spendos 0.1.0

package/acp-seller/src/commands/token.ts

@@ -0,0 +1,88 @@
+// =============================================================================
+// acp token launch <symbol> <description> [--image <url>]
+// acp token info
+// =============================================================================
+
+import client from "../lib/client.js";
+import { getMyAgentInfo } from "../lib/wallet.js";
+import * as output from "../lib/output.js";
+
+export async function launch(
+  symbol: string,
+  description: string,
+  imageUrl?: string,
+): Promise<void> {
+  if (!symbol || !description) {
+    output.fatal(
+      "Usage: acp token launch <symbol> <description> [--image <url>]",
+    );
+  }
+
+  // Check if token already exists
+  try {
+    const info = await getMyAgentInfo();
+    if (info.tokenAddress) {
+      const symbol = info.token?.symbol;
+      output.output(
+        { alreadyLaunched: true, symbol, tokenAddress: info.tokenAddress },
+        () => {
+          output.heading("Token Already Launched");
+          if (symbol) output.field("Symbol", symbol);
+          output.field("Token Address", info.tokenAddress);
+          output.log(
+            "\n  Each agent can only launch one token. Run `acp token info` for details.\n",
+          );
+        },
+      );
+      return;
+    }
+  } catch {
+    // Non-fatal — proceed with launch attempt
+  }
+
+  try {
+    const payload: Record<string, string> = { symbol, description };
+    if (imageUrl) payload.imageUrl = imageUrl;
+
+    const token = await client.post("/acp/me/tokens", payload);
+
+    output.output(token.data.data, (tokenData) => {
+      output.heading("Token Launched");
+      output.field("Symbol", tokenData.symbol ?? "");
+      output.field("Token Address", tokenData.tokenAddress ?? "");
+      output.log("");
+    });
+  } catch (e) {
+    output.fatal(
+      `Failed to launch token: ${e instanceof Error ? e.message : String(e)}`,
+    );
+  }
+}
+
+export async function info(): Promise<void> {
+  try {
+    const agentInfo = await getMyAgentInfo();
+
+    output.output(agentInfo, (data) => {
+      output.heading("Agent Token");
+      if (data.tokenAddress) {
+        output.field("Name", data.token.name);
+        output.field("Symbol", output.formatSymbol(data.token.symbol));
+        output.field("Address", data.tokenAddress);
+        output.field(
+          "URL",
+          `https://app.virtuals.io/prototypes/${data.tokenAddress}`,
+        );
+      } else {
+        output.log(
+          "  No token launched yet. Use `acp token launch` to create one.",
+        );
+      }
+      output.log("");
+    });
+  } catch (e) {
+    output.fatal(
+      `Failed to get token info: ${e instanceof Error ? e.message : String(e)}`,
+    );
+  }
+}

package/acp-seller/src/commands/wallet.ts

@@ -0,0 +1,123 @@
+// =============================================================================
+// acp wallet address — Get wallet address
+// acp wallet balance — Get token balances
+// acp wallet topup — Get topup URL
+// =============================================================================
+
+import { getPaymentUrl } from "../lib/api.js";
+import { getMyAgentInfo } from "../lib/wallet.js";
+import * as output from "../lib/output.js";
+import client from "../lib/client.js";
+
+interface WalletBalance {
+  network: string;
+  symbol: string;
+  tokenAddress: string | null;
+  tokenBalance: string;
+  decimals: number;
+  tokenPrices: { currency: string; value: string }[];
+  tokenMetadata: {
+    decimals: number | null;
+    logo: string | null;
+    name: string | null;
+    symbol: string | null;
+  };
+}
+
+function formatBalance(hexBalance: string, decimals: number): string {
+  const raw = BigInt(hexBalance);
+  if (raw === 0n) return "0";
+  const divisor = 10n ** BigInt(decimals);
+  const whole = raw / divisor;
+  const remainder = raw % divisor;
+  if (remainder === 0n) return whole.toString();
+  const fracStr = remainder
+    .toString()
+    .padStart(decimals, "0")
+    .replace(/0+$/, "");
+  return `${whole}.${fracStr}`;
+}
+
+export async function address(): Promise<void> {
+  try {
+    const info = await getMyAgentInfo();
+    output.output({ walletAddress: info.walletAddress }, (data) => {
+      output.heading("Agent Wallet");
+      output.field("Address", data.walletAddress);
+      output.log("");
+    });
+  } catch (e) {
+    output.fatal(
+      `Failed to get wallet address: ${e instanceof Error ? e.message : String(e)}`,
+    );
+  }
+}
+
+export async function balance(): Promise<void> {
+  try {
+    const balances = await client.get<{ data: WalletBalance[] }>(
+      "/acp/wallet-balances",
+    );
+
+    const data = balances.data.data.map((token) => ({
+      network: token.network,
+      symbol: token.symbol,
+      tokenAddress: token.tokenAddress,
+      tokenBalance: token.tokenBalance,
+      tokenMetadata: token.tokenMetadata,
+      decimals: token.decimals,
+      tokenPrices: token.tokenPrices,
+    }));
+
+    output.output(data, (tokens) => {
+      output.heading("Wallet Balances");
+      if (tokens.length === 0) {
+        output.log("  No tokens found.");
+      }
+      for (const t of tokens) {
+        const sym =
+          t.tokenMetadata?.symbol ||
+          t.symbol ||
+          (t.tokenAddress === null ? "ETH" : "???");
+        const name =
+          t.tokenMetadata?.name || (t.tokenAddress === null ? "Ether" : "");
+        const decimals = t.tokenMetadata?.decimals ?? t.decimals ?? 18;
+        const bal = formatBalance(t.tokenBalance, decimals);
+        const price = t.tokenPrices?.[0]?.value ?? "-";
+        output.log(
+          `  ${sym.padEnd(8)} ${name.padEnd(20)} ${bal.padStart(20)}    $${price}`,
+        );
+      }
+      output.log("");
+    });
+  } catch (e) {
+    output.fatal(
+      `Failed to get wallet balance: ${e instanceof Error ? e.message : String(e)}`,
+    );
+  }
+}
+
+export async function topup(): Promise<void> {
+  try {
+    const info = await getMyAgentInfo();
+    const result = await getPaymentUrl();
+
+    if (!result.success || !result.url) {
+      output.fatal("Failed to get topup URL.");
+    }
+
+    output.output(
+      { url: result.url, walletAddress: info.walletAddress },
+      (data) => {
+        output.heading("Wallet Topup");
+        output.field("Wallet Address", data.walletAddress);
+        output.field("Topup URL", data.url);
+        output.log("\n  Visit the URL above to add funds to your wallet.\n");
+      },
+    );
+  } catch (e) {
+    output.fatal(
+      `Failed to get topup URL: ${e instanceof Error ? e.message : String(e)}`,
+    );
+  }
+}

package/acp-seller/src/lib/api.ts

@@ -0,0 +1,118 @@
+// =============================================================================
+// ACP API wrappers for job offerings and resources.
+// =============================================================================
+
+import client from "./client.js";
+
+export interface PriceV2 {
+  type: "fixed" | "percentage";
+  value: number;
+}
+
+export interface JobOfferingData {
+  name: string;
+  description: string;
+  priceV2: PriceV2;
+  slaMinutes: number;
+  requiredFunds: boolean;
+  requirement: Record<string, any>;
+  deliverable: string;
+  resources?: Resource[];
+}
+
+export interface Resource {
+  name: string;
+  description: string;
+  url: string;
+  params?: Record<string, any>;
+}
+
+export interface AgentData {
+  name: string;
+  tokenAddress: string;
+  resources: Resource[];
+  offerings: JobOfferingData[];
+}
+
+export interface CreateJobOfferingResponse {
+  success: boolean;
+  data?: unknown;
+}
+
+export interface PaymentUrlResponse {
+  url: string;
+}
+
+export async function createJobOffering(
+  offering: JobOfferingData,
+): Promise<{ success: boolean; data?: AgentData }> {
+  try {
+    const { data } = await client.post(`/acp/job-offerings`, {
+      data: offering,
+    });
+    return { success: true, data };
+  } catch (error: any) {
+    const msg = error instanceof Error ? error.message : String(error);
+    console.error(`ACP createJobOffering failed: ${msg}`);
+    return { success: false };
+  }
+}
+
+export async function deleteJobOffering(
+  offeringName: string,
+): Promise<{ success: boolean }> {
+  try {
+    await client.delete(
+      `/acp/job-offerings/${encodeURIComponent(offeringName)}`,
+    );
+    return { success: true };
+  } catch (error: unknown) {
+    const msg = error instanceof Error ? error.message : String(error);
+    console.error(`ACP deleteJobOffering failed: ${msg}`);
+    return { success: false };
+  }
+}
+
+export async function upsertResourceApi(
+  resource: Resource,
+): Promise<{ success: boolean; data?: AgentData }> {
+  try {
+    const { data } = await client.post(`/acp/resources`, {
+      data: resource,
+    });
+    return { success: true, data };
+  } catch (error: any) {
+    const msg = error instanceof Error ? error.message : String(error);
+    console.error(`ACP upsertResource failed: ${msg}`);
+    return { success: false };
+  }
+}
+
+export async function deleteResourceApi(
+  resourceName: string,
+): Promise<{ success: boolean }> {
+  try {
+    await client.delete(`/acp/resources/${encodeURIComponent(resourceName)}`);
+    return { success: true };
+  } catch (error: unknown) {
+    const msg = error instanceof Error ? error.message : String(error);
+    console.error(`ACP deleteResource failed: ${msg}`);
+    return { success: false };
+  }
+}
+
+export async function getPaymentUrl(): Promise<{
+  success: boolean;
+  url?: string;
+}> {
+  try {
+    const { data } = await client.get<{ data: PaymentUrlResponse }>(
+      "/acp/topup",
+    );
+    return { success: true, url: data.data.url };
+  } catch (error: any) {
+    const msg = error instanceof Error ? error.message : String(error);
+    console.error(`ACP getPaymentUrl failed: ${msg}`);
+    return { success: false };
+  }
+}

package/acp-seller/src/lib/auth.ts

@@ -0,0 +1,291 @@
+// =============================================================================
+// Auth + Agent management API (acpx.virtuals.io)
+// Shared by setup.ts, agent.ts, and any command needing session-based APIs.
+// =============================================================================
+
+import axios, { type AxiosInstance } from "axios";
+import * as output from "./output.js";
+import { openUrl } from "./open.js";
+import { readConfig, writeConfig, type AgentEntry } from "./config.js";
+import client from "./client.js";
+
+const API_URL = process.env.ACP_AUTH_URL || "https://acpx.virtuals.io";
+
+// -- Response types --
+
+export interface AuthUrlResponse {
+  authUrl: string;
+  requestId: string;
+}
+
+export interface AuthStatusResponse {
+  token: string;
+}
+
+/** Returned by list agents — no API key (never exposed after creation). */
+export interface AgentInfoResponse {
+  id: string;
+  name: string;
+  walletAddress: string;
+}
+
+/** Returned by create agent — API key shown once. */
+export interface AgentKeyResponse {
+  id: string;
+  name: string;
+  apiKey: string;
+  walletAddress: string;
+}
+
+/** Returned by regenerate — fresh API key for an existing agent. */
+export interface RegenerateKeyResponse {
+  apiKey: string;
+}
+
+// -- HTTP clients --
+
+function apiClient(): AxiosInstance {
+  return axios.create({
+    baseURL: API_URL,
+    headers: { "Content-Type": "application/json" },
+  });
+}
+
+function apiClientWithSession(sessionToken: string): AxiosInstance {
+  return axios.create({
+    baseURL: API_URL,
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${sessionToken}`,
+    },
+  });
+}
+
+// -- Session token --
+
+/** Decode the exp claim from a JWT without verifying the signature. */
+function getJwtExpiry(token: string): Date | null {
+  try {
+    const parts = token.split(".");
+    if (parts.length !== 3) return null;
+    // @ts-ignore
+    const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString());
+    if (typeof payload.exp === "number") {
+      return new Date(payload.exp * 1000); // exp is seconds since epoch
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+export function getValidSessionToken(): string | null {
+  const config = readConfig();
+  const token = config?.SESSION_TOKEN?.token;
+  if (!token) return null;
+
+  const expiry = getJwtExpiry(token);
+  if (!expiry || expiry <= new Date()) return null;
+  return token;
+}
+
+export function storeSessionToken(token: string): void {
+  const config = readConfig();
+  writeConfig({ ...config, SESSION_TOKEN: { token } });
+}
+
+// -- Auth API --
+
+export async function getAuthUrl(): Promise<AuthUrlResponse> {
+  const { data } = await apiClient().get<{ data: AuthUrlResponse }>(
+    "/api/auth/lite/auth-url",
+  );
+  return data.data;
+}
+
+export async function getAuthStatus(
+  requestId: string,
+): Promise<AuthStatusResponse | null> {
+  const { data } = await apiClient().get<{ data: AuthStatusResponse }>(
+    `/api/auth/lite/auth-status?requestId=${requestId}`,
+  );
+  return data?.data ?? null;
+}
+
+// -- Agent API --
+
+/** Fetch all agents belonging to the authenticated user. No API keys returned. */
+export async function fetchAgents(
+  sessionToken: string,
+): Promise<AgentInfoResponse[]> {
+  const { data } = await apiClientWithSession(sessionToken).get<{
+    data: AgentInfoResponse[];
+  }>("/api/agents/lite");
+  return data.data;
+}
+
+/** Create a new agent for the authenticated user. API key returned once. */
+export async function createAgentApi(
+  sessionToken: string,
+  agentName: string,
+): Promise<AgentKeyResponse> {
+  const { data } = await apiClientWithSession(sessionToken).post<{
+    data: AgentKeyResponse;
+  }>("/api/agents/lite/key", {
+    data: { name: agentName.trim() },
+  });
+  return data.data;
+}
+
+/** Regenerate the API key for an existing agent. Returns a fresh key. */
+export async function regenerateApiKey(
+  sessionToken: string,
+  walletAddress: string,
+): Promise<RegenerateKeyResponse> {
+  const { data } = await apiClientWithSession(sessionToken).post<{
+    data: RegenerateKeyResponse;
+  }>(`/api/agents/lite/${walletAddress}/regenerate-api`);
+  return data.data;
+}
+
+export async function isAgentApiKeyValid(apiKey: string): Promise<boolean> {
+  return await client
+    .get("/acp/me", {
+      headers: {
+        "x-api-key": apiKey,
+      },
+    })
+    .then(() => true)
+    .catch(() => false);
+}
+
+// -- Login (polling-based, no stdin required) --
+
+/** How often to poll the auth status endpoint (ms). */
+const AUTH_POLL_INTERVAL_MS = 5_000;
+
+/** How long to wait for the user to authenticate before timing out (ms). */
+const AUTH_TIMEOUT_MS = 5 * 60 * 1_000;
+
+function sleep(ms: number): Promise<void> {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+/**
+ * Login flow. Opens browser / prints link, then polls until authenticated
+ * or timed out. No stdin interaction required — works in any runtime.
+ */
+export async function interactiveLogin(): Promise<void> {
+  let auth: AuthUrlResponse;
+  try {
+    auth = await getAuthUrl();
+  } catch (e) {
+    output.fatal(
+      `Could not get login link: ${e instanceof Error ? e.message : String(e)}`,
+    );
+  }
+
+  const { authUrl, requestId } = auth;
+  openUrl(authUrl);
+
+  output.output(
+    {
+      action: "open_url",
+      url: authUrl,
+      message: "Authenticate at this URL to continue.",
+    },
+    () => {
+      output.log(`  Opening browser...`);
+      output.log(`  Login link: ${authUrl}\n`);
+      output.log(
+        `  Waiting for authentication (timeout: ${AUTH_TIMEOUT_MS / 1_000}s)...\n`,
+      );
+    },
+  );
+
+  const deadline = Date.now() + AUTH_TIMEOUT_MS;
+  let elapsed = 0;
+
+  while (Date.now() < deadline) {
+    await sleep(AUTH_POLL_INTERVAL_MS);
+    elapsed += AUTH_POLL_INTERVAL_MS;
+
+    try {
+      const status = await getAuthStatus(requestId);
+      if (status?.token) {
+        storeSessionToken(status.token);
+        output.output(
+          {
+            status: "authenticated",
+            message: "Login success. Session stored.",
+          },
+          () => output.success("Login success. Session stored.\n"),
+        );
+        return;
+      }
+    } catch (err) {
+      // Auth not ready yet or transient error — keep polling
+    }
+
+    // Progress indicator every 15s (3 polls)
+    if (elapsed % 15_000 === 0) {
+      const remaining = Math.round((deadline - Date.now()) / 1_000);
+      output.log(`  Still waiting... (${remaining}s remaining)`);
+    }
+  }
+
+  output.fatal(
+    `Authentication timed out after ${AUTH_TIMEOUT_MS / 1_000}s. Run \`acp login\` to try again.`,
+  );
+}
+
+/**
+ * Ensure we have a valid session token. If expired/missing, auto-prompts login.
+ * Returns the valid session token, or calls process.exit if login fails.
+ */
+export async function ensureSession(): Promise<string> {
+  const existing = getValidSessionToken();
+  if (existing) return existing;
+
+  output.warn("Session expired or not found. Logging in...\n");
+  await interactiveLogin();
+
+  const token = getValidSessionToken();
+  if (!token) {
+    output.fatal("Login failed. Cannot continue.");
+  }
+  return token;
+}
+
+// -- Agent sync --
+
+/**
+ * Merge server agents into local config. Returns the merged list.
+ * Server does NOT return API keys — only id, name, walletAddress.
+ * Local API keys (from create/regenerate) are preserved.
+ */
+export function syncAgentsToConfig(
+  serverAgents: AgentInfoResponse[],
+): AgentEntry[] {
+  const config = readConfig();
+  const localAgents = config.agents ?? [];
+
+  const localMap = new Map<string, AgentEntry>();
+  for (const a of localAgents) {
+    localMap.set(a.id, a);
+  }
+
+  const merged: AgentEntry[] = serverAgents.map((s) => {
+    const local = localMap.get(s.id);
+    return {
+      id: s.id,
+      name: s.name,
+      walletAddress: s.walletAddress,
+      apiKey: local?.apiKey, // preserve local key if we have one
+      active: local?.active ?? false,
+    };
+  });
+
+  writeConfig({ ...config, agents: merged });
+  return merged;
+}