feat(core-sdk): create @bosonprotocol/cli package

[Copilot]

Adds a new @bosonprotocol/cli npm workspace package that exposes core-sdk operations as runnable CLI commands, replacing the ad-hoc scripts in ./scripts/.

Package structure (packages/cli/)

• bin/run.js — shebang entry point for npx @bosonprotocol/cli@latest <command>
• src/index.ts — commander program with dotenv.config() loaded first; reads version from package.json at runtime
• src/commands/ — one file per command
• src/utils/ — shared buildReadOnlyCoreSDK, buildSignerCoreSDK, getEnvName, getConfigId, Infura header builder, and seller struct extractor

Commands implemented

Command	On-chain write	Source script
create-seller	✓	scripts/create-seller.ts
update-seller	✓ (with multi-key opt-in)	scripts/update-seller.ts
get-seller	✗	scripts/get-seller.ts
create-offer	✓	scripts/create-offer.ts
explore-offer	✗	scripts/explore-offer.ts
deposit-funds	✓	scripts/deposit-funds.ts
complete-exchange	✓ (meta-tx supported)	scripts/complete-exchange.ts
upload-to-ipfs	✗	scripts/upload-to-ipfs.ts
search-products	✗	scripts/search-products.ts

Design decisions

• Env var fallbacks on every argument — e.g. ENV_NAME, ENV_CONFIG_ID, SELLER_PRIVATE_KEY, PRIVATE_KEY, INFURA_CREDENTIALS — so a .env file covers all common config
• CJS-only build — no ESM output needed for a CLI; single tsconfig.json targeting dist/cjs/
• BaseIpfsStorage instead of IpfsMetadataStorage in explore-offer — the constructor signature requires a validation callback that is not applicable to read-only metadata fetching
• tokenType → authToken field mapping fixed in update-seller opt-in loop (the pending update struct key differs from the fieldsToUpdate interface key)

Usage

npx @bosonprotocol/cli@latest --help
npx @bosonprotocol/cli@latest help create-seller

# With .env containing ENV_NAME, ENV_CONFIG_ID, SELLER_PRIVATE_KEY
npx @bosonprotocol/cli@latest create-seller 0xPRIVATEKEY --data seller.json
npx @bosonprotocol/cli@latest get-seller 0xADDRESS --env production --configId production-1-0

Original prompt

---

This section details on the original issue you should resolve

<issue_title>create a cli package for the core-sdk</issue_title>
<issue_description>- a cli package should allow any user to realize any core-sdk method in command-line interface

• the cli package will be published as an npm package @bosonprotocol/cli
• the cli package should be a workspace of the current mono-repo. Build and publish should be synchronized with build and publish of the core-sdk workspace/package
• the end-user will be able to call the cli with a command like "npx @bosonprotocol/cli@latest [command] [arguments]"
• for each command, most of the arguments can be passed either in the command-line or as env var in a local .env file
• some of commands' arguments are mandatory, while other are optional
• there are some arguments that are common to every command, for instance "configId" which identify the environment and chain the core-sdk should be initialized
• some commands does not require a wallet private key, as they don't imply submitting a transaction on-chain. Some other commands require a private key as they imply submitting a transaction or signing a message
• most of the cli commands already exist in the repository as independent scripts (see ./scripts folder). They will be replaced with equivalent commands in the CLI. The current scripts should be used as examples of the commands to implement in the cli.
• each command should generate its own documentation page that the end-user can read when typing npx @bosonprotocol/cli@latest help [command]"</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes create a cli package for the core-sdk #1015

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}