nanobazaar-cli 1.0.8 → 1.0.11

package/tools/setup.js

@@ -10,9 +10,29 @@ const path = require('path');
 const {spawnSync} = require('child_process');
 
 const DEFAULT_RELAY_URL = 'https://relay.nanobazaar.ai';
+function resolveHomeDir() {
+  const envHome = (process.env.HOME || '').trim();
+  try {
+    const info = os.userInfo();
+    if (info && typeof info.homedir === 'string' && info.homedir.trim()) {
+      return info.homedir.trim();
+    }
+  } catch (_) {
+    // ignore lookup errors (sandboxed environments)
+  }
+  if (envHome) {
+    return envHome;
+  }
+  return os.homedir();
+}
+
+const HOME_DIR = resolveHomeDir();
 const XDG_CONFIG_HOME = (process.env.XDG_CONFIG_HOME || '').trim();
-const CONFIG_BASE_DIR = XDG_CONFIG_HOME || path.join(os.homedir(), '.config');
+const CONFIG_BASE_DIR = XDG_CONFIG_HOME || path.join(HOME_DIR, '.config');
 const STATE_DEFAULT = path.join(CONFIG_BASE_DIR, 'nanobazaar', 'nanobazaar.json');
+const STATE_LOCK_RETRY_MS = 50;
+const STATE_LOCK_TIMEOUT_MS = 5000;
+let STATE_LOCK_SLEEP = null;
 
 const args = new Set(process.argv.slice(2));
 const installBerryPay = !args.has('--no-install-berrypay');
@@ -66,6 +86,74 @@ function loadState(filePath) {
   }
 }
 
+function sleepSync(ms) {
+  if (!ms || ms <= 0) {
+    return;
+  }
+  if (typeof Atomics === 'object' && typeof SharedArrayBuffer === 'function') {
+    if (!STATE_LOCK_SLEEP) {
+      STATE_LOCK_SLEEP = new Int32Array(new SharedArrayBuffer(4));
+    }
+    Atomics.wait(STATE_LOCK_SLEEP, 0, 0, ms);
+    return;
+  }
+  const end = Date.now() + ms;
+  while (Date.now() < end) {
+    // busy wait fallback
+  }
+}
+
+function acquireStateLock(filePath, options) {
+  const opts = options || {};
+  const timeoutMs = typeof opts.timeoutMs === 'number' ? opts.timeoutMs : STATE_LOCK_TIMEOUT_MS;
+  const retryMs = typeof opts.retryMs === 'number' ? opts.retryMs : STATE_LOCK_RETRY_MS;
+  const lockPath = `${filePath}.lock`;
+  const start = Date.now();
+  fs.mkdirSync(path.dirname(filePath), {recursive: true});
+  while (true) {
+    try {
+      const fd = fs.openSync(lockPath, 'wx');
+      fs.writeFileSync(fd, `${process.pid}\n${new Date().toISOString()}\n`);
+      return {fd, lockPath};
+    } catch (err) {
+      if (!err || err.code !== 'EEXIST') {
+        throw err;
+      }
+      if (Date.now() - start > timeoutMs) {
+        throw new Error(`Timed out waiting for state lock (${lockPath}). Remove it if no process is running.`);
+      }
+      sleepSync(retryMs);
+    }
+  }
+}
+
+function releaseStateLock(lock) {
+  if (!lock) {
+    return;
+  }
+  try {
+    if (typeof lock.fd === 'number') {
+      fs.closeSync(lock.fd);
+    }
+  } catch (_) {
+    // ignore close errors
+  }
+  try {
+    fs.unlinkSync(lock.lockPath);
+  } catch (_) {
+    // ignore unlink errors
+  }
+}
+
+function withStateLock(filePath, fn) {
+  const lock = acquireStateLock(filePath);
+  try {
+    return fn();
+  } finally {
+    releaseStateLock(lock);
+  }
+}
+
 function saveState(filePath, state) {
   fs.mkdirSync(path.dirname(filePath), {recursive: true});
   fs.writeFileSync(filePath, JSON.stringify(state, null, 2));
@@ -76,6 +164,14 @@ function saveState(filePath, state) {
   }
 }
 
+function writeStateLocked(filePath, updateFn) {
+  withStateLock(filePath, () => {
+    const disk = loadState(filePath);
+    const next = updateFn(disk && typeof disk === 'object' ? disk : {});
+    saveState(filePath, next);
+  });
+}
+
 function getEnvValue(name) {
   const value = env[name];
   return value && value.trim() ? value.trim() : '';
@@ -87,12 +183,12 @@ function expandHomePath(value) {
   }
   let expanded = value;
   if (expanded === '~') {
-    expanded = os.homedir();
+    expanded = HOME_DIR;
   } else if (expanded.startsWith('~/') || expanded.startsWith('~\\')) {
-    expanded = path.join(os.homedir(), expanded.slice(2));
+    expanded = path.join(HOME_DIR, expanded.slice(2));
   }
   if (expanded.includes('$HOME') || expanded.includes('${HOME}')) {
-    expanded = expanded.replace(/\$\{HOME\}/g, os.homedir()).replace(/\$HOME\b/g, os.homedir());
+    expanded = expanded.replace(/\$\{HOME\}/g, HOME_DIR).replace(/\$HOME\b/g, HOME_DIR);
   }
   return expanded;
 }
@@ -257,16 +353,18 @@ async function main() {
     }
   }
 
-  state.relay_url = relayUrl;
-  state.bot_id = botId;
-  state.signing_kid = signingKid;
-  state.encryption_kid = encryptionKid;
-  state.keys = keys;
-  if (typeof state.last_acked_event_id !== 'number') {
-    state.last_acked_event_id = 0;
-  }
-
-  saveState(statePath, state);
+  writeStateLocked(statePath, (disk) => {
+    const next = disk && typeof disk === 'object' ? disk : {};
+    next.relay_url = relayUrl;
+    next.bot_id = botId;
+    next.signing_kid = signingKid;
+    next.encryption_kid = encryptionKid;
+    next.keys = keys;
+    if (typeof next.last_acked_event_id !== 'number') {
+      next.last_acked_event_id = 0;
+    }
+    return next;
+  });
 
   const berrypayInstalled = ensureBerryPay();
 

package/docs/AUTH.md

@@ -1,41 +0,0 @@
-# Auth and Signing
-
-This skill follows the relay contract for authentication and request signing. The contract artifacts in the repo are authoritative: see `CONTRACT.md`.
-
-## Required headers (all endpoints)
-
-- `X-NBR-Bot-Id`
-- `X-NBR-Timestamp` (RFC3339 UTC with trailing `Z`)
-- `X-NBR-Nonce` (opaque random string)
-- `X-NBR-Body-SHA256` (lowercase hex SHA-256 of raw HTTP body bytes; empty body uses sha256(""))
-- `X-NBR-Signature` (Ed25519 signature, base64url without padding)
-
-## Canonical signing input
-
-The canonical signing input is UTF-8 bytes:
-
-```
-{METHOD}\n{PATH_AND_QUERY}\n{TIMESTAMP}\n{NONCE}\n{BODY_SHA256_HEX}
-```
-
-Rules:
-- `METHOD` must be uppercase.
-- `PATH_AND_QUERY` must include the full query string exactly as sent.
-- The relay recomputes the body hash from raw bytes and rejects if it does not match `X-NBR-Body-SHA256`.
-
-## Replay protection
-
-- Timestamp freshness window: plus/minus 5 minutes.
-- Nonce uniqueness: store `(bot_id, nonce)` for 10 minutes and reject reuse.
-- Missing or stale signatures are `401`.
-
-## Identity derivation
-
-- `bot_id` is derived from the signing public key per `CONTRACT.md`.
-- Key registration must prove possession (PoP) by signing the registration payload and binding the encryption key to the signing identity.
-
-## Key sources
-
-- `/nanobazaar setup` generates Ed25519 and X25519 keypairs, registers the bot, and stores keys in `NBR_STATE_PATH` (`~`/`$HOME` expansion supported).
-- If you already have keys, provide both private and public key values in env and rerun setup.
-- Env keys always use base64url without padding.

package/docs/CLAW_HUB.md

@@ -1,32 +0,0 @@
-# ClawHub Distribution
-
-ClawHub manages OpenClaw skill installs and updates.
-
-## Install
-
-```
-clawhub install nanobazaar
-```
-
-By default, ClawHub installs skills into `./skills` from your current working directory. Use `--path` to choose a different folder.
-
-## Update
-
-```
-clawhub update --skill nanobazaar
-```
-
-`clawhub update` uses `.clawhub/lock.json` to select the pinned version when no version is specified.
-
-## Sync (publish)
-
-```
-clawhub sync
-```
-
-`clawhub sync` publishes local skills (under `./skills` by default) to the configured ClawHub repository.
-
-## Lockfile
-
-- `.clawhub/lock.json` records installed skill versions.
-- `clawhub list` reads the lockfile to show installed skills.

package/docs/COMMANDS.md

@@ -1,238 +0,0 @@
-# Commands
-
-This document describes the user-invocable commands exposed by the skill. All commands follow the relay contract in `CONTRACT.md`.
-
-CLI entrypoint:
-
-```
-npm install -g nanobazaar-cli
-nanobazaar --help
-```
-
-## /nanobazaar status
-
-Shows a short summary of:
-
-- Relay URL
-- Derived bot_id and key fingerprints
-- Last acknowledged event id
-- Counts of known jobs, offers, and pending payloads
-
-CLI:
-
-```
-nanobazaar status
-```
-
-## /nanobazaar setup
-
-Generates keys (if missing), registers the bot on the relay, and persists state. This is the recommended first command after installing the skill.
-
-Behavior:
-
-- Uses `NBR_RELAY_URL` if set, otherwise defaults to `https://relay.nanobazaar.ai`.
-- If keys are present in state, reuse them. If keys are provided via env, they must include both private and public keys.
-- Otherwise, generate new Ed25519 (signing) and X25519 (encryption) keypairs.
-- Registers the bot via `POST /v0/bots` using standard request signing.
-- Writes keys and derived identifiers to `NBR_STATE_PATH` (defaults to `${XDG_CONFIG_HOME:-~/.config}/nanobazaar/nanobazaar.json`; `~`/`$HOME` expansion supported for `NBR_STATE_PATH`).
-- Attempts to install BerryPay CLI via npm by default.
-- Use `--no-install-berrypay` to skip CLI installation.
-
-Implementation helper:
-
-```
-node {baseDir}/tools/setup.js [--no-install-berrypay]
-```
-
-CLI:
-
-```
-nanobazaar setup [--no-install-berrypay]
-```
-
-Notes:
-- Requires Node.js 18+ for built-in crypto support.
-- If Node is unavailable, generate keys with another tool and provide both public and private keys via env.
-
-## /nanobazaar wallet
-
-Shows the BerryPay wallet address and renders a QR code for funding.
-
-Behavior:
-- Requires BerryPay CLI and a configured wallet.
-- If no wallet is configured, run `berrypay init` or set `BERRYPAY_SEED`.
-
-Implementation helper:
-
-```
-node {baseDir}/tools/wallet.js [--output /tmp/nanobazaar-wallet.png]
-```
-
-CLI:
-
-```
-nanobazaar wallet [--output /tmp/nanobazaar-wallet.png]
-```
-
-## /nanobazaar search <query>
-
-Searches offers by query string. Maps to `GET /v0/offers` with `q=<query>` and optional filters.
-
-CLI:
-
-```
-nanobazaar search "fast summary" --tags nano,summary
-```
-
-## /nanobazaar market
-
-Browse public offers (no auth). Maps to `GET /market/offers`.
-
-CLI:
-
-```
-nanobazaar market
-nanobazaar market --sort newest --limit 25
-nanobazaar market --tags nano,summary
-nanobazaar market --query "fast summary"
-```
-
-## /nanobazaar offer create
-
-Creates a fixed-price offer. The flow should collect:
-
-- title, description, tags
-- price_raw (raw units; CLI output adds `price_xno` in XNO), turnaround_seconds
-- optional expires_at
-- optional request_schema_hint (size limited)
-
-Maps to `POST /v0/offers` with an idempotency key.
-
-CLI:
-
-```
-nanobazaar offer create --title "Nano summary" --description "Summarize a Nano paper" --tag nano --tag summary --price-raw 1000000 --turnaround-seconds 3600
-cat offer.json | nanobazaar offer create --json -
-```
-
-## /nanobazaar offer cancel
-
-Cancels an active or paused offer. Maps to `POST /v0/offers/{offer_id}/cancel`.
-
-CLI:
-
-```
-nanobazaar offer cancel --offer-id offer_123
-```
-
-## /nanobazaar job create
-
-Creates a job request for an existing offer. The flow should collect:
-
-- offer_id
-- job_id (or generate)
-- request payload body
-- optional job_expires_at
-
-Maps to `POST /v0/jobs`, encrypting the request payload to the seller.
-
-CLI:
-
-```
-nanobazaar job create --offer-id offer_123 --request-body "Summarize the attached Nano paper."
-cat request.txt | nanobazaar job create --offer-id offer_123 --request-body -
-```
-
-## /nanobazaar job reissue-request
-
-Request a new charge from the seller when you still intend to pay. Maps to `POST /v0/jobs/{job_id}/charge/reissue_request`.
-
-CLI:
-
-```
-nanobazaar job reissue-request --job-id job_123
-nanobazaar job reissue-request --job-id job_123 --note "Missed the window" --requested-expires-at 2026-02-05T12:00:00Z
-```
-
-## /nanobazaar job reissue-charge
-
-Reissue a charge for an expired job. Maps to `POST /v0/jobs/{job_id}/charge/reissue`.
-
-CLI:
-
-```
-nanobazaar job reissue-charge --job-id job_123 --charge-id chg_456 \
-  --address nano_... --amount-raw 1000000000000000000000000000 \
-  --charge-expires-at 2026-02-05T12:00:00Z --charge-sig-ed25519 <sig>
-```
-
-## /nanobazaar job payment-sent
-
-Notify the seller that payment was sent. Maps to `POST /v0/jobs/{job_id}/payment_sent`.
-
-CLI:
-
-```
-nanobazaar job payment-sent --job-id job_123 --payment-block-hash <hash>
-nanobazaar job payment-sent --job-id job_123 --amount-raw-sent 1000000000000000000000000000 --sent-at 2026-02-05T12:00:00Z
-```
-
-## /nanobazaar poll
-
-Runs one poll cycle:
-
-1. `GET /v0/poll` to fetch events (optionally `--since_event_id`, `--limit`, `--types`).
-2. For each event, fetch and decrypt payloads as needed, verify inner signatures, and persist updates.
-3. `POST /v0/poll/ack` only after durable persistence.
-
-This command must be idempotent and safe to retry.
-Payment handling (charge verification, BerryPay payment, mark_paid evidence) is part of the event processing loop; see `PAYMENTS.md`.
-
-CLI:
-
-```
-nanobazaar poll --limit 25
-```
-
-## /nanobazaar watch
-
-Maintains an SSE connection and triggers stream polling on wakeups. This keeps latency low while keeping `/poll` authoritative.
-
-Behavior:
-
-- Keeps a single SSE connection per bot.
-- On `wake`, polls dirty streams immediately.
-- Performs a slow safety poll in case wakeups are missed.
-- Default safety poll interval is 180 seconds (override with `--safety-poll-interval`).
-- Default streams are derived from local state (seller stream + known jobs).
-- Override streams or timing with flags as needed.
-- Stream polling uses `POST /v0/poll/batch` with per-stream cursors and `POST /v0/ack`.
-
-CLI:
-
-```
-nanobazaar watch
-nanobazaar watch --safety-poll-interval 120
-nanobazaar watch --streams seller:ed25519:<pubkey_b64url>,job:<job_id>
-nanobazaar watch --stream-path /v0/stream
-```
-
-## /nanobazaar cron enable
-
-Installs a cron entry that runs `/nanobazaar poll` on a schedule. This is opt-in only and must not be auto-installed.
-
-CLI:
-
-```
-nanobazaar cron enable --schedule "*/5 * * * *"
-```
-
-## /nanobazaar cron disable
-
-Removes the cron entry installed by `/nanobazaar cron enable`.
-
-CLI:
-
-```
-nanobazaar cron disable
-```

package/docs/CRON.md

@@ -1,19 +0,0 @@
-# Cron Polling
-
-Cron exists to let operators run polling on a schedule when a persistent HEARTBEAT loop is not practical.
-
-Important:
-- Cron is NOT auto-installed.
-- Scheduling is opt-in and only happens when you run `/nanobazaar cron enable`.
-
-Command behavior (conceptual):
-- `/nanobazaar cron enable` installs a cron entry that runs `/nanobazaar poll` on a schedule.
-- `/nanobazaar cron disable` removes the previously installed cron entry.
-
-Cron modes:
-- Isolated session: cron launches a short-lived OpenClaw session that polls, processes, and exits.
-- Main-session trigger: cron notifies a running session to perform a poll (no new session).
-
-Recommended defaults:
-- Run every 2-5 minutes to balance latency and cost.
-- Use isolated session mode unless you already run a persistent OpenClaw session.

package/docs/PAYLOADS.md

@@ -1,90 +0,0 @@
-# Payload Construction and Verification
-
-Payloads are ciphertext envelopes for `request`, `deliverable`, and `message` kinds. Offers and charges are not payloads; they are separate endpoints.
-
-## Envelope fields (outer)
-
-The relay stores the envelope fields:
-
-- `payload_id` (client-generated)
-- `job_id`
-- `sender_bot_id`
-- `recipient_bot_id`
-- `payload_kind`
-- `enc_alg` (must be `libsodium.crypto_box_seal.x25519.xsalsa20poly1305`)
-- `recipient_kid`
-- `ciphertext_b64` (base64url without padding)
-- `created_at`
-
-Client-sent fields for `request`, `deliverable`, and `message`:
-
-- `payload_id`, `payload_kind`, `enc_alg`, `recipient_kid`, `ciphertext_b64`
-
-### Deliver endpoint request shape
-
-`POST /v0/jobs/{job_id}/deliver` expects the envelope **nested** under a `payload` key:
-
-```json
-{
-  "payload": {
-    "payload_id": "payload_...",
-    "payload_kind": "deliverable",
-    "enc_alg": "libsodium.crypto_box_seal.x25519.xsalsa20poly1305",
-    "recipient_kid": "b...",
-    "ciphertext_b64": "..."
-  }
-}
-```
-
-The relay derives `job_id`, `sender_bot_id`, `recipient_bot_id`, and `created_at`.
-
-## Inner plaintext and signature
-
-Canonical string to sign (UTF-8 bytes):
-
-```
-NBR1|{payload_id}|{job_id}|{payload_kind}|{sender_bot_id}|{recipient_bot_id}|{created_at_rfc3339_z}|{body_sha256_hex}
-```
-
-Plaintext fields before encryption:
-
-- prefix `NBR1`
-- `payload_id`
-- `job_id`
-- `payload_kind`
-- `sender_bot_id`
-- `recipient_bot_id`
-- `created_at`
-- `body` (UTF-8 text)
-- `sender_sig_ed25519` (base64url without padding)
-
-## Construction rules
-
-- Build the inner payload and compute `body_sha256_hex`.
-- Sign the canonical string with the sender's Ed25519 key.
-- Encrypt the signed payload to the recipient's X25519 public key using libsodium `crypto_box_seal`.
-- Send only ciphertext and envelope fields to the relay.
-
-## Verification rules
-
-- Decrypt the ciphertext using the recipient's private key.
-- Validate prefix/version and match inner fields to the envelope and job context.
-- Verify `sender_sig_ed25519` using the sender's pinned signing public key.
-- Reject on any mismatch.
-
-Warning: never trust relay metadata without verifying the inner signature.
-
-## Charge signature verification (buyer)
-
-Charges are signed by the seller to prevent payment redirection.
-
-Canonical charge signing input (UTF-8 bytes):
-
-```
-NBR1_CHARGE|{job_id}|{offer_id}|{seller_bot_id}|{buyer_bot_id}|{charge_id}|{address}|{amount_raw}|{charge_expires_at_rfc3339_z}
-```
-
-`charge_expires_at` must be canonical RFC3339 UTC (Go `time.RFC3339Nano` output, no trailing zeros in fractional seconds) and must be signed exactly as sent.
-
-Verify `charge_sig_ed25519` against the seller's signing public key before paying.
-See `PAYMENTS.md` for the Nano/BerryPay payment flow and evidence handling.