cyberdyne-mcp 0.6.7 → 0.6.9

package/dist/cli.js

@@ -133,8 +133,8 @@ export async function runPost(argv) {
         console.error("→ signing the budget authorization…");
         const signedPayment = await signAuthCapture(requirements);
         const fee = res.deployFee;
-        console.error(`→ paying the deploy fee (${usd(fee.usd)} in ${fee.token}) from your wallet…`);
-        const feeTx = await payDeployFee({ amountUsd: fee.usd, recipient: fee.recipient, token: fee.token });
+        console.error(`→ paying the deploy fee (${fee.amount} ${fee.token} ≈ ${usd(fee.usd)}) from your wallet…`);
+        const feeTx = await payDeployFee({ amount: fee.amount, decimals: fee.decimals, recipient: fee.recipient, token: fee.token });
         console.error(`  ✓ fee paid — ${feeTx}`);
         console.error("→ freezing the budget (authorize)…");
         const authed = await c.rest("POST", `/api/tasks/${taskId}/authorize`, { body: { signedPayment, fee_tx_hash: feeTx } });

package/dist/evm-signer.js

@@ -55,11 +55,14 @@ const ERC20_TRANSFER_ABI = [
  */
 export async function payDeployFee(params) {
     const wallet = createWalletClient({ account: account(), chain: chain(), transport: http(process.env.CYBERDYNE_RPC_URL) });
+    // Scale by the TOKEN's decimals, not a hardcoded 6. Using 6 for an 18-decimal
+    // token (BNKR/GITLAWB) underpaid the fee 10^12× → permanent fee_unverified.
+    const value = parseUnits(params.amount.toFixed(params.decimals), params.decimals);
     const hash = await wallet.writeContract({
         address: params.token,
         abi: ERC20_TRANSFER_ABI,
         functionName: "transfer",
-        args: [params.recipient, parseUnits(params.amountUsd.toFixed(6), 6)],
+        args: [params.recipient, value],
         chain: chain(),
     });
     // Wait until the fee tx is ≥1 block deep BEFORE returning, so the platform's

package/dist/onboard.js

@@ -17,6 +17,8 @@
  * a DB row. The wallet private key is persisted but NEVER logged to stdout.
  */
 import { readFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
 import { createInterface } from "node:readline";
 import { generatePrivateKey, privateKeyToAccount, mnemonicToAccount } from "viem/accounts";
 import { bytesToHex } from "viem";
@@ -111,6 +113,29 @@ function collectCookies(res, jar) {
 function cookieHeader(jar) {
     return [...jar.entries()].map(([k, v]) => `${k}=${v}`).join("; ");
 }
+/**
+ * Auto-discover the agent's Bankr `bk_` key WITHOUT requiring a flag — so a plain
+ * `npx cyberdyne-mcp onboard` links Bankr whenever the agent already has Bankr set up.
+ * Order: CYBERDYNE_BANKR_KEY → BANKR_API_KEY (Bankr's own standard env var) →
+ * ~/.bankr/config.json (any `bk_`-prefixed value — the same config file Bankr's CLI/SDK use).
+ * Returns undefined if nothing is configured (then onboard just skips Bankr linking).
+ */
+function discoverBankrKey(env) {
+    const fromEnv = env.CYBERDYNE_BANKR_KEY?.trim() || env.BANKR_API_KEY?.trim();
+    if (fromEnv?.startsWith("bk_"))
+        return fromEnv;
+    try {
+        const cfg = JSON.parse(readFileSync(join(homedir(), ".bankr", "config.json"), "utf8"));
+        for (const v of Object.values(cfg)) {
+            if (typeof v === "string" && v.startsWith("bk_"))
+                return v.trim();
+        }
+    }
+    catch {
+        /* no ~/.bankr/config.json — fine, Bankr just isn't configured */
+    }
+    return undefined;
+}
 /**
  * Run the full SIWE → mint chain and persist the credentials. Throws on any
  * non-2xx step (with the endpoint + status) so the caller can surface a clear error.
@@ -185,7 +210,7 @@ export async function onboard(env = process.env, opts = {}) {
     //    via the fresh cyb_ key. Best-effort: a failure never blocks onboarding, and the
     //    bk_ key is never stored (the backend uses it once and discards it).
     let bankr;
-    const bankrKey = (opts.bankrKey ?? env.CYBERDYNE_BANKR_KEY ?? "").trim();
+    const bankrKey = (opts.bankrKey?.trim() || discoverBankrKey(env) || "");
     if (bankrKey.startsWith("bk_")) {
         try {
             const res = await fetch(`${apiUrl}/api/bankr/connect`, {
@@ -277,8 +302,10 @@ export const ONBOARD_USAGE = [
     "                        CYBERDYNE_IMPORT_KEY=0x<key> npx cyberdyne-mcp onboard --import",
     "                      (passing it as an argument leaves the secret in your shell history.)",
     "  --create            generate a fresh wallet (default in a non-interactive / CI shell).",
-    "  --bankr <bk_key>    auto-link your Bankr project at onboard (or set CYBERDYNE_BANKR_KEY).",
-    "                      The bk_ key is used ONCE server-side and never stored.",
+    "  --bankr <bk_key>    link your Bankr project at onboard. USUALLY UNNEEDED: onboard",
+    "                      auto-discovers your key from BANKR_API_KEY / ~/.bankr/config.json,",
+    "                      so a plain `onboard` links Bankr if you already use it. Used once,",
+    "                      server-side, and never stored.",
     "  (no flag, in a terminal)  you'll be prompted: paste a key/mnemonic, or press enter to create.",
     "",
     "Either way: SIWE sign-in → mint your cyb_ key → save wallet + key to ~/.cyberdyne/config.json (0600).",

package/dist/server.js

@@ -151,7 +151,7 @@ async function guard(fn) {
     }
 }
 // ---- Server ---------------------------------------------------------------
-const server = new McpServer({ name: "cyberdyne", version: "0.6.7" });
+const server = new McpServer({ name: "cyberdyne", version: "0.6.8" });
 server.tool("list_categories", "List the kinds of real-world work CYBERDYNE humans can do. Static (no network). Use this to learn the valid `category` values before posting a task.", {}, async () => json(Object.entries(CATEGORIES).map(([id, blurb]) => ({ id, blurb }))));
 server.tool("onboard", "BOOTSTRAP (works WITHOUT an existing key — the one tool that self-onboards). Zero-browser: generates a fresh wallet if you don't have one, signs in to CYBERDYNE with it (SIWE), mints your `cyb_` agent API key, and saves both to ~/.cyberdyne/config.json (0600) so every other tool here authenticates automatically. No web dashboard, no env vars. Returns your wallet address, the cyb_ key (shown once), and the next steps (fund your WALLET with USDC + a little ETH for gas on Base → post_task → authorize_task → review_submission → close_task). The non-custodial pool freezes the budget directly from your wallet at deploy — there is no platform treasury to deposit into. The same generated wallet auto-signs pool budgets. To bring your OWN wallet instead, use the CLI: `npx cyberdyne-mcp onboard --import <0xKEY | mnemonic>` (or --create for a fresh one). Idempotent-ish: re-running with a saved wallet reuses it and mints a fresh key.", {}, async () => guard(async () => {
     const r = await onboard();
@@ -209,7 +209,7 @@ server.tool("authorize_task", "Freeze the bounty budget on-chain (the second ste
             }
             if (!feeTx && deploy_fee) {
                 const f = deploy_fee;
-                feeTx = await payDeployFee({ amountUsd: f.usd, recipient: f.recipient, token: f.token });
+                feeTx = await payDeployFee({ amount: f.amount, decimals: f.decimals, recipient: f.recipient, token: f.token });
             }
         }
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cyberdyne-mcp",
-  "version": "0.6.7",
+  "version": "0.6.9",
   "publishConfig": {
     "access": "public"
   },

package/src/cli.ts

@@ -125,7 +125,7 @@ export async function runPost(argv: string[]): Promise<void> {
     const res = await c.rest<{
       task: { id: string; escrow_status?: string };
       authIntent?: { requirements?: unknown };
-      deployFee?: { usd: number; recipient: string; token: string };
+      deployFee?: { amount: number; decimals: number; usd: number; recipient: string; token: string };
     }>("POST", "/api/tasks", { body });
     const taskId = res.task?.id;
     console.error(`  ✓ posted — task ${taskId}`);
@@ -155,8 +155,8 @@ export async function runPost(argv: string[]): Promise<void> {
     const signedPayment = await signAuthCapture(requirements);
 
     const fee = res.deployFee;
-    console.error(`→ paying the deploy fee (${usd(fee.usd)} in ${fee.token}) from your wallet…`);
-    const feeTx = await payDeployFee({ amountUsd: fee.usd, recipient: fee.recipient, token: fee.token });
+    console.error(`→ paying the deploy fee (${fee.amount} ${fee.token} ≈ ${usd(fee.usd)}) from your wallet…`);
+    const feeTx = await payDeployFee({ amount: fee.amount, decimals: fee.decimals, recipient: fee.recipient, token: fee.token });
     console.error(`  ✓ fee paid — ${feeTx}`);
 
     console.error("→ freezing the budget (authorize)…");

package/src/evm-signer.ts

@@ -57,16 +57,22 @@ const ERC20_TRANSFER_ABI = [
  * this gas (CYBERDYNE absorbs none). USDC is 6-dp (v1 pool settles in USDC).
  */
 export async function payDeployFee(params: {
-  amountUsd: number;
+  /** Fee in the FEE TOKEN's own units (NOT USD). The platform pins this at post. */
+  amount: number;
+  /** The fee token's ERC-20 decimals (USDC=6, BNKR/GITLAWB=18, dynamic varies). */
+  decimals: number;
   recipient: string;
   token: string;
 }): Promise<string> {
   const wallet = createWalletClient({ account: account(), chain: chain(), transport: http(process.env.CYBERDYNE_RPC_URL) });
+  // Scale by the TOKEN's decimals, not a hardcoded 6. Using 6 for an 18-decimal
+  // token (BNKR/GITLAWB) underpaid the fee 10^12× → permanent fee_unverified.
+  const value = parseUnits(params.amount.toFixed(params.decimals), params.decimals);
   const hash = await wallet.writeContract({
     address: params.token as `0x${string}`,
     abi: ERC20_TRANSFER_ABI,
     functionName: "transfer",
-    args: [params.recipient as `0x${string}`, parseUnits(params.amountUsd.toFixed(6), 6)],
+    args: [params.recipient as `0x${string}`, value],
     chain: chain(),
   });
   // Wait until the fee tx is ≥1 block deep BEFORE returning, so the platform's

package/src/onboard.ts

@@ -17,6 +17,8 @@
  * a DB row. The wallet private key is persisted but NEVER logged to stdout.
  */
 import { readFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
 import { createInterface } from "node:readline";
 import { generatePrivateKey, privateKeyToAccount, mnemonicToAccount } from "viem/accounts";
 import { bytesToHex } from "viem";
@@ -131,6 +133,27 @@ function cookieHeader(jar: Map<string, string>): string {
   return [...jar.entries()].map(([k, v]) => `${k}=${v}`).join("; ");
 }
 
+/**
+ * Auto-discover the agent's Bankr `bk_` key WITHOUT requiring a flag — so a plain
+ * `npx cyberdyne-mcp onboard` links Bankr whenever the agent already has Bankr set up.
+ * Order: CYBERDYNE_BANKR_KEY → BANKR_API_KEY (Bankr's own standard env var) →
+ * ~/.bankr/config.json (any `bk_`-prefixed value — the same config file Bankr's CLI/SDK use).
+ * Returns undefined if nothing is configured (then onboard just skips Bankr linking).
+ */
+function discoverBankrKey(env: NodeJS.ProcessEnv): string | undefined {
+  const fromEnv = env.CYBERDYNE_BANKR_KEY?.trim() || env.BANKR_API_KEY?.trim();
+  if (fromEnv?.startsWith("bk_")) return fromEnv;
+  try {
+    const cfg = JSON.parse(readFileSync(join(homedir(), ".bankr", "config.json"), "utf8")) as Record<string, unknown>;
+    for (const v of Object.values(cfg)) {
+      if (typeof v === "string" && v.startsWith("bk_")) return v.trim();
+    }
+  } catch {
+    /* no ~/.bankr/config.json — fine, Bankr just isn't configured */
+  }
+  return undefined;
+}
+
 export interface OnboardResult {
   address: string;
   apiKey: string;
@@ -234,7 +257,7 @@ export async function onboard(
   //    via the fresh cyb_ key. Best-effort: a failure never blocks onboarding, and the
   //    bk_ key is never stored (the backend uses it once and discards it).
   let bankr: OnboardResult["bankr"];
-  const bankrKey = (opts.bankrKey ?? env.CYBERDYNE_BANKR_KEY ?? "").trim();
+  const bankrKey = (opts.bankrKey?.trim() || discoverBankrKey(env) || "");
   if (bankrKey.startsWith("bk_")) {
     try {
       const res = await fetch(`${apiUrl}/api/bankr/connect`, {
@@ -327,8 +350,10 @@ export const ONBOARD_USAGE = [
   "                        CYBERDYNE_IMPORT_KEY=0x<key> npx cyberdyne-mcp onboard --import",
   "                      (passing it as an argument leaves the secret in your shell history.)",
   "  --create            generate a fresh wallet (default in a non-interactive / CI shell).",
-  "  --bankr <bk_key>    auto-link your Bankr project at onboard (or set CYBERDYNE_BANKR_KEY).",
-  "                      The bk_ key is used ONCE server-side and never stored.",
+  "  --bankr <bk_key>    link your Bankr project at onboard. USUALLY UNNEEDED: onboard",
+  "                      auto-discovers your key from BANKR_API_KEY / ~/.bankr/config.json,",
+  "                      so a plain `onboard` links Bankr if you already use it. Used once,",
+  "                      server-side, and never stored.",
   "  (no flag, in a terminal)  you'll be prompted: paste a key/mnemonic, or press enter to create.",
   "",
   "Either way: SIWE sign-in → mint your cyb_ key → save wallet + key to ~/.cyberdyne/config.json (0600).",

package/src/server.ts

@@ -163,7 +163,7 @@ async function guard<T>(fn: () => Promise<T>) {
 
 // ---- Server ---------------------------------------------------------------
 
-const server = new McpServer({ name: "cyberdyne", version: "0.6.7" });
+const server = new McpServer({ name: "cyberdyne", version: "0.6.8" });
 
 server.tool(
   "list_categories",
@@ -254,8 +254,8 @@ server.tool(
             payload = await signAuthCapture(requirements);
           }
           if (!feeTx && deploy_fee) {
-            const f = deploy_fee as { usd: number; recipient: string; token: string };
-            feeTx = await payDeployFee({ amountUsd: f.usd, recipient: f.recipient, token: f.token });
+            const f = deploy_fee as { amount: number; decimals: number; usd: number; recipient: string; token: string };
+            feeTx = await payDeployFee({ amount: f.amount, decimals: f.decimals, recipient: f.recipient, token: f.token });
           }
         }
       }