feat: Autonomous agent commands — watch, scan-bounties, batch sell

[plur9]

Summary

• ade watch — Escrow automation daemon. Polls for funded/released escrows, auto-commits/reveals keys (seller), downloads/decrypts data (buyer), claims payments. NDJSON event protocol on stdout, three-tier spending limits, HMAC-SHA256 state integrity, PID-based locking.
• ade scan-bounties — Matches local files against open marketplace bounties via keyword overlap scoring. Security filters exclude sensitive files (.env, .pem, keys). Optional --respond mode auto-creates escrows for best matches.
• ade sell --dir — Batch sell files from a directory. Sequential execution with rate limiting, --skip-existing marketplace check, --max-files cap, partial error reporting (exit code 6).

MCP Compatibility Fixes (Phase 0)

• Base mainnet contract aligned to 0x69Aa385686AEdA505013a775ddE7A59d045cb30d
• ECDH commit-reveal: commits against encrypted key when buyer pubkey is known
• Marketplace publishing added to sell command
• Bidirectional MCP key bridge (~/.datafund/escrow-keys/ JSON files)
• CLIError extended: retryAfterSeconds, suggestedCommand, 10 new error codes
• HTTPS enforcement on API and RPC URLs (localhost exempt)

Other

• Schema v1.1.0: auth levels, credentials, NDJSON protocol spec, error formats
• Version bumped to 0.2.0
• 23 files changed, +2850/-100 lines

Verification

Verified (213 unit tests pass, build compiles, CLI smoke tested):

• All 213 unit tests pass across 15 files (2.86s)
• Build compiles successfully (1228 modules, 184ms)
• CLI dispatches correctly — ade help, ade version, ade schema, ade help watch, ade help scan-bounties all produce correct output
• Routing, argument parsing, help text, schema output
• Watch state HMAC integrity (save/load, tamper detection, wrong key, oversized file)
• Watch lock management (acquire/release, stale lock recovery)
• Scan scoring/matching (keyword overlap, zero score for unrelated, empty bounties)
• Scan security filters (hidden files, sensitive patterns, user excludes)
• Scan respond mode safety (--max-value required, minScore forced to 0.5)
• Batch sell validation (--yes requires --max-value, price vs max-value)
• Batch sell file filtering (hidden files, --max-files truncation)
• Error serialization with new fields
• MCP bridge isolation in tests

Not verified (requires real credentials/chain — needs integration testing):

• Actual on-chain transactions (commit, reveal, claim, buy, sell)
• Contract address 0x69Aa38... is correct and live on Base mainnet
• ECDH commit-reveal flow against real contract verification
• Watch daemon polling loop against real API/chain
• Marketplace publishing (POST to agents.datafund.io)
• Swarm upload/download
• Spending limit enforcement under real transaction costs
• NDJSON event stream in a real terminal pipe
• MCP bridge reading/writing real key files
• HTTPS enforcement edge cases with real URLs
• Race conditions in watch daemon (concurrent cycles, lock contention)

Test plan

• bun run test:unit — 213 pass, 0 fail
• bun build src/index.ts --compile — compiles clean
• ade version → 0.2.0
• ade help → shows watch, scan-bounties, batch sell sections
• ade schema → v1.1.0 with new commands and protocols
• Testnet integration: ade sell --file test.csv --price 0.001 --yes on Base Sepolia
• Testnet integration: ade watch --once --dry-run
• Testnet integration: ade scan-bounties --dir ./test-data/
• Testnet integration: Full seller→buyer flow with MCP interop

🤖 Generated with Claude Code