task until a submission with status 'pending' appears — that is the human's proof, ready for review_submission (approve pays one unit; reject reopens the slot).",
   { task_id: z.string().uuid() },
   async ({ task_id }) => guard(() => client.rest("GET", `/api/tasks/${task_id}`)),
 );
 server.tool(
   "release_payment",
-  "DIRECT-HIRE settle (poster-only): settle a submitted proof for a single-human task (the custodial-rail path live today). approve:true → CAPTURE: pay the human net of the platform fee. approve:false → REJECT/REFUND the held escrow. Requires the `submission_id` to act on; if omitted, the gateway fetches the task and uses the latest pending submission (and errors if none is pending yet — poll get_task first). For POOL/FCFS bounties use review_submission instead (this path captures the whole task hold, not one unit).",
+  "DEPRECATED — TESTNET/DEMO ONLY. There is NO direct hire: a real-token task is an FCFS pool bounty whose units settle ONE per approved submission, so a real-token release returns 409 direct_hire_retired — use review_submission instead (approve pays one unit, reject reopens the slot). This tool remains only for the testnet/non-real (CYOS) demo rail, where it settles a submitted proof for a single-human task: approve:true → pay net of fee, approve:false → reject/refund. `submission_id` auto-resolves to the latest pending one if omitted.",
   {
     task_id: z.string().uuid(),
     approve: z.boolean().describe("true = proof meets criteria → pay; false = reject/refund."),
@@ -361,7 +377,7 @@ server.tool(
 server.tool(
   "review_submission",
-  "POOL / FCFS settle (poster-only): approve or reject ONE submission on a pool bounty. approve:true → CAPTURE one unit from the frozen pool budget to the human and consume a slot; approve:false → reject (the slot reopens for the next submitter — no spot-blocking). For single-human direct-hire tasks use release_payment instead. Poll get_task for pending submissions. NOTE: the pool/FCFS rail is gated off on the server until certification — this tool acts on pool tasks once the operator enables that rail.",
+  "THE settle tool (poster-only): approve or reject ONE submission on your FCFS pool bounty — this is how you pay humans (there is no direct hire). approve:true → CAPTURE one unit from the frozen budget to the human (full reward, in-token) and consume a slot; approve:false → reject (the slot reopens for the next submitter — no spot-blocking). Poll get_task for pending submissions and review each one. When the budget is consumed (or you're done) call close_task to refund the unfilled remainder.",
   {
     submission_id: z.string().uuid().describe("The pending submission to review (from get_task)."),
     approve: z.boolean().describe("true = proof meets criteria → capture one unit; false = reject (slot reopens)."),
@@ -384,7 +400,7 @@ server.tool(
 server.tool(
   "close_task",
-  "Close a (multi-unit) bounty (poster-only): refund every still-held unit to the agent, mark unclaimed units done, and stop further claims. Idempotent on an already-closed task.",
+  "Close your FCFS pool bounty (poster-only): refund the unfilled budget back to your wallet on-chain (the uncaptured remainder = unfilled units × per-unit reward) and stop further submissions. The deploy fee is non-refundable. Idempotent on an already-closed task.",
   { task_id: z.string().uuid() },
   async ({ task_id }) => guard(() => client.rest("POST", `/api/tasks/${task_id}/close`)),
 );
@@ -397,7 +413,7 @@ server.registerPrompt(
   "quickstart",
   {
     title: "CYBERDYNE quickstart",
-    description: "How to fund, post a task, and pay humans end-to-end — both the direct-hire and pool/FCFS flows.",
+    description: "How to fund, post an FCFS pool bounty, and pay verified humans end-to-end.",
   },
   () => ({
     messages: [
@@ -406,26 +422,20 @@ server.registerPrompt(
         content: {
           type: "text",
           text: [
-            "You are connected to CYBERDYNE — hire and pay verified humans for tasks AI can't do alone. The live settlement rail is REAL USDC on Base (custodial: deposit -> escrow -> withdraw). The human submit-proof step is human-only, in the app; you drive everything else.",
+            "You are connected to CYBERDYNE — pay verified humans for tasks AI can't do alone. There is ONE model: every task is an open FCFS pool bounty. There is NO direct hire and NO picking a human — you freeze a budget, ANY eligible human submits first-come-first-served, and you approve/reject each submission (approved = paid one unit in-token, rejected = the slot reopens). The live settlement rail is REAL tokens on Base (non-custodial freeze-at-deploy). The human submit-proof step is human-only, in the app; you drive everything else.",
             "",
-            "FUND (real money, custodial rail):",
+            "FUND (optional — the pool freezes from your wallet at deploy, but a treasury can cover fees):",
             "1. get_deposit_address -> the platform deposit address on Base.",
-            "2. Send USDC to it FROM your own verified wallet (the one you signed in with).",
-            "3. deposit({ tx_hash }) -> credits your treasury by the verified amount (idempotent).",
-            "   (fund_treasury is demo/testnet only and is disabled on the live rail.)",
-            "Check get_treasury anytime for your balance.",
+            "2. Send USDC to it FROM your own verified wallet, then deposit({ tx_hash }) -> credits your treasury (idempotent).",
+            "   (fund_treasury is demo/testnet only and is disabled on the live rail.) Check get_treasury anytime.",
             "",
-            "FLOW A - DIRECT HIRE (works today): pick one human, hold, then pay.",
-            "4. post_task({ title, category, reward_usd, duration_min, difficulty }). Returns { task }. Use reward_usd >= 0.50 so the 2.5% fee is visible; each unit must be >= $0.01.",
-            "5. search_humans({ skills, min_reputation }) -> assign_task({ task_id, human_id }) -> authorize_task({ task_id }) to open the escrow hold (custodial rail = no signature; just task_id).",
-            "6. Poll get_task until a submission is pending (the human's proof).",
-            "7. release_payment({ task_id, approve: true, score }) -> CAPTURE: net USDC to the human, the 2.5% fee to the protocol wallet. approve:false rejects and refunds the hold.",
+            "POST + PAY (the single FCFS flow):",
+            "3. post_task({ title, category, reward_usd, quantity, duration_min, difficulty }) -> returns { task, authIntent, deployFee }. reward_usd is the TOTAL budget; quantity is how many humans it pays (each unit must be >= $0.01). authIntent is the whole-budget authorization; deployFee is a SEPARATE non-refundable fee tx (2.5% USDC / 5% other token).",
+            "4. authorize_task({ task_id, auth_intent, deploy_fee }) -> with CYBERDYNE_EVM_PRIVATE_KEY set, the MCP signs the budget AND pays the deploy fee, then FREEZES the whole budget on the audited escrow (or pass pre-made signed_payment + fee_tx_hash).",
+            "5. Any eligible human submits FCFS. Poll get_task; for EACH pending submission call review_submission({ submission_id, approve, score }) -> approve captures one unit (full reward to the human, in-token); reject reopens the slot for the next submitter.",
+            "6. close_task({ task_id }) -> refunds the unfilled budget back to your wallet (the deploy fee is non-refundable).",
             "",
-            "FLOW B - POOL / FCFS BOUNTY: one frozen budget, many humans claim+submit first-come-first-served. NOTE: this non-custodial pool rail is BUILT but GATED OFF on the server today (pending certification) - real-money pool payouts are not live yet. When the operator enables it:",
-            "8. post_task({ ..., quantity: N }) -> returns { task, authIntent, deployFee }. authIntent is the budget authorization; deployFee is a SEPARATE non-refundable fee tx (2.5% USDC / 5% other token).",
-            "9. authorize_task({ task_id, auth_intent, deploy_fee }) -> with CYBERDYNE_EVM_PRIVATE_KEY set, the MCP signs the budget AND pays the deploy fee, then freezes the whole budget (or pass pre-made signed_payment + fee_tx_hash).",
-            "10. Humans claim+submit FCFS. Poll get_task; for each pending submission call review_submission({ submission_id, approve, score }) -> approve captures one unit; reject reopens the slot.",
-            "11. close_task({ task_id }) -> refund any still-unfilled units (the deploy fee is non-refundable).",
+            "DEPRECATED: assign_task + release_payment were the old direct-hire path and now return 409 direct_hire_retired for real tokens — use post_task + authorize_task + review_submission instead. They remain only for the testnet/non-real (CYOS) demo rail.",
             "",
             "Every payout and fee on the live rail is a real on-chain transaction.",
           ].join("\n"),
@@ -442,5 +452,6 @@ await server.connect(transport);
 console.error(
   `CYBERDYNE MCP server running on stdio → ${config.apiUrl}` +
     (config.token ? "" : " (no key — run `npx cyberdyne-mcp onboard` to self-generate a wallet + key, or `login cyb_…`, or set CYBERDYNE_IDENTITY_TOKEN; networked tools error until then)") +
-    ". Tools (15): onboard, list_categories, search_humans, get_treasury, fund_treasury, get_deposit_address, deposit, withdraw_treasury, post_task, assign_task, authorize_task, get_task, release_payment, review_submission, close_task.",
+    ". Tools (15): onboard, list_categories, search_humans, get_treasury, fund_treasury, get_deposit_address, deposit, withdraw_treasury, post_task, assign_task, authorize_task, get_task, release_payment, review_submission, close_task." +
+    " CLI: onboard, login, treasury (alias balance/fees), post, tasks.",
 );