npm - @farazirfan/costar-server-executor - Versions diffs - 1.7.20 → 1.7.22 - Mend

@farazirfan/costar-server-executor 1.7.20 → 1.7.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/agent/agent.d.ts +18 -0
package/dist/agent/agent.d.ts.map +1 -1
package/dist/agent/agent.js +70 -0
package/dist/agent/agent.js.map +1 -1
package/dist/web-server.d.ts.map +1 -1
package/dist/web-server.js +137 -0
package/dist/web-server.js.map +1 -1
package/package.json +1 -1
package/public/index.html +316 -0
package/skills/coinbase/LEARNING.md +117 -0
package/skills/coinbase/SKILL.md +217 -0
package/skills/coinbase/references/api-reference.md +124 -0
package/skills/coinbase/references/order-types.md +150 -0
package/skills/coinbase/references/products.md +93 -0
package/skills/coinbase/scripts/coinbase-trade.ts +274 -0
package/skills/trading/SKILL.md +2 -4

package/public/index.html CHANGED Viewed

@@ -1034,6 +1034,25 @@
               <div class="loading-center"><div class="spinner"></div></div>
             </div>
           </div>
+          <!-- Session Management Card -->
+          <div class="card">
+            <div class="card-header">
+              <h3>Agent Session</h3>
+              <button class="btn btn-sm" onclick="loadSessionInfo()">Refresh</button>
+            </div>
+            <div class="config-list" id="session-info">
+              <div class="loading-center"><div class="spinner"></div></div>
+            </div>
+            <div style="padding: 0 16px 16px; display: flex; gap: 10px; flex-wrap: wrap;">
+              <button class="btn btn-sm btn-primary" id="compact-btn" onclick="triggerCompaction()">
+                &#128230; Compact Session
+              </button>
+              <button class="btn btn-sm btn-danger" id="reset-session-btn" onclick="triggerResetSession()">
+                &#128465; Reset Session
+              </button>
+            </div>
+          </div>
         </div>
         <!-- ═══ Chat Page ═══ -->
@@ -1142,6 +1161,30 @@
         <!-- ═══ Settings Page ═══ -->
         <div class="page" id="page-settings">
+          <div class="card">
+            <div class="card-header">
+              <h3>Environment Variables</h3>
+              <div style="display:flex;gap:8px;">
+                <button class="btn btn-sm" onclick="loadEnvVariables()">Refresh</button>
+                <button class="btn btn-sm btn-primary" onclick="openEnvModal()">+ Add Variable</button>
+              </div>
+            </div>
+            <div class="table-wrap">
+              <table>
+                <thead>
+                  <tr>
+                    <th>Key</th>
+                    <th>Value</th>
+                    <th>Actions</th>
+                  </tr>
+                </thead>
+                <tbody id="env-table-body">
+                  <tr><td colspan="3"><div class="loading-center"><div class="spinner"></div></div></td></tr>
+                </tbody>
+              </table>
+            </div>
+          </div>
           <div class="card">
             <div class="card-header">
               <h3>Configuration</h3>
@@ -1211,6 +1254,25 @@
     </div>
   </div>
+  <!-- Environment Variable Modal -->
+  <div class="modal-overlay" id="env-modal">
+    <div class="modal">
+      <h3 id="env-modal-title">Add Environment Variable</h3>
+      <div class="form-group">
+        <label>Key (UPPERCASE_WITH_UNDERSCORES)</label>
+        <input type="text" id="env-key" placeholder="e.g. MY_API_KEY" style="text-transform:uppercase;" />
+      </div>
+      <div class="form-group">
+        <label>Value</label>
+        <input type="text" id="env-value" placeholder="Enter value..." />
+      </div>
+      <div class="modal-actions">
+        <button class="btn" onclick="closeEnvModal()">Cancel</button>
+        <button class="btn btn-primary" onclick="saveEnvVariable()">Save</button>
+      </div>
+    </div>
+  </div>
   <script>
     /* ═══════════════════════════════════════════════
      *  CoStar Dashboard - Client-side JS
@@ -1320,11 +1382,105 @@
           row('Cron Scheduler', cronStatus.isRunning ? 'Running' : 'Stopped'),
           row('Cron Last Check', cronStatus.lastCheckAt ? new Date(cronStatus.lastCheckAt).toLocaleString() : 'Never'),
         ].join('');
+        // Load session info alongside dashboard
+        loadSessionInfo();
       } catch (err) {
         document.getElementById('system-info').innerHTML = `<div style="color:var(--red);padding:12px;">Error: ${esc(err.message)}</div>`;
       }
     }
+    // ─── Agent Session Management ─────────────────────
+    async function loadSessionInfo() {
+      try {
+        const info = await api('/api/agent/session');
+        const el = document.getElementById('session-info');
+        if (!el) return;
+        el.innerHTML = [
+          row('Session ID', info.sessionId),
+          row('Session File', info.exists ? 'Exists' : 'Not created yet'),
+          row('File Size', info.exists ? `${info.sizeKB} KB (${info.sizeBytes.toLocaleString()} bytes)` : '--'),
+          row('Conversation Length', `${info.conversationLength} messages`),
+          row('Status', info.isBusy ? '⏳ Busy' : '✅ Idle'),
+        ].join('');
+        // Disable buttons if busy
+        const compactBtn = document.getElementById('compact-btn');
+        const resetBtn = document.getElementById('reset-session-btn');
+        if (compactBtn) compactBtn.disabled = info.isBusy;
+        if (resetBtn) resetBtn.disabled = info.isBusy;
+      } catch (err) {
+        const el = document.getElementById('session-info');
+        if (el) el.innerHTML = `<div style="color:var(--red);padding:12px;">Error: ${esc(err.message)}</div>`;
+      }
+    }
+    async function triggerCompaction() {
+      const btn = document.getElementById('compact-btn');
+      if (!btn) return;
+      if (!confirm('Compact the agent session? This will summarize older messages to reduce context size.')) return;
+      btn.disabled = true;
+      const origText = btn.innerHTML;
+      btn.innerHTML = '&#9203; Compacting...';
+      try {
+        const result = await api('/api/agent/compact', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+        });
+        if (result.compacted) {
+          const before = result.result?.tokensBefore?.toLocaleString() ?? '?';
+          const after = result.result?.tokensAfter?.toLocaleString() ?? '?';
+          alert(`Compaction successful!\n\nTokens: ${before} → ${after}`);
+        } else {
+          alert(`Compaction did not reduce size: ${result.reason || 'Unknown reason'}`);
+        }
+        // Refresh session info
+        await loadSessionInfo();
+      } catch (err) {
+        alert(`Compaction failed: ${err.message}`);
+      } finally {
+        btn.disabled = false;
+        btn.innerHTML = origText;
+      }
+    }
+    async function triggerResetSession() {
+      const btn = document.getElementById('reset-session-btn');
+      if (!btn) return;
+      if (!confirm('⚠️ Reset the agent session?\n\nThis will delete the conversation history. The agent will start fresh on the next turn.\n\nThis action cannot be undone.')) return;
+      btn.disabled = true;
+      const origText = btn.innerHTML;
+      btn.innerHTML = '&#9203; Resetting...';
+      try {
+        const result = await api('/api/agent/reset-session', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+        });
+        if (result.success) {
+          alert('Session reset successfully. The agent will start fresh on the next turn.');
+        } else {
+          alert(`Reset failed: ${result.error || 'Unknown error'}`);
+        }
+        // Refresh session info
+        await loadSessionInfo();
+      } catch (err) {
+        alert(`Reset failed: ${err.message}`);
+      } finally {
+        btn.disabled = false;
+        btn.innerHTML = origText;
+      }
+    }
     // ─── Update Banner ────────────────────────────────
     async function renderUpdateBanner(versionInfo) {
       const container = document.getElementById('update-banner-container');
@@ -2072,6 +2228,166 @@
       } catch (err) {
         document.getElementById('settings-config').innerHTML = `<div style="color:var(--red);padding:12px;">Error: ${esc(err.message)}</div>`;
       }
+      // Also load env variables
+      loadEnvVariables();
+    }
+    // ─── Environment Variables ───────────────────────
+    let envVariables = [];
+    async function loadEnvVariables() {
+      try {
+        const data = await api('/api/env');
+        envVariables = data.variables || [];
+        const tbody = document.getElementById('env-table-body');
+        if (envVariables.length === 0) {
+          tbody.innerHTML = `<tr><td colspan="3"><div class="empty-state"><div class="empty-icon">&#128295;</div><p>No environment variables configured.</p></div></td></tr>`;
+          return;
+        }
+        tbody.innerHTML = envVariables.map((env, idx) => {
+          const valueDisplay = env.masked
+            ? `<span style="font-family:var(--mono);color:var(--text-muted);" id="env-value-${idx}">${esc(env.value)}</span>
+               <button class="btn btn-sm" onclick="revealEnvValue('${esc(env.key)}', ${idx})" id="env-reveal-${idx}" style="margin-left:8px;">&#128065; Reveal</button>`
+            : `<span style="font-family:var(--mono);">${esc(env.value)}</span>`;
+          return `<tr>
+            <td><code style="font-size:13px;color:var(--accent);">${esc(env.key)}</code></td>
+            <td>${valueDisplay}</td>
+            <td>
+              <button class="btn btn-sm" onclick="editEnvVariable('${esc(env.key)}')">Edit</button>
+              <button class="btn btn-sm btn-danger" onclick="deleteEnvVariable('${esc(env.key)}')">Delete</button>
+            </td>
+          </tr>`;
+        }).join('');
+      } catch (err) {
+        document.getElementById('env-table-body').innerHTML = `<tr><td colspan="3" style="color:var(--red);padding:16px;">Error: ${esc(err.message)}</td></tr>`;
+      }
+    }
+    async function revealEnvValue(key, idx) {
+      try {
+        const btn = document.getElementById(`env-reveal-${idx}`);
+        const valueEl = document.getElementById(`env-value-${idx}`);
+        if (!btn || !valueEl) return;
+        // If already revealed, hide it again
+        if (btn.textContent.includes('Hide')) {
+          const maskedVar = envVariables[idx];
+          valueEl.textContent = maskedVar.value;
+          btn.innerHTML = '&#128065; Reveal';
+          return;
+        }
+        btn.disabled = true;
+        btn.textContent = 'Loading...';
+        const data = await api(`/api/env/${encodeURIComponent(key)}`);
+        valueEl.textContent = data.value;
+        btn.disabled = false;
+        btn.innerHTML = '&#128065; Hide';
+        // Auto-hide after 10 seconds
+        setTimeout(() => {
+          if (btn.textContent.includes('Hide')) {
+            const maskedVar = envVariables[idx];
+            valueEl.textContent = maskedVar.value;
+            btn.innerHTML = '&#128065; Reveal';
+          }
+        }, 10000);
+      } catch (err) {
+        alert('Failed to reveal value: ' + err.message);
+        const btn = document.getElementById(`env-reveal-${idx}`);
+        if (btn) {
+          btn.disabled = false;
+          btn.innerHTML = '&#128065; Reveal';
+        }
+      }
+    }
+    function openEnvModal() {
+      document.getElementById('env-modal').classList.add('open');
+      document.getElementById('env-modal-title').textContent = 'Add Environment Variable';
+      document.getElementById('env-key').value = '';
+      document.getElementById('env-key').disabled = false;
+      document.getElementById('env-value').value = '';
+      document.getElementById('env-key').dataset.editMode = 'false';
+    }
+    function closeEnvModal() {
+      document.getElementById('env-modal').classList.remove('open');
+    }
+    function editEnvVariable(key) {
+      const envVar = envVariables.find(e => e.key === key);
+      if (!envVar) return;
+      document.getElementById('env-modal').classList.add('open');
+      document.getElementById('env-modal-title').textContent = 'Edit Environment Variable';
+      document.getElementById('env-key').value = key;
+      document.getElementById('env-key').disabled = true; // Can't change key when editing
+      document.getElementById('env-value').value = ''; // Don't pre-fill for security
+      document.getElementById('env-value').placeholder = 'Enter new value...';
+      document.getElementById('env-key').dataset.editMode = 'true';
+    }
+    async function saveEnvVariable() {
+      const keyInput = document.getElementById('env-key');
+      const valueInput = document.getElementById('env-value');
+      const key = keyInput.value.trim().toUpperCase();
+      const value = valueInput.value.trim();
+      const isEdit = keyInput.dataset.editMode === 'true';
+      if (!key) {
+        alert('Key is required.');
+        return;
+      }
+      if (!value) {
+        alert('Value is required.');
+        return;
+      }
+      // Validate key format
+      if (!/^[A-Z0-9_]+$/.test(key)) {
+        alert('Key must contain only uppercase letters, numbers, and underscores.');
+        return;
+      }
+      try {
+        if (isEdit) {
+          await api(`/api/env/${encodeURIComponent(key)}`, {
+            method: 'PUT',
+            body: JSON.stringify({ value }),
+          });
+        } else {
+          await api('/api/env', {
+            method: 'POST',
+            body: JSON.stringify({ key, value }),
+          });
+        }
+        closeEnvModal();
+        loadEnvVariables();
+      } catch (err) {
+        alert('Failed to save: ' + err.message);
+      }
+    }
+    async function deleteEnvVariable(key) {
+      if (!confirm(`Delete environment variable "${key}"?\n\nThis will remove it from ~/.costar/.env and the current process.`)) {
+        return;
+      }
+      try {
+        await api(`/api/env/${encodeURIComponent(key)}`, { method: 'DELETE' });
+        loadEnvVariables();
+      } catch (err) {
+        alert('Failed to delete: ' + err.message);
+      }
     }
     // ─── Utilities ───────────────────────────────────

package/skills/coinbase/LEARNING.md ADDED Viewed

@@ -0,0 +1,117 @@
+# Coinbase Trading Journal
+> **Read this before every Coinbase operation.** Update after every trade.
+> Never delete entries — mark outdated ones as `[OUTDATED]` with date and reason.
+---
+## Trade Log
+| Date | Pair | Side | Type | Size | Fill Price | Fees | P&L | Notes |
+|------|------|------|------|------|------------|------|-----|-------|
+| *(No trades yet)* | | | | | | | | |
+---
+## API Quirks & Gotchas
+> Things that tripped you up. Save others (your future self) the pain.
+1. All numeric values must be strings — `"100.00"` not `100`
+2. HTTP 200 doesn't mean success — always check `order.success`
+3. Duplicate `client_order_id` returns existing order, not error
+*(Add more as you discover them)*
+---
+## Fee Insights
+> Track fee rates and patterns to optimize execution.
+- **Current fee tier:** *Unknown — check with `getTransactionSummary()`*
+- **Maker rate:** *TBD*
+- **Taker rate:** *TBD*
+<!--
+- [DATE] Fee observation. Example: post_only limit orders save 0.2% in fees vs market orders
+-->
+---
+## Order Patterns That Work
+> Reusable patterns you've validated with real trades.
+<!--
+- [DATE] PATTERN: description. PAIR: which pair. RESULT: outcome.
+Example:
+- [2026-02-14] PATTERN: Limit buy 0.5% below current price with GTD 1-hour expiry. PAIR: BTC-USD. RESULT: Filled 70% of the time, saved avg $15 in slippage vs market orders.
+-->
+---
+## Order Patterns That Failed
+> Equally important — what NOT to do.
+<!--
+- [DATE] PATTERN: description. PAIR: which pair. PROBLEM: what went wrong.
+Example:
+- [2026-02-14] PATTERN: Market sell large SOL position ($5000). PAIR: SOL-USD. PROBLEM: 1.2% slippage due to thin order book. Should have used limit or split into smaller orders.
+-->
+---
+## Product-Specific Notes
+> Observations about specific trading pairs.
+<!--
+- [DATE] PRODUCT: observation
+Example:
+- [2026-02-14] BTC-USD: min order $1, base_increment 0.00000001, quote_increment 0.01
+- [2026-02-14] SOL-USD: wider spreads after hours, better to trade during US market hours
+-->
+---
+## Scripts I've Created
+| Script | Purpose | Works Well? | Last Modified |
+|--------|---------|-------------|---------------|
+| *(None yet)* | | | |
+---
+## Mistakes to Never Repeat
+1. *(Will accumulate from real trading)*
+---
+## Performance Summary
+### All Time
+- **Total Trades:** 0
+- **Total Fees Paid:** $0
+- **Net P&L:** $0
+- **Avg Slippage:** N/A
+### Current Week
+- **Trades:** 0
+- **Fees:** $0
+- **P&L:** $0
+---
+## Open Questions
+1. What are the actual minimum order sizes for each product?
+2. How much slippage to expect on market orders for different pair sizes?
+3. What's the optimal order type for different trade sizes?
+4. When does `post_only` get rejected vs filled?
+---
+> Every entry makes your next trade better. Record everything.

package/skills/coinbase/SKILL.md ADDED Viewed

@@ -0,0 +1,217 @@
+---
+name: coinbase
+description: "Execute real trades on Coinbase Advanced Trade. Supports market, limit, stop-limit, and bracket orders for crypto. Handles account balances, order management, price data, portfolio tracking, and fee estimation. Use when the user wants to buy/sell crypto, check balances, place orders, manage positions, or do anything on Coinbase."
+metadata:
+  emoji: "🪙"
+  requires:
+    env: ["COINBASE_API_KEY", "COINBASE_API_SECRET"]
+---
+# Coinbase Trading Executor
+You can execute real trades on Coinbase using the Advanced Trade API. This is real money — be precise, confirm with the user, and never skip risk checks.
+## CRITICAL: Always Read LEARNING.md First
+**Before ANY Coinbase action, read [LEARNING.md](LEARNING.md).** It contains API quirks you've discovered, order patterns that work, mistakes to avoid, and fee insights from real trades.
+## Authentication
+The user's Coinbase API credentials are available as environment variables:
+- `COINBASE_API_KEY` — format: `organizations/{org_id}/apiKeys/{key_id}`
+- `COINBASE_API_SECRET` — EC private key in PEM format
+These use **CDP (Coinbase Developer Platform) keys** with **ES256 JWT** authentication. The `coinbase-api` npm package handles JWT generation internally.
+## Setup
+Before first use, ensure the SDK is installed in the workspace:
+```bash
+npm list coinbase-api 2>/dev/null || npm install coinbase-api
+```
+## How to Execute Trades
+All Coinbase operations use TypeScript/JavaScript scripts via `execute_code` or shell commands. Use the `coinbase-api` package:
+```typescript
+import { CBAdvancedTradeClient } from 'coinbase-api';
+const client = new CBAdvancedTradeClient({
+  apiKey: process.env.COINBASE_API_KEY,
+  apiSecret: process.env.COINBASE_API_SECRET,
+});
+```
+## Execution Workflow
+```
+- [ ] Step 1: Read LEARNING.md
+- [ ] Step 2: Verify balances and account status
+- [ ] Step 3: Get current price and market data
+- [ ] Step 4: Preview the order (estimate fees/slippage)
+- [ ] Step 5: Execute the order
+- [ ] Step 6: Verify order fill and record result
+- [ ] Step 7: Update LEARNING.md
+```
+### Step 2: Check Balances
+```typescript
+const accounts = await client.getAccounts();
+for (const acct of accounts.accounts) {
+  if (parseFloat(acct.available_balance.value) > 0) {
+    console.log(`${acct.currency}: ${acct.available_balance.value}`);
+  }
+}
+```
+### Step 3: Get Price Data
+```typescript
+// Current price
+const product = await client.getProduct({ product_id: 'BTC-USD' });
+console.log(`Price: $${product.price}, 24h change: ${product.price_percentage_change_24h}%`);
+// Best bid/ask spread
+const spread = await client.getBestBidAsk({ product_ids: ['BTC-USD'] });
+// OHLCV candles (last 24h, 1-hour granularity)
+const candles = await client.getProductCandles({
+  product_id: 'BTC-USD',
+  start: String(Math.floor(Date.now() / 1000) - 86400),
+  end: String(Math.floor(Date.now() / 1000)),
+  granularity: 'ONE_HOUR',
+});
+```
+### Step 4: Preview Order
+**Always preview before executing.** This shows estimated fees and slippage:
+```typescript
+const preview = await client.previewOrder({
+  product_id: 'BTC-USD',
+  side: 'BUY',
+  order_configuration: {
+    market_market_ioc: { quote_size: '100.00' },
+  },
+});
+// Shows: quote_size, base_size, best_bid, best_ask, total_fees, slippage
+```
+### Step 5: Place Orders
+See [references/order-types.md](references/order-types.md) for all order types and configurations.
+**Market Buy** (spend $X of quote currency):
+```typescript
+const order = await client.submitOrder({
+  client_order_id: crypto.randomUUID(),
+  product_id: 'BTC-USD',
+  side: 'BUY',
+  order_configuration: {
+    market_market_ioc: { quote_size: '100.00' },  // spend $100
+  },
+});
+```
+**Market Sell** (sell X units of base asset):
+```typescript
+const order = await client.submitOrder({
+  client_order_id: crypto.randomUUID(),
+  product_id: 'BTC-USD',
+  side: 'SELL',
+  order_configuration: {
+    market_market_ioc: { base_size: '0.001' },  // sell 0.001 BTC
+  },
+});
+```
+**Limit Buy** (Good Till Cancel):
+```typescript
+const order = await client.submitOrder({
+  client_order_id: crypto.randomUUID(),
+  product_id: 'BTC-USD',
+  side: 'BUY',
+  order_configuration: {
+    limit_limit_gtc: {
+      base_size: '0.001',
+      limit_price: '95000.00',
+      post_only: false,
+    },
+  },
+});
+```
+### Step 6: Verify Order
+```typescript
+// Check response immediately
+if (order.success) {
+  const orderId = order.success_response.order_id;
+  // Get fill details
+  const status = await client.getOrder({ order_id: orderId });
+  console.log(`Status: ${status.status}, Filled: ${status.filled_size} @ ${status.average_filled_price}`);
+} else {
+  console.error(`Order failed: ${order.error_response.message}`);
+}
+```
+**IMPORTANT:** Coinbase returns HTTP 200 even on order failure. Always check `order.success === true`.
+### Step 7: Update LEARNING.md
+After every trade, record: asset, side, type, size, fill price, fees, outcome, and any API quirks encountered.
+## Order Management
+```typescript
+// List open orders
+const orders = await client.getOrders({ order_status: ['OPEN', 'PENDING'] });
+// Cancel specific orders
+const cancel = await client.cancelOrders({ order_ids: ['order-id-here'] });
+// Get fills (trade executions)
+const fills = await client.getFills({ order_id: 'order-id-here' });
+```
+## Portfolio & Fees
+```typescript
+// Portfolio breakdown
+const portfolios = await client.getPortfolios({});
+const breakdown = await client.getPortfolioBreakdown({ portfolio_id: portfolios.portfolios[0].uuid });
+// Fee tier info
+const fees = await client.getTransactionSummary({});
+// Shows: fee_tier, total_volume, maker_fee_rate, taker_fee_rate
+```
+## Critical Rules
+1. **ALWAYS preview orders before executing** — know the fees and slippage
+2. **All values are STRINGS** — `"100.00"` not `100`. The API rejects numbers.
+3. **client_order_id must be unique** — always use `crypto.randomUUID()`
+4. **Check `order.success`** — HTTP 200 doesn't mean order succeeded
+5. **Product ID format** — always `BASE-QUOTE` e.g. `BTC-USD`, `ETH-USD`, `SOL-USD`
+6. **Minimum order sizes vary** — check product details before ordering
+7. **Rate limits** — ~10 requests/second for private endpoints
+8. **Never place orders in a loop without delays** — respect rate limits
+9. **Log everything in LEARNING.md** — every trade, every error, every quirk
+## Reference Files
+- [references/order-types.md](references/order-types.md) — All order configurations with examples
+- [references/api-reference.md](references/api-reference.md) — Complete API endpoint list
+- [references/products.md](references/products.md) — Common trading pairs and their details
+## Self-Evolution
+You can modify any file in this skill:
+- Found an API quirk? Update LEARNING.md and references
+- Built a reusable script? Save it in `scripts/`
+- Discovered a better workflow? Update this SKILL.md
+- New order type pattern? Add to `references/order-types.md`