leak-cli 2026.2.11

package/scripts/buy.js

@@ -0,0 +1,195 @@
+#!/usr/bin/env node
+import "dotenv/config";
+import fs from "node:fs";
+import path from "node:path";
+
+import { x402Client } from "@x402/core/client";
+import {
+  decodePaymentRequiredHeader,
+  decodePaymentResponseHeader,
+  encodePaymentSignatureHeader,
+} from "@x402/core/http";
+import { registerExactEvmScheme } from "@x402/evm/exact/client";
+import { privateKeyToAccount } from "viem/accounts";
+
+function usageAndExit(code = 1) {
+  console.log(
+    "Usage: leak buy <download_url> --buyer-private-key 0x... [--out <path> | --basename <name>]",
+  );
+  console.log("Examples:");
+  console.log(
+    "  leak buy https://xxxx.trycloudflare.com/download --buyer-private-key 0x...",
+  );
+  console.log(
+    "  leak buy https://xxxx.trycloudflare.com/download --buyer-private-key 0x... --basename myfile",
+  );
+  process.exit(code);
+}
+
+function parseArgs(argv) {
+  const args = { _: [] };
+  for (let i = 0; i < argv.length; i++) {
+    const a = argv[i];
+    if (a === "--help" || a === "-h") usageAndExit(0);
+    if (a.startsWith("--")) {
+      const key = a.slice(2);
+      const val = argv[i + 1];
+      if (val && !val.startsWith("--")) {
+        args[key] = val;
+        i++;
+      } else {
+        args[key] = true;
+      }
+    } else {
+      args._.push(a);
+    }
+  }
+  return args;
+}
+
+function getHeaderCaseInsensitive(headers, name) {
+  const target = name.toLowerCase();
+  for (const [k, v] of headers.entries()) {
+    if (k.toLowerCase() === target) return v;
+  }
+  return null;
+}
+
+function normalizePrivateKey(pk) {
+  const s = String(pk).trim();
+  if (s.startsWith("0x")) return s;
+  return `0x${s}`;
+}
+
+function filenameFromContentDisposition(cd) {
+  // Very small parser: attachment; filename="foo.ext"
+  if (!cd) return null;
+  const m = String(cd).match(/filename\*=UTF-8''([^;]+)|filename="?([^";]+)"?/i);
+  const raw = m ? (m[1] || m[2]) : null;
+  if (!raw) return null;
+  try {
+    return decodeURIComponent(raw);
+  } catch {
+    return raw;
+  }
+}
+
+function sanitizeFilename(name) {
+  const base = path.basename(String(name || "").trim());
+  if (!base || base === "." || base === "..") return "downloaded.bin";
+  return base.replace(/[\u0000-\u001f\u007f]/g, "_");
+}
+
+function explorerTxUrl(network, transaction) {
+  if (!network || !transaction) return null;
+  if (network === "eip155:8453") return `https://basescan.org/tx/${transaction}`;
+  if (network === "eip155:84532") return `https://sepolia.basescan.org/tx/${transaction}`;
+  return null;
+}
+
+async function main() {
+  const args = parseArgs(process.argv.slice(2));
+  const downloadUrl = args._[0];
+  if (!downloadUrl) usageAndExit(1);
+
+  const buyerPk =
+    args["buyer-private-key"] || process.env.BUYER_PRIVATE_KEY || process.env.LEAK_BUYER_PRIVATE_KEY;
+  if (!buyerPk) {
+    console.error(
+      "Missing --buyer-private-key (or env BUYER_PRIVATE_KEY / LEAK_BUYER_PRIVATE_KEY)",
+    );
+    process.exit(1);
+  }
+
+  const account = privateKeyToAccount(normalizePrivateKey(buyerPk));
+  const client = new x402Client();
+  registerExactEvmScheme(client, { signer: account });
+
+  // 1) Request: expect 402 with PAYMENT-REQUIRED header.
+  const r1 = await fetch(downloadUrl, { method: "GET" });
+  if (r1.status !== 402) {
+    const text = await r1.text().catch(() => "");
+    throw new Error(`Expected 402, got ${r1.status}: ${text}`);
+  }
+
+  const paymentRequiredHeader = getHeaderCaseInsensitive(r1.headers, "PAYMENT-REQUIRED");
+  if (!paymentRequiredHeader) throw new Error("Missing PAYMENT-REQUIRED header");
+
+  const paymentRequired = decodePaymentRequiredHeader(paymentRequiredHeader);
+  const payload = await client.createPaymentPayload(paymentRequired);
+  const paymentHeader = encodePaymentSignatureHeader(payload);
+
+  // 2) Retry with payment signature, expect token JSON.
+  const r2 = await fetch(downloadUrl, {
+    method: "GET",
+    headers: {
+      "PAYMENT-SIGNATURE": paymentHeader,
+    },
+  });
+
+  if (!r2.ok) {
+    const text = await r2.text().catch(() => "");
+    throw new Error(`Payment failed ${r2.status}: ${text}`);
+  }
+
+  const paymentResponseHeader =
+    getHeaderCaseInsensitive(r2.headers, "PAYMENT-RESPONSE")
+    || getHeaderCaseInsensitive(r2.headers, "X-PAYMENT-RESPONSE");
+  if (paymentResponseHeader) {
+    try {
+      const receipt = decodePaymentResponseHeader(paymentResponseHeader);
+      const explorer = explorerTxUrl(receipt.network, receipt.transaction);
+      console.log("Payment receipt:");
+      console.log(`- network: ${receipt.network}`);
+      if (receipt.payer) console.log(`- payer:   ${receipt.payer}`);
+      console.log(`- tx:      ${receipt.transaction}`);
+      if (explorer) console.log(`- explorer: ${explorer}`);
+    } catch (err) {
+      console.error(`[buy] warning: could not decode PAYMENT-RESPONSE header (${err.message || String(err)})`);
+    }
+  }
+
+  const data = await r2.json();
+  const token = data?.token;
+  if (!token) throw new Error(`Missing token in response: ${JSON.stringify(data)}`);
+
+  // Determine download URL for the token step.
+  const base = new URL(downloadUrl);
+  const tokenUrl = new URL(base.toString());
+  tokenUrl.searchParams.set("token", token);
+
+  // 3) Download with token.
+  const r3 = await fetch(tokenUrl.toString(), { method: "GET" });
+  if (!r3.ok) {
+    const text = await r3.text().catch(() => "");
+    throw new Error(`Download failed ${r3.status}: ${text}`);
+  }
+
+  const serverFilename =
+    data?.filename ||
+    filenameFromContentDisposition(r3.headers.get("content-disposition")) ||
+    "downloaded.bin";
+  const safeServerFilename = sanitizeFilename(serverFilename);
+
+  let outPath;
+  if (args.out) {
+    outPath = String(args.out);
+  } else if (args.basename) {
+    const safeBase = sanitizeFilename(args.basename);
+    const ext = path.extname(safeServerFilename) || "";
+    outPath = `./${safeBase}${ext}`;
+  } else {
+    outPath = `./${safeServerFilename}`;
+  }
+
+  const buf = Buffer.from(await r3.arrayBuffer());
+  fs.mkdirSync(path.dirname(outPath), { recursive: true });
+  fs.writeFileSync(outPath, buf);
+
+  console.log(`Saved ${buf.length} bytes -> ${outPath}`);
+}
+
+main().catch((e) => {
+  console.error(e);
+  process.exit(1);
+});

package/scripts/cli.js

@@ -0,0 +1,55 @@
+#!/usr/bin/env node
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { spawn } from "node:child_process";
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+const sub = process.argv[2];
+
+function runSubcommand(scriptName, argv) {
+  const scriptPath = path.resolve(__dirname, scriptName);
+  const child = spawn(process.execPath, [scriptPath, ...argv], {
+    stdio: "inherit",
+  });
+
+  child.on("error", (err) => {
+    console.error(`Failed to launch ${scriptName}: ${err.message}`);
+    process.exit(1);
+  });
+
+  child.on("exit", (code, signal) => {
+    if (signal) {
+      console.error(`${scriptName} exited via signal ${signal}`);
+      process.exit(1);
+    }
+    process.exit(code ?? 1);
+  });
+}
+
+if (!sub || sub === "--help" || sub === "-h") {
+  console.log("Usage:");
+  console.log("  leak --file <path> [--price <usdc>] [--window <duration>] [--pay-to <address>] [--network <caip2>] [--port <port>] [--confirmed] [--public] [--og-title <text>] [--og-description <text>] [--og-image-url <https://...|./image.png>] [--ended-window-seconds <seconds>]");
+  console.log("  leak buy <download_url> --buyer-private-key 0x... [--out <path> | --basename <name>]");
+  console.log("  leak config");
+  console.log("  leak config show");
+  console.log("  leak config --write-env");
+  console.log("");
+  console.log("Notes:");
+  console.log("  share / as promo (social card), use /download for agent-assisted purchase.");
+  console.log("Backward-compatible:");
+  console.log("  leak leak --file <path> ...");
+  process.exit(0);
+}
+
+if (sub === "leak") {
+  runSubcommand("leak.js", process.argv.slice(3));
+} else if (sub === "buy") {
+  runSubcommand("buy.js", process.argv.slice(3));
+} else if (sub === "config") {
+  runSubcommand("config.js", process.argv.slice(3));
+} else {
+  // Default command: treat all args as leak-server args.
+  runSubcommand("leak.js", process.argv.slice(2));
+}

package/scripts/config.js

@@ -0,0 +1,322 @@
+#!/usr/bin/env node
+import "dotenv/config";
+import fs from "node:fs";
+import path from "node:path";
+import readline from "node:readline/promises";
+import { stdin as input, stdout as output } from "node:process";
+
+import {
+  defaultFacilitatorUrlForMode,
+  redactConfig,
+  readConfig,
+  writeConfig,
+} from "./config_store.js";
+
+const ALLOWED_FACILITATOR_MODES = new Set(["testnet", "cdp_mainnet"]);
+const ALLOWED_CONFIRMATION_POLICIES = new Set(["confirmed", "optimistic"]);
+
+function usageAndExit(code = 0) {
+  console.log("Usage:");
+  console.log("  leak config");
+  console.log("  leak config show");
+  console.log("  leak config --write-env");
+  console.log("");
+  console.log("Notes:");
+  console.log("  - Stores defaults in ~/.leak/config.json");
+  console.log("  - `--write-env` writes a project .env scaffold in the current directory");
+  process.exit(code);
+}
+
+function parseArgs(argv) {
+  const args = { _: [] };
+  for (let i = 0; i < argv.length; i++) {
+    const token = argv[i];
+    if (token === "--help" || token === "-h") usageAndExit(0);
+    if (token.startsWith("--")) {
+      const key = token.slice(2);
+      const next = argv[i + 1];
+      if (next && !next.startsWith("--")) {
+        args[key] = next;
+        i++;
+      } else {
+        args[key] = true;
+      }
+      continue;
+    }
+    args._.push(token);
+  }
+  return args;
+}
+
+function parsePositiveInt(value) {
+  const n = Number(value);
+  if (!Number.isFinite(n) || n <= 0) return null;
+  return Math.floor(n);
+}
+
+function parseNonNegativeInt(value) {
+  const n = Number(value);
+  if (!Number.isFinite(n) || n < 0) return null;
+  return Math.floor(n);
+}
+
+function parseDurationToSeconds(s) {
+  if (!s) return null;
+  const str = String(s).trim().toLowerCase();
+  const spaced = str.replace(/\s+/g, "");
+  if (/^\d+$/.test(spaced)) return Number(spaced);
+  const m = spaced.match(
+    /^(\d+(?:\.\d+)?)(s|sec|secs|second|seconds|m|min|mins|minute|minutes|h|hr|hrs|hour|hours|d|day|days)$/,
+  );
+  if (!m) return null;
+  const n = Number(m[1]);
+  const unit = m[2];
+  if (["s", "sec", "secs", "second", "seconds"].includes(unit)) return Math.round(n);
+  if (["m", "min", "mins", "minute", "minutes"].includes(unit)) return Math.round(n * 60);
+  if (["h", "hr", "hrs", "hour", "hours"].includes(unit)) return Math.round(n * 3600);
+  if (["d", "day", "days"].includes(unit)) return Math.round(n * 86400);
+  return null;
+}
+
+async function askWithDefault(rl, label, currentValue = "") {
+  const current = String(currentValue ?? "").trim();
+  const suffix = current ? ` [${current}]` : "";
+  const answer = (await rl.question(`${label}${suffix}: `)).trim();
+  return answer || current;
+}
+
+function printShow() {
+  const loaded = readConfig();
+  if (loaded.error) {
+    console.error(`[config] warning: ${loaded.error}`);
+  }
+  if (!loaded.exists) {
+    console.log(`No leak config found at ${loaded.path}`);
+    console.log("Run `leak config` to initialize your config file.");
+    return;
+  }
+
+  const redacted = redactConfig(loaded.config);
+  console.log(`Leak config path: ${loaded.path}`);
+  console.log(JSON.stringify(redacted, null, 2));
+}
+
+function buildEnvScaffold(defaults) {
+  const facilitatorMode = defaults.facilitatorMode || "testnet";
+  const facilitatorUrl = defaults.facilitatorUrl || defaultFacilitatorUrlForMode(facilitatorMode);
+  const windowSeconds = parseDurationToSeconds(defaults.window || "");
+
+  const lines = [
+    "# Generated by `leak config --write-env`",
+    "",
+    "# Server",
+    `PORT=${defaults.port || 4021}`,
+    "",
+    "# x402",
+    `FACILITATOR_MODE=${facilitatorMode}`,
+    `FACILITATOR_URL=${facilitatorUrl}`,
+    `SELLER_PAY_TO=${defaults.sellerPayTo || ""}`,
+    `PRICE_USD=${defaults.priceUsd || "0.01"}`,
+    `CHAIN_ID=${defaults.chainId || "eip155:84532"}`,
+    `WINDOW_SECONDS=${windowSeconds ?? 3600}`,
+    "",
+    "# Required when FACILITATOR_MODE=cdp_mainnet (Base mainnet path)",
+    `CDP_API_KEY_ID=${defaults.cdpApiKeyId || ""}`,
+    `CDP_API_KEY_SECRET=${defaults.cdpApiKeySecret || ""}`,
+    "",
+    "# Settlement / confirmation policy",
+    `CONFIRMATION_POLICY=${defaults.confirmationPolicy || "confirmed"}`,
+    "CONFIRMATIONS_REQUIRED=1",
+    "",
+    "# Artifact to serve",
+    "ARTIFACT_PATH=./protected/asset.bin",
+    "PROTECTED_MIME=application/octet-stream",
+    "",
+  ];
+
+  return `${lines.join("\n")}\n`;
+}
+
+function maybeWriteEnvScaffold(defaults) {
+  const envPath = path.resolve(process.cwd(), ".env");
+  if (fs.existsSync(envPath)) {
+    console.log(`[config] ${envPath} already exists; skipping .env scaffold write.`);
+    return;
+  }
+
+  const body = buildEnvScaffold(defaults);
+  fs.writeFileSync(envPath, body);
+  console.log(`[config] wrote ${envPath}`);
+}
+
+async function runWizard({ writeEnv }) {
+  const loaded = readConfig();
+  if (loaded.error) {
+    console.error(`[config] warning: ${loaded.error}`);
+  }
+
+  const existing = loaded.config.defaults || {};
+  const rl = readline.createInterface({ input, output });
+
+  try {
+    const sellerPayTo = await askWithDefault(
+      rl,
+      "SELLER_PAY_TO (seller payout address)",
+      existing.sellerPayTo || "",
+    );
+
+    const chainId = await askWithDefault(
+      rl,
+      "CHAIN_ID",
+      existing.chainId || "eip155:84532",
+    );
+
+    let facilitatorMode = await askWithDefault(
+      rl,
+      "FACILITATOR_MODE (testnet|cdp_mainnet)",
+      existing.facilitatorMode || "testnet",
+    );
+    facilitatorMode = facilitatorMode.toLowerCase();
+    while (!ALLOWED_FACILITATOR_MODES.has(facilitatorMode)) {
+      console.error("Invalid FACILITATOR_MODE. Use: testnet or cdp_mainnet");
+      facilitatorMode = (await askWithDefault(rl, "FACILITATOR_MODE", "testnet")).toLowerCase();
+    }
+
+    const modeDefaultUrl = defaultFacilitatorUrlForMode(facilitatorMode);
+    const existingModeUrl =
+      existing.facilitatorMode === facilitatorMode
+        ? existing.facilitatorUrl || ""
+        : "";
+    const facilitatorUrl = await askWithDefault(
+      rl,
+      "FACILITATOR_URL",
+      existingModeUrl || modeDefaultUrl,
+    );
+
+    let cdpApiKeyId = existing.cdpApiKeyId || "";
+    let cdpApiKeySecret = existing.cdpApiKeySecret || "";
+    if (facilitatorMode === "cdp_mainnet") {
+      cdpApiKeyId = await askWithDefault(
+        rl,
+        "CDP_API_KEY_ID",
+        existing.cdpApiKeyId || "",
+      );
+      while (!cdpApiKeyId) {
+        console.error("CDP_API_KEY_ID is required when FACILITATOR_MODE=cdp_mainnet");
+        cdpApiKeyId = await askWithDefault(rl, "CDP_API_KEY_ID", "");
+      }
+
+      cdpApiKeySecret = await askWithDefault(
+        rl,
+        "CDP_API_KEY_SECRET",
+        existing.cdpApiKeySecret || "",
+      );
+      while (!cdpApiKeySecret) {
+        console.error("CDP_API_KEY_SECRET is required when FACILITATOR_MODE=cdp_mainnet");
+        cdpApiKeySecret = await askWithDefault(rl, "CDP_API_KEY_SECRET", "");
+      }
+    }
+
+    let confirmationPolicy = await askWithDefault(
+      rl,
+      "CONFIRMATION_POLICY (confirmed|optimistic)",
+      existing.confirmationPolicy || "confirmed",
+    );
+    confirmationPolicy = confirmationPolicy.toLowerCase();
+    while (!ALLOWED_CONFIRMATION_POLICIES.has(confirmationPolicy)) {
+      console.error("Invalid CONFIRMATION_POLICY. Use: confirmed or optimistic");
+      confirmationPolicy = (
+        await askWithDefault(rl, "CONFIRMATION_POLICY", "confirmed")
+      ).toLowerCase();
+    }
+
+    const priceUsd = await askWithDefault(
+      rl,
+      "PRICE_USD",
+      existing.priceUsd || "0.01",
+    );
+    const window = await askWithDefault(
+      rl,
+      "WINDOW (e.g. 15m, 1h, 3600)",
+      existing.window || "15m",
+    );
+
+    let portRaw = await askWithDefault(
+      rl,
+      "PORT",
+      String(existing.port || 4021),
+    );
+    let port = parsePositiveInt(portRaw);
+    while (port === null) {
+      console.error("PORT must be a positive integer");
+      portRaw = await askWithDefault(rl, "PORT", "4021");
+      port = parsePositiveInt(portRaw);
+    }
+
+    let endedWindowRaw = await askWithDefault(
+      rl,
+      "ENDED_WINDOW_SECONDS",
+      String(existing.endedWindowSeconds ?? 0),
+    );
+    let endedWindowSeconds = parseNonNegativeInt(endedWindowRaw);
+    while (endedWindowSeconds === null) {
+      console.error("ENDED_WINDOW_SECONDS must be a non-negative integer");
+      endedWindowRaw = await askWithDefault(rl, "ENDED_WINDOW_SECONDS", "0");
+      endedWindowSeconds = parseNonNegativeInt(endedWindowRaw);
+    }
+
+    const ogTitle = await askWithDefault(rl, "OG_TITLE (optional)", existing.ogTitle || "");
+    const ogDescription = await askWithDefault(
+      rl,
+      "OG_DESCRIPTION (optional)",
+      existing.ogDescription || "",
+    );
+
+    const defaults = {
+      sellerPayTo,
+      chainId,
+      facilitatorMode,
+      facilitatorUrl,
+      cdpApiKeyId,
+      cdpApiKeySecret,
+      confirmationPolicy,
+      priceUsd,
+      window,
+      port,
+      endedWindowSeconds,
+      ogTitle,
+      ogDescription,
+    };
+
+    const written = writeConfig({ version: 1, defaults });
+    console.log(`[config] saved ${written.path}`);
+    console.log(JSON.stringify(redactConfig(written.config), null, 2));
+
+    if (writeEnv) {
+      maybeWriteEnvScaffold(written.config.defaults);
+    }
+  } finally {
+    rl.close();
+  }
+}
+
+async function main() {
+  const args = parseArgs(process.argv.slice(2));
+  const sub = args._[0];
+
+  if (sub === "show") {
+    printShow();
+    return;
+  }
+
+  if (sub && sub !== "show") {
+    usageAndExit(1);
+  }
+
+  await runWizard({ writeEnv: Boolean(args["write-env"]) });
+}
+
+main().catch((err) => {
+  console.error(err);
+  process.exit(1);
+});