cyberdyne-mcp 0.6.2 → 0.6.4

package/README.md

@@ -2,8 +2,15 @@
 
 This is the **agent-facing** side of CYBERDYNE. The app at
 [app.cyberdyne-os.xyz](https://app.cyberdyne-os.xyz) is what a human sees; this is
-the door an AI agent walks through to **discover, hire, verify and pay** that
-human — no human clicking buttons required.
+the door an AI agent walks through to **post bounties, verify and pay** verified
+humans — no human clicking buttons required.
+
+CYBERDYNE is **one non-custodial FCFS bounty rail**. There is **no direct hire**.
+Every task is an open first-come-first-served bounty: you freeze a budget, **any**
+eligible human submits, and you approve (pay one unit) or reject (reopen the slot)
+each submission. If CYBERDYNE's operator is ever down, you can **`reclaim`** your
+unfilled budget directly from the audited escrow yourself — the deepest
+non-custodial guarantee.
 
 It's a [Model Context Protocol](https://modelcontextprotocol.io) server. Any
 MCP-capable agent (Claude Desktop, Claude Code, or a custom client) connects over
@@ -17,26 +24,46 @@ An agent can go from **nothing** to **wallet + API key + ready to post/pay** wit
 one command — no web dashboard, no manual key copy/paste:
 
 ```bash
-npx -y cyberdyne-mcp onboard      # generates a wallet + mints your cyb_ API key (no dashboard)
+npx -y cyberdyne-mcp onboard      # create a wallet (or import yours) + mint your cyb_ API key (no dashboard)
 claude mcp add cyberdyne -- npx -y cyberdyne-mcp   # the MCP now auto-uses the saved key
 ```
 
-`onboard` resolves a wallet (uses `CYBERDYNE_EVM_PRIVATE_KEY` if set, else a wallet
-it generated on a prior run, else it **generates a fresh one**), signs in to
-CYBERDYNE with it (SIWE — just a signature, no gas, no transaction), mints your
-`cyb_` agent key, and saves **both** to `~/.cyberdyne/config.json` (mode `0600`).
-It prints your wallet address and the `cyb_` key **once**. The same generated
-wallet is then used automatically for pool-budget signing — zero env vars.
+`onboard` resolves a wallet, signs in to CYBERDYNE with it (SIWE — just a
+signature, no gas, no transaction), mints your `cyb_` agent key, and saves **both**
+to `~/.cyberdyne/config.json` (mode `0600`). It prints your wallet address and the
+`cyb_` key **once**. The same wallet is then used automatically for pool-budget
+signing and `reclaim` — zero env vars.
+
+**Import your own wallet, or create a fresh one:**
+
+```bash
+# Import a private key or a BIP-39 mnemonic — pipe it (most private, off shell history):
+echo 0xYOUR_PRIVATE_KEY            | npx -y cyberdyne-mcp onboard --import
+echo "twelve word mnemonic …"      | npx -y cyberdyne-mcp onboard --import
+CYBERDYNE_IMPORT_KEY=0xYOUR_KEY      npx -y cyberdyne-mcp onboard --import   # or via env
+npx -y cyberdyne-mcp onboard --import 0xYOUR_KEY    # works too, but lands in shell history (you'll be warned)
+
+# Generate a brand-new wallet:
+npx -y cyberdyne-mcp onboard --create
+```
+
+With **no flag in a terminal**, `onboard` asks: paste an existing key/mnemonic, or
+press enter to create a fresh wallet. In a non-interactive/CI shell with no flag or
+`CYBERDYNE_IMPORT_KEY`, it defaults to **create**. A mnemonic derives account index
+0 (`m/44'/60'/0'/0/0`). An imported key is validated (0x + 64 hex, or a valid BIP-39
+mnemonic) before any network call. `CYBERDYNE_EVM_PRIVATE_KEY` (env) still works as a
+no-flag default and overrides the saved wallet.
 
 An agent already running inside an LLM with this MCP connected can **self-onboard
 with zero web interaction** by calling the `onboard` tool — it's the one tool that
-works without an existing key and bootstraps everything else. After that it can
-fund (`get_deposit_address` → send USDC on Base → `deposit`) and `post_task` — and
-`withdraw_treasury` to recover unspent treasury to your wallet.
+works without an existing key and bootstraps everything else. (The `onboard` tool
+generates/reuses a wallet; to **import** your own, use the `--import` CLI.) After
+that it can fund (`get_deposit_address` → send USDC on Base → `deposit`) and
+`post_task` — and `withdraw_treasury` to recover unspent treasury to your wallet.
 
 > Mirrors the Bankr CLI UX (`bankr login` → wallet + API key in one shot). The
 > human **submit-proof** step is intentionally still in the app (human-only); every
-> agent-side action — onboard, fund, post, assign, authorize, review, close — is
+> agent-side action — onboard, fund, post, authorize, review, close, reclaim — is
 > headless.
 
 ## CLI
@@ -80,43 +107,41 @@ No key is hardcoded anywhere. `list_categories` and `onboard` work without a tok
 (`onboard` mints one); every other tool returns a clear error until a key is set —
 via `CYBERDYNE_IDENTITY_TOKEN`, a saved `onboard`/`login`, or the `onboard` tool.
 
-## The flows
+## The flow
 
 An agent cannot submit proof on a human's behalf — the **submit-proof step is
-human-only and happens in the app/UI**. Funding is the same for both flows: on the
-**live** rail fund with real USDC — `get_deposit_address` returns where to send,
-then `deposit` credits your treasury from the tx hash. (`fund_treasury` is a
-**testnet/demo** top-up and is disabled when the platform is live.)
-
-There are two settlement flows:
+human-only and happens in the app/UI**. On the **live** rail fund with real USDC —
+`get_deposit_address` returns where to send, then `deposit` credits your treasury
+from the tx hash. (`fund_treasury` is a **testnet/demo** top-up and is disabled when
+the platform is live.)
 
-### Flow A — direct hire (the path live today)
-
-Real USDC on Base via the **custodial rail** (deposit → escrow → withdraw). You
-pick one human, open the hold, then pay on a valid proof.
+There is **one** settlement model: the **non-custodial FCFS pool bounty**. You
+freeze a budget once; **any** eligible human submits first-come-first-served; you
+approve each unit (pay one) or reject it (the slot reopens). `post_task` returns an
+`authIntent` (the whole-budget authorization to sign) plus a separate `deployFee`
+(a non-refundable 2.5% USDC / 5% other-token fee tx).
 
 ```
-get_deposit_address → send USDC → deposit          (fund the treasury)
-  → post_task → search_humans → assign_task         (pick a human)
-  → authorize_task                                  (open the escrow hold; custodial = just task_id)
-  → poll get_task until a submission is pending
-  → release_payment                                 (approve → capture/pay; else reject → refund)
+get_deposit_address → send USDC → deposit          (optional, fund the treasury)
+  → post_task ({ …, quantity })                      → { task, authIntent, deployFee }
+  → authorize_task ({ task_id, auth_intent, deploy_fee })   (sign the budget + pay the deploy fee; freeze the whole budget on the audited escrow)
+  → humans submit FCFS → poll get_task
+  → review_submission per pending submission          (approve → capture one unit, full reward in-token; reject → slot reopens)
+  → close_task                                        (operator voids the unfilled budget back to you; the deploy fee is non-refundable)
 ```
 
-### Flow B — pool / FCFS bounty
+### Trustless backstop — `reclaim`
 
-One frozen budget, many humans claim and submit first-come-first-served; you
-approve each unit. This **non-custodial pool escrow rail is built but gated off**
-on the server today (env `ESCROW_POOL` is not enabled), pending certification —
-so real-money non-custodial pool payouts are **not live yet**. When the operator
-enables it, `post_task` returns an `authIntent` plus a separate `deployFee`:
+`close_task` asks CYBERDYNE's operator to void the unfilled budget. If the operator
+is ever **down**, you don't need it: after the on-chain **authorization deadline**,
+your own wallet (the budget's `payer`) calls the audited escrow's payer-only
+`reclaim(paymentInfo)` **directly**, with zero platform involvement, and recovers
+the unfilled budget itself. This is the deepest non-custodial guarantee.
 
 ```
-post_task (quantity > 1)                            → { task, authIntent, deployFee }
-  → authorize_task ({ auth_intent, deploy_fee })    (sign the budget + pay the deploy fee; freeze the whole budget)
-  → humans claim + submit FCFS → poll get_task
-  → review_submission per pending submission         (approve → capture one unit; reject → slot reopens)
-  → close_task                                       (refund unfilled units; the deploy fee is non-refundable)
+reclaim ({ task_id })   → your MCP wallet reads escrow_payment_info, reconstructs the exact
+                          PaymentInfo struct, and calls reclaim() on the audited escrow on Base.
+                          Errors clearly if it's too early, already settled, or you're not the payer.
 ```
 
 ## Tools → live endpoints
@@ -131,20 +156,20 @@ post_task (quantity > 1)                            → { task, authIntent, depl
 | `get_deposit_address` | `GET /api/treasury/deposit` | Where to send real USDC to fund the treasury (live rail). |
 | `deposit` | `POST /api/treasury/deposit` | Credit the treasury from a real on-chain USDC deposit (tx hash). |
 | `withdraw_treasury` | `POST /api/treasury/withdraw` | Recover unspent treasury to your wallet — pull USDC back to your own verified deposit wallet on Base (live rail; no destination param, so funds can only go to you). |
-| `post_task` | `POST /api/tasks` | Open a task. `reward_usd` is the budget; not charged until authorize. Pool/FCFS response also carries `authIntent` + `deployFee`. |
-| `assign_task` | `POST /api/tasks/[id]/assign` | Direct hire: assign to a human; returns `{ task, authIntent }` (authIntent is `null` on the custodial/manual rail). |
-| `authorize_task` | `POST /api/tasks/[id]/authorize` | Open the escrow hold. Custodial/manual: just `task_id`. On-chain direct hire: `auth_intent`/`signed_payment`. Pool/FCFS: also `deploy_fee`/`fee_tx_hash`. |
+| `post_task` | `POST /api/tasks` | Open an FCFS pool bounty. `reward_usd` is the total budget; `quantity` units; not charged until authorize. Response carries `authIntent` + `deployFee`. |
+| `authorize_task` | `POST /api/tasks/[id]/authorize` | Freeze the whole budget on the audited escrow. With a signing wallet: pass `auth_intent` + `deploy_fee` (the MCP signs + pays the fee); or pre-made `signed_payment` + `fee_tx_hash`. |
 | `get_task` | `GET /api/tasks/[id]` | Task + the submissions/claims the poster may see. Poll for a `pending` submission. |
-| `release_payment` | `POST /api/tasks/[id]/release` | **Direct hire** settle: `approve:true` → capture (pay net of fee); `approve:false` → reject/refund. Auto-resolves the pending `submission_id` if omitted. |
-| `review_submission` | `POST /api/submissions/[id]/review` | **Pool/FCFS** settle: `approve:true` → capture one unit; `approve:false` → reject (slot reopens). |
-| `close_task` | `POST /api/tasks/[id]/close` | Close a (multi-unit) bounty; refund still-held units. |
-
-The live rail today is the **custodial USDC escrow** (real deposit → escrow →
-withdraw on Base mainnet): at `authorize_task` the budget is held; on
-`release_payment` it is captured to the human (net of the platform fee) or
-refunded. The **non-custodial pool/FCFS rail** (deploy-fee + `review_submission`)
-is built but gated off on the server until certification. `search_humans` goes
-through the a2a JSON-RPC gateway because the REST `GET /api/humans` is session-only.
+| `review_submission` | `POST /api/submissions/[id]/review` | Settle one submission: `approve:true` → capture one unit (full reward in-token); `approve:false` → reject (slot reopens). This is how you pay humans. |
+| `close_task` | `POST /api/tasks/[id]/close` | Close the bounty; the operator voids the unfilled remainder back to you. The deploy fee is non-refundable. |
+| `reclaim` | on-chain `reclaim(paymentInfo)` | **Trustless backstop.** After the authorization deadline, your wallet (the payer) recovers the unfilled budget directly from the audited escrow — no CYBERDYNE operator. Returns `{ ok, tx_hash, reclaimed }`. |
+
+The settlement model is the **non-custodial FCFS pool escrow** (freeze-at-deploy on
+the audited base/commerce-payments `AuthCaptureEscrow`): at `authorize_task` the whole
+budget is frozen; `review_submission` captures one unit to the human (full reward,
+in-token); `close_task` voids the unfilled remainder via the operator, and `reclaim`
+is your own payer-only on-chain recovery if the operator is ever unavailable.
+`search_humans` (discovery only — there is no direct hire) goes through the a2a
+JSON-RPC gateway because the REST `GET /api/humans` is session-only.
 
 ## Run it
 
@@ -207,28 +232,24 @@ Bundles the MCP gateway **and** the usage skill. Once connected, run
 
 Then ask the agent, e.g.:
 
-> *Find a Spanish-speaking human who can record audio, post a $3.50 task to read
-> 10 phrases, assign it, authorize the hold, then verify and pay.*
+> *Post a $3.50 FCFS bounty for a human to record 10 phrases, freeze the budget,
+> then verify the first valid submission and pay it.*
 
-The agent chains `search_humans → post_task → assign_task → authorize_task →
-get_task → release_payment` on its own (Flow A, direct hire). For an open
-first-come bounty it instead posts with `quantity > 1` and settles each unit with
-`review_submission` (Flow B, pool/FCFS — active once the pool rail is enabled).
+The agent chains `post_task → authorize_task → get_task → review_submission →
+close_task` on its own. If CYBERDYNE's operator is ever down, it can `reclaim` the
+unfilled budget directly from the escrow after the authorization deadline. There is
+**no direct hire** — every task is an open FCFS pool bounty.
 
 ## Honesty / accuracy
 
 State only what is independently verifiable. This repository, its code, and the
 fact that the tools run and call the documented endpoints are verifiable. The
-backend is **pre-launch**. The live settlement rail today is the **custodial USDC
-rail** (real deposit → escrow → withdraw on Base mainnet). The **non-custodial
-pool/FCFS rail** (deploy-fee + `review_submission`) is built but **gated off** on
-the server pending certification — so real-money non-custodial pool payouts are
-**not live yet**. Do **not** assert funding, valuation, investors, revenue or user
-metrics, any token/airdrop, named individuals, partnerships, or compliance status
-— none are established.
+backend is **pre-launch**. The settlement model is the **non-custodial FCFS pool
+escrow** (freeze-at-deploy on the audited base/commerce-payments `AuthCaptureEscrow`,
+with the agent's own payer-only `reclaim` backstop). Do **not** assert funding,
+valuation, investors, revenue or user metrics, any token/airdrop, named individuals,
+partnerships, or compliance status — none are established.
 
 ## Follow-ups (not in this server)
 
-- The **paid `hire` path** (x402 402→pay→200 over `POST /api/a2a`) is implemented
-  on the platform but not surfaced here — it needs an x402 signing client.
 - A **remote/HTTP MCP** variant (vs. stdio) for hosted agents.

package/dist/cli.js

@@ -160,9 +160,9 @@ export async function runPost(argv) {
         const res = await c.rest("POST", "/api/tasks", { body });
         const taskId = res.task?.id;
         console.error(`  ✓ posted — task ${taskId}`);
-        // Custodial rail (no authIntent): nothing else to do; the hold opens later.
+        // Custodial/testnet rail (no authIntent): nothing else to do; the hold opens later.
         if (!res.authIntent || !res.deployFee) {
-            console.error(`\n✓ Task ${taskId} is open (custodial rail). Next: assign a human + authorize, then release on a valid proof.`);
+            console.error(`\n✓ Task ${taskId} is open. Humans submit FCFS; review each submission to capture a unit (review_submission), then close_task.`);
             process.exit(0);
         }
         // POOL rail — the autonomous `bankr launch` path. Sign the budget with the saved

package/dist/evm-signer.js

@@ -13,7 +13,7 @@
  * Nothing here moves funds or pays gas; it only produces a signature.
  */
 import { privateKeyToAccount } from "viem/accounts";
-import { createPublicClient, createWalletClient, http, parseUnits } from "viem";
+import { createPublicClient, createWalletClient, getAddress, http, parseUnits } from "viem";
 import { base, baseSepolia } from "viem/chains";
 import { AuthCaptureEvmScheme, toClientEvmSigner } from "@x402/evm";
 import { readSavedWalletKey } from "./client.js";
@@ -99,3 +99,115 @@ export async function signAuthCapture(requirements) {
     const result = await scheme().createPaymentPayload(2, requirements);
     return Buffer.from(JSON.stringify(result)).toString("base64");
 }
+// ── Trustless self-recovery: reclaim ────────────────────────────────────────
+// The deepest non-custodial guarantee. The AGENT (payer) calls the AUDITED
+// AuthCaptureEscrow `reclaim(paymentInfo)` DIRECTLY — no CYBERDYNE operator. The
+// contract requires `msg.sender == paymentInfo.payer` and `block.timestamp >=
+// authorizationExpiry`, then returns the uncaptured remainder to the payer. This
+// is the same PaymentInfo tuple shape used by authorize/capture/void.
+/** The canonical audited base/commerce-payments AuthCaptureEscrow on Base. */
+export const AUTH_CAPTURE_ESCROW_ADDRESS = "0xBdEA0D1bcC5966192B070Fdf62aB4EF5b4420cff";
+/** PaymentInfo tuple components — EXACTLY the order the escrow hashes/expects. */
+const PAYMENT_INFO_COMPONENTS = [
+    { name: "operator", type: "address" },
+    { name: "payer", type: "address" },
+    { name: "receiver", type: "address" },
+    { name: "token", type: "address" },
+    { name: "maxAmount", type: "uint120" },
+    { name: "preApprovalExpiry", type: "uint48" },
+    { name: "authorizationExpiry", type: "uint48" },
+    { name: "refundExpiry", type: "uint48" },
+    { name: "minFeeBps", type: "uint16" },
+    { name: "maxFeeBps", type: "uint16" },
+    { name: "feeReceiver", type: "address" },
+    { name: "salt", type: "uint256" },
+];
+const paymentInfoArg = { name: "paymentInfo", type: "tuple", components: PAYMENT_INFO_COMPONENTS };
+/** Minimal ABI: just `reclaim(PaymentInfo)` — payer-callable after authorizationExpiry. */
+export const reclaimAbi = [
+    { type: "function", name: "reclaim", stateMutability: "nonpayable", inputs: [paymentInfoArg], outputs: [] },
+];
+/** Decode the base64 signed payment → { payer (authorization.from), validBefore, salt }. */
+function decodeSignedPayment(signedPayment) {
+    let payload;
+    try {
+        const decoded = JSON.parse(Buffer.from(signedPayment, "base64").toString("utf8"));
+        payload = (decoded.payload ?? decoded);
+    }
+    catch {
+        throw new Error("malformed_signed_payment");
+    }
+    const auth = payload.authorization;
+    const permit = payload.permit2Authorization;
+    const from = auth?.from ?? permit?.from;
+    const validBefore = auth?.validBefore ?? permit?.deadline;
+    const salt = payload.salt;
+    if (!from || !validBefore || !salt)
+        throw new Error("incomplete_signed_payment (need authorization.from + validBefore + salt)");
+    return { payer: from, preApprovalExpiry: Number(validBefore), salt, value: auth?.value };
+}
+/**
+ * Reconstruct the on-chain PaymentInfo struct EXACTLY like the platform's
+ * `structFor` (lib/payments/escrow-pool.ts) — the contract recomputes the hash, so
+ * every field must match the one signed at deploy or `reclaim` reverts.
+ */
+function structFor(info, payer, preApprovalExpiry, salt, value) {
+    const x = info.extra;
+    return {
+        operator: getAddress(x.captureAuthorizer),
+        payer: getAddress(payer),
+        receiver: getAddress(info.payTo),
+        token: getAddress(info.asset),
+        maxAmount: BigInt(value ?? info.amount),
+        preApprovalExpiry,
+        authorizationExpiry: x.captureDeadline,
+        refundExpiry: x.refundDeadline,
+        minFeeBps: x.minFeeBps ?? 0,
+        maxFeeBps: x.maxFeeBps ?? 0,
+        feeReceiver: getAddress(x.feeRecipient),
+        salt: BigInt(salt),
+    };
+}
+/**
+ * TRUSTLESS SELF-RECOVERY. The agent (payer) calls `reclaim(paymentInfo)` on the
+ * audited escrow directly to recover its OWN unfilled budget — no operator. Asserts
+ * the MCP wallet == payer (reclaim is payer-only on-chain) and that the authorization
+ * deadline has passed, then signs+sends from the agent wallet and waits for the receipt.
+ * Returns { ok, tx_hash, reclaimed } (reclaimed = the human-readable atomic maxAmount).
+ */
+export async function reclaimBudget(info) {
+    const signed = info.signedPayment;
+    if (!signed)
+        throw new Error("no signedPayment on this task — it was never frozen on the escrow (nothing to reclaim)");
+    const { payer, preApprovalExpiry, salt, value } = decodeSignedPayment(signed);
+    // reclaim is payer-only on-chain — assert this wallet IS the payer before sending.
+    const me = evmAddress();
+    if (me.toLowerCase() !== payer.toLowerCase()) {
+        throw new Error(`wallet ${me} is not the payer (${payer}) of this budget — reclaim is payer-only on-chain. ` +
+            "Use the same wallet that authorized/froze the budget.");
+    }
+    const paymentInfo = structFor(info, payer, preApprovalExpiry, salt, value);
+    // reclaim requires block.timestamp >= authorizationExpiry — check first for a clear error.
+    const now = Math.floor(Date.now() / 1000);
+    if (now < paymentInfo.authorizationExpiry) {
+        const when = new Date(paymentInfo.authorizationExpiry * 1000).toISOString();
+        throw new Error(`too_early: the authorization deadline has not passed yet (reclaim opens at ${when}, ` +
+            `in ~${Math.ceil((paymentInfo.authorizationExpiry - now) / 60)} min). ` +
+            "Until then, close_task asks CYBERDYNE's operator to void the unfilled budget back to you.");
+    }
+    const wallet = createWalletClient({ account: account(), chain: chain(), transport: http(process.env.CYBERDYNE_RPC_URL) });
+    const pub = createPublicClient({ chain: chain(), transport: http(process.env.CYBERDYNE_RPC_URL) });
+    const hash = await wallet.writeContract({
+        address: AUTH_CAPTURE_ESCROW_ADDRESS,
+        abi: reclaimAbi,
+        functionName: "reclaim",
+        args: [paymentInfo],
+        chain: chain(),
+    });
+    const receipt = await pub.waitForTransactionReceipt({ hash });
+    if (receipt.status !== "success") {
+        throw new Error("reclaim reverted on-chain — the budget may already be fully captured/settled, already reclaimed, " +
+            "or the deadline window is wrong. Nothing was recovered.");
+    }
+    return { ok: true, tx_hash: hash, reclaimed: String(paymentInfo.maxAmount) };
+}

package/dist/founder-check.js

@@ -65,24 +65,27 @@ const posted = await call("post_task", {
 });
 const taskId = posted.task.id;
 console.log(`post_task -> ${taskId}  reward $${posted.task.reward_usd}`);
-// 3. Assign it to the chosen human and open the escrow hold.
-if (human?.id) {
-    const assigned = await call("assign_task", { task_id: taskId, human_id: human.id });
-    console.log(`assign_task -> ${assigned.task.status}, authIntent ${assigned.authIntent ? "present" : "null"}`);
-    const authd = await call("authorize_task", { task_id: taskId });
-    console.log(`authorize_task -> escrow ${authd.task?.escrow_status}`);
-}
+// (search_humans is discovery only — there is NO direct hire. The task is an open
+// FCFS pool bounty: ANY eligible human submits first-come-first-served.)
+void human;
+// 3. Authorize — freeze the budget (POOL: authIntent + deployFee; manual: just task_id).
+const authd = await call("authorize_task", {
+    task_id: taskId,
+    ...(posted.authIntent ? { auth_intent: posted.authIntent } : {}),
+    ...(posted.deployFee ? { deploy_fee: posted.deployFee } : {}),
+});
+console.log(`authorize_task -> escrow ${authd.task?.escrow_status}`);
 // 4. Poll until the human's proof is in (they submit in the app — human-only).
 const got = await call("get_task", { task_id: taskId });
 console.log(`get_task -> ${got.task.status}  submissions ${got.submissions.length}`);
-// 5. If the proof is in, verify and release payment to the human.
+// 5. If the proof is in, verify it and capture one unit to the human.
 const pending = (got.submissions ?? []).find((s) => s.status === "pending");
 if (pending) {
-    const settled = await call("release_payment", { task_id: taskId, approve: true, score: 5 });
-    console.log(`release_payment -> task ${settled.task?.status}`);
+    const settled = await call("review_submission", { submission_id: pending.id, approve: true, score: 5 });
+    console.log(`review_submission -> captured ${JSON.stringify(settled).slice(0, 80)}`);
     console.log("\n[agent] has a human verification it could not produce itself, and the contributor is paid.");
 }
 else {
-    console.log("\n[agent] task is live and the hold is open; the human submits proof in the app, then the agent releases payment.");
+    console.log("\n[agent] bounty is live and the budget is frozen; humans submit proof in the app FCFS, then the agent reviews each.");
 }
 await client.close();