@exagent/agent 0.1.13 → 0.1.14

package/dist/chunk-YWPRVCRB.mjs

@@ -0,0 +1,3009 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/llm/base.ts
+var BaseLLMAdapter = class {
+  config;
+  constructor(config) {
+    this.config = config;
+  }
+  getMetadata() {
+    return {
+      provider: this.config.provider,
+      model: this.config.model || "unknown",
+      isLocal: this.config.provider === "ollama"
+    };
+  }
+  /**
+   * Format model name for display
+   */
+  getDisplayModel() {
+    if (this.config.provider === "ollama") {
+      return `Local (${this.config.model || "ollama"})`;
+    }
+    return this.config.model || this.config.provider;
+  }
+};
+
+// src/llm/openai.ts
+import OpenAI from "openai";
+var OpenAIAdapter = class extends BaseLLMAdapter {
+  client;
+  constructor(config) {
+    super(config);
+    if (!config.apiKey && !config.endpoint) {
+      throw new Error("OpenAI API key or custom endpoint required");
+    }
+    this.client = new OpenAI({
+      apiKey: config.apiKey || "not-needed-for-custom",
+      baseURL: config.endpoint
+    });
+  }
+  async chat(messages) {
+    try {
+      const response = await this.client.chat.completions.create({
+        model: this.config.model || "gpt-4.1",
+        messages: messages.map((m) => ({
+          role: m.role,
+          content: m.content
+        })),
+        temperature: this.config.temperature,
+        max_tokens: this.config.maxTokens
+      });
+      const choice = response.choices[0];
+      if (!choice || !choice.message) {
+        throw new Error("No response from OpenAI");
+      }
+      return {
+        content: choice.message.content || "",
+        usage: response.usage ? {
+          promptTokens: response.usage.prompt_tokens,
+          completionTokens: response.usage.completion_tokens,
+          totalTokens: response.usage.total_tokens
+        } : void 0
+      };
+    } catch (error) {
+      if (error instanceof OpenAI.APIError) {
+        throw new Error(`OpenAI API error: ${error.message}`);
+      }
+      throw error;
+    }
+  }
+};
+
+// src/llm/anthropic.ts
+var AnthropicAdapter = class extends BaseLLMAdapter {
+  apiKey;
+  baseUrl;
+  constructor(config) {
+    super(config);
+    if (!config.apiKey) {
+      throw new Error("Anthropic API key required");
+    }
+    this.apiKey = config.apiKey;
+    this.baseUrl = config.endpoint || "https://api.anthropic.com";
+  }
+  async chat(messages) {
+    const systemMessage = messages.find((m) => m.role === "system");
+    const chatMessages = messages.filter((m) => m.role !== "system");
+    const body = {
+      model: this.config.model || "claude-opus-4-5-20251101",
+      max_tokens: this.config.maxTokens || 4096,
+      temperature: this.config.temperature,
+      system: systemMessage?.content,
+      messages: chatMessages.map((m) => ({
+        role: m.role,
+        content: m.content
+      }))
+    };
+    const response = await fetch(`${this.baseUrl}/v1/messages`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "x-api-key": this.apiKey,
+        "anthropic-version": "2023-06-01"
+      },
+      body: JSON.stringify(body)
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`Anthropic API error: ${response.status} - ${error}`);
+    }
+    const data = await response.json();
+    const content = data.content?.map(
+      (block) => block.type === "text" ? block.text : ""
+    ).join("") || "";
+    return {
+      content,
+      usage: data.usage ? {
+        promptTokens: data.usage.input_tokens,
+        completionTokens: data.usage.output_tokens,
+        totalTokens: data.usage.input_tokens + data.usage.output_tokens
+      } : void 0
+    };
+  }
+};
+
+// src/llm/google.ts
+var GoogleAdapter = class extends BaseLLMAdapter {
+  apiKey;
+  baseUrl;
+  constructor(config) {
+    super(config);
+    if (!config.apiKey) {
+      throw new Error("Google AI API key required");
+    }
+    this.apiKey = config.apiKey;
+    this.baseUrl = config.endpoint || "https://generativelanguage.googleapis.com/v1beta";
+  }
+  async chat(messages) {
+    const model = this.config.model || "gemini-2.5-flash";
+    const systemMessage = messages.find((m) => m.role === "system");
+    const chatMessages = messages.filter((m) => m.role !== "system");
+    const contents = chatMessages.map((m) => ({
+      role: m.role === "assistant" ? "model" : "user",
+      parts: [{ text: m.content }]
+    }));
+    const body = {
+      contents,
+      generationConfig: {
+        temperature: this.config.temperature,
+        maxOutputTokens: this.config.maxTokens || 4096
+      }
+    };
+    if (systemMessage) {
+      body.systemInstruction = {
+        parts: [{ text: systemMessage.content }]
+      };
+    }
+    const url = `${this.baseUrl}/models/${model}:generateContent?key=${this.apiKey}`;
+    const response = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(body)
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`Google AI API error: ${response.status} - ${error}`);
+    }
+    const data = await response.json();
+    const candidate = data.candidates?.[0];
+    if (!candidate?.content?.parts) {
+      throw new Error("No response from Google AI");
+    }
+    const content = candidate.content.parts.map((part) => part.text || "").join("");
+    const usageMetadata = data.usageMetadata;
+    return {
+      content,
+      usage: usageMetadata ? {
+        promptTokens: usageMetadata.promptTokenCount || 0,
+        completionTokens: usageMetadata.candidatesTokenCount || 0,
+        totalTokens: usageMetadata.totalTokenCount || 0
+      } : void 0
+    };
+  }
+};
+
+// src/llm/deepseek.ts
+import OpenAI2 from "openai";
+var DeepSeekAdapter = class extends BaseLLMAdapter {
+  client;
+  constructor(config) {
+    super(config);
+    if (!config.apiKey) {
+      throw new Error("DeepSeek API key required");
+    }
+    this.client = new OpenAI2({
+      apiKey: config.apiKey,
+      baseURL: config.endpoint || "https://api.deepseek.com/v1"
+    });
+  }
+  async chat(messages) {
+    try {
+      const response = await this.client.chat.completions.create({
+        model: this.config.model || "deepseek-chat",
+        messages: messages.map((m) => ({
+          role: m.role,
+          content: m.content
+        })),
+        temperature: this.config.temperature,
+        max_tokens: this.config.maxTokens
+      });
+      const choice = response.choices[0];
+      if (!choice || !choice.message) {
+        throw new Error("No response from DeepSeek");
+      }
+      return {
+        content: choice.message.content || "",
+        usage: response.usage ? {
+          promptTokens: response.usage.prompt_tokens,
+          completionTokens: response.usage.completion_tokens,
+          totalTokens: response.usage.total_tokens
+        } : void 0
+      };
+    } catch (error) {
+      if (error instanceof OpenAI2.APIError) {
+        throw new Error(`DeepSeek API error: ${error.message}`);
+      }
+      throw error;
+    }
+  }
+};
+
+// src/llm/mistral.ts
+var MistralAdapter = class extends BaseLLMAdapter {
+  apiKey;
+  baseUrl;
+  constructor(config) {
+    super(config);
+    if (!config.apiKey) {
+      throw new Error("Mistral API key required");
+    }
+    this.apiKey = config.apiKey;
+    this.baseUrl = config.endpoint || "https://api.mistral.ai/v1";
+  }
+  async chat(messages) {
+    const body = {
+      model: this.config.model || "mistral-large-latest",
+      messages: messages.map((m) => ({
+        role: m.role,
+        content: m.content
+      })),
+      temperature: this.config.temperature,
+      max_tokens: this.config.maxTokens
+    };
+    const response = await fetch(`${this.baseUrl}/chat/completions`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${this.apiKey}`
+      },
+      body: JSON.stringify(body)
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`Mistral API error: ${response.status} - ${error}`);
+    }
+    const data = await response.json();
+    const choice = data.choices?.[0];
+    if (!choice || !choice.message) {
+      throw new Error("No response from Mistral");
+    }
+    return {
+      content: choice.message.content || "",
+      usage: data.usage ? {
+        promptTokens: data.usage.prompt_tokens,
+        completionTokens: data.usage.completion_tokens,
+        totalTokens: data.usage.total_tokens
+      } : void 0
+    };
+  }
+};
+
+// src/llm/groq.ts
+import OpenAI3 from "openai";
+var GroqAdapter = class extends BaseLLMAdapter {
+  client;
+  constructor(config) {
+    super(config);
+    if (!config.apiKey) {
+      throw new Error("Groq API key required");
+    }
+    this.client = new OpenAI3({
+      apiKey: config.apiKey,
+      baseURL: config.endpoint || "https://api.groq.com/openai/v1"
+    });
+  }
+  async chat(messages) {
+    try {
+      const response = await this.client.chat.completions.create({
+        model: this.config.model || "llama-3.1-70b-versatile",
+        messages: messages.map((m) => ({
+          role: m.role,
+          content: m.content
+        })),
+        temperature: this.config.temperature,
+        max_tokens: this.config.maxTokens
+      });
+      const choice = response.choices[0];
+      if (!choice || !choice.message) {
+        throw new Error("No response from Groq");
+      }
+      return {
+        content: choice.message.content || "",
+        usage: response.usage ? {
+          promptTokens: response.usage.prompt_tokens,
+          completionTokens: response.usage.completion_tokens,
+          totalTokens: response.usage.total_tokens
+        } : void 0
+      };
+    } catch (error) {
+      if (error instanceof OpenAI3.APIError) {
+        throw new Error(`Groq API error: ${error.message}`);
+      }
+      throw error;
+    }
+  }
+};
+
+// src/llm/together.ts
+import OpenAI4 from "openai";
+var TogetherAdapter = class extends BaseLLMAdapter {
+  client;
+  constructor(config) {
+    super(config);
+    if (!config.apiKey) {
+      throw new Error("Together AI API key required");
+    }
+    this.client = new OpenAI4({
+      apiKey: config.apiKey,
+      baseURL: config.endpoint || "https://api.together.xyz/v1"
+    });
+  }
+  async chat(messages) {
+    try {
+      const response = await this.client.chat.completions.create({
+        model: this.config.model || "meta-llama/Meta-Llama-3.1-405B-Instruct-Turbo",
+        messages: messages.map((m) => ({
+          role: m.role,
+          content: m.content
+        })),
+        temperature: this.config.temperature,
+        max_tokens: this.config.maxTokens
+      });
+      const choice = response.choices[0];
+      if (!choice || !choice.message) {
+        throw new Error("No response from Together AI");
+      }
+      return {
+        content: choice.message.content || "",
+        usage: response.usage ? {
+          promptTokens: response.usage.prompt_tokens,
+          completionTokens: response.usage.completion_tokens,
+          totalTokens: response.usage.total_tokens
+        } : void 0
+      };
+    } catch (error) {
+      if (error instanceof OpenAI4.APIError) {
+        throw new Error(`Together AI API error: ${error.message}`);
+      }
+      throw error;
+    }
+  }
+};
+
+// src/llm/ollama.ts
+var OllamaAdapter = class extends BaseLLMAdapter {
+  baseUrl;
+  constructor(config) {
+    super(config);
+    this.baseUrl = config.endpoint || "http://localhost:11434";
+  }
+  /**
+   * Check if Ollama is running and the model is available
+   */
+  async healthCheck() {
+    try {
+      const response = await fetch(`${this.baseUrl}/api/tags`);
+      if (!response.ok) {
+        throw new Error("Ollama server not responding");
+      }
+      const data = await response.json();
+      const models = data.models?.map((m) => m.name) || [];
+      if (this.config.model && !models.some((m) => m.startsWith(this.config.model))) {
+        console.warn(
+          `Model "${this.config.model}" not found locally. Available: ${models.join(", ")}`
+        );
+        console.warn(`Run: ollama pull ${this.config.model}`);
+      }
+    } catch (error) {
+      throw new Error(
+        `Cannot connect to Ollama at ${this.baseUrl}. Make sure Ollama is running (ollama serve) or install it from https://ollama.com`
+      );
+    }
+  }
+  async chat(messages) {
+    const body = {
+      model: this.config.model || "llama3.2",
+      messages: messages.map((m) => ({
+        role: m.role,
+        content: m.content
+      })),
+      stream: false,
+      options: {
+        temperature: this.config.temperature,
+        num_predict: this.config.maxTokens
+      }
+    };
+    const response = await fetch(`${this.baseUrl}/api/chat`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(body)
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`Ollama API error: ${response.status} - ${error}`);
+    }
+    const data = await response.json();
+    return {
+      content: data.message?.content || "",
+      usage: data.eval_count ? {
+        promptTokens: data.prompt_eval_count || 0,
+        completionTokens: data.eval_count,
+        totalTokens: (data.prompt_eval_count || 0) + data.eval_count
+      } : void 0
+    };
+  }
+  getMetadata() {
+    return {
+      provider: "ollama",
+      model: this.config.model || "llama3.2",
+      isLocal: true
+    };
+  }
+};
+
+// src/llm/adapter.ts
+async function createLLMAdapter(config) {
+  switch (config.provider) {
+    case "openai":
+      return new OpenAIAdapter(config);
+    case "anthropic":
+      return new AnthropicAdapter(config);
+    case "google":
+      return new GoogleAdapter(config);
+    case "deepseek":
+      return new DeepSeekAdapter(config);
+    case "mistral":
+      return new MistralAdapter(config);
+    case "groq":
+      return new GroqAdapter(config);
+    case "together":
+      return new TogetherAdapter(config);
+    case "ollama":
+      const adapter = new OllamaAdapter(config);
+      await adapter.healthCheck();
+      return adapter;
+    case "custom":
+      return new OpenAIAdapter({
+        ...config,
+        endpoint: config.endpoint
+      });
+    default:
+      throw new Error(`Unsupported LLM provider: ${config.provider}`);
+  }
+}
+
+// src/strategy/loader.ts
+import { existsSync } from "fs";
+import { join } from "path";
+import { spawn } from "child_process";
+async function loadStrategy(strategyPath) {
+  const basePath = strategyPath || process.env.EXAGENT_STRATEGY || "strategy";
+  const tsPath = basePath.endsWith(".ts") || basePath.endsWith(".js") ? basePath : `${basePath}.ts`;
+  const jsPath = basePath.endsWith(".ts") || basePath.endsWith(".js") ? basePath.replace(".ts", ".js") : `${basePath}.js`;
+  const fullTsPath = tsPath.startsWith("/") ? tsPath : join(process.cwd(), tsPath);
+  const fullJsPath = jsPath.startsWith("/") ? jsPath : join(process.cwd(), jsPath);
+  if (existsSync(fullTsPath) && fullTsPath.endsWith(".ts")) {
+    try {
+      const module = await loadTypeScriptModule(fullTsPath);
+      if (typeof module.generateSignals !== "function") {
+        throw new Error("Strategy must export a generateSignals function");
+      }
+      console.log(`Loaded custom strategy from ${tsPath}`);
+      return module.generateSignals;
+    } catch (error) {
+      console.error(`Failed to load strategy from ${tsPath}:`, error);
+      throw error;
+    }
+  }
+  if (existsSync(fullJsPath)) {
+    try {
+      const module = await import(fullJsPath);
+      if (typeof module.generateSignals !== "function") {
+        throw new Error("Strategy must export a generateSignals function");
+      }
+      console.log(`Loaded custom strategy from ${jsPath}`);
+      return module.generateSignals;
+    } catch (error) {
+      console.error(`Failed to load strategy from ${jsPath}:`, error);
+      throw error;
+    }
+  }
+  console.log("No custom strategy found, using default (hold) strategy");
+  return defaultStrategy;
+}
+async function loadTypeScriptModule(path2) {
+  try {
+    const tsxPath = __require.resolve("tsx");
+    const { pathToFileURL } = await import("url");
+    const result = await new Promise((resolve, reject) => {
+      const child = spawn(
+        process.execPath,
+        [
+          "--import",
+          "tsx/esm",
+          "-e",
+          `import('${pathToFileURL(path2).href}').then(m => console.log(JSON.stringify({ exports: Object.keys(m) }))).catch(e => console.error('ERROR:', e.message))`
+        ],
+        {
+          cwd: process.cwd(),
+          env: process.env,
+          stdio: ["pipe", "pipe", "pipe"]
+        }
+      );
+      let stdout = "";
+      let stderr = "";
+      child.stdout.on("data", (data) => stdout += data.toString());
+      child.stderr.on("data", (data) => stderr += data.toString());
+      child.on("close", (code) => {
+        if (code !== 0 || stderr.includes("ERROR:")) {
+          reject(new Error(`Failed to load TypeScript: ${stderr || "Unknown error"}`));
+        } else {
+          resolve(stdout);
+        }
+      });
+    });
+    const tsx = await import("tsx/esm/api");
+    const unregister = tsx.register();
+    try {
+      const module = await import(path2);
+      return module;
+    } finally {
+      unregister();
+    }
+  } catch (error) {
+    if (error.code === "MODULE_NOT_FOUND" || error.message.includes("Cannot find module")) {
+      throw new Error(
+        `Cannot load TypeScript strategy. Please either:
+1. Rename your strategy.ts to strategy.js (remove type annotations)
+2. Or compile it: npx tsc strategy.ts --outDir . --esModuleInterop
+3. Or install tsx: npm install tsx`
+      );
+    }
+    throw error;
+  }
+}
+var defaultStrategy = async (_marketData, _llm, _config) => {
+  return [];
+};
+function validateStrategy(fn) {
+  return typeof fn === "function";
+}
+
+// src/strategy/templates.ts
+var STRATEGY_TEMPLATES = [
+  {
+    id: "momentum",
+    name: "Momentum Trader",
+    description: "Follows price trends and momentum indicators. Buys assets with strong upward momentum.",
+    riskLevel: "medium",
+    riskWarnings: [
+      "Momentum strategies can suffer significant losses during trend reversals",
+      "High volatility markets may generate false signals",
+      "Past performance does not guarantee future results",
+      "This strategy may underperform in sideways markets"
+    ],
+    systemPrompt: `You are an AI trading analyst specializing in momentum trading strategies.
+
+Your role is to analyze market data and identify momentum-based trading opportunities.
+
+IMPORTANT CONSTRAINTS:
+- Only recommend trades when there is clear momentum evidence
+- Always consider risk/reward ratios
+- Never recommend more than the configured position size limits
+- Be conservative with confidence scores
+
+When analyzing data, look for:
+1. Price trends (higher highs, higher lows for uptrends)
+2. Volume confirmation (increasing volume on moves)
+3. Relative strength vs market benchmarks
+
+Respond with JSON in this format:
+{
+  "analysis": "Brief market analysis",
+  "signals": [
+    {
+      "action": "buy" | "sell" | "hold",
+      "tokenIn": "0x...",
+      "tokenOut": "0x...",
+      "percentage": 0-100,
+      "confidence": 0-1,
+      "reasoning": "Why this trade"
+    }
+  ]
+}`,
+    exampleCode: `import { StrategyFunction, MarketData, TradeSignal, LLMAdapter, AgentConfig } from '@exagent/agent';
+
+export const generateSignals: StrategyFunction = async (
+  marketData: MarketData,
+  llm: LLMAdapter,
+  config: AgentConfig
+): Promise<TradeSignal[]> => {
+  const response = await llm.chat([
+    { role: 'system', content: MOMENTUM_SYSTEM_PROMPT },
+    { role: 'user', content: JSON.stringify({
+      prices: marketData.prices,
+      balances: formatBalances(marketData.balances),
+      portfolioValue: marketData.portfolioValue,
+    })}
+  ]);
+
+  // Parse LLM response and convert to TradeSignals
+  const parsed = JSON.parse(response.content);
+  return parsed.signals.map(convertToTradeSignal);
+};`
+  },
+  {
+    id: "value",
+    name: "Value Investor",
+    description: "Looks for undervalued assets based on fundamentals. Takes long-term positions.",
+    riskLevel: "low",
+    riskWarnings: [
+      "Value traps can result in prolonged losses",
+      "Requires patience - may underperform for extended periods",
+      "Fundamental analysis may not apply well to all crypto assets",
+      "Market sentiment can override fundamentals for long periods"
+    ],
+    systemPrompt: `You are an AI trading analyst specializing in value investing.
+
+Your role is to identify undervalued assets with strong fundamentals.
+
+IMPORTANT CONSTRAINTS:
+- Focus on long-term value, not short-term price movements
+- Only recommend assets with clear value propositions
+- Consider protocol revenue, TVL, active users, developer activity
+- Be very selective - quality over quantity
+
+When analyzing, consider:
+1. Protocol fundamentals (revenue, TVL, user growth)
+2. Token economics (supply schedule, utility)
+3. Competitive positioning
+4. Valuation relative to peers
+
+Respond with JSON in this format:
+{
+  "analysis": "Brief fundamental analysis",
+  "signals": [
+    {
+      "action": "buy" | "sell" | "hold",
+      "tokenIn": "0x...",
+      "tokenOut": "0x...",
+      "percentage": 0-100,
+      "confidence": 0-1,
+      "reasoning": "Fundamental thesis"
+    }
+  ]
+}`,
+    exampleCode: `import { StrategyFunction } from '@exagent/agent';
+
+export const generateSignals: StrategyFunction = async (marketData, llm, config) => {
+  // Value strategy runs less frequently
+  const response = await llm.chat([
+    { role: 'system', content: VALUE_SYSTEM_PROMPT },
+    { role: 'user', content: JSON.stringify(marketData) }
+  ]);
+
+  return parseSignals(response.content);
+};`
+  },
+  {
+    id: "arbitrage",
+    name: "Arbitrage Hunter",
+    description: "Looks for price discrepancies across DEXs. Requires fast execution.",
+    riskLevel: "high",
+    riskWarnings: [
+      "Arbitrage opportunities are highly competitive - professional bots dominate",
+      "Slippage and gas costs can eliminate profits",
+      "MEV bots may front-run your transactions",
+      "Requires very fast execution and may not be profitable with standard infrastructure",
+      "This strategy is generally NOT recommended for beginners"
+    ],
+    systemPrompt: `You are an AI trading analyst specializing in arbitrage detection.
+
+Your role is to identify price discrepancies that may offer arbitrage opportunities.
+
+IMPORTANT CONSTRAINTS:
+- Account for gas costs in all calculations
+- Account for slippage (assume 0.3% minimum)
+- Only flag opportunities with >1% net profit potential
+- Consider MEV risk - assume some profit extraction
+
+This is an advanced strategy with high competition.
+
+Respond with JSON in this format:
+{
+  "opportunities": [
+    {
+      "description": "What the arbitrage is",
+      "expectedProfit": "Net profit after costs",
+      "confidence": 0-1,
+      "warning": "Risks specific to this opportunity"
+    }
+  ]
+}`,
+    exampleCode: `// Note: Pure arbitrage requires specialized infrastructure
+// This template is for educational purposes
+
+import { StrategyFunction } from '@exagent/agent';
+
+export const generateSignals: StrategyFunction = async (marketData, llm, config) => {
+  // Arbitrage requires real-time price feeds from multiple sources
+  // Standard LLM-based analysis is too slow for most arbitrage
+  console.warn('Arbitrage strategy requires specialized infrastructure');
+  return [];
+};`
+  },
+  {
+    id: "custom",
+    name: "Custom Strategy",
+    description: "Build your own strategy from scratch. Full control over logic and prompts.",
+    riskLevel: "extreme",
+    riskWarnings: [
+      "Custom strategies have no guardrails - you are fully responsible",
+      "LLMs can hallucinate or make errors - always validate outputs",
+      "Start with small amounts before scaling up",
+      "Consider edge cases: what happens if the LLM returns invalid JSON?",
+      "Your prompts and strategy logic are your competitive advantage - protect them",
+      "Agents may not behave exactly as expected based on your prompts"
+    ],
+    systemPrompt: `// Define your own system prompt here
+
+You are a trading AI. Analyze the market data and provide trading signals.
+
+// Add your specific instructions, constraints, and output format.
+
+Respond with JSON:
+{
+  "signals": []
+}`,
+    exampleCode: `import { StrategyFunction, MarketData, TradeSignal, LLMAdapter, AgentConfig } from '@exagent/agent';
+
+/**
+ * Custom Strategy Template
+ *
+ * Customize this file with your own trading logic and prompts.
+ * Your prompts are YOUR intellectual property - we don't store them.
+ */
+export const generateSignals: StrategyFunction = async (
+  marketData: MarketData,
+  llm: LLMAdapter,
+  config: AgentConfig
+): Promise<TradeSignal[]> => {
+  // Your custom system prompt (this is your secret sauce)
+  const systemPrompt = \`
+    Your custom instructions here...
+  \`;
+
+  // Call the LLM with your prompt
+  const response = await llm.chat([
+    { role: 'system', content: systemPrompt },
+    { role: 'user', content: JSON.stringify(marketData) }
+  ]);
+
+  // Parse and return signals
+  // IMPORTANT: Validate LLM output before using
+  try {
+    const parsed = JSON.parse(response.content);
+    return parsed.signals || [];
+  } catch (e) {
+    console.error('Failed to parse LLM response:', e);
+    return []; // Safe fallback: no trades
+  }
+};`
+  }
+];
+function getStrategyTemplate(id) {
+  return STRATEGY_TEMPLATES.find((t) => t.id === id);
+}
+function getAllStrategyTemplates() {
+  return STRATEGY_TEMPLATES;
+}
+
+// src/types.ts
+import { z } from "zod";
+var WalletSetupSchema = z.enum(["generate", "provide"]);
+var LLMProviderSchema = z.enum(["openai", "anthropic", "google", "deepseek", "mistral", "groq", "together", "ollama", "custom"]);
+var LLMConfigSchema = z.object({
+  provider: LLMProviderSchema,
+  model: z.string().optional(),
+  apiKey: z.string().optional(),
+  endpoint: z.string().url().optional(),
+  temperature: z.number().min(0).max(2).default(0.7),
+  maxTokens: z.number().positive().default(4096)
+});
+var RiskUniverseSchema = z.enum(["core", "established", "derivatives", "emerging", "frontier"]);
+var TradingConfigSchema = z.object({
+  timeHorizon: z.enum(["intraday", "swing", "position"]).default("swing"),
+  maxPositionSizeBps: z.number().min(100).max(1e4).default(1e3),
+  // 1-100%
+  maxDailyLossBps: z.number().min(0).max(1e4).default(500),
+  // 0-100%
+  maxConcurrentPositions: z.number().min(1).max(100).default(5),
+  tradingIntervalMs: z.number().min(1e3).default(6e4),
+  // minimum 1 second
+  maxSlippageBps: z.number().min(10).max(1e3).default(100),
+  // 0.1-10%, default 1%
+  minTradeValueUSD: z.number().min(0).default(1)
+  // minimum trade value in USD
+});
+var VaultPolicySchema = z.enum([
+  "disabled",
+  // Never create a vault - trade with agent's own capital only
+  "manual"
+  // Only create vault when explicitly directed by owner
+]);
+var VaultConfigSchema = z.object({
+  // Policy for vault creation (asked during deployment)
+  policy: VaultPolicySchema.default("manual"),
+  // Default vault name (auto-generated from agent name if not set)
+  defaultName: z.string().optional(),
+  // Default vault symbol (auto-generated if not set)
+  defaultSymbol: z.string().optional(),
+  // Fee recipient for vault fees (default: agent wallet)
+  feeRecipient: z.string().optional(),
+  // When vault exists, trade through vault instead of direct trading
+  // This pools depositors' capital with the agent's trades
+  preferVaultTrading: z.boolean().default(true)
+});
+var WalletConfigSchema = z.object({
+  setup: WalletSetupSchema.default("provide")
+}).optional();
+var RelayConfigSchema = z.object({
+  enabled: z.boolean().default(false),
+  apiUrl: z.string().url(),
+  heartbeatIntervalMs: z.number().min(5e3).default(3e4)
+}).optional();
+var AgentConfigSchema = z.object({
+  // Identity (from on-chain registration)
+  agentId: z.union([z.number().positive(), z.string()]),
+  name: z.string().min(3).max(32),
+  // Network
+  network: z.literal("mainnet").default("mainnet"),
+  // Wallet setup preference
+  wallet: WalletConfigSchema,
+  // LLM
+  llm: LLMConfigSchema,
+  // Trading parameters
+  riskUniverse: RiskUniverseSchema.default("established"),
+  trading: TradingConfigSchema.default({}),
+  // Vault configuration (copy trading)
+  vault: VaultConfigSchema.default({}),
+  // Relay configuration (command center)
+  relay: RelayConfigSchema,
+  // Allowed tokens (addresses)
+  allowedTokens: z.array(z.string()).optional()
+});
+
+// src/config.ts
+import { readFileSync, existsSync as existsSync2 } from "fs";
+import { join as join2 } from "path";
+import { config as loadEnv } from "dotenv";
+function loadConfig(configPath) {
+  loadEnv();
+  const configFile = configPath || process.env.EXAGENT_CONFIG || "agent-config.json";
+  const fullPath = configFile.startsWith("/") ? configFile : join2(process.cwd(), configFile);
+  if (!existsSync2(fullPath)) {
+    throw new Error(`Config file not found: ${fullPath}`);
+  }
+  const rawConfig = JSON.parse(readFileSync(fullPath, "utf-8"));
+  const config = AgentConfigSchema.parse(rawConfig);
+  const privateKey = process.env.EXAGENT_PRIVATE_KEY;
+  if (privateKey && (!privateKey.startsWith("0x") || privateKey.length !== 66)) {
+    throw new Error("EXAGENT_PRIVATE_KEY must be a valid 32-byte hex string starting with 0x");
+  }
+  const llmConfig = { ...config.llm };
+  if (process.env.OPENAI_API_KEY && config.llm.provider === "openai") {
+    llmConfig.apiKey = process.env.OPENAI_API_KEY;
+  }
+  if (process.env.ANTHROPIC_API_KEY && config.llm.provider === "anthropic") {
+    llmConfig.apiKey = process.env.ANTHROPIC_API_KEY;
+  }
+  if (process.env.GOOGLE_AI_API_KEY && config.llm.provider === "google") {
+    llmConfig.apiKey = process.env.GOOGLE_AI_API_KEY;
+  }
+  if (process.env.DEEPSEEK_API_KEY && config.llm.provider === "deepseek") {
+    llmConfig.apiKey = process.env.DEEPSEEK_API_KEY;
+  }
+  if (process.env.MISTRAL_API_KEY && config.llm.provider === "mistral") {
+    llmConfig.apiKey = process.env.MISTRAL_API_KEY;
+  }
+  if (process.env.GROQ_API_KEY && config.llm.provider === "groq") {
+    llmConfig.apiKey = process.env.GROQ_API_KEY;
+  }
+  if (process.env.TOGETHER_API_KEY && config.llm.provider === "together") {
+    llmConfig.apiKey = process.env.TOGETHER_API_KEY;
+  }
+  if (process.env.EXAGENT_LLM_URL) {
+    llmConfig.endpoint = process.env.EXAGENT_LLM_URL;
+  }
+  if (process.env.EXAGENT_LLM_MODEL) {
+    llmConfig.model = process.env.EXAGENT_LLM_MODEL;
+  }
+  const network = process.env.EXAGENT_NETWORK || config.network;
+  return {
+    ...config,
+    llm: llmConfig,
+    network,
+    privateKey: privateKey || ""
+  };
+}
+function validateConfig(config) {
+  if (!config.privateKey) {
+    throw new Error("Private key is required");
+  }
+  if (config.llm.provider !== "ollama" && !config.llm.apiKey) {
+    throw new Error(`API key required for ${config.llm.provider} provider`);
+  }
+  if (config.llm.provider === "ollama" && !config.llm.endpoint) {
+    config.llm.endpoint = "http://localhost:11434";
+  }
+  if (config.llm.provider === "custom" && !config.llm.endpoint) {
+    throw new Error("Endpoint required for custom LLM provider");
+  }
+  if (!config.agentId || Number(config.agentId) <= 0) {
+    throw new Error("Valid agent ID required");
+  }
+}
+var DEFAULT_RPC_URL = "https://base-rpc.publicnode.com";
+function getRpcUrl() {
+  return process.env.BASE_RPC_URL || process.env.EXAGENT_RPC_URL || DEFAULT_RPC_URL;
+}
+function createSampleConfig(agentId, name) {
+  return {
+    agentId,
+    name,
+    network: "mainnet",
+    llm: {
+      provider: "openai",
+      model: "gpt-4.1",
+      temperature: 0.7,
+      maxTokens: 4096
+    },
+    riskUniverse: "established",
+    trading: {
+      timeHorizon: "swing",
+      maxPositionSizeBps: 1e3,
+      maxDailyLossBps: 500,
+      maxConcurrentPositions: 5,
+      tradingIntervalMs: 6e4,
+      maxSlippageBps: 100,
+      minTradeValueUSD: 1
+    },
+    vault: {
+      // Default to manual - user must explicitly enable auto-creation
+      policy: "manual",
+      // Will use agent name for vault name if not set
+      preferVaultTrading: true
+    }
+  };
+}
+
+// src/trading/executor.ts
+var TradeExecutor = class {
+  client;
+  config;
+  allowedTokens;
+  constructor(client, config) {
+    this.client = client;
+    this.config = config;
+    this.allowedTokens = new Set(
+      (config.allowedTokens || []).map((t) => t.toLowerCase())
+    );
+  }
+  /**
+   * Execute a single trade signal
+   */
+  async execute(signal) {
+    if (signal.action === "hold") {
+      return { success: true };
+    }
+    try {
+      console.log(`Executing ${signal.action}: ${signal.tokenIn} -> ${signal.tokenOut}`);
+      console.log(`Amount: ${signal.amountIn.toString()}, Confidence: ${signal.confidence}`);
+      if (!this.validateSignal(signal)) {
+        return { success: false, error: "Signal exceeds position limits" };
+      }
+      const result = await this.client.trade({
+        tokenIn: signal.tokenIn,
+        tokenOut: signal.tokenOut,
+        amountIn: signal.amountIn,
+        maxSlippageBps: this.config.trading?.maxSlippageBps ?? 100
+      });
+      console.log(`Trade executed: ${result.hash}`);
+      return { success: true, txHash: result.hash };
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "Unknown error";
+      console.error(`Trade failed: ${message}`);
+      return { success: false, error: message };
+    }
+  }
+  /**
+   * Execute multiple trade signals
+   * Returns results for each signal
+   */
+  async executeAll(signals) {
+    const results = [];
+    for (const signal of signals) {
+      const result = await this.execute(signal);
+      results.push({ signal, ...result });
+      if (signals.indexOf(signal) < signals.length - 1) {
+        await this.delay(1e3);
+      }
+    }
+    return results;
+  }
+  /**
+   * Validate a signal against config limits and token restrictions
+   */
+  validateSignal(signal) {
+    if (signal.confidence < 0.5) {
+      console.warn(`Signal confidence ${signal.confidence} below threshold (0.5)`);
+      return false;
+    }
+    if (this.allowedTokens.size > 0) {
+      const tokenInAllowed = this.allowedTokens.has(signal.tokenIn.toLowerCase());
+      const tokenOutAllowed = this.allowedTokens.has(signal.tokenOut.toLowerCase());
+      if (!tokenInAllowed) {
+        console.warn(`Token ${signal.tokenIn} not in allowed list for this agent's risk universe \u2014 skipping`);
+        return false;
+      }
+      if (!tokenOutAllowed) {
+        console.warn(`Token ${signal.tokenOut} not in allowed list for this agent's risk universe \u2014 skipping`);
+        return false;
+      }
+    }
+    return true;
+  }
+  delay(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+};
+
+// src/trading/market.ts
+import { createPublicClient, http, erc20Abi } from "viem";
+var NATIVE_ETH = "0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE";
+var TOKEN_DECIMALS = {
+  // Base Mainnet — Core tokens
+  "0x833589fcd6edb6e08f4c7c32d4f71b54bda02913": 6,
+  // USDC
+  "0xd9aaec86b65d86f6a7b5b1b0c42ffa531710b6ca": 6,
+  // USDbC
+  "0x4200000000000000000000000000000000000006": 18,
+  // WETH
+  "0x50c5725949a6f0c72e6c4a641f24049a917db0cb": 18,
+  // DAI
+  "0x2ae3f1ec7f1f5012cfeab0185bfc7aa3cf0dec22": 18,
+  // cbETH
+  [NATIVE_ETH.toLowerCase()]: 18,
+  // Native ETH
+  // Base Mainnet — Established tokens
+  "0x940181a94a35a4569e4529a3cdfb74e38fd98631": 18,
+  // AERO (Aerodrome)
+  "0x532f27101965dd16442e59d40670faf5ebb142e4": 18,
+  // BRETT
+  "0x4ed4e862860bed51a9570b96d89af5e1b0efefed": 18,
+  // DEGEN
+  "0x0b3e328455c4059eeb9e3f84b5543f74e24e7e1b": 18,
+  // VIRTUAL
+  "0xac1bd2486aaf3b5c0fc3fd868558b082a531b2b4": 18,
+  // TOSHI
+  "0xcbb7c0000ab88b473b1f5afd9ef808440eed33bf": 8,
+  // cbBTC
+  "0x2416092f143378750bb29b79ed961ab195cceea5": 18,
+  // ezETH (Renzo)
+  "0xc1cba3fcea344f92d9239c08c0568f6f2f0ee452": 18
+  // wstETH (Lido)
+};
+function getTokenDecimals(address) {
+  const decimals = TOKEN_DECIMALS[address.toLowerCase()];
+  if (decimals === void 0) {
+    console.warn(`Unknown token decimals for ${address}, defaulting to 18. THIS MAY BE WRONG.`);
+    return 18;
+  }
+  return decimals;
+}
+var TOKEN_TO_COINGECKO = {
+  // Core
+  "0x4200000000000000000000000000000000000006": "ethereum",
+  // WETH
+  [NATIVE_ETH.toLowerCase()]: "ethereum",
+  "0x833589fcd6edb6e08f4c7c32d4f71b54bda02913": "usd-coin",
+  // USDC
+  "0xd9aaec86b65d86f6a7b5b1b0c42ffa531710b6ca": "usd-coin",
+  // USDbC
+  "0x2ae3f1ec7f1f5012cfeab0185bfc7aa3cf0dec22": "coinbase-wrapped-staked-eth",
+  // cbETH
+  "0x50c5725949a6f0c72e6c4a641f24049a917db0cb": "dai",
+  // DAI
+  // Established
+  "0x940181a94a35a4569e4529a3cdfb74e38fd98631": "aerodrome-finance",
+  // AERO
+  "0x532f27101965dd16442e59d40670faf5ebb142e4": "brett",
+  // BRETT
+  "0x4ed4e862860bed51a9570b96d89af5e1b0efefed": "degen-base",
+  // DEGEN
+  "0x0b3e328455c4059eeb9e3f84b5543f74e24e7e1b": "virtual-protocol",
+  // VIRTUAL
+  "0xac1bd2486aaf3b5c0fc3fd868558b082a531b2b4": "toshi",
+  // TOSHI
+  "0xcbb7c0000ab88b473b1f5afd9ef808440eed33bf": "coinbase-wrapped-btc",
+  // cbBTC
+  "0x2416092f143378750bb29b79ed961ab195cceea5": "renzo-restaked-eth",
+  // ezETH
+  "0xc1cba3fcea344f92d9239c08c0568f6f2f0ee452": "wrapped-steth"
+  // wstETH
+};
+var STABLECOIN_IDS = /* @__PURE__ */ new Set(["usd-coin", "dai"]);
+var PRICE_STALENESS_MS = 6e4;
+var MarketDataService = class {
+  rpcUrl;
+  client;
+  /** Cached prices from last fetch */
+  cachedPrices = {};
+  /** Timestamp of last successful price fetch */
+  lastPriceFetchAt = 0;
+  constructor(rpcUrl) {
+    this.rpcUrl = rpcUrl;
+    this.client = createPublicClient({
+      transport: http(rpcUrl)
+    });
+  }
+  /** Cached volume data */
+  cachedVolume24h = {};
+  /** Cached price change data */
+  cachedPriceChange24h = {};
+  /**
+   * Fetch current market data for the agent
+   */
+  async fetchMarketData(walletAddress, tokenAddresses) {
+    const prices = await this.fetchPrices(tokenAddresses);
+    const balances = await this.fetchBalances(walletAddress, tokenAddresses);
+    const portfolioValue = this.calculatePortfolioValue(balances, prices);
+    let gasPrice;
+    try {
+      gasPrice = await this.client.getGasPrice();
+    } catch {
+    }
+    return {
+      timestamp: Date.now(),
+      prices,
+      balances,
+      portfolioValue,
+      volume24h: Object.keys(this.cachedVolume24h).length > 0 ? { ...this.cachedVolume24h } : void 0,
+      priceChange24h: Object.keys(this.cachedPriceChange24h).length > 0 ? { ...this.cachedPriceChange24h } : void 0,
+      gasPrice,
+      network: {
+        chainId: this.client.chain?.id ?? 8453
+      }
+    };
+  }
+  /**
+   * Check if cached prices are still fresh
+   */
+  get pricesAreFresh() {
+    return Date.now() - this.lastPriceFetchAt < PRICE_STALENESS_MS;
+  }
+  /**
+   * Fetch token prices from CoinGecko free API
+   * Returns cached prices if still fresh (<60s old)
+   */
+  async fetchPrices(tokenAddresses) {
+    if (this.pricesAreFresh && Object.keys(this.cachedPrices).length > 0) {
+      const prices2 = { ...this.cachedPrices };
+      for (const addr of tokenAddresses) {
+        const cgId = TOKEN_TO_COINGECKO[addr.toLowerCase()];
+        if (cgId && STABLECOIN_IDS.has(cgId) && !prices2[addr.toLowerCase()]) {
+          prices2[addr.toLowerCase()] = 1;
+        }
+      }
+      return prices2;
+    }
+    const prices = {};
+    const idsToFetch = /* @__PURE__ */ new Set();
+    for (const addr of tokenAddresses) {
+      const cgId = TOKEN_TO_COINGECKO[addr.toLowerCase()];
+      if (cgId && !STABLECOIN_IDS.has(cgId)) {
+        idsToFetch.add(cgId);
+      }
+    }
+    idsToFetch.add("ethereum");
+    if (idsToFetch.size > 0) {
+      try {
+        const ids = Array.from(idsToFetch).join(",");
+        const response = await fetch(
+          `https://api.coingecko.com/api/v3/simple/price?ids=${ids}&vs_currencies=usd&include_24hr_vol=true&include_24hr_change=true`,
+          { signal: AbortSignal.timeout(5e3) }
+        );
+        if (response.ok) {
+          const data = await response.json();
+          for (const [cgId, priceData] of Object.entries(data)) {
+            for (const [addr, id] of Object.entries(TOKEN_TO_COINGECKO)) {
+              if (id === cgId) {
+                const key = addr.toLowerCase();
+                prices[key] = priceData.usd;
+                if (priceData.usd_24h_vol !== void 0) {
+                  this.cachedVolume24h[key] = priceData.usd_24h_vol;
+                }
+                if (priceData.usd_24h_change !== void 0) {
+                  this.cachedPriceChange24h[key] = priceData.usd_24h_change;
+                }
+              }
+            }
+          }
+          this.lastPriceFetchAt = Date.now();
+        } else {
+          console.warn(`CoinGecko API returned ${response.status}, using cached prices`);
+        }
+      } catch (error) {
+        console.warn("Failed to fetch prices from CoinGecko:", error instanceof Error ? error.message : error);
+      }
+    }
+    for (const addr of tokenAddresses) {
+      const cgId = TOKEN_TO_COINGECKO[addr.toLowerCase()];
+      if (cgId && STABLECOIN_IDS.has(cgId)) {
+        prices[addr.toLowerCase()] = 1;
+      }
+    }
+    const missingAddrs = tokenAddresses.filter(
+      (addr) => !prices[addr.toLowerCase()] && !STABLECOIN_IDS.has(TOKEN_TO_COINGECKO[addr.toLowerCase()] || "")
+    );
+    if (missingAddrs.length > 0) {
+      try {
+        const coins = missingAddrs.map((a) => `base:${a}`).join(",");
+        const llamaResponse = await fetch(
+          `https://coins.llama.fi/prices/current/${coins}`,
+          { signal: AbortSignal.timeout(5e3) }
+        );
+        if (llamaResponse.ok) {
+          const llamaData = await llamaResponse.json();
+          for (const [key, data] of Object.entries(llamaData.coins)) {
+            const addr = key.replace("base:", "").toLowerCase();
+            if (data.price && data.confidence > 0.5) {
+              prices[addr] = data.price;
+            }
+          }
+          if (!this.lastPriceFetchAt) this.lastPriceFetchAt = Date.now();
+        }
+      } catch {
+      }
+    }
+    if (Object.keys(prices).length > 0) {
+      this.cachedPrices = prices;
+    }
+    if (Object.keys(prices).length === 0 && Object.keys(this.cachedPrices).length > 0) {
+      console.warn("Using cached prices (last successful fetch was stale)");
+      return { ...this.cachedPrices };
+    }
+    for (const addr of tokenAddresses) {
+      if (!prices[addr.toLowerCase()]) {
+        console.warn(`No price available for ${addr}, using 0`);
+        prices[addr.toLowerCase()] = 0;
+      }
+    }
+    return prices;
+  }
+  /**
+   * Fetch real on-chain balances: native ETH + ERC-20 tokens
+   */
+  async fetchBalances(walletAddress, tokenAddresses) {
+    const balances = {};
+    const wallet = walletAddress;
+    try {
+      const nativeBalance = await this.client.getBalance({ address: wallet });
+      balances[NATIVE_ETH.toLowerCase()] = nativeBalance;
+      const erc20Promises = tokenAddresses.map(async (tokenAddress) => {
+        try {
+          const balance = await this.client.readContract({
+            address: tokenAddress,
+            abi: erc20Abi,
+            functionName: "balanceOf",
+            args: [wallet]
+          });
+          return { address: tokenAddress.toLowerCase(), balance };
+        } catch (error) {
+          return { address: tokenAddress.toLowerCase(), balance: 0n };
+        }
+      });
+      const results = await Promise.all(erc20Promises);
+      for (const { address, balance } of results) {
+        balances[address] = balance;
+      }
+    } catch (error) {
+      console.error("MarketData: Failed to fetch balances:", error instanceof Error ? error.message : error);
+      balances[NATIVE_ETH.toLowerCase()] = 0n;
+      for (const address of tokenAddresses) {
+        balances[address.toLowerCase()] = 0n;
+      }
+    }
+    return balances;
+  }
+  /**
+   * Calculate total portfolio value in USD
+   */
+  calculatePortfolioValue(balances, prices) {
+    let total = 0;
+    for (const [address, balance] of Object.entries(balances)) {
+      const price = prices[address.toLowerCase()] || 0;
+      const decimals = getTokenDecimals(address);
+      const amount = Number(balance) / Math.pow(10, decimals);
+      total += amount * price;
+    }
+    return total;
+  }
+};
+
+// src/trading/risk.ts
+var RiskManager = class {
+  config;
+  dailyPnL = 0;
+  dailyFees = 0;
+  lastResetDate = "";
+  /** Minimum trade value in USD — trades below this are rejected as dust */
+  minTradeValueUSD;
+  constructor(config) {
+    this.config = config;
+    this.minTradeValueUSD = config.minTradeValueUSD ?? 1;
+  }
+  /**
+   * Filter signals through risk checks
+   * Returns only signals that pass all guardrails
+   */
+  filterSignals(signals, marketData) {
+    const today = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
+    if (today !== this.lastResetDate) {
+      this.dailyPnL = 0;
+      this.dailyFees = 0;
+      this.lastResetDate = today;
+    }
+    if (this.isDailyLossLimitHit(marketData.portfolioValue)) {
+      console.warn("Daily loss limit reached - no new trades");
+      return [];
+    }
+    return signals.filter((signal) => this.validateSignal(signal, marketData));
+  }
+  /**
+   * Validate individual signal against risk limits
+   */
+  validateSignal(signal, marketData) {
+    if (signal.action === "hold") {
+      return true;
+    }
+    const signalValue = this.estimateSignalValue(signal, marketData);
+    const maxPositionValue = marketData.portfolioValue * this.config.maxPositionSizeBps / 1e4;
+    if (signalValue > maxPositionValue) {
+      console.warn(
+        `Signal exceeds position limit: ${signalValue.toFixed(2)} > ${maxPositionValue.toFixed(2)}`
+      );
+      return false;
+    }
+    if (signal.confidence < 0.5) {
+      console.warn(`Signal confidence too low: ${signal.confidence}`);
+      return false;
+    }
+    if (signal.action === "buy" && this.config.maxConcurrentPositions) {
+      const activePositions = this.countActivePositions(marketData);
+      if (activePositions >= this.config.maxConcurrentPositions) {
+        console.warn(
+          `Max concurrent positions reached: ${activePositions}/${this.config.maxConcurrentPositions} \u2014 blocking new buy`
+        );
+        return false;
+      }
+    }
+    if (signalValue < this.minTradeValueUSD) {
+      console.warn(`Trade value $${signalValue.toFixed(2)} below minimum $${this.minTradeValueUSD} \u2014 skipping`);
+      return false;
+    }
+    return true;
+  }
+  /**
+   * Count non-zero token positions (excluding native ETH and stablecoins used as base currency)
+   */
+  countActivePositions(marketData) {
+    const NATIVE_ETH_KEY = "0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee";
+    let count = 0;
+    for (const [address, balance] of Object.entries(marketData.balances)) {
+      if (address.toLowerCase() === NATIVE_ETH_KEY) continue;
+      if (balance > 0n) count++;
+    }
+    return count;
+  }
+  /**
+   * Check if daily loss limit has been hit
+   */
+  isDailyLossLimitHit(portfolioValue) {
+    const maxLoss = portfolioValue * this.config.maxDailyLossBps / 1e4;
+    return this.dailyPnL < -maxLoss;
+  }
+  /**
+   * Estimate USD value of a trade signal
+   */
+  estimateSignalValue(signal, marketData) {
+    const price = marketData.prices[signal.tokenIn.toLowerCase()] || 0;
+    const tokenDecimals = getTokenDecimals(signal.tokenIn);
+    const amount = Number(signal.amountIn) / Math.pow(10, tokenDecimals);
+    return amount * price;
+  }
+  /**
+   * Update daily PnL after a trade (market gains/losses only)
+   */
+  updatePnL(pnl) {
+    this.dailyPnL += pnl;
+  }
+  /**
+   * Update daily fees (trading fees, gas costs, etc.)
+   * Fees are tracked separately and do NOT count toward the daily loss limit.
+   * This prevents protocol fees from triggering circuit breakers.
+   */
+  updateFees(fees) {
+    this.dailyFees += fees;
+  }
+  /**
+   * Get current risk status
+   * @param portfolioValue - Current portfolio value in USD (needed for accurate loss limit)
+   */
+  getStatus(portfolioValue) {
+    const pv = portfolioValue || 0;
+    const maxLossUSD = pv * this.config.maxDailyLossBps / 1e4;
+    return {
+      dailyPnL: this.dailyPnL,
+      dailyFees: this.dailyFees,
+      dailyNetPnL: this.dailyPnL - this.dailyFees,
+      dailyLossLimit: maxLossUSD,
+      // Only market PnL triggers the limit — fees are excluded
+      isLimitHit: pv > 0 ? this.dailyPnL < -maxLossUSD : false
+    };
+  }
+};
+
+// src/vault/manager.ts
+import { createPublicClient as createPublicClient2, createWalletClient, http as http2 } from "viem";
+import { privateKeyToAccount } from "viem/accounts";
+import { base } from "viem/chains";
+var ADDRESSES = {
+  mainnet: {
+    vaultFactory: process.env.EXAGENT_VAULT_FACTORY_ADDRESS || "0x0000000000000000000000000000000000000000",
+    registry: process.env.EXAGENT_REGISTRY_ADDRESS || "0x0000000000000000000000000000000000000000",
+    usdc: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
+  }
+};
+var VAULT_FACTORY_ABI = [
+  {
+    type: "function",
+    name: "vaults",
+    inputs: [{ name: "agentId", type: "uint256" }, { name: "asset", type: "address" }],
+    outputs: [{ type: "address" }],
+    stateMutability: "view"
+  },
+  {
+    type: "function",
+    name: "canCreateVault",
+    inputs: [{ name: "creator", type: "address" }],
+    outputs: [{ name: "canCreate", type: "bool" }, { name: "reason", type: "string" }],
+    stateMutability: "view"
+  },
+  {
+    type: "function",
+    name: "createVault",
+    inputs: [
+      { name: "agentId", type: "uint256" },
+      { name: "asset", type: "address" },
+      { name: "seedAmount", type: "uint256" },
+      { name: "name", type: "string" },
+      { name: "symbol", type: "string" },
+      { name: "feeRecipient", type: "address" }
+    ],
+    outputs: [{ type: "address" }],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "minimumVeEXARequired",
+    inputs: [],
+    outputs: [{ type: "uint256" }],
+    stateMutability: "view"
+  }
+];
+var VAULT_ABI = [
+  {
+    type: "function",
+    name: "totalAssets",
+    inputs: [],
+    outputs: [{ type: "uint256" }],
+    stateMutability: "view"
+  },
+  {
+    type: "function",
+    name: "executeTrade",
+    inputs: [
+      { name: "tokenIn", type: "address" },
+      { name: "tokenOut", type: "address" },
+      { name: "amountIn", type: "uint256" },
+      { name: "minAmountOut", type: "uint256" },
+      { name: "aggregator", type: "address" },
+      { name: "swapData", type: "bytes" },
+      { name: "deadline", type: "uint256" }
+    ],
+    outputs: [{ type: "uint256" }],
+    stateMutability: "nonpayable"
+  }
+];
+var VaultManager = class {
+  config;
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  publicClient;
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  walletClient;
+  addresses;
+  account;
+  chain;
+  cachedVaultAddress = null;
+  lastVaultCheck = 0;
+  VAULT_CACHE_TTL = 6e4;
+  // 1 minute
+  enabled = true;
+  constructor(config) {
+    this.config = config;
+    this.addresses = ADDRESSES[config.network];
+    this.account = privateKeyToAccount(config.walletKey);
+    this.chain = base;
+    const rpcUrl = getRpcUrl();
+    this.publicClient = createPublicClient2({
+      chain: this.chain,
+      transport: http2(rpcUrl)
+    });
+    this.walletClient = createWalletClient({
+      account: this.account,
+      chain: this.chain,
+      transport: http2(rpcUrl)
+    });
+    if (this.addresses.vaultFactory === "0x0000000000000000000000000000000000000000") {
+      console.warn("VaultFactory address is zero \u2014 vault operations will be disabled");
+      this.enabled = false;
+    }
+  }
+  /**
+   * Get the agent's vault policy
+   */
+  get policy() {
+    return this.config.vaultConfig.policy;
+  }
+  /**
+   * Check if vault trading is preferred when a vault exists
+   */
+  get preferVaultTrading() {
+    return this.config.vaultConfig.preferVaultTrading;
+  }
+  /**
+   * Get comprehensive vault status
+   */
+  async getVaultStatus() {
+    if (!this.enabled) {
+      return {
+        hasVault: false,
+        vaultAddress: null,
+        totalAssets: BigInt(0),
+        canCreateVault: false,
+        cannotCreateReason: "Vault operations disabled (contract address not set)",
+        requirementsMet: false,
+        requirements: { veXARequired: BigInt(0), isBypassed: false }
+      };
+    }
+    const vaultAddress = await this.getVaultAddress();
+    const hasVault = vaultAddress !== null;
+    let totalAssets = BigInt(0);
+    if (hasVault && vaultAddress) {
+      try {
+        totalAssets = await this.publicClient.readContract({
+          address: vaultAddress,
+          abi: VAULT_ABI,
+          functionName: "totalAssets"
+        });
+      } catch {
+      }
+    }
+    const [canCreateResult, requirements] = await Promise.all([
+      this.publicClient.readContract({
+        address: this.addresses.vaultFactory,
+        abi: VAULT_FACTORY_ABI,
+        functionName: "canCreateVault",
+        args: [this.account.address]
+      }),
+      this.getRequirements()
+    ]);
+    return {
+      hasVault,
+      vaultAddress,
+      totalAssets,
+      canCreateVault: canCreateResult[0],
+      cannotCreateReason: canCreateResult[0] ? null : canCreateResult[1],
+      requirementsMet: canCreateResult[0] || requirements.isBypassed,
+      requirements
+    };
+  }
+  /**
+   * Get vault creation requirements
+   * Note: No burnFee on mainnet — vault creation requires USDC seed instead
+   */
+  async getRequirements() {
+    const veXARequired = await this.publicClient.readContract({
+      address: this.addresses.vaultFactory,
+      abi: VAULT_FACTORY_ABI,
+      functionName: "minimumVeEXARequired"
+    });
+    const isBypassed = veXARequired === BigInt(0);
+    return { veXARequired, isBypassed };
+  }
+  /**
+   * Get the agent's vault address (cached)
+   */
+  async getVaultAddress() {
+    const now = Date.now();
+    if (this.cachedVaultAddress && now - this.lastVaultCheck < this.VAULT_CACHE_TTL) {
+      return this.cachedVaultAddress;
+    }
+    const vaultAddress = await this.publicClient.readContract({
+      address: this.addresses.vaultFactory,
+      abi: VAULT_FACTORY_ABI,
+      functionName: "vaults",
+      args: [this.config.agentId, this.addresses.usdc]
+    });
+    this.lastVaultCheck = now;
+    if (vaultAddress === "0x0000000000000000000000000000000000000000") {
+      this.cachedVaultAddress = null;
+      return null;
+    }
+    this.cachedVaultAddress = vaultAddress;
+    return vaultAddress;
+  }
+  /**
+   * Create a vault for the agent
+   * @param seedAmount - USDC seed amount in raw units (default: 100e6 = 100 USDC)
+   * @returns Vault address if successful
+   */
+  async createVault(seedAmount) {
+    if (!this.enabled) {
+      return { success: false, error: "Vault operations disabled (contract address not set)" };
+    }
+    if (this.policy === "disabled") {
+      return { success: false, error: "Vault creation disabled by policy" };
+    }
+    const existingVault = await this.getVaultAddress();
+    if (existingVault) {
+      return { success: false, error: "Vault already exists", vaultAddress: existingVault };
+    }
+    const status = await this.getVaultStatus();
+    if (!status.canCreateVault) {
+      return { success: false, error: status.cannotCreateReason || "Requirements not met" };
+    }
+    const seed = seedAmount || BigInt(1e8);
+    const vaultName = this.config.vaultConfig.defaultName || `${this.config.agentName} Trading Vault`;
+    const vaultSymbol = this.config.vaultConfig.defaultSymbol || `ex${this.config.agentName.replace(/[^a-zA-Z]/g, "").slice(0, 4).toUpperCase()}`;
+    const feeRecipient = this.config.vaultConfig.feeRecipient || this.account.address;
+    try {
+      const hash = await this.walletClient.writeContract({
+        address: this.addresses.vaultFactory,
+        abi: VAULT_FACTORY_ABI,
+        functionName: "createVault",
+        args: [
+          this.config.agentId,
+          this.addresses.usdc,
+          seed,
+          vaultName,
+          vaultSymbol,
+          feeRecipient
+        ],
+        chain: this.chain,
+        account: this.account
+      });
+      const receipt = await this.publicClient.waitForTransactionReceipt({ hash });
+      if (receipt.status !== "success") {
+        return { success: false, error: "Transaction failed", txHash: hash };
+      }
+      const vaultAddress = await this.getVaultAddress();
+      this.cachedVaultAddress = vaultAddress;
+      return {
+        success: true,
+        vaultAddress,
+        txHash: hash
+      };
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : "Unknown error"
+      };
+    }
+  }
+  /**
+   * Execute a trade through the vault (if it exists and policy allows)
+   * Returns null if should use direct trading instead
+   */
+  async executeVaultTrade(params) {
+    if (!this.preferVaultTrading) {
+      return null;
+    }
+    const vaultAddress = await this.getVaultAddress();
+    if (!vaultAddress) {
+      return null;
+    }
+    const deadline = params.deadline || BigInt(Math.floor(Date.now() / 1e3) + 3600);
+    try {
+      const hash = await this.walletClient.writeContract({
+        address: vaultAddress,
+        abi: VAULT_ABI,
+        functionName: "executeTrade",
+        args: [
+          params.tokenIn,
+          params.tokenOut,
+          params.amountIn,
+          params.minAmountOut,
+          params.aggregator,
+          params.swapData,
+          deadline
+        ],
+        chain: this.chain,
+        account: this.account
+      });
+      return { usedVault: true, txHash: hash };
+    } catch (error) {
+      return {
+        usedVault: true,
+        error: error instanceof Error ? error.message : "Vault trade failed"
+      };
+    }
+  }
+};
+
+// src/relay.ts
+import WebSocket from "ws";
+import { privateKeyToAccount as privateKeyToAccount2, signMessage } from "viem/accounts";
+import { SDK_VERSION } from "@exagent/sdk";
+var RelayClient = class {
+  config;
+  ws = null;
+  authenticated = false;
+  authRejected = false;
+  reconnectAttempts = 0;
+  maxReconnectAttempts = 50;
+  reconnectTimer = null;
+  heartbeatTimer = null;
+  stopped = false;
+  constructor(config) {
+    this.config = config;
+  }
+  /**
+   * Connect to the relay server
+   */
+  async connect() {
+    if (this.stopped) return;
+    const wsUrl = this.config.relay.apiUrl.replace(/^https?:\/\//, (m) => m.includes("https") ? "wss://" : "ws://").replace(/\/$/, "") + "/ws/agent";
+    return new Promise((resolve, reject) => {
+      try {
+        this.ws = new WebSocket(wsUrl);
+      } catch (error) {
+        console.error("Relay: Failed to create WebSocket:", error);
+        this.scheduleReconnect();
+        reject(error);
+        return;
+      }
+      const connectTimeout = setTimeout(() => {
+        if (!this.authenticated) {
+          console.error("Relay: Connection timeout");
+          this.ws?.close();
+          this.scheduleReconnect();
+          reject(new Error("Connection timeout"));
+        }
+      }, 15e3);
+      this.ws.on("open", async () => {
+        this.authRejected = false;
+        console.log("Relay: Connected, authenticating...");
+        try {
+          await this.authenticate();
+        } catch (error) {
+          console.error("Relay: Authentication failed:", error);
+          this.ws?.close();
+          clearTimeout(connectTimeout);
+          reject(error);
+        }
+      });
+      this.ws.on("message", (raw) => {
+        try {
+          const data = JSON.parse(raw.toString());
+          this.handleMessage(data);
+          if (data.type === "auth_success") {
+            clearTimeout(connectTimeout);
+            this.authenticated = true;
+            this.reconnectAttempts = 0;
+            this.startHeartbeat();
+            console.log("Relay: Authenticated successfully");
+            resolve();
+          } else if (data.type === "auth_error") {
+            clearTimeout(connectTimeout);
+            this.authRejected = true;
+            console.error(`Relay: Auth rejected: ${data.message}`);
+            reject(new Error(data.message));
+          }
+        } catch {
+        }
+      });
+      this.ws.on("close", (code, reason) => {
+        clearTimeout(connectTimeout);
+        this.authenticated = false;
+        this.stopHeartbeat();
+        if (!this.stopped) {
+          if (!this.authRejected) {
+            console.log(`Relay: Disconnected (${code}: ${reason.toString() || "unknown"})`);
+          }
+          this.scheduleReconnect();
+        }
+      });
+      this.ws.on("error", (error) => {
+        if (!this.stopped) {
+          console.error("Relay: WebSocket error:", error.message);
+        }
+      });
+    });
+  }
+  /**
+   * Authenticate with the relay server using wallet signature
+   */
+  async authenticate() {
+    const account = privateKeyToAccount2(this.config.privateKey);
+    const timestamp = Math.floor(Date.now() / 1e3);
+    const message = `ExagentRelay:${this.config.agentId}:${timestamp}`;
+    const signature = await signMessage({
+      message,
+      privateKey: this.config.privateKey
+    });
+    this.send({
+      type: "auth",
+      agentId: this.config.agentId,
+      wallet: account.address,
+      timestamp,
+      signature,
+      sdkVersion: SDK_VERSION
+    });
+  }
+  /**
+   * Handle incoming messages from the relay server
+   */
+  handleMessage(data) {
+    switch (data.type) {
+      case "command":
+        if (data.command && this.config.onCommand) {
+          this.config.onCommand(data.command);
+        }
+        break;
+      case "auth_success":
+      case "auth_error":
+        break;
+      case "error":
+        console.error(`Relay: Server error: ${data.message}`);
+        break;
+    }
+  }
+  /**
+   * Send a status heartbeat
+   */
+  sendHeartbeat(status) {
+    if (!this.authenticated) return;
+    this.send({
+      type: "heartbeat",
+      agentId: this.config.agentId,
+      status
+    });
+  }
+  /**
+   * Send a status update (outside of regular heartbeat)
+   */
+  sendStatusUpdate(status) {
+    if (!this.authenticated) return;
+    this.send({
+      type: "status_update",
+      agentId: this.config.agentId,
+      status
+    });
+  }
+  /**
+   * Send a message to the command center
+   */
+  sendMessage(messageType, level, title, body, data) {
+    if (!this.authenticated) return;
+    this.send({
+      type: "message",
+      agentId: this.config.agentId,
+      messageType,
+      level,
+      title,
+      body,
+      data
+    });
+  }
+  /**
+   * Send a command execution result
+   */
+  sendCommandResult(commandId, success, result) {
+    if (!this.authenticated) return;
+    this.send({
+      type: "command_result",
+      agentId: this.config.agentId,
+      commandId,
+      success,
+      result
+    });
+  }
+  /**
+   * Start the heartbeat timer
+   */
+  startHeartbeat() {
+    this.stopHeartbeat();
+    const interval = this.config.relay.heartbeatIntervalMs || 3e4;
+    this.heartbeatTimer = setInterval(() => {
+      if (this.ws?.readyState === WebSocket.OPEN) {
+        this.ws.ping();
+      }
+    }, interval);
+  }
+  /**
+   * Stop the heartbeat timer
+   */
+  stopHeartbeat() {
+    if (this.heartbeatTimer) {
+      clearInterval(this.heartbeatTimer);
+      this.heartbeatTimer = null;
+    }
+  }
+  /**
+   * Schedule a reconnection with exponential backoff
+   */
+  scheduleReconnect() {
+    if (this.stopped) return;
+    if (this.reconnectAttempts >= this.maxReconnectAttempts) {
+      console.error("Relay: Max reconnection attempts reached. Giving up.");
+      return;
+    }
+    const delay = Math.min(1e3 * Math.pow(2, this.reconnectAttempts), 3e4);
+    this.reconnectAttempts++;
+    console.log(
+      `Relay: Reconnecting in ${delay / 1e3}s (attempt ${this.reconnectAttempts}/${this.maxReconnectAttempts})`
+    );
+    this.reconnectTimer = setTimeout(() => {
+      this.connect().catch(() => {
+      });
+    }, delay);
+  }
+  /**
+   * Send a JSON message to the WebSocket
+   */
+  send(data) {
+    if (this.ws?.readyState === WebSocket.OPEN) {
+      this.ws.send(JSON.stringify(data));
+    }
+  }
+  /**
+   * Check if connected and authenticated
+   */
+  get isConnected() {
+    return this.authenticated && this.ws?.readyState === WebSocket.OPEN;
+  }
+  /**
+   * Disconnect and stop reconnecting
+   */
+  disconnect() {
+    this.stopped = true;
+    this.stopHeartbeat();
+    if (this.reconnectTimer) {
+      clearTimeout(this.reconnectTimer);
+      this.reconnectTimer = null;
+    }
+    if (this.ws) {
+      this.ws.close(1e3, "Agent shutting down");
+      this.ws = null;
+    }
+    this.authenticated = false;
+    console.log("Relay: Disconnected");
+  }
+};
+
+// src/runtime.ts
+import { ExagentClient, ExagentRegistry } from "@exagent/sdk";
+import { createPublicClient as createPublicClient3, http as http3 } from "viem";
+import { base as base2 } from "viem/chains";
+
+// src/browser-open.ts
+import { exec } from "child_process";
+function openBrowser(url) {
+  const platform = process.platform;
+  try {
+    if (platform === "darwin") {
+      exec(`open "${url}"`);
+    } else if (platform === "win32") {
+      exec(`start "" "${url}"`);
+    } else {
+      exec(`xdg-open "${url}"`);
+    }
+  } catch {
+  }
+}
+
+// src/runtime.ts
+var FUNDS_LOW_THRESHOLD = 5e-3;
+var FUNDS_CRITICAL_THRESHOLD = 1e-3;
+var AgentRuntime = class {
+  config;
+  client;
+  llm;
+  strategy;
+  executor;
+  riskManager;
+  marketData;
+  vaultManager;
+  relay = null;
+  isRunning = false;
+  mode = "idle";
+  configHash;
+  cycleCount = 0;
+  lastCycleAt = 0;
+  lastPortfolioValue = 0;
+  lastEthBalance = "0";
+  processAlive = true;
+  riskUniverse = 0;
+  allowedTokens = /* @__PURE__ */ new Set();
+  constructor(config) {
+    this.config = config;
+  }
+  /**
+   * Initialize the agent runtime
+   */
+  async initialize() {
+    console.log(`Initializing agent: ${this.config.name} (ID: ${this.config.agentId})`);
+    this.client = new ExagentClient({
+      privateKey: this.config.privateKey,
+      network: this.config.network
+    });
+    console.log(`Wallet: ${this.client.address}`);
+    const agent = await this.client.registry.getAgent(BigInt(this.config.agentId));
+    if (!agent) {
+      throw new Error(`Agent ID ${this.config.agentId} not found on-chain. Please register first.`);
+    }
+    console.log(`Agent verified: ${agent.name}`);
+    await this.ensureWalletLinked();
+    await this.loadTradingRestrictions();
+    console.log(`Initializing LLM: ${this.config.llm.provider}`);
+    this.llm = await createLLMAdapter(this.config.llm);
+    const llmMeta = this.llm.getMetadata();
+    console.log(`LLM ready: ${llmMeta.provider} (${llmMeta.model})`);
+    await this.syncConfigHash();
+    this.strategy = await loadStrategy();
+    this.executor = new TradeExecutor(this.client, this.config);
+    this.riskManager = new RiskManager(this.config.trading);
+    this.marketData = new MarketDataService(this.getRpcUrl());
+    await this.initializeVaultManager();
+    await this.initializeRelay();
+    console.log("Agent initialized successfully");
+  }
+  /**
+   * Initialize the relay client for command center connectivity
+   */
+  async initializeRelay() {
+    const relayConfig = this.config.relay;
+    const relayEnabled = process.env.EXAGENT_RELAY_ENABLED !== "false";
+    if (!relayConfig?.enabled || !relayEnabled) {
+      console.log("Relay: Disabled");
+      return;
+    }
+    const apiUrl = process.env.EXAGENT_API_URL || relayConfig.apiUrl;
+    if (!apiUrl) {
+      console.log("Relay: No API URL configured, skipping");
+      return;
+    }
+    this.relay = new RelayClient({
+      agentId: String(this.config.agentId),
+      privateKey: this.config.privateKey,
+      relay: {
+        ...relayConfig,
+        apiUrl
+      },
+      onCommand: (cmd) => this.handleCommand(cmd)
+    });
+    try {
+      await this.relay.connect();
+      console.log("Relay: Connected to command center");
+      this.sendRelayStatus();
+    } catch (error) {
+      console.warn(
+        "Relay: Failed to connect (agent will work locally):",
+        error instanceof Error ? error.message : error
+      );
+    }
+  }
+  /**
+   * Initialize the vault manager based on config
+   */
+  async initializeVaultManager() {
+    const vaultConfig = this.config.vault || { policy: "disabled", preferVaultTrading: false };
+    this.vaultManager = new VaultManager({
+      agentId: BigInt(this.config.agentId),
+      agentName: this.config.name,
+      network: this.config.network,
+      walletKey: this.config.privateKey,
+      vaultConfig
+    });
+    console.log(`Vault policy: ${vaultConfig.policy}`);
+    const status = await this.vaultManager.getVaultStatus();
+    if (status.hasVault) {
+      console.log(`Vault exists: ${status.vaultAddress}`);
+      console.log(`Vault TVL: ${Number(status.totalAssets) / 1e6} USDC`);
+    } else {
+      console.log("No vault exists for this agent");
+      if (vaultConfig.policy === "manual") {
+        console.log("Vault creation is manual \u2014 use the command center to create one");
+      }
+    }
+  }
+  /**
+   * Ensure the current wallet is linked to the agent.
+   * If the trading wallet differs from the owner, enters a recovery loop
+   * that waits for the owner to link it from the website.
+   */
+  async ensureWalletLinked() {
+    const agentId = BigInt(this.config.agentId);
+    const address = this.client.address;
+    const isLinked = await this.client.registry.isLinkedWallet(agentId, address);
+    if (!isLinked) {
+      console.log("Wallet not linked, linking now...");
+      const agent = await this.client.registry.getAgent(agentId);
+      if (agent?.owner.toLowerCase() !== address.toLowerCase()) {
+        const ccUrl = `https://exagent.io/agents/${encodeURIComponent(this.config.name)}/command-center`;
+        const nonce = await this.client.registry.getNonce(address);
+        const linkMessage = ExagentRegistry.generateLinkMessage(
+          address,
+          agentId,
+          nonce
+        );
+        const linkSignature = await this.client.signMessage({ raw: linkMessage });
+        console.log("");
+        console.log("=== WALLET LINKING REQUIRED ===");
+        console.log("");
+        console.log("  Your trading wallet needs to be linked to your agent.");
+        console.log("  Open the command center and paste the values below.");
+        console.log("");
+        console.log(`  Command Center: ${ccUrl}`);
+        console.log("");
+        console.log("  \u2500\u2500 Copy these two values \u2500\u2500");
+        console.log("");
+        console.log(`  Wallet:    ${address}`);
+        console.log(`  Signature: ${linkSignature}`);
+        console.log("");
+        openBrowser(ccUrl);
+        console.log("  Waiting for wallet to be linked... (checking every 15s)");
+        console.log("  Press Ctrl+C to exit.");
+        console.log("");
+        while (true) {
+          await this.sleep(15e3);
+          const linked = await this.client.registry.isLinkedWallet(agentId, address);
+          if (linked) {
+            console.log("  Wallet linked! Continuing setup...");
+            console.log("");
+            return;
+          }
+          process.stdout.write(".");
+        }
+      }
+      await this.client.registry.linkOwnWallet(agentId);
+      console.log("Wallet linked successfully");
+    } else {
+      console.log("Wallet already linked");
+    }
+  }
+  /**
+   * Load risk universe and allowed tokens from on-chain registry.
+   * This prevents the agent from wasting gas on trades that will revert.
+   */
+  async loadTradingRestrictions() {
+    const agentId = BigInt(this.config.agentId);
+    const RISK_UNIVERSE_NAMES = ["Core", "Established", "Derivatives", "Emerging", "Frontier"];
+    try {
+      this.riskUniverse = await this.client.registry.getRiskUniverse(agentId);
+      console.log(`Risk universe: ${RISK_UNIVERSE_NAMES[this.riskUniverse] || this.riskUniverse}`);
+      const configTokens = this.config.allowedTokens || this.getDefaultTokens();
+      const verified = [];
+      for (const token of configTokens) {
+        try {
+          const allowed = await this.client.registry.isTradeAllowed(
+            agentId,
+            token,
+            "0x0000000000000000000000000000000000000000"
+            // zero = check token only
+          );
+          if (allowed) {
+            this.allowedTokens.add(token.toLowerCase());
+            verified.push(token);
+          } else {
+            console.warn(`Token ${token} not allowed for this agent's risk universe \u2014 excluded`);
+          }
+        } catch {
+          this.allowedTokens.add(token.toLowerCase());
+          verified.push(token);
+        }
+      }
+      this.config.allowedTokens = verified;
+      console.log(`Allowed tokens loaded: ${verified.length} tokens verified`);
+      if (this.riskUniverse === 4) {
+        console.warn("Frontier risk universe: vault creation is disabled");
+      }
+    } catch (error) {
+      console.warn(
+        "Could not load trading restrictions from registry (using defaults):",
+        error instanceof Error ? error.message : error
+      );
+    }
+  }
+  /**
+   * Sync the LLM config hash to chain for epoch tracking.
+   * If the wallet has insufficient gas, enters a recovery loop
+   * that waits for the user to fund the wallet.
+   */
+  async syncConfigHash() {
+    const agentId = BigInt(this.config.agentId);
+    const llmMeta = this.llm.getMetadata();
+    this.configHash = ExagentRegistry.calculateConfigHash(llmMeta.provider, llmMeta.model);
+    console.log(`Config hash: ${this.configHash}`);
+    const onChainHash = await this.client.registry.getConfigHash(agentId);
+    if (onChainHash !== this.configHash) {
+      console.log("Config changed, updating on-chain...");
+      try {
+        await this.client.registry.updateConfig(agentId, this.configHash);
+        const newEpoch = await this.client.registry.getCurrentEpoch(agentId);
+        console.log(`Config updated, new epoch started: ${newEpoch}`);
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        if (message.includes("insufficient funds") || message.includes("gas") || message.includes("intrinsic gas too low") || message.includes("exceeds the balance")) {
+          const ccUrl = `https://exagent.io/agents/${encodeURIComponent(this.config.name)}/command-center`;
+          const chain = base2;
+          const publicClientInstance = createPublicClient3({
+            chain,
+            transport: http3(this.getRpcUrl())
+          });
+          console.log("");
+          console.log("=== ETH NEEDED FOR GAS ===");
+          console.log("");
+          console.log(`  Wallet: ${this.client.address}`);
+          console.log("  Your wallet needs ETH to pay for transaction gas.");
+          console.log("  Opening the command center to fund your wallet...");
+          console.log(`  ${ccUrl}`);
+          console.log("");
+          openBrowser(ccUrl);
+          console.log("  Waiting for ETH... (checking every 15s)");
+          console.log("  Press Ctrl+C to exit.");
+          console.log("");
+          while (true) {
+            await this.sleep(15e3);
+            const balance = await publicClientInstance.getBalance({
+              address: this.client.address
+            });
+            if (balance > BigInt(0)) {
+              console.log("  ETH detected! Retrying config update...");
+              console.log("");
+              await this.client.registry.updateConfig(agentId, this.configHash);
+              const newEpoch = await this.client.registry.getCurrentEpoch(agentId);
+              console.log(`Config updated, new epoch started: ${newEpoch}`);
+              return;
+            }
+            process.stdout.write(".");
+          }
+        } else {
+          throw error;
+        }
+      }
+    } else {
+      const currentEpoch = await this.client.registry.getCurrentEpoch(agentId);
+      console.log(`Config hash matches on-chain (epoch ${currentEpoch})`);
+    }
+  }
+  /**
+   * Get the current config hash (for trade execution)
+   */
+  getConfigHash() {
+    return this.configHash;
+  }
+  /**
+   * Start the agent in daemon mode.
+   * The agent enters idle mode and waits for commands from the command center.
+   * Trading begins only when a start_trading command is received.
+   *
+   * If relay is not configured, falls back to immediate trading mode.
+   */
+  async run() {
+    this.processAlive = true;
+    if (this.relay) {
+      console.log("");
+      console.log("Agent is in IDLE mode. Waiting for commands from command center.");
+      console.log("Visit https://exagent.io to start trading from the dashboard.");
+      console.log("");
+      this.mode = "idle";
+      this.sendRelayStatus();
+      this.relay.sendMessage(
+        "system",
+        "success",
+        "Agent Connected",
+        `${this.config.name} is online and waiting for commands.`,
+        { wallet: this.client.address }
+      );
+      while (this.processAlive) {
+        if (this.mode === "trading" && this.isRunning) {
+          try {
+            await this.runCycle();
+          } catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            console.error("Error in trading cycle:", message);
+            this.relay?.sendMessage(
+              "system",
+              "error",
+              "Cycle Error",
+              message
+            );
+          }
+          await this.sleep(this.config.trading.tradingIntervalMs);
+        } else {
+          this.sendRelayStatus();
+          await this.sleep(3e4);
+        }
+      }
+    } else {
+      if (this.isRunning) {
+        throw new Error("Agent is already running");
+      }
+      this.isRunning = true;
+      this.mode = "trading";
+      console.log("Starting trading loop...");
+      console.log(`Interval: ${this.config.trading.tradingIntervalMs}ms`);
+      while (this.isRunning) {
+        try {
+          await this.runCycle();
+        } catch (error) {
+          console.error("Error in trading cycle:", error);
+        }
+        await this.sleep(this.config.trading.tradingIntervalMs);
+      }
+    }
+  }
+  /**
+   * Handle a command from the command center
+   */
+  async handleCommand(cmd) {
+    console.log(`Command received: ${cmd.type}`);
+    try {
+      switch (cmd.type) {
+        case "start_trading":
+          if (this.mode === "trading") {
+            this.relay?.sendCommandResult(cmd.id, true, "Already trading");
+            return;
+          }
+          this.mode = "trading";
+          this.isRunning = true;
+          console.log("Trading started via command center");
+          this.relay?.sendCommandResult(cmd.id, true, "Trading started");
+          this.relay?.sendMessage(
+            "system",
+            "success",
+            "Trading Started",
+            "Agent is now actively trading."
+          );
+          this.sendRelayStatus();
+          break;
+        case "stop_trading":
+          if (this.mode === "idle") {
+            this.relay?.sendCommandResult(cmd.id, true, "Already idle");
+            return;
+          }
+          this.mode = "idle";
+          this.isRunning = false;
+          console.log("Trading stopped via command center");
+          this.relay?.sendCommandResult(cmd.id, true, "Trading stopped");
+          this.relay?.sendMessage(
+            "system",
+            "info",
+            "Trading Stopped",
+            "Agent is now idle. Send start_trading to resume."
+          );
+          this.sendRelayStatus();
+          break;
+        case "update_risk_params": {
+          const params = cmd.params || {};
+          let updated = false;
+          if (params.maxPositionSizeBps !== void 0) {
+            const value = Number(params.maxPositionSizeBps);
+            if (isNaN(value) || value < 100 || value > 1e4) {
+              this.relay?.sendCommandResult(cmd.id, false, "maxPositionSizeBps must be 100-10000");
+              break;
+            }
+            this.config.trading.maxPositionSizeBps = value;
+            updated = true;
+          }
+          if (params.maxDailyLossBps !== void 0) {
+            const value = Number(params.maxDailyLossBps);
+            if (isNaN(value) || value < 50 || value > 5e3) {
+              this.relay?.sendCommandResult(cmd.id, false, "maxDailyLossBps must be 50-5000");
+              break;
+            }
+            this.config.trading.maxDailyLossBps = value;
+            updated = true;
+          }
+          if (updated) {
+            this.riskManager = new RiskManager(this.config.trading);
+            console.log("Risk params updated via command center");
+            this.relay?.sendCommandResult(cmd.id, true, "Risk parameters updated");
+            this.relay?.sendMessage(
+              "config_updated",
+              "info",
+              "Risk Parameters Updated",
+              `Max position: ${this.config.trading.maxPositionSizeBps / 100}%, Max daily loss: ${this.config.trading.maxDailyLossBps / 100}%`
+            );
+          } else {
+            this.relay?.sendCommandResult(cmd.id, false, "No valid parameters provided");
+          }
+          break;
+        }
+        case "update_trading_interval": {
+          const intervalMs = Number(cmd.params?.intervalMs);
+          if (intervalMs && intervalMs >= 1e3) {
+            this.config.trading.tradingIntervalMs = intervalMs;
+            console.log(`Trading interval updated to ${intervalMs}ms`);
+            this.relay?.sendCommandResult(cmd.id, true, `Interval set to ${intervalMs}ms`);
+          } else {
+            this.relay?.sendCommandResult(cmd.id, false, "Invalid interval (minimum 1000ms)");
+          }
+          break;
+        }
+        case "create_vault": {
+          const result = await this.createVault();
+          this.relay?.sendCommandResult(
+            cmd.id,
+            result.success,
+            result.success ? `Vault created: ${result.vaultAddress}` : result.error
+          );
+          if (result.success) {
+            this.relay?.sendMessage(
+              "vault_created",
+              "success",
+              "Vault Created",
+              `Vault deployed at ${result.vaultAddress}`,
+              { vaultAddress: result.vaultAddress }
+            );
+          }
+          break;
+        }
+        case "refresh_status":
+          this.sendRelayStatus();
+          this.relay?.sendCommandResult(cmd.id, true, "Status refreshed");
+          break;
+        case "shutdown":
+          console.log("Shutdown requested via command center");
+          this.relay?.sendCommandResult(cmd.id, true, "Shutting down");
+          this.relay?.sendMessage(
+            "system",
+            "info",
+            "Shutting Down",
+            "Agent is shutting down. Restart manually to reconnect."
+          );
+          await this.sleep(1e3);
+          this.stop();
+          break;
+        default:
+          console.warn(`Unknown command: ${cmd.type}`);
+          this.relay?.sendCommandResult(cmd.id, false, `Unknown command: ${cmd.type}`);
+      }
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      console.error(`Command ${cmd.type} failed:`, message);
+      this.relay?.sendCommandResult(cmd.id, false, message);
+    }
+  }
+  /**
+   * Send current status to the relay
+   */
+  sendRelayStatus() {
+    if (!this.relay) return;
+    const vaultConfig = this.config.vault || { policy: "disabled" };
+    const status = {
+      mode: this.mode,
+      agentId: String(this.config.agentId),
+      wallet: this.client?.address,
+      cycleCount: this.cycleCount,
+      lastCycleAt: this.lastCycleAt,
+      tradingIntervalMs: this.config.trading.tradingIntervalMs,
+      portfolioValue: this.lastPortfolioValue,
+      ethBalance: this.lastEthBalance,
+      llm: {
+        provider: this.config.llm.provider,
+        model: this.config.llm.model || "default"
+      },
+      risk: this.riskManager?.getStatus(this.lastPortfolioValue) || {
+        dailyPnL: 0,
+        dailyLossLimit: 0,
+        isLimitHit: false
+      },
+      vault: {
+        policy: vaultConfig.policy,
+        hasVault: false,
+        vaultAddress: null
+      }
+    };
+    this.relay.sendHeartbeat(status);
+  }
+  /**
+   * Run a single trading cycle
+   */
+  async runCycle() {
+    console.log(`
+--- Trading Cycle: ${(/* @__PURE__ */ new Date()).toISOString()} ---`);
+    this.cycleCount++;
+    this.lastCycleAt = Date.now();
+    const tokens = this.config.allowedTokens || this.getDefaultTokens();
+    const marketData = await this.marketData.fetchMarketData(this.client.address, tokens);
+    console.log(`Portfolio value: $${marketData.portfolioValue.toFixed(2)}`);
+    this.lastPortfolioValue = marketData.portfolioValue;
+    const nativeEthBal = marketData.balances[NATIVE_ETH.toLowerCase()] || BigInt(0);
+    this.lastEthBalance = (Number(nativeEthBal) / 1e18).toFixed(6);
+    const fundsOk = this.checkFundsLow(marketData);
+    if (!fundsOk) {
+      console.warn("Skipping trading cycle \u2014 ETH balance critically low");
+      this.sendRelayStatus();
+      return;
+    }
+    let signals;
+    try {
+      signals = await this.strategy(marketData, this.llm, this.config);
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      console.error("LLM/strategy error:", message);
+      this.relay?.sendMessage(
+        "llm_error",
+        "error",
+        "Strategy Error",
+        message
+      );
+      return;
+    }
+    console.log(`Strategy generated ${signals.length} signals`);
+    const filteredSignals = this.riskManager.filterSignals(signals, marketData);
+    console.log(`${filteredSignals.length} signals passed risk checks`);
+    if (this.riskManager.getStatus(marketData.portfolioValue).isLimitHit) {
+      this.relay?.sendMessage(
+        "risk_limit_hit",
+        "warning",
+        "Risk Limit Hit",
+        `Daily loss limit reached: $${this.riskManager.getStatus(marketData.portfolioValue).dailyPnL.toFixed(2)}`
+      );
+    }
+    if (filteredSignals.length > 0) {
+      const vaultStatus = await this.vaultManager?.getVaultStatus();
+      if (vaultStatus?.hasVault && this.vaultManager?.preferVaultTrading) {
+        console.log(`Trading through vault: ${vaultStatus.vaultAddress}`);
+      }
+      const preTradePortfolioValue = marketData.portfolioValue;
+      const results = await this.executor.executeAll(filteredSignals);
+      let totalFeesUSD = 0;
+      for (const result of results) {
+        if (result.success) {
+          console.log(`Trade executed: ${result.signal.action} - ${result.txHash}`);
+          const feeCostBps = 20;
+          const signalPrice = marketData.prices[result.signal.tokenIn.toLowerCase()] || 0;
+          const amountUSD = Number(result.signal.amountIn) / Math.pow(10, getTokenDecimals(result.signal.tokenIn)) * signalPrice;
+          const feeCostUSD = amountUSD * feeCostBps / 1e4;
+          totalFeesUSD += feeCostUSD;
+          this.riskManager.updateFees(feeCostUSD);
+          this.relay?.sendMessage(
+            "trade_executed",
+            "success",
+            "Trade Executed",
+            `${result.signal.action.toUpperCase()}: ${result.signal.reasoning || "No reason provided"}`,
+            {
+              action: result.signal.action,
+              txHash: result.txHash,
+              tokenIn: result.signal.tokenIn,
+              tokenOut: result.signal.tokenOut
+            }
+          );
+        } else {
+          console.warn(`Trade failed: ${result.error}`);
+          this.relay?.sendMessage(
+            "trade_failed",
+            "error",
+            "Trade Failed",
+            result.error || "Unknown error",
+            { action: result.signal.action }
+          );
+        }
+      }
+      const postTokens = this.config.allowedTokens || this.getDefaultTokens();
+      const postTradeData = await this.marketData.fetchMarketData(this.client.address, postTokens);
+      const marketPnL = postTradeData.portfolioValue - preTradePortfolioValue + totalFeesUSD;
+      this.riskManager.updatePnL(marketPnL);
+      if (marketPnL !== 0) {
+        console.log(`Cycle PnL: $${marketPnL.toFixed(2)} (market), -$${totalFeesUSD.toFixed(2)} (fees)`);
+      }
+      this.lastPortfolioValue = postTradeData.portfolioValue;
+      const postNativeEthBal = postTradeData.balances[NATIVE_ETH.toLowerCase()] || BigInt(0);
+      this.lastEthBalance = (Number(postNativeEthBal) / 1e18).toFixed(6);
+    }
+    this.sendRelayStatus();
+  }
+  /**
+   * Check if ETH balance is below threshold and notify.
+   * Returns true if trading should continue, false if ETH is critically low.
+   */
+  checkFundsLow(marketData) {
+    const ethBalance = marketData.balances[NATIVE_ETH.toLowerCase()] || BigInt(0);
+    const ethAmount = Number(ethBalance) / 1e18;
+    if (ethAmount < FUNDS_CRITICAL_THRESHOLD) {
+      console.error(`ETH balance critically low: ${ethAmount.toFixed(6)} ETH \u2014 halting trading`);
+      this.relay?.sendMessage(
+        "funds_low",
+        "error",
+        "Funds Critical",
+        `ETH balance is ${ethAmount.toFixed(6)} ETH (below ${FUNDS_CRITICAL_THRESHOLD} ETH minimum). Trading halted \u2014 fund your wallet.`,
+        {
+          ethBalance: ethAmount.toFixed(6),
+          wallet: this.client.address,
+          threshold: FUNDS_CRITICAL_THRESHOLD
+        }
+      );
+      return false;
+    }
+    if (ethAmount < FUNDS_LOW_THRESHOLD) {
+      this.relay?.sendMessage(
+        "funds_low",
+        "warning",
+        "Low Funds",
+        `ETH balance is ${ethAmount.toFixed(6)} ETH. Fund your trading wallet to continue trading.`,
+        {
+          ethBalance: ethAmount.toFixed(6),
+          wallet: this.client.address,
+          threshold: FUNDS_LOW_THRESHOLD
+        }
+      );
+    }
+    return true;
+  }
+  /**
+   * Stop the agent process completely
+   */
+  stop() {
+    console.log("Stopping agent...");
+    this.isRunning = false;
+    this.processAlive = false;
+    this.mode = "idle";
+    if (this.relay) {
+      this.relay.disconnect();
+    }
+  }
+  /**
+   * Get RPC URL from environment or default
+   */
+  getRpcUrl() {
+    return getRpcUrl();
+  }
+  /**
+   * Default tokens to track.
+   * These are validated against the on-chain registry's isTradeAllowed() during init —
+   * agents in restricted risk universes will have ineligible tokens filtered out.
+   */
+  getDefaultTokens() {
+    return [
+      // Core
+      "0x4200000000000000000000000000000000000006",
+      // WETH
+      "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+      // USDC
+      "0x2Ae3F1Ec7F1F5012CFEab0185bFC7aa3cf0DEC22",
+      // cbETH
+      "0xd9aAEc86B65D86f6A7B5B1b0c42FFA531710b6CA",
+      // USDbC
+      "0x50c5725949A6F0c72E6C4a641F24049A917DB0Cb",
+      // DAI
+      // Established
+      "0x940181a94A35A4569E4529A3CDfB74e38FD98631",
+      // AERO
+      "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf",
+      // cbBTC
+      "0xc1CBa3fCea344f92D9239c08C0568f6F2F0ee452",
+      // wstETH
+      "0x2416092f143378750bb29b79eD961ab195CcEea5",
+      // ezETH
+      // Emerging (filtered by risk universe at init)
+      "0x532f27101965dd16442E59d40670FaF5eBB142E4",
+      // BRETT
+      "0x4ed4E862860beD51a9570b96d89aF5E1B0Efefed",
+      // DEGEN
+      "0x0b3e328455c4059EEb9e3f84b5543F74E24e7E1b",
+      // VIRTUAL
+      "0xAC1Bd2486Aaf3B5C0fc3Fd868558b082a531B2B4"
+      // TOSHI
+    ];
+  }
+  sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+  /**
+   * Get current status
+   */
+  getStatus() {
+    const vaultConfig = this.config.vault || { policy: "disabled" };
+    return {
+      isRunning: this.isRunning,
+      mode: this.mode,
+      agentId: Number(this.config.agentId),
+      wallet: this.client?.address || "not initialized",
+      llm: {
+        provider: this.config.llm.provider,
+        model: this.config.llm.model || "default"
+      },
+      configHash: this.configHash || "not initialized",
+      risk: this.riskManager?.getStatus(this.lastPortfolioValue) || { dailyPnL: 0, dailyLossLimit: 0, isLimitHit: false },
+      vault: {
+        policy: vaultConfig.policy,
+        hasVault: false,
+        // Updated async via getVaultStatus
+        vaultAddress: null
+      },
+      relay: {
+        connected: this.relay?.isConnected || false
+      },
+      cycleCount: this.cycleCount
+    };
+  }
+  /**
+   * Get detailed vault status (async)
+   */
+  async getVaultStatus() {
+    if (!this.vaultManager) {
+      return null;
+    }
+    return this.vaultManager.getVaultStatus();
+  }
+  /**
+   * Manually trigger vault creation (for 'manual' policy)
+   */
+  async createVault() {
+    if (!this.vaultManager) {
+      return { success: false, error: "Vault manager not initialized" };
+    }
+    const policy = this.config.vault?.policy || "disabled";
+    if (policy === "disabled") {
+      return { success: false, error: "Vault creation is disabled by policy" };
+    }
+    return this.vaultManager.createVault();
+  }
+};
+
+// src/secure-env.ts
+import * as crypto from "crypto";
+import * as fs from "fs";
+import * as path from "path";
+var ALGORITHM = "aes-256-gcm";
+var PBKDF2_ITERATIONS = 1e5;
+var SALT_LENGTH = 32;
+var IV_LENGTH = 16;
+var KEY_LENGTH = 32;
+var SENSITIVE_PATTERNS = [
+  /PRIVATE_KEY$/i,
+  /_API_KEY$/i,
+  /API_KEY$/i,
+  /_SECRET$/i,
+  /^OPENAI_API_KEY$/i,
+  /^ANTHROPIC_API_KEY$/i,
+  /^GOOGLE_AI_API_KEY$/i,
+  /^DEEPSEEK_API_KEY$/i,
+  /^MISTRAL_API_KEY$/i,
+  /^GROQ_API_KEY$/i,
+  /^TOGETHER_API_KEY$/i
+];
+function isSensitiveKey(key) {
+  return SENSITIVE_PATTERNS.some((pattern) => pattern.test(key));
+}
+function deriveKey(passphrase, salt) {
+  return crypto.pbkdf2Sync(passphrase, salt, PBKDF2_ITERATIONS, KEY_LENGTH, "sha256");
+}
+function encryptValue(value, key) {
+  const iv = crypto.randomBytes(IV_LENGTH);
+  const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
+  let encrypted = cipher.update(value, "utf8", "hex");
+  encrypted += cipher.final("hex");
+  const tag = cipher.getAuthTag();
+  return {
+    iv: iv.toString("hex"),
+    encrypted,
+    tag: tag.toString("hex")
+  };
+}
+function decryptValue(encrypted, key, iv, tag) {
+  const decipher = crypto.createDecipheriv(
+    ALGORITHM,
+    key,
+    Buffer.from(iv, "hex")
+  );
+  decipher.setAuthTag(Buffer.from(tag, "hex"));
+  let decrypted = decipher.update(encrypted, "hex", "utf8");
+  decrypted += decipher.final("utf8");
+  return decrypted;
+}
+function parseEnvFile(content) {
+  const entries = [];
+  for (const line of content.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#")) continue;
+    const eqIndex = trimmed.indexOf("=");
+    if (eqIndex === -1) continue;
+    const key = trimmed.slice(0, eqIndex).trim();
+    let value = trimmed.slice(eqIndex + 1).trim();
+    if (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'")) {
+      value = value.slice(1, -1);
+    }
+    if (key && value) {
+      entries.push({ key, value });
+    }
+  }
+  return entries;
+}
+function encryptEnvFile(envPath, passphrase, deleteOriginal = false) {
+  if (!fs.existsSync(envPath)) {
+    throw new Error(`File not found: ${envPath}`);
+  }
+  const content = fs.readFileSync(envPath, "utf-8");
+  const entries = parseEnvFile(content);
+  if (entries.length === 0) {
+    throw new Error("No environment variables found in file");
+  }
+  const salt = crypto.randomBytes(SALT_LENGTH);
+  const key = deriveKey(passphrase, salt);
+  const encryptedEntries = entries.map(({ key: envKey, value }) => {
+    if (isSensitiveKey(envKey)) {
+      const { iv, encrypted, tag } = encryptValue(value, key);
+      return {
+        key: envKey,
+        value: encrypted,
+        encrypted: true,
+        iv,
+        tag
+      };
+    }
+    return {
+      key: envKey,
+      value,
+      encrypted: false
+    };
+  });
+  const encryptedEnv = {
+    version: 1,
+    salt: salt.toString("hex"),
+    entries: encryptedEntries
+  };
+  const encPath = envPath + ".enc";
+  fs.writeFileSync(encPath, JSON.stringify(encryptedEnv, null, 2), { mode: 384 });
+  if (deleteOriginal) {
+    fs.unlinkSync(envPath);
+  }
+  const sensitiveCount = encryptedEntries.filter((e) => e.encrypted).length;
+  const plainCount = encryptedEntries.filter((e) => !e.encrypted).length;
+  console.log(
+    `Encrypted ${sensitiveCount} sensitive values (${plainCount} non-sensitive kept as plaintext)`
+  );
+  return encPath;
+}
+function decryptEnvFile(encPath, passphrase) {
+  if (!fs.existsSync(encPath)) {
+    throw new Error(`Encrypted env file not found: ${encPath}`);
+  }
+  const content = JSON.parse(fs.readFileSync(encPath, "utf-8"));
+  if (content.version !== 1) {
+    throw new Error(`Unsupported encrypted env version: ${content.version}`);
+  }
+  const salt = Buffer.from(content.salt, "hex");
+  const key = deriveKey(passphrase, salt);
+  const result = {};
+  for (const entry of content.entries) {
+    if (entry.encrypted) {
+      if (!entry.iv || !entry.tag) {
+        throw new Error(`Missing encryption metadata for ${entry.key}`);
+      }
+      try {
+        result[entry.key] = decryptValue(entry.value, key, entry.iv, entry.tag);
+      } catch {
+        throw new Error(
+          `Failed to decrypt ${entry.key}. Wrong passphrase or corrupted data.`
+        );
+      }
+    } else {
+      result[entry.key] = entry.value;
+    }
+  }
+  return result;
+}
+function loadSecureEnv(basePath, passphrase) {
+  const encPath = path.join(basePath, ".env.enc");
+  const envPath = path.join(basePath, ".env");
+  if (fs.existsSync(encPath)) {
+    if (!passphrase) {
+      passphrase = process.env.EXAGENT_PASSPHRASE;
+    }
+    if (!passphrase) {
+      console.warn("");
+      console.warn("WARNING: Found .env.enc but no passphrase provided.");
+      console.warn("  Set EXAGENT_PASSPHRASE environment variable or");
+      console.warn("  pass --passphrase when running the agent.");
+      console.warn("  Falling back to plaintext .env file.");
+      console.warn("");
+    } else {
+      const vars = decryptEnvFile(encPath, passphrase);
+      for (const [key, value] of Object.entries(vars)) {
+        process.env[key] = value;
+      }
+      return true;
+    }
+  }
+  if (fs.existsSync(envPath)) {
+    const content = fs.readFileSync(envPath, "utf-8");
+    const entries = parseEnvFile(content);
+    const sensitiveKeys = entries.filter(({ key }) => isSensitiveKey(key)).map(({ key }) => key);
+    if (sensitiveKeys.length > 0) {
+      console.warn("");
+      console.warn("WARNING: Sensitive values stored in plaintext .env file:");
+      for (const key of sensitiveKeys) {
+        console.warn(`  - ${key}`);
+      }
+      console.warn("");
+      console.warn('  Run "npx @exagent/agent encrypt" to secure your keys.');
+      console.warn("");
+    }
+    return false;
+  }
+  return false;
+}
+
+export {
+  BaseLLMAdapter,
+  OpenAIAdapter,
+  AnthropicAdapter,
+  GoogleAdapter,
+  DeepSeekAdapter,
+  MistralAdapter,
+  GroqAdapter,
+  TogetherAdapter,
+  OllamaAdapter,
+  createLLMAdapter,
+  loadStrategy,
+  validateStrategy,
+  STRATEGY_TEMPLATES,
+  getStrategyTemplate,
+  getAllStrategyTemplates,
+  LLMProviderSchema,
+  LLMConfigSchema,
+  RiskUniverseSchema,
+  TradingConfigSchema,
+  VaultPolicySchema,
+  VaultConfigSchema,
+  RelayConfigSchema,
+  AgentConfigSchema,
+  loadConfig,
+  validateConfig,
+  createSampleConfig,
+  TradeExecutor,
+  MarketDataService,
+  RiskManager,
+  VaultManager,
+  RelayClient,
+  AgentRuntime,
+  encryptEnvFile,
+  decryptEnvFile,
+  loadSecureEnv
+};