@exagent/agent 0.1.0 → 0.1.2

package/dist/cli.mjs

@@ -1,10 +1,12 @@
 #!/usr/bin/env node
 import {
   AgentRuntime,
+  encryptEnvFile,
   getAllStrategyTemplates,
   loadConfig,
+  loadSecureEnv,
   validateConfig
-} from "./chunk-JS7RJORF.mjs";
+} from "./chunk-KJJGA46E.mjs";
 
 // src/cli.ts
 import { Command } from "commander";
@@ -58,6 +60,10 @@ function prompt(question, hidden = false) {
 }
 async function checkFirstRunSetup(configPath) {
   const envPath = path.join(path.dirname(configPath), ".env");
+  const encPath = envPath + ".enc";
+  if (fs.existsSync(encPath)) {
+    return;
+  }
   if (fs.existsSync(envPath)) {
     const envContent2 = fs.readFileSync(envPath, "utf-8");
     const hasPrivateKey = envContent2.includes("EXAGENT_PRIVATE_KEY=") && !envContent2.includes("EXAGENT_PRIVATE_KEY=\n") && !envContent2.includes("EXAGENT_PRIVATE_KEY=$");
@@ -186,10 +192,43 @@ ${llmEnvVar}EXAGENT_LLM_MODEL=${config.llm?.model || ""}
   fs.writeFileSync(envPath, envContent, { mode: 384 });
   console.log("");
   console.log("=".repeat(60));
-  console.log("  SETUP COMPLETE");
+  console.log("  ENCRYPT YOUR SECRETS");
   console.log("=".repeat(60));
   console.log("");
-  console.log("  Your .env file has been created.");
+  console.log("  Your .env file contains private keys and API credentials.");
+  console.log("  Encrypting it protects you if someone accesses your files.");
+  console.log("");
+  console.log("  Press Enter to skip (you can encrypt later with: npx @exagent/agent encrypt)");
+  console.log("");
+  const passphrase = await prompt("  Choose encryption passphrase (or Enter to skip): ", true);
+  if (passphrase && passphrase.length >= 4) {
+    const confirmPassphrase = await prompt("  Confirm passphrase: ", true);
+    if (passphrase === confirmPassphrase) {
+      console.log("");
+      encryptEnvFile(envPath, passphrase, true);
+      process.env.EXAGENT_PASSPHRASE = passphrase;
+      console.log("  Your secrets are encrypted. Plaintext .env has been deleted.");
+      console.log("");
+      console.log("  Remember your passphrase \u2014 you need it every time the agent starts.");
+      console.log("  Or set: export EXAGENT_PASSPHRASE=<your-passphrase>");
+    } else {
+      console.log("");
+      console.log("  Passphrases did not match. Skipping encryption.");
+      console.log("  Run: npx @exagent/agent encrypt");
+    }
+  } else if (passphrase && passphrase.length < 4) {
+    console.log("");
+    console.log("  Passphrase too short (min 4 chars). Skipping encryption.");
+    console.log("  Run: npx @exagent/agent encrypt");
+  } else {
+    console.log("");
+    console.log("  Skipped encryption. Your .env is stored in plaintext.");
+    console.log("  To encrypt later: npx @exagent/agent encrypt --delete");
+  }
+  console.log("");
+  console.log("=".repeat(60));
+  console.log("  SETUP COMPLETE");
+  console.log("=".repeat(60));
   console.log("");
   console.log(`  Wallet: ${walletAddress}`);
   console.log(`  LLM:    ${llmProvider}`);
@@ -201,11 +240,20 @@ ${llmEnvVar}EXAGENT_LLM_MODEL=${config.llm?.model || ""}
   console.log("");
   console.log("  The agent will now start...");
   console.log("");
-  loadEnvFile({ path: envPath, override: true });
+  if (!process.env.EXAGENT_PASSPHRASE) {
+    loadEnvFile({ path: envPath, override: true });
+  }
 }
-program.command("run").description("Start the trading agent").option("-c, --config <path>", "Path to agent-config.json", "agent-config.json").action(async (options) => {
+program.command("run").description("Start the trading agent").option("-c, --config <path>", "Path to agent-config.json", "agent-config.json").option("-p, --passphrase <passphrase>", "Passphrase to decrypt .env.enc").action(async (options) => {
   try {
     await checkFirstRunSetup(options.config);
+    const configDir = path.dirname(
+      options.config.startsWith("/") ? options.config : path.join(process.cwd(), options.config)
+    );
+    const usedEncrypted = loadSecureEnv(configDir, options.passphrase);
+    if (usedEncrypted) {
+      console.log("Loaded encrypted environment (.env.enc)");
+    }
     console.log("Loading configuration...");
     const config = loadConfig(options.config);
     validateConfig(config);
@@ -314,9 +362,65 @@ program.command("api-keys").description("Show how to get API keys for each LLM p
   console.log("OLLAMA (Local - No API Key Required)");
   console.log("  Install: https://ollama.com/download");
   console.log("  Run: ollama serve");
-  console.log("  Pull model: ollama pull mistral");
+  console.log("  Pull model: ollama pull llama3.2");
   console.log("");
   console.log("Note: Your API keys are stored locally in .env and never sent to Exagent servers.");
   console.log("");
 });
+program.command("encrypt").description("Encrypt .env file to .env.enc for secure storage").option("-d, --dir <path>", "Directory containing .env file", ".").option("--delete", "Delete plaintext .env after encryption", false).action(async (options) => {
+  try {
+    const dir = options.dir.startsWith("/") ? options.dir : path.join(process.cwd(), options.dir);
+    const envPath = path.join(dir, ".env");
+    if (!fs.existsSync(envPath)) {
+      console.error("No .env file found in", dir);
+      process.exit(1);
+    }
+    const encPath = envPath + ".enc";
+    if (fs.existsSync(encPath)) {
+      const overwrite = await prompt("  .env.enc already exists. Overwrite? (y/n): ");
+      if (overwrite.toLowerCase() !== "y") {
+        console.log("Aborted.");
+        process.exit(0);
+      }
+    }
+    console.log("");
+    console.log("=".repeat(50));
+    console.log("  ENCRYPT ENVIRONMENT FILE");
+    console.log("=".repeat(50));
+    console.log("");
+    console.log("  This will encrypt your .env file using a passphrase.");
+    console.log("  You will need this passphrase every time the agent starts.");
+    console.log("");
+    console.log("  Alternatively, set EXAGENT_PASSPHRASE env var to skip");
+    console.log("  the prompt on startup.");
+    console.log("");
+    const passphrase = await prompt("  Enter encryption passphrase: ", true);
+    if (!passphrase || passphrase.length < 4) {
+      console.error("  Passphrase must be at least 4 characters.");
+      process.exit(1);
+    }
+    const confirm = await prompt("  Confirm passphrase: ", true);
+    if (passphrase !== confirm) {
+      console.error("  Passphrases do not match.");
+      process.exit(1);
+    }
+    console.log("");
+    encryptEnvFile(envPath, passphrase, options.delete);
+    console.log("");
+    console.log("  Encrypted file saved to: .env.enc");
+    if (options.delete) {
+      console.log("  Plaintext .env has been deleted.");
+    } else {
+      console.log("  Your plaintext .env file is still present.");
+      console.log("  Run with --delete to remove it after encryption.");
+    }
+    console.log("");
+    console.log("  To use: npx @exagent/agent run --passphrase <your-passphrase>");
+    console.log("  Or set: export EXAGENT_PASSPHRASE=<your-passphrase>");
+    console.log("");
+  } catch (error) {
+    console.error("Error:", error instanceof Error ? error.message : error);
+    process.exit(1);
+  }
+});
 program.parse();

package/dist/index.d.mts

@@ -71,6 +71,20 @@ declare const VaultConfigSchema: z.ZodObject<{
     preferVaultTrading?: boolean | undefined;
 }>;
 type VaultConfig = z.infer<typeof VaultConfigSchema>;
+declare const RelayConfigSchema: z.ZodOptional<z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    apiUrl: z.ZodString;
+    heartbeatIntervalMs: z.ZodDefault<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    enabled: boolean;
+    apiUrl: string;
+    heartbeatIntervalMs: number;
+}, {
+    apiUrl: string;
+    enabled?: boolean | undefined;
+    heartbeatIntervalMs?: number | undefined;
+}>>;
+type RelayConfig$1 = z.infer<typeof RelayConfigSchema>;
 declare const AgentConfigSchema: z.ZodObject<{
     agentId: z.ZodUnion<[z.ZodNumber, z.ZodString]>;
     name: z.ZodString;
@@ -143,6 +157,19 @@ declare const AgentConfigSchema: z.ZodObject<{
         feeRecipient?: string | undefined;
         preferVaultTrading?: boolean | undefined;
     }>>;
+    relay: z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        apiUrl: z.ZodString;
+        heartbeatIntervalMs: z.ZodDefault<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        enabled: boolean;
+        apiUrl: string;
+        heartbeatIntervalMs: number;
+    }, {
+        apiUrl: string;
+        enabled?: boolean | undefined;
+        heartbeatIntervalMs?: number | undefined;
+    }>>;
     allowedTokens: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
 }, "strip", z.ZodTypeAny, {
     agentId: string | number;
@@ -174,6 +201,11 @@ declare const AgentConfigSchema: z.ZodObject<{
     wallet?: {
         setup: "generate" | "provide";
     } | undefined;
+    relay?: {
+        enabled: boolean;
+        apiUrl: string;
+        heartbeatIntervalMs: number;
+    } | undefined;
     allowedTokens?: string[] | undefined;
 }, {
     agentId: string | number;
@@ -205,6 +237,11 @@ declare const AgentConfigSchema: z.ZodObject<{
         feeRecipient?: string | undefined;
         preferVaultTrading?: boolean | undefined;
     } | undefined;
+    relay?: {
+        apiUrl: string;
+        enabled?: boolean | undefined;
+        heartbeatIntervalMs?: number | undefined;
+    } | undefined;
     allowedTokens?: string[] | undefined;
 }>;
 type AgentConfig = z.infer<typeof AgentConfigSchema>;
@@ -358,6 +395,51 @@ declare class VaultManager {
     }>;
 }
 
+/**
+ * Relay Types
+ *
+ * Shared types for the command center relay protocol.
+ * Used by both the SDK relay client and the API relay service.
+ */
+type AgentMode = 'idle' | 'trading';
+type CommandType = 'start_trading' | 'stop_trading' | 'update_risk_params' | 'update_trading_interval' | 'create_vault' | 'refresh_status' | 'shutdown';
+interface RelayCommand {
+    id: string;
+    type: CommandType;
+    params?: Record<string, unknown>;
+}
+type MessageType = 'trade_executed' | 'trade_failed' | 'funds_low' | 'risk_limit_hit' | 'vault_created' | 'config_updated' | 'llm_error' | 'command_result' | 'system';
+type MessageLevel = 'info' | 'warning' | 'error' | 'success';
+interface AgentStatusPayload {
+    mode: AgentMode;
+    agentId: string;
+    wallet?: string;
+    cycleCount?: number;
+    lastCycleAt?: number;
+    tradingIntervalMs?: number;
+    portfolioValue?: number;
+    ethBalance?: string;
+    llm?: {
+        provider: string;
+        model: string;
+    };
+    risk?: {
+        dailyPnL: number;
+        dailyLossLimit: number;
+        isLimitHit: boolean;
+    };
+    vault?: {
+        policy: string;
+        hasVault: boolean;
+        vaultAddress: string | null;
+    };
+}
+interface RelayConfig {
+    enabled: boolean;
+    apiUrl: string;
+    heartbeatIntervalMs?: number;
+}
+
 /**
  * Agent Runtime
  *
@@ -365,7 +447,9 @@ declare class VaultManager {
  * 1. Initializes connection to blockchain
  * 2. Ensures wallet is linked to agent identity
  * 3. Loads user's strategy
- * 4. Runs the trading loop
+ * 4. Connects to the command center relay
+ * 5. Enters idle mode (waiting for start command from website)
+ * 6. Runs the trading loop when commanded
  */
 declare class AgentRuntime {
     private config;
@@ -376,26 +460,38 @@ declare class AgentRuntime {
     private riskManager;
     private marketData;
     private vaultManager;
+    private relay;
     private isRunning;
+    private mode;
     private configHash;
     private lastVaultCheck;
+    private cycleCount;
+    private lastCycleAt;
+    private processAlive;
     private readonly VAULT_CHECK_INTERVAL;
     constructor(config: RuntimeConfig);
     /**
      * Initialize the agent runtime
      */
     initialize(): Promise<void>;
+    /**
+     * Initialize the relay client for command center connectivity
+     */
+    private initializeRelay;
     /**
      * Initialize the vault manager based on config
      */
     private initializeVaultManager;
     /**
-     * Ensure the current wallet is linked to the agent
+     * Ensure the current wallet is linked to the agent.
+     * If the trading wallet differs from the owner, enters a recovery loop
+     * that waits for the owner to link it from the website.
      */
     private ensureWalletLinked;
     /**
-     * Sync the LLM config hash to chain for epoch tracking
-     * This ensures trades are attributed to the correct config epoch
+     * Sync the LLM config hash to chain for epoch tracking.
+     * If the wallet has insufficient gas, enters a recovery loop
+     * that waits for the user to fund the wallet.
      */
     private syncConfigHash;
     /**
@@ -403,19 +499,35 @@ declare class AgentRuntime {
      */
     getConfigHash(): `0x${string}`;
     /**
-     * Start the trading loop
+     * Start the agent in daemon mode.
+     * The agent enters idle mode and waits for commands from the command center.
+     * Trading begins only when a start_trading command is received.
+     *
+     * If relay is not configured, falls back to immediate trading mode.
      */
     run(): Promise<void>;
+    /**
+     * Handle a command from the command center
+     */
+    private handleCommand;
+    /**
+     * Send current status to the relay
+     */
+    private sendRelayStatus;
     /**
      * Run a single trading cycle
      */
     private runCycle;
+    /**
+     * Check if ETH balance is below threshold and notify
+     */
+    private checkFundsLow;
     /**
      * Check for vault auto-creation based on policy
      */
     private checkVaultAutoCreation;
     /**
-     * Stop the trading loop
+     * Stop the agent process completely
      */
     stop(): void;
     /**
@@ -432,6 +544,7 @@ declare class AgentRuntime {
      */
     getStatus(): {
         isRunning: boolean;
+        mode: AgentMode;
         agentId: number;
         wallet: string;
         llm: {
@@ -449,6 +562,10 @@ declare class AgentRuntime {
             hasVault: boolean;
             vaultAddress: string | null;
         };
+        relay: {
+            connected: boolean;
+        };
+        cycleCount: number;
     };
     /**
      * Get detailed vault status (async)
@@ -516,6 +633,58 @@ declare class AnthropicAdapter extends BaseLLMAdapter {
     chat(messages: LLMMessage[]): Promise<LLMResponse>;
 }
 
+/**
+ * Google AI (Gemini) LLM Adapter
+ * Uses the Gemini REST API directly (no SDK dependency)
+ */
+declare class GoogleAdapter extends BaseLLMAdapter {
+    private apiKey;
+    private baseUrl;
+    constructor(config: LLMConfig);
+    chat(messages: LLMMessage[]): Promise<LLMResponse>;
+}
+
+/**
+ * DeepSeek LLM Adapter
+ * Uses OpenAI-compatible API format
+ */
+declare class DeepSeekAdapter extends BaseLLMAdapter {
+    private client;
+    constructor(config: LLMConfig);
+    chat(messages: LLMMessage[]): Promise<LLMResponse>;
+}
+
+/**
+ * Mistral AI LLM Adapter
+ * Uses Mistral's native API format
+ */
+declare class MistralAdapter extends BaseLLMAdapter {
+    private apiKey;
+    private baseUrl;
+    constructor(config: LLMConfig);
+    chat(messages: LLMMessage[]): Promise<LLMResponse>;
+}
+
+/**
+ * Groq LLM Adapter
+ * Uses OpenAI-compatible API format with ultra-fast inference
+ */
+declare class GroqAdapter extends BaseLLMAdapter {
+    private client;
+    constructor(config: LLMConfig);
+    chat(messages: LLMMessage[]): Promise<LLMResponse>;
+}
+
+/**
+ * Together AI LLM Adapter
+ * Uses OpenAI-compatible API format
+ */
+declare class TogetherAdapter extends BaseLLMAdapter {
+    private client;
+    constructor(config: LLMConfig);
+    chat(messages: LLMMessage[]): Promise<LLMResponse>;
+}
+
 /**
  * Ollama Local LLM Adapter
  * Runs models locally without API keys
@@ -670,4 +839,129 @@ declare class MarketDataService {
     private calculatePortfolioValue;
 }
 
-export { type AgentConfig, AgentConfigSchema, AgentRuntime, AnthropicAdapter, BaseLLMAdapter, type LLMAdapter, type LLMConfig, LLMConfigSchema, type LLMMessage, type LLMMetadata, type LLMProvider, LLMProviderSchema, type LLMResponse, type MarketData, MarketDataService, OllamaAdapter, OpenAIAdapter, RiskManager, type RiskUniverse, RiskUniverseSchema, type RuntimeConfig, STRATEGY_TEMPLATES, type StrategyFunction, type StrategyTemplate, TradeExecutor, type TradeSignal, type TradingConfig, TradingConfigSchema, type VaultConfig, VaultConfigSchema, VaultManager, type VaultManagerConfig, type VaultPolicy, VaultPolicySchema, type VaultStatus, createLLMAdapter, createSampleConfig, getAllStrategyTemplates, getStrategyTemplate, loadConfig, loadStrategy, validateConfig, validateStrategy };
+/**
+ * Relay Client
+ *
+ * WebSocket client that connects the agent to the API command center.
+ * Handles authentication, heartbeats, message sending, and command receiving.
+ *
+ * Features:
+ * - Auto-reconnect with exponential backoff
+ * - Wallet signature authentication
+ * - Heartbeat keepalive
+ * - Command callback for runtime integration
+ */
+
+interface RelayClientConfig {
+    agentId: string;
+    privateKey: `0x${string}`;
+    relay: RelayConfig;
+    onCommand?: (command: RelayCommand) => void;
+}
+declare class RelayClient {
+    private config;
+    private ws;
+    private authenticated;
+    private reconnectAttempts;
+    private maxReconnectAttempts;
+    private reconnectTimer;
+    private heartbeatTimer;
+    private stopped;
+    constructor(config: RelayClientConfig);
+    /**
+     * Connect to the relay server
+     */
+    connect(): Promise<void>;
+    /**
+     * Authenticate with the relay server using wallet signature
+     */
+    private authenticate;
+    /**
+     * Handle incoming messages from the relay server
+     */
+    private handleMessage;
+    /**
+     * Send a status heartbeat
+     */
+    sendHeartbeat(status: AgentStatusPayload): void;
+    /**
+     * Send a status update (outside of regular heartbeat)
+     */
+    sendStatusUpdate(status: Partial<AgentStatusPayload>): void;
+    /**
+     * Send a message to the command center
+     */
+    sendMessage(messageType: MessageType, level: MessageLevel, title: string, body: string, data?: Record<string, unknown>): void;
+    /**
+     * Send a command execution result
+     */
+    sendCommandResult(commandId: string, success: boolean, result?: string): void;
+    /**
+     * Start the heartbeat timer
+     */
+    private startHeartbeat;
+    /**
+     * Stop the heartbeat timer
+     */
+    private stopHeartbeat;
+    /**
+     * Schedule a reconnection with exponential backoff
+     */
+    private scheduleReconnect;
+    /**
+     * Send a JSON message to the WebSocket
+     */
+    private send;
+    /**
+     * Check if connected and authenticated
+     */
+    get isConnected(): boolean;
+    /**
+     * Disconnect and stop reconnecting
+     */
+    disconnect(): void;
+}
+
+/**
+ * Secure Environment Storage
+ *
+ * Encrypts sensitive environment variables at rest using AES-256-GCM.
+ * Private keys and API keys should never be stored in plaintext on disk.
+ *
+ * Usage:
+ *   npx @exagent/agent encrypt    — encrypt .env → .env.enc, delete plaintext
+ *   The runtime loads .env.enc automatically if it exists
+ *
+ * Encryption:
+ *   - AES-256-GCM for authenticated encryption
+ *   - PBKDF2 with 100k iterations for key derivation
+ *   - Random salt and IV per encryption
+ *   - Only sensitive fields are encrypted (keys matching *_KEY, *_SECRET, PRIVATE_KEY)
+ */
+/**
+ * Encrypt a .env file and write .env.enc
+ *
+ * @param envPath Path to the .env file
+ * @param passphrase User-provided passphrase for encryption
+ * @param deleteOriginal Whether to delete the plaintext .env after encryption
+ * @returns Path to the encrypted file
+ */
+declare function encryptEnvFile(envPath: string, passphrase: string, deleteOriginal?: boolean): string;
+/**
+ * Decrypt a .env.enc file and return the env vars as a Record
+ *
+ * @param encPath Path to the .env.enc file
+ * @param passphrase User-provided passphrase for decryption
+ * @returns Record of decrypted env vars
+ */
+declare function decryptEnvFile(encPath: string, passphrase: string): Record<string, string>;
+/**
+ * Load environment variables, preferring .env.enc over .env
+ *
+ * @param basePath Directory containing .env / .env.enc
+ * @param passphrase Passphrase for decryption (from env or prompt)
+ * @returns Whether encrypted env was loaded
+ */
+declare function loadSecureEnv(basePath: string, passphrase?: string): boolean;
+
+export { type AgentConfig, AgentConfigSchema, type AgentMode, AgentRuntime, type AgentStatusPayload, AnthropicAdapter, BaseLLMAdapter, type CommandType, DeepSeekAdapter, GoogleAdapter, GroqAdapter, type LLMAdapter, type LLMConfig, LLMConfigSchema, type LLMMessage, type LLMMetadata, type LLMProvider, LLMProviderSchema, type LLMResponse, type MarketData, MarketDataService, type MessageLevel, type MessageType, MistralAdapter, OllamaAdapter, OpenAIAdapter, RelayClient, type RelayCommand, type RelayConfig$1 as RelayConfig, RelayConfigSchema, RiskManager, type RiskUniverse, RiskUniverseSchema, type RuntimeConfig, STRATEGY_TEMPLATES, type StrategyFunction, type StrategyTemplate, TogetherAdapter, TradeExecutor, type TradeSignal, type TradingConfig, TradingConfigSchema, type VaultConfig, VaultConfigSchema, VaultManager, type VaultManagerConfig, type VaultPolicy, VaultPolicySchema, type VaultStatus, createLLMAdapter, createSampleConfig, decryptEnvFile, encryptEnvFile, getAllStrategyTemplates, getStrategyTemplate, loadConfig, loadSecureEnv, loadStrategy, validateConfig, validateStrategy };