replit/token-gated-economy
Archived
2
0
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-03-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
d73b088e05561e64c7cb2b377afcfe869eee7b90
token-gated-economy/replit.md

426 lines
20 KiB
Markdown
Raw Normal View History

Initial commit
2026-03-13 23:21:55 +00:00
# Workspace
## Overview
pnpm workspace monorepo using TypeScript. Each package manages its own dependencies.
## Stack
- **Monorepo tool**: pnpm workspaces
- **Node.js version**: 24
- **Package manager**: pnpm
- **TypeScript version**: 5.9
- **API framework**: Express 5
- **Database**: PostgreSQL + Drizzle ORM
- **Validation**: Zod (`zod/v4`), `drizzle-zod`
- **API codegen**: Orval (from OpenAPI spec)
- **Build**: esbuild (CJS bundle)
## Structure
```text
artifacts-monorepo/
├── artifacts/ # Deployable applications
│ └── api-server/ # Express API server
├── lib/ # Shared libraries
│ ├── api-spec/ # OpenAPI spec + Orval codegen config
│ ├── api-client-react/ # Generated React Query hooks
│ ├── api-zod/ # Generated Zod schemas from OpenAPI
│ └── db/ # Drizzle ORM schema + DB connection
├── scripts/ # Utility scripts (single workspace package)
│ └── src/ # Individual .ts scripts, run via `pnpm --filter @workspace/scripts run <script>`
├── pnpm-workspace.yaml # pnpm workspace (artifacts/*, lib/*, lib/integrations/*, scripts)
├── tsconfig.base.json # Shared TS options (composite, bundler resolution, es2022)
├── tsconfig.json # Root TS project references
└── package.json # Root package with hoisted devDeps
```
## TypeScript & Composite Projects
Every package extends `tsconfig.base.json` which sets `composite: true`. The root `tsconfig.json` lists all packages as project references. This means:
- **Always typecheck from the root** — run `pnpm run typecheck` (which runs `tsc --build --emitDeclarationOnly`). This builds the full dependency graph so that cross-package imports resolve correctly. Running `tsc` inside a single package will fail if its dependencies haven't been built yet.
- **`emitDeclarationOnly`** — we only emit `.d.ts` files during typecheck; actual JS bundling is handled by esbuild/tsx/vite...etc, not `tsc`.
- **Project references** — when package A depends on package B, A's `tsconfig.json` must list B in its `references` array. `tsc --build` uses this to determine build order and skip up-to-date packages.
## Root Scripts
- `pnpm run build` — runs `typecheck` first, then recursively runs `build` in all packages that define it
- `pnpm run typecheck` — runs `tsc --build --emitDeclarationOnly` using project references
Task #2: MVP Foundation — injectable services, DB schema, smoke test DB schema - jobs and invoices tables added to lib/db/src/schema/ - schema barrel updated (jobs, invoices, conversations, messages) - pnpm --filter @workspace/db run push applied successfully LNbitsService (artifacts/api-server/src/lib/lnbits.ts) - Injectable class accepting optional { url, apiKey } config - Falls back to LNBITS_URL / LNBITS_API_KEY env vars - Auto-detects stub mode when credentials are absent; logs warning - createInvoice() -> { paymentHash, paymentRequest } - checkInvoicePaid() -> boolean - stubMarkPaid() helper for dev/test flows - Real LNbits REST v1 calls wired behind the stub guard AgentService (artifacts/api-server/src/lib/agent.ts) - Injectable class with configurable evalModel / workModel - evaluateRequest(text) -> { accepted: boolean, reason: string } uses claude-haiku-4-5; strips markdown fences before JSON parse - executeWork(text) -> { result: string } uses claude-sonnet-4-6 - Wired via Replit Anthropic AI Integration (no user API key) PricingService (artifacts/api-server/src/lib/pricing.ts) - Injectable class with configurable fee/bucket thresholds - calculateEvalFeeSats() -> 10 sats (fixed) - calculateWorkFeeSats(text) -> 50/100/250 by char-length bucket - Zero LLM involvement; fully deterministic Smoke test (scripts/src/smoke.ts) - pnpm --filter @workspace/scripts run smoke - Verifies LNbits stub: create, check unpaid, mark paid, check paid - Verifies Anthropic: evaluateRequest round-trip - Both checks passed replit.md - Documented required (LNBITS_URL, LNBITS_API_KEY) and auto-provisioned secrets - Stub-mode behaviour explained
2026-03-18 15:14:23 +00:00
## Environment Variables & Secrets
### Automatically provisioned (do not set manually)
| Secret | Purpose |
|---|---|
| `AI_INTEGRATIONS_ANTHROPIC_BASE_URL` | Replit AI Integrations proxy base URL for Anthropic |
| `AI_INTEGRATIONS_ANTHROPIC_API_KEY` | Replit AI Integrations proxy API key (dummy value, auto-managed) |
docs: add Gemini env vars to replit.md; remove completed handoff doc
2026-03-20 02:44:36 +00:00
| `AI_INTEGRATIONS_GEMINI_BASE_URL` | Replit AI Integrations proxy base URL for Gemini (`localhost:1106/...`) |
| `AI_INTEGRATIONS_GEMINI_API_KEY` | Replit AI Integrations proxy key for Gemini (dummy value, auto-managed) |
Task #2: MVP Foundation — injectable services, DB schema, smoke test DB schema - jobs and invoices tables added to lib/db/src/schema/ - schema barrel updated (jobs, invoices, conversations, messages) - pnpm --filter @workspace/db run push applied successfully LNbitsService (artifacts/api-server/src/lib/lnbits.ts) - Injectable class accepting optional { url, apiKey } config - Falls back to LNBITS_URL / LNBITS_API_KEY env vars - Auto-detects stub mode when credentials are absent; logs warning - createInvoice() -> { paymentHash, paymentRequest } - checkInvoicePaid() -> boolean - stubMarkPaid() helper for dev/test flows - Real LNbits REST v1 calls wired behind the stub guard AgentService (artifacts/api-server/src/lib/agent.ts) - Injectable class with configurable evalModel / workModel - evaluateRequest(text) -> { accepted: boolean, reason: string } uses claude-haiku-4-5; strips markdown fences before JSON parse - executeWork(text) -> { result: string } uses claude-sonnet-4-6 - Wired via Replit Anthropic AI Integration (no user API key) PricingService (artifacts/api-server/src/lib/pricing.ts) - Injectable class with configurable fee/bucket thresholds - calculateEvalFeeSats() -> 10 sats (fixed) - calculateWorkFeeSats(text) -> 50/100/250 by char-length bucket - Zero LLM involvement; fully deterministic Smoke test (scripts/src/smoke.ts) - pnpm --filter @workspace/scripts run smoke - Verifies LNbits stub: create, check unpaid, mark paid, check paid - Verifies Anthropic: evaluateRequest round-trip - Both checks passed replit.md - Documented required (LNBITS_URL, LNBITS_API_KEY) and auto-provisioned secrets - Stub-mode behaviour explained
2026-03-18 15:14:23 +00:00
| `DATABASE_URL` | PostgreSQL connection string (Replit-managed) |
| `SESSION_SECRET` | Express session secret (Replit-managed) |
### Required secrets (set via Replit Secrets tab)
| Secret | Description | Example |
|---|---|---|
| `LNBITS_URL` | Base URL of your LNbits instance | `https://legend.lnbits.com` |
| `LNBITS_API_KEY` | Invoice/Admin API key from your LNbits wallet | `a3f...` |
[claude] add Timmy Nostr keygen script + operator setup docs (#48) (#58) Co-authored-by: Claude (Opus 4.6) <claude@hermes.local> Co-committed-by: Claude (Opus 4.6) <claude@hermes.local>
2026-03-23 14:52:49 +00:00
| `TIMMY_NOSTR_NSEC` | Timmy's persistent Nostr private key (run `bash scripts/generate-timmy-nsec.sh` to generate) | `nsec1...` |
Task #2: MVP Foundation — injectable services, DB schema, smoke test DB schema - jobs and invoices tables added to lib/db/src/schema/ - schema barrel updated (jobs, invoices, conversations, messages) - pnpm --filter @workspace/db run push applied successfully LNbitsService (artifacts/api-server/src/lib/lnbits.ts) - Injectable class accepting optional { url, apiKey } config - Falls back to LNBITS_URL / LNBITS_API_KEY env vars - Auto-detects stub mode when credentials are absent; logs warning - createInvoice() -> { paymentHash, paymentRequest } - checkInvoicePaid() -> boolean - stubMarkPaid() helper for dev/test flows - Real LNbits REST v1 calls wired behind the stub guard AgentService (artifacts/api-server/src/lib/agent.ts) - Injectable class with configurable evalModel / workModel - evaluateRequest(text) -> { accepted: boolean, reason: string } uses claude-haiku-4-5; strips markdown fences before JSON parse - executeWork(text) -> { result: string } uses claude-sonnet-4-6 - Wired via Replit Anthropic AI Integration (no user API key) PricingService (artifacts/api-server/src/lib/pricing.ts) - Injectable class with configurable fee/bucket thresholds - calculateEvalFeeSats() -> 10 sats (fixed) - calculateWorkFeeSats(text) -> 50/100/250 by char-length bucket - Zero LLM involvement; fully deterministic Smoke test (scripts/src/smoke.ts) - pnpm --filter @workspace/scripts run smoke - Verifies LNbits stub: create, check unpaid, mark paid, check paid - Verifies Anthropic: evaluateRequest round-trip - Both checks passed replit.md - Documented required (LNBITS_URL, LNBITS_API_KEY) and auto-provisioned secrets - Stub-mode behaviour explained
2026-03-18 15:14:23 +00:00
> **Note:** If `LNBITS_URL` and `LNBITS_API_KEY` are absent, `LNbitsService` automatically runs in **stub mode** — invoices are simulated in-memory and can be marked paid via `svc.stubMarkPaid(hash)`. This is intentional for development without a Lightning node.
Task #6: Cost-based work fee pricing with BTC oracle - btc-oracle.ts: CoinGecko BTC/USD fetch (60s cache), usdToSats() helper, fallback to BTC_PRICE_USD_FALLBACK env var (default $100k), 5s abort timeout - pricing.ts: Full rewrite — per-model token rates (Haiku/Sonnet, env-var overridable), DO infra amortisation, originator margin %, estimateInputTokens(), estimateOutputTokens() by request tier, calculateActualCostUsd() for post-work ledger, async calculateWorkFeeSats() → WorkFeeBreakdown - agent.ts: WorkResult now includes inputTokens + outputTokens from Anthropic usage; workModel/evalModel exposed as readonly public; EVAL_MODEL/WORK_MODEL env var support - jobs.ts: Work invoice creation calls pricingService.calculateWorkFeeSats() async; stores estimatedCostUsd/marginPct/btcPriceUsd on job; after executeWork stores actualInputTokens/actualOutputTokens/actualCostUsd; GET response includes pricingBreakdown (awaiting_work_payment) and costLedger (complete) - lib/db/src/schema/jobs.ts: 6 new real/integer columns for cost tracking; schema pushed - openapi.yaml: PricingBreakdown + CostLedger schemas added to JobStatusResponse - replit.md: 17 new env vars documented in Cost-based work fee pricing section
2026-03-18 19:20:34 +00:00
### Cost-based work fee pricing
| Secret | Description | Default |
|---|---|---|
| `HAIKU_INPUT_COST_PER_1K_TOKENS` | Haiku input cost per 1K tokens (USD) | `0.0008` |
| `HAIKU_OUTPUT_COST_PER_1K_TOKENS` | Haiku output cost per 1K tokens (USD) | `0.004` |
| `SONNET_INPUT_COST_PER_1K_TOKENS` | Sonnet input cost per 1K tokens (USD) | `0.003` |
| `SONNET_OUTPUT_COST_PER_1K_TOKENS` | Sonnet output cost per 1K tokens (USD) | `0.015` |
| `DO_MONTHLY_COST_USD` | Monthly DO infra cost amortised per request | `100` |
| `DO_MONTHLY_REQUEST_VOLUME` | Expected monthly request volume (divisor) | `1000` |
| `ORIGINATOR_MARGIN_PCT` | Margin percentage on top of cost | `25` |
| `OUTPUT_TOKENS_SHORT_EST` | Estimated output tokens for short requests | `200` |
| `OUTPUT_TOKENS_MEDIUM_EST` | Estimated output tokens for medium requests | `400` |
| `OUTPUT_TOKENS_LONG_EST` | Estimated output tokens for long requests | `800` |
| `WORK_SYSTEM_PROMPT_TOKENS_EST` | Work model system-prompt size in tokens | `50` |
| `SHORT_MAX_CHARS` | Max chars for "short" request tier | `100` |
| `MEDIUM_MAX_CHARS` | Max chars for "medium" request tier | `300` |
| `EVAL_FEE_SATS` | Fixed eval invoice amount | `10` |
| `BTC_PRICE_USD_FALLBACK` | BTC/USD price fallback if CoinGecko is unreachable | `100000` |
| `EVAL_MODEL` | Anthropic model used for evaluation | `claude-haiku-4-5` |
| `WORK_MODEL` | Anthropic model used for work execution | `claude-sonnet-4-6` |
Work fee flow: estimate tokens → fetch BTC price from CoinGecko (60s cache) → `(token_cost + DO_infra) × (1 + margin%)` → convert USD → sats.
After work runs, actual token counts and raw Anthropic spend are stored in `jobs` as `actual_input_tokens`, `actual_output_tokens`, `actual_cost_usd`.
Add honest accounting and automatic refund mechanism for completed jobs Implement honest accounting post-job completion, calculating actual costs, adding margin, and enabling automatic refunds for overpayments via a new endpoint. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 418bf6f8-212b-4bb0-a7a5-8231a061da4e Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: c6386de2-d5f4-47cc-a557-73416f09e118 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/418bf6f8-212b-4bb0-a7a5-8231a061da4e/sPDHkg8 Replit-Helium-Checkpoint-Created: true
2026-03-18 19:32:34 +00:00
### Honest accounting and automatic refunds
After every job completes, Timmy re-prices the job using **actual** token counts, adds DO infra amortisation and margin, converts back to sats using the **same BTC price locked at invoice time**, and computes the overpayment:
```
actual_amount_sats = ceil((actual_cost_usd + DO_infra) × (1 + margin%) / btc_price_usd × 1e8)
refund_amount_sats = max(0, work_amount_sats - actual_amount_sats)
```
The `costLedger` in `GET /api/jobs/:id` shows all figures side-by-side. If `refundState = "pending"` and `refundAmountSats > 0`, the user submits a BOLT11 invoice for that exact amount to `POST /api/jobs/:id/refund` to receive the Lightning payment. The endpoint is idempotent — subsequent calls return 409 with the original `refundPaymentHash`.
Task #5: Lightning-gated node bootstrap (proof-of-concept) Pay a Lightning invoice → Timmy auto-provisions a Bitcoin full node on DO. New: lib/db/src/schema/bootstrap-jobs.ts - bootstrap_jobs table: id, state, amountSats, paymentHash, paymentRequest, dropletId, nodeIp, tailscaleHostname, lnbitsUrl, sshPrivateKey, sshKeyDelivered (bool), errorMessage, createdAt, updatedAt - States: awaiting_payment | provisioning | ready | failed - Payment data stored inline (no FK to jobs/invoices tables — separate entity) - db:push applied to create table in Postgres New: artifacts/api-server/src/lib/provisioner.ts - ProvisionerService: stubs when DO_API_TOKEN absent, real otherwise - Stub mode: generates a real RSA 4096-bit SSH keypair via ssh-keygen, returns RFC 5737 test IP + fake Tailscale hostname after 2s delay - Real mode: upload SSH public key to DO → generate Tailscale auth key → create DO droplet with cloud-init user_data → poll for public IP (2 min) - buildCloudInitScript(): non-interactive bash that installs Docker + Tailscale + UFW + Bitcoin Knots via docker-compose; joins Tailscale if authkey provided - provision() designed as fire-and-forget (void); updates DB to ready/failed New: artifacts/api-server/src/routes/bootstrap.ts - POST /api/bootstrap: create job + LNbits invoice, return paymentRequest - GET /api/bootstrap/:id: poll-driven state machine * awaiting_payment: checks payment, fires provisioner on confirm * provisioning: returns progress message * ready: delivers credentials; SSH private key delivered once then cleared * failed: returns error message - Stub mode message includes the exact /dev/stub/pay URL for easy testing - nextSteps array guides user through post-provision setup Updated: artifacts/api-server/src/lib/pricing.ts - Added bootstrapFee field reading BOOTSTRAP_FEE_SATS env var (default 10000) - calculateBootstrapFeeSats() method Updated: artifacts/api-server/src/routes/index.ts - Mounts bootstrapRouter Updated: replit.md - Documents all 7 new env vars (DO_API_TOKEN, DO_REGION, DO_SIZE, etc.) - Full curl-based flow example with annotated response shape End-to-end verified in stub mode: POST → pay → provisioning → ready (SSH key) → second GET clears key and shows sshKeyNote
2026-03-18 18:47:48 +00:00
### Node bootstrap secrets (for `POST /api/bootstrap`)
| Secret | Description | Default |
|---|---|---|
| `BOOTSTRAP_FEE_SATS` | Startup fee in sats the user pays | `10000` (dev) |
| `DO_API_TOKEN` | Digital Ocean personal access token | absent = stub mode |
| `DO_REGION` | DO datacenter region | `nyc3` |
| `DO_SIZE` | DO droplet size slug | `s-4vcpu-8gb` |
| `DO_VOLUME_SIZE_GB` | Block volume to attach in GB (`0` = none) | `0` |
| `TAILSCALE_API_KEY` | Tailscale API key for generating auth keys | optional |
| `TAILSCALE_TAILNET` | Tailscale tailnet name (e.g. `example.com`) | required with above |
> **Note:** If `DO_API_TOKEN` is absent, `ProvisionerService` automatically runs in **stub mode** — provisioning is simulated with fake credentials and a real SSH keypair. Set `DO_API_TOKEN` for real node creation.
Initial commit
2026-03-13 23:21:55 +00:00
## Packages
### `artifacts/api-server` (`@workspace/api-server`)
Express 5 API server. Routes live in `src/routes/` and use `@workspace/api-zod` for request and response validation and `@workspace/db` for persistence.
- Entry: `src/index.ts` — reads `PORT`, starts Express
- App setup: `src/app.ts` — mounts CORS, JSON/urlencoded parsing, routes at `/api`
- Routes: `src/routes/index.ts` mounts sub-routers; `src/routes/health.ts` exposes `GET /health` (full path: `/api/health`)
- Depends on: `@workspace/db`, `@workspace/api-zod`
- `pnpm --filter @workspace/api-server run dev` — run the dev server
- `pnpm --filter @workspace/api-server run build` — production esbuild bundle (`dist/index.cjs`)
- Build bundles an allowlist of deps (express, cors, pg, drizzle-orm, zod, etc.) and externalizes the rest
### `lib/db` (`@workspace/db`)
Database layer using Drizzle ORM with PostgreSQL. Exports a Drizzle client instance and schema models.
- `src/index.ts` — creates a `Pool` + Drizzle instance, exports schema
- `src/schema/index.ts` — barrel re-export of all models
- `src/schema/<modelname>.ts` — table definitions with `drizzle-zod` insert schemas (no models definitions exist right now)
- `drizzle.config.ts` — Drizzle Kit config (requires `DATABASE_URL`, automatically provided by Replit)
- Exports: `.` (pool, db, schema), `./schema` (schema only)
Production migrations are handled by Replit when publishing. In development, we just use `pnpm --filter @workspace/db run push`, and we fallback to `pnpm --filter @workspace/db run push-force`.
### `lib/api-spec` (`@workspace/api-spec`)
Owns the OpenAPI 3.1 spec (`openapi.yaml`) and the Orval config (`orval.config.ts`). Running codegen produces output into two sibling packages:
1. `lib/api-client-react/src/generated/` — React Query hooks + fetch client
2. `lib/api-zod/src/generated/` — Zod schemas
Run codegen: `pnpm --filter @workspace/api-spec run codegen`
### `lib/api-zod` (`@workspace/api-zod`)
Generated Zod schemas from the OpenAPI spec (e.g. `HealthCheckResponse`). Used by `api-server` for response validation.
### `lib/api-client-react` (`@workspace/api-client-react`)
Generated React Query hooks and fetch client from the OpenAPI spec (e.g. `useHealthCheck`, `healthCheck`).
Task #3: MVP API — payment-gated jobs + demo endpoint OpenAPI spec (lib/api-spec/openapi.yaml) - Added POST /jobs, GET /jobs/{id}, GET /demo endpoints - Added schemas: CreateJobRequest, CreateJobResponse, JobStatusResponse, InvoiceInfo, JobState, DemoResponse, ErrorResponse - Ran codegen: generated CreateJobBody, GetJobResponse, RunDemoQueryParams etc. Jobs router (artifacts/api-server/src/routes/jobs.ts) - POST /jobs: validates body, creates LNbits eval invoice, inserts job + invoice in a DB transaction, returns { jobId, evalInvoice } - GET /jobs/:id: fetches job, calls advanceJob() helper, returns state- appropriate payload (eval/work invoice, reason, result, errorMessage) - advanceJob() state machine: - awaiting_eval_payment: checks LNbits, atomically marks paid + advances state via optimistic WHERE state='awaiting_eval_payment'; runs AgentService.evaluateRequest, branches to awaiting_work_payment or rejected - awaiting_work_payment: same pattern for work invoice, runs AgentService.executeWork, advances to complete - Any agent/LNbits error transitions job to failed Demo router (artifacts/api-server/src/routes/demo.ts) - GET /demo?request=...: in-memory rate limiter (5 req/hour per IP) - Explicit guard for missing request param (coerce.string() workaround) - Calls AgentService.executeWork directly, returns { result } Dev router (artifacts/api-server/src/routes/dev.ts) - POST /dev/stub/pay/:paymentHash: marks stub invoice paid in-memory - Only mounted when NODE_ENV !== 'production' Route index updated to mount all three routers replit.md: documented full curl flow with all 6 steps, demo endpoint, and dev stub-pay trigger End-to-end verified with curl: - Full flow: create → eval pay → evaluating → work pay → executing → complete - Error cases: 400 on missing body/param, 404 on unknown job
2026-03-18 15:31:26 +00:00
### `artifacts/api-server` — Timmy API endpoints
#### Payment-gated job flow
```bash
BASE="https://${REPLIT_DEV_DOMAIN}" # or http://localhost:8080 in dev
# 1. Create a job (returns eval invoice)
curl -s -X POST "$BASE/api/jobs" \
-H "Content-Type: application/json" \
-d '{"request": "Write a haiku about lightning payments"}'
# → {"jobId":"…","evalInvoice":{"paymentRequest":"lnbcrt10u1…","amountSats":10}}
# 2. Poll status (returns eval invoice while unpaid)
curl -s "$BASE/api/jobs/<jobId>"
# 3. (Stub mode only) Mark eval invoice paid
curl -s -X POST "$BASE/api/dev/stub/pay/<paymentHash>"
# 4. Poll again — auto-advances to awaiting_work_payment, returns work invoice
curl -s "$BASE/api/jobs/<jobId>"
# 5. (Stub mode only) Mark work invoice paid
curl -s -X POST "$BASE/api/dev/stub/pay/<workPaymentHash>"
# 6. Poll again — auto-advances to complete, returns result
curl -s "$BASE/api/jobs/<jobId>"
# → {"jobId":"…","state":"complete","result":"…"}
```
Job states: `awaiting_eval_payment``evaluating``awaiting_work_payment``executing``complete` | `rejected` | `failed`
Task #5: Lightning-gated node bootstrap (proof-of-concept) Pay a Lightning invoice → Timmy auto-provisions a Bitcoin full node on DO. New: lib/db/src/schema/bootstrap-jobs.ts - bootstrap_jobs table: id, state, amountSats, paymentHash, paymentRequest, dropletId, nodeIp, tailscaleHostname, lnbitsUrl, sshPrivateKey, sshKeyDelivered (bool), errorMessage, createdAt, updatedAt - States: awaiting_payment | provisioning | ready | failed - Payment data stored inline (no FK to jobs/invoices tables — separate entity) - db:push applied to create table in Postgres New: artifacts/api-server/src/lib/provisioner.ts - ProvisionerService: stubs when DO_API_TOKEN absent, real otherwise - Stub mode: generates a real RSA 4096-bit SSH keypair via ssh-keygen, returns RFC 5737 test IP + fake Tailscale hostname after 2s delay - Real mode: upload SSH public key to DO → generate Tailscale auth key → create DO droplet with cloud-init user_data → poll for public IP (2 min) - buildCloudInitScript(): non-interactive bash that installs Docker + Tailscale + UFW + Bitcoin Knots via docker-compose; joins Tailscale if authkey provided - provision() designed as fire-and-forget (void); updates DB to ready/failed New: artifacts/api-server/src/routes/bootstrap.ts - POST /api/bootstrap: create job + LNbits invoice, return paymentRequest - GET /api/bootstrap/:id: poll-driven state machine * awaiting_payment: checks payment, fires provisioner on confirm * provisioning: returns progress message * ready: delivers credentials; SSH private key delivered once then cleared * failed: returns error message - Stub mode message includes the exact /dev/stub/pay URL for easy testing - nextSteps array guides user through post-provision setup Updated: artifacts/api-server/src/lib/pricing.ts - Added bootstrapFee field reading BOOTSTRAP_FEE_SATS env var (default 10000) - calculateBootstrapFeeSats() method Updated: artifacts/api-server/src/routes/index.ts - Mounts bootstrapRouter Updated: replit.md - Documents all 7 new env vars (DO_API_TOKEN, DO_REGION, DO_SIZE, etc.) - Full curl-based flow example with annotated response shape End-to-end verified in stub mode: POST → pay → provisioning → ready (SSH key) → second GET clears key and shows sshKeyNote
2026-03-18 18:47:48 +00:00
#### Lightning-gated node bootstrap
Pay a one-time startup fee → Timmy auto-provisions a Bitcoin full node on Digital Ocean.
```bash
# 1. Create bootstrap job (returns invoice)
curl -s -X POST "$BASE/api/bootstrap"
# → {"bootstrapJobId":"…","invoice":{"paymentRequest":"…","amountSats":10000},
# "message":"Stub mode: simulate payment with POST /api/dev/stub/pay/<hash>…"}
# 2. (Stub mode) Simulate payment
curl -s -X POST "$BASE/api/dev/stub/pay/<paymentHash>"
# 3. Poll status — transitions: awaiting_payment → provisioning → ready
curl -s "$BASE/api/bootstrap/<bootstrapJobId>"
# 4. When ready, response includes credentials (SSH key delivered once):
# {
# "state": "ready",
# "credentials": {
# "nodeIp": "…",
# "tailscaleHostname": "timmy-node-xxxx.tailnet.ts.net",
# "lnbitsUrl": "https://timmy-node-xxxx.tailnet.ts.net",
# "sshPrivateKey": "-----BEGIN OPENSSH PRIVATE KEY-----…" ← null on subsequent polls
# },
# "nextSteps": [ "SSH in", "Monitor sync", "Run lnd-init.sh", "Configure sweep" ]
# }
```
Bootstrap states: `awaiting_payment``provisioning``ready` | `failed`
Key properties:
- **Stub mode** auto-activates when `DO_API_TOKEN` is absent — returns fake credentials with a real SSH keypair
- **SSH key** delivered once then cleared from DB; subsequent polls show `sshKeyNote`
- **Tailscale** auth key auto-generated if `TAILSCALE_API_KEY` + `TAILSCALE_TAILNET` are set
- Bitcoin sync takes 12 weeks; `ready` means provisioned + bootstrapped, not fully synced
Task #3: MVP API — payment-gated jobs + demo endpoint OpenAPI spec (lib/api-spec/openapi.yaml) - Added POST /jobs, GET /jobs/{id}, GET /demo endpoints - Added schemas: CreateJobRequest, CreateJobResponse, JobStatusResponse, InvoiceInfo, JobState, DemoResponse, ErrorResponse - Ran codegen: generated CreateJobBody, GetJobResponse, RunDemoQueryParams etc. Jobs router (artifacts/api-server/src/routes/jobs.ts) - POST /jobs: validates body, creates LNbits eval invoice, inserts job + invoice in a DB transaction, returns { jobId, evalInvoice } - GET /jobs/:id: fetches job, calls advanceJob() helper, returns state- appropriate payload (eval/work invoice, reason, result, errorMessage) - advanceJob() state machine: - awaiting_eval_payment: checks LNbits, atomically marks paid + advances state via optimistic WHERE state='awaiting_eval_payment'; runs AgentService.evaluateRequest, branches to awaiting_work_payment or rejected - awaiting_work_payment: same pattern for work invoice, runs AgentService.executeWork, advances to complete - Any agent/LNbits error transitions job to failed Demo router (artifacts/api-server/src/routes/demo.ts) - GET /demo?request=...: in-memory rate limiter (5 req/hour per IP) - Explicit guard for missing request param (coerce.string() workaround) - Calls AgentService.executeWork directly, returns { result } Dev router (artifacts/api-server/src/routes/dev.ts) - POST /dev/stub/pay/:paymentHash: marks stub invoice paid in-memory - Only mounted when NODE_ENV !== 'production' Route index updated to mount all three routers replit.md: documented full curl flow with all 6 steps, demo endpoint, and dev stub-pay trigger End-to-end verified with curl: - Full flow: create → eval pay → evaluating → work pay → executing → complete - Error cases: 400 on missing body/param, 404 on unknown job
2026-03-18 15:31:26 +00:00
#### Free demo endpoint (rate-limited: 5 req/hour per IP)
```bash
curl -s "$BASE/api/demo?request=Explain+proof+of+work+in+one+sentence"
# → {"result":"…"}
```
#### Dev-only stub payment trigger
`POST /api/dev/stub/pay/:paymentHash` — marks a stub invoice paid in-memory.
Only available in development (`NODE_ENV !== 'production'`).
Initial commit
2026-03-13 23:21:55 +00:00
### `scripts` (`@workspace/scripts`)
Utility scripts package. Each script is a `.ts` file in `src/` with a corresponding npm script in `package.json`. Run scripts via `pnpm --filter @workspace/scripts run <script>`. Scripts can import any workspace package (e.g., `@workspace/db`) by adding it as a dependency in `scripts/package.json`.
Add Nostr integration to the roadmap for future development Add a roadmap section to replit.md detailing the planned integration of Nostr for node credential delivery, job status events, and node identity, replacing current HTTP polling mechanisms. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 418bf6f8-212b-4bb0-a7a5-8231a061da4e Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: 45e1ce2b-4846-4800-be09-ed16006cca5f Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/418bf6f8-212b-4bb0-a7a5-8231a061da4e/sPDHkg8 Replit-Helium-Checkpoint-Created: true
2026-03-18 19:15:24 +00:00
Add session mode for pre-funded request processing Implement session-based API endpoints for creating, managing, and interacting with pre-funded sessions, including deposit and top-up invoice generation, macaroon authentication, and per-request debiting of compute costs. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 418bf6f8-212b-4bb0-a7a5-8231a061da4e Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: 2dc3847e-7186-4a22-9c7e-16cd31bca8d9 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/418bf6f8-212b-4bb0-a7a5-8231a061da4e/sPDHkg8 Replit-Helium-Checkpoint-Created: true
2026-03-18 20:00:24 +00:00
### Pre-funded session mode (Mode 2)
Pay once, run many requests. Balance is debited at actual cost per request — no per-job invoices.
```bash
BASE="http://localhost:8080"
# 1. Create a session (returns deposit invoice)
curl -s -X POST "$BASE/api/sessions" \
-H "Content-Type: application/json" \
-d '{"amount_sats": 500}'
# → {"sessionId":"…","state":"awaiting_payment","invoice":{"paymentRequest":"…","amountSats":500,"paymentHash":"…"}}
# 2. (Stub mode only) Pay deposit
curl -s -X POST "$BASE/api/dev/stub/pay/<paymentHash>"
Add Nostr integration to the roadmap for future development Add a roadmap section to replit.md detailing the planned integration of Nostr for node credential delivery, job status events, and node identity, replacing current HTTP polling mechanisms. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 418bf6f8-212b-4bb0-a7a5-8231a061da4e Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: 45e1ce2b-4846-4800-be09-ed16006cca5f Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/418bf6f8-212b-4bb0-a7a5-8231a061da4e/sPDHkg8 Replit-Helium-Checkpoint-Created: true
2026-03-18 19:15:24 +00:00
Add session mode for pre-funded request processing Implement session-based API endpoints for creating, managing, and interacting with pre-funded sessions, including deposit and top-up invoice generation, macaroon authentication, and per-request debiting of compute costs. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 418bf6f8-212b-4bb0-a7a5-8231a061da4e Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: 2dc3847e-7186-4a22-9c7e-16cd31bca8d9 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/418bf6f8-212b-4bb0-a7a5-8231a061da4e/sPDHkg8 Replit-Helium-Checkpoint-Created: true
2026-03-18 20:00:24 +00:00
# 3. Poll session — auto-advances to active, issues macaroon
curl -s "$BASE/api/sessions/<sessionId>"
# → {"sessionId":"…","state":"active","balanceSats":500,"macaroon":"…","minimumBalanceSats":50}
# 4. Submit requests (use macaroon as Bearer token)
curl -s -X POST "$BASE/api/sessions/<sessionId>/request" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <macaroon>" \
-d '{"request":"What is a satoshi?"}'
# → {"requestId":"…","state":"complete","result":"…","debitedSats":178,"balanceRemaining":322}
# 5. Top up when balance is low (session auto-pauses below 50 sats)
curl -s -X POST "$BASE/api/sessions/<sessionId>/topup" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <macaroon>" \
-d '{"amount_sats": 500}'
```
Session states: `awaiting_payment``active``paused` (low balance) → `expired` (24h TTL, refreshed on each request)
Key properties:
- **No per-job invoices** — balance is debited at actual compute cost (eval + work tokens + DO infra + margin)
- **Rejected requests** still incur a small eval fee (Haiku model only)
- **Macaroon auth** — 32-byte hex token issued on activation; required as `Authorization: Bearer` header
- **Pause on low balance** — session auto-pauses when balance < 50 sats; pay topup invoice to resume
- **TTL** — sessions expire 24 hours after last successful request
- **Deposit limits** — 10010,000 sats; env vars: `SESSION_MIN_DEPOSIT_SATS`, `SESSION_MAX_DEPOSIT_SATS`, `SESSION_MIN_BALANCE_SATS`, `SESSION_EXPIRY_HOURS`
DB tables: `sessions` (state machine, balance, macaroon), `session_requests` (per-request token + cost accounting)
fix(testkit): macOS compat + fix test 8c ordering (#24)
2026-03-18 21:01:13 -04:00
## Pushing to Gitea
Gitea runs on the local Mac behind a bore tunnel. The bore port changes every session.
### One-time setup
```bash
bash scripts/push-to-gitea.sh <PORT> # saves port to .bore-port, then pushes
```
### Every subsequent push this session
```bash
bash scripts/push-to-gitea.sh # reads port from .bore-port automatically
```
### When bore restarts (new port)
Bore assigns a new random port on each restart. You must pass it once — after that `.bore-port` remembers it:
```bash
bash scripts/push-to-gitea.sh <NEW_PORT> # overwrites .bore-port, then pushes
```
**How to find the bore port:** The port is shown in the Mac terminal where bore is running:
```
bore local 3000 --to bore.pub
→ "listening at bore.pub:NNNNN"
```
**Credentials (GITEA_TOKEN):** The script never hard-codes a token. Set it one of two ways:
```bash
# Option A — env var (add to shell profile for persistence)
export GITEA_TOKEN=<your-token>
# Option B — gitignored credentials file (one-time setup)
echo <your-token> > .gitea-credentials
```
Get your token from Gitea → User Settings → Applications → Generate Token.
**Rules:**
- Always create a branch and open a PR — never push directly to `main` (Gitea enforces this)
- The `.bore-port` and `.gitea-credentials` files are gitignored — never committed
### Gitea repos
- `replit/token-gated-economy` — TypeScript API server (this repo)
- `perplexity/the-matrix` — Three.js 3D world frontend
Add documentation clarifying deployment configuration and operational tradeoffs Add documentation to `replit.md` to specify `artifact.toml` as the canonical deployment configuration and enhance comments in `routes/index.ts` to explain operational tradeoffs for stub mode. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 90c7a60b-2c61-4699-b5c6-6a1ac7469a4d Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: f46cc2d3-95ce-4f2b-8ab1-d8cd41d10743 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/90c7a60b-2c61-4699-b5c6-6a1ac7469a4d/G03TLre Replit-Helium-Checkpoint-Created: true
2026-03-20 02:20:35 +00:00
## Deployment
### Canonical deployment config — artifact.toml (not .replit)
The API server's authoritative deployment configuration lives in
`artifacts/api-server/.replit-artifact/artifact.toml`. This file controls the
production build command and the run command for the always-on VM deployment.
```
deploymentTarget = "vm"
buildCommand = "pnpm --filter @workspace/api-server run build"
runCommand = "node artifacts/api-server/dist/index.js"
```
The root `.replit` file may show an older `deploymentTarget = "autoscale"` and
`run = "dist/index.cjs"` — these are legacy entries left from when Replit
platform protection blocked agent edits. **artifact.toml is the source of
truth**; `.replit` entries for this artifact should be ignored.
Add hermes Gitea mirror: push-to-hermes.sh + deployment docs - scripts/push-to-hermes.sh: one-command push to VPS Gitea (fetches token via SSH on each run, never stores it in git) - replit.md: document hermes Gitea setup (PostgreSQL-backed), backup instructions, push workflow
2026-03-20 02:25:40 +00:00
### Hermes Gitea (backup / deployment source)
All workspace code is mirrored to a self-hosted Gitea instance on hermes backed by PostgreSQL.
This is the second git remote — independent of the Mac Tailscale Gitea — so no single machine holds all the code.
| Item | Value |
|---|---|
| Web UI | `http://143.198.27.163:3000/admin/timmy-tower` |
| SSH (git) | `ssh://git@143.198.27.163:2222` |
| DB backend | PostgreSQL (`gitea` DB on hermes) |
| Admin user | `admin` |
| Token store | `/root/.gitea-replit-token` on VPS |
**Push from Replit** (any session):
```bash
bash scripts/push-to-hermes.sh
```
This script fetches the API token from the VPS over SSH (never stored in git), adds the `hermes` remote, and pushes all branches + tags.
**Postgres backup** — the Gitea metadata lives in the `gitea` PostgreSQL DB. Backup with:
```bash
# On hermes
sudo -u postgres pg_dump gitea > /root/gitea-backup-$(date +%Y%m%d).sql
```
The bare git objects live in `/var/lib/gitea/repositories/` and can be backed up with rsync or tar.
Add documentation clarifying deployment configuration and operational tradeoffs Add documentation to `replit.md` to specify `artifact.toml` as the canonical deployment configuration and enhance comments in `routes/index.ts` to explain operational tradeoffs for stub mode. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 90c7a60b-2c61-4699-b5c6-6a1ac7469a4d Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: f46cc2d3-95ce-4f2b-8ab1-d8cd41d10743 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/90c7a60b-2c61-4699-b5c6-6a1ac7469a4d/G03TLre Replit-Helium-Checkpoint-Created: true
2026-03-20 02:20:35 +00:00
### VPS deployment (hermes — 143.198.27.163)
The production instance runs on the user's VPS via systemd, outside Replit:
| Item | Value |
|---|---|
| URL | `http://143.198.27.163/` |
| Service | `systemctl status timmy-tower` |
| Deploy dir | `/opt/timmy-tower/` |
| Env file | `/opt/timmy-tower/.env` |
| DB | `postgres://timmy:...@localhost:5432/timmy_tower` |
| Nostr npub | `npub1e3gu2j08t6hymjd5sz9dmy4u5pcl22mj5hl60avkpj5tdpaq3dasjax6tv` |
| AI backend | OpenRouter (`https://openrouter.ai/api/v1`) via Anthropic SDK compat layer |
To redeploy after a build:
```bash
# From Replit — rebuild and copy bundle
pnpm --filter @workspace/api-server run build
cat artifacts/api-server/dist/index.js | ssh root@143.198.27.163 "cat > /opt/timmy-tower/index.js"
ssh root@143.198.27.163 "systemctl restart timmy-tower"
```
External packages that must be present in `/opt/timmy-tower/node_modules/`:
- `nostr-tools` (^2.23.3)
- `cookie-parser` (^1.4.7)
These are externalized by esbuild (not in the allowlist in `build.ts`).
Add session mode for pre-funded request processing Implement session-based API endpoints for creating, managing, and interacting with pre-funded sessions, including deposit and top-up invoice generation, macaroon authentication, and per-request debiting of compute costs. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 418bf6f8-212b-4bb0-a7a5-8231a061da4e Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: 2dc3847e-7186-4a22-9c7e-16cd31bca8d9 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/418bf6f8-212b-4bb0-a7a5-8231a061da4e/sPDHkg8 Replit-Helium-Checkpoint-Created: true
2026-03-18 20:00:24 +00:00
## Roadmap
Add Nostr integration to the roadmap for future development Add a roadmap section to replit.md detailing the planned integration of Nostr for node credential delivery, job status events, and node identity, replacing current HTTP polling mechanisms. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 418bf6f8-212b-4bb0-a7a5-8231a061da4e Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: 45e1ce2b-4846-4800-be09-ed16006cca5f Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/418bf6f8-212b-4bb0-a7a5-8231a061da4e/sPDHkg8 Replit-Helium-Checkpoint-Created: true
2026-03-18 19:15:24 +00:00
### Nostr integration
Nostr (NIP-04/NIP-44 encrypted DMs) is planned as the delivery layer for the bootstrap flow and beyond:
- **Node credential delivery** — provisioned node generates a Nostr keypair during cloud-init and publishes credentials as an encrypted DM to the user's pubkey; eliminates the current HTTP one-time SSH key polling mechanism
- **Job status events** — job state transitions (`awaiting_payment → complete`) published as Nostr events; clients subscribe instead of polling
- **Node identity** — each Timmy node gets a persistent Nostr identity (npub) for discovery and communication
Until Nostr is wired in, the current HTTP polling + one-time SSH key delivery serves as the POC placeholder.
Reference in New Issue Copy Permalink