auramaxx 0.0.1

package/prisma/schema.prisma

@@ -0,0 +1,447 @@
+// This is your Prisma schema file,
+// learn more about it in the docs: https://pris.ly/d/prisma-schema
+
+generator client {
+  provider = "prisma-client-js"
+}
+
+datasource db {
+  provider = "sqlite"
+  url      = env("DATABASE_URL")
+}
+
+model Log {
+  id            String   @id @default(cuid())
+  walletAddress String
+  title         String
+  description   String?
+  txHash        String?
+  createdAt     DateTime @default(now())
+
+  @@index([walletAddress])
+  @@index([createdAt])
+}
+
+model HotWallet {
+  id                  String   @id @default(cuid())
+  address             String   @unique
+  encryptedPrivateKey String   // Encrypted with in-memory seed
+  tokenHash           String   // Which auth token owns this wallet
+  coldWalletId        String?  // Vault ID (null = primary vault)
+
+  // Decorative fields
+  name                String?
+  color               String?  // Hex color e.g. "#FF5733"
+  description         String?
+  emoji               String?  // e.g. "🔥"
+  hidden              Boolean  @default(false)
+
+  chain               String   @default("base")
+  createdAt           DateTime @default(now())
+
+  @@index([address])
+  @@index([tokenHash])
+  @@index([hidden])
+  @@index([coldWalletId])
+}
+
+model HumanAction {
+  id         String   @id @default(cuid())
+  type       String   // 'fund' | 'send' | 'agent_access' | 'action' | 'app:approve'
+  fromTier   String   // 'cold' | 'hot' | 'temp' | 'system'
+  toAddress  String?
+  amount     String?
+  chain      String
+  status     String   @default("pending") // 'pending' | 'approved' | 'rejected'
+  createdAt  DateTime @default(now())
+  resolvedAt DateTime?
+  metadata   String?  // JSON string for flexible metadata
+  notification Notification?
+
+  @@index([status])
+  @@index([createdAt])
+}
+
+model Notification {
+  id               String    @id @default(cuid())
+  type             String    // 'pending_approval' | 'info' | 'warning' | 'success' | 'error' | 'system'
+  category         String?   // 'transaction' | 'security' | 'token' | 'wallet' | 'general'
+  title            String
+  message          String
+  read             Boolean   @default(false)
+  dismissed        Boolean   @default(false)
+  actions          String?   // JSON: [{ id, label, type, action, endpoint, href }]
+  metadata         String?   // JSON for flexible data
+  humanActionId String?   @unique
+  humanAction   HumanAction? @relation(fields: [humanActionId], references: [id])
+  expiresAt        DateTime?
+  createdAt        DateTime  @default(now())
+  updatedAt        DateTime  @updatedAt
+  source           String    @default("system")  // 'system' | 'agent' | 'user'
+  agentId          String?
+
+  @@index([read, dismissed])
+  @@index([type])
+  @@index([createdAt])
+}
+
+// Stores all WebSocket events for debugging and audit trail
+model Event {
+  id        String   @id @default(cuid())
+  type      String   // e.g., 'request:created', 'token:revoked'
+  source    String   // 'express' | 'nextjs'
+  data      String   // JSON payload
+  timestamp DateTime @default(now())
+  createdAt DateTime @default(now())
+
+  @@index([type])
+  @@index([timestamp])
+  @@index([source])
+}
+
+// Stores token metadata for UI/logs - actual signing stays in memory
+model AgentToken {
+  id          String   @id @default(cuid())
+  tokenHash   String   @unique  // Hash of token for identification (not the token itself)
+  agentId     String
+  limit       Float              // Max spending limit in ETH
+  spent       Float    @default(0)
+  permissions String             // JSON array of permissions
+  expiresAt   DateTime
+  isRevoked   Boolean  @default(false)
+  revokedAt   DateTime?
+  createdAt   DateTime @default(now())
+  lastUsedAt  DateTime?
+
+  @@index([agentId])
+  @@index([isRevoked])
+  @@index([expiresAt])
+}
+
+model CredentialAccessAudit {
+  id           String   @id @default(cuid())
+  timestamp    DateTime @default(now())
+  credentialId String
+  vaultId      String
+  action       String
+  allowed      Boolean
+  result       String
+  reasonCode   String
+  httpStatus   Int
+  tokenHash    String?
+  agentId      String?
+  requestId    String?
+  actorType    String
+  projectScope String?
+  sensitiveRead Boolean @default(true)
+  metadata     String?
+
+  @@index([credentialId, timestamp(sort: Desc)])
+  @@index([tokenHash, timestamp(sort: Desc)])
+  @@index([allowed, timestamp(sort: Desc)])
+  @@index([reasonCode, timestamp(sort: Desc)])
+}
+
+// Workspace system for programmatic dashboard control
+model Workspace {
+  id          String   @id @default(cuid())
+  name        String
+  slug        String   @unique
+  icon        String?  // Lucide icon name
+  emoji       String?  // Emoji character e.g. "🚀"
+  color       String?  // Hex color code e.g. "#ff4d00"
+  order       Int      @default(0)
+  isDefault   Boolean  @default(false)
+  isCloseable Boolean  @default(true)
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+  apps     WorkspaceApp[]
+  theme       WorkspaceTheme?
+}
+
+model WorkspaceApp {
+  id          String    @id @default(cuid())
+  workspaceId String
+  workspace   Workspace @relation(fields: [workspaceId], references: [id], onDelete: Cascade)
+
+  appType  String    // 'wallets' | 'logs' | 'iframe' | 'installed:app-id'
+  x           Int       @default(20)
+  y           Int       @default(20)
+  width       Int       @default(320)
+  height      Int       @default(280)
+  zIndex      Int       @default(10)
+  isVisible   Boolean   @default(true)
+  isLocked    Boolean   @default(false)
+  config      String?   // JSON for iframe url, installed app props, etc.
+
+  createdAt   DateTime  @default(now())
+  updatedAt   DateTime  @updatedAt
+
+  @@index([workspaceId])
+}
+
+// Global theme configuration
+model ThemeConfig {
+  id            String   @id @default("global")
+  activeThemeId String   @default("light")
+  accentColor   String   @default("#ccff00")
+  customThemes  String?  // JSON array of custom themes
+  createdAt     DateTime @default(now())
+  updatedAt     DateTime @updatedAt
+}
+
+// Per-workspace theme overrides
+model WorkspaceTheme {
+  id          String    @id @default(cuid())
+  workspaceId String    @unique
+  workspace   Workspace @relation(fields: [workspaceId], references: [id], onDelete: Cascade)
+  mode        String?   // 'light' | 'dark' - null means inherit from global
+  accent      String?   // Hex color - null means inherit from global
+  overrides   String?   // JSON for app palette overrides
+  createdAt   DateTime  @default(now())
+  updatedAt   DateTime  @updatedAt
+}
+
+// API Keys for external services (Alchemy, etc.)
+model ApiKey {
+  id          String   @id @default(cuid())
+  service     String   // 'alchemy' | 'infura' | 'etherscan' | etc.
+  name        String   // Display name e.g. "My Alchemy Key"
+  key         String   // The actual API key (stored encrypted in production)
+  metadata    String?  // JSON for service-specific config (e.g., allowed chains)
+  isActive    Boolean  @default(true)
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+
+  @@unique([service, name])
+  @@index([service])
+  @@index([isActive])
+}
+
+// Transaction history for wallets
+model Transaction {
+  id            String    @id @default(cuid())
+  walletAddress String
+  txHash        String?
+  type          String    // 'send' | 'receive' | 'swap' | 'contract' | 'manual'
+  status        String    @default("confirmed")
+  amount        String?   // ETH amount
+  tokenAddress  String?   // Token contract address if applicable
+  tokenAmount   String?   // Token amount if applicable
+  from          String?
+  to            String?
+  description   String?
+  blockNumber   Int?
+  chain         String    @default("base")
+  createdAt     DateTime  @default(now())
+  updatedAt     DateTime  @updatedAt
+  executedAt    DateTime?
+
+  @@unique([txHash, chain])
+  @@index([walletAddress])
+  @@index([walletAddress, createdAt])
+  @@index([type])
+  @@index([tokenAddress])
+}
+
+// Tracked assets (tokens) for wallets
+model TrackedAsset {
+  id            String    @id @default(cuid())
+  walletAddress String?
+  tokenAddress  String
+  symbol        String?
+  name          String?
+  decimals      Int       @default(18)
+  lastBalance   String?
+  lastBalanceAt DateTime?
+  isHidden      Boolean   @default(false)
+  chain         String    @default("base")
+  poolAddress   String?   // Cached pool address for price lookup
+  poolVersion   String?   // "v2" | "v3" | "v4"
+  icon          String?   // Token icon URL
+  createdAt     DateTime  @default(now())
+  updatedAt     DateTime  @updatedAt
+
+  @@unique([walletAddress, tokenAddress, chain])
+  @@index([walletAddress])
+  @@index([walletAddress, updatedAt])
+  @@index([tokenAddress])
+}
+
+// Cached native balances (ETH/SOL) per wallet per chain
+model NativeBalance {
+  id            String   @id @default(cuid())
+  walletAddress String
+  chain         String
+  balance       String
+  updatedAt     DateTime @updatedAt
+
+  @@unique([walletAddress, chain])
+  @@index([walletAddress])
+}
+
+// Cached native currency prices (ETH, SOL → USD)
+model NativePrice {
+  currency  String   @id    // "ETH" | "SOL"
+  priceUsd  String
+  updatedAt DateTime @updatedAt
+}
+
+// Balance sync state per chain
+model SyncState {
+  id             String    @id @default(cuid())
+  chain          String    @unique
+  lastSyncAt     DateTime?
+  lastSyncStatus String    @default("idle")
+  lastError      String?
+  syncCount      Int       @default(0)
+  lastBlock      String?   // Block cursor for event scanning jobs (stringified bigint)
+  updatedAt      DateTime  @updatedAt
+}
+
+// First-class strategy resources (template/headless + app-linked compatibility)
+model Strategy {
+  id          String   @id @default(cuid())
+  name        String
+  templateId  String?
+  mode        String   @default("headless") // 'headless' | 'app-linked'
+  manifest    String   // JSON-encoded strategy manifest snapshot
+  config      String?  // JSON-encoded user config
+  state       String?  // JSON-encoded strategy state
+  schedule    String?  // JSON-encoded schedule metadata (tier/cron/interval)
+  permissions String   @default("[]") // JSON-encoded permission list
+  limits      String?  // JSON-encoded limits object
+  enabled     Boolean  @default(false)
+  status      String   @default("draft")
+  createdBy   String   @default("human")
+  provenance  String?  // JSON-encoded source/provenance metadata
+  appId    String?  // legacy linkage when imported from a app
+  lastTickAt  DateTime?
+  lastError   String?
+  errorCount  Int      @default(0)
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+  runs        StrategyRun[]
+
+  @@index([enabled, status])
+  @@index([templateId])
+  @@index([appId])
+}
+
+// Optional strategy run audit trail for cron/runtime debugging
+model StrategyRun {
+  id         String    @id @default(cuid())
+  strategyId String
+  strategy   Strategy  @relation(fields: [strategyId], references: [id], onDelete: Cascade)
+  startedAt  DateTime  @default(now())
+  endedAt    DateTime?
+  status     String
+  error      String?
+  metadata   String?   // JSON-encoded run metadata
+
+  @@index([strategyId, startedAt])
+}
+
+// Per-app persistent storage for third-party apps
+model AppStorage {
+  id        String   @id @default(cuid())
+  appId  String
+  key       String
+  value     String   // JSON stringified
+  updatedAt DateTime @updatedAt
+
+  @@unique([appId, key])
+  @@index([appId])
+}
+
+// Cached token metadata for enriching on-chain events
+model TokenMetadata {
+  id              String    @id @default(cuid())
+  tokenAddress    String
+  chain           String
+  symbol          String?
+  name            String?
+  decimals        Int       @default(18)
+  icon            String?
+  description     String?
+  priceUsd        String?   // Last known USD price (string for decimal precision)
+  marketCap       Float?
+  fdv             Float?
+  liquidity       Float?    // DEX liquidity USD
+  volume24h       Float?
+  dexId           String?   // Source DEX (e.g. "uniswap", "raydium")
+  pairAddress     String?
+  websites        String?   // JSON-encoded string array
+  socials         String?   // JSON-encoded [{type,url}] array
+  lastAccessedAt  DateTime  @default(now())
+  lastVerifiedAt  DateTime?
+  updatedAt       DateTime  @updatedAt
+
+  @@unique([tokenAddress, chain])
+  @@index([tokenAddress])
+}
+
+// Cached DEX pool metadata for enriching swap events
+model PoolMetadata {
+  id            String   @id @default(cuid())
+  poolAddress   String
+  chain         String
+  token0        String?
+  token1        String?
+  fee           Int?
+  dex           String?  // "uniswap_v2" | "uniswap_v3" | "uniswap_v4"
+
+  @@unique([poolAddress, chain])
+  @@index([poolAddress])
+}
+
+// Address book for labeling external addresses
+model AddressLabel {
+  id         String   @id @default(cuid())
+  address    String   @unique
+  label      String
+  emoji      String?
+  color      String?
+  notes      String?
+  createdBy  String   @default("human")
+  createdAt  DateTime @default(now())
+  updatedAt  DateTime @updatedAt
+
+  @@index([label])
+}
+
+// Centralized system defaults (key-value store for configurable limits, permissions, TTLs, etc.)
+model SystemDefault {
+  key         String   @id          // e.g. "limits.fund", "permissions.default"
+  value       String                // JSON-encoded value
+  type        String                // Category: "permissions" | "financial" | "ttl" | "rate_limit" | "ai_safety" | "launch" | "app" | "swap"
+  label       String                // Human-readable label for dashboard
+  description String?               // Optional description
+  updatedAt   DateTime @updatedAt
+
+  @@index([type])
+}
+
+// WebAuthn passkey credentials for biometric vault unlock
+model Passkey {
+  id            String    @id @default(cuid())
+  credentialId  String    @unique          // base64url WebAuthn credential ID
+  publicKey     Bytes                      // COSE public key (base64url ↔ Uint8Array conversion needed)
+  counter       Int       @default(0)      // signature counter (replay/clone detection)
+  transports    String    @default("[]")   // JSON array of transport hints
+  rpId          String                     // relying party ID (e.g. "localhost")
+  aaguid        String    @default("")     // authenticator AAGUID
+  createdAt     DateTime  @default(now())
+  lastUsedAt    DateTime?
+
+  @@index([rpId])
+}
+
+// Global app configuration (singleton)
+model AppConfig {
+  id            String   @id @default("global")
+  chainConfig   String?  // JSON: { base: { rpc: "...", chainId: 8453 }, ... }
+  adapterConfig String?  // JSON: { enabled: true, adapters: [{ type, enabled, config }] }
+  createdAt     DateTime @default(now())
+  updatedAt     DateTime @updatedAt
+}

package/scripts/add-app.js

@@ -0,0 +1,245 @@
+#!/usr/bin/env node
+/**
+ * Add a app to the AuraMaxx dashboard via WebSocket.
+ *
+ * Usage:
+ *   node scripts/add-app.js <appType> [options]
+ *
+ * Examples:
+ *   # Inline dynamic app
+ *   node scripts/add-app.js dynamic --code "function Hi() { return <div>Hello</div>; }"
+ *
+ *   # File-based dynamic app (agents: use tmp/, then rm after)
+ *   node scripts/add-app.js dynamic --file tmp/app.jsx --id "my-app"
+ *
+ *   # Iframe app
+ *   node scripts/add-app.js iframe --url "https://example.com" --title "My Chart"
+ *
+ *   # Built-in apps
+ *   node scripts/add-app.js wallets
+ *   node scripts/add-app.js logs --x 400 --y 100
+ *
+ *   # Custom app (from src/components/apps/custom/)
+ *   node scripts/add-app.js custom:ExampleApp --message "Hello"
+ *
+ *   # Position and size
+ *   node scripts/add-app.js iframe --url "https://example.com" --x 100 --y 200 --width 500 --height 400
+ *
+ *   # Target a specific workspace
+ *   node scripts/add-app.js logs --workspace "home"
+ */
+
+const WebSocket = require('ws');
+const fs = require('fs');
+const path = require('path');
+
+const WS_BASE_URL = process.env.WORKSPACE_WS_URL || 'ws://localhost:4748';
+const AUTH_TOKEN = process.env.AURA_TOKEN;
+
+// Build WebSocket URL with optional token
+function getWsUrl() {
+  if (AUTH_TOKEN) {
+    return `${WS_BASE_URL}?token=${encodeURIComponent(AUTH_TOKEN)}`;
+  }
+  return WS_BASE_URL;
+}
+
+// Parse command line arguments
+function parseArgs(args) {
+  const result = { _: [] };
+  let i = 0;
+
+  while (i < args.length) {
+    const arg = args[i];
+
+    if (arg.startsWith('--')) {
+      const key = arg.slice(2);
+      const next = args[i + 1];
+
+      if (next && !next.startsWith('--')) {
+        // Try to parse as number
+        const num = parseFloat(next);
+        result[key] = isNaN(num) ? next : num;
+        i += 2;
+      } else {
+        result[key] = true;
+        i += 1;
+      }
+    } else {
+      result._.push(arg);
+      i += 1;
+    }
+  }
+
+  return result;
+}
+
+function printUsage() {
+  console.log(`
+Usage: node scripts/add-app.js <appType> [options]
+
+Authentication:
+  Set AURA_TOKEN env var with a valid token that has workspace:modify permission.
+  Example: export AURA_TOKEN="your-agent-token"
+
+App Types:
+  Built-in (singleton):
+    wallets, logs, send, agentKeys, status, launch
+
+  Multi-instance:
+    iframe      --url <url> [--title <title>]
+    dynamic     --code <code> | --file <path>
+    custom:*    --<key> <value> (passed as config)
+
+Options:
+  --id <id>           Custom app ID (for multi-instance apps)
+  --workspace <id>    Target workspace ID (default: active workspace)
+  --x <number>        X position (default: 20)
+  --y <number>        Y position (default: 20)
+  --width <number>    App width
+  --height <number>   App height
+
+Examples:
+  # Set token first
+  export AURA_TOKEN="your-agent-token"
+
+  # Inline dynamic app
+  node scripts/add-app.js dynamic --code "function Hi() { return <div>Hello</div>; }"
+
+  # File-based dynamic app (use tmp/, then rm after)
+  node scripts/add-app.js dynamic --file tmp/app.jsx --id "my-app"
+
+  # Iframe
+  node scripts/add-app.js iframe --url "https://dexscreener.com/base/0x123"
+
+  # Built-in apps
+  node scripts/add-app.js wallets --x 400 --y 100
+
+  # Custom app (from src/components/apps/custom/)
+  node scripts/add-app.js custom:ExampleApp --message "Hello"
+`);
+}
+
+async function main() {
+  const args = parseArgs(process.argv.slice(2));
+  const appType = args._[0];
+
+  if (!appType || args.help) {
+    printUsage();
+    process.exit(args.help ? 0 : 1);
+  }
+
+  // Build config from remaining args
+  const config = {};
+  const reserved = ['_', 'id', 'workspace', 'x', 'y', 'width', 'height', 'file', 'code', 'url', 'title'];
+
+  // Handle specific app types
+  if (appType === 'iframe') {
+    if (!args.url) {
+      console.error('Error: iframe app requires --url');
+      process.exit(1);
+    }
+    config.url = args.url;
+    if (args.title) config.title = args.title;
+  } else if (appType === 'dynamic') {
+    if (args.file) {
+      const filePath = path.resolve(args.file);
+      if (!fs.existsSync(filePath)) {
+        console.error(`Error: File not found: ${filePath}`);
+        process.exit(1);
+      }
+      config.code = fs.readFileSync(filePath, 'utf-8');
+    } else if (args.code) {
+      config.code = args.code;
+    } else {
+      console.error('Error: dynamic app requires --code or --file');
+      process.exit(1);
+    }
+  } else {
+    // Pass through any non-reserved args as config
+    for (const [key, value] of Object.entries(args)) {
+      if (!reserved.includes(key)) {
+        config[key] = value;
+      }
+    }
+  }
+
+  // Connect to WebSocket with optional authentication
+  const wsUrl = getWsUrl();
+  const ws = new WebSocket(wsUrl);
+
+  ws.on('error', (err) => {
+    console.error('WebSocket error:', err.message);
+    console.log('Make sure the Next.js app is running on port 4748');
+    if (!AUTH_TOKEN) {
+      console.log('Tip: Set AURA_TOKEN env var for authenticated mutations');
+    }
+    process.exit(1);
+  });
+
+  ws.on('open', () => {
+    // Request current workspace state
+    ws.send(JSON.stringify({
+      type: 'workspace:state:request',
+      timestamp: Date.now(),
+      source: 'agent',
+      data: { requestId: 'add-app-script' }
+    }));
+  });
+
+  ws.on('message', (rawData) => {
+    const msg = JSON.parse(rawData.toString());
+
+    // Handle permission errors
+    if (msg.type === 'error') {
+      console.error('Error:', msg.error);
+      if (msg.error.includes('Permission denied')) {
+        console.log('Tip: Set AURA_TOKEN env var with a token that has workspace:modify permission');
+      }
+      ws.close();
+      process.exit(1);
+    }
+
+    if (msg.type === 'workspace:state:response') {
+      const workspaceId = args.workspace || msg.data.activeWorkspaceId;
+
+      const appData = {
+        workspaceId,
+        appType,
+        x: args.x || 20,
+        y: args.y || 20
+      };
+
+      if (args.id) appData.id = args.id;
+      if (args.width) appData.width = args.width;
+      if (args.height) appData.height = args.height;
+      if (Object.keys(config).length > 0) appData.config = config;
+
+      // Wait for token validation to complete (race condition workaround)
+      // The server validates tokens asynchronously, so we need a brief delay
+      setTimeout(() => {
+        ws.send(JSON.stringify({
+          type: 'app:added',
+          timestamp: Date.now(),
+          source: 'agent',
+          data: appData
+        }));
+
+        // Wait for potential error response, then assume success
+        setTimeout(() => {
+          console.log('App added:', appType);
+          if (args.id) console.log('  ID:', args.id);
+          console.log('  Workspace:', workspaceId);
+          console.log('  Position:', `(${appData.x}, ${appData.y})`);
+          if (Object.keys(config).length > 0) {
+            console.log('  Config:', JSON.stringify(config, null, 2).split('\n').map((l, i) => i === 0 ? l : '    ' + l).join('\n'));
+          }
+          ws.close();
+          process.exit(0);
+        }, 300);
+      }, 150);
+    }
+  });
+}
+
+main();