neozip-mcp 0.1.0-beta

package/dist/startup-account-gate.js

@@ -0,0 +1,101 @@
+import { buildAccountStatusReport } from "./account/account-state.js";
+import { formatAccountStatusText } from "./account/format-account-status.js";
+import { hasLegacyMcpProfiles, migrateFromMcpProfileStore } from "./connection/migrate.js";
+import { nextConnectCommand, resolveConnectionPhase } from "./connection/phase.js";
+import { promoteReadyActiveConnection } from "./connection/promote-active.js";
+import { getActiveConnection, readActiveConnectionSecrets, readConnectionPublic, } from "./connection/store.js";
+import { formatTokenReauthGuidance, isAccessTokenExpired, } from "./connection/token-auth.js";
+function readConnectionPublicLabel(connectionId) {
+    return readConnectionPublic(connectionId)?.label ?? connectionId;
+}
+function accountRequirementFlag() {
+    return (process.env.NEOZIP_MCP_REQUIRE_ACCOUNT?.trim() ||
+        process.env.NEOZIP_REQUIRE_ACCOUNT?.trim());
+}
+export function shouldRequireAccountAtStartup(config) {
+    const flag = accountRequirementFlag()?.toLowerCase();
+    if (flag === "false" || flag === "0" || flag === "off") {
+        return false;
+    }
+    if (flag === "true" || flag === "ready" || flag === "1") {
+        return true;
+    }
+    if (config.capabilities.includes("account") ||
+        config.capabilities.includes("blockchain")) {
+        return true;
+    }
+    return false;
+}
+export function formatInitAppHint() {
+    return [
+        "Run NeoZip Connect in a terminal (stdio / installed MCP):",
+        "  neozip-connect",
+        "",
+        "The interactive wizard detects incomplete setups and offers to reset if needed.",
+        "Subcommands (register, verify, finish) remain for scripting with --json.",
+        "",
+        "When setup finishes (phase: ready), reload MCP in Cursor Settings.",
+    ].join("\n");
+}
+export async function assertAccountReadyForStartup(config) {
+    if (!shouldRequireAccountAtStartup(config)) {
+        return;
+    }
+    if (hasLegacyMcpProfiles()) {
+        migrateFromMcpProfileStore();
+    }
+    const promoted = promoteReadyActiveConnection({
+        preferredTokenServiceOrigin: config.tokenServiceUrl ?? undefined,
+    });
+    if (promoted.promoted) {
+        const previous = promoted.previousConnectionId
+            ? readConnectionPublicLabel(promoted.previousConnectionId)
+            : "incomplete account";
+        console.error(`[neozip-mcp] Active connection was not ready (${previous}). Using ready account "${promoted.label}".`);
+    }
+    const phase = await resolveConnectionPhase(config.tokenServiceUrl ?? undefined);
+    if (phase === "ready") {
+        const secrets = readActiveConnectionSecrets();
+        if (isAccessTokenExpired(secrets)) {
+            const meta = getActiveConnection();
+            const lines = [
+                "[neozip-mcp] Token Service access token expired.",
+                "[neozip-mcp]",
+                ...formatTokenReauthGuidance(meta?.email)
+                    .split("\n")
+                    .map((line) => (line ? `[neozip-mcp] ${line}` : "[neozip-mcp]")),
+            ];
+            console.error(lines.join("\n"));
+            throw new Error("Token Service access token expired");
+        }
+        return;
+    }
+    const report = await buildAccountStatusReport({ probeTokenService: true });
+    const meta = getActiveConnection();
+    const nextCmd = nextConnectCommand(phase, {
+        email: meta?.email,
+        phoneE164: meta?.phoneE164,
+    });
+    const lines = [
+        "[neozip-mcp] NeoZip account is not initialized.",
+        `[neozip-mcp] Phase: ${report.phase === "ready" ? phase : report.phase}`,
+    ];
+    if (report.nextSteps.length) {
+        lines.push(`[neozip-mcp] Remaining steps: ${report.nextSteps.join(", ")}`);
+    }
+    if (nextCmd) {
+        lines.push(`[neozip-mcp] Next: ${nextCmd}`);
+    }
+    lines.push("[neozip-mcp] Installed MCP (stdio) will not start until setup is complete.", "[neozip-mcp]", ...formatInitAppHint()
+        .split("\n")
+        .map((line) => (line ? `[neozip-mcp] ${line}` : "[neozip-mcp]")));
+    if (process.env.NEOZIP_MCP_STARTUP_SUMMARY !== "false") {
+        lines.push("[neozip-mcp]", "[neozip-mcp] Current status:");
+        for (const line of formatAccountStatusText(report).split("\n")) {
+            lines.push(`[neozip-mcp] ${line}`);
+        }
+    }
+    console.error(lines.join("\n"));
+    throw new Error(`Account not ready (phase: ${phase})`);
+}
+//# sourceMappingURL=startup-account-gate.js.map

package/dist/startup-summary.js

@@ -0,0 +1,40 @@
+import { buildAccountStatusReport } from "./account/account-state.js";
+import { formatAccountStatusText } from "./account/format-account-status.js";
+import { getActiveProfileId, listProfiles } from "./account/profile-store.js";
+import { AuthGuard } from "./security/auth.js";
+import { buildWalletConfigStatusReport, formatWalletConfigStatusText, } from "./tools/wallet-config-status.js";
+function startupSummaryEnabled() {
+    return process.env.NEOZIP_MCP_STARTUP_SUMMARY !== "false";
+}
+/** Log wallet + account summary to stderr on every MCP start (stdio-safe). */
+export async function logStartupSummary(config) {
+    if (!startupSummaryEnabled())
+        return;
+    const auth = new AuthGuard(config);
+    const hasAccountCapability = config.capabilities.includes("account");
+    const hasProfiles = listProfiles().length > 0 || getActiveProfileId() != null;
+    const blocks = [
+        "[neozip-mcp] Startup configuration summary",
+        "======================================",
+        formatWalletConfigStatusText(buildWalletConfigStatusReport(config, auth)),
+    ];
+    if (hasAccountCapability || hasProfiles) {
+        const accountReport = await buildAccountStatusReport({
+            probeTokenService: true,
+        });
+        blocks.push(formatAccountStatusText(accountReport));
+        if (accountReport.phase !== "ready") {
+            if (hasAccountCapability) {
+                blocks.push("Account setup: run `neozip-connect` (interactive wizard) in a terminal, or use account_initialize / nextSteps tools after MCP is running (if NEOZIP_MCP_REQUIRE_ACCOUNT=false).");
+            }
+            else {
+                blocks.push("Account setup tools are disabled. Add 'account' to NEOZIP_MCP_CAPABILITIES, set NEOZIP_MCP_REQUIRE_ACCOUNT=true, run `neozip-connect`, then reload MCP.");
+            }
+        }
+    }
+    else {
+        blocks.push("NeoZip connection: none (~/.neozip/connection/). Run `neozip-connect` before starting MCP, or add capability 'account'. With default `auto` capabilities, blockchain tools appear after connect is ready and MCP is reloaded.");
+    }
+    console.error(blocks.join("\n\n"));
+}
+//# sourceMappingURL=startup-summary.js.map

package/dist/token-service/require-configured.js

@@ -0,0 +1,23 @@
+import { formatConnectSetupError, isTokenServiceConfigured } from "../connection/setup-guidance.js";
+import { getActiveConnection, readActiveConnectionSecrets, } from "../connection/store.js";
+import { formatTokenReauthGuidance, isAccessTokenExpired, } from "../connection/token-auth.js";
+export { isTokenServiceConfigured, tokenServiceInfoUrl } from "../connection/setup-guidance.js";
+export function formatTokenServiceRequiredMessage(ability, config) {
+    return formatConnectSetupError(ability, config);
+}
+export function requireTokenServiceConfigured(ability, config) {
+    const secrets = readActiveConnectionSecrets();
+    const meta = getActiveConnection();
+    if (secrets?.accessToken?.trim() && isAccessTokenExpired(secrets)) {
+        return [
+            `${ability} requires a valid Token Service access token.`,
+            "",
+            formatTokenReauthGuidance(meta?.email),
+        ].join("\n");
+    }
+    if (isTokenServiceConfigured(config))
+        return null;
+    return formatTokenServiceRequiredMessage(ability, config);
+}
+export { requireWalletForBlockchain } from "../connection/setup-guidance.js";
+//# sourceMappingURL=require-configured.js.map

package/dist/tools/account.js

@@ -0,0 +1,504 @@
+import { z } from "zod";
+import { buildAccountStatusReport, computeAccountPhase } from "../account/account-state.js";
+import { formatAccountStatusText } from "../account/format-account-status.js";
+import { provisionWalletIdentityKey } from "../account/identity-provision.js";
+import { applyActiveProfileToEnv, createProfile, getActiveProfile, getActiveProfileId, listProfiles, readActiveSecrets, removeProfile, saveAccessToken, saveEvmWallet, saveIdentityProvision, savePhoneVerified, saveWalletLink, selectProfile, logoutProfile, clearProfileCredentialsFromEnv, } from "../account/profile-store.js";
+import { registerEmailApp, requestPhoneOtp, runWalletEnsureAndAttach, verifyEmailAndExtractToken, verifyPhoneOtp, } from "../account/token-service-identity.js";
+import { needsPhoneVerification, validatePhoneE164 } from "../connection/phone.js";
+import { getActiveConnection } from "../connection/store.js";
+import { evmIdentityFromMnemonic, evmIdentityFromPrivateKey, generateEvmIdentity, } from "../account/wallet-evm.js";
+import { maskEmail } from "../util/mask.js";
+import { successResult, errorResult } from "../types/index.js";
+const formatOptions = z
+    .object({
+    format: z.enum(["text", "json"]).optional(),
+    serverUrl: z.string().optional(),
+})
+    .optional();
+function formatOutput(data, format) {
+    if (format === "json") {
+        return JSON.stringify(data, null, 2);
+    }
+    if (typeof data === "string")
+        return data;
+    return JSON.stringify(data, null, 2);
+}
+function requireActiveProfile() {
+    const profile = getActiveProfile();
+    if (!profile) {
+        throw new Error("No active profile. Run account_create or account_select first.");
+    }
+    return profile;
+}
+function requireActiveSecrets() {
+    const secrets = readActiveSecrets();
+    if (!secrets) {
+        throw new Error("Active profile secrets missing.");
+    }
+    return secrets;
+}
+export const accountStatusParameters = z.object({
+    options: formatOptions,
+});
+export async function executeAccountStatus(args) {
+    try {
+        const report = await buildAccountStatusReport();
+        const format = args.options?.format ?? "text";
+        if (format === "json") {
+            return successResult(formatOutput(report, "json"));
+        }
+        return successResult(formatAccountStatusText(report));
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+export const accountListParameters = z.object({
+    options: formatOptions,
+});
+export async function executeAccountList(args) {
+    try {
+        const active = getActiveProfileId();
+        const profiles = listProfiles().map((p) => ({
+            ...p,
+            email: p.email ? maskEmail(p.email) : null,
+            active: p.id === active,
+        }));
+        return successResult(formatOutput({ success: true, profiles, activeProfileId: active }, args.options?.format));
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+export const accountCreateParameters = z.object({
+    label: z.string().optional(),
+    options: formatOptions,
+});
+export async function executeAccountCreate(args) {
+    try {
+        const profile = createProfile({
+            label: args.label || "default",
+            tokenServiceUrl: args.options?.serverUrl,
+        });
+        return successResult(formatOutput({
+            success: true,
+            profileId: profile.id,
+            label: profile.label,
+            tokenServiceUrl: profile.tokenServiceUrl,
+            phase: computeAccountPhase(),
+            nextSteps: ["account_register_email"],
+        }, args.options?.format));
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+export const accountSelectParameters = z.object({
+    profileId: z.string(),
+    options: formatOptions,
+});
+export async function executeAccountSelect(args) {
+    try {
+        const profile = selectProfile(args.profileId);
+        applyActiveProfileToEnv();
+        return successResult(formatOutput({
+            success: true,
+            profileId: profile.id,
+            phase: computeAccountPhase(),
+            reloadRequired: true,
+            message: "Reload MCP to load this profile into the session.",
+        }, args.options?.format));
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+export const accountRegisterEmailParameters = z.object({
+    email: z.string().email(),
+    options: formatOptions,
+});
+export async function executeAccountRegisterEmail(args, resourceLimiter) {
+    try {
+        const profile = requireActiveProfile();
+        const result = await resourceLimiter.withTimeout(async () => {
+            return registerEmailApp(profile.tokenServiceUrl, args.email);
+        }, "account_register_email");
+        if (!result.success) {
+            throw new Error(result.error || "Registration failed");
+        }
+        return successResult(formatOutput({
+            success: true,
+            email: maskEmail(args.email),
+            message: result.message,
+            nextSteps: ["account_verify_email"],
+        }, args.options?.format));
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+export const accountVerifyEmailParameters = z.object({
+    email: z.string().email(),
+    code: z.string().min(1),
+    options: formatOptions,
+});
+export async function executeAccountVerifyEmail(args, resourceLimiter) {
+    try {
+        const profile = requireActiveProfile();
+        const result = await resourceLimiter.withTimeout(async () => {
+            return verifyEmailAndExtractToken(profile.tokenServiceUrl, args.email, args.code);
+        }, "account_verify_email");
+        saveAccessToken(profile.id, result.accessToken, result.email, result.expiresAt);
+        applyActiveProfileToEnv();
+        const connection = getActiveConnection();
+        const phoneRequired = connection != null &&
+            (await needsPhoneVerification(connection, profile.tokenServiceUrl));
+        return successResult(formatOutput({
+            success: true,
+            email: maskEmail(result.email),
+            phase: computeAccountPhase(),
+            nextSteps: phoneRequired
+                ? ["account_request_phone_otp", "account_verify_phone"]
+                : ["account_create_wallet"],
+            reloadRequired: true,
+            message: phoneRequired
+                ? "Email verified. Verify phone via account_request_phone_otp and account_verify_phone."
+                : "Bearer token saved to encrypted profile store. Reload MCP, then create/link wallet.",
+        }, args.options?.format));
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+export const accountRequestPhoneOtpParameters = z.object({
+    phoneE164: z.string().min(8),
+    options: formatOptions,
+});
+export async function executeAccountRequestPhoneOtp(args, resourceLimiter) {
+    try {
+        const profile = requireActiveProfile();
+        const secrets = requireActiveSecrets();
+        if (!secrets.accessToken) {
+            throw new Error("Verify email first (account_verify_email).");
+        }
+        validatePhoneE164(args.phoneE164);
+        const result = await resourceLimiter.withTimeout(() => requestPhoneOtp(profile.tokenServiceUrl, secrets.accessToken, args.phoneE164), "account_request_phone_otp");
+        if (!result.success) {
+            throw new Error(result.error ?? "Failed to send phone verification SMS.");
+        }
+        return successResult(formatOutput({
+            success: true,
+            phoneE164: args.phoneE164.trim(),
+            nextSteps: ["account_verify_phone"],
+            message: "SMS verification code sent.",
+        }, args.options?.format));
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+export const accountVerifyPhoneParameters = z.object({
+    phoneE164: z.string().min(8),
+    code: z.string().min(1),
+    options: formatOptions,
+});
+export async function executeAccountVerifyPhone(args, resourceLimiter) {
+    try {
+        const profile = requireActiveProfile();
+        const secrets = requireActiveSecrets();
+        if (!secrets.accessToken) {
+            throw new Error("Verify email first (account_verify_email).");
+        }
+        validatePhoneE164(args.phoneE164);
+        const result = await resourceLimiter.withTimeout(() => verifyPhoneOtp(profile.tokenServiceUrl, secrets.accessToken, args.phoneE164, args.code), "account_verify_phone");
+        if (!result.success) {
+            throw new Error(result.error ?? "Phone verification failed.");
+        }
+        savePhoneVerified(profile.id, args.phoneE164);
+        applyActiveProfileToEnv();
+        return successResult(formatOutput({
+            success: true,
+            phoneE164: args.phoneE164.trim(),
+            phase: computeAccountPhase(),
+            nextSteps: ["account_create_wallet"],
+            reloadRequired: true,
+            message: "Phone verified and saved to encrypted profile store.",
+        }, args.options?.format));
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+export const accountCreateWalletParameters = z.object({
+    options: formatOptions,
+});
+export async function executeAccountCreateWallet(args) {
+    try {
+        const profile = requireActiveProfile();
+        const secrets = requireActiveSecrets();
+        if (!secrets.accessToken) {
+            throw new Error("Verify email first (account_verify_email).");
+        }
+        const evm = generateEvmIdentity();
+        saveEvmWallet(profile.id, evm.privateKey, evm.address);
+        applyActiveProfileToEnv();
+        return successResult(formatOutput({
+            success: true,
+            evmAddress: evm.address,
+            phase: computeAccountPhase(),
+            nextSteps: ["account_link_wallet"],
+            message: "Wallet generated and stored in encrypted profile (private key not shown).",
+        }, args.options?.format));
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+export const accountImportWalletParameters = z.object({
+    mnemonic: z.string().optional(),
+    privateKey: z.string().optional(),
+    options: formatOptions,
+});
+export async function executeAccountImportWallet(args) {
+    try {
+        const profile = requireActiveProfile();
+        const secrets = requireActiveSecrets();
+        if (!secrets.accessToken) {
+            throw new Error("Verify email first (account_verify_email).");
+        }
+        if (!args.mnemonic && !args.privateKey) {
+            throw new Error("Provide mnemonic or privateKey.");
+        }
+        const evm = args.mnemonic
+            ? evmIdentityFromMnemonic(args.mnemonic)
+            : evmIdentityFromPrivateKey(args.privateKey);
+        saveEvmWallet(profile.id, evm.privateKey, evm.address);
+        applyActiveProfileToEnv();
+        return successResult(formatOutput({
+            success: true,
+            evmAddress: evm.address,
+            phase: computeAccountPhase(),
+            nextSteps: ["account_link_wallet"],
+            warning: "Imported secrets were stored locally; avoid pasting mnemonics/keys in chat when possible.",
+        }, args.options?.format));
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+export const accountLinkWalletParameters = z.object({
+    options: formatOptions,
+});
+export async function executeAccountLinkWallet(args, resourceLimiter) {
+    try {
+        const profile = requireActiveProfile();
+        const secrets = requireActiveSecrets();
+        if (!secrets.accessToken || !secrets.evmPrivateKey || !profile.evmAddress) {
+            throw new Error("Complete email verification and create/import wallet first.");
+        }
+        const linked = await resourceLimiter.withTimeout(() => runWalletEnsureAndAttach(profile.tokenServiceUrl, secrets.accessToken, secrets.evmPrivateKey, profile.evmAddress), "account_link_wallet");
+        saveWalletLink(profile.id, linked.walletId, linked.linkId, linked.evmAddress);
+        applyActiveProfileToEnv();
+        return successResult(formatOutput({
+            success: true,
+            walletId: linked.walletId,
+            linkId: linked.linkId,
+            evmAddress: linked.evmAddress,
+            phase: computeAccountPhase(),
+            nextSteps: ["account_provision_identity"],
+        }, args.options?.format));
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+export const accountProvisionIdentityParameters = z.object({
+    options: formatOptions,
+});
+export async function executeAccountProvisionIdentity(args, resourceLimiter) {
+    try {
+        const profile = requireActiveProfile();
+        const secrets = requireActiveSecrets();
+        if (!secrets.accessToken ||
+            !secrets.evmPrivateKey ||
+            !profile.evmAddress ||
+            profile.walletId == null) {
+            throw new Error("Link wallet on Token Service before provisioning identity.");
+        }
+        const out = await resourceLimiter.withTimeout(() => provisionWalletIdentityKey({
+            baseUrl: profile.tokenServiceUrl,
+            accessToken: secrets.accessToken,
+            walletId: profile.walletId,
+            evmPrivateKey: secrets.evmPrivateKey,
+            evmAddress: profile.evmAddress,
+        }), "account_provision_identity");
+        const updated = saveIdentityProvision(profile.id, out.identityKeyId, out.x25519PublicKey);
+        applyActiveProfileToEnv();
+        return successResult(formatOutput({
+            success: true,
+            identityKeyId: out.identityKeyId,
+            x25519Fingerprint: updated.x25519Fingerprint,
+            provisioned: out.provisioned,
+            phase: computeAccountPhase(),
+            reloadRequired: true,
+            message: "Identity key provisioned. Reload MCP to use recipient encryption and decrypt.",
+        }, args.options?.format));
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+export const accountLogoutParameters = z.object({
+    profileId: z.string().optional(),
+    options: formatOptions,
+});
+export async function executeAccountLogout(args) {
+    try {
+        const result = logoutProfile(args.profileId);
+        clearProfileCredentialsFromEnv();
+        const phase = computeAccountPhase();
+        const payload = {
+            success: true,
+            loggedOutProfileId: result.profileId,
+            label: result.label,
+            wasActive: result.wasActive,
+            phase,
+            nextSteps: ["account_select", "account_register_email", "account_initialize"],
+            reloadRequired: true,
+            message: "Logged out: cleared Bearer token, wallet key, and identity material from the profile store. " +
+                "Reload MCP to clear credentials from this session. " +
+                "Credentials in mcp.json env are unchanged. Use account_remove to delete the profile entirely.",
+        };
+        const format = args.options?.format ?? "text";
+        if (format === "json") {
+            return successResult(formatOutput(payload, "json"));
+        }
+        return successResult([
+            "NeoZip account logged out",
+            `Profile: ${result.label} (${result.profileId})`,
+            `Phase: ${phase}`,
+            `Next: ${payload.nextSteps.join(", ")}`,
+            payload.message,
+        ].join("\n"));
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+export const accountRemoveParameters = z.object({
+    profileId: z.string(),
+    confirm: z.boolean(),
+    options: formatOptions,
+});
+export async function executeAccountRemove(args) {
+    try {
+        removeProfile(args.profileId, args.confirm === true);
+        return successResult(formatOutput({ success: true, removed: args.profileId }, args.options?.format));
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+export const accountInitializeParameters = z.object({
+    step: z
+        .enum(["auto", "status", "email", "phone", "wallet", "link", "identity"])
+        .optional()
+        .default("auto"),
+    email: z.string().email().optional(),
+    code: z.string().optional(),
+    phoneE164: z.string().optional(),
+    phoneCode: z.string().optional(),
+    label: z.string().optional(),
+    mnemonic: z.string().optional(),
+    privateKey: z.string().optional(),
+    options: formatOptions,
+});
+export async function executeAccountInitialize(args, resourceLimiter) {
+    try {
+        const step = args.step ?? "auto";
+        if (step === "status") {
+            return executeAccountStatus({ options: args.options });
+        }
+        let phase = computeAccountPhase();
+        if (phase === "no_profile") {
+            await executeAccountCreate({ label: args.label, options: args.options });
+            phase = computeAccountPhase();
+        }
+        if (step === "auto" || step === "email") {
+            if (phase === "email_unverified") {
+                if (!args.email) {
+                    return errorResult("account_initialize (email): provide email and code after account_register_email, or run account_register_email then account_verify_email.");
+                }
+                if (!args.code) {
+                    const reg = await executeAccountRegisterEmail({ email: args.email, options: args.options }, resourceLimiter);
+                    if (reg.content[0]?.text.startsWith("Error:"))
+                        return reg;
+                    return successResult(`${reg.content[0]?.text}\n\nCheck your inbox for the 6-digit code, then call account_initialize again with the same email and code.`);
+                }
+                const ver = await executeAccountVerifyEmail({ email: args.email, code: args.code, options: args.options }, resourceLimiter);
+                if (ver.content[0]?.text.startsWith("Error:"))
+                    return ver;
+                phase = computeAccountPhase();
+            }
+        }
+        const activeProfile = getActiveProfile();
+        const activeConnection = getActiveConnection();
+        const phoneRequired = activeProfile != null &&
+            activeConnection != null &&
+            (await needsPhoneVerification(activeConnection, activeProfile.tokenServiceUrl));
+        if ((step === "auto" || step === "phone") && phoneRequired) {
+            if (!args.phoneE164) {
+                return errorResult("account_initialize (phone): provide phoneE164 and phoneCode, or run account_request_phone_otp then account_verify_phone.");
+            }
+            if (!args.phoneCode) {
+                const req = await executeAccountRequestPhoneOtp({ phoneE164: args.phoneE164, options: args.options }, resourceLimiter);
+                if (req.content[0]?.text.startsWith("Error:"))
+                    return req;
+                return successResult(`${req.content[0]?.text}\n\nCheck your phone for the SMS code, then call account_initialize again with the same phoneE164 and phoneCode.`);
+            }
+            const phoneVer = await executeAccountVerifyPhone({
+                phoneE164: args.phoneE164,
+                code: args.phoneCode,
+                options: args.options,
+            }, resourceLimiter);
+            if (phoneVer.content[0]?.text.startsWith("Error:"))
+                return phoneVer;
+            phase = computeAccountPhase();
+        }
+        if ((step === "auto" || step === "wallet") && phase === "no_wallet") {
+            if (args.mnemonic || args.privateKey) {
+                const imp = await executeAccountImportWallet({
+                    mnemonic: args.mnemonic,
+                    privateKey: args.privateKey,
+                    options: args.options,
+                });
+                if (imp.content[0]?.text.startsWith("Error:"))
+                    return imp;
+            }
+            else {
+                const cw = await executeAccountCreateWallet({ options: args.options });
+                if (cw.content[0]?.text.startsWith("Error:"))
+                    return cw;
+            }
+            phase = computeAccountPhase();
+        }
+        if ((step === "auto" || step === "link") && phase === "wallet_unlinked") {
+            const link = await executeAccountLinkWallet({ options: args.options }, resourceLimiter);
+            if (link.content[0]?.text.startsWith("Error:"))
+                return link;
+            phase = computeAccountPhase();
+        }
+        if ((step === "auto" || step === "identity") && phase === "identity_missing") {
+            const prov = await executeAccountProvisionIdentity({ options: args.options }, resourceLimiter);
+            if (prov.content[0]?.text.startsWith("Error:"))
+                return prov;
+            phase = computeAccountPhase();
+        }
+        const report = await buildAccountStatusReport();
+        return successResult(formatOutput(report, args.options?.format ?? "json"));
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+//# sourceMappingURL=account.js.map