npm - mnemospark - Versions diffs - 0.1.2 - Mend

mnemospark 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/LICENSE +21 -0
package/README.md +84 -0
package/dist/cli.d.ts +1 -0
package/dist/cli.js +1643 -0
package/dist/cli.js.map +1 -0
package/dist/index.d.ts +595 -0
package/dist/index.js +3217 -0
package/dist/index.js.map +1 -0
package/openclaw.plugin.json +22 -0
package/package.json +91 -0
package/scripts/README.md +61 -0
package/scripts/install-aws-cli.sh +28 -0
package/scripts/install-jq.sh +13 -0
package/scripts/install-pnpm.sh +20 -0
package/scripts/reinstall.sh +102 -0
package/scripts/seed-mnemospark-backend.sh +96 -0
package/scripts/sync-plugin-version.js +24 -0
package/scripts/uninstall.sh +67 -0
package/scripts/verify-dev-tools.sh +56 -0

package/dist/cli.js ADDED Viewed

@@ -0,0 +1,1643 @@
+#!/usr/bin/env node
+// src/proxy.ts
+import { createServer } from "http";
+import { privateKeyToAccount as privateKeyToAccount2 } from "viem/accounts";
+// src/balance.ts
+import { createPublicClient, http, erc20Abi } from "viem";
+import { base } from "viem/chains";
+// src/errors.ts
+var RpcError = class extends Error {
+  code = "RPC_ERROR";
+  originalError;
+  constructor(message, originalError) {
+    super(`RPC error: ${message}. Check network connectivity.`);
+    this.name = "RpcError";
+    this.originalError = originalError;
+  }
+};
+// src/balance.ts
+var USDC_BASE = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913";
+var CACHE_TTL_MS = 3e4;
+var BALANCE_THRESHOLDS = {
+  /** Low balance warning threshold: $1.00 */
+  LOW_BALANCE_MICROS: 1000000n,
+  /** Effectively zero threshold: $0.0001 (covers dust/rounding) */
+  ZERO_THRESHOLD: 100n
+};
+var BalanceMonitor = class {
+  client;
+  walletAddress;
+  /** Cached balance (null = not yet fetched) */
+  cachedBalance = null;
+  /** Timestamp when cache was last updated */
+  cachedAt = 0;
+  constructor(walletAddress) {
+    this.walletAddress = walletAddress;
+    this.client = createPublicClient({
+      chain: base,
+      transport: http(void 0, {
+        timeout: 1e4
+        // 10 second timeout to prevent hanging on slow RPC
+      })
+    });
+  }
+  /**
+   * Check current USDC balance.
+   * Uses cache if valid, otherwise fetches from RPC.
+   */
+  async checkBalance() {
+    const now = Date.now();
+    if (this.cachedBalance !== null && now - this.cachedAt < CACHE_TTL_MS) {
+      return this.buildInfo(this.cachedBalance);
+    }
+    const balance = await this.fetchBalance();
+    this.cachedBalance = balance;
+    this.cachedAt = now;
+    return this.buildInfo(balance);
+  }
+  /**
+   * Check if balance is sufficient for an estimated cost.
+   *
+   * @param estimatedCostMicros - Estimated cost in USDC smallest unit (6 decimals)
+   */
+  async checkSufficient(estimatedCostMicros) {
+    const info = await this.checkBalance();
+    if (info.balance >= estimatedCostMicros) {
+      return { sufficient: true, info };
+    }
+    const shortfall = estimatedCostMicros - info.balance;
+    return {
+      sufficient: false,
+      info,
+      shortfall: this.formatUSDC(shortfall)
+    };
+  }
+  /**
+   * Optimistically deduct estimated cost from cached balance.
+   * Call this after a successful payment to keep cache accurate.
+   *
+   * @param amountMicros - Amount to deduct in USDC smallest unit
+   */
+  deductEstimated(amountMicros) {
+    if (this.cachedBalance !== null && this.cachedBalance >= amountMicros) {
+      this.cachedBalance -= amountMicros;
+    }
+  }
+  /**
+   * Invalidate cache, forcing next checkBalance() to fetch from RPC.
+   * Call this after a payment failure to get accurate balance.
+   */
+  invalidate() {
+    this.cachedBalance = null;
+    this.cachedAt = 0;
+  }
+  /**
+   * Force refresh balance from RPC (ignores cache).
+   */
+  async refresh() {
+    this.invalidate();
+    return this.checkBalance();
+  }
+  /**
+   * Format USDC amount (in micros) as "$X.XX".
+   */
+  formatUSDC(amountMicros) {
+    const dollars = Number(amountMicros) / 1e6;
+    return `$${dollars.toFixed(2)}`;
+  }
+  /**
+   * Get the wallet address being monitored.
+   */
+  getWalletAddress() {
+    return this.walletAddress;
+  }
+  /** Fetch balance from RPC */
+  async fetchBalance() {
+    try {
+      const balance = await this.client.readContract({
+        address: USDC_BASE,
+        abi: erc20Abi,
+        functionName: "balanceOf",
+        args: [this.walletAddress]
+      });
+      return balance;
+    } catch (error) {
+      throw new RpcError(error instanceof Error ? error.message : "Unknown error", error);
+    }
+  }
+  /** Build BalanceInfo from raw balance */
+  buildInfo(balance) {
+    return {
+      balance,
+      balanceUSD: this.formatUSDC(balance),
+      isLow: balance < BALANCE_THRESHOLDS.LOW_BALANCE_MICROS,
+      isEmpty: balance < BALANCE_THRESHOLDS.ZERO_THRESHOLD,
+      walletAddress: this.walletAddress
+    };
+  }
+};
+// src/config.ts
+var DEFAULT_PORT = 7120;
+var PROXY_PORT = (() => {
+  const envPort = process.env.MNEMOSPARK_PROXY_PORT;
+  if (envPort) {
+    const parsed = parseInt(envPort, 10);
+    if (!isNaN(parsed) && parsed > 0 && parsed < 65536) {
+      return parsed;
+    }
+  }
+  return DEFAULT_PORT;
+})();
+var MNEMOSPARK_BACKEND_API_BASE_URL = (process.env.MNEMOSPARK_BACKEND_API_BASE_URL ?? "").trim();
+// src/mnemospark-request-sign.ts
+import { getAddress } from "viem";
+import { privateKeyToAccount, signTypedData } from "viem/accounts";
+// src/nonce.ts
+function createNonce() {
+  const bytes = new Uint8Array(32);
+  crypto.getRandomValues(bytes);
+  return `0x${Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("")}`;
+}
+// src/mnemospark-request-sign.ts
+var MNEMOSPARK_DOMAIN_NAME = "Mnemospark";
+var MNEMOSPARK_DOMAIN_VERSION = "1";
+var MNEMOSPARK_VERIFYING_CONTRACT = "0x0000000000000000000000000000000000000001";
+var BASE_MAINNET_CHAIN_ID = 8453;
+var BASE_SEPOLIA_CHAIN_ID = 84532;
+var MNEMOSPARK_REQUEST_TYPES = {
+  MnemosparkRequest: [
+    { name: "method", type: "string" },
+    { name: "path", type: "string" },
+    { name: "walletAddress", type: "string" },
+    { name: "nonce", type: "string" },
+    { name: "timestamp", type: "string" }
+  ]
+};
+function encodeBase64Json(value) {
+  return Buffer.from(JSON.stringify(value), "utf8").toString("base64");
+}
+function normalizeMethod(method) {
+  const normalized = method.trim().toUpperCase();
+  if (!normalized) {
+    throw new Error("Request signing requires a non-empty HTTP method.");
+  }
+  return normalized;
+}
+function normalizePath(path) {
+  const trimmed = path.trim();
+  if (!trimmed) {
+    throw new Error("Request signing requires a non-empty path.");
+  }
+  let parsedPath;
+  if (/^https?:\/\//i.test(trimmed)) {
+    parsedPath = new URL(trimmed).pathname;
+  } else {
+    parsedPath = trimmed.split("?")[0]?.split("#")[0] ?? "";
+  }
+  if (!parsedPath) {
+    throw new Error("Request signing requires a valid request path.");
+  }
+  const prefixed = parsedPath.startsWith("/") ? parsedPath : `/${parsedPath}`;
+  const deduplicated = prefixed.replace(/\/{2,}/g, "/");
+  return deduplicated.length > 1 && deduplicated.endsWith("/") ? deduplicated.slice(0, -1) : deduplicated;
+}
+function normalizeTimestamp(value) {
+  const timestamp = value ?? Math.floor(Date.now() / 1e3).toString();
+  if (!/^\d+$/.test(timestamp)) {
+    throw new Error("Request signing timestamp must be a Unix timestamp in seconds.");
+  }
+  return timestamp;
+}
+function normalizeNonce(value) {
+  const nonce = value ?? createNonce();
+  if (!/^0x[0-9a-fA-F]{64}$/.test(nonce)) {
+    throw new Error("Request signing nonce must be a 32-byte hex value.");
+  }
+  return nonce;
+}
+function normalizeChainId(chainId) {
+  const selected = chainId ?? BASE_MAINNET_CHAIN_ID;
+  if (selected !== BASE_MAINNET_CHAIN_ID && selected !== BASE_SEPOLIA_CHAIN_ID) {
+    throw new Error(`Unsupported chainId for request signing: ${selected}`);
+  }
+  return selected;
+}
+function createMnemosparkRequestDomain(chainId) {
+  return {
+    name: MNEMOSPARK_DOMAIN_NAME,
+    version: MNEMOSPARK_DOMAIN_VERSION,
+    chainId: normalizeChainId(chainId),
+    verifyingContract: MNEMOSPARK_VERIFYING_CONTRACT
+  };
+}
+function createMnemosparkRequestPayload(method, path, walletAddress, options) {
+  return {
+    method: normalizeMethod(method),
+    path: normalizePath(path),
+    walletAddress: getAddress(walletAddress),
+    nonce: normalizeNonce(options?.nonce),
+    timestamp: normalizeTimestamp(options?.timestamp)
+  };
+}
+async function createWalletSignatureHeaderValue(method, path, walletAddress, walletPrivateKey, options) {
+  const payload = createMnemosparkRequestPayload(method, path, walletAddress, {
+    nonce: options?.nonce,
+    timestamp: options?.timestamp
+  });
+  const signer = privateKeyToAccount(walletPrivateKey);
+  if (signer.address.toLowerCase() !== payload.walletAddress.toLowerCase()) {
+    throw new Error(
+      `Wallet address ${payload.walletAddress} does not match signer address ${signer.address}.`
+    );
+  }
+  const signature = await signTypedData({
+    privateKey: walletPrivateKey,
+    domain: createMnemosparkRequestDomain(options?.chainId),
+    types: MNEMOSPARK_REQUEST_TYPES,
+    primaryType: "MnemosparkRequest",
+    message: payload
+  });
+  const headerEnvelope = {
+    payloadB64: encodeBase64Json(payload),
+    signature,
+    address: signer.address
+  };
+  return encodeBase64Json(headerEnvelope);
+}
+// src/cloud-utils.ts
+function normalizeBaseUrl(baseUrl) {
+  return baseUrl.replace(/\/+$/, "");
+}
+function asRecord(value) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) {
+    return null;
+  }
+  return value;
+}
+function asNumber(value) {
+  if (typeof value === "number" && Number.isFinite(value)) {
+    return value;
+  }
+  if (typeof value === "string" && value.trim().length > 0) {
+    const parsed = Number.parseFloat(value);
+    if (Number.isFinite(parsed)) {
+      return parsed;
+    }
+  }
+  return null;
+}
+function asNonEmptyString(value) {
+  if (typeof value !== "string") {
+    return null;
+  }
+  const trimmed = value.trim();
+  return trimmed.length > 0 ? trimmed : null;
+}
+function normalizePaymentRequired(headers) {
+  return headers.get("PAYMENT-REQUIRED") ?? headers.get("x-payment-required") ?? void 0;
+}
+function normalizePaymentResponse(headers) {
+  return headers.get("PAYMENT-RESPONSE") ?? headers.get("x-payment-response") ?? void 0;
+}
+// src/wallet-signature.ts
+function normalizeWalletSignature(value) {
+  const trimmed = value?.trim();
+  return trimmed && trimmed.length > 0 ? trimmed : void 0;
+}
+// src/cloud-price-storage.ts
+var PRICE_STORAGE_PROXY_PATH = "/mnemospark/price-storage";
+var UPLOAD_PROXY_PATH = "/mnemospark/upload";
+function parsePriceStorageQuoteRequest(payload) {
+  const record = asRecord(payload);
+  if (!record) {
+    return null;
+  }
+  const walletAddress = asNonEmptyString(record.wallet_address);
+  const objectId = asNonEmptyString(record.object_id);
+  const objectIdHash = asNonEmptyString(record.object_id_hash);
+  const gb = asNumber(record.gb);
+  const provider = asNonEmptyString(record.provider);
+  const region = asNonEmptyString(record.region);
+  if (!walletAddress || !objectId || !objectIdHash || gb === null || !provider || !region) {
+    return null;
+  }
+  return {
+    wallet_address: walletAddress,
+    object_id: objectId,
+    object_id_hash: objectIdHash,
+    gb,
+    provider,
+    region
+  };
+}
+function parseStorageUploadRequest(payload) {
+  const record = asRecord(payload);
+  if (!record) {
+    return null;
+  }
+  const quoteId = asNonEmptyString(record.quote_id);
+  const walletAddress = asNonEmptyString(record.wallet_address);
+  const objectId = asNonEmptyString(record.object_id);
+  const objectIdHash = asNonEmptyString(record.object_id_hash);
+  const quotedStoragePrice = asNumber(record.quoted_storage_price);
+  const payloadRecord = asRecord(record.payload);
+  if (!payloadRecord) {
+    return null;
+  }
+  const modeRaw = asNonEmptyString(payloadRecord.mode);
+  const mode = modeRaw === "inline" || modeRaw === "presigned" ? modeRaw : null;
+  const contentBase64 = payloadRecord.content_base64 === void 0 ? void 0 : asNonEmptyString(payloadRecord.content_base64);
+  const contentSha256 = asNonEmptyString(payloadRecord.content_sha256);
+  const contentLengthBytes = asNumber(payloadRecord.content_length_bytes);
+  const wrappedDek = asNonEmptyString(payloadRecord.wrapped_dek);
+  const encryptionAlgorithm = asNonEmptyString(payloadRecord.encryption_algorithm);
+  const bucketNameHint = asNonEmptyString(payloadRecord.bucket_name_hint);
+  const keyStorePathHint = asNonEmptyString(payloadRecord.key_store_path_hint);
+  if (!quoteId || !walletAddress || !objectId || !objectIdHash || quotedStoragePrice === null || !mode || !contentSha256 || contentLengthBytes === null || !wrappedDek || encryptionAlgorithm !== "AES-256-GCM" || !bucketNameHint || !keyStorePathHint) {
+    return null;
+  }
+  if (mode === "inline" && !contentBase64) {
+    return null;
+  }
+  return {
+    quote_id: quoteId,
+    wallet_address: walletAddress,
+    object_id: objectId,
+    object_id_hash: objectIdHash,
+    quoted_storage_price: quotedStoragePrice,
+    payload: {
+      mode,
+      content_base64: contentBase64 ?? void 0,
+      content_sha256: contentSha256,
+      content_length_bytes: contentLengthBytes,
+      wrapped_dek: wrappedDek,
+      encryption_algorithm: "AES-256-GCM",
+      bucket_name_hint: bucketNameHint,
+      key_store_path_hint: keyStorePathHint
+    }
+  };
+}
+async function forwardPriceStorageToBackend(request, options = {}) {
+  const fetchImpl = options.fetchImpl ?? fetch;
+  const backendBaseUrl = (options.backendBaseUrl ?? "").trim();
+  const walletSignature = normalizeWalletSignature(options.walletSignature);
+  if (!backendBaseUrl) {
+    throw new Error("MNEMOSPARK_BACKEND_API_BASE_URL is not configured");
+  }
+  const headers = {
+    "Content-Type": "application/json"
+  };
+  if (walletSignature) {
+    headers["X-Wallet-Signature"] = walletSignature;
+  }
+  const targetUrl = `${normalizeBaseUrl(backendBaseUrl)}/price-storage`;
+  const response = await fetchImpl(targetUrl, {
+    method: "POST",
+    headers,
+    body: JSON.stringify(request)
+  });
+  return {
+    status: response.status,
+    bodyText: await response.text(),
+    contentType: response.headers.get("content-type") ?? "application/json",
+    paymentRequired: normalizePaymentRequired(response.headers),
+    paymentResponse: normalizePaymentResponse(response.headers)
+  };
+}
+async function forwardStorageUploadToBackend(request, options = {}) {
+  const fetchImpl = options.fetchImpl ?? fetch;
+  const backendBaseUrl = (options.backendBaseUrl ?? "").trim();
+  const walletSignature = normalizeWalletSignature(options.walletSignature);
+  if (!backendBaseUrl) {
+    throw new Error("MNEMOSPARK_BACKEND_API_BASE_URL is not configured");
+  }
+  if (!walletSignature) {
+    throw new Error(
+      "Wallet required for storage endpoints: wallet key must be present to sign requests."
+    );
+  }
+  const requestHeaders = {
+    "Content-Type": "application/json",
+    "X-Wallet-Signature": walletSignature
+  };
+  if (options.idempotencyKey && options.idempotencyKey.trim().length > 0) {
+    requestHeaders["Idempotency-Key"] = options.idempotencyKey.trim();
+  }
+  const paymentSignature = options.paymentSignature?.trim();
+  const legacyPayment = options.legacyPayment?.trim();
+  if (paymentSignature) {
+    requestHeaders["PAYMENT-SIGNATURE"] = paymentSignature;
+    requestHeaders["x-payment"] = paymentSignature;
+  }
+  if (legacyPayment) {
+    requestHeaders["x-payment"] = legacyPayment;
+    requestHeaders["PAYMENT-SIGNATURE"] = requestHeaders["PAYMENT-SIGNATURE"] ?? legacyPayment;
+  }
+  const targetUrl = `${normalizeBaseUrl(backendBaseUrl)}/storage/upload`;
+  const response = await fetchImpl(targetUrl, {
+    method: "POST",
+    headers: requestHeaders,
+    body: JSON.stringify(request)
+  });
+  return {
+    status: response.status,
+    bodyText: await response.text(),
+    contentType: response.headers.get("content-type") ?? "application/json",
+    paymentRequired: normalizePaymentRequired(response.headers),
+    paymentResponse: normalizePaymentResponse(response.headers)
+  };
+}
+// src/cloud-storage.ts
+import { mkdir, writeFile } from "fs/promises";
+import { dirname, join, resolve, sep } from "path";
+var STORAGE_LS_PROXY_PATH = "/mnemospark/storage/ls";
+var STORAGE_DOWNLOAD_PROXY_PATH = "/mnemospark/storage/download";
+var STORAGE_DELETE_PROXY_PATH = "/mnemospark/storage/delete";
+function parseJsonText(text, errorMessage) {
+  let parsed;
+  try {
+    parsed = JSON.parse(text);
+  } catch {
+    throw new Error(errorMessage);
+  }
+  const record = asRecord(parsed);
+  if (!record) {
+    throw new Error(errorMessage);
+  }
+  return record;
+}
+function sanitizeObjectKeyToRelativePath(objectKey) {
+  const normalized = objectKey.replace(/\\/g, "/").trim().replace(/^\/+/, "");
+  const segments = normalized.split("/").filter((segment) => segment.length > 0 && segment !== "." && segment !== "..");
+  if (segments.length === 0) {
+    return "downloaded-object";
+  }
+  return join(...segments);
+}
+function resolveDownloadPath(outputDir, objectKey) {
+  const resolvedOutputDir = resolve(outputDir);
+  const relativeObjectPath = sanitizeObjectKeyToRelativePath(objectKey);
+  const resolvedTargetPath = resolve(resolvedOutputDir, relativeObjectPath);
+  if (resolvedTargetPath !== resolvedOutputDir && !resolvedTargetPath.startsWith(`${resolvedOutputDir}${sep}`)) {
+    throw new Error("Resolved download target escapes output directory");
+  }
+  return resolvedTargetPath;
+}
+function parseFilenameFromContentDisposition(contentDisposition) {
+  if (!contentDisposition) {
+    return void 0;
+  }
+  const utf8Match = contentDisposition.match(/filename\*=UTF-8''([^;]+)/i);
+  if (utf8Match?.[1]) {
+    try {
+      return decodeURIComponent(utf8Match[1]);
+    } catch {
+      return utf8Match[1];
+    }
+  }
+  const quotedMatch = contentDisposition.match(/filename="([^"]+)"/i);
+  if (quotedMatch?.[1]) {
+    return quotedMatch[1];
+  }
+  const plainMatch = contentDisposition.match(/filename=([^;]+)/i);
+  if (plainMatch?.[1]) {
+    return plainMatch[1].trim();
+  }
+  return void 0;
+}
+async function forwardStorageToBackend(path, method, request, options = {}) {
+  const fetchImpl = options.fetchImpl ?? fetch;
+  const backendBaseUrl = (options.backendBaseUrl ?? "").trim();
+  const walletSignature = normalizeWalletSignature(options.walletSignature);
+  if (!backendBaseUrl) {
+    throw new Error("MNEMOSPARK_BACKEND_API_BASE_URL is not configured");
+  }
+  if (!walletSignature) {
+    throw new Error(
+      "Wallet required for storage endpoints: wallet key must be present to sign requests."
+    );
+  }
+  const targetUrl = `${normalizeBaseUrl(backendBaseUrl)}${path}`;
+  const response = await fetchImpl(targetUrl, {
+    method,
+    headers: {
+      "Content-Type": "application/json",
+      "X-Wallet-Signature": walletSignature
+    },
+    body: JSON.stringify(request)
+  });
+  const bodyBuffer = Buffer.from(await response.arrayBuffer());
+  return {
+    status: response.status,
+    bodyText: bodyBuffer.toString("utf-8"),
+    bodyBuffer,
+    contentType: response.headers.get("content-type") ?? "application/octet-stream",
+    contentDisposition: response.headers.get("content-disposition") ?? void 0,
+    paymentRequired: normalizePaymentRequired(response.headers),
+    paymentResponse: normalizePaymentResponse(response.headers)
+  };
+}
+function parseStorageObjectRequest(payload) {
+  const record = asRecord(payload);
+  if (!record) {
+    return null;
+  }
+  const walletAddress = asNonEmptyString(record.wallet_address);
+  const objectKey = asNonEmptyString(record.object_key);
+  const location = asNonEmptyString(record.location) ?? void 0;
+  if (!walletAddress || !objectKey) {
+    return null;
+  }
+  return {
+    wallet_address: walletAddress,
+    object_key: objectKey,
+    location
+  };
+}
+async function forwardStorageLsToBackend(request, options = {}) {
+  return forwardStorageToBackend("/storage/ls", "POST", request, options);
+}
+async function forwardStorageDownloadToBackend(request, options = {}) {
+  return forwardStorageToBackend("/storage/download", "POST", request, options);
+}
+async function forwardStorageDeleteToBackend(request, options = {}) {
+  return forwardStorageToBackend("/storage/delete", "POST", request, options);
+}
+async function downloadStorageToDisk(request, backendResponse, options = {}) {
+  const fetchImpl = options.fetchImpl ?? fetch;
+  const outputDir = options.outputDir ?? process.cwd();
+  let objectKey = request.object_key;
+  let bytes = backendResponse.bodyBuffer;
+  const contentType = backendResponse.contentType.toLowerCase();
+  if (contentType.includes("application/json")) {
+    const payload = parseJsonText(
+      backendResponse.bodyText,
+      "Download response was JSON but not parseable"
+    );
+    const payloadObjectKey = asNonEmptyString(payload.object_key) ?? asNonEmptyString(payload.key) ?? asNonEmptyString(payload.object_id);
+    const downloadUrl = asNonEmptyString(payload.download_url);
+    const inlineContent = asNonEmptyString(payload.content) ?? asNonEmptyString(payload.body_base64) ?? asNonEmptyString(payload.data);
+    if (payloadObjectKey) {
+      objectKey = payloadObjectKey;
+    }
+    if (downloadUrl) {
+      const fileResponse = await fetchImpl(downloadUrl, { method: "GET" });
+      if (!fileResponse.ok) {
+        throw new Error(`Presigned download failed with status ${fileResponse.status}`);
+      }
+      bytes = Buffer.from(await fileResponse.arrayBuffer());
+    } else if (inlineContent) {
+      bytes = Buffer.from(inlineContent, "base64");
+    } else {
+      throw new Error("Download response did not include download_url or inline content");
+    }
+  } else {
+    const filenameFromHeader = parseFilenameFromContentDisposition(
+      backendResponse.contentDisposition
+    );
+    if (filenameFromHeader) {
+      objectKey = filenameFromHeader;
+    }
+  }
+  const filePath = resolveDownloadPath(outputDir, objectKey);
+  await mkdir(dirname(filePath), { recursive: true });
+  await writeFile(filePath, bytes);
+  return {
+    key: objectKey,
+    filePath,
+    bytesWritten: bytes.length
+  };
+}
+// src/proxy.ts
+var HEALTH_CHECK_TIMEOUT_MS = 2e3;
+var PORT_RETRY_ATTEMPTS = 5;
+var PORT_RETRY_DELAY_MS = 1e3;
+function matchesProxyPath(url, path) {
+  return url === path || url?.startsWith(`${path}?`) === true;
+}
+function readHeaderValue(value) {
+  if (typeof value === "string") {
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : void 0;
+  }
+  if (Array.isArray(value)) {
+    for (const candidate of value) {
+      const trimmed = candidate.trim();
+      if (trimmed.length > 0) {
+        return trimmed;
+      }
+    }
+  }
+  return void 0;
+}
+async function readProxyJsonBody(req) {
+  const bodyChunks = [];
+  for await (const chunk of req) {
+    bodyChunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+  }
+  const bodyText = Buffer.concat(bodyChunks).toString("utf-8").trim();
+  if (bodyText.length === 0) {
+    return {};
+  }
+  return JSON.parse(bodyText);
+}
+function sendJson(res, status, body) {
+  res.writeHead(status, { "Content-Type": "application/json" });
+  res.end(JSON.stringify(body));
+}
+function createBackendForwardHeaders(response) {
+  const responseHeaders = {
+    "Content-Type": response.contentType
+  };
+  if (response.paymentRequired) {
+    responseHeaders["PAYMENT-REQUIRED"] = response.paymentRequired;
+    responseHeaders["x-payment-required"] = response.paymentRequired;
+  }
+  if (response.paymentResponse) {
+    responseHeaders["PAYMENT-RESPONSE"] = response.paymentResponse;
+    responseHeaders["x-payment-response"] = response.paymentResponse;
+  }
+  return responseHeaders;
+}
+function isLikelyWalletProofFailure(bodyText) {
+  return /(wallet|signature|proof|nonce|timestamp|expired|authoriz)/i.test(bodyText);
+}
+function normalizeBackendAuthFailure(status, bodyText) {
+  if (status !== 401 && status !== 403) {
+    return void 0;
+  }
+  const message = isLikelyWalletProofFailure(bodyText) ? "wallet proof invalid" : "unauthorized";
+  return {
+    status,
+    contentType: "application/json",
+    bodyText: createAuthErrorBody(message)
+  };
+}
+function createAuthErrorBody(message) {
+  return JSON.stringify({
+    error: message.replace(/\s+/g, "_"),
+    message
+  });
+}
+function createWalletRequiredBody() {
+  return JSON.stringify({
+    error: "wallet_required",
+    message: "wallet required for storage endpoints"
+  });
+}
+function getProxyPort() {
+  return PROXY_PORT;
+}
+async function checkExistingProxy(port) {
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), HEALTH_CHECK_TIMEOUT_MS);
+  try {
+    const response = await fetch(`http://127.0.0.1:${port}/health`, {
+      signal: controller.signal
+    });
+    clearTimeout(timeoutId);
+    if (response.ok) {
+      const data = await response.json();
+      if (data.status === "ok" && data.wallet) {
+        return data.wallet;
+      }
+    }
+    return void 0;
+  } catch {
+    clearTimeout(timeoutId);
+    return void 0;
+  }
+}
+async function startProxy(options) {
+  const listenPort = options.port ?? getProxyPort();
+  const existingWallet = await checkExistingProxy(listenPort);
+  if (existingWallet) {
+    const account2 = privateKeyToAccount2(options.walletKey);
+    const balanceMonitor2 = new BalanceMonitor(account2.address);
+    const baseUrl2 = `http://127.0.0.1:${listenPort}`;
+    if (existingWallet !== account2.address) {
+      console.warn(
+        `[mnemospark] Existing proxy on port ${listenPort} uses wallet ${existingWallet}, but current config uses ${account2.address}. Reusing existing proxy.`
+      );
+    }
+    options.onReady?.(listenPort);
+    return {
+      port: listenPort,
+      baseUrl: baseUrl2,
+      walletAddress: existingWallet,
+      balanceMonitor: balanceMonitor2,
+      close: async () => {
+      }
+    };
+  }
+  const walletPrivateKey = options.walletKey.trim();
+  const account = privateKeyToAccount2(walletPrivateKey);
+  const balanceMonitor = new BalanceMonitor(account.address);
+  const proxyWalletAddressLower = account.address.toLowerCase();
+  const connections = /* @__PURE__ */ new Set();
+  const createBackendWalletSignature = async (method, path, walletAddress) => {
+    if (walletAddress.toLowerCase() !== proxyWalletAddressLower) {
+      return void 0;
+    }
+    try {
+      return await createWalletSignatureHeaderValue(method, path, walletAddress, walletPrivateKey);
+    } catch (err) {
+      console.warn(
+        `[mnemospark] Failed to create wallet proof for ${path}: ${err instanceof Error ? err.message : String(err)}`
+      );
+      return void 0;
+    }
+  };
+  const server = createServer(async (req, res) => {
+    req.on("error", (err) => {
+      console.error(`[mnemospark] Request stream error: ${err.message}`);
+    });
+    res.on("error", (err) => {
+      console.error(`[mnemospark] Response stream error: ${err.message}`);
+    });
+    if (req.method === "POST" && matchesProxyPath(req.url, PRICE_STORAGE_PROXY_PATH)) {
+      try {
+        let payload;
+        try {
+          payload = await readProxyJsonBody(req);
+        } catch {
+          sendJson(res, 400, {
+            error: "Bad request",
+            message: "Invalid JSON body for /cloud price-storage"
+          });
+          return;
+        }
+        const requestPayload = parsePriceStorageQuoteRequest(payload);
+        if (!requestPayload) {
+          sendJson(res, 400, {
+            error: "Bad request",
+            message: "Missing required fields: wallet_address, object_id, object_id_hash, gb, provider, region"
+          });
+          return;
+        }
+        const walletSignature = await createBackendWalletSignature(
+          "POST",
+          "/price-storage",
+          requestPayload.wallet_address
+        );
+        const backendResponse = await forwardPriceStorageToBackend(requestPayload, {
+          backendBaseUrl: MNEMOSPARK_BACKEND_API_BASE_URL,
+          walletSignature
+        });
+        const authFailure = normalizeBackendAuthFailure(
+          backendResponse.status,
+          backendResponse.bodyText
+        );
+        if (authFailure) {
+          const responseHeaders2 = createBackendForwardHeaders({
+            contentType: authFailure.contentType,
+            paymentRequired: backendResponse.paymentRequired,
+            paymentResponse: backendResponse.paymentResponse
+          });
+          res.writeHead(authFailure.status, responseHeaders2);
+          res.end(authFailure.bodyText);
+          return;
+        }
+        const responseHeaders = createBackendForwardHeaders(backendResponse);
+        res.writeHead(backendResponse.status, responseHeaders);
+        res.end(backendResponse.bodyText);
+      } catch (err) {
+        sendJson(res, 502, {
+          error: "proxy_error",
+          message: `Failed to forward /cloud price-storage: ${err instanceof Error ? err.message : String(err)}`
+        });
+      }
+      return;
+    }
+    if (req.method === "POST" && matchesProxyPath(req.url, UPLOAD_PROXY_PATH)) {
+      try {
+        let payload;
+        try {
+          payload = await readProxyJsonBody(req);
+        } catch {
+          sendJson(res, 400, {
+            error: "Bad request",
+            message: "Invalid JSON body for /cloud upload"
+          });
+          return;
+        }
+        const requestPayload = parseStorageUploadRequest(payload);
+        if (!requestPayload) {
+          sendJson(res, 400, {
+            error: "Bad request",
+            message: "Missing required fields: quote_id, wallet_address, object_id, object_id_hash, quoted_storage_price, payload"
+          });
+          return;
+        }
+        if (requestPayload.wallet_address.toLowerCase() !== proxyWalletAddressLower) {
+          sendJson(res, 403, {
+            error: "wallet_proof_invalid",
+            message: "wallet proof invalid"
+          });
+          return;
+        }
+        const walletSignature = await createBackendWalletSignature(
+          "POST",
+          "/storage/upload",
+          requestPayload.wallet_address
+        );
+        if (!walletSignature) {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end(createWalletRequiredBody());
+          return;
+        }
+        const requiredMicros = BigInt(
+          Math.max(1, Math.ceil(requestPayload.quoted_storage_price * 1e6))
+        );
+        const uploadBalanceMonitor = requestPayload.wallet_address.toLowerCase() === account.address.toLowerCase() ? balanceMonitor : new BalanceMonitor(requestPayload.wallet_address);
+        const sufficiency = await uploadBalanceMonitor.checkSufficient(requiredMicros);
+        const requiredUSD = uploadBalanceMonitor.formatUSDC(requiredMicros);
+        if (!sufficiency.sufficient) {
+          options.onInsufficientFunds?.({
+            balanceUSD: sufficiency.info.balanceUSD,
+            requiredUSD,
+            walletAddress: requestPayload.wallet_address
+          });
+          sendJson(res, 400, {
+            error: "insufficient_balance",
+            message: `Insufficient USDC balance. Current: ${sufficiency.info.balanceUSD}, Required: ${requiredUSD}`,
+            wallet: requestPayload.wallet_address,
+            help: `Fund wallet ${requestPayload.wallet_address} on Base before running /cloud upload`
+          });
+          return;
+        }
+        if (sufficiency.info.isLow) {
+          options.onLowBalance?.({
+            balanceUSD: sufficiency.info.balanceUSD,
+            walletAddress: requestPayload.wallet_address
+          });
+        }
+        const backendResponse = await forwardStorageUploadToBackend(requestPayload, {
+          backendBaseUrl: MNEMOSPARK_BACKEND_API_BASE_URL,
+          walletSignature,
+          paymentSignature: readHeaderValue(req.headers["payment-signature"]),
+          legacyPayment: readHeaderValue(req.headers["x-payment"]),
+          idempotencyKey: readHeaderValue(req.headers["idempotency-key"])
+        });
+        const authFailure = normalizeBackendAuthFailure(
+          backendResponse.status,
+          backendResponse.bodyText
+        );
+        if (authFailure) {
+          const responseHeaders2 = createBackendForwardHeaders({
+            contentType: authFailure.contentType,
+            paymentRequired: backendResponse.paymentRequired,
+            paymentResponse: backendResponse.paymentResponse
+          });
+          res.writeHead(authFailure.status, responseHeaders2);
+          res.end(authFailure.bodyText);
+          return;
+        }
+        const responseHeaders = createBackendForwardHeaders(backendResponse);
+        res.writeHead(backendResponse.status, responseHeaders);
+        res.end(backendResponse.bodyText);
+      } catch (err) {
+        sendJson(res, 502, {
+          error: "proxy_error",
+          message: `Failed to forward /cloud upload: ${err instanceof Error ? err.message : String(err)}`
+        });
+      }
+      return;
+    }
+    if (req.method === "POST" && matchesProxyPath(req.url, STORAGE_LS_PROXY_PATH)) {
+      try {
+        let payload;
+        try {
+          payload = await readProxyJsonBody(req);
+        } catch {
+          sendJson(res, 400, {
+            error: "Bad request",
+            message: "Invalid JSON body for /cloud ls"
+          });
+          return;
+        }
+        const requestPayload = parseStorageObjectRequest(payload);
+        if (!requestPayload) {
+          sendJson(res, 400, {
+            error: "Bad request",
+            message: "Missing required fields: wallet_address, object_key"
+          });
+          return;
+        }
+        if (requestPayload.wallet_address.toLowerCase() !== proxyWalletAddressLower) {
+          sendJson(res, 403, {
+            error: "wallet_proof_invalid",
+            message: "wallet proof invalid"
+          });
+          return;
+        }
+        const walletSignature = await createBackendWalletSignature(
+          "POST",
+          "/storage/ls",
+          requestPayload.wallet_address
+        );
+        if (!walletSignature) {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end(createWalletRequiredBody());
+          return;
+        }
+        const backendResponse = await forwardStorageLsToBackend(requestPayload, {
+          backendBaseUrl: MNEMOSPARK_BACKEND_API_BASE_URL,
+          walletSignature
+        });
+        const authFailure = normalizeBackendAuthFailure(
+          backendResponse.status,
+          backendResponse.bodyText
+        );
+        if (authFailure) {
+          const responseHeaders2 = createBackendForwardHeaders({
+            contentType: authFailure.contentType,
+            paymentRequired: backendResponse.paymentRequired,
+            paymentResponse: backendResponse.paymentResponse
+          });
+          res.writeHead(authFailure.status, responseHeaders2);
+          res.end(authFailure.bodyText);
+          return;
+        }
+        const responseHeaders = createBackendForwardHeaders(backendResponse);
+        res.writeHead(backendResponse.status, responseHeaders);
+        res.end(backendResponse.bodyText);
+      } catch (err) {
+        sendJson(res, 502, {
+          error: "proxy_error",
+          message: `Failed to forward /cloud ls: ${err instanceof Error ? err.message : String(err)}`
+        });
+      }
+      return;
+    }
+    if (req.method === "POST" && matchesProxyPath(req.url, STORAGE_DOWNLOAD_PROXY_PATH)) {
+      try {
+        let payload;
+        try {
+          payload = await readProxyJsonBody(req);
+        } catch {
+          sendJson(res, 400, {
+            error: "Bad request",
+            message: "Invalid JSON body for /cloud download"
+          });
+          return;
+        }
+        const requestPayload = parseStorageObjectRequest(payload);
+        if (!requestPayload) {
+          sendJson(res, 400, {
+            error: "Bad request",
+            message: "Missing required fields: wallet_address, object_key"
+          });
+          return;
+        }
+        if (requestPayload.wallet_address.toLowerCase() !== proxyWalletAddressLower) {
+          sendJson(res, 403, {
+            error: "wallet_proof_invalid",
+            message: "wallet proof invalid"
+          });
+          return;
+        }
+        const walletSignature = await createBackendWalletSignature(
+          "POST",
+          "/storage/download",
+          requestPayload.wallet_address
+        );
+        if (!walletSignature) {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end(createWalletRequiredBody());
+          return;
+        }
+        const backendResponse = await forwardStorageDownloadToBackend(requestPayload, {
+          backendBaseUrl: MNEMOSPARK_BACKEND_API_BASE_URL,
+          walletSignature
+        });
+        const authFailure = normalizeBackendAuthFailure(
+          backendResponse.status,
+          backendResponse.bodyText
+        );
+        if (authFailure) {
+          const responseHeaders = createBackendForwardHeaders({
+            contentType: authFailure.contentType,
+            paymentRequired: backendResponse.paymentRequired,
+            paymentResponse: backendResponse.paymentResponse
+          });
+          res.writeHead(authFailure.status, responseHeaders);
+          res.end(authFailure.bodyText);
+          return;
+        }
+        if (backendResponse.status < 200 || backendResponse.status >= 300) {
+          const responseHeaders = createBackendForwardHeaders(backendResponse);
+          res.writeHead(backendResponse.status, responseHeaders);
+          res.end(backendResponse.bodyText);
+          return;
+        }
+        const downloadResult = await downloadStorageToDisk(requestPayload, backendResponse);
+        sendJson(res, 200, {
+          success: true,
+          key: downloadResult.key,
+          file_path: downloadResult.filePath,
+          bytes_written: downloadResult.bytesWritten
+        });
+      } catch (err) {
+        sendJson(res, 502, {
+          error: "proxy_error",
+          message: `Failed to forward /cloud download: ${err instanceof Error ? err.message : String(err)}`
+        });
+      }
+      return;
+    }
+    if (req.method === "POST" && matchesProxyPath(req.url, STORAGE_DELETE_PROXY_PATH)) {
+      try {
+        let payload;
+        try {
+          payload = await readProxyJsonBody(req);
+        } catch {
+          sendJson(res, 400, {
+            error: "Bad request",
+            message: "Invalid JSON body for /cloud delete"
+          });
+          return;
+        }
+        const requestPayload = parseStorageObjectRequest(payload);
+        if (!requestPayload) {
+          sendJson(res, 400, {
+            error: "Bad request",
+            message: "Missing required fields: wallet_address, object_key"
+          });
+          return;
+        }
+        if (requestPayload.wallet_address.toLowerCase() !== proxyWalletAddressLower) {
+          sendJson(res, 403, {
+            error: "wallet_proof_invalid",
+            message: "wallet proof invalid"
+          });
+          return;
+        }
+        const walletSignature = await createBackendWalletSignature(
+          "POST",
+          "/storage/delete",
+          requestPayload.wallet_address
+        );
+        if (!walletSignature) {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end(createWalletRequiredBody());
+          return;
+        }
+        const backendResponse = await forwardStorageDeleteToBackend(requestPayload, {
+          backendBaseUrl: MNEMOSPARK_BACKEND_API_BASE_URL,
+          walletSignature
+        });
+        const authFailure = normalizeBackendAuthFailure(
+          backendResponse.status,
+          backendResponse.bodyText
+        );
+        if (authFailure) {
+          const responseHeaders2 = createBackendForwardHeaders({
+            contentType: authFailure.contentType,
+            paymentRequired: backendResponse.paymentRequired,
+            paymentResponse: backendResponse.paymentResponse
+          });
+          res.writeHead(authFailure.status, responseHeaders2);
+          res.end(authFailure.bodyText);
+          return;
+        }
+        const responseHeaders = createBackendForwardHeaders(backendResponse);
+        res.writeHead(backendResponse.status, responseHeaders);
+        res.end(backendResponse.bodyText);
+      } catch (err) {
+        sendJson(res, 502, {
+          error: "proxy_error",
+          message: `Failed to forward /cloud delete: ${err instanceof Error ? err.message : String(err)}`
+        });
+      }
+      return;
+    }
+    if (req.url === "/health" || req.url?.startsWith("/health?")) {
+      const url = new URL(req.url, "http://localhost");
+      const full = url.searchParams.get("full") === "true";
+      const response = {
+        status: "ok",
+        wallet: account.address
+      };
+      if (full) {
+        try {
+          const balanceInfo = await balanceMonitor.checkBalance();
+          response.balance = balanceInfo.balanceUSD;
+          response.isLow = balanceInfo.isLow;
+          response.isEmpty = balanceInfo.isEmpty;
+        } catch {
+          response.balanceError = "Could not fetch balance";
+        }
+      }
+      sendJson(res, 200, response);
+      return;
+    }
+    sendJson(res, 404, {
+      error: "Not found",
+      message: "Supported paths: /health and /mnemospark/* storage endpoints"
+    });
+  });
+  const tryListen = (attempt) => {
+    return new Promise((resolveAttempt, rejectAttempt) => {
+      const onError = async (err) => {
+        server.removeListener("error", onError);
+        if (err.code === "EADDRINUSE") {
+          const existingWallet2 = await checkExistingProxy(listenPort);
+          if (existingWallet2) {
+            console.log(`[mnemospark] Existing proxy detected on port ${listenPort}, reusing`);
+            rejectAttempt({ code: "REUSE_EXISTING", wallet: existingWallet2 });
+            return;
+          }
+          if (attempt < PORT_RETRY_ATTEMPTS) {
+            console.log(
+              `[mnemospark] Port ${listenPort} in TIME_WAIT, retrying in ${PORT_RETRY_DELAY_MS}ms (attempt ${attempt}/${PORT_RETRY_ATTEMPTS})`
+            );
+            rejectAttempt({ code: "RETRY", attempt });
+            return;
+          }
+          console.error(
+            `[mnemospark] Port ${listenPort} still in use after ${PORT_RETRY_ATTEMPTS} attempts`
+          );
+          rejectAttempt(err);
+          return;
+        }
+        rejectAttempt(err);
+      };
+      server.once("error", onError);
+      server.listen(listenPort, "127.0.0.1", () => {
+        server.removeListener("error", onError);
+        resolveAttempt();
+      });
+    });
+  };
+  let lastError;
+  for (let attempt = 1; attempt <= PORT_RETRY_ATTEMPTS; attempt++) {
+    try {
+      await tryListen(attempt);
+      break;
+    } catch (err) {
+      const error = err;
+      if (error.code === "REUSE_EXISTING" && error.wallet) {
+        const baseUrl2 = `http://127.0.0.1:${listenPort}`;
+        options.onReady?.(listenPort);
+        return {
+          port: listenPort,
+          baseUrl: baseUrl2,
+          walletAddress: error.wallet,
+          balanceMonitor,
+          close: async () => {
+          }
+        };
+      }
+      if (error.code === "RETRY") {
+        await new Promise((r) => setTimeout(r, PORT_RETRY_DELAY_MS));
+        continue;
+      }
+      lastError = err;
+      break;
+    }
+  }
+  if (lastError) {
+    throw lastError;
+  }
+  const addr = server.address();
+  const port = addr.port;
+  const baseUrl = `http://127.0.0.1:${port}`;
+  options.onReady?.(port);
+  server.on("error", (err) => {
+    console.error(`[mnemospark] Server runtime error: ${err.message}`);
+    options.onError?.(err);
+  });
+  server.on("clientError", (err, socket) => {
+    console.error(`[mnemospark] Client error: ${err.message}`);
+    if (socket.writable && !socket.destroyed) {
+      socket.end("HTTP/1.1 400 Bad Request\r\n\r\n");
+    }
+  });
+  server.on("connection", (socket) => {
+    connections.add(socket);
+    socket.setTimeout(3e5);
+    socket.on("timeout", () => {
+      console.error(`[mnemospark] Socket timeout, destroying connection`);
+      socket.destroy();
+    });
+    socket.on("error", (err) => {
+      console.error(`[mnemospark] Socket error: ${err.message}`);
+    });
+    socket.on("close", () => {
+      connections.delete(socket);
+    });
+  });
+  return {
+    port,
+    baseUrl,
+    walletAddress: account.address,
+    balanceMonitor,
+    close: () => new Promise((res, rej) => {
+      const timeout = setTimeout(() => {
+        rej(new Error("[mnemospark] Close timeout after 4s"));
+      }, 4e3);
+      for (const socket of connections) {
+        socket.destroy();
+      }
+      connections.clear();
+      server.close((err) => {
+        clearTimeout(timeout);
+        if (err) {
+          rej(err);
+        } else {
+          res();
+        }
+      });
+    })
+  };
+}
+// src/auth.ts
+import { writeFile as writeFile2, readFile, mkdir as mkdir2 } from "fs/promises";
+import { join as join2 } from "path";
+import { homedir } from "os";
+import { generatePrivateKey, privateKeyToAccount as privateKeyToAccount3 } from "viem/accounts";
+var LEGACY_WALLET_DIR = join2(homedir(), ".openclaw", "blockrun");
+var LEGACY_WALLET_FILE = join2(LEGACY_WALLET_DIR, "wallet.key");
+var WALLET_DIR = join2(homedir(), ".openclaw", "mnemospark", "wallet");
+var WALLET_FILE = join2(WALLET_DIR, "wallet.key");
+async function loadSavedWallet() {
+  for (const path of [WALLET_FILE, LEGACY_WALLET_FILE]) {
+    try {
+      const key = (await readFile(path, "utf-8")).trim();
+      if (key.startsWith("0x") && key.length === 66) {
+        console.log(`[mnemospark] \u2713 Loaded existing wallet from ${path}`);
+        return key;
+      }
+      console.warn(`[mnemospark] \u26A0 Wallet file exists but is invalid (wrong format): ${path}`);
+    } catch (err) {
+      if (err.code !== "ENOENT") {
+        console.error(
+          `[mnemospark] \u2717 Failed to read wallet file ${path}: ${err instanceof Error ? err.message : String(err)}`
+        );
+      }
+    }
+  }
+  return void 0;
+}
+async function generateAndSaveWallet() {
+  const key = generatePrivateKey();
+  const account = privateKeyToAccount3(key);
+  await mkdir2(WALLET_DIR, { recursive: true });
+  await writeFile2(WALLET_FILE, key + "\n", { mode: 384 });
+  try {
+    const verification = (await readFile(WALLET_FILE, "utf-8")).trim();
+    if (verification !== key) {
+      throw new Error("Wallet file verification failed - content mismatch");
+    }
+    console.log(`[mnemospark] \u2713 Wallet saved and verified at ${WALLET_FILE}`);
+  } catch (err) {
+    throw new Error(
+      `Failed to verify wallet file after creation: ${err instanceof Error ? err.message : String(err)}`
+    );
+  }
+  return { key, address: account.address };
+}
+async function resolveOrGenerateWalletKey() {
+  const saved = await loadSavedWallet();
+  if (saved) {
+    const account = privateKeyToAccount3(saved);
+    return { key: saved, address: account.address, source: "saved" };
+  }
+  const envKey = process.env.BLOCKRUN_WALLET_KEY;
+  if (typeof envKey === "string" && envKey.startsWith("0x") && envKey.length === 66) {
+    const account = privateKeyToAccount3(envKey);
+    return { key: envKey, address: account.address, source: "env" };
+  }
+  const { key, address } = await generateAndSaveWallet();
+  return { key, address, source: "generated" };
+}
+// src/version.ts
+import { createRequire } from "module";
+import { fileURLToPath } from "url";
+import { dirname as dirname2, join as join3 } from "path";
+var __filename = fileURLToPath(import.meta.url);
+var __dirname = dirname2(__filename);
+var require2 = createRequire(import.meta.url);
+var pkg = require2(join3(__dirname, "..", "package.json"));
+var VERSION = pkg.version;
+var USER_AGENT = `mnemospark/${VERSION}`;
+// src/cli.ts
+import { dirname as dirname3 } from "path";
+import { mkdir as mkdir3, readFile as readFile2, writeFile as writeFile3 } from "fs/promises";
+function isHexPrivateKey(value) {
+  return typeof value === "string" && /^0x[0-9a-fA-F]{64}$/.test(value.trim());
+}
+function printHelp() {
+  console.log(`
+mnemospark v${VERSION} - Storage proxy and wallet tools
+Usage:
+  mnemospark [options]
+  mnemospark install --default
+  mnemospark install --standard
+  mnemospark check-update       Check if a new version is available
+  mnemospark update             Update to latest version
+Options:
+  --version, -v     Show version number
+  --help, -h        Show this help message
+  --port <number>   Port to listen on (default: ${getProxyPort()})
+Examples:
+  # Start standalone proxy (survives gateway restarts)
+  npx mnemospark
+  # Start on custom port
+  npx mnemospark --port 9000
+  # Install mnemospark wallet with default behavior (create new wallet)
+  npx mnemospark install --default
+  # Install mnemospark wallet with standard behavior (reuse Blockrun wallet if present)
+  npx mnemospark install --standard
+  # Production deployment with PM2
+  pm2 start "npx mnemospark" --name mnemospark
+Environment Variables:
+  BLOCKRUN_WALLET_KEY     Private key for x402 storage payments (auto-generated if not set)
+  MNEMOSPARK_PROXY_PORT   Default proxy port (default: 7120)
+For more info: https://github.com/pawlsclick/mnemospark
+`);
+}
+function parseArgs(args) {
+  const result = {
+    version: false,
+    help: false,
+    port: void 0,
+    command: void 0,
+    installMode: void 0
+  };
+  for (let i = 0; i < args.length; i++) {
+    const arg = args[i];
+    if (!result.command && !arg.startsWith("-")) {
+      if (arg === "install") {
+        result.command = "install";
+      } else if (arg === "update") {
+        result.command = "update";
+      } else if (arg === "check-update") {
+        result.command = "check-update";
+      }
+      continue;
+    }
+    if (arg === "--version" || arg === "-v") {
+      result.version = true;
+    } else if (arg === "--help" || arg === "-h") {
+      result.help = true;
+    } else if (result.command === "install" && arg === "--default") {
+      result.installMode = "default";
+    } else if (result.command === "install" && arg === "--standard") {
+      result.installMode = "standard";
+    } else if (arg === "--port" && args[i + 1]) {
+      result.port = parseInt(args[i + 1], 10);
+      i++;
+    }
+  }
+  return result;
+}
+async function ensureDir(path) {
+  await mkdir3(path, { recursive: true });
+}
+async function readLegacyWalletIfPresent() {
+  try {
+    const key = (await readFile2(LEGACY_WALLET_FILE, "utf-8")).trim();
+    return isHexPrivateKey(key) ? key : null;
+  } catch (error) {
+    if (error.code === "ENOENT") {
+      return null;
+    }
+    throw error;
+  }
+}
+async function writeMnemosparkWallet(key) {
+  const dir = dirname3(WALLET_FILE);
+  await ensureDir(dir);
+  await writeFile3(WALLET_FILE, `${key}
+`, { mode: 384 });
+}
+async function promptReuseLegacyWallet() {
+  process.stdout.write(
+    `Found existing Blockrun wallet at ${LEGACY_WALLET_FILE}.
+Reuse this wallet for mnemospark? [Y/n]: `
+  );
+  return new Promise((resolve2) => {
+    process.stdin.setEncoding("utf-8");
+    process.stdin.once("data", (data) => {
+      const input = typeof data === "string" ? data : data.toString("utf-8");
+      const answer = input.trim().toLowerCase();
+      if (!answer || answer === "y" || answer === "yes") {
+        resolve2(true);
+      } else {
+        resolve2(false);
+      }
+    });
+  });
+}
+var NPM_REGISTRY_URL = "https://registry.npmjs.org/mnemospark/latest";
+function compareVersion(a, b) {
+  const partsA = a.split("-")[0].split(".").map(Number);
+  const partsB = b.split("-")[0].split(".").map(Number);
+  for (let i = 0; i < Math.max(partsA.length, partsB.length); i++) {
+    const na = partsA[i] ?? 0;
+    const nb = partsB[i] ?? 0;
+    if (na < nb) return -1;
+    if (na > nb) return 1;
+  }
+  return 0;
+}
+async function fetchLatestVersion() {
+  try {
+    const res = await fetch(NPM_REGISTRY_URL, {
+      headers: { Accept: "application/json" }
+    });
+    if (!res.ok) return null;
+    const data = await res.json();
+    return data.version ?? null;
+  } catch {
+    return null;
+  }
+}
+async function runCheckUpdate() {
+  const latest = await fetchLatestVersion();
+  if (!latest) {
+    console.log("[mnemospark] Could not fetch latest version from registry.");
+    process.exit(1);
+  }
+  const cmp = compareVersion(VERSION, latest);
+  if (cmp < 0) {
+    console.log(`[mnemospark] A new version is available: ${latest} (current: ${VERSION})`);
+    console.log("Run: npx mnemospark update");
+  } else if (cmp === 0) {
+    console.log("You are on the latest version.");
+  } else {
+    console.log(`You are on the latest version. (current: ${VERSION}, registry: ${latest})`);
+  }
+}
+async function runUpdate() {
+  const latest = await fetchLatestVersion();
+  if (!latest) {
+    console.log("[mnemospark] Could not fetch latest version from registry.");
+    process.exit(1);
+  }
+  const cmp = compareVersion(VERSION, latest);
+  if (cmp < 0) {
+    console.log(`[mnemospark] Updating from ${VERSION} to ${latest}...`);
+    const { execSync } = await import("child_process");
+    try {
+      execSync(`npm install mnemospark@${latest}`, { stdio: "inherit" });
+      console.log(`[mnemospark] Updated to ${latest}.`);
+    } catch {
+      console.log(
+        "[mnemospark] npm install failed. You can update manually: npm install mnemospark@latest"
+      );
+      process.exit(1);
+    }
+  } else {
+    console.log("You are on the latest version.");
+  }
+}
+async function runInstall(mode) {
+  if (mode === "standard") {
+    const legacyWallet = await readLegacyWalletIfPresent();
+    if (legacyWallet) {
+      const reuse = await promptReuseLegacyWallet();
+      if (reuse) {
+        await writeMnemosparkWallet(legacyWallet);
+        console.log("\n[mnemospark] Reused existing Blockrun wallet for mnemospark.");
+        console.log(
+          "[mnemospark] Wallet file: ~/.openclaw/mnemospark/wallet/wallet.key (chmod 600 expected)."
+        );
+        console.log(
+          "[mnemospark] Your wallet will be used for mnemospark storage payments on Base."
+        );
+        return;
+      }
+    }
+  }
+  const { address, source } = await resolveOrGenerateWalletKey();
+  console.log("[mnemospark] Install complete.");
+  console.log(`Your new Base blockchain wallet is: ${address}`);
+  if (source === "env") {
+    console.log(
+      "Wallet is sourced from BLOCKRUN_WALLET_KEY. To persist it, save it under ~/.openclaw/mnemospark/wallet/wallet.key with chmod 600."
+    );
+  } else {
+    console.log(
+      "Wallet key stored under ~/.openclaw/mnemospark/wallet/wallet.key (permissions should be chmod 600)."
+    );
+  }
+  console.log("Add USDC on the Base network to start using mnemospark today.");
+  console.log(
+    "You can acquire USDC on Base from providers like Coinbase and Moonpay. Fund the wallet before running mnemospark."
+  );
+}
+async function main() {
+  const args = parseArgs(process.argv.slice(2));
+  if (args.version) {
+    console.log(VERSION);
+    process.exit(0);
+  }
+  if (args.help) {
+    printHelp();
+    process.exit(0);
+  }
+  if (args.command === "install") {
+    const mode = args.installMode ?? "standard";
+    await runInstall(mode);
+    return;
+  }
+  if (args.command === "check-update") {
+    await runCheckUpdate();
+    return;
+  }
+  if (args.command === "update") {
+    await runUpdate();
+    return;
+  }
+  const { key: walletKey, address, source } = await resolveOrGenerateWalletKey();
+  if (source === "generated") {
+    console.log(`[mnemospark] Generated new wallet: ${address}`);
+  } else if (source === "saved") {
+    console.log(`[mnemospark] Using saved wallet: ${address}`);
+  } else {
+    console.log(`[mnemospark] Using wallet from BLOCKRUN_WALLET_KEY: ${address}`);
+  }
+  const proxy = await startProxy({
+    walletKey,
+    port: args.port,
+    onReady: (port) => {
+      console.log(`[mnemospark] Proxy listening on http://127.0.0.1:${port}`);
+      console.log(`[mnemospark] Health check: http://127.0.0.1:${port}/health`);
+    },
+    onError: (error) => {
+      console.error(`[mnemospark] Error: ${error.message}`);
+    },
+    onLowBalance: (info) => {
+      console.warn(`[mnemospark] Low balance: ${info.balanceUSD}. Fund: ${info.walletAddress}`);
+    },
+    onInsufficientFunds: (info) => {
+      console.error(
+        `[mnemospark] Insufficient funds. Balance: ${info.balanceUSD}, Need: ${info.requiredUSD}`
+      );
+    }
+  });
+  const monitor = new BalanceMonitor(address);
+  try {
+    const balance = await monitor.checkBalance();
+    if (balance.isEmpty) {
+      console.log(`[mnemospark] Wallet balance: $0.00 (using FREE model)`);
+      console.log(`[mnemospark] Fund wallet for premium models: ${address}`);
+    } else if (balance.isLow) {
+      console.log(`[mnemospark] Wallet balance: ${balance.balanceUSD} (low)`);
+    } else {
+      console.log(`[mnemospark] Wallet balance: ${balance.balanceUSD}`);
+    }
+  } catch {
+    console.log(`[mnemospark] Wallet: ${address} (balance check pending)`);
+  }
+  console.log(`[mnemospark] Ready - Ctrl+C to stop`);
+  const shutdown = async (signal) => {
+    console.log(`
+[mnemospark] Received ${signal}, shutting down...`);
+    try {
+      await proxy.close();
+      console.log(`[mnemospark] Proxy closed`);
+      process.exit(0);
+    } catch (err) {
+      console.error(`[mnemospark] Error during shutdown: ${err}`);
+      process.exit(1);
+    }
+  };
+  process.on("SIGINT", () => shutdown("SIGINT"));
+  process.on("SIGTERM", () => shutdown("SIGTERM"));
+  await new Promise(() => {
+  });
+}
+main().catch((err) => {
+  console.error(`[mnemospark] Fatal error: ${err.message}`);
+  process.exit(1);
+});
+//# sourceMappingURL=cli.js.map