@exagent/agent 0.2.1 → 0.3.0

package/dist/cli.js

@@ -1,24 +1,220 @@
 #!/usr/bin/env node
 import {
   AgentRuntime,
+  encryptSecretPayload,
+  getDefaultSecureStorePath,
   listTemplates,
   loadConfig,
+  readConfigFile,
+  writeConfigFile,
   writeSampleConfig
-} from "./chunk-B4VHIITU.js";
+} from "./chunk-UAP5CTHB.js";
 
 // src/cli.ts
 import { Command } from "commander";
+
+// src/setup.ts
+import { chmodSync, existsSync, mkdirSync, writeFileSync } from "fs";
+import { homedir } from "os";
+import { dirname, resolve } from "path";
+import { createInterface } from "readline/promises";
+import { stdin as input, stdout as output } from "process";
+import { generatePrivateKey, privateKeyToAccount } from "viem/accounts";
+function expandHomeDir(path) {
+  if (!path.startsWith("~/")) return path;
+  return resolve(homedir(), path.slice(2));
+}
+async function prompt(question) {
+  const rl = createInterface({ input, output });
+  try {
+    return (await rl.question(question)).trim();
+  } finally {
+    rl.close();
+  }
+}
+async function promptSecret(question) {
+  const rl = createInterface({ input, output, terminal: true });
+  rl.stdoutMuted = true;
+  const originalWrite = rl._writeToOutput?.bind(rl);
+  rl._writeToOutput = (text) => {
+    if (!rl.stdoutMuted) {
+      originalWrite?.(text);
+    }
+  };
+  try {
+    const answer = (await rl.question(question)).trim();
+    output.write("\n");
+    return answer;
+  } finally {
+    rl.close();
+  }
+}
+async function promptSecretPassword(question = "Device password: ") {
+  return promptSecret(question);
+}
+async function promptPasswordWithConfirmation() {
+  output.write("\n");
+  output.write("Important: this password encrypts the local wallet key, relay token, and agent LLM key for this device.\n");
+  output.write("If you lose this password and the agent wallet holds funds, those funds cannot be recovered.\n\n");
+  const ack = await prompt('Type "I UNDERSTAND" to continue: ');
+  if (ack !== "I UNDERSTAND") {
+    throw new Error("Secure setup aborted");
+  }
+  while (true) {
+    const password = await promptSecret("Create a device password (min 12 chars): ");
+    if (password.length < 12) {
+      output.write("Password must be at least 12 characters.\n");
+      continue;
+    }
+    const confirm = await promptSecret("Confirm device password: ");
+    if (password !== confirm) {
+      output.write("Passwords did not match. Try again.\n");
+      continue;
+    }
+    return password;
+  }
+}
+async function promptWalletPrivateKey() {
+  while (true) {
+    const choice = (await prompt("Wallet setup \u2014 [1] generate new wallet locally, [2] use existing private key: ")).trim();
+    if (choice === "1") {
+      const privateKey = generatePrivateKey();
+      const address = privateKeyToAccount(privateKey).address;
+      output.write(`Generated wallet address: ${address}
+`);
+      return privateKey;
+    }
+    if (choice === "2") {
+      const privateKey = await promptSecret("Wallet private key (0x...): ");
+      if (/^0x[a-fA-F0-9]{64}$/.test(privateKey)) {
+        return privateKey;
+      }
+      output.write("Invalid private key. Expected a 32-byte hex string prefixed with 0x.\n");
+      continue;
+    }
+    output.write("Enter 1 or 2.\n");
+  }
+}
+async function promptLlmProvider() {
+  while (true) {
+    const provider = (await prompt("Agent LLM provider (openai/anthropic/google/deepseek/mistral/groq/together/ollama): ")).toLowerCase();
+    if (["openai", "anthropic", "google", "deepseek", "mistral", "groq", "together", "ollama"].includes(provider)) {
+      return provider;
+    }
+    output.write("Unsupported provider.\n");
+  }
+}
+async function consumeBootstrapPackage(config) {
+  if (!config.secrets?.bootstrapToken) {
+    return { apiToken: "" };
+  }
+  const res = await fetch(`${config.apiUrl}/v1/agents/bootstrap/consume`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      agentId: config.agentId,
+      token: config.secrets.bootstrapToken
+    })
+  });
+  if (!res.ok) {
+    const body = await res.text();
+    throw new Error(`Failed to consume secure setup package: ${body}`);
+  }
+  const data = await res.json();
+  return data.payload;
+}
+async function buildLocalSecrets(config, bootstrapPayload) {
+  const nextConfig = structuredClone(config);
+  const llm = { ...nextConfig.llm || {} };
+  if (bootstrapPayload.llm?.provider && !llm.provider) {
+    llm.provider = bootstrapPayload.llm.provider;
+  }
+  if (bootstrapPayload.llm?.model && !llm.model) {
+    llm.model = bootstrapPayload.llm.model;
+  }
+  if (!llm.provider) {
+    llm.provider = await promptLlmProvider();
+  }
+  if (!llm.model) {
+    llm.model = await prompt("Agent LLM model: ");
+    if (!llm.model) {
+      throw new Error("Agent LLM model is required");
+    }
+  }
+  const secrets = {
+    apiToken: bootstrapPayload.apiToken || nextConfig.apiToken || await promptSecret("Agent relay token: "),
+    walletPrivateKey: bootstrapPayload.walletPrivateKey || nextConfig.wallet?.privateKey || await promptWalletPrivateKey(),
+    llmApiKey: bootstrapPayload.llm?.apiKey || nextConfig.llm.apiKey || await promptSecret("Agent LLM API key: ")
+  };
+  if (!secrets.apiToken) {
+    throw new Error("Agent relay token is required");
+  }
+  nextConfig.llm = llm;
+  delete nextConfig.apiToken;
+  delete nextConfig.wallet;
+  delete nextConfig.llm.apiKey;
+  return { config: nextConfig, secrets };
+}
+function writeSecureStore(path, secrets, password) {
+  const secureStorePath = expandHomeDir(path);
+  const encrypted = encryptSecretPayload(secrets, password);
+  const dir = dirname(secureStorePath);
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true, mode: 448 });
+  }
+  writeFileSync(secureStorePath, JSON.stringify(encrypted, null, 2), { mode: 384 });
+  try {
+    chmodSync(secureStorePath, 384);
+  } catch {
+  }
+  return secureStorePath;
+}
+async function ensureLocalSetup(configPath) {
+  const config = readConfigFile(configPath);
+  const existingSecureStorePath = config.secrets?.secureStorePath ? expandHomeDir(config.secrets.secureStorePath) : null;
+  if (existingSecureStorePath && !config.secrets?.bootstrapToken && existsSync(existingSecureStorePath) && !config.apiToken && !config.wallet?.privateKey && !config.llm.apiKey) {
+    return;
+  }
+  const bootstrapPayload = await consumeBootstrapPackage(config);
+  const { config: nextConfig, secrets } = await buildLocalSecrets(config, bootstrapPayload);
+  const password = await promptPasswordWithConfirmation();
+  const secureStorePath = writeSecureStore(
+    nextConfig.secrets?.secureStorePath || getDefaultSecureStorePath(nextConfig.agentId),
+    secrets,
+    password
+  );
+  nextConfig.secrets = {
+    secureStorePath
+  };
+  writeConfigFile(configPath, nextConfig);
+  output.write(`Encrypted local secret store created at ${secureStorePath}
+`);
+}
+
+// src/cli.ts
 var program = new Command();
 program.name("exagent").description("Exagent \u2014 LLM trading agent runtime").version("0.1.0");
 program.command("init").description("Create a sample agent configuration file").option("--agent-id <id>", "Agent ID (from dashboard)", "my-agent").option("--api-url <url>", "API server URL", "http://localhost:3002").option("--config <path>", "Config file path", "agent-config.json").action((opts) => {
   writeSampleConfig(opts.agentId, opts.apiUrl, opts.config);
   console.log(`Created ${opts.config}`);
-  console.log("Edit the file with your API token, LLM key, and strategy settings.");
-  console.log("Then run: exagent run");
+  console.log("Edit only the public strategy/venue/risk settings in the file.");
+  console.log(`Then run: exagent setup --config ${opts.config}`);
+});
+program.command("setup").description("Run first-time secure local setup for agent secrets").option("--config <path>", "Config file path", "agent-config.json").action(async (opts) => {
+  try {
+    await ensureLocalSetup(opts.config);
+    console.log("Secure local setup complete.");
+  } catch (err) {
+    console.error("Failed to complete secure local setup:", err.message);
+    process.exit(1);
+  }
 });
 program.command("run").description("Start the agent").option("--config <path>", "Config file path", "agent-config.json").action(async (opts) => {
   try {
-    const config = loadConfig(opts.config);
+    await ensureLocalSetup(opts.config);
+    const config = await loadConfig(opts.config, {
+      getSecretPassword: async () => promptSecretPassword()
+    });
     const runtime = new AgentRuntime(config);
     await runtime.start();
     await new Promise(() => {
@@ -40,7 +236,10 @@ program.command("templates").description("List available strategy templates").ac
 });
 program.command("status").description("Check agent status").option("--config <path>", "Config file path", "agent-config.json").action(async (opts) => {
   try {
-    const config = loadConfig(opts.config);
+    await ensureLocalSetup(opts.config);
+    const config = await loadConfig(opts.config, {
+      getSecretPassword: async () => promptSecretPassword()
+    });
     const res = await fetch(`${config.apiUrl}/v1/agents/${config.agentId}`, {
       headers: { Authorization: `Bearer ${config.apiToken}` }
     });

package/dist/index.d.ts

@@ -20,6 +20,11 @@ interface RuntimeConfig {
     strategy: {
         file?: string;
         template?: string;
+        prompt?: {
+            name?: string;
+            systemPrompt: string;
+            venues?: string[];
+        };
     };
     trading: {
         mode: 'live' | 'paper';
@@ -78,7 +83,10 @@ interface RuntimeConfig {
         json?: boolean;
     };
 }
-declare function loadConfig(path?: string): RuntimeConfig;
+interface LoadConfigOptions {
+    getSecretPassword?: () => Promise<string>;
+}
+declare function loadConfig(path?: string, options?: LoadConfigOptions): Promise<RuntimeConfig>;
 declare function generateSampleConfig(agentId: string, apiUrl: string): string;
 declare function writeSampleConfig(agentId: string, apiUrl: string, path?: string): void;
 
@@ -408,6 +416,11 @@ declare function createLLMAdapter(config: LLMConfig): LLMAdapter;
 declare function loadStrategy(config: {
     file?: string;
     template?: string;
+    prompt?: {
+        name?: string;
+        systemPrompt: string;
+        venues?: string[];
+    };
 }): Promise<StrategyFunction>;
 
 declare function getTemplate(id: string): StrategyTemplate | undefined;

package/dist/index.js

@@ -43,7 +43,7 @@ import {
   loadConfig,
   loadStrategy,
   writeSampleConfig
-} from "./chunk-B4VHIITU.js";
+} from "./chunk-UAP5CTHB.js";
 export {
   AcrossAdapter,
   AerodromeAdapter,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@exagent/agent",
-  "version": "0.2.1",
+  "version": "0.3.0",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -13,14 +13,18 @@
       "types": "./dist/index.d.ts"
     }
   },
+  "scripts": {
+    "build": "tsup src/index.ts src/cli.ts --format esm --dts",
+    "dev": "tsup src/index.ts src/cli.ts --format esm --dts --watch"
+  },
   "dependencies": {
+    "@exagent/sdk": "workspace:*",
     "@polymarket/clob-client": "^4.0.0",
     "commander": "^12.0.0",
     "ethers": "^5.7.2",
     "viem": "^2.21.0",
     "ws": "^8.16.0",
-    "zod": "^3.22.0",
-    "@exagent/sdk": "0.2.1"
+    "zod": "^3.22.0"
   },
   "devDependencies": {
     "@types/node": "^20.0.0",
@@ -28,9 +32,5 @@
     "tsup": "^8.0.0",
     "tsx": "^4.0.0",
     "typescript": "^5.6.0"
-  },
-  "scripts": {
-    "build": "tsup src/index.ts src/cli.ts --format esm --dts",
-    "dev": "tsup src/index.ts src/cli.ts --format esm --dts --watch"
   }
-}
+}

package/src/cli.ts

@@ -3,6 +3,7 @@ import { Command } from 'commander';
 import { loadConfig, writeSampleConfig } from './config.js';
 import { AgentRuntime } from './runtime.js';
 import { listTemplates } from './strategy/index.js';
+import { ensureLocalSetup, promptSecretPassword } from './setup.js';
 
 const program = new Command();
 
@@ -20,8 +21,22 @@ program
   .action((opts) => {
     writeSampleConfig(opts.agentId, opts.apiUrl, opts.config);
     console.log(`Created ${opts.config}`);
-    console.log('Edit the file with your API token, LLM key, and strategy settings.');
-    console.log('Then run: exagent run');
+    console.log('Edit only the public strategy/venue/risk settings in the file.');
+    console.log(`Then run: exagent setup --config ${opts.config}`);
+  });
+
+program
+  .command('setup')
+  .description('Run first-time secure local setup for agent secrets')
+  .option('--config <path>', 'Config file path', 'agent-config.json')
+  .action(async (opts) => {
+    try {
+      await ensureLocalSetup(opts.config);
+      console.log('Secure local setup complete.');
+    } catch (err) {
+      console.error('Failed to complete secure local setup:', (err as Error).message);
+      process.exit(1);
+    }
   });
 
 program
@@ -30,7 +45,10 @@ program
   .option('--config <path>', 'Config file path', 'agent-config.json')
   .action(async (opts) => {
     try {
-      const config = loadConfig(opts.config);
+      await ensureLocalSetup(opts.config);
+      const config = await loadConfig(opts.config, {
+        getSecretPassword: async () => promptSecretPassword(),
+      });
       const runtime = new AgentRuntime(config);
       await runtime.start();
 
@@ -62,7 +80,10 @@ program
   .option('--config <path>', 'Config file path', 'agent-config.json')
   .action(async (opts) => {
     try {
-      const config = loadConfig(opts.config);
+      await ensureLocalSetup(opts.config);
+      const config = await loadConfig(opts.config, {
+        getSecretPassword: async () => promptSecretPassword(),
+      });
       const res = await fetch(`${config.apiUrl}/v1/agents/${config.agentId}`, {
         headers: { Authorization: `Bearer ${config.apiToken}` },
       });