@swarmclawai/swarmclaw 0.7.7 → 0.8.0

package/src/app/api/tasks/import/github/route.ts

@@ -0,0 +1,337 @@
+import { NextResponse } from 'next/server'
+import { z } from 'zod'
+import { genId } from '@/lib/id'
+import { computeTaskFingerprint } from '@/lib/task-dedupe'
+import { formatZodError } from '@/lib/validation/schemas'
+import { loadSettings, loadTasks, logActivity, upsertStoredItems } from '@/lib/server/storage'
+import { notify } from '@/lib/server/ws-hub'
+import type { BoardTask } from '@/types'
+
+const MAX_IMPORT_LIMIT = 200
+const BODY_CHAR_LIMIT = 12_000
+
+const GitHubIssueImportSchema = z.object({
+  repo: z.string().trim().min(1, 'Repository is required'),
+  token: z.string().trim().optional().default(''),
+  state: z.enum(['open', 'closed', 'all']).optional().default('open'),
+  limit: z.coerce.number().int().min(1).max(MAX_IMPORT_LIMIT).optional().default(25),
+  labels: z.array(z.string()).optional().default([]),
+  projectId: z.string().trim().nullable().optional().default(null),
+  agentId: z.string().trim().nullable().optional().default(null),
+})
+
+type GitHubIssueLabel = string | { name?: string | null }
+
+interface GitHubIssueRecord {
+  id: number | string
+  number: number
+  title: string
+  body?: string | null
+  state?: string | null
+  html_url?: string | null
+  labels?: GitHubIssueLabel[]
+  assignee?: { login?: string | null } | null
+  user?: { login?: string | null } | null
+  pull_request?: unknown
+}
+
+interface ParsedRepo {
+  owner: string
+  repo: string
+  fullName: string
+}
+
+function getGitHubToken(explicitToken: string): string {
+  return explicitToken.trim()
+    || process.env.GITHUB_TOKEN
+    || process.env.GH_TOKEN
+    || process.env.GITHUB_PERSONAL_ACCESS_TOKEN
+    || ''
+}
+
+function normalizeLabelName(label: GitHubIssueLabel): string {
+  if (typeof label === 'string') return label.trim()
+  return String(label?.name || '').trim()
+}
+
+function normalizeTag(value: string): string {
+  return value.trim().replace(/\s+/g, ' ').slice(0, 60)
+}
+
+function toIssueSummary(issue: GitHubIssueRecord, taskId?: string) {
+  return {
+    taskId,
+    number: issue.number,
+    title: issue.title || `Issue ${issue.number}`,
+    url: issue.html_url || null,
+  }
+}
+
+export function parseGitHubRepoInput(input: string): ParsedRepo | null {
+  const trimmed = input.trim().replace(/\.git$/i, '')
+  if (!trimmed) return null
+
+  if (/^https?:\/\//i.test(trimmed)) {
+    try {
+      const url = new URL(trimmed)
+      if (!/github\.com$/i.test(url.hostname)) return null
+      const parts = url.pathname.split('/').filter(Boolean)
+      if (parts.length < 2) return null
+      const owner = parts[0]
+      const repo = parts[1].replace(/\.git$/i, '')
+      if (!owner || !repo) return null
+      return { owner, repo, fullName: `${owner}/${repo}` }
+    } catch {
+      return null
+    }
+  }
+
+  const compact = trimmed.replace(/^github\.com\//i, '')
+  const parts = compact.split('/').filter(Boolean)
+  if (parts.length < 2) return null
+  const owner = parts[0]
+  const repo = parts[1].replace(/\.git$/i, '')
+  if (!owner || !repo) return null
+  return { owner, repo, fullName: `${owner}/${repo}` }
+}
+
+export function buildGitHubIssueTaskTitle(issue: GitHubIssueRecord, repoFullName: string): string {
+  const title = issue.title?.trim() || `Issue ${issue.number}`
+  return `[${repoFullName}#${issue.number}] ${title}`
+}
+
+export function buildGitHubIssueTaskDescription(issue: GitHubIssueRecord, repoFullName: string): string {
+  const labels = (issue.labels || [])
+    .map(normalizeLabelName)
+    .filter(Boolean)
+  const header = [
+    `Imported from GitHub issue ${repoFullName}#${issue.number}`,
+    issue.html_url ? `URL: ${issue.html_url}` : '',
+    issue.state ? `State: ${issue.state}` : '',
+    labels.length > 0 ? `Labels: ${labels.join(', ')}` : '',
+    issue.assignee?.login ? `Assignee: ${issue.assignee.login}` : '',
+    issue.user?.login ? `Opened by: ${issue.user.login}` : '',
+  ]
+    .filter(Boolean)
+    .join('\n')
+
+  const rawBody = String(issue.body || '').trim()
+  if (!rawBody) return header
+
+  const body = rawBody.length > BODY_CHAR_LIMIT
+    ? `${rawBody.slice(0, BODY_CHAR_LIMIT).trimEnd()}\n\n[Truncated during import]`
+    : rawBody
+
+  return `${header}\n\n${body}`
+}
+
+export function buildGitHubIssueTaskTags(issue: GitHubIssueRecord, repoFullName: string): string[] {
+  const raw = [
+    'github',
+    repoFullName,
+    ...(issue.labels || []).map(normalizeLabelName),
+  ]
+  return Array.from(new Set(raw.map(normalizeTag).filter(Boolean))).slice(0, 8)
+}
+
+function findExistingImportedTask(
+  tasks: Record<string, BoardTask>,
+  repoFullName: string,
+  issueNumber: number,
+): BoardTask | null {
+  for (const task of Object.values(tasks)) {
+    if (task.sourceType !== 'import') continue
+    if (task.externalSource?.source !== 'github') continue
+    if (task.externalSource?.repo !== repoFullName) continue
+    if (task.externalSource?.number !== issueNumber) continue
+    return task
+  }
+  return null
+}
+
+async function fetchGitHubIssues(args: {
+  owner: string
+  repo: string
+  state: 'open' | 'closed' | 'all'
+  limit: number
+  labels: string[]
+  token: string
+}): Promise<GitHubIssueRecord[]> {
+  const headers: Record<string, string> = {
+    Accept: 'application/vnd.github+json',
+    'User-Agent': 'SwarmClaw',
+    'X-GitHub-Api-Version': '2022-11-28',
+  }
+  if (args.token) headers.Authorization = `Bearer ${args.token}`
+
+  const results: GitHubIssueRecord[] = []
+  const perPage = Math.min(100, Math.max(30, args.limit))
+  const maxPages = Math.max(1, Math.ceil(args.limit / 100) + 2)
+
+  for (let page = 1; page <= maxPages && results.length < args.limit; page++) {
+    const url = new URL(`https://api.github.com/repos/${args.owner}/${args.repo}/issues`)
+    url.searchParams.set('state', args.state)
+    url.searchParams.set('per_page', String(perPage))
+    url.searchParams.set('page', String(page))
+    if (args.labels.length > 0) url.searchParams.set('labels', args.labels.join(','))
+
+    const response = await fetch(url, {
+      headers,
+      cache: 'no-store',
+    })
+
+    if (!response.ok) {
+      const payload = await response.json().catch(() => null) as { message?: unknown } | null
+      const message = typeof payload?.message === 'string'
+        ? payload.message
+        : `GitHub request failed (${response.status})`
+      const err = new Error(message) as Error & { status?: number }
+      err.status = response.status
+      throw err
+    }
+
+    const payload = await response.json().catch(() => null) as unknown
+    if (!Array.isArray(payload)) {
+      throw new Error('GitHub returned an unexpected response.')
+    }
+
+    const pageIssues = payload
+      .filter((entry): entry is GitHubIssueRecord => !!entry && typeof entry === 'object')
+      .filter((entry) => !entry.pull_request)
+
+    results.push(...pageIssues)
+    if (payload.length < perPage) break
+  }
+
+  return results.slice(0, args.limit)
+}
+
+export async function POST(req: Request) {
+  const raw = await req.json().catch(() => null)
+  const parsed = GitHubIssueImportSchema.safeParse(raw)
+  if (!parsed.success) {
+    return NextResponse.json(formatZodError(parsed.error), { status: 400 })
+  }
+
+  const repo = parseGitHubRepoInput(parsed.data.repo)
+  if (!repo) {
+    return NextResponse.json({ error: 'Use a GitHub repo like owner/repo or a github.com URL.' }, { status: 400 })
+  }
+
+  const labels = parsed.data.labels
+    .map((value) => String(value || '').trim())
+    .filter(Boolean)
+
+  let issues: GitHubIssueRecord[]
+  try {
+    issues = await fetchGitHubIssues({
+      owner: repo.owner,
+      repo: repo.repo,
+      state: parsed.data.state,
+      limit: parsed.data.limit,
+      labels,
+      token: getGitHubToken(parsed.data.token),
+    })
+  } catch (err) {
+    const message = err instanceof Error ? err.message : 'GitHub import failed.'
+    const status = typeof (err as { status?: unknown })?.status === 'number'
+      ? Number((err as { status?: number }).status)
+      : 500
+    const responseStatus = [400, 401, 403, 404, 429].includes(status) ? status : 502
+    return NextResponse.json({ error: message }, { status: responseStatus })
+  }
+
+  const tasks = loadTasks() as Record<string, BoardTask>
+  const settings = loadSettings()
+  const now = Date.now()
+  const maxAttempts = Math.max(1, Math.min(20, Math.trunc(Number(settings.defaultTaskMaxAttempts ?? 3))))
+  const retryBackoffSec = Math.max(1, Math.min(3600, Math.trunc(Number(settings.taskRetryBackoffSec ?? 30))))
+  const projectId = parsed.data.projectId || undefined
+  const agentId = parsed.data.agentId || ''
+
+  const created: Array<ReturnType<typeof toIssueSummary>> = []
+  const skipped: Array<ReturnType<typeof toIssueSummary>> = []
+  const taskEntries: Array<[string, BoardTask]> = []
+
+  for (const issue of issues) {
+    const existing = findExistingImportedTask(tasks, repo.fullName, issue.number)
+    if (existing) {
+      skipped.push(toIssueSummary(issue, existing.id))
+      continue
+    }
+
+    const id = genId()
+    const title = buildGitHubIssueTaskTitle(issue, repo.fullName)
+    const task: BoardTask = {
+      id,
+      title,
+      description: buildGitHubIssueTaskDescription(issue, repo.fullName),
+      status: 'backlog',
+      agentId,
+      projectId,
+      result: null,
+      error: null,
+      outputFiles: [],
+      artifacts: [],
+      createdAt: now,
+      updatedAt: now,
+      queuedAt: null,
+      startedAt: null,
+      completedAt: null,
+      archivedAt: null,
+      attempts: 0,
+      maxAttempts,
+      retryBackoffSec,
+      retryScheduledAt: null,
+      deadLetteredAt: null,
+      checkpoint: null,
+      blockedBy: [],
+      blocks: [],
+      tags: buildGitHubIssueTaskTags(issue, repo.fullName),
+      sourceType: 'import',
+      externalSource: {
+        source: 'github',
+        id: String(issue.id),
+        repo: repo.fullName,
+        number: issue.number,
+        state: issue.state || null,
+        labels: (issue.labels || []).map(normalizeLabelName).filter(Boolean),
+        assignee: issue.assignee?.login || null,
+        url: issue.html_url || null,
+      },
+      fingerprint: computeTaskFingerprint(title, agentId),
+    }
+
+    tasks[id] = task
+    taskEntries.push([id, task])
+    created.push(toIssueSummary(issue, id))
+  }
+
+  if (taskEntries.length > 0) {
+    upsertStoredItems('tasks', taskEntries)
+    notify('tasks')
+  }
+
+  logActivity({
+    entityType: 'task',
+    entityId: created[0]?.taskId || `github:${repo.fullName}`,
+    action: 'imported',
+    actor: 'user',
+    summary: `GitHub import from ${repo.fullName}: ${created.length} created, ${skipped.length} skipped`,
+    detail: {
+      repo: repo.fullName,
+      state: parsed.data.state,
+      labels,
+      created: created.length,
+      skipped: skipped.length,
+    },
+  })
+
+  return NextResponse.json({
+    repo: repo.fullName,
+    state: parsed.data.state,
+    fetched: issues.length,
+    created,
+    skipped,
+  })
+}

package/src/app/api/wallets/[id]/approve/route.ts

@@ -1,8 +1,9 @@
 import { NextResponse } from 'next/server'
 import { loadWallets, loadWalletTransactions, upsertWalletTransaction } from '@/lib/server/storage'
-import { sendSol } from '@/lib/server/solana'
 import { notify } from '@/lib/server/ws-hub'
 import type { AgentWallet, WalletTransaction } from '@/types'
+import { getWalletAtomicAmount } from '@/lib/wallet'
+import { sendWalletNativeAsset, validateWalletSendLimits } from '@/lib/server/wallet-service'
 export const dynamic = 'force-dynamic'
 
 export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
@@ -41,10 +42,23 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
 
   // Approve — sign and submit
   try {
-    const { signature, fee } = await sendSol(wallet.encryptedPrivateKey, tx.toAddress, tx.amountLamports)
+    const limitError = validateWalletSendLimits({ wallet, amountAtomic: getWalletAtomicAmount(tx), excludeTransactionId: transactionId })
+    if (limitError) {
+      tx.status = 'failed'
+      upsertWalletTransaction(transactionId, tx)
+      notify('wallets')
+      return NextResponse.json({
+        error: limitError,
+        transactionId,
+        status: 'failed',
+      }, { status: limitError === 'Amount must be positive' ? 400 : 403 })
+    }
+
+    const { signature, feeAtomic } = await sendWalletNativeAsset(wallet, tx.toAddress, getWalletAtomicAmount(tx))
     tx.status = 'confirmed'
     tx.signature = signature
-    tx.feeLamports = fee
+    tx.feeAtomic = feeAtomic
+    tx.feeLamports = wallet.chain === 'solana' && feeAtomic ? Number.parseInt(feeAtomic, 10) : undefined
     tx.approvedBy = 'user'
     upsertWalletTransaction(transactionId, tx)
     notify('wallets')

package/src/app/api/wallets/[id]/route.ts

@@ -1,12 +1,46 @@
 import { NextResponse } from 'next/server'
 import { loadWallets, upsertWallet, deleteWallet as deleteWalletFromStore, loadAgents, saveAgents } from '@/lib/server/storage'
-import { getBalance, lamportsToSol } from '@/lib/server/solana'
 import { notify } from '@/lib/server/ws-hub'
-import type { AgentWallet } from '@/types'
+import { getWalletLimitAtomic, normalizeAtomicString } from '@/lib/wallet'
+import type { AgentWallet, WalletAssetBalance, WalletPortfolioSummary } from '@/types'
+import { buildEmptyWalletPortfolio } from '@/lib/server/wallet-portfolio'
+import {
+  getAgentActiveWalletId,
+  getWalletPortfolioSnapshot,
+  linkWalletToAgent,
+  setAgentActiveWallet,
+  stripWalletPrivateKey,
+  unlinkWalletFromAgent,
+} from '@/lib/server/wallet-service'
 export const dynamic = 'force-dynamic'
-
-function stripPrivateKey(wallet: Record<string, unknown>): Record<string, unknown> {
-  return Object.fromEntries(Object.entries(wallet).filter(([k]) => k !== 'encryptedPrivateKey'))
+const WALLET_DETAIL_PORTFOLIO_TIMEOUT_MS = 2500
+
+function withPortfolio(
+  wallet: AgentWallet,
+  portfolio: {
+    balanceAtomic: string
+    balanceFormatted: string
+    balanceSymbol: string
+    balanceDisplay: string
+    balanceLamports?: number
+    balanceSol?: number
+    assets: WalletAssetBalance[]
+    summary: WalletPortfolioSummary
+  },
+  isActive: boolean,
+) {
+  return {
+    ...stripWalletPrivateKey(wallet as unknown as Record<string, unknown>),
+    balanceAtomic: portfolio.balanceAtomic,
+    balanceFormatted: portfolio.balanceFormatted,
+    balanceSymbol: portfolio.balanceSymbol,
+    balanceDisplay: portfolio.balanceDisplay,
+    balanceLamports: portfolio.balanceLamports,
+    balanceSol: portfolio.balanceSol,
+    assets: portfolio.assets,
+    portfolioSummary: portfolio.summary,
+    isActive,
+  }
 }
 
 export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
@@ -15,21 +49,19 @@ export async function GET(_req: Request, { params }: { params: Promise<{ id: str
   const wallet = wallets[id]
   if (!wallet) return NextResponse.json({ error: 'Wallet not found' }, { status: 404 })
 
-  // Fetch live on-chain balance
-  let balanceLamports = 0
-  let balanceSol = 0
+  let portfolio = buildEmptyWalletPortfolio(wallet)
   try {
-    balanceLamports = await getBalance(wallet.publicKey)
-    balanceSol = lamportsToSol(balanceLamports)
+    portfolio = await getWalletPortfolioSnapshot(wallet, {
+      timeoutMs: WALLET_DETAIL_PORTFOLIO_TIMEOUT_MS,
+      allowStale: true,
+    })
   } catch {
     // RPC failure — return 0
   }
 
-  return NextResponse.json({
-    ...stripPrivateKey(wallet as unknown as Record<string, unknown>),
-    balanceLamports,
-    balanceSol,
-  })
+  const agents = loadAgents()
+  const isActive = getAgentActiveWalletId(agents[wallet.agentId]) === wallet.id
+  return NextResponse.json(withPortfolio(wallet, portfolio, isActive))
 }
 
 export async function PATCH(req: Request, { params }: { params: Promise<{ id: string }> }) {
@@ -39,6 +71,7 @@ export async function PATCH(req: Request, { params }: { params: Promise<{ id: st
   if (!wallet) return NextResponse.json({ error: 'Wallet not found' }, { status: 404 })
 
   const body = await req.json()
+  const shouldMakeActive = body.makeActive === true
 
   // Reassign wallet to a different agent
   if (typeof body.agentId === 'string' && body.agentId !== wallet.agentId) {
@@ -46,39 +79,51 @@ export async function PATCH(req: Request, { params }: { params: Promise<{ id: st
     const newAgent = agents[body.agentId]
     if (!newAgent) return NextResponse.json({ error: 'Agent not found' }, { status: 404 })
 
-    // Check new agent doesn't already have a wallet
+    // Only one wallet per chain per agent.
     const allWallets = loadWallets() as Record<string, AgentWallet>
-    const conflict = Object.values(allWallets).find((w) => w.agentId === body.agentId && w.id !== id)
-    if (conflict) return NextResponse.json({ error: 'Target agent already has a wallet' }, { status: 409 })
+    const conflict = Object.values(allWallets).find((w) => w.agentId === body.agentId && w.id !== id && w.chain === wallet.chain)
+    if (conflict) return NextResponse.json({ error: `Target agent already has a ${wallet.chain} wallet` }, { status: 409 })
 
-    // Unlink old agent
     const oldAgent = agents[wallet.agentId]
     if (oldAgent) {
-      oldAgent.walletId = null
+      unlinkWalletFromAgent(oldAgent, id)
       oldAgent.updatedAt = Date.now()
       agents[wallet.agentId] = oldAgent
     }
 
-    // Link new agent
-    newAgent.walletId = id
+    linkWalletToAgent(newAgent, id, shouldMakeActive || getAgentActiveWalletId(newAgent) == null)
     newAgent.updatedAt = Date.now()
     agents[body.agentId] = newAgent
     saveAgents(agents)
     notify('agents')
 
     wallet.agentId = body.agentId
+  } else if (shouldMakeActive) {
+    const agents = loadAgents()
+    const agent = agents[wallet.agentId]
+    if (agent) {
+      setAgentActiveWallet(agent, id)
+      agent.updatedAt = Date.now()
+      agents[wallet.agentId] = agent
+      saveAgents(agents)
+      notify('agents')
+    }
   }
 
   if (body.label !== undefined) wallet.label = body.label
-  if (typeof body.spendingLimitLamports === 'number') wallet.spendingLimitLamports = body.spendingLimitLamports
-  if (typeof body.dailyLimitLamports === 'number') wallet.dailyLimitLamports = body.dailyLimitLamports
+  if (body.spendingLimitAtomic !== undefined || body.spendingLimitLamports !== undefined) {
+    wallet.spendingLimitAtomic = normalizeAtomicString(body.spendingLimitAtomic ?? body.spendingLimitLamports, getWalletLimitAtomic(wallet, 'perTx'))
+  }
+  if (body.dailyLimitAtomic !== undefined || body.dailyLimitLamports !== undefined) {
+    wallet.dailyLimitAtomic = normalizeAtomicString(body.dailyLimitAtomic ?? body.dailyLimitLamports, getWalletLimitAtomic(wallet, 'daily'))
+  }
   if (typeof body.requireApproval === 'boolean') wallet.requireApproval = body.requireApproval
   wallet.updatedAt = Date.now()
 
   upsertWallet(id, wallet)
   notify('wallets')
 
-  return NextResponse.json(stripPrivateKey(wallet as unknown as Record<string, unknown>))
+  return NextResponse.json(stripWalletPrivateKey(wallet as unknown as Record<string, unknown>))
 }
 
 export async function DELETE(_req: Request, { params }: { params: Promise<{ id: string }> }) {
@@ -88,20 +133,19 @@ export async function DELETE(_req: Request, { params }: { params: Promise<{ id:
   if (!wallet) return NextResponse.json({ error: 'Wallet not found' }, { status: 404 })
 
   // Check if balance > 0 and warn
-  let balanceLamports = 0
+  let portfolio = buildEmptyWalletPortfolio(wallet)
   try {
-    balanceLamports = await getBalance(wallet.publicKey)
+    portfolio = await getWalletPortfolioSnapshot(wallet, {
+      timeoutMs: WALLET_DETAIL_PORTFOLIO_TIMEOUT_MS,
+      allowStale: true,
+    })
   } catch { /* ignore */ }
 
-  if (balanceLamports > 0) {
-    // Still delete, but include warning
-  }
-
   // Unlink from agent
   const agents = loadAgents()
   const agent = agents[wallet.agentId]
   if (agent) {
-    agent.walletId = null
+    unlinkWalletFromAgent(agent, id)
     agent.updatedAt = Date.now()
     agents[wallet.agentId] = agent
     saveAgents(agents)
@@ -113,6 +157,8 @@ export async function DELETE(_req: Request, { params }: { params: Promise<{ id:
 
   return NextResponse.json({
     ok: true,
-    warning: balanceLamports > 0 ? `Wallet had ${lamportsToSol(balanceLamports)} SOL remaining` : undefined,
+    warning: portfolio.summary.nonZeroAssets > 0
+      ? `Wallet still had ${portfolio.summary.nonZeroAssets} asset${portfolio.summary.nonZeroAssets === 1 ? '' : 's'} remaining, including ${portfolio.balanceDisplay}`
+      : undefined,
   })
 }

package/src/app/api/wallets/[id]/send/route.ts

@@ -1,9 +1,12 @@
 import { NextResponse } from 'next/server'
 import { genId } from '@/lib/id'
-import { loadWallets, loadWalletTransactions, upsertWalletTransaction } from '@/lib/server/storage'
-import { sendSol, isValidSolanaAddress, lamportsToSol } from '@/lib/server/solana'
+import { loadWallets, upsertWalletTransaction } from '@/lib/server/storage'
 import { notify } from '@/lib/server/ws-hub'
 import type { AgentWallet, WalletTransaction } from '@/types'
+import {
+  normalizeAtomicString,
+} from '@/lib/wallet'
+import { isValidWalletAddress, sendWalletNativeAsset, validateWalletSendLimits } from '@/lib/server/wallet-service'
 export const dynamic = 'force-dynamic'
 
 export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
@@ -14,36 +17,15 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
 
   const body = await req.json()
   const toAddress = typeof body.toAddress === 'string' ? body.toAddress.trim() : ''
-  const amountLamports = typeof body.amountLamports === 'number' ? Math.floor(body.amountLamports) : 0
+  const amountAtomic = normalizeAtomicString(body.amountAtomic ?? body.amountLamports, '0')
   const memo = typeof body.memo === 'string' ? body.memo.slice(0, 500) : undefined
 
-  if (!toAddress || !isValidSolanaAddress(toAddress)) {
+  if (!toAddress || !isValidWalletAddress(wallet.chain, toAddress)) {
     return NextResponse.json({ error: 'Invalid recipient address' }, { status: 400 })
   }
-  if (amountLamports <= 0) {
-    return NextResponse.json({ error: 'Amount must be positive' }, { status: 400 })
-  }
-
-  // Per-tx spending limit
-  const perTxLimit = wallet.spendingLimitLamports ?? 100_000_000
-  if (amountLamports > perTxLimit) {
-    return NextResponse.json({
-      error: `Amount ${lamportsToSol(amountLamports)} SOL exceeds per-transaction limit of ${lamportsToSol(perTxLimit)} SOL`,
-    }, { status: 403 })
-  }
-
-  // 24h rolling daily limit
-  const dailyLimit = wallet.dailyLimitLamports ?? 1_000_000_000
-  const oneDayAgo = Date.now() - 24 * 60 * 60 * 1000
-  const allTxs = loadWalletTransactions() as Record<string, WalletTransaction>
-  const recentSends = Object.values(allTxs).filter(
-    (tx) => tx.walletId === id && tx.type === 'send' && tx.status === 'confirmed' && tx.timestamp > oneDayAgo,
-  )
-  const dailySpent = recentSends.reduce((sum, tx) => sum + tx.amountLamports, 0)
-  if (dailySpent + amountLamports > dailyLimit) {
-    return NextResponse.json({
-      error: `Daily limit exceeded. Spent ${lamportsToSol(dailySpent)} SOL in last 24h, limit is ${lamportsToSol(dailyLimit)} SOL`,
-    }, { status: 403 })
+  const limitError = validateWalletSendLimits({ wallet, amountAtomic })
+  if (limitError) {
+    return NextResponse.json({ error: limitError }, { status: limitError === 'Amount must be positive' ? 400 : 403 })
   }
 
   const txId = genId(8)
@@ -60,7 +42,8 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
       signature: '',
       fromAddress: wallet.publicKey,
       toAddress,
-      amountLamports,
+      amountAtomic,
+      amountLamports: wallet.chain === 'solana' ? Number.parseInt(amountAtomic, 10) : undefined,
       status: 'pending_approval',
       memo,
       timestamp: now,
@@ -72,7 +55,7 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
 
   // Auto-approved — sign and submit
   try {
-    const { signature, fee } = await sendSol(wallet.encryptedPrivateKey, toAddress, amountLamports)
+    const { signature, feeAtomic } = await sendWalletNativeAsset(wallet, toAddress, amountAtomic)
     const confirmedTx: WalletTransaction = {
       id: txId,
       walletId: id,
@@ -82,8 +65,10 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
       signature,
       fromAddress: wallet.publicKey,
       toAddress,
-      amountLamports,
-      feeLamports: fee,
+      amountAtomic,
+      amountLamports: wallet.chain === 'solana' ? Number.parseInt(amountAtomic, 10) : undefined,
+      feeAtomic,
+      feeLamports: wallet.chain === 'solana' && feeAtomic ? Number.parseInt(feeAtomic, 10) : undefined,
       status: 'confirmed',
       memo,
       approvedBy: 'auto',
@@ -102,7 +87,8 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
       signature: '',
       fromAddress: wallet.publicKey,
       toAddress,
-      amountLamports,
+      amountAtomic,
+      amountLamports: wallet.chain === 'solana' ? Number.parseInt(amountAtomic, 10) : undefined,
       status: 'failed',
       memo,
       timestamp: now,