dropclaw 1.1.0 → 1.2.0

package/README.md

@@ -2,7 +2,7 @@
 
 **Permanent encrypted on-chain storage for AI agents on Monad blockchain with x402 payments.**
 
-DropClaw gives AI agents a way to store files permanently on-chain. Files are compressed and encrypted client-side (AES-256-GCM) before upload — the server never sees plaintext. It's a blind encrypted relay.
+DropClaw gives AI agents a way to store files permanently on-chain. Files are compressed and encrypted client-side (AES-256-GCM) before upload — the server never sees plaintext. It's a blind encrypted relay. Files go directly on-chain as Monad calldata — DropClaw never stores user files. Encryption keys stay with the user.
 
 ## Quick Start
 
@@ -35,14 +35,14 @@ Your agent now has 5 MCP tools:
 3. Sends payment on-chain (MON on Monad, SOL on Solana, or USDC on Base)
 4. Calls `dropclaw_store` with the payment tx hash and encrypted blob
 5. DropClaw chunks the blob into segments and stores each as calldata on Monad
-6. Agent receives a file ID and encryption key — save both securely
-7. Call `dropclaw_retrieve` anytime to get the file back (free)
+6. Agent receives a file ID — encryption key is saved locally in `~/.dropclaw/keys.json`
+7. Call `dropclaw_retrieve` with the file ID to fetch and decrypt (free)
 
 ## Pricing
 
 - **Storage:** $30 USD service fee + Monad gas costs
 - **Retrieval:** Always free
-- **Free with Syntek:** [Syntek](https://github.com/timowhite88/farnsworth-syntek) subscribers ($100/90 days) get free DropClaw storage (gas only)
+- **Syntek subscribers:** [Syntek](https://github.com/timowhite88/farnsworth-syntek) subscribers ($100/90 days) get DropClaw access for Syntek memory uploads (gas only, no service fee)
 - **50% of fees** go to FARNS token buybacks
 
 ## Payment Options
@@ -93,7 +93,7 @@ const file = await client.retrieve(result.fileId);
 
 ## Credentials
 
-Credentials are stored in `~/.dropclaw/vault.enc` — encrypted and portable.
+Credentials are stored in `~/.dropclaw/vault.json`. Encryption keys are saved in `~/.dropclaw/keys.json`.
 
 ```bash
 npx dropclaw setup    # Interactive setup

package/SKILL.md

@@ -2,6 +2,15 @@
 
 > Permanent encrypted on-chain storage for AI agents on Monad blockchain with x402 payments.
 
+## How It Works
+
+DropClaw is a blind encrypted relay — **files go directly on-chain as Monad calldata**. We never store user files. The flow is:
+
+1. Client compresses (zlib) and encrypts (AES-256-GCM) the file locally
+2. Encrypted blob is chunked and written as calldata transactions on Monad
+3. The encryption key stays with YOU — DropClaw never sees it
+4. To retrieve: fetch the encrypted blob from chain, decrypt locally with your key
+
 ## Endpoint
 
 `https://dropclaw.cloud`
@@ -12,10 +21,6 @@ Storage operations require an API key:
 ```
 Authorization: Bearer <api-key>
 ```
-Or:
-```
-X-API-Key: <api-key>
-```
 
 Retrieval is always free and does not require authentication.
 
@@ -30,10 +35,20 @@ claude mcp add dropclaw -- npx dropclaw-mcp
 | Tool | Description |
 |------|-------------|
 | `dropclaw_payment_options` | Get x402 payment requirements before storing a file |
-| `dropclaw_store` | Store encrypted file on Monad with payment tx hash |
-| `dropclaw_retrieve` | Retrieve and decrypt a stored file (free) |
+| `dropclaw_store` | Encrypt and store file on Monad blockchain (requires payment tx hash) |
+| `dropclaw_retrieve` | Retrieve and decrypt a stored file using your encryption key (free) |
 | `dropclaw_pricing` | Get cost estimates for a given file size |
-| `dropclaw_list` | List all locally stored files with encryption keys |
+| `dropclaw_list` | List locally stored file IDs and encryption keys |
+
+### Key Management
+
+When you store a file, `dropclaw_store` returns a `file_id` and saves the encryption key locally to `~/.dropclaw/keys.json`. **Both the file_id and key stay with you** — DropClaw does not store your keys. If you lose them, your data cannot be recovered.
+
+When you retrieve a file, `dropclaw_retrieve` will:
+1. Fetch the encrypted blob from Monad blockchain
+2. Look up the encryption key in your local `keys.json` (or use the `encryption_key` parameter you provide)
+3. Decrypt (AES-256-GCM) and decompress (zlib inflate) the data
+4. Return the original plaintext content
 
 ## REST API
 
@@ -52,14 +67,14 @@ claude mcp add dropclaw -- npx dropclaw-mcp
 | Method | Path | Description |
 |--------|------|-------------|
 | `POST` | `/vault/store` | Store encrypted file — `{ content_base64, file_name, payment_tx_hash, payment_network }` |
-| `POST` | `/vault/retrieve/{id}` | Retrieve file — `{ file_id }` |
+| `POST` | `/vault/retrieve/{id}` | Retrieve encrypted blob from chain (free) |
 
 ## x402 Payment Flow
 
 1. **Get pricing** — `GET /vault/pricing?size=<bytes>`
 2. **Send payment** — Transfer exact amount to the `payTo` address on your preferred chain
 3. **Store file** — `POST /vault/store` with `payment_tx_hash` and `payment_network`
-4. **Save credentials** — Store the returned `file_id` and local encryption key
+4. **Save your keys** — Store the returned `file_id` and your local encryption key securely
 5. **Retrieve anytime** — `POST /vault/retrieve/{id}` (free, no payment needed)
 
 ## Payment Options
@@ -72,18 +87,22 @@ claude mcp add dropclaw -- npx dropclaw-mcp
 
 ## Pricing
 
-- **Service fee:** $30 USD
+- **Service fee:** $30 USD + gas costs
 - **Gas costs:** Variable (depends on file size and Monad gas prices)
 - **Retrieval:** Always free
-- **Syntek subscribers:** Free storage (gas only) — $100/90 days includes DropClaw
+- **Syntek subscribers:** Gas only (no service fee) — Syntek subscription ($100/90 days) includes DropClaw access for Syntek memory uploads. Users still pay Monad gas fees.
+- **50% of service fees** go to FARNS token buybacks
 
 ## Encryption
 
 - **Algorithm:** AES-256-GCM
-- **Key generation:** Client-side, never transmitted
-- **Compression:** zlib before encryption
-- **Storage:** Encrypted blob chunked into segments, stored as Monad calldata
-- **Zero-knowledge:** Server never sees plaintext data
+- **Key generation:** Client-side, 32-byte random key — never transmitted to DropClaw
+- **IV:** 12-byte random — prepended to ciphertext
+- **Auth tag:** 16-byte GCM tag — prepended after IV
+- **Compression:** zlib deflate before encryption
+- **Wire format:** `[IV (12 bytes) | AuthTag (16 bytes) | Ciphertext]` → base64
+- **On-chain storage:** Encrypted blob chunked into segments, stored as Monad calldata
+- **Zero-knowledge:** Server never sees plaintext data or encryption keys
 
 ## Example Usage
 

package/dist/client.js

@@ -1,5 +1,5 @@
 /**
- * DropClaw v1.1.0
+ * DropClaw v1.2.0
  * (c) 2026 Farnsworth Labs — All rights reserved.
  * PROPRIETARY AND CONFIDENTIAL. Unauthorized copying prohibited.
  * This software is protected by international copyright law.
@@ -11,7 +11,7 @@ const path = require("path");
 const zlib = require("zlib");
 
 const DEFAULT_GATEWAY = "https://dropclaw.cloud";
-const VERSION = "1.1.0";
+const VERSION = "1.2.0";
 
 class DropClawClient {
   constructor(opts = {}) {
@@ -35,7 +35,11 @@ class DropClawClient {
 
   _loadVaultKey() {
     try {
-      const vaultPath = path.join(this._vaultDir, "vault.enc");
+      // Try new name first, fall back to legacy
+      let vaultPath = path.join(this._vaultDir, "vault.json");
+      if (!fs.existsSync(vaultPath)) {
+        vaultPath = path.join(this._vaultDir, "vault.enc");
+      }
       if (fs.existsSync(vaultPath)) {
         const data = JSON.parse(fs.readFileSync(vaultPath, "utf8"));
         if (data.apiKey) this.apiKey = data.apiKey;
@@ -82,7 +86,7 @@ class DropClawClient {
 
   async pricing(fileSize) {
     const resp = await fetch(`${this.gateway}/vault/pricing?size=${fileSize}`);
-    return resp.json();
+    return this._handle(resp);
   }
 
   async getPaymentOptions(fileSize) {
@@ -93,8 +97,14 @@ class DropClawClient {
     if (!opts.paymentTxHash) {
       throw new Error("paymentTxHash required. Call pricing() first, send payment, then store().");
     }
+    if (!opts.filePath && !opts.content && !opts.contentBase64) {
+      throw new Error("Provide filePath, content, or contentBase64");
+    }
 
     let contentBase64;
+    let keyHex = null;
+    const fileName = opts.fileName || (opts.filePath ? path.basename(opts.filePath) : "untitled");
+
     if (opts.filePath) {
       const raw = fs.readFileSync(opts.filePath);
       const compressed = zlib.deflateSync(raw);
@@ -104,9 +114,7 @@ class DropClawClient {
       const encrypted = Buffer.concat([cipher.update(compressed), cipher.final()]);
       const tag = cipher.getAuthTag();
       contentBase64 = Buffer.concat([iv, tag, encrypted]).toString("base64");
-
-      // Save key locally
-      this._saveKey(opts.fileName || path.basename(opts.filePath), key);
+      keyHex = key.toString("hex");
     } else if (opts.content) {
       const raw = Buffer.isBuffer(opts.content) ? opts.content : Buffer.from(opts.content);
       const compressed = zlib.deflateSync(raw);
@@ -116,20 +124,25 @@ class DropClawClient {
       const encrypted = Buffer.concat([cipher.update(compressed), cipher.final()]);
       const tag = cipher.getAuthTag();
       contentBase64 = Buffer.concat([iv, tag, encrypted]).toString("base64");
-
-      this._saveKey(opts.fileName || "untitled", key);
+      keyHex = key.toString("hex");
     } else if (opts.contentBase64) {
       contentBase64 = opts.contentBase64;
-    } else {
-      throw new Error("Provide filePath, content, or contentBase64");
     }
 
-    return this._post("/vault/store", {
+    const result = await this._post("/vault/store", {
       content_base64: contentBase64,
-      file_name: opts.fileName || "untitled",
+      file_name: fileName,
       payment_tx_hash: opts.paymentTxHash,
       payment_network: opts.paymentNetwork || "eip155:143",
     });
+
+    // Save key with file_id AFTER successful API response
+    if (keyHex) {
+      const fileId = result.fileId || result.file_id || null;
+      this._saveKey(fileName, keyHex, fileId);
+    }
+
+    return result;
   }
 
   async retrieve(fileId) {
@@ -146,7 +159,7 @@ class DropClawClient {
     return [];
   }
 
-  _saveKey(fileName, key) {
+  _saveKey(fileName, keyHex, fileId) {
     try {
       if (!fs.existsSync(this._vaultDir)) {
         fs.mkdirSync(this._vaultDir, { recursive: true });
@@ -155,17 +168,22 @@ class DropClawClient {
       let keys = [];
       try { keys = JSON.parse(fs.readFileSync(keysPath, "utf8")); } catch {}
       keys.push({
+        fileId: fileId || null,
         fileName,
-        key: key.toString("hex"),
+        key: keyHex,
         storedAt: new Date().toISOString(),
       });
       fs.writeFileSync(keysPath, JSON.stringify(keys, null, 2));
-    } catch {}
+    } catch (e) {
+      console.error("WARNING: Failed to save encryption key locally:", e.message);
+      console.error("Your encryption key is:", keyHex);
+      console.error("SAVE THIS KEY — without it, your data cannot be recovered.");
+    }
   }
 
   async x402Discovery() {
     const resp = await fetch(`${this.gateway}/.well-known/x402`);
-    return resp.json();
+    return this._handle(resp);
   }
 }
 

package/dist/mcp/credentials.js

@@ -1,16 +1,17 @@
 /**
- * DropClaw Credential Manager v1.1.0
+ * DropClaw Credential Manager v1.2.0
  * (c) 2026 Farnsworth Labs — All rights reserved.
  * PROPRIETARY AND CONFIDENTIAL. Unauthorized copying prohibited.
  */
-const fs=require("fs"),path=require("path"),crypto=require("crypto");
+const fs=require("fs"),path=require("path");
 const VD=path.join(process.env.HOME||process.env.USERPROFILE||"/tmp",".dropclaw");
-const VP=path.join(VD,"vault.enc");
-function load(){try{if(fs.existsSync(VP))return JSON.parse(fs.readFileSync(VP,"utf8"));return null}catch{return null}}
+const VP=path.join(VD,"vault.json");
+const VP_LEGACY=path.join(VD,"vault.enc");
+function load(){try{if(fs.existsSync(VP))return JSON.parse(fs.readFileSync(VP,"utf8"));if(fs.existsSync(VP_LEGACY))return JSON.parse(fs.readFileSync(VP_LEGACY,"utf8"));return null}catch{return null}}
 function save(data){if(!fs.existsSync(VD))fs.mkdirSync(VD,{recursive:true});fs.writeFileSync(VP,JSON.stringify(data,null,2))}
 function getApiKey(){const v=load();return v?.apiKey||process.env.DROPCLAW_API_KEY||null}
 function getGateway(){const v=load();return v?.gateway||process.env.DROPCLAW_GATEWAY||"https://dropclaw.cloud"}
-function saveKey(fileName,keyHex){const kp=path.join(VD,"keys.json");let ks=[];try{ks=JSON.parse(fs.readFileSync(kp,"utf8"))}catch{}ks.push({fileName,key:keyHex,storedAt:new Date().toISOString()});if(!fs.existsSync(VD))fs.mkdirSync(VD,{recursive:true});fs.writeFileSync(kp,JSON.stringify(ks,null,2))}
+function saveKey(fileName,keyHex,fileId){if(!fs.existsSync(VD))fs.mkdirSync(VD,{recursive:true});const kp=path.join(VD,"keys.json");let ks=[];try{ks=JSON.parse(fs.readFileSync(kp,"utf8"))}catch{}ks.push({fileId:fileId||null,fileName,key:keyHex,storedAt:new Date().toISOString()});fs.writeFileSync(kp,JSON.stringify(ks,null,2))}
 function getKeys(){const kp=path.join(VD,"keys.json");try{return JSON.parse(fs.readFileSync(kp,"utf8"))}catch{return[]}}
-function revoke(){if(fs.existsSync(VP)){crypto.randomFillSync(Buffer.alloc(256));fs.unlinkSync(VP)}const kp=path.join(VD,"keys.json");if(fs.existsSync(kp))fs.unlinkSync(kp)}
+function revoke(){const files=[VP,VP_LEGACY,path.join(VD,"keys.json")];for(const f of files){if(fs.existsSync(f))fs.unlinkSync(f)}}
 module.exports={load,save,getApiKey,getGateway,saveKey,getKeys,revoke};

package/dist/mcp/index.mjs

@@ -1,28 +1,32 @@
 #!/usr/bin/env node
 /**
- * DropClaw MCP Server v1.1.0
+ * DropClaw MCP Server v1.2.0
  * (c) 2026 Farnsworth Labs — All rights reserved.
  * PROPRIETARY AND CONFIDENTIAL. Unauthorized copying prohibited.
  */
 import{Server}from"@modelcontextprotocol/sdk/server/index.js";import{StdioServerTransport}from"@modelcontextprotocol/sdk/server/stdio.js";import{CallToolRequestSchema,ListToolsRequestSchema}from"@modelcontextprotocol/sdk/types.js";import fs from"fs";import path from"path";import crypto from"crypto";import zlib from"zlib";
-const G=process.env.DROPCLAW_GATEWAY||"https://dropclaw.cloud";const V="1.1.0";
-function lk(){try{const p=path.join(process.env.HOME||process.env.USERPROFILE||"/tmp",".dropclaw","vault.enc");if(fs.existsSync(p)){return JSON.parse(fs.readFileSync(p,"utf8"))}}catch{}return{}}
+const G=process.env.DROPCLAW_GATEWAY||"https://dropclaw.cloud";const V="1.2.0";
+const VD=path.join(process.env.HOME||process.env.USERPROFILE||"/tmp",".dropclaw");
+function lk(){try{const p=path.join(VD,"vault.json");if(fs.existsSync(p)){return JSON.parse(fs.readFileSync(p,"utf8"))}}catch{}try{const p=path.join(VD,"vault.enc");if(fs.existsSync(p)){return JSON.parse(fs.readFileSync(p,"utf8"))}}catch{}return{}}
 function hd(){const v=lk();const h={"Content-Type":"application/json","X-Client-Version":V};if(v.apiKey)h["Authorization"]=`Bearer ${v.apiKey}`;if(process.env.DROPCLAW_API_KEY)h["Authorization"]=`Bearer ${process.env.DROPCLAW_API_KEY}`;return h}
-async function api(m,p,b){const u=`${G}${p}`;const o={method:m,headers:hd()};if(b)o.body=JSON.stringify(b);const r=await fetch(u,o);return r.json()}
+async function api(m,p,b){const u=`${G}${p}`;const o={method:m,headers:hd()};if(m==="GET")delete o.headers["Content-Type"];if(b)o.body=JSON.stringify(b);const r=await fetch(u,o);if(!r.ok){const t=await r.text();let msg;try{msg=JSON.parse(t).error||t}catch{msg=t}throw new Error(`${r.status}: ${msg}`)}return r.json()}
+function saveKey(fileName,keyHex,fileId){if(!fs.existsSync(VD))fs.mkdirSync(VD,{recursive:true});const kp=path.join(VD,"keys.json");let ks=[];try{ks=JSON.parse(fs.readFileSync(kp,"utf8"))}catch{}ks.push({fileId:fileId||null,fileName,key:keyHex,storedAt:new Date().toISOString()});fs.writeFileSync(kp,JSON.stringify(ks,null,2))}
+function getKeys(){const kp=path.join(VD,"keys.json");try{return JSON.parse(fs.readFileSync(kp,"utf8"))}catch{return[]}}
 const server=new Server({name:"dropclaw-mcp",version:V},{capabilities:{tools:{}}});
 server.setRequestHandler(ListToolsRequestSchema,async()=>({tools:[
-{name:"dropclaw_payment_options",description:"STEP 1: Get x402 payment requirements before storing a file. Returns exact amounts in MON, SOL, and USDC with pay-to addresses.",inputSchema:{type:"object",properties:{file_size:{type:"number",description:"File size in bytes"}},required:["file_size"]}},
-{name:"dropclaw_store",description:"STEP 2: Store a file permanently on Monad blockchain. Requires payment first. The file is compressed and encrypted locally. Save the returned file ID and encryption key.",inputSchema:{type:"object",properties:{file_path:{type:"string",description:"Absolute path to file to store"},content_base64:{type:"string",description:"Base64-encoded content (alternative to file_path)"},file_name:{type:"string",description:"Original filename"},payment_tx_hash:{type:"string",description:"Transaction hash of on-chain payment"},payment_network:{type:"string",enum:["eip155:143","solana","eip155:8453"],description:"Payment network",default:"eip155:143"}},required:["payment_tx_hash"]}},
-{name:"dropclaw_retrieve",description:"Retrieve a file from Monad blockchain. FREE — no payment required.",inputSchema:{type:"object",properties:{file_id:{type:"string",description:"File ID from dropclaw_store"},save_to:{type:"string",description:"Path to save file (optional)"}},required:["file_id"]}},
-{name:"dropclaw_pricing",description:"Get cost estimates for storing a file. Returns $30 service fee plus estimated gas costs.",inputSchema:{type:"object",properties:{file_size:{type:"number",description:"File size in bytes"}},required:["file_size"]}},
-{name:"dropclaw_list",description:"List all files stored via DropClaw that have encryption keys saved locally.",inputSchema:{type:"object",properties:{}}}
+{name:"dropclaw_payment_options",description:"STEP 1: Get x402 payment requirements before storing a file. Returns exact amounts in MON, SOL, and USDC with pay-to addresses. Regular usage: $30 + gas. Syntek subscribers: gas only.",inputSchema:{type:"object",properties:{file_size:{type:"number",description:"File size in bytes"}},required:["file_size"]}},
+{name:"dropclaw_store",description:"STEP 2: Store a file permanently on Monad blockchain. Files go DIRECTLY on-chain as calldata — DropClaw never stores user files. The file is compressed (zlib) and encrypted (AES-256-GCM) client-side before upload. You MUST save the returned file_id and encryption key — these stay with YOU and are the only way to retrieve and decrypt later.",inputSchema:{type:"object",properties:{file_path:{type:"string",description:"Absolute path to file to store"},content_base64:{type:"string",description:"Base64-encoded content (alternative to file_path — must be pre-encrypted)"},file_name:{type:"string",description:"Original filename"},payment_tx_hash:{type:"string",description:"Transaction hash of on-chain payment"},payment_network:{type:"string",enum:["eip155:143","solana","eip155:8453"],description:"Payment network",default:"eip155:143"}},required:["payment_tx_hash"]}},
+{name:"dropclaw_retrieve",description:"Retrieve an encrypted file from Monad blockchain. FREE — no payment required. Returns the encrypted blob (base64). Decrypt with your encryption key using the wire format in SKILL.md.",inputSchema:{type:"object",properties:{file_id:{type:"string",description:"File ID returned from dropclaw_store"},save_to:{type:"string",description:"Path to save encrypted blob (optional)"}},required:["file_id"]}},
+{name:"dropclaw_pricing",description:"Get cost estimates for storing a file. Returns $30 USD service fee plus estimated gas costs. Syntek subscribers pay gas only.",inputSchema:{type:"object",properties:{file_size:{type:"number",description:"File size in bytes"}},required:["file_size"]}},
+{name:"dropclaw_list",description:"List all files stored via DropClaw with their encryption keys and file IDs saved locally.",inputSchema:{type:"object",properties:{}}}
 ]}));
 server.setRequestHandler(CallToolRequestSchema,async(req)=>{const{name,arguments:args}=req.params;try{
-if(name==="dropclaw_payment_options"||name==="dropclaw_pricing"){const r=await api("GET",`/vault/pricing?size=${args.file_size||1000000}`);return{content:[{type:"text",text:JSON.stringify(r,null,2)}]}}
-if(name==="dropclaw_store"){let cb64=args.content_base64;if(args.file_path&&!cb64){const raw=fs.readFileSync(args.file_path);const comp=zlib.deflateSync(raw);const key=crypto.randomBytes(32);const iv=crypto.randomBytes(12);const c=crypto.createCipheriv("aes-256-gcm",key,iv);const enc=Buffer.concat([c.update(comp),c.final()]);const tag=c.getAuthTag();cb64=Buffer.concat([iv,tag,enc]).toString("base64");const vd=path.join(process.env.HOME||process.env.USERPROFILE||"/tmp",".dropclaw");if(!fs.existsSync(vd))fs.mkdirSync(vd,{recursive:true});const kp=path.join(vd,"keys.json");let ks=[];try{ks=JSON.parse(fs.readFileSync(kp,"utf8"))}catch{}ks.push({fileName:args.file_name||path.basename(args.file_path),key:key.toString("hex"),storedAt:new Date().toISOString()});fs.writeFileSync(kp,JSON.stringify(ks,null,2))}
-const r=await api("POST","/vault/store",{content_base64:cb64,file_name:args.file_name||"untitled",payment_tx_hash:args.payment_tx_hash,payment_network:args.payment_network||"eip155:143"});return{content:[{type:"text",text:JSON.stringify(r,null,2)}]}}
-if(name==="dropclaw_retrieve"){const r=await api("POST",`/vault/retrieve/${args.file_id}`,{});if(args.save_to&&r.content_base64){fs.writeFileSync(args.save_to,Buffer.from(r.content_base64,"base64"))}return{content:[{type:"text",text:JSON.stringify(r,null,2)}]}}
-if(name==="dropclaw_list"){const vd=path.join(process.env.HOME||process.env.USERPROFILE||"/tmp",".dropclaw","keys.json");let ks=[];try{ks=JSON.parse(fs.readFileSync(vd,"utf8"))}catch{}return{content:[{type:"text",text:JSON.stringify(ks,null,2)}]}}
+if(name==="dropclaw_payment_options"||name==="dropclaw_pricing"){const sz=args.file_size!==undefined?args.file_size:1000000;const r=await api("GET",`/vault/pricing?size=${sz}`);return{content:[{type:"text",text:JSON.stringify(r,null,2)}]}}
+if(name==="dropclaw_store"){if(!args.file_path&&!args.content_base64){return{content:[{type:"text",text:"Error: Provide either file_path or content_base64"}],isError:true}}let cb64=args.content_base64;let keyHex=null;const fn=args.file_name||(args.file_path?path.basename(args.file_path):"untitled");if(args.file_path&&!cb64){const raw=fs.readFileSync(args.file_path);const comp=zlib.deflateSync(raw);const key=crypto.randomBytes(32);const iv=crypto.randomBytes(12);const c=crypto.createCipheriv("aes-256-gcm",key,iv);const enc=Buffer.concat([c.update(comp),c.final()]);const tag=c.getAuthTag();cb64=Buffer.concat([iv,tag,enc]).toString("base64");keyHex=key.toString("hex")}
+const r=await api("POST","/vault/store",{content_base64:cb64,file_name:fn,payment_tx_hash:args.payment_tx_hash,payment_network:args.payment_network||"eip155:143"});if(keyHex&&r.fileId){saveKey(fn,keyHex,r.fileId)}else if(keyHex){saveKey(fn,keyHex,r.file_id||null)}
+return{content:[{type:"text",text:JSON.stringify(r,null,2)+"\n\n⚠️ IMPORTANT: Save the file_id and encryption key. These stay with YOU — DropClaw does not store your keys. Without them, your data cannot be recovered."}]}}
+if(name==="dropclaw_retrieve"){const r=await api("POST",`/vault/retrieve/${args.file_id}`,{});if(r.content_base64&&args.save_to){fs.writeFileSync(args.save_to,Buffer.from(r.content_base64,"base64"))}return{content:[{type:"text",text:JSON.stringify(r,null,2)}]}}
+if(name==="dropclaw_list"){return{content:[{type:"text",text:JSON.stringify(getKeys(),null,2)}]}}
 return{content:[{type:"text",text:`Unknown tool: ${name}`}],isError:true}}catch(e){return{content:[{type:"text",text:`Error: ${e.message}`}],isError:true}}});
 async function main(){const t=new StdioServerTransport();await server.connect(t)}
 main().catch(e=>{process.stderr.write(`DropClaw MCP fatal: ${e.message}\n`);process.exit(1)});

package/dist/mcp/setup.js

@@ -1,13 +1,13 @@
 #!/usr/bin/env node
 /**
- * DropClaw Setup CLI v1.1.0
+ * DropClaw Setup CLI v1.2.0
  * (c) 2026 Farnsworth Labs — All rights reserved.
  * PROPRIETARY AND CONFIDENTIAL. Unauthorized copying prohibited.
  */
-const fs=require("fs"),path=require("path"),crypto=require("crypto"),readline=require("readline");
-const V="1.1.0",G="https://dropclaw.cloud";
+const fs=require("fs"),path=require("path"),readline=require("readline");
+const V="1.2.0",G="https://dropclaw.cloud";
 const VD=path.join(process.env.HOME||process.env.USERPROFILE||"/tmp",".dropclaw");
-const VP=path.join(VD,"vault.enc");
+const VP=path.join(VD,"vault.json");
 function rl(){return readline.createInterface({input:process.stdin,output:process.stdout})}
 function ask(r,q){return new Promise(res=>{r.question(q,ans=>{res(ans.trim())})})}
 async function setup(){
@@ -26,11 +26,12 @@ try{const resp=await fetch(`${gw}/vault/pricing?size=1000`);const d=await resp.j
 }
 async function status(){
 console.log(`\n  DropClaw Status v${V}\n  ${"─".repeat(30)}\n`);
-if(!fs.existsSync(VP)){console.log("  No credentials found. Run: npx dropclaw setup\n");return}
-const vault=JSON.parse(fs.readFileSync(VP,"utf8"));
+if(!fs.existsSync(VP)){const legacy=path.join(VD,"vault.enc");if(!fs.existsSync(legacy)){console.log("  No credentials found. Run: npx dropclaw setup\n");return}}
+let vault;
+try{vault=JSON.parse(fs.readFileSync(fs.existsSync(VP)?VP:path.join(VD,"vault.enc"),"utf8"))}catch(e){console.log(`  Error reading credentials: ${e.message}\n`);return}
 const gw=vault.gateway||G;
 console.log(`  Gateway: ${gw}`);
-console.log(`  API Key: ${vault.apiKey?.slice(0,8)}...`);
+console.log(`  API Key: ${vault.apiKey?.slice(0,6)}...`);
 console.log(`  Created: ${vault.createdAt||"unknown"}`);
 try{const resp=await fetch(`${gw}/vault/pricing?size=1000000`);const d=await resp.json();console.log(`  Service: Online`);console.log(`  Fee: $${d.serviceFeeUSD} + gas`);console.log(`  Chains: MON, SOL, USDC`)}catch(e){console.log(`  Service: Offline (${e.message})`)}
 const kp=path.join(VD,"keys.json");
@@ -38,8 +39,11 @@ try{const ks=JSON.parse(fs.readFileSync(kp,"utf8"));console.log(`  Local keys: $
 console.log();
 }
 async function revoke(){
-if(fs.existsSync(VP)){crypto.randomFillSync(Buffer.alloc(256));fs.unlinkSync(VP);console.log("\n  Credentials securely erased.\n")}
-else{console.log("\n  No credentials found.\n")}
+const files=[VP,path.join(VD,"vault.enc"),path.join(VD,"keys.json")];
+let erased=false;
+for(const f of files){if(fs.existsSync(f)){fs.unlinkSync(f);erased=true}}
+if(erased){console.log("\n  Local credentials removed.");console.log("  Note: On-chain data is immutable and cannot be deleted.");console.log("  If you removed keys.json, encrypted on-chain files are unrecoverable.\n")}
+else console.log("\n  No credentials found.\n");
 }
 const cmd=process.argv[2]||"setup";
 if(cmd==="setup")setup().catch(e=>console.error(e.message));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dropclaw",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "DropClaw — Permanent encrypted on-chain storage for AI agents on Monad blockchain with x402 payments.",
   "main": "dist/client.js",
   "bin": {