@exagent/agent 0.3.5 → 0.3.7

package/src/config.ts

@@ -1,499 +0,0 @@
-import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'node:crypto';
-import { chmodSync, existsSync, readFileSync, writeFileSync } from 'node:fs';
-import { homedir } from 'node:os';
-import { dirname, resolve } from 'node:path';
-import { z } from 'zod';
-import type { LLMProvider } from '@exagent/sdk';
-
-export interface RuntimeConfig {
-  agentId: string;
-  apiUrl: string;
-  apiToken: string;
-  wallet?: {
-    privateKey: string;
-  };
-  llm: {
-    provider: LLMProvider;
-    model?: string;
-    apiKey?: string;
-    endpoint?: string;
-    temperature?: number;
-    maxTokens?: number;
-  };
-  strategy: {
-    file?: string;
-    code?: string;
-    template?: string;
-    venues?: string[];
-    prompt?: {
-      name?: string;
-      systemPrompt: string;
-      venues?: string[];
-    };
-  };
-  trading: {
-    mode: 'live' | 'paper';
-    timeHorizon: 'intraday' | 'swing' | 'position';
-    maxPositionSizeBps: number;
-    maxDailyLossBps: number;
-    maxConcurrentPositions: number;
-    tradingIntervalMs: number;
-    maxSlippageBps: number;
-    minTradeValueUSD: number;
-    initialCapitalUSD?: number;
-  };
-  venues?: {
-    hyperliquid_perp?: {
-      enabled: boolean;
-      apiUrl: string;
-      wsUrl: string;
-      maxLeverage: number;
-      maxNotionalUSD: number;
-      allowedInstruments?: string[];
-    };
-    polymarket?: {
-      enabled: boolean;
-      clobApiUrl: string;
-      gammaApiUrl: string;
-      maxNotionalUSD: number;
-      maxTotalExposureUSD: number;
-      allowedCategories?: string[];
-    };
-    spot?: {
-      enabled: boolean;
-      chains: string[];
-      defaultChain: string;
-      maxSlippageBps: number;
-      maxSwapValueUSD: number;
-    };
-    bridge?: {
-      enabled: boolean;
-      defaultBridge: string;
-      maxBridgeValueUSD: number;
-      fillTimeoutMs: number;
-      pollIntervalMs: number;
-    };
-  };
-  relay: {
-    url: string;
-    heartbeatIntervalMs: number;
-    reconnectMaxAttempts: number;
-  };
-  llmBudget?: {
-    maxDailyTokens?: number;
-  };
-  rpcOverrides?: Record<string, string>;
-  logging?: {
-    level?: 'debug' | 'info' | 'warn' | 'error';
-    json?: boolean;
-  };
-}
-
-export interface LocalSecretPayload {
-  apiToken: string;
-  walletPrivateKey?: string;
-  llmApiKey?: string;
-}
-
-export interface SecureStoreFile {
-  version: 1;
-  algorithm: 'aes-256-gcm';
-  kdf: {
-    name: 'scrypt';
-    salt: string;
-    keyLength: 32;
-    cost: number;
-    blockSize: number;
-    parallelization: number;
-  };
-  iv: string;
-  ciphertext: string;
-  authTag: string;
-}
-
-export interface LoadConfigOptions {
-  getSecretPassword?: () => Promise<string>;
-}
-
-const providerEnum = z.enum(['openai', 'anthropic', 'google', 'deepseek', 'mistral', 'groq', 'together', 'ollama']);
-
-const runtimeSchema = z.object({
-  agentId: z.string(),
-  apiUrl: z.string().url(),
-  apiToken: z.string().min(1),
-  wallet: z.object({
-    privateKey: z.string().regex(/^0x[a-fA-F0-9]{64}$/),
-  }).optional(),
-  llm: z.object({
-    provider: providerEnum,
-    model: z.string().optional(),
-    apiKey: z.string().optional(),
-    endpoint: z.string().optional(),
-    temperature: z.number().min(0).max(2).optional(),
-    maxTokens: z.number().optional(),
-  }),
-  strategy: z.object({
-    file: z.string().optional(),
-    code: z.string().optional(),
-    template: z.string().optional(),
-    venues: z.array(z.string()).optional(),
-    prompt: z.object({
-      name: z.string().optional(),
-      systemPrompt: z.string().min(1),
-      venues: z.array(z.string()).optional(),
-    }).optional(),
-  }),
-  trading: z.object({
-    mode: z.enum(['live', 'paper']).default('paper'),
-    timeHorizon: z.enum(['intraday', 'swing', 'position']).default('swing'),
-    maxPositionSizeBps: z.number().min(100).max(10000).default(2000),
-    maxDailyLossBps: z.number().min(0).max(10000).default(500),
-    maxConcurrentPositions: z.number().min(1).max(100).default(5),
-    tradingIntervalMs: z.number().min(1000).default(60000),
-    maxSlippageBps: z.number().min(10).max(1000).default(100),
-    minTradeValueUSD: z.number().min(0).default(10),
-    initialCapitalUSD: z.number().optional(),
-  }),
-  venues: z.object({
-    hyperliquid_perp: z.object({
-      enabled: z.boolean().default(false),
-      apiUrl: z.string().default('https://api.hyperliquid.xyz'),
-      wsUrl: z.string().default('wss://api.hyperliquid.xyz/ws'),
-      maxLeverage: z.number().min(1).max(50).default(10),
-      maxNotionalUSD: z.number().default(50_000),
-      allowedInstruments: z.array(z.string()).optional(),
-    }).optional(),
-    polymarket: z.object({
-      enabled: z.boolean().default(false),
-      clobApiUrl: z.string().default('https://clob.polymarket.com'),
-      gammaApiUrl: z.string().default('https://gamma-api.polymarket.com'),
-      maxNotionalUSD: z.number().default(1_000),
-      maxTotalExposureUSD: z.number().default(5_000),
-      allowedCategories: z.array(z.string()).optional(),
-    }).optional(),
-    spot: z.object({
-      enabled: z.boolean().default(false),
-      chains: z.array(z.string()).default(['base']),
-      defaultChain: z.string().default('base'),
-      maxSlippageBps: z.number().min(1).max(1000).default(50),
-      maxSwapValueUSD: z.number().default(10_000),
-    }).optional(),
-    bridge: z.object({
-      enabled: z.boolean().default(false),
-      defaultBridge: z.string().default('across'),
-      maxBridgeValueUSD: z.number().default(10_000),
-      fillTimeoutMs: z.number().default(300_000),
-      pollIntervalMs: z.number().default(2_000),
-    }).optional(),
-  }).optional(),
-  relay: z.object({
-    url: z.string(),
-    heartbeatIntervalMs: z.number().default(30000),
-    reconnectMaxAttempts: z.number().default(50),
-  }),
-  llmBudget: z.object({
-    maxDailyTokens: z.number().optional(),
-  }).optional(),
-  rpcOverrides: z.record(z.string()).optional(),
-  logging: z.object({
-    level: z.enum(['debug', 'info', 'warn', 'error']).default('info'),
-    json: z.boolean().default(true),
-  }).optional(),
-});
-
-const configFileSchema = z.object({
-  agentId: z.string(),
-  apiUrl: z.string().url(),
-  apiToken: z.string().min(1).optional(),
-  wallet: z.object({
-    privateKey: z.string().regex(/^0x[a-fA-F0-9]{64}$/),
-  }).optional(),
-  llm: z.object({
-    provider: providerEnum.optional(),
-    model: z.string().optional(),
-    apiKey: z.string().optional(),
-    endpoint: z.string().optional(),
-    temperature: z.number().min(0).max(2).optional(),
-    maxTokens: z.number().optional(),
-  }).default({}),
-  strategy: z.object({
-    file: z.string().optional(),
-    code: z.string().optional(),
-    template: z.string().optional(),
-    venues: z.array(z.string()).optional(),
-    prompt: z.object({
-      name: z.string().optional(),
-      systemPrompt: z.string().min(1),
-      venues: z.array(z.string()).optional(),
-    }).optional(),
-  }),
-  trading: runtimeSchema.shape.trading,
-  venues: runtimeSchema.shape.venues,
-  relay: runtimeSchema.shape.relay,
-  llmBudget: runtimeSchema.shape.llmBudget,
-  rpcOverrides: runtimeSchema.shape.rpcOverrides,
-  logging: runtimeSchema.shape.logging,
-  secrets: z.object({
-    bootstrapToken: z.string().optional(),
-    bootstrapExpiresAt: z.string().optional(),
-    secureStorePath: z.string().optional(),
-  }).optional(),
-});
-
-const secureStoreSchema = z.object({
-  version: z.literal(1),
-  algorithm: z.literal('aes-256-gcm'),
-  kdf: z.object({
-    name: z.literal('scrypt'),
-    salt: z.string(),
-    keyLength: z.literal(32),
-    cost: z.number().int().positive(),
-    blockSize: z.number().int().positive(),
-    parallelization: z.number().int().positive(),
-  }),
-  iv: z.string(),
-  ciphertext: z.string(),
-  authTag: z.string(),
-});
-
-export type RuntimeConfigFile = z.infer<typeof configFileSchema>;
-
-const DEFAULT_SCRYPT_COST = 16384;
-const DEFAULT_SCRYPT_BLOCK_SIZE = 8;
-const DEFAULT_SCRYPT_PARALLELIZATION = 1;
-
-function expandHomeDir(path: string): string {
-  if (!path.startsWith('~/')) return path;
-  return resolve(homedir(), path.slice(2));
-}
-
-export function getDefaultSecureStorePath(agentId: string): string {
-  return resolve(homedir(), '.exagent', 'agents', agentId, 'secrets.json');
-}
-
-export function readConfigFile(path: string = 'agent-config.json'): RuntimeConfigFile {
-  if (!existsSync(path)) {
-    throw new Error(`Config file not found: ${path}. Run 'exagent init' first.`);
-  }
-
-  let parsed: unknown;
-  try {
-    parsed = JSON.parse(readFileSync(path, 'utf-8'));
-  } catch {
-    throw new Error(`Invalid JSON in ${path}`);
-  }
-
-  const result = configFileSchema.safeParse(parsed);
-  if (!result.success) {
-    const issues = result.error.issues.map((issue) => `  ${issue.path.join('.')}: ${issue.message}`).join('\n');
-    throw new Error(`Invalid config file:\n${issues}`);
-  }
-
-  return result.data;
-}
-
-export function writeConfigFile(path: string, config: RuntimeConfigFile): void {
-  writeFileSync(path, JSON.stringify(config, null, 2));
-}
-
-export function encryptSecretPayload(payload: LocalSecretPayload, password: string): SecureStoreFile {
-  const salt = randomBytes(16);
-  const iv = randomBytes(12);
-  const key = scryptSync(password, salt, 32, {
-    N: DEFAULT_SCRYPT_COST,
-    r: DEFAULT_SCRYPT_BLOCK_SIZE,
-    p: DEFAULT_SCRYPT_PARALLELIZATION,
-  });
-
-  const cipher = createCipheriv('aes-256-gcm', key, iv);
-  const plaintext = Buffer.from(JSON.stringify(payload), 'utf8');
-  const ciphertext = Buffer.concat([cipher.update(plaintext), cipher.final()]);
-
-  return {
-    version: 1,
-    algorithm: 'aes-256-gcm',
-    kdf: {
-      name: 'scrypt',
-      salt: salt.toString('hex'),
-      keyLength: 32,
-      cost: DEFAULT_SCRYPT_COST,
-      blockSize: DEFAULT_SCRYPT_BLOCK_SIZE,
-      parallelization: DEFAULT_SCRYPT_PARALLELIZATION,
-    },
-    iv: iv.toString('hex'),
-    ciphertext: ciphertext.toString('hex'),
-    authTag: cipher.getAuthTag().toString('hex'),
-  };
-}
-
-export function decryptSecretPayload(path: string, password: string): LocalSecretPayload {
-  const secureStorePath = expandHomeDir(path);
-  if (!existsSync(secureStorePath)) {
-    throw new Error(`Encrypted secret store not found: ${secureStorePath}`);
-  }
-
-  let parsed: unknown;
-  try {
-    parsed = JSON.parse(readFileSync(secureStorePath, 'utf-8'));
-  } catch {
-    throw new Error(`Invalid JSON in encrypted secret store: ${secureStorePath}`);
-  }
-
-  const result = secureStoreSchema.safeParse(parsed);
-  if (!result.success) {
-    const issues = result.error.issues.map((issue) => `  ${issue.path.join('.')}: ${issue.message}`).join('\n');
-    throw new Error(`Invalid encrypted secret store:\n${issues}`);
-  }
-
-  const store = result.data;
-  const key = scryptSync(password, Buffer.from(store.kdf.salt, 'hex'), store.kdf.keyLength, {
-    N: store.kdf.cost,
-    r: store.kdf.blockSize,
-    p: store.kdf.parallelization,
-  });
-
-  try {
-    const decipher = createDecipheriv(store.algorithm, key, Buffer.from(store.iv, 'hex'));
-    decipher.setAuthTag(Buffer.from(store.authTag, 'hex'));
-    const plaintext = Buffer.concat([
-      decipher.update(Buffer.from(store.ciphertext, 'hex')),
-      decipher.final(),
-    ]);
-    return JSON.parse(plaintext.toString('utf8')) as LocalSecretPayload;
-  } catch {
-    throw new Error('Unable to decrypt local secret store. Check your password.');
-  }
-}
-
-export async function loadConfig(path: string = 'agent-config.json', options: LoadConfigOptions = {}): Promise<RuntimeConfig> {
-  const parsed = readConfigFile(path);
-  const config = structuredClone(parsed) as RuntimeConfigFile & Record<string, unknown>;
-  const llm = { ...(config.llm || {}) } as Record<string, unknown>;
-
-  if (process.env.EXAGENT_LLM_PROVIDER) llm.provider = process.env.EXAGENT_LLM_PROVIDER;
-  if (process.env.EXAGENT_LLM_MODEL) llm.model = process.env.EXAGENT_LLM_MODEL;
-  if (process.env.EXAGENT_LLM_API_KEY) llm.apiKey = process.env.EXAGENT_LLM_API_KEY;
-  if (process.env.EXAGENT_API_URL) config.apiUrl = process.env.EXAGENT_API_URL;
-  if (process.env.EXAGENT_API_TOKEN) config.apiToken = process.env.EXAGENT_API_TOKEN;
-  if (process.env.EXAGENT_WALLET_PRIVATE_KEY) {
-    config.wallet = { privateKey: process.env.EXAGENT_WALLET_PRIVATE_KEY };
-  }
-
-  if ((!config.apiToken || !llm.apiKey || !config.wallet) && parsed.secrets?.secureStorePath) {
-    const password = process.env.EXAGENT_SECRET_PASSWORD || await options.getSecretPassword?.();
-    if (!password) {
-      throw new Error('Encrypted secret store found, but no password was provided.');
-    }
-
-    const secrets = decryptSecretPayload(parsed.secrets.secureStorePath, password);
-    if (!config.apiToken) config.apiToken = secrets.apiToken;
-    if (!config.wallet && secrets.walletPrivateKey) config.wallet = { privateKey: secrets.walletPrivateKey };
-    if (!llm.apiKey && secrets.llmApiKey) llm.apiKey = secrets.llmApiKey;
-  }
-
-  if ((!config.apiToken || !llm.apiKey || !config.wallet) && parsed.secrets?.bootstrapToken && !parsed.secrets?.secureStorePath) {
-    throw new Error(`Config ${path} still requires first-time secure setup. Run 'exagent setup --config ${path}' or start the agent interactively.`);
-  }
-
-  config.llm = llm;
-
-  const rpcOverrides: Record<string, string> = (config.rpcOverrides as Record<string, string>) || {};
-  if (process.env.EXAGENT_RPC_BASE) rpcOverrides.base = process.env.EXAGENT_RPC_BASE;
-  if (process.env.EXAGENT_RPC_ARBITRUM) rpcOverrides.arbitrum = process.env.EXAGENT_RPC_ARBITRUM;
-  if (process.env.EXAGENT_RPC_POLYGON) rpcOverrides.polygon = process.env.EXAGENT_RPC_POLYGON;
-  if (process.env.EXAGENT_RPC_ETHEREUM) rpcOverrides.ethereum = process.env.EXAGENT_RPC_ETHEREUM;
-  if (Object.keys(rpcOverrides).length > 0) {
-    config.rpcOverrides = rpcOverrides;
-  }
-
-  const result = runtimeSchema.safeParse(config);
-  if (!result.success) {
-    const issues = result.error.issues.map((issue) => `  ${issue.path.join('.')}: ${issue.message}`).join('\n');
-    throw new Error(`Invalid config:\n${issues}`);
-  }
-
-  return result.data;
-}
-
-export function updateSecureStore(
-  path: string,
-  password: string,
-  updates: Partial<LocalSecretPayload>,
-): void {
-  const secrets = decryptSecretPayload(path, password);
-  const updated = { ...secrets, ...updates };
-  const encrypted = encryptSecretPayload(updated, password);
-  const secureStorePath = expandHomeDir(path);
-  writeFileSync(secureStorePath, JSON.stringify(encrypted, null, 2), { mode: 0o600 });
-  try {
-    chmodSync(secureStorePath, 0o600);
-  } catch {
-    // Best effort
-  }
-}
-
-export function generateSampleConfig(agentId: string, apiUrl: string): string {
-  const config: RuntimeConfigFile = {
-    agentId,
-    apiUrl,
-    llm: {},
-    strategy: {
-      template: 'momentum',
-    },
-    trading: {
-      mode: 'paper',
-      timeHorizon: 'swing',
-      maxPositionSizeBps: 2000,
-      maxDailyLossBps: 500,
-      maxConcurrentPositions: 5,
-      tradingIntervalMs: 60000,
-      maxSlippageBps: 100,
-      minTradeValueUSD: 10,
-      initialCapitalUSD: 10000,
-    },
-    venues: {
-      hyperliquid_perp: {
-        enabled: false,
-        apiUrl: 'https://api.hyperliquid.xyz',
-        wsUrl: 'wss://api.hyperliquid.xyz/ws',
-        maxLeverage: 10,
-        maxNotionalUSD: 50000,
-      },
-      polymarket: {
-        enabled: false,
-        clobApiUrl: 'https://clob.polymarket.com',
-        gammaApiUrl: 'https://gamma-api.polymarket.com',
-        maxNotionalUSD: 1000,
-        maxTotalExposureUSD: 5000,
-      },
-      spot: {
-        enabled: false,
-        chains: ['base'],
-        defaultChain: 'base',
-        maxSlippageBps: 50,
-        maxSwapValueUSD: 10000,
-      },
-      bridge: {
-        enabled: false,
-        defaultBridge: 'across',
-        maxBridgeValueUSD: 10000,
-        fillTimeoutMs: 300000,
-        pollIntervalMs: 2000,
-      },
-    },
-    relay: {
-      url: apiUrl.replace(/^http/, 'ws') + '/ws/agent',
-      heartbeatIntervalMs: 30000,
-      reconnectMaxAttempts: 50,
-    },
-    secrets: {
-      secureStorePath: getDefaultSecureStorePath(agentId),
-    },
-  };
-
-  return JSON.stringify(config, null, 2);
-}
-
-export function writeSampleConfig(agentId: string, apiUrl: string, path: string = 'agent-config.json'): void {
-  writeFileSync(path, generateSampleConfig(agentId, apiUrl));
-}