cyberdyne-mcp 0.6.4 → 0.6.5

package/dist/server.js

@@ -9,7 +9,6 @@
  *   list_categories  — the static task taxonomy (no network)
  *   search_humans    — POST /api/a2a {search_humans}      → capability index
  *   get_treasury     — GET  /api/treasury                 → the agent's balance
- *   fund_treasury    — POST /api/treasury/fund            → demo top-up (testnet only)
  *   get_deposit_address — GET  /api/treasury/deposit      → where to send real USDC (live)
  *   deposit          — POST /api/treasury/deposit         → credit treasury from a real USDC tx
  *   withdraw_treasury — POST /api/treasury/withdraw        → pull unspent treasury back to your wallet (live)
@@ -158,7 +157,7 @@ async function guard(fn) {
     }
 }
 // ---- Server ---------------------------------------------------------------
-const server = new McpServer({ name: "cyberdyne", version: "0.6.4" });
+const server = new McpServer({ name: "cyberdyne", version: "0.6.5" });
 server.tool("list_categories", "List the kinds of real-world work CYBERDYNE humans can do. Static (no network). Use this to learn the valid `category` values before posting a task.", {}, async () => json(Object.entries(CATEGORIES).map(([id, blurb]) => ({ id, blurb }))));
 server.tool("onboard", "BOOTSTRAP (works WITHOUT an existing key — the one tool that self-onboards). Zero-browser: generates a fresh wallet if you don't have one, signs in to CYBERDYNE with it (SIWE), mints your `cyb_` agent API key, and saves both to ~/.cyberdyne/config.json (0600) so every other tool here authenticates automatically. No web dashboard, no env vars. Returns your wallet address, the cyb_ key (shown once), and the next steps (fund via get_deposit_address+deposit → post_task → authorize_task → review_submission → close_task). The same generated wallet auto-signs pool budgets. To bring your OWN wallet instead, use the CLI: `npx cyberdyne-mcp onboard --import <0xKEY | mnemonic>` (or --create for a fresh one). Idempotent-ish: re-running with a saved wallet reuses it and mints a fresh key.", {}, async () => guard(async () => {
     const r = await onboard();
@@ -183,17 +182,16 @@ server.tool("search_humans", "Find verified humans by capability via the live ca
     ...(min_reputation != null ? { min_reputation } : {}),
     ...(location ? { location } : {}),
 })));
-server.tool("get_treasury", "Get the agent's own treasury (the source of task rewards on the manual rail). Returns null if the agent has no treasury yet — call fund_treasury to create one.", {}, async () => guard(() => client.rest("GET", "/api/treasury")));
-server.tool("fund_treasury", "Demo top-up (TESTNET/DEMO ONLY): add USD to the treasury balance. DISABLED when the platform is live (returns 403 funding_disabled) — on the live rail fund with REAL USDC via get_deposit_address + deposit instead.", { amount_usd: z.number().positive().describe("USD to add to the treasury balance.") }, async ({ amount_usd }) => guard(() => client.rest("POST", "/api/treasury/fund", { body: { amount_usd } })));
+server.tool("get_treasury", "Get the agent's own treasury — residual on-chain balance available to cover deploy fees and to withdraw. Fund it with REAL USDC via get_deposit_address + deposit. Returns null if the agent has no treasury yet.", {}, async () => guard(() => client.rest("GET", "/api/treasury")));
 server.tool("get_deposit_address", "Get the on-chain address to fund your treasury with REAL USDC (live rail). Returns { deposit_address, chain_id, usdc_address, decimals }. Send USDC from your VERIFIED wallet to deposit_address on Base, then call `deposit` with the tx hash to credit your treasury.", {}, async () => guard(() => client.rest("GET", "/api/treasury/deposit")));
-server.tool("deposit", "Credit your treasury from a REAL on-chain USDC deposit (live rail; the real-money replacement for fund_treasury). First send USDC to the address from get_deposit_address (from your verified wallet), then call this with the transaction hash. The transfer is verified on-chain (to = platform wallet, from = your wallet) and credited exactly once — resubmitting the same tx never double-credits.", {
+server.tool("deposit", "Credit your treasury from a REAL on-chain USDC deposit. First send USDC to the address from get_deposit_address (from your verified wallet), then call this with the transaction hash. The transfer is verified on-chain (to = platform wallet, from = your wallet) and credited exactly once — resubmitting the same tx never double-credits.", {
     tx_hash: z
         .string()
         .regex(/^0x[0-9a-fA-F]{64}$/)
         .describe("The Base tx hash of your USDC transfer to the deposit address."),
 }, async ({ tx_hash }) => guard(() => client.rest("POST", "/api/treasury/deposit", { body: { tx_hash } })));
 server.tool("withdraw_treasury", "Recover UNSPENT treasury to your wallet (live rail): pull USDC out of your treasury back to your own VERIFIED deposit wallet on Base — no browser. Available balance is your treasury balance net of any open escrow holds. Funds can ONLY go to your verified wallet (no destination param), so a leaked key can't redirect them. Returns { ok, tx_hash, amount_usd, to }. 400 insufficient_treasury if the balance can't cover it; 403 withdraws_disabled on the demo rail.", { amount_usd: z.number().positive().describe("USD to withdraw from your treasury to your verified wallet.") }, async ({ amount_usd }) => guard(() => client.rest("POST", "/api/treasury/withdraw", { body: { amount_usd } })));
-server.tool("post_task", "Open an FCFS pool bounty on the marketplace. There is NO direct hire and NO agent-picks-human — every task is an open bounty: you freeze a budget, ANY eligible human submits first-come-first-served, and you approve/reject each submission. Funds are NOT charged at post — the budget is frozen later at authorize_task. `reward_usd` is the total budget; `quantity` is how many identical units (humans) it pays — each unit holds reward_usd/quantity (each unit must be >= $0.01). Returns the created task (with its id). REAL-TOKEN POOL rail (USDC/BNKR on Base): the response also includes `authIntent` (the budget authorization to sign) and `deployFee` { usd, bps, recipient, token } (a SEPARATE non-refundable fee tx) — pass BOTH to authorize_task. TESTNET/non-real token (CYOS): no on-chain freeze; response is just { task } (treasury-checked, 402 insufficient_treasury if low).", {
+server.tool("post_task", "Open an FCFS pool bounty on the marketplace. There is NO direct hire and NO agent-picks-human — every task is an open bounty: you freeze a budget, ANY eligible human submits first-come-first-served, and you approve/reject each submission. Funds are NOT charged at post — the budget is frozen later at authorize_task. `reward_usd` is the total budget; `quantity` is how many identical units (humans) it pays — each unit holds reward_usd/quantity (each unit must be >= $0.01). Returns the created task (with its id) plus `authIntent` (the budget authorization to sign) and `deployFee` { usd, bps, recipient, token } (a SEPARATE non-refundable fee tx) — pass BOTH to authorize_task. The non-custodial POOL escrow (USDC/BNKR/GITLAWB on Base) is the only settlement rail; a non-real token (CYOS) or non-live config has no rail and returns 422 settlement_unavailable.", {
     title: z.string().min(2).max(160).describe("Short task title."),
     category: z.enum(TASK_CATEGORIES),
     description: z.string().max(4000).optional().describe("What you need the human to do."),
@@ -205,7 +203,7 @@ server.tool("post_task", "Open an FCFS pool bounty on the marketplace. There is
     pay_token: z.enum(["USDC", "BNKR", "CYOS"]).optional().describe("Settlement token (default USDC)."),
     deadline_hours: z.number().int().positive().optional(),
 }, async (args) => guard(() => client.rest("POST", "/api/tasks", { body: args })));
-server.tool("authorize_task", "Freeze the bounty budget on-chain (the second step of the FCFS flow). REAL-TOKEN POOL rail: pass BOTH `auth_intent` (the authIntent from post_task) AND `deploy_fee` (the deployFee object from post_task) — with CYBERDYNE_EVM_PRIVATE_KEY set, the MCP signs the whole-budget authorization AND pays the separate 2.5% USDC / 5% other-token deploy fee tx from its wallet, then freezes the budget on the audited escrow; or pass a pre-signed `signed_payment` and a pre-paid `fee_tx_hash`. After this, any eligible human submits FCFS and you review_submission each. TESTNET/non-real (CYOS) rail: call with just { task_id } — the prefunded treasury opens a logical hold, no signature. Idempotent once frozen.", {
+server.tool("authorize_task", "Freeze the bounty budget on-chain (the second step of the FCFS flow). REAL-TOKEN POOL rail: pass BOTH `auth_intent` (the authIntent from post_task) AND `deploy_fee` (the deployFee object from post_task) — with CYBERDYNE_EVM_PRIVATE_KEY set, the MCP signs the whole-budget authorization AND pays the separate 2.5% USDC / 5% other-token deploy fee tx from its wallet, then freezes the budget on the audited escrow; or pass a pre-signed `signed_payment` and a pre-paid `fee_tx_hash`. After this, any eligible human submits FCFS and you review_submission each. The non-custodial POOL escrow is the only rail; a non-real token / non-live config returns 409 settlement_unavailable. Idempotent once frozen.", {
     task_id: z.string().uuid(),
     signed_payment: z.string().optional().describe("Pre-signed base64 auth-capture payload (external/Bankr signer)."),
     auth_intent: z.unknown().optional().describe("The authIntent from post_task — required for MCP wallet auto-signing."),
@@ -283,8 +281,7 @@ server.registerPrompt("quickstart", {
                     "",
                     "FUND (optional — the pool freezes from your wallet at deploy, but a treasury can cover fees):",
                     "1. get_deposit_address -> the platform deposit address on Base.",
-                    "2. Send USDC to it FROM your own verified wallet, then deposit({ tx_hash }) -> credits your treasury (idempotent).",
-                    "   (fund_treasury is demo/testnet only and is disabled on the live rail.) Check get_treasury anytime.",
+                    "2. Send USDC to it FROM your own verified wallet, then deposit({ tx_hash }) -> credits your treasury (idempotent). Check get_treasury anytime.",
                     "",
                     "POST + PAY (the single FCFS flow):",
                     "3. post_task({ title, category, reward_usd, quantity, duration_min, difficulty }) -> returns { task, authIntent, deployFee }. reward_usd is the TOTAL budget; quantity is how many humans it pays (each unit must be >= $0.01). authIntent is the whole-budget authorization; deployFee is a SEPARATE non-refundable fee tx (2.5% USDC / 5% other token).",
@@ -305,5 +302,5 @@ const transport = new StdioServerTransport();
 await server.connect(transport);
 console.error(`CYBERDYNE MCP server running on stdio → ${config.apiUrl}` +
     (config.token ? "" : " (no key — run `npx cyberdyne-mcp onboard` to self-generate a wallet + key, or `login cyb_…`, or set CYBERDYNE_IDENTITY_TOKEN; networked tools error until then)") +
-    ". Tools (14): onboard, list_categories, search_humans, get_treasury, fund_treasury, get_deposit_address, deposit, withdraw_treasury, post_task, authorize_task, get_task, review_submission, close_task, reclaim." +
+    ". Tools (13): onboard, list_categories, search_humans, get_treasury, get_deposit_address, deposit, withdraw_treasury, post_task, authorize_task, get_task, review_submission, close_task, reclaim." +
     " CLI: onboard, login, treasury (alias balance/fees), post, tasks.");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cyberdyne-mcp",
-  "version": "0.6.4",
+  "version": "0.6.5",
   "publishConfig": {
     "access": "public"
   },
@@ -45,9 +45,7 @@
     "build": "tsc",
     "prepublishOnly": "npm run build",
     "start": "node dist/server.js",
-    "dev": "tsx src/server.ts",
-    "smoke": "tsx src/smoke.ts",
-    "founder-check": "tsx src/founder-check.ts"
+    "dev": "tsx src/server.ts"
   },
   "engines": {
     "node": ">=18"

package/src/server.ts

@@ -9,7 +9,6 @@
  *   list_categories  — the static task taxonomy (no network)
  *   search_humans    — POST /api/a2a {search_humans}      → capability index
  *   get_treasury     — GET  /api/treasury                 → the agent's balance
- *   fund_treasury    — POST /api/treasury/fund            → demo top-up (testnet only)
  *   get_deposit_address — GET  /api/treasury/deposit      → where to send real USDC (live)
  *   deposit          — POST /api/treasury/deposit         → credit treasury from a real USDC tx
  *   withdraw_treasury — POST /api/treasury/withdraw        → pull unspent treasury back to your wallet (live)
@@ -170,7 +169,7 @@ async function guard<T>(fn: () => Promise<T>) {
 
 // ---- Server ---------------------------------------------------------------
 
-const server = new McpServer({ name: "cyberdyne", version: "0.6.4" });
+const server = new McpServer({ name: "cyberdyne", version: "0.6.5" });
 
 server.tool(
   "list_categories",
@@ -220,19 +219,11 @@ server.tool(
 
 server.tool(
   "get_treasury",
-  "Get the agent's own treasury (the source of task rewards on the manual rail). Returns null if the agent has no treasury yet — call fund_treasury to create one.",
+  "Get the agent's own treasury — residual on-chain balance available to cover deploy fees and to withdraw. Fund it with REAL USDC via get_deposit_address + deposit. Returns null if the agent has no treasury yet.",
   {},
   async () => guard(() => client.rest("GET", "/api/treasury")),
 );
 
-server.tool(
-  "fund_treasury",
-  "Demo top-up (TESTNET/DEMO ONLY): add USD to the treasury balance. DISABLED when the platform is live (returns 403 funding_disabled) — on the live rail fund with REAL USDC via get_deposit_address + deposit instead.",
-  { amount_usd: z.number().positive().describe("USD to add to the treasury balance.") },
-  async ({ amount_usd }) =>
-    guard(() => client.rest("POST", "/api/treasury/fund", { body: { amount_usd } })),
-);
-
 server.tool(
   "get_deposit_address",
   "Get the on-chain address to fund your treasury with REAL USDC (live rail). Returns { deposit_address, chain_id, usdc_address, decimals }. Send USDC from your VERIFIED wallet to deposit_address on Base, then call `deposit` with the tx hash to credit your treasury.",
@@ -242,7 +233,7 @@ server.tool(
 
 server.tool(
   "deposit",
-  "Credit your treasury from a REAL on-chain USDC deposit (live rail; the real-money replacement for fund_treasury). First send USDC to the address from get_deposit_address (from your verified wallet), then call this with the transaction hash. The transfer is verified on-chain (to = platform wallet, from = your wallet) and credited exactly once — resubmitting the same tx never double-credits.",
+  "Credit your treasury from a REAL on-chain USDC deposit. First send USDC to the address from get_deposit_address (from your verified wallet), then call this with the transaction hash. The transfer is verified on-chain (to = platform wallet, from = your wallet) and credited exactly once — resubmitting the same tx never double-credits.",
   {
     tx_hash: z
       .string()
@@ -263,7 +254,7 @@ server.tool(
 
 server.tool(
   "post_task",
-  "Open an FCFS pool bounty on the marketplace. There is NO direct hire and NO agent-picks-human — every task is an open bounty: you freeze a budget, ANY eligible human submits first-come-first-served, and you approve/reject each submission. Funds are NOT charged at post — the budget is frozen later at authorize_task. `reward_usd` is the total budget; `quantity` is how many identical units (humans) it pays — each unit holds reward_usd/quantity (each unit must be >= $0.01). Returns the created task (with its id). REAL-TOKEN POOL rail (USDC/BNKR on Base): the response also includes `authIntent` (the budget authorization to sign) and `deployFee` { usd, bps, recipient, token } (a SEPARATE non-refundable fee tx) — pass BOTH to authorize_task. TESTNET/non-real token (CYOS): no on-chain freeze; response is just { task } (treasury-checked, 402 insufficient_treasury if low).",
+  "Open an FCFS pool bounty on the marketplace. There is NO direct hire and NO agent-picks-human — every task is an open bounty: you freeze a budget, ANY eligible human submits first-come-first-served, and you approve/reject each submission. Funds are NOT charged at post — the budget is frozen later at authorize_task. `reward_usd` is the total budget; `quantity` is how many identical units (humans) it pays — each unit holds reward_usd/quantity (each unit must be >= $0.01). Returns the created task (with its id) plus `authIntent` (the budget authorization to sign) and `deployFee` { usd, bps, recipient, token } (a SEPARATE non-refundable fee tx) — pass BOTH to authorize_task. The non-custodial POOL escrow (USDC/BNKR/GITLAWB on Base) is the only settlement rail; a non-real token (CYOS) or non-live config has no rail and returns 422 settlement_unavailable.",
   {
     title: z.string().min(2).max(160).describe("Short task title."),
     category: z.enum(TASK_CATEGORIES),
@@ -281,7 +272,7 @@ server.tool(
 
 server.tool(
   "authorize_task",
-  "Freeze the bounty budget on-chain (the second step of the FCFS flow). REAL-TOKEN POOL rail: pass BOTH `auth_intent` (the authIntent from post_task) AND `deploy_fee` (the deployFee object from post_task) — with CYBERDYNE_EVM_PRIVATE_KEY set, the MCP signs the whole-budget authorization AND pays the separate 2.5% USDC / 5% other-token deploy fee tx from its wallet, then freezes the budget on the audited escrow; or pass a pre-signed `signed_payment` and a pre-paid `fee_tx_hash`. After this, any eligible human submits FCFS and you review_submission each. TESTNET/non-real (CYOS) rail: call with just { task_id } — the prefunded treasury opens a logical hold, no signature. Idempotent once frozen.",
+  "Freeze the bounty budget on-chain (the second step of the FCFS flow). REAL-TOKEN POOL rail: pass BOTH `auth_intent` (the authIntent from post_task) AND `deploy_fee` (the deployFee object from post_task) — with CYBERDYNE_EVM_PRIVATE_KEY set, the MCP signs the whole-budget authorization AND pays the separate 2.5% USDC / 5% other-token deploy fee tx from its wallet, then freezes the budget on the audited escrow; or pass a pre-signed `signed_payment` and a pre-paid `fee_tx_hash`. After this, any eligible human submits FCFS and you review_submission each. The non-custodial POOL escrow is the only rail; a non-real token / non-live config returns 409 settlement_unavailable. Idempotent once frozen.",
   {
     task_id: z.string().uuid(),
     signed_payment: z.string().optional().describe("Pre-signed base64 auth-capture payload (external/Bankr signer)."),
@@ -405,8 +396,7 @@ server.registerPrompt(
             "",
             "FUND (optional — the pool freezes from your wallet at deploy, but a treasury can cover fees):",
             "1. get_deposit_address -> the platform deposit address on Base.",
-            "2. Send USDC to it FROM your own verified wallet, then deposit({ tx_hash }) -> credits your treasury (idempotent).",
-            "   (fund_treasury is demo/testnet only and is disabled on the live rail.) Check get_treasury anytime.",
+            "2. Send USDC to it FROM your own verified wallet, then deposit({ tx_hash }) -> credits your treasury (idempotent). Check get_treasury anytime.",
             "",
             "POST + PAY (the single FCFS flow):",
             "3. post_task({ title, category, reward_usd, quantity, duration_min, difficulty }) -> returns { task, authIntent, deployFee }. reward_usd is the TOTAL budget; quantity is how many humans it pays (each unit must be >= $0.01). authIntent is the whole-budget authorization; deployFee is a SEPARATE non-refundable fee tx (2.5% USDC / 5% other token).",
@@ -431,6 +421,6 @@ await server.connect(transport);
 console.error(
   `CYBERDYNE MCP server running on stdio → ${config.apiUrl}` +
     (config.token ? "" : " (no key — run `npx cyberdyne-mcp onboard` to self-generate a wallet + key, or `login cyb_…`, or set CYBERDYNE_IDENTITY_TOKEN; networked tools error until then)") +
-    ". Tools (14): onboard, list_categories, search_humans, get_treasury, fund_treasury, get_deposit_address, deposit, withdraw_treasury, post_task, authorize_task, get_task, review_submission, close_task, reclaim." +
+    ". Tools (13): onboard, list_categories, search_humans, get_treasury, get_deposit_address, deposit, withdraw_treasury, post_task, authorize_task, get_task, review_submission, close_task, reclaim." +
     " CLI: onboard, login, treasury (alias balance/fees), post, tasks.",
 );

package/dist/founder-check.js

@@ -1,91 +0,0 @@
-/**
- * Example: a trading agent hires a human for a founder liveness check before it buys.
- *
- * A trading agent can run every on-chain check itself — but it can't tell whether
- * a real person is behind a token. Fake / impersonated / deepfaked teams are the
- * #1 token scam, and defeating a deepfake on a live call is something only a human
- * can do. So before a risky buy, the agent hires a human through CYBERDYNE to
- * video-verify the founder, then settles on a passing verify. This is the pattern
- * behind e.g. Bankr (https://bankr.bot) and any x402 trader.
- *
- * This drives the LIVE platform. Requires CYBERDYNE_IDENTITY_TOKEN (a cyb_ key);
- * optionally CYBERDYNE_API_URL. No key is hardcoded — it no-ops without one.
- *
- *   CYBERDYNE_API_URL=http://localhost:3000 CYBERDYNE_IDENTITY_TOKEN=cyb_… \
- *     npm run build && npm run founder-check
- */
-import { Client } from "@modelcontextprotocol/sdk/client/index.js";
-import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
-const token = process.env.CYBERDYNE_IDENTITY_TOKEN;
-if (!token) {
-    console.log("founder-check: no-op. Set CYBERDYNE_IDENTITY_TOKEN (a cyb_ key) and optionally " +
-        "CYBERDYNE_API_URL to run this example against the live platform.");
-    process.exit(0);
-}
-const transport = new StdioClientTransport({
-    command: "node",
-    args: ["dist/server.js"],
-    env: { ...process.env },
-});
-const client = new Client({ name: "trading-agent", version: "0" });
-await client.connect(transport);
-const call = async (name, args = {}) => {
-    const r = await client.callTool({ name, arguments: args });
-    const data = JSON.parse(r.content[0].text);
-    if (r.isError)
-        throw new Error(`${name} → ${data.error}`);
-    return data;
-};
-console.log("[agent] connected to CYBERDYNE over MCP\n");
-// 0. Make sure the agent treasury can cover the bounty (demo top-up).
-const t = await call("get_treasury");
-if (Number(t.treasury?.balance_usd ?? 0) < 50) {
-    await call("fund_treasury", { amount_usd: 100 });
-}
-// 1. The agent can't verify a real human is behind the token — find one who can.
-const found = await call("search_humans", { skills: ["groundtruth"], min_reputation: 4.8 });
-const human = found.humans[0];
-console.log(`search_humans(groundtruth, min_rep 4.8) -> ${found.humans.length} match`);
-if (human)
-    console.log(`  hiring ${human.handle}  ${human.location}  rep ${human.reputation}\n`);
-// 2. Post the founder liveness check. Not charged until authorize.
-const posted = await call("post_task", {
-    title: "Founder liveness check on $PEPE2",
-    category: "groundtruth",
-    description: "Get the claimed founder on a short video call and confirm they're a real, specific " +
-        "person — not an impersonator or deepfake — matched to a known reference. Return verified / not + notes.",
-    steps: [
-        "Live video matches a known reference",
-        "Passes liveness / deepfake probes => verified; otherwise not-verified + reasons",
-    ],
-    reward_usd: 50,
-    duration_min: 30,
-    difficulty: "hard",
-    deadline_hours: 2,
-});
-const taskId = posted.task.id;
-console.log(`post_task -> ${taskId}  reward $${posted.task.reward_usd}`);
-// (search_humans is discovery only — there is NO direct hire. The task is an open
-// FCFS pool bounty: ANY eligible human submits first-come-first-served.)
-void human;
-// 3. Authorize — freeze the budget (POOL: authIntent + deployFee; manual: just task_id).
-const authd = await call("authorize_task", {
-    task_id: taskId,
-    ...(posted.authIntent ? { auth_intent: posted.authIntent } : {}),
-    ...(posted.deployFee ? { deploy_fee: posted.deployFee } : {}),
-});
-console.log(`authorize_task -> escrow ${authd.task?.escrow_status}`);
-// 4. Poll until the human's proof is in (they submit in the app — human-only).
-const got = await call("get_task", { task_id: taskId });
-console.log(`get_task -> ${got.task.status}  submissions ${got.submissions.length}`);
-// 5. If the proof is in, verify it and capture one unit to the human.
-const pending = (got.submissions ?? []).find((s) => s.status === "pending");
-if (pending) {
-    const settled = await call("review_submission", { submission_id: pending.id, approve: true, score: 5 });
-    console.log(`review_submission -> captured ${JSON.stringify(settled).slice(0, 80)}`);
-    console.log("\n[agent] has a human verification it could not produce itself, and the contributor is paid.");
-}
-else {
-    console.log("\n[agent] bounty is live and the budget is frozen; humans submit proof in the app FCFS, then the agent reviews each.");
-}
-await client.close();

package/dist/smoke.js

@@ -1,90 +0,0 @@
-/**
- * Live smoke test: drive the MCP server against the REAL platform API like an
- * agent would. Not shipped.
- *
- * Requires both env vars to run for real:
- *   CYBERDYNE_API_URL        e.g. http://localhost:3000 or https://app.cyberdyne-os.xyz
- *   CYBERDYNE_IDENTITY_TOKEN the agent's cyb_ key
- * If either is missing it no-ops with a clear message (no key is ever hardcoded).
- *
- * The server inherits this process's env over stdio, so the same creds drive it.
- */
-import { Client } from "@modelcontextprotocol/sdk/client/index.js";
-import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
-const apiUrl = process.env.CYBERDYNE_API_URL;
-const token = process.env.CYBERDYNE_IDENTITY_TOKEN;
-if (!token) {
-    console.log("smoke: no-op. Set CYBERDYNE_IDENTITY_TOKEN (a cyb_ key) and optionally " +
-        "CYBERDYNE_API_URL to run the live flow against the platform.\n" +
-        "  e.g. CYBERDYNE_API_URL=http://localhost:3000 CYBERDYNE_IDENTITY_TOKEN=cyb_… npm run smoke");
-    process.exit(0);
-}
-const transport = new StdioClientTransport({
-    command: "node",
-    args: ["dist/server.js"],
-    env: { ...process.env },
-});
-const client = new Client({ name: "smoke", version: "0" });
-await client.connect(transport);
-const call = async (name, args = {}) => {
-    const r = await client.callTool({ name, arguments: args });
-    const data = JSON.parse(r.content[0].text);
-    if (r.isError)
-        throw new Error(`${name} → ${data.error}`);
-    return data;
-};
-console.log(`smoke → ${apiUrl ?? "https://app.cyberdyne-os.xyz"}`);
-console.log("tools:", (await client.listTools()).tools.map((t) => t.name).join(", "));
-// 1. Categories (static, no network).
-const cats = await call("list_categories");
-console.log(`list_categories → ${cats.length} categories`);
-// 2. Treasury — ensure it can cover a small task; top up if needed.
-let treasury = await call("get_treasury");
-const balance = Number(treasury.treasury?.balance_usd ?? 0);
-console.log(`get_treasury → balance $${balance}`);
-if (balance < 5) {
-    treasury = await call("fund_treasury", { amount_usd: 25 });
-    console.log(`fund_treasury → balance $${treasury.treasury?.balance_usd}`);
-}
-// 3. Discover a human via the live capability index.
-const found = await call("search_humans", { skills: ["capture"] });
-console.log(`search_humans(capture) → ${found.humans.length} match`);
-const human = found.humans[0];
-// (search_humans is for discovery only — there is NO direct hire/assign. Every task
-// is an open FCFS pool bounty: post a budget, humans submit, you review each.)
-void human;
-// 4. Post an FCFS pool bounty. reward_usd is the budget; not charged until authorize.
-const posted = await call("post_task", {
-    title: "Read 10 phrases (smoke)",
-    category: "capture",
-    description: "Record 10 short phrases clearly in a quiet room.",
-    reward_usd: 3.5,
-    duration_min: 10,
-    difficulty: "easy",
-});
-const taskId = posted.task.id;
-console.log(`post_task → ${taskId} (status ${posted.task.status})`);
-// 5. Authorize — freeze the budget (POOL: pass authIntent + deployFee; manual: just task_id).
-const authd = await call("authorize_task", {
-    task_id: taskId,
-    ...(posted.authIntent ? { auth_intent: posted.authIntent } : {}),
-    ...(posted.deployFee ? { deploy_fee: posted.deployFee } : {}),
-});
-console.log(`authorize_task → escrow_status ${authd.task?.escrow_status}`);
-// 6. Poll the live task. The human submits proof in the app (human-only), so on a
-//    fresh task there is typically no submission yet — that is expected here.
-const got = await call("get_task", { task_id: taskId });
-console.log(`get_task → status ${got.task.status}, submissions ${got.submissions.length}, claims ${got.claims.length}`);
-const pending = (got.submissions ?? []).find((s) => s.status === "pending");
-if (pending) {
-    const settled = await call("review_submission", { submission_id: pending.id, approve: true, score: 5 });
-    console.log(`review_submission → captured one unit ${JSON.stringify(settled).slice(0, 80)}`);
-}
-else {
-    console.log("review_submission → skipped: no pending submission yet (a human submits proof in the app). " +
-        "Closing the task to refund the unfilled budget.");
-    const closed = await call("close_task", { task_id: taskId });
-    console.log(`close_task → status ${closed.task?.status ?? "closed"}`);
-}
-await client.close();
-console.log("OK");

package/src/founder-check.ts

@@ -1,103 +0,0 @@
-/**
- * Example: a trading agent hires a human for a founder liveness check before it buys.
- *
- * A trading agent can run every on-chain check itself — but it can't tell whether
- * a real person is behind a token. Fake / impersonated / deepfaked teams are the
- * #1 token scam, and defeating a deepfake on a live call is something only a human
- * can do. So before a risky buy, the agent hires a human through CYBERDYNE to
- * video-verify the founder, then settles on a passing verify. This is the pattern
- * behind e.g. Bankr (https://bankr.bot) and any x402 trader.
- *
- * This drives the LIVE platform. Requires CYBERDYNE_IDENTITY_TOKEN (a cyb_ key);
- * optionally CYBERDYNE_API_URL. No key is hardcoded — it no-ops without one.
- *
- *   CYBERDYNE_API_URL=http://localhost:3000 CYBERDYNE_IDENTITY_TOKEN=cyb_… \
- *     npm run build && npm run founder-check
- */
-import { Client } from "@modelcontextprotocol/sdk/client/index.js";
-import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
-
-const token = process.env.CYBERDYNE_IDENTITY_TOKEN;
-if (!token) {
-  console.log(
-    "founder-check: no-op. Set CYBERDYNE_IDENTITY_TOKEN (a cyb_ key) and optionally " +
-      "CYBERDYNE_API_URL to run this example against the live platform.",
-  );
-  process.exit(0);
-}
-
-const transport = new StdioClientTransport({
-  command: "node",
-  args: ["dist/server.js"],
-  env: { ...process.env } as Record<string, string>,
-});
-const client = new Client({ name: "trading-agent", version: "0" });
-await client.connect(transport);
-
-const call = async (name: string, args: Record<string, unknown> = {}) => {
-  const r: any = await client.callTool({ name, arguments: args });
-  const data = JSON.parse(r.content[0].text);
-  if (r.isError) throw new Error(`${name} → ${data.error}`);
-  return data;
-};
-
-console.log("[agent] connected to CYBERDYNE over MCP\n");
-
-// 0. Make sure the agent treasury can cover the bounty (demo top-up).
-const t = await call("get_treasury");
-if (Number(t.treasury?.balance_usd ?? 0) < 50) {
-  await call("fund_treasury", { amount_usd: 100 });
-}
-
-// 1. The agent can't verify a real human is behind the token — find one who can.
-const found = await call("search_humans", { skills: ["groundtruth"], min_reputation: 4.8 });
-const human = found.humans[0];
-console.log(`search_humans(groundtruth, min_rep 4.8) -> ${found.humans.length} match`);
-if (human) console.log(`  hiring ${human.handle}  ${human.location}  rep ${human.reputation}\n`);
-
-// 2. Post the founder liveness check. Not charged until authorize.
-const posted = await call("post_task", {
-  title: "Founder liveness check on $PEPE2",
-  category: "groundtruth",
-  description:
-    "Get the claimed founder on a short video call and confirm they're a real, specific " +
-    "person — not an impersonator or deepfake — matched to a known reference. Return verified / not + notes.",
-  steps: [
-    "Live video matches a known reference",
-    "Passes liveness / deepfake probes => verified; otherwise not-verified + reasons",
-  ],
-  reward_usd: 50,
-  duration_min: 30,
-  difficulty: "hard",
-  deadline_hours: 2,
-});
-const taskId = posted.task.id;
-console.log(`post_task -> ${taskId}  reward $${posted.task.reward_usd}`);
-
-// (search_humans is discovery only — there is NO direct hire. The task is an open
-// FCFS pool bounty: ANY eligible human submits first-come-first-served.)
-void human;
-
-// 3. Authorize — freeze the budget (POOL: authIntent + deployFee; manual: just task_id).
-const authd = await call("authorize_task", {
-  task_id: taskId,
-  ...(posted.authIntent ? { auth_intent: posted.authIntent } : {}),
-  ...(posted.deployFee ? { deploy_fee: posted.deployFee } : {}),
-});
-console.log(`authorize_task -> escrow ${authd.task?.escrow_status}`);
-
-// 4. Poll until the human's proof is in (they submit in the app — human-only).
-const got = await call("get_task", { task_id: taskId });
-console.log(`get_task -> ${got.task.status}  submissions ${got.submissions.length}`);
-
-// 5. If the proof is in, verify it and capture one unit to the human.
-const pending = (got.submissions ?? []).find((s: any) => s.status === "pending");
-if (pending) {
-  const settled = await call("review_submission", { submission_id: pending.id, approve: true, score: 5 });
-  console.log(`review_submission -> captured ${JSON.stringify(settled).slice(0, 80)}`);
-  console.log("\n[agent] has a human verification it could not produce itself, and the contributor is paid.");
-} else {
-  console.log("\n[agent] bounty is live and the budget is frozen; humans submit proof in the app FCFS, then the agent reviews each.");
-}
-
-await client.close();

package/src/smoke.ts

@@ -1,108 +0,0 @@
-/**
- * Live smoke test: drive the MCP server against the REAL platform API like an
- * agent would. Not shipped.
- *
- * Requires both env vars to run for real:
- *   CYBERDYNE_API_URL        e.g. http://localhost:3000 or https://app.cyberdyne-os.xyz
- *   CYBERDYNE_IDENTITY_TOKEN the agent's cyb_ key
- * If either is missing it no-ops with a clear message (no key is ever hardcoded).
- *
- * The server inherits this process's env over stdio, so the same creds drive it.
- */
-import { Client } from "@modelcontextprotocol/sdk/client/index.js";
-import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
-
-const apiUrl = process.env.CYBERDYNE_API_URL;
-const token = process.env.CYBERDYNE_IDENTITY_TOKEN;
-
-if (!token) {
-  console.log(
-    "smoke: no-op. Set CYBERDYNE_IDENTITY_TOKEN (a cyb_ key) and optionally " +
-      "CYBERDYNE_API_URL to run the live flow against the platform.\n" +
-      "  e.g. CYBERDYNE_API_URL=http://localhost:3000 CYBERDYNE_IDENTITY_TOKEN=cyb_… npm run smoke",
-  );
-  process.exit(0);
-}
-
-const transport = new StdioClientTransport({
-  command: "node",
-  args: ["dist/server.js"],
-  env: { ...process.env } as Record<string, string>,
-});
-const client = new Client({ name: "smoke", version: "0" });
-await client.connect(transport);
-
-const call = async (name: string, args: Record<string, unknown> = {}) => {
-  const r: any = await client.callTool({ name, arguments: args });
-  const data = JSON.parse(r.content[0].text);
-  if (r.isError) throw new Error(`${name} → ${data.error}`);
-  return data;
-};
-
-console.log(`smoke → ${apiUrl ?? "https://app.cyberdyne-os.xyz"}`);
-console.log("tools:", (await client.listTools()).tools.map((t) => t.name).join(", "));
-
-// 1. Categories (static, no network).
-const cats = await call("list_categories");
-console.log(`list_categories → ${cats.length} categories`);
-
-// 2. Treasury — ensure it can cover a small task; top up if needed.
-let treasury = await call("get_treasury");
-const balance = Number(treasury.treasury?.balance_usd ?? 0);
-console.log(`get_treasury → balance $${balance}`);
-if (balance < 5) {
-  treasury = await call("fund_treasury", { amount_usd: 25 });
-  console.log(`fund_treasury → balance $${treasury.treasury?.balance_usd}`);
-}
-
-// 3. Discover a human via the live capability index.
-const found = await call("search_humans", { skills: ["capture"] });
-console.log(`search_humans(capture) → ${found.humans.length} match`);
-const human = found.humans[0];
-
-// (search_humans is for discovery only — there is NO direct hire/assign. Every task
-// is an open FCFS pool bounty: post a budget, humans submit, you review each.)
-void human;
-
-// 4. Post an FCFS pool bounty. reward_usd is the budget; not charged until authorize.
-const posted = await call("post_task", {
-  title: "Read 10 phrases (smoke)",
-  category: "capture",
-  description: "Record 10 short phrases clearly in a quiet room.",
-  reward_usd: 3.5,
-  duration_min: 10,
-  difficulty: "easy",
-});
-const taskId = posted.task.id;
-console.log(`post_task → ${taskId} (status ${posted.task.status})`);
-
-// 5. Authorize — freeze the budget (POOL: pass authIntent + deployFee; manual: just task_id).
-const authd = await call("authorize_task", {
-  task_id: taskId,
-  ...(posted.authIntent ? { auth_intent: posted.authIntent } : {}),
-  ...(posted.deployFee ? { deploy_fee: posted.deployFee } : {}),
-});
-console.log(`authorize_task → escrow_status ${authd.task?.escrow_status}`);
-
-// 6. Poll the live task. The human submits proof in the app (human-only), so on a
-//    fresh task there is typically no submission yet — that is expected here.
-const got = await call("get_task", { task_id: taskId });
-console.log(
-  `get_task → status ${got.task.status}, submissions ${got.submissions.length}, claims ${got.claims.length}`,
-);
-
-const pending = (got.submissions ?? []).find((s: any) => s.status === "pending");
-if (pending) {
-  const settled = await call("review_submission", { submission_id: pending.id, approve: true, score: 5 });
-  console.log(`review_submission → captured one unit ${JSON.stringify(settled).slice(0, 80)}`);
-} else {
-  console.log(
-    "review_submission → skipped: no pending submission yet (a human submits proof in the app). " +
-      "Closing the task to refund the unfilled budget.",
-  );
-  const closed = await call("close_task", { task_id: taskId });
-  console.log(`close_task → status ${closed.task?.status ?? "closed"}`);
-}
-
-await client.close();
-console.log("OK");