cyberdyne-mcp 0.6.4 → 0.6.6

package/dist/cli.js

@@ -1,12 +1,11 @@
 /**
- * Bankr-style convenience CLI for CYBERDYNE — `treasury` / `post` / `tasks`.
+ * Bankr-style convenience CLI for CYBERDYNE — `post` / `tasks`.
  *
  * These are ADDITIONAL command-line entry points (not MCP tools). They run, print
  * a human-readable summary to stderr, and exit — exactly like `onboard`/`login`.
  * They mirror the Bankr CLI UX (`bankr fees`, `bankr launch`): a single command
  * that does the full thing autonomously using the saved `cyb_` key + wallet.
  *
- *   treasury (alias balance, fees) — your balance + where to send USDC (bankr fees)
  *   post                           — open a task; on the pool rail, sign + pay +
  *                                    authorize in one shot (bankr launch)
  *   tasks                          — list your own posted tasks with status
@@ -64,49 +63,6 @@ function describe(e) {
         return e.message;
     return e instanceof Error ? e.message : String(e);
 }
-// ── treasury (alias: balance, fees) ─────────────────────────────────────────
-// `bankr fees` equivalent: your balance + the deposit address to fund it.
-export async function runTreasury() {
-    if (!hasKey())
-        fail(NO_KEY);
-    const c = client();
-    try {
-        const { treasury } = await c.rest("GET", "/api/treasury");
-        // The deposit address only resolves on the live rail; treat a 403/503 as
-        // "not available yet" rather than failing the whole command.
-        let deposit = null;
-        try {
-            deposit = await c.rest("GET", "/api/treasury/deposit");
-        }
-        catch {
-            deposit = null;
-        }
-        const lines = ["CYBERDYNE treasury"];
-        if (!treasury) {
-            lines.push("  balance        : — (no treasury yet — fund it to create one)");
-        }
-        else {
-            lines.push(`  balance        : ${usd(treasury.balance_usd)}`);
-            lines.push(`  total funded   : ${usd(treasury.total_funded ?? treasury.total_funded_usd)}`);
-            lines.push(`  total spent    : ${usd(treasury.total_spent ?? treasury.total_spent_usd)}`);
-        }
-        if (deposit?.deposit_address) {
-            lines.push("");
-            lines.push(`  deposit USDC to: ${deposit.deposit_address}`);
-            lines.push(`  chain          : Base (chain id ${deposit.chain_id ?? 8453})`);
-            lines.push("  → send USDC from your verified wallet, then credit it with the `deposit` MCP tool.");
-        }
-        else {
-            lines.push("");
-            lines.push("  deposit address: not available (live deposits not enabled on this rail yet).");
-        }
-        console.error(lines.join("\n"));
-        process.exit(0);
-    }
-    catch (e) {
-        fail(describe(e));
-    }
-}
 // ── post (bankr launch) ──────────────────────────────────────────────────────
 // Open a task. Per-unit `--reward` × `--quantity` = the budget. On the pool rail
 // (BNKR/GITLAWB or quantity>1) the response carries authIntent + deployFee: sign

package/dist/server.js

@@ -8,11 +8,6 @@
  *
  *   list_categories  — the static task taxonomy (no network)
  *   search_humans    — POST /api/a2a {search_humans}      → capability index
- *   get_treasury     — GET  /api/treasury                 → the agent's balance
- *   fund_treasury    — POST /api/treasury/fund            → demo top-up (testnet only)
- *   get_deposit_address — GET  /api/treasury/deposit      → where to send real USDC (live)
- *   deposit          — POST /api/treasury/deposit         → credit treasury from a real USDC tx
- *   withdraw_treasury — POST /api/treasury/withdraw        → pull unspent treasury back to your wallet (live)
  *   post_task        — POST /api/tasks                    → open an FCFS pool bounty
  *   authorize_task   — POST /api/tasks/[id]/authorize     → sign budget + pay fee + freeze
  *   get_task         — GET  /api/tasks/[id]               → status + submissions/claims
@@ -32,9 +27,9 @@
  *   agent-picks-human. EVERY task is an open bounty: the agent freezes a budget once,
  *   ANY eligible human submits first-come-first-served, and the agent approves/rejects
  *   each submission — approved pays one unit in-token, rejected reopens the slot, and
- *   any unfilled budget is refunded on close.
- *     get_deposit_address → send USDC → deposit            (optional, fund treasury)
- *       → post_task({ ..., quantity }) → returns { task, authIntent, deployFee }
+ *   any unfilled budget is refunded on close. The agent funds the budget directly
+ *   from its OWN wallet at deploy (non-custodial) — there is no platform treasury.
+ *       post_task({ ..., quantity }) → returns { task, authIntent, deployFee }
  *       → authorize_task({ task_id, auth_intent, deploy_fee })  (sign budget + pay fee + freeze)
  *       → humans submit FCFS → poll get_task
  *       → review_submission per pending submission (approve → pay one unit;
@@ -119,13 +114,8 @@ if (process.argv[2] === "login") {
 }
 // Bankr-style convenience CLI subcommands (additional entry points, not MCP tools).
 // Each runs autonomously with the saved key/wallet, prints a summary, and exits.
-//   treasury (alias balance, fees) — balance + deposit address  (like `bankr fees`)
 //   post                           — open a task; pool rail auto sign+pay+authorize (like `bankr launch`)
 //   tasks                          — list your own posted tasks with status
-if (["treasury", "balance", "fees"].includes(process.argv[2] ?? "")) {
-    const { runTreasury } = await import("./cli.js");
-    await runTreasury();
-}
 if (process.argv[2] === "post") {
     const { runPost } = await import("./cli.js");
     await runPost(process.argv.slice(3));
@@ -158,9 +148,9 @@ async function guard(fn) {
     }
 }
 // ---- Server ---------------------------------------------------------------
-const server = new McpServer({ name: "cyberdyne", version: "0.6.4" });
+const server = new McpServer({ name: "cyberdyne", version: "0.6.6" });
 server.tool("list_categories", "List the kinds of real-world work CYBERDYNE humans can do. Static (no network). Use this to learn the valid `category` values before posting a task.", {}, async () => json(Object.entries(CATEGORIES).map(([id, blurb]) => ({ id, blurb }))));
-server.tool("onboard", "BOOTSTRAP (works WITHOUT an existing key — the one tool that self-onboards). Zero-browser: generates a fresh wallet if you don't have one, signs in to CYBERDYNE with it (SIWE), mints your `cyb_` agent API key, and saves both to ~/.cyberdyne/config.json (0600) so every other tool here authenticates automatically. No web dashboard, no env vars. Returns your wallet address, the cyb_ key (shown once), and the next steps (fund via get_deposit_address+deposit → post_task → authorize_task → review_submission → close_task). The same generated wallet auto-signs pool budgets. To bring your OWN wallet instead, use the CLI: `npx cyberdyne-mcp onboard --import <0xKEY | mnemonic>` (or --create for a fresh one). Idempotent-ish: re-running with a saved wallet reuses it and mints a fresh key.", {}, async () => guard(async () => {
+server.tool("onboard", "BOOTSTRAP (works WITHOUT an existing key — the one tool that self-onboards). Zero-browser: generates a fresh wallet if you don't have one, signs in to CYBERDYNE with it (SIWE), mints your `cyb_` agent API key, and saves both to ~/.cyberdyne/config.json (0600) so every other tool here authenticates automatically. No web dashboard, no env vars. Returns your wallet address, the cyb_ key (shown once), and the next steps (fund your WALLET with USDC + a little ETH for gas on Base → post_task → authorize_task → review_submission → close_task). The non-custodial pool freezes the budget directly from your wallet at deploy — there is no platform treasury to deposit into. The same generated wallet auto-signs pool budgets. To bring your OWN wallet instead, use the CLI: `npx cyberdyne-mcp onboard --import <0xKEY | mnemonic>` (or --create for a fresh one). Idempotent-ish: re-running with a saved wallet reuses it and mints a fresh key.", {}, async () => guard(async () => {
     const r = await onboard();
     return {
         address: r.address,
@@ -183,17 +173,7 @@ server.tool("search_humans", "Find verified humans by capability via the live ca
     ...(min_reputation != null ? { min_reputation } : {}),
     ...(location ? { location } : {}),
 })));
-server.tool("get_treasury", "Get the agent's own treasury (the source of task rewards on the manual rail). Returns null if the agent has no treasury yet — call fund_treasury to create one.", {}, async () => guard(() => client.rest("GET", "/api/treasury")));
-server.tool("fund_treasury", "Demo top-up (TESTNET/DEMO ONLY): add USD to the treasury balance. DISABLED when the platform is live (returns 403 funding_disabled) — on the live rail fund with REAL USDC via get_deposit_address + deposit instead.", { amount_usd: z.number().positive().describe("USD to add to the treasury balance.") }, async ({ amount_usd }) => guard(() => client.rest("POST", "/api/treasury/fund", { body: { amount_usd } })));
-server.tool("get_deposit_address", "Get the on-chain address to fund your treasury with REAL USDC (live rail). Returns { deposit_address, chain_id, usdc_address, decimals }. Send USDC from your VERIFIED wallet to deposit_address on Base, then call `deposit` with the tx hash to credit your treasury.", {}, async () => guard(() => client.rest("GET", "/api/treasury/deposit")));
-server.tool("deposit", "Credit your treasury from a REAL on-chain USDC deposit (live rail; the real-money replacement for fund_treasury). First send USDC to the address from get_deposit_address (from your verified wallet), then call this with the transaction hash. The transfer is verified on-chain (to = platform wallet, from = your wallet) and credited exactly once — resubmitting the same tx never double-credits.", {
-    tx_hash: z
-        .string()
-        .regex(/^0x[0-9a-fA-F]{64}$/)
-        .describe("The Base tx hash of your USDC transfer to the deposit address."),
-}, async ({ tx_hash }) => guard(() => client.rest("POST", "/api/treasury/deposit", { body: { tx_hash } })));
-server.tool("withdraw_treasury", "Recover UNSPENT treasury to your wallet (live rail): pull USDC out of your treasury back to your own VERIFIED deposit wallet on Base — no browser. Available balance is your treasury balance net of any open escrow holds. Funds can ONLY go to your verified wallet (no destination param), so a leaked key can't redirect them. Returns { ok, tx_hash, amount_usd, to }. 400 insufficient_treasury if the balance can't cover it; 403 withdraws_disabled on the demo rail.", { amount_usd: z.number().positive().describe("USD to withdraw from your treasury to your verified wallet.") }, async ({ amount_usd }) => guard(() => client.rest("POST", "/api/treasury/withdraw", { body: { amount_usd } })));
-server.tool("post_task", "Open an FCFS pool bounty on the marketplace. There is NO direct hire and NO agent-picks-human — every task is an open bounty: you freeze a budget, ANY eligible human submits first-come-first-served, and you approve/reject each submission. Funds are NOT charged at post — the budget is frozen later at authorize_task. `reward_usd` is the total budget; `quantity` is how many identical units (humans) it pays — each unit holds reward_usd/quantity (each unit must be >= $0.01). Returns the created task (with its id). REAL-TOKEN POOL rail (USDC/BNKR on Base): the response also includes `authIntent` (the budget authorization to sign) and `deployFee` { usd, bps, recipient, token } (a SEPARATE non-refundable fee tx) — pass BOTH to authorize_task. TESTNET/non-real token (CYOS): no on-chain freeze; response is just { task } (treasury-checked, 402 insufficient_treasury if low).", {
+server.tool("post_task", "Open an FCFS pool bounty on the marketplace. There is NO direct hire and NO agent-picks-human — every task is an open bounty: you freeze a budget, ANY eligible human submits first-come-first-served, and you approve/reject each submission. Funds are NOT charged at post — the budget is frozen later at authorize_task. `reward_usd` is the total budget; `quantity` is how many identical units (humans) it pays — each unit holds reward_usd/quantity (each unit must be >= $0.01). Returns the created task (with its id) plus `authIntent` (the budget authorization to sign) and `deployFee` { usd, bps, recipient, token } (a SEPARATE non-refundable fee tx) — pass BOTH to authorize_task. The non-custodial POOL escrow (USDC/BNKR/GITLAWB on Base) is the only settlement rail; a non-real token (CYOS) or non-live config has no rail and returns 422 settlement_unavailable.", {
     title: z.string().min(2).max(160).describe("Short task title."),
     category: z.enum(TASK_CATEGORIES),
     description: z.string().max(4000).optional().describe("What you need the human to do."),
@@ -205,7 +185,7 @@ server.tool("post_task", "Open an FCFS pool bounty on the marketplace. There is
     pay_token: z.enum(["USDC", "BNKR", "CYOS"]).optional().describe("Settlement token (default USDC)."),
     deadline_hours: z.number().int().positive().optional(),
 }, async (args) => guard(() => client.rest("POST", "/api/tasks", { body: args })));
-server.tool("authorize_task", "Freeze the bounty budget on-chain (the second step of the FCFS flow). REAL-TOKEN POOL rail: pass BOTH `auth_intent` (the authIntent from post_task) AND `deploy_fee` (the deployFee object from post_task) — with CYBERDYNE_EVM_PRIVATE_KEY set, the MCP signs the whole-budget authorization AND pays the separate 2.5% USDC / 5% other-token deploy fee tx from its wallet, then freezes the budget on the audited escrow; or pass a pre-signed `signed_payment` and a pre-paid `fee_tx_hash`. After this, any eligible human submits FCFS and you review_submission each. TESTNET/non-real (CYOS) rail: call with just { task_id } — the prefunded treasury opens a logical hold, no signature. Idempotent once frozen.", {
+server.tool("authorize_task", "Freeze the bounty budget on-chain (the second step of the FCFS flow). REAL-TOKEN POOL rail: pass BOTH `auth_intent` (the authIntent from post_task) AND `deploy_fee` (the deployFee object from post_task) — with CYBERDYNE_EVM_PRIVATE_KEY set, the MCP signs the whole-budget authorization AND pays the separate 2.5% USDC / 5% other-token deploy fee tx from its wallet, then freezes the budget on the audited escrow; or pass a pre-signed `signed_payment` and a pre-paid `fee_tx_hash`. After this, any eligible human submits FCFS and you review_submission each. The non-custodial POOL escrow is the only rail; a non-real token / non-live config returns 409 settlement_unavailable. Idempotent once frozen.", {
     task_id: z.string().uuid(),
     signed_payment: z.string().optional().describe("Pre-signed base64 auth-capture payload (external/Bankr signer)."),
     auth_intent: z.unknown().optional().describe("The authIntent from post_task — required for MCP wallet auto-signing."),
@@ -281,13 +261,10 @@ server.registerPrompt("quickstart", {
                 text: [
                     "You are connected to CYBERDYNE — pay verified humans for tasks AI can't do alone. There is ONE model: every task is an open FCFS pool bounty. There is NO direct hire and NO picking a human — you freeze a budget, ANY eligible human submits first-come-first-served, and you approve/reject each submission (approved = paid one unit in-token, rejected = the slot reopens). The live settlement rail is REAL tokens on Base (non-custodial freeze-at-deploy). The human submit-proof step is human-only, in the app; you drive everything else.",
                     "",
-                    "FUND (optional — the pool freezes from your wallet at deploy, but a treasury can cover fees):",
-                    "1. get_deposit_address -> the platform deposit address on Base.",
-                    "2. Send USDC to it FROM your own verified wallet, then deposit({ tx_hash }) -> credits your treasury (idempotent).",
-                    "   (fund_treasury is demo/testnet only and is disabled on the live rail.) Check get_treasury anytime.",
+                    "FUND: hold USDC (or BNKR/GITLAWB) + a little ETH for gas in your OWN wallet on Base. The pool freezes the budget directly from your wallet at deploy and pays the deploy fee from it — there is NO platform treasury to deposit into (fully non-custodial).",
                     "",
                     "POST + PAY (the single FCFS flow):",
-                    "3. post_task({ title, category, reward_usd, quantity, duration_min, difficulty }) -> returns { task, authIntent, deployFee }. reward_usd is the TOTAL budget; quantity is how many humans it pays (each unit must be >= $0.01). authIntent is the whole-budget authorization; deployFee is a SEPARATE non-refundable fee tx (2.5% USDC / 5% other token).",
+                    "3. post_task({ title, category, reward_usd, quantity }) -> returns { task, authIntent, deployFee }. reward_usd is the TOTAL budget; quantity is how many humans it pays (each unit must be >= $0.01). authIntent is the whole-budget authorization; deployFee is a SEPARATE non-refundable fee tx (2.5% USDC / 5% other token).",
                     "4. authorize_task({ task_id, auth_intent, deploy_fee }) -> with CYBERDYNE_EVM_PRIVATE_KEY set, the MCP signs the budget AND pays the deploy fee, then FREEZES the whole budget on the audited escrow (or pass pre-made signed_payment + fee_tx_hash).",
                     "5. Any eligible human submits FCFS. Poll get_task; for EACH pending submission call review_submission({ submission_id, approve, score }) -> approve captures one unit (full reward to the human, in-token); reject reopens the slot for the next submitter.",
                     "6. close_task({ task_id }) -> refunds the unfilled budget back to your wallet (the deploy fee is non-refundable).",
@@ -305,5 +282,5 @@ const transport = new StdioServerTransport();
 await server.connect(transport);
 console.error(`CYBERDYNE MCP server running on stdio → ${config.apiUrl}` +
     (config.token ? "" : " (no key — run `npx cyberdyne-mcp onboard` to self-generate a wallet + key, or `login cyb_…`, or set CYBERDYNE_IDENTITY_TOKEN; networked tools error until then)") +
-    ". Tools (14): onboard, list_categories, search_humans, get_treasury, fund_treasury, get_deposit_address, deposit, withdraw_treasury, post_task, authorize_task, get_task, review_submission, close_task, reclaim." +
-    " CLI: onboard, login, treasury (alias balance/fees), post, tasks.");
+    ". Tools (9): onboard, list_categories, search_humans, post_task, authorize_task, get_task, review_submission, close_task, reclaim." +
+    " CLI: onboard, login, post, tasks.");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cyberdyne-mcp",
-  "version": "0.6.4",
+  "version": "0.6.6",
   "publishConfig": {
     "access": "public"
   },
@@ -45,9 +45,7 @@
     "build": "tsc",
     "prepublishOnly": "npm run build",
     "start": "node dist/server.js",
-    "dev": "tsx src/server.ts",
-    "smoke": "tsx src/smoke.ts",
-    "founder-check": "tsx src/founder-check.ts"
+    "dev": "tsx src/server.ts"
   },
   "engines": {
     "node": ">=18"

package/src/cli.ts

@@ -1,12 +1,11 @@
 /**
- * Bankr-style convenience CLI for CYBERDYNE — `treasury` / `post` / `tasks`.
+ * Bankr-style convenience CLI for CYBERDYNE — `post` / `tasks`.
  *
  * These are ADDITIONAL command-line entry points (not MCP tools). They run, print
  * a human-readable summary to stderr, and exit — exactly like `onboard`/`login`.
  * They mirror the Bankr CLI UX (`bankr fees`, `bankr launch`): a single command
  * that does the full thing autonomously using the saved `cyb_` key + wallet.
  *
- *   treasury (alias balance, fees) — your balance + where to send USDC (bankr fees)
  *   post                           — open a task; on the pool rail, sign + pay +
  *                                    authorize in one shot (bankr launch)
  *   tasks                          — list your own posted tasks with status
@@ -68,47 +67,6 @@ function describe(e: unknown): string {
   return e instanceof Error ? e.message : String(e);
 }
 
-// ── treasury (alias: balance, fees) ─────────────────────────────────────────
-// `bankr fees` equivalent: your balance + the deposit address to fund it.
-export async function runTreasury(): Promise<void> {
-  if (!hasKey()) fail(NO_KEY);
-  const c = client();
-  try {
-    const { treasury } = await c.rest<{ treasury: Record<string, unknown> | null }>("GET", "/api/treasury");
-
-    // The deposit address only resolves on the live rail; treat a 403/503 as
-    // "not available yet" rather than failing the whole command.
-    let deposit: { deposit_address?: string; chain_id?: number; usdc_address?: string } | null = null;
-    try {
-      deposit = await c.rest("GET", "/api/treasury/deposit");
-    } catch {
-      deposit = null;
-    }
-
-    const lines: string[] = ["CYBERDYNE treasury"];
-    if (!treasury) {
-      lines.push("  balance        : — (no treasury yet — fund it to create one)");
-    } else {
-      lines.push(`  balance        : ${usd(treasury.balance_usd)}`);
-      lines.push(`  total funded   : ${usd(treasury.total_funded ?? treasury.total_funded_usd)}`);
-      lines.push(`  total spent    : ${usd(treasury.total_spent ?? treasury.total_spent_usd)}`);
-    }
-    if (deposit?.deposit_address) {
-      lines.push("");
-      lines.push(`  deposit USDC to: ${deposit.deposit_address}`);
-      lines.push(`  chain          : Base (chain id ${deposit.chain_id ?? 8453})`);
-      lines.push("  → send USDC from your verified wallet, then credit it with the `deposit` MCP tool.");
-    } else {
-      lines.push("");
-      lines.push("  deposit address: not available (live deposits not enabled on this rail yet).");
-    }
-    console.error(lines.join("\n"));
-    process.exit(0);
-  } catch (e) {
-    fail(describe(e));
-  }
-}
-
 // ── post (bankr launch) ──────────────────────────────────────────────────────
 // Open a task. Per-unit `--reward` × `--quantity` = the budget. On the pool rail
 // (BNKR/GITLAWB or quantity>1) the response carries authIntent + deployFee: sign

package/src/server.ts

@@ -8,11 +8,6 @@
  *
  *   list_categories  — the static task taxonomy (no network)
  *   search_humans    — POST /api/a2a {search_humans}      → capability index
- *   get_treasury     — GET  /api/treasury                 → the agent's balance
- *   fund_treasury    — POST /api/treasury/fund            → demo top-up (testnet only)
- *   get_deposit_address — GET  /api/treasury/deposit      → where to send real USDC (live)
- *   deposit          — POST /api/treasury/deposit         → credit treasury from a real USDC tx
- *   withdraw_treasury — POST /api/treasury/withdraw        → pull unspent treasury back to your wallet (live)
  *   post_task        — POST /api/tasks                    → open an FCFS pool bounty
  *   authorize_task   — POST /api/tasks/[id]/authorize     → sign budget + pay fee + freeze
  *   get_task         — GET  /api/tasks/[id]               → status + submissions/claims
@@ -32,9 +27,9 @@
  *   agent-picks-human. EVERY task is an open bounty: the agent freezes a budget once,
  *   ANY eligible human submits first-come-first-served, and the agent approves/rejects
  *   each submission — approved pays one unit in-token, rejected reopens the slot, and
- *   any unfilled budget is refunded on close.
- *     get_deposit_address → send USDC → deposit            (optional, fund treasury)
- *       → post_task({ ..., quantity }) → returns { task, authIntent, deployFee }
+ *   any unfilled budget is refunded on close. The agent funds the budget directly
+ *   from its OWN wallet at deploy (non-custodial) — there is no platform treasury.
+ *       post_task({ ..., quantity }) → returns { task, authIntent, deployFee }
  *       → authorize_task({ task_id, auth_intent, deploy_fee })  (sign budget + pay fee + freeze)
  *       → humans submit FCFS → poll get_task
  *       → review_submission per pending submission (approve → pay one unit;
@@ -128,13 +123,8 @@ if (process.argv[2] === "login") {
 
 // Bankr-style convenience CLI subcommands (additional entry points, not MCP tools).
 // Each runs autonomously with the saved key/wallet, prints a summary, and exits.
-//   treasury (alias balance, fees) — balance + deposit address  (like `bankr fees`)
 //   post                           — open a task; pool rail auto sign+pay+authorize (like `bankr launch`)
 //   tasks                          — list your own posted tasks with status
-if (["treasury", "balance", "fees"].includes(process.argv[2] ?? "")) {
-  const { runTreasury } = await import("./cli.js");
-  await runTreasury();
-}
 if (process.argv[2] === "post") {
   const { runPost } = await import("./cli.js");
   await runPost(process.argv.slice(3));
@@ -170,7 +160,7 @@ async function guard<T>(fn: () => Promise<T>) {
 
 // ---- Server ---------------------------------------------------------------
 
-const server = new McpServer({ name: "cyberdyne", version: "0.6.4" });
+const server = new McpServer({ name: "cyberdyne", version: "0.6.6" });
 
 server.tool(
   "list_categories",
@@ -181,7 +171,7 @@ server.tool(
 
 server.tool(
   "onboard",
-  "BOOTSTRAP (works WITHOUT an existing key — the one tool that self-onboards). Zero-browser: generates a fresh wallet if you don't have one, signs in to CYBERDYNE with it (SIWE), mints your `cyb_` agent API key, and saves both to ~/.cyberdyne/config.json (0600) so every other tool here authenticates automatically. No web dashboard, no env vars. Returns your wallet address, the cyb_ key (shown once), and the next steps (fund via get_deposit_address+deposit → post_task → authorize_task → review_submission → close_task). The same generated wallet auto-signs pool budgets. To bring your OWN wallet instead, use the CLI: `npx cyberdyne-mcp onboard --import <0xKEY | mnemonic>` (or --create for a fresh one). Idempotent-ish: re-running with a saved wallet reuses it and mints a fresh key.",
+  "BOOTSTRAP (works WITHOUT an existing key — the one tool that self-onboards). Zero-browser: generates a fresh wallet if you don't have one, signs in to CYBERDYNE with it (SIWE), mints your `cyb_` agent API key, and saves both to ~/.cyberdyne/config.json (0600) so every other tool here authenticates automatically. No web dashboard, no env vars. Returns your wallet address, the cyb_ key (shown once), and the next steps (fund your WALLET with USDC + a little ETH for gas on Base → post_task → authorize_task → review_submission → close_task). The non-custodial pool freezes the budget directly from your wallet at deploy — there is no platform treasury to deposit into. The same generated wallet auto-signs pool budgets. To bring your OWN wallet instead, use the CLI: `npx cyberdyne-mcp onboard --import <0xKEY | mnemonic>` (or --create for a fresh one). Idempotent-ish: re-running with a saved wallet reuses it and mints a fresh key.",
   {},
   async () =>
     guard(async () => {
@@ -218,52 +208,9 @@ server.tool(
     ),
 );
 
-server.tool(
-  "get_treasury",
-  "Get the agent's own treasury (the source of task rewards on the manual rail). Returns null if the agent has no treasury yet — call fund_treasury to create one.",
-  {},
-  async () => guard(() => client.rest("GET", "/api/treasury")),
-);
-
-server.tool(
-  "fund_treasury",
-  "Demo top-up (TESTNET/DEMO ONLY): add USD to the treasury balance. DISABLED when the platform is live (returns 403 funding_disabled) — on the live rail fund with REAL USDC via get_deposit_address + deposit instead.",
-  { amount_usd: z.number().positive().describe("USD to add to the treasury balance.") },
-  async ({ amount_usd }) =>
-    guard(() => client.rest("POST", "/api/treasury/fund", { body: { amount_usd } })),
-);
-
-server.tool(
-  "get_deposit_address",
-  "Get the on-chain address to fund your treasury with REAL USDC (live rail). Returns { deposit_address, chain_id, usdc_address, decimals }. Send USDC from your VERIFIED wallet to deposit_address on Base, then call `deposit` with the tx hash to credit your treasury.",
-  {},
-  async () => guard(() => client.rest("GET", "/api/treasury/deposit")),
-);
-
-server.tool(
-  "deposit",
-  "Credit your treasury from a REAL on-chain USDC deposit (live rail; the real-money replacement for fund_treasury). First send USDC to the address from get_deposit_address (from your verified wallet), then call this with the transaction hash. The transfer is verified on-chain (to = platform wallet, from = your wallet) and credited exactly once — resubmitting the same tx never double-credits.",
-  {
-    tx_hash: z
-      .string()
-      .regex(/^0x[0-9a-fA-F]{64}$/)
-      .describe("The Base tx hash of your USDC transfer to the deposit address."),
-  },
-  async ({ tx_hash }) =>
-    guard(() => client.rest("POST", "/api/treasury/deposit", { body: { tx_hash } })),
-);
-
-server.tool(
-  "withdraw_treasury",
-  "Recover UNSPENT treasury to your wallet (live rail): pull USDC out of your treasury back to your own VERIFIED deposit wallet on Base — no browser. Available balance is your treasury balance net of any open escrow holds. Funds can ONLY go to your verified wallet (no destination param), so a leaked key can't redirect them. Returns { ok, tx_hash, amount_usd, to }. 400 insufficient_treasury if the balance can't cover it; 403 withdraws_disabled on the demo rail.",
-  { amount_usd: z.number().positive().describe("USD to withdraw from your treasury to your verified wallet.") },
-  async ({ amount_usd }) =>
-    guard(() => client.rest("POST", "/api/treasury/withdraw", { body: { amount_usd } })),
-);
-
 server.tool(
   "post_task",
-  "Open an FCFS pool bounty on the marketplace. There is NO direct hire and NO agent-picks-human — every task is an open bounty: you freeze a budget, ANY eligible human submits first-come-first-served, and you approve/reject each submission. Funds are NOT charged at post — the budget is frozen later at authorize_task. `reward_usd` is the total budget; `quantity` is how many identical units (humans) it pays — each unit holds reward_usd/quantity (each unit must be >= $0.01). Returns the created task (with its id). REAL-TOKEN POOL rail (USDC/BNKR on Base): the response also includes `authIntent` (the budget authorization to sign) and `deployFee` { usd, bps, recipient, token } (a SEPARATE non-refundable fee tx) — pass BOTH to authorize_task. TESTNET/non-real token (CYOS): no on-chain freeze; response is just { task } (treasury-checked, 402 insufficient_treasury if low).",
+  "Open an FCFS pool bounty on the marketplace. There is NO direct hire and NO agent-picks-human — every task is an open bounty: you freeze a budget, ANY eligible human submits first-come-first-served, and you approve/reject each submission. Funds are NOT charged at post — the budget is frozen later at authorize_task. `reward_usd` is the total budget; `quantity` is how many identical units (humans) it pays — each unit holds reward_usd/quantity (each unit must be >= $0.01). Returns the created task (with its id) plus `authIntent` (the budget authorization to sign) and `deployFee` { usd, bps, recipient, token } (a SEPARATE non-refundable fee tx) — pass BOTH to authorize_task. The non-custodial POOL escrow (USDC/BNKR/GITLAWB on Base) is the only settlement rail; a non-real token (CYOS) or non-live config has no rail and returns 422 settlement_unavailable.",
   {
     title: z.string().min(2).max(160).describe("Short task title."),
     category: z.enum(TASK_CATEGORIES),
@@ -281,7 +228,7 @@ server.tool(
 
 server.tool(
   "authorize_task",
-  "Freeze the bounty budget on-chain (the second step of the FCFS flow). REAL-TOKEN POOL rail: pass BOTH `auth_intent` (the authIntent from post_task) AND `deploy_fee` (the deployFee object from post_task) — with CYBERDYNE_EVM_PRIVATE_KEY set, the MCP signs the whole-budget authorization AND pays the separate 2.5% USDC / 5% other-token deploy fee tx from its wallet, then freezes the budget on the audited escrow; or pass a pre-signed `signed_payment` and a pre-paid `fee_tx_hash`. After this, any eligible human submits FCFS and you review_submission each. TESTNET/non-real (CYOS) rail: call with just { task_id } — the prefunded treasury opens a logical hold, no signature. Idempotent once frozen.",
+  "Freeze the bounty budget on-chain (the second step of the FCFS flow). REAL-TOKEN POOL rail: pass BOTH `auth_intent` (the authIntent from post_task) AND `deploy_fee` (the deployFee object from post_task) — with CYBERDYNE_EVM_PRIVATE_KEY set, the MCP signs the whole-budget authorization AND pays the separate 2.5% USDC / 5% other-token deploy fee tx from its wallet, then freezes the budget on the audited escrow; or pass a pre-signed `signed_payment` and a pre-paid `fee_tx_hash`. After this, any eligible human submits FCFS and you review_submission each. The non-custodial POOL escrow is the only rail; a non-real token / non-live config returns 409 settlement_unavailable. Idempotent once frozen.",
   {
     task_id: z.string().uuid(),
     signed_payment: z.string().optional().describe("Pre-signed base64 auth-capture payload (external/Bankr signer)."),
@@ -403,13 +350,10 @@ server.registerPrompt(
           text: [
             "You are connected to CYBERDYNE — pay verified humans for tasks AI can't do alone. There is ONE model: every task is an open FCFS pool bounty. There is NO direct hire and NO picking a human — you freeze a budget, ANY eligible human submits first-come-first-served, and you approve/reject each submission (approved = paid one unit in-token, rejected = the slot reopens). The live settlement rail is REAL tokens on Base (non-custodial freeze-at-deploy). The human submit-proof step is human-only, in the app; you drive everything else.",
             "",
-            "FUND (optional — the pool freezes from your wallet at deploy, but a treasury can cover fees):",
-            "1. get_deposit_address -> the platform deposit address on Base.",
-            "2. Send USDC to it FROM your own verified wallet, then deposit({ tx_hash }) -> credits your treasury (idempotent).",
-            "   (fund_treasury is demo/testnet only and is disabled on the live rail.) Check get_treasury anytime.",
+            "FUND: hold USDC (or BNKR/GITLAWB) + a little ETH for gas in your OWN wallet on Base. The pool freezes the budget directly from your wallet at deploy and pays the deploy fee from it — there is NO platform treasury to deposit into (fully non-custodial).",
             "",
             "POST + PAY (the single FCFS flow):",
-            "3. post_task({ title, category, reward_usd, quantity, duration_min, difficulty }) -> returns { task, authIntent, deployFee }. reward_usd is the TOTAL budget; quantity is how many humans it pays (each unit must be >= $0.01). authIntent is the whole-budget authorization; deployFee is a SEPARATE non-refundable fee tx (2.5% USDC / 5% other token).",
+            "3. post_task({ title, category, reward_usd, quantity }) -> returns { task, authIntent, deployFee }. reward_usd is the TOTAL budget; quantity is how many humans it pays (each unit must be >= $0.01). authIntent is the whole-budget authorization; deployFee is a SEPARATE non-refundable fee tx (2.5% USDC / 5% other token).",
             "4. authorize_task({ task_id, auth_intent, deploy_fee }) -> with CYBERDYNE_EVM_PRIVATE_KEY set, the MCP signs the budget AND pays the deploy fee, then FREEZES the whole budget on the audited escrow (or pass pre-made signed_payment + fee_tx_hash).",
             "5. Any eligible human submits FCFS. Poll get_task; for EACH pending submission call review_submission({ submission_id, approve, score }) -> approve captures one unit (full reward to the human, in-token); reject reopens the slot for the next submitter.",
             "6. close_task({ task_id }) -> refunds the unfilled budget back to your wallet (the deploy fee is non-refundable).",
@@ -431,6 +375,6 @@ await server.connect(transport);
 console.error(
   `CYBERDYNE MCP server running on stdio → ${config.apiUrl}` +
     (config.token ? "" : " (no key — run `npx cyberdyne-mcp onboard` to self-generate a wallet + key, or `login cyb_…`, or set CYBERDYNE_IDENTITY_TOKEN; networked tools error until then)") +
-    ". Tools (14): onboard, list_categories, search_humans, get_treasury, fund_treasury, get_deposit_address, deposit, withdraw_treasury, post_task, authorize_task, get_task, review_submission, close_task, reclaim." +
-    " CLI: onboard, login, treasury (alias balance/fees), post, tasks.",
+    ". Tools (9): onboard, list_categories, search_humans, post_task, authorize_task, get_task, review_submission, close_task, reclaim." +
+    " CLI: onboard, login, post, tasks.",
 );

package/dist/founder-check.js

@@ -1,91 +0,0 @@
-/**
- * Example: a trading agent hires a human for a founder liveness check before it buys.
- *
- * A trading agent can run every on-chain check itself — but it can't tell whether
- * a real person is behind a token. Fake / impersonated / deepfaked teams are the
- * #1 token scam, and defeating a deepfake on a live call is something only a human
- * can do. So before a risky buy, the agent hires a human through CYBERDYNE to
- * video-verify the founder, then settles on a passing verify. This is the pattern
- * behind e.g. Bankr (https://bankr.bot) and any x402 trader.
- *
- * This drives the LIVE platform. Requires CYBERDYNE_IDENTITY_TOKEN (a cyb_ key);
- * optionally CYBERDYNE_API_URL. No key is hardcoded — it no-ops without one.
- *
- *   CYBERDYNE_API_URL=http://localhost:3000 CYBERDYNE_IDENTITY_TOKEN=cyb_… \
- *     npm run build && npm run founder-check
- */
-import { Client } from "@modelcontextprotocol/sdk/client/index.js";
-import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
-const token = process.env.CYBERDYNE_IDENTITY_TOKEN;
-if (!token) {
-    console.log("founder-check: no-op. Set CYBERDYNE_IDENTITY_TOKEN (a cyb_ key) and optionally " +
-        "CYBERDYNE_API_URL to run this example against the live platform.");
-    process.exit(0);
-}
-const transport = new StdioClientTransport({
-    command: "node",
-    args: ["dist/server.js"],
-    env: { ...process.env },
-});
-const client = new Client({ name: "trading-agent", version: "0" });
-await client.connect(transport);
-const call = async (name, args = {}) => {
-    const r = await client.callTool({ name, arguments: args });
-    const data = JSON.parse(r.content[0].text);
-    if (r.isError)
-        throw new Error(`${name} → ${data.error}`);
-    return data;
-};
-console.log("[agent] connected to CYBERDYNE over MCP\n");
-// 0. Make sure the agent treasury can cover the bounty (demo top-up).
-const t = await call("get_treasury");
-if (Number(t.treasury?.balance_usd ?? 0) < 50) {
-    await call("fund_treasury", { amount_usd: 100 });
-}
-// 1. The agent can't verify a real human is behind the token — find one who can.
-const found = await call("search_humans", { skills: ["groundtruth"], min_reputation: 4.8 });
-const human = found.humans[0];
-console.log(`search_humans(groundtruth, min_rep 4.8) -> ${found.humans.length} match`);
-if (human)
-    console.log(`  hiring ${human.handle}  ${human.location}  rep ${human.reputation}\n`);
-// 2. Post the founder liveness check. Not charged until authorize.
-const posted = await call("post_task", {
-    title: "Founder liveness check on $PEPE2",
-    category: "groundtruth",
-    description: "Get the claimed founder on a short video call and confirm they're a real, specific " +
-        "person — not an impersonator or deepfake — matched to a known reference. Return verified / not + notes.",
-    steps: [
-        "Live video matches a known reference",
-        "Passes liveness / deepfake probes => verified; otherwise not-verified + reasons",
-    ],
-    reward_usd: 50,
-    duration_min: 30,
-    difficulty: "hard",
-    deadline_hours: 2,
-});
-const taskId = posted.task.id;
-console.log(`post_task -> ${taskId}  reward $${posted.task.reward_usd}`);
-// (search_humans is discovery only — there is NO direct hire. The task is an open
-// FCFS pool bounty: ANY eligible human submits first-come-first-served.)
-void human;
-// 3. Authorize — freeze the budget (POOL: authIntent + deployFee; manual: just task_id).
-const authd = await call("authorize_task", {
-    task_id: taskId,
-    ...(posted.authIntent ? { auth_intent: posted.authIntent } : {}),
-    ...(posted.deployFee ? { deploy_fee: posted.deployFee } : {}),
-});
-console.log(`authorize_task -> escrow ${authd.task?.escrow_status}`);
-// 4. Poll until the human's proof is in (they submit in the app — human-only).
-const got = await call("get_task", { task_id: taskId });
-console.log(`get_task -> ${got.task.status}  submissions ${got.submissions.length}`);
-// 5. If the proof is in, verify it and capture one unit to the human.
-const pending = (got.submissions ?? []).find((s) => s.status === "pending");
-if (pending) {
-    const settled = await call("review_submission", { submission_id: pending.id, approve: true, score: 5 });
-    console.log(`review_submission -> captured ${JSON.stringify(settled).slice(0, 80)}`);
-    console.log("\n[agent] has a human verification it could not produce itself, and the contributor is paid.");
-}
-else {
-    console.log("\n[agent] bounty is live and the budget is frozen; humans submit proof in the app FCFS, then the agent reviews each.");
-}
-await client.close();

package/dist/smoke.js

@@ -1,90 +0,0 @@
-/**
- * Live smoke test: drive the MCP server against the REAL platform API like an
- * agent would. Not shipped.
- *
- * Requires both env vars to run for real:
- *   CYBERDYNE_API_URL        e.g. http://localhost:3000 or https://app.cyberdyne-os.xyz
- *   CYBERDYNE_IDENTITY_TOKEN the agent's cyb_ key
- * If either is missing it no-ops with a clear message (no key is ever hardcoded).
- *
- * The server inherits this process's env over stdio, so the same creds drive it.
- */
-import { Client } from "@modelcontextprotocol/sdk/client/index.js";
-import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
-const apiUrl = process.env.CYBERDYNE_API_URL;
-const token = process.env.CYBERDYNE_IDENTITY_TOKEN;
-if (!token) {
-    console.log("smoke: no-op. Set CYBERDYNE_IDENTITY_TOKEN (a cyb_ key) and optionally " +
-        "CYBERDYNE_API_URL to run the live flow against the platform.\n" +
-        "  e.g. CYBERDYNE_API_URL=http://localhost:3000 CYBERDYNE_IDENTITY_TOKEN=cyb_… npm run smoke");
-    process.exit(0);
-}
-const transport = new StdioClientTransport({
-    command: "node",
-    args: ["dist/server.js"],
-    env: { ...process.env },
-});
-const client = new Client({ name: "smoke", version: "0" });
-await client.connect(transport);
-const call = async (name, args = {}) => {
-    const r = await client.callTool({ name, arguments: args });
-    const data = JSON.parse(r.content[0].text);
-    if (r.isError)
-        throw new Error(`${name} → ${data.error}`);
-    return data;
-};
-console.log(`smoke → ${apiUrl ?? "https://app.cyberdyne-os.xyz"}`);
-console.log("tools:", (await client.listTools()).tools.map((t) => t.name).join(", "));
-// 1. Categories (static, no network).
-const cats = await call("list_categories");
-console.log(`list_categories → ${cats.length} categories`);
-// 2. Treasury — ensure it can cover a small task; top up if needed.
-let treasury = await call("get_treasury");
-const balance = Number(treasury.treasury?.balance_usd ?? 0);
-console.log(`get_treasury → balance $${balance}`);
-if (balance < 5) {
-    treasury = await call("fund_treasury", { amount_usd: 25 });
-    console.log(`fund_treasury → balance $${treasury.treasury?.balance_usd}`);
-}
-// 3. Discover a human via the live capability index.
-const found = await call("search_humans", { skills: ["capture"] });
-console.log(`search_humans(capture) → ${found.humans.length} match`);
-const human = found.humans[0];
-// (search_humans is for discovery only — there is NO direct hire/assign. Every task
-// is an open FCFS pool bounty: post a budget, humans submit, you review each.)
-void human;
-// 4. Post an FCFS pool bounty. reward_usd is the budget; not charged until authorize.
-const posted = await call("post_task", {
-    title: "Read 10 phrases (smoke)",
-    category: "capture",
-    description: "Record 10 short phrases clearly in a quiet room.",
-    reward_usd: 3.5,
-    duration_min: 10,
-    difficulty: "easy",
-});
-const taskId = posted.task.id;
-console.log(`post_task → ${taskId} (status ${posted.task.status})`);
-// 5. Authorize — freeze the budget (POOL: pass authIntent + deployFee; manual: just task_id).
-const authd = await call("authorize_task", {
-    task_id: taskId,
-    ...(posted.authIntent ? { auth_intent: posted.authIntent } : {}),
-    ...(posted.deployFee ? { deploy_fee: posted.deployFee } : {}),
-});
-console.log(`authorize_task → escrow_status ${authd.task?.escrow_status}`);
-// 6. Poll the live task. The human submits proof in the app (human-only), so on a
-//    fresh task there is typically no submission yet — that is expected here.
-const got = await call("get_task", { task_id: taskId });
-console.log(`get_task → status ${got.task.status}, submissions ${got.submissions.length}, claims ${got.claims.length}`);
-const pending = (got.submissions ?? []).find((s) => s.status === "pending");
-if (pending) {
-    const settled = await call("review_submission", { submission_id: pending.id, approve: true, score: 5 });
-    console.log(`review_submission → captured one unit ${JSON.stringify(settled).slice(0, 80)}`);
-}
-else {
-    console.log("review_submission → skipped: no pending submission yet (a human submits proof in the app). " +
-        "Closing the task to refund the unfilled budget.");
-    const closed = await call("close_task", { task_id: taskId });
-    console.log(`close_task → status ${closed.task?.status ?? "closed"}`);
-}
-await client.close();
-console.log("OK");

package/src/founder-check.ts

@@ -1,103 +0,0 @@
-/**
- * Example: a trading agent hires a human for a founder liveness check before it buys.
- *
- * A trading agent can run every on-chain check itself — but it can't tell whether
- * a real person is behind a token. Fake / impersonated / deepfaked teams are the
- * #1 token scam, and defeating a deepfake on a live call is something only a human
- * can do. So before a risky buy, the agent hires a human through CYBERDYNE to
- * video-verify the founder, then settles on a passing verify. This is the pattern
- * behind e.g. Bankr (https://bankr.bot) and any x402 trader.
- *
- * This drives the LIVE platform. Requires CYBERDYNE_IDENTITY_TOKEN (a cyb_ key);
- * optionally CYBERDYNE_API_URL. No key is hardcoded — it no-ops without one.
- *
- *   CYBERDYNE_API_URL=http://localhost:3000 CYBERDYNE_IDENTITY_TOKEN=cyb_… \
- *     npm run build && npm run founder-check
- */
-import { Client } from "@modelcontextprotocol/sdk/client/index.js";
-import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
-
-const token = process.env.CYBERDYNE_IDENTITY_TOKEN;
-if (!token) {
-  console.log(
-    "founder-check: no-op. Set CYBERDYNE_IDENTITY_TOKEN (a cyb_ key) and optionally " +
-      "CYBERDYNE_API_URL to run this example against the live platform.",
-  );
-  process.exit(0);
-}
-
-const transport = new StdioClientTransport({
-  command: "node",
-  args: ["dist/server.js"],
-  env: { ...process.env } as Record<string, string>,
-});
-const client = new Client({ name: "trading-agent", version: "0" });
-await client.connect(transport);
-
-const call = async (name: string, args: Record<string, unknown> = {}) => {
-  const r: any = await client.callTool({ name, arguments: args });
-  const data = JSON.parse(r.content[0].text);
-  if (r.isError) throw new Error(`${name} → ${data.error}`);
-  return data;
-};
-
-console.log("[agent] connected to CYBERDYNE over MCP\n");
-
-// 0. Make sure the agent treasury can cover the bounty (demo top-up).
-const t = await call("get_treasury");
-if (Number(t.treasury?.balance_usd ?? 0) < 50) {
-  await call("fund_treasury", { amount_usd: 100 });
-}
-
-// 1. The agent can't verify a real human is behind the token — find one who can.
-const found = await call("search_humans", { skills: ["groundtruth"], min_reputation: 4.8 });
-const human = found.humans[0];
-console.log(`search_humans(groundtruth, min_rep 4.8) -> ${found.humans.length} match`);
-if (human) console.log(`  hiring ${human.handle}  ${human.location}  rep ${human.reputation}\n`);
-
-// 2. Post the founder liveness check. Not charged until authorize.
-const posted = await call("post_task", {
-  title: "Founder liveness check on $PEPE2",
-  category: "groundtruth",
-  description:
-    "Get the claimed founder on a short video call and confirm they're a real, specific " +
-    "person — not an impersonator or deepfake — matched to a known reference. Return verified / not + notes.",
-  steps: [
-    "Live video matches a known reference",
-    "Passes liveness / deepfake probes => verified; otherwise not-verified + reasons",
-  ],
-  reward_usd: 50,
-  duration_min: 30,
-  difficulty: "hard",
-  deadline_hours: 2,
-});
-const taskId = posted.task.id;
-console.log(`post_task -> ${taskId}  reward $${posted.task.reward_usd}`);
-
-// (search_humans is discovery only — there is NO direct hire. The task is an open
-// FCFS pool bounty: ANY eligible human submits first-come-first-served.)
-void human;
-
-// 3. Authorize — freeze the budget (POOL: authIntent + deployFee; manual: just task_id).
-const authd = await call("authorize_task", {
-  task_id: taskId,
-  ...(posted.authIntent ? { auth_intent: posted.authIntent } : {}),
-  ...(posted.deployFee ? { deploy_fee: posted.deployFee } : {}),
-});
-console.log(`authorize_task -> escrow ${authd.task?.escrow_status}`);
-
-// 4. Poll until the human's proof is in (they submit in the app — human-only).
-const got = await call("get_task", { task_id: taskId });
-console.log(`get_task -> ${got.task.status}  submissions ${got.submissions.length}`);
-
-// 5. If the proof is in, verify it and capture one unit to the human.
-const pending = (got.submissions ?? []).find((s: any) => s.status === "pending");
-if (pending) {
-  const settled = await call("review_submission", { submission_id: pending.id, approve: true, score: 5 });
-  console.log(`review_submission -> captured ${JSON.stringify(settled).slice(0, 80)}`);
-  console.log("\n[agent] has a human verification it could not produce itself, and the contributor is paid.");
-} else {
-  console.log("\n[agent] bounty is live and the budget is frozen; humans submit proof in the app FCFS, then the agent reviews each.");
-}
-
-await client.close();

package/src/smoke.ts

@@ -1,108 +0,0 @@
-/**
- * Live smoke test: drive the MCP server against the REAL platform API like an
- * agent would. Not shipped.
- *
- * Requires both env vars to run for real:
- *   CYBERDYNE_API_URL        e.g. http://localhost:3000 or https://app.cyberdyne-os.xyz
- *   CYBERDYNE_IDENTITY_TOKEN the agent's cyb_ key
- * If either is missing it no-ops with a clear message (no key is ever hardcoded).
- *
- * The server inherits this process's env over stdio, so the same creds drive it.
- */
-import { Client } from "@modelcontextprotocol/sdk/client/index.js";
-import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
-
-const apiUrl = process.env.CYBERDYNE_API_URL;
-const token = process.env.CYBERDYNE_IDENTITY_TOKEN;
-
-if (!token) {
-  console.log(
-    "smoke: no-op. Set CYBERDYNE_IDENTITY_TOKEN (a cyb_ key) and optionally " +
-      "CYBERDYNE_API_URL to run the live flow against the platform.\n" +
-      "  e.g. CYBERDYNE_API_URL=http://localhost:3000 CYBERDYNE_IDENTITY_TOKEN=cyb_… npm run smoke",
-  );
-  process.exit(0);
-}
-
-const transport = new StdioClientTransport({
-  command: "node",
-  args: ["dist/server.js"],
-  env: { ...process.env } as Record<string, string>,
-});
-const client = new Client({ name: "smoke", version: "0" });
-await client.connect(transport);
-
-const call = async (name: string, args: Record<string, unknown> = {}) => {
-  const r: any = await client.callTool({ name, arguments: args });
-  const data = JSON.parse(r.content[0].text);
-  if (r.isError) throw new Error(`${name} → ${data.error}`);
-  return data;
-};
-
-console.log(`smoke → ${apiUrl ?? "https://app.cyberdyne-os.xyz"}`);
-console.log("tools:", (await client.listTools()).tools.map((t) => t.name).join(", "));
-
-// 1. Categories (static, no network).
-const cats = await call("list_categories");
-console.log(`list_categories → ${cats.length} categories`);
-
-// 2. Treasury — ensure it can cover a small task; top up if needed.
-let treasury = await call("get_treasury");
-const balance = Number(treasury.treasury?.balance_usd ?? 0);
-console.log(`get_treasury → balance $${balance}`);
-if (balance < 5) {
-  treasury = await call("fund_treasury", { amount_usd: 25 });
-  console.log(`fund_treasury → balance $${treasury.treasury?.balance_usd}`);
-}
-
-// 3. Discover a human via the live capability index.
-const found = await call("search_humans", { skills: ["capture"] });
-console.log(`search_humans(capture) → ${found.humans.length} match`);
-const human = found.humans[0];
-
-// (search_humans is for discovery only — there is NO direct hire/assign. Every task
-// is an open FCFS pool bounty: post a budget, humans submit, you review each.)
-void human;
-
-// 4. Post an FCFS pool bounty. reward_usd is the budget; not charged until authorize.
-const posted = await call("post_task", {
-  title: "Read 10 phrases (smoke)",
-  category: "capture",
-  description: "Record 10 short phrases clearly in a quiet room.",
-  reward_usd: 3.5,
-  duration_min: 10,
-  difficulty: "easy",
-});
-const taskId = posted.task.id;
-console.log(`post_task → ${taskId} (status ${posted.task.status})`);
-
-// 5. Authorize — freeze the budget (POOL: pass authIntent + deployFee; manual: just task_id).
-const authd = await call("authorize_task", {
-  task_id: taskId,
-  ...(posted.authIntent ? { auth_intent: posted.authIntent } : {}),
-  ...(posted.deployFee ? { deploy_fee: posted.deployFee } : {}),
-});
-console.log(`authorize_task → escrow_status ${authd.task?.escrow_status}`);
-
-// 6. Poll the live task. The human submits proof in the app (human-only), so on a
-//    fresh task there is typically no submission yet — that is expected here.
-const got = await call("get_task", { task_id: taskId });
-console.log(
-  `get_task → status ${got.task.status}, submissions ${got.submissions.length}, claims ${got.claims.length}`,
-);
-
-const pending = (got.submissions ?? []).find((s: any) => s.status === "pending");
-if (pending) {
-  const settled = await call("review_submission", { submission_id: pending.id, approve: true, score: 5 });
-  console.log(`review_submission → captured one unit ${JSON.stringify(settled).slice(0, 80)}`);
-} else {
-  console.log(
-    "review_submission → skipped: no pending submission yet (a human submits proof in the app). " +
-      "Closing the task to refund the unfilled budget.",
-  );
-  const closed = await call("close_task", { task_id: taskId });
-  console.log(`close_task → status ${closed.task?.status ?? "closed"}`);
-}
-
-await client.close();
-console.log("OK");