Sync from opensea-devtools

Author: ryanio

AGENTS.md

@@ -21,14 +21,16 @@ pnpm run type-check  # TypeScript type checking
 | `src/index.ts` | Library entry point — public `tool-sdk` exports |
 | `src/cli.ts` | CLI entry point (Commander program wiring) |
 | `src/types.ts` | Shared public types |
-| `src/cli/commands/` | CLI commands: `register`, `validate`, `verify`, `hash`, `init` |
+| `src/cli/commands/` | CLI commands: `auth`, `deploy`, `dry-run-gate`, `dry-run-predicate-gate`, `export`, `hash`, `init`, `inspect`, `pay`, `register`, `smoke`, `update-metadata`, `validate`, `verify` |
 | `src/lib/onchain/abis.ts` | TypeScript ABI definitions mirroring Solidity interfaces |
 | `src/lib/onchain/chains.ts` | Deployed contract addresses per chain |
 | `src/lib/onchain/registry.ts` | `ToolRegistryClient` — onchain interaction wrapper |
 | `src/lib/onchain/hash.ts` | JCS keccak256 manifest hashing |
+| `src/lib/onchain/access.ts` | Access-check helpers for tool gating |
+| `src/lib/onchain/predicate-clients.ts` | Typed clients for predicate contracts |
 | `src/lib/manifest/` | Manifest schema, validation, types |
 | `src/lib/handler/` | `createToolHandler` — Web Request/Response handler factory |
-| `src/lib/middleware/` | Gating middleware (NFT gate, x402, well-known endpoint) |
+| `src/lib/middleware/` | Gating middleware (NFT gate, predicate gate, x402, x402 facilitators, well-known endpoint) |
 | `src/lib/wallet/` | Re-exports from `@opensea/wallet-adapters` (adapters, types, and viem bridge) |
 | `src/lib/adapters/` | Framework adapters (Vercel, Cloudflare, Express) |
 | `src/lib/utils.ts` | Shared utilities used across `lib/` |

src/__tests__/auth.test.ts

@@ -8,7 +8,8 @@ const BANKR_ADDRESS = "0x8b8e1C20E0630De8C60f0e0D5C3e9C7c20F0c20e"
 afterEach(() => {
   vi.unstubAllGlobals()
   vi.restoreAllMocks()
-  delete process.env.TOOL_SDK_PRIVATE_KEY
+  delete process.env.PRIVATE_KEY
+  delete process.env.RPC_URL
   delete process.env.BANKR_API_KEY
 })
 
@@ -28,7 +29,8 @@ describe("auth command", () => {
     vi.stubGlobal("fetch", fetchMock)
 
     const logSpy = vi.spyOn(console, "log").mockImplementation(() => {})
-    process.env.TOOL_SDK_PRIVATE_KEY = PRIVATE_KEY
+    process.env.PRIVATE_KEY = PRIVATE_KEY
+    process.env.RPC_URL = "http://localhost:8545"
 
     const { authCommand } = await import("../cli/commands/auth.js")
 
@@ -66,6 +68,45 @@ describe("auth command", () => {
     logSpy.mockRestore()
   })
 
+  it("sends SIWE header when using --wallet-provider flag", async () => {
+    const calls: { url: string; headers: Record<string, string> }[] = []
+
+    const fetchMock = vi.fn(async (url: string, init?: RequestInit) => {
+      const headers = Object.fromEntries(
+        Object.entries(init?.headers ?? {}),
+      ) as Record<string, string>
+      calls.push({ url: url as string, headers })
+
+      return new Response(JSON.stringify({ result: "ok" }), { status: 200 })
+    })
+
+    vi.stubGlobal("fetch", fetchMock)
+
+    const logSpy = vi.spyOn(console, "log").mockImplementation(() => {})
+    process.env.PRIVATE_KEY = PRIVATE_KEY
+    process.env.RPC_URL = "http://localhost:8545"
+
+    const { authCommand } = await import("../cli/commands/auth.js")
+
+    await authCommand.parseAsync([
+      "node",
+      "auth",
+      "https://tool.example.com/api",
+      "--wallet-provider",
+      "private-key",
+      "--body",
+      "{}",
+    ])
+
+    expect(fetchMock).toHaveBeenCalledTimes(1)
+
+    const authHeader = calls[0].headers.Authorization
+    expect(authHeader).toBeDefined()
+    expect(authHeader).toMatch(/^SIWE /)
+
+    logSpy.mockRestore()
+  })
+
   it("prints hint on 401 auth failure", async () => {
     vi.stubGlobal(
       "fetch",
@@ -79,7 +120,8 @@ describe("auth command", () => {
     )
 
     const logSpy = vi.spyOn(console, "log").mockImplementation(() => {})
-    process.env.TOOL_SDK_PRIVATE_KEY = PRIVATE_KEY
+    process.env.PRIVATE_KEY = PRIVATE_KEY
+    process.env.RPC_URL = "http://localhost:8545"
 
     const { authCommand } = await import("../cli/commands/auth.js")
 
@@ -114,7 +156,8 @@ describe("auth command", () => {
     )
 
     const logSpy = vi.spyOn(console, "log").mockImplementation(() => {})
-    process.env.TOOL_SDK_PRIVATE_KEY = PRIVATE_KEY
+    process.env.PRIVATE_KEY = PRIVATE_KEY
+    process.env.RPC_URL = "http://localhost:8545"
 
     const { authCommand } = await import("../cli/commands/auth.js")
 
@@ -185,34 +228,32 @@ describe("auth command with --bankr-key", () => {
     logSpy.mockRestore()
   })
 
-  it("errors when both --key and --bankr-key are provided", async () => {
-    const errorSpy = vi.spyOn(console, "error").mockImplementation(() => {})
-    vi.spyOn(console, "log").mockImplementation(() => {})
-    const exitSpy = vi.spyOn(process, "exit").mockImplementation(() => {
-      throw new Error("process.exit")
-    })
+  it("prefers Bankr when both PRIVATE_KEY and BANKR_API_KEY are set", async () => {
+    const fetchMock = stubBankrFetch()
+    vi.stubGlobal("fetch", fetchMock)
 
-    process.env.TOOL_SDK_PRIVATE_KEY = PRIVATE_KEY
+    const logSpy = vi.spyOn(console, "log").mockImplementation(() => {})
+    process.env.PRIVATE_KEY = PRIVATE_KEY
+    process.env.RPC_URL = "http://localhost:8545"
     process.env.BANKR_API_KEY = "test-bankr-key"
 
     const { authCommand } = await import("../cli/commands/auth.js")
 
-    await expect(
-      authCommand.parseAsync([
-        "node",
-        "auth",
-        "https://tool.example.com/api",
-        "--body",
-        "{}",
-      ]),
-    ).rejects.toThrow("process.exit")
+    await authCommand.parseAsync([
+      "node",
+      "auth",
+      "https://tool.example.com/api",
+      "--body",
+      "{}",
+    ])
 
-    const output = errorSpy.mock.calls.map(c => c.join(" ")).join("\n")
-    expect(output).toContain("Both --key and --bankr-key")
-    expect(exitSpy).toHaveBeenCalledWith(1)
+    // Bankr path: first call should be /wallet/info
+    expect(fetchMock.mock.calls[0][0]).toContain("/wallet/info")
+
+    logSpy.mockRestore()
   })
 
-  it("shows updated error when neither key is provided", async () => {
+  it("shows error when no wallet env vars are set", async () => {
     const errorSpy = vi.spyOn(console, "error").mockImplementation(() => {})
     vi.spyOn(console, "log").mockImplementation(() => {})
     const exitSpy = vi.spyOn(process, "exit").mockImplementation(() => {
@@ -232,7 +273,7 @@ describe("auth command with --bankr-key", () => {
     ).rejects.toThrow("process.exit")
 
     const output = errorSpy.mock.calls.map(c => c.join(" ")).join("\n")
-    expect(output).toContain("TOOL_SDK_PRIVATE_KEY")
+    expect(output).toContain("PRIVATE_KEY")
     expect(output).toContain("BANKR_API_KEY")
     expect(exitSpy).toHaveBeenCalledWith(1)
   })

src/__tests__/deploy-integration.test.ts

@@ -34,6 +34,70 @@ afterAll(() => {
   rmSync(fixturesDir, { recursive: true, force: true })
 })
 
+describe("fetchExistingEnvVars", () => {
+  let execSyncMock: ReturnType<typeof vi.fn>
+
+  beforeEach(async () => {
+    const cp = await import("node:child_process")
+    execSyncMock = cp.execSync as ReturnType<typeof vi.fn>
+  })
+
+  afterEach(() => {
+    vi.restoreAllMocks()
+  })
+
+  it("should return a set of existing env var names", async () => {
+    execSyncMock.mockReturnValue(
+      JSON.stringify([
+        { key: "API_KEY" },
+        { key: "SECRET_TOKEN" },
+        { key: "TOOL_ENDPOINT" },
+      ]),
+    )
+
+    const { fetchExistingEnvVars } = await import("../cli/commands/deploy.js")
+    const result = fetchExistingEnvVars()
+
+    expect(result).toBeInstanceOf(Set)
+    expect(result.has("API_KEY")).toBe(true)
+    expect(result.has("SECRET_TOKEN")).toBe(true)
+    expect(result.has("TOOL_ENDPOINT")).toBe(true)
+    expect(result.has("NONEXISTENT")).toBe(false)
+  })
+
+  it("should return empty set when vercel env ls fails", async () => {
+    execSyncMock.mockImplementation(() => {
+      throw new Error("Not authenticated")
+    })
+
+    const { fetchExistingEnvVars } = await import("../cli/commands/deploy.js")
+    const result = fetchExistingEnvVars()
+
+    expect(result).toBeInstanceOf(Set)
+    expect(result.size).toBe(0)
+  })
+
+  it("should return empty set when vercel env ls returns invalid JSON", async () => {
+    execSyncMock.mockReturnValue("not valid json")
+
+    const { fetchExistingEnvVars } = await import("../cli/commands/deploy.js")
+    const result = fetchExistingEnvVars()
+
+    expect(result).toBeInstanceOf(Set)
+    expect(result.size).toBe(0)
+  })
+
+  it("should return empty set for empty array response", async () => {
+    execSyncMock.mockReturnValue("[]")
+
+    const { fetchExistingEnvVars } = await import("../cli/commands/deploy.js")
+    const result = fetchExistingEnvVars()
+
+    expect(result).toBeInstanceOf(Set)
+    expect(result.size).toBe(0)
+  })
+})
+
 describe("deploy command (mocked shell)", () => {
   let execSyncMock: ReturnType<typeof vi.fn>
   let origCwd: string
@@ -342,4 +406,145 @@ describe("deploy command (mocked shell)", () => {
       }
     }
   })
+
+  it("should skip env var prompts for vars already set in Vercel", async () => {
+    vi.spyOn(process, "exit").mockImplementation(code => {
+      throw new ExitError(code as number)
+    })
+    const logSpy = vi.spyOn(console, "log").mockImplementation(() => {})
+    vi.spyOn(console, "error").mockImplementation(() => {})
+
+    const testDir = setupTestDir("skip-existing", {
+      envExample: "API_KEY=your-key\nSECRET=your-secret\nTOOL_ENDPOINT=auto\n",
+      manifest: `export const manifest = { name: "my-tool" }`,
+    })
+
+    setupExecMock({
+      "vercel --version": "Vercel CLI 33.0.0",
+      "vercel whoami": "test-user",
+      "vercel env ls": JSON.stringify([{ key: "API_KEY" }]),
+      "vercel env add": "",
+      "vercel deploy --prod --force": "https://my-tool-final.vercel.app",
+      "vercel deploy --prod": "https://my-tool-abc123.vercel.app",
+    })
+
+    const validManifest = {
+      type: "https://eips.ethereum.org/EIPS/eip-XXXX#tool-manifest-v1",
+      name: "my-tool",
+      description: "A test tool",
+      endpoint: "https://my-tool-final.vercel.app",
+      inputs: { type: "object", properties: {} },
+      outputs: { type: "object", properties: {} },
+      creatorAddress: "0xabcdefabcdef1234567890abcdefabcdef123456",
+    }
+
+    const originalFetch = globalThis.fetch
+    globalThis.fetch = vi
+      .fn()
+      .mockResolvedValue(
+        new Response(JSON.stringify(validManifest), { status: 200 }),
+      )
+
+    process.chdir(testDir)
+
+    const origSecret = process.env.SECRET
+    process.env.SECRET = "secret-value"
+
+    try {
+      const { deployCommand } = await import("../cli/commands/deploy.js")
+      await deployCommand.parseAsync(
+        ["--host", "vercel", "--non-interactive"],
+        { from: "user" },
+      )
+
+      expect(logSpy).toHaveBeenCalledWith(
+        expect.stringContaining("API_KEY already set, skipping"),
+      )
+
+      expect(execSyncMock).not.toHaveBeenCalledWith(
+        expect.stringContaining("env add API_KEY"),
+        expect.anything(),
+      )
+
+      expect(logSpy).toHaveBeenCalledWith(expect.stringContaining("Set SECRET"))
+    } finally {
+      globalThis.fetch = originalFetch
+      if (origSecret === undefined) {
+        delete process.env.SECRET
+      } else {
+        process.env.SECRET = origSecret
+      }
+    }
+  })
+
+  it("should fall through to prompt flow when vercel env ls fails", async () => {
+    vi.spyOn(process, "exit").mockImplementation(code => {
+      throw new ExitError(code as number)
+    })
+    const logSpy = vi.spyOn(console, "log").mockImplementation(() => {})
+    vi.spyOn(console, "error").mockImplementation(() => {})
+
+    const testDir = setupTestDir("env-ls-fail", {
+      envExample: "API_KEY=your-key\nTOOL_ENDPOINT=auto\n",
+      manifest: `export const manifest = { name: "my-tool" }`,
+    })
+
+    execSyncMock.mockImplementation((cmd: string) => {
+      const cmdStr = String(cmd)
+      if (cmdStr.includes("vercel env ls")) throw new Error("Network error")
+      if (cmdStr.includes("vercel --version")) return "Vercel CLI 33.0.0"
+      if (cmdStr.includes("vercel whoami")) return "test-user"
+      if (cmdStr.includes("vercel env add")) return ""
+      if (cmdStr.includes("vercel deploy --prod --force"))
+        return "https://my-tool-final.vercel.app"
+      if (cmdStr.includes("vercel deploy --prod"))
+        return "https://my-tool-abc123.vercel.app"
+      return ""
+    })
+
+    const validManifest = {
+      type: "https://eips.ethereum.org/EIPS/eip-XXXX#tool-manifest-v1",
+      name: "my-tool",
+      description: "A test tool",
+      endpoint: "https://my-tool-final.vercel.app",
+      inputs: { type: "object", properties: {} },
+      outputs: { type: "object", properties: {} },
+      creatorAddress: "0xabcdefabcdef1234567890abcdefabcdef123456",
+    }
+
+    const originalFetch = globalThis.fetch
+    globalThis.fetch = vi
+      .fn()
+      .mockResolvedValue(
+        new Response(JSON.stringify(validManifest), { status: 200 }),
+      )
+
+    process.chdir(testDir)
+
+    const origApiKey = process.env.API_KEY
+    process.env.API_KEY = "test-key-value"
+
+    try {
+      const { deployCommand } = await import("../cli/commands/deploy.js")
+      await deployCommand.parseAsync(
+        ["--host", "vercel", "--non-interactive"],
+        { from: "user" },
+      )
+
+      expect(logSpy).toHaveBeenCalledWith(
+        expect.stringContaining("Could not fetch existing env vars"),
+      )
+
+      expect(logSpy).toHaveBeenCalledWith(
+        expect.stringContaining("Set API_KEY"),
+      )
+    } finally {
+      globalThis.fetch = originalFetch
+      if (origApiKey === undefined) {
+        delete process.env.API_KEY
+      } else {
+        process.env.API_KEY = origApiKey
+      }
+    }
+  })
 })