npm - auramaxx - Versions diffs - 0.0.1 - Mend

auramaxx 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (418) hide show

package/LICENSE +26 -0
package/README.md +77 -0
package/apps/desktop-electron/main.js +428 -0
package/bin/auramaxx.js +1063 -0
package/docs/ADAPTERS.md +466 -0
package/docs/AGENT_SETUP.md +159 -0
package/docs/API.md +127 -0
package/docs/APPS.md +199 -0
package/docs/ARCHITECTURE.md +235 -0
package/docs/AUTH.md +318 -0
package/docs/BEST-PRACTICES.md +82 -0
package/docs/CLI.md +141 -0
package/docs/DESKTOP_ELECTRON.md +26 -0
package/docs/DEVELOPING-APPS.md +453 -0
package/docs/MCP.md +122 -0
package/docs/PACKAGING_POLICY.md +19 -0
package/docs/PERMISSION.md +137 -0
package/docs/PROTOCOL.md +142 -0
package/docs/README.md +50 -0
package/docs/SKILLS.md +132 -0
package/docs/TROUBLESHOOTING.md +376 -0
package/docs/WORKSPACE.md +673 -0
package/docs/agent-auth.md +14 -0
package/docs/api/authentication.md +79 -0
package/docs/api/secrets/api-keys.md +28 -0
package/docs/api/secrets/credentials.md +80 -0
package/docs/api/secrets/sharing.md +48 -0
package/docs/api/system.md +41 -0
package/docs/api/wallets/apps-strategies.md +66 -0
package/docs/api/wallets/core.md +46 -0
package/docs/api/wallets/data-portfolio.md +42 -0
package/docs/aura-file.md +48 -0
package/docs/core-concepts/FEATURES.md +114 -0
package/docs/credentials.md +120 -0
package/docs/external/HOW_TO_AURAMAXX/GETTING_SECRETS.md +33 -0
package/docs/external/HOW_TO_AURAMAXX/README.md +45 -0
package/docs/external/getting-started.md +10 -0
package/docs/external/overview.md +19 -0
package/docs/external/persona-paths.md +7 -0
package/docs/external/share-secret.md +76 -0
package/docs/external/why-aura.md +7 -0
package/docs/security.md +227 -0
package/docs/templates/RELEASE_NOTES_TEMPLATE.md +22 -0
package/docs/wallet/AI.md +508 -0
package/docs/wallet/DEVELOPING-STRATEGIES.md +713 -0
package/docs/wallet/README.md +47 -0
package/docs/wallet/STRATEGY.md +89 -0
package/next.config.ts +28 -0
package/package.json +167 -0
package/postcss.config.mjs +8 -0
package/prisma/migrations/20260214170000_baseline/migration.sql +511 -0
package/prisma/migrations/20260216214537_add_passkey_model/migration.sql +18 -0
package/prisma/migrations/20260217150500_add_credential_access_audit/migration.sql +31 -0
package/prisma/migrations/20260222090000_update_admin_ttl_default/migration.sql +10 -0
package/prisma/migrations/migration_lock.toml +3 -0
package/prisma/schema.prisma +447 -0
package/public/logo.webp +0 -0
package/scripts/add-app.js +245 -0
package/server/abi/SwapHelper.json +438 -0
package/server/cli/approval.ts +447 -0
package/server/cli/commands/actions.ts +474 -0
package/server/cli/commands/api.ts +220 -0
package/server/cli/commands/apikey.ts +277 -0
package/server/cli/commands/app.ts +204 -0
package/server/cli/commands/auth.ts +464 -0
package/server/cli/commands/cron.ts +24 -0
package/server/cli/commands/diary.ts +274 -0
package/server/cli/commands/doctor.ts +1247 -0
package/server/cli/commands/env.ts +476 -0
package/server/cli/commands/experimental.ts +69 -0
package/server/cli/commands/init.ts +798 -0
package/server/cli/commands/lock.ts +157 -0
package/server/cli/commands/mcp.ts +285 -0
package/server/cli/commands/quickhack.ts +86 -0
package/server/cli/commands/release-check.ts +231 -0
package/server/cli/commands/restore.ts +314 -0
package/server/cli/commands/service.ts +320 -0
package/server/cli/commands/shell-hook.ts +512 -0
package/server/cli/commands/skill.ts +216 -0
package/server/cli/commands/start.ts +139 -0
package/server/cli/commands/status.ts +59 -0
package/server/cli/commands/stop.ts +36 -0
package/server/cli/commands/token.ts +180 -0
package/server/cli/commands/unlock.ts +50 -0
package/server/cli/commands/vault.ts +1323 -0
package/server/cli/commands/wallet.ts +209 -0
package/server/cli/index.ts +280 -0
package/server/cli/lib/approval-poll.ts +94 -0
package/server/cli/lib/aura-parser.ts +64 -0
package/server/cli/lib/credential-create.ts +74 -0
package/server/cli/lib/credential-resolve.ts +280 -0
package/server/cli/lib/dotenv-migrate.ts +116 -0
package/server/cli/lib/dotenv-parser.ts +146 -0
package/server/cli/lib/escalation.ts +57 -0
package/server/cli/lib/http.ts +91 -0
package/server/cli/lib/init-steps.ts +76 -0
package/server/cli/lib/local-agent-trust.ts +45 -0
package/server/cli/lib/lock-unlock-helper.ts +71 -0
package/server/cli/lib/process.ts +162 -0
package/server/cli/lib/prompt.ts +294 -0
package/server/cli/lib/theme.ts +240 -0
package/server/cli/socket.ts +579 -0
package/server/cli/transport-client.ts +50 -0
package/server/cron/index.ts +137 -0
package/server/cron/job.ts +31 -0
package/server/cron/jobs/balance-sync.ts +436 -0
package/server/cron/jobs/incoming-scan.ts +506 -0
package/server/cron/jobs/native-price.ts +70 -0
package/server/cron/jobs/orphan-cleanup.ts +40 -0
package/server/cron/jobs/strategy-runner.ts +175 -0
package/server/cron/scheduler.ts +125 -0
package/server/index.ts +420 -0
package/server/lib/adapters/factory.ts +119 -0
package/server/lib/adapters/index.ts +19 -0
package/server/lib/adapters/router.ts +297 -0
package/server/lib/adapters/telegram.ts +645 -0
package/server/lib/adapters/types.ts +89 -0
package/server/lib/adapters/webhook.ts +95 -0
package/server/lib/address.ts +49 -0
package/server/lib/agent-auth/contracts.ts +1194 -0
package/server/lib/agent-profiles.ts +419 -0
package/server/lib/ai.ts +285 -0
package/server/lib/api-registry/contracts.ts +86 -0
package/server/lib/api-registry/validation.ts +172 -0
package/server/lib/apikey-migration.ts +258 -0
package/server/lib/app-installer.ts +505 -0
package/server/lib/app-tokens.ts +247 -0
package/server/lib/approval-link.ts +27 -0
package/server/lib/auth.ts +314 -0
package/server/lib/auto-execute.ts +160 -0
package/server/lib/batch.ts +242 -0
package/server/lib/cold.ts +1048 -0
package/server/lib/config.ts +408 -0
package/server/lib/credential-access-audit.ts +85 -0
package/server/lib/credential-access-policy.ts +111 -0
package/server/lib/credential-health.ts +343 -0
package/server/lib/credential-import.ts +608 -0
package/server/lib/credential-scope.ts +102 -0
package/server/lib/credential-shares.ts +190 -0
package/server/lib/credential-transport.ts +533 -0
package/server/lib/credential-vault.ts +77 -0
package/server/lib/credentials.ts +422 -0
package/server/lib/crypto.ts +8 -0
package/server/lib/db.ts +58 -0
package/server/lib/defaults.ts +386 -0
package/server/lib/dex/index.ts +80 -0
package/server/lib/dex/relay.ts +235 -0
package/server/lib/dex/types.ts +59 -0
package/server/lib/dex/uniswap.ts +370 -0
package/server/lib/diary.ts +34 -0
package/server/lib/dont-ask-again-policy.ts +41 -0
package/server/lib/e2e-agent/artifacts.ts +36 -0
package/server/lib/e2e-agent/contracts.ts +112 -0
package/server/lib/e2e-agent/validation.ts +135 -0
package/server/lib/encrypt.ts +114 -0
package/server/lib/error.ts +20 -0
package/server/lib/events.ts +217 -0
package/server/lib/feature-flags.ts +93 -0
package/server/lib/hot.ts +357 -0
package/server/lib/human-action-summary.ts +80 -0
package/server/lib/key-fingerprint.ts +28 -0
package/server/lib/logger.ts +340 -0
package/server/lib/network.ts +137 -0
package/server/lib/notifications.ts +230 -0
package/server/lib/oauth2-refresh.ts +241 -0
package/server/lib/oursecret.ts +71 -0
package/server/lib/passkey-credential.ts +360 -0
package/server/lib/passkey.ts +68 -0
package/server/lib/permissions.ts +299 -0
package/server/lib/pino.ts +24 -0
package/server/lib/policy-preview.ts +138 -0
package/server/lib/price.ts +338 -0
package/server/lib/prices.ts +34 -0
package/server/lib/project-scope.ts +297 -0
package/server/lib/resolve-action.ts +328 -0
package/server/lib/resolve.ts +36 -0
package/server/lib/secret-gist-share.ts +296 -0
package/server/lib/sessions.ts +634 -0
package/server/lib/socket-path.ts +56 -0
package/server/lib/solana/connection.ts +26 -0
package/server/lib/solana/jupiter.ts +128 -0
package/server/lib/solana/transfer.ts +108 -0
package/server/lib/solana/wallet.ts +136 -0
package/server/lib/strategy/emits.ts +21 -0
package/server/lib/strategy/engine.ts +1305 -0
package/server/lib/strategy/executor.ts +115 -0
package/server/lib/strategy/hook-context.ts +159 -0
package/server/lib/strategy/hooks.ts +990 -0
package/server/lib/strategy/index.ts +28 -0
package/server/lib/strategy/installer.ts +305 -0
package/server/lib/strategy/loader.ts +256 -0
package/server/lib/strategy/message.ts +237 -0
package/server/lib/strategy/repository.ts +218 -0
package/server/lib/strategy/session-logger.ts +693 -0
package/server/lib/strategy/sources.ts +288 -0
package/server/lib/strategy/state.ts +189 -0
package/server/lib/strategy/templates.ts +403 -0
package/server/lib/strategy/tick.ts +404 -0
package/server/lib/strategy/types.ts +230 -0
package/server/lib/swap.ts +3 -0
package/server/lib/temp.ts +86 -0
package/server/lib/token-metadata.ts +86 -0
package/server/lib/token-safety.ts +200 -0
package/server/lib/token-search.ts +444 -0
package/server/lib/totp.ts +194 -0
package/server/lib/transactions.ts +123 -0
package/server/lib/transport.ts +84 -0
package/server/lib/txhistory/decoder.ts +262 -0
package/server/lib/txhistory/enricher.ts +652 -0
package/server/lib/txhistory/index.ts +391 -0
package/server/lib/txhistory/signatures.ts +59 -0
package/server/lib/update-check.ts +35 -0
package/server/lib/verified-summary.ts +414 -0
package/server/lib/view-registry.ts +80 -0
package/server/mcp/profile-policy.ts +30 -0
package/server/mcp/server.ts +1589 -0
package/server/mcp/tools.ts +276 -0
package/server/middleware/auth.ts +119 -0
package/server/middleware/requestLogger.ts +84 -0
package/server/routes/actions.ts +539 -0
package/server/routes/adapters.ts +711 -0
package/server/routes/addressbook.ts +113 -0
package/server/routes/ai.ts +34 -0
package/server/routes/apikeys.ts +343 -0
package/server/routes/apps.ts +601 -0
package/server/routes/auth.ts +406 -0
package/server/routes/backup.ts +404 -0
package/server/routes/batch.ts +270 -0
package/server/routes/bookmarks.ts +162 -0
package/server/routes/credential-shares.ts +380 -0
package/server/routes/credential-vaults.ts +159 -0
package/server/routes/credentials.ts +1782 -0
package/server/routes/dashboard.ts +97 -0
package/server/routes/defaults.ts +124 -0
package/server/routes/flags.ts +11 -0
package/server/routes/fund.ts +225 -0
package/server/routes/heartbeat.ts +375 -0
package/server/routes/import.ts +364 -0
package/server/routes/launch.ts +665 -0
package/server/routes/lock.ts +54 -0
package/server/routes/logs.ts +68 -0
package/server/routes/nuke.ts +111 -0
package/server/routes/passkey-credentials.ts +99 -0
package/server/routes/passkey.ts +366 -0
package/server/routes/portfolio.ts +217 -0
package/server/routes/price.ts +63 -0
package/server/routes/resolve.ts +31 -0
package/server/routes/security.ts +45 -0
package/server/routes/send-evm.ts +241 -0
package/server/routes/send-solana.ts +281 -0
package/server/routes/send.ts +178 -0
package/server/routes/setup.ts +210 -0
package/server/routes/strategy.ts +894 -0
package/server/routes/swap-evm.ts +352 -0
package/server/routes/swap-solana.ts +176 -0
package/server/routes/swap.ts +356 -0
package/server/routes/token.ts +247 -0
package/server/routes/unlock.ts +467 -0
package/server/routes/views.ts +41 -0
package/server/routes/wallet-assets.ts +361 -0
package/server/routes/wallet-transactions.ts +515 -0
package/server/routes/wallet.ts +709 -0
package/server/types.ts +146 -0
package/shared/credential-field-schema.ts +248 -0
package/skills/auramaxx/HEARTBEAT.md +78 -0
package/skills/auramaxx/SKILL.md +745 -0
package/skills/auramaxx/docs/AGENT_SETUP.md +155 -0
package/skills/auramaxx/docs/API.md +127 -0
package/skills/auramaxx/docs/AUTH.md +318 -0
package/skills/auramaxx/docs/CLI.md +130 -0
package/skills/auramaxx/docs/MCP.md +122 -0
package/skills/auramaxx/docs/TROUBLESHOOTING.md +357 -0
package/skills/auramaxx/docs/WORKSPACE.md +673 -0
package/skills/auramaxx/docs/security.md +227 -0
package/skills/task-lifecycle/SKILL.md +378 -0
package/src/app/api/[...doc]/page.tsx +36 -0
package/src/app/api/agent-requests/route.ts +30 -0
package/src/app/api/apps/install/route.ts +132 -0
package/src/app/api/apps/manifests/route.ts +16 -0
package/src/app/api/apps/static/[...path]/route.ts +57 -0
package/src/app/api/docs/plain/route.ts +74 -0
package/src/app/api/events/route.ts +92 -0
package/src/app/api/page.tsx +290 -0
package/src/app/api/workspace/[id]/apps/[wid]/route.ts +119 -0
package/src/app/api/workspace/[id]/apps/route.ts +81 -0
package/src/app/api/workspace/[id]/export/route.ts +67 -0
package/src/app/api/workspace/[id]/route.ts +168 -0
package/src/app/api/workspace/auth.ts +40 -0
package/src/app/api/workspace/config/route.ts +121 -0
package/src/app/api/workspace/import/route.ts +127 -0
package/src/app/api/workspace/route.ts +116 -0
package/src/app/app-legacy-do-not-use/page.tsx +2245 -0
package/src/app/apple-icon.png +0 -0
package/src/app/approve/[actionId]/page.tsx +409 -0
package/src/app/docs/DocsPageContent.tsx +269 -0
package/src/app/docs/[...doc]/page.tsx +41 -0
package/src/app/docs/page.tsx +38 -0
package/src/app/favicon.ico +0 -0
package/src/app/globals.css +819 -0
package/src/app/health/page.tsx +5 -0
package/src/app/hello/page.tsx +102 -0
package/src/app/icon.png +0 -0
package/src/app/layout.tsx +39 -0
package/src/app/page.tsx +1964 -0
package/src/app/privacy/page.tsx +63 -0
package/src/app/providers.tsx +87 -0
package/src/app/share/[token]/page.tsx +295 -0
package/src/app/terms/page.tsx +80 -0
package/src/components/ChainSelector.tsx +44 -0
package/src/components/HumanActionBar.tsx +697 -0
package/src/components/NotificationDrawer.tsx +387 -0
package/src/components/PasskeyEnrollmentPrompt.tsx +235 -0
package/src/components/apps/AgentKeysApp.tsx +490 -0
package/src/components/apps/App.tsx +153 -0
package/src/components/apps/AppGrid.tsx +15 -0
package/src/components/apps/DetailedAddressDrawer.tsx +325 -0
package/src/components/apps/DraggableApp.tsx +562 -0
package/src/components/apps/IFrameApp.tsx +73 -0
package/src/components/apps/LogsApp.tsx +360 -0
package/src/components/apps/SendApp.tsx +394 -0
package/src/components/apps/SetupWizardApp.tsx +1004 -0
package/src/components/apps/SystemDefaultsApp.tsx +845 -0
package/src/components/apps/ThirdPartyApp.tsx +428 -0
package/src/components/apps/TokenApp.tsx +319 -0
package/src/components/apps/TransactionsApp.tsx +438 -0
package/src/components/apps/WalletDetailApp.tsx +1505 -0
package/src/components/apps/index.ts +13 -0
package/src/components/design-system/Button.tsx +88 -0
package/src/components/design-system/ChainIndicator.tsx +65 -0
package/src/components/design-system/ChainSelector.tsx +147 -0
package/src/components/design-system/ConfirmationModal.tsx +107 -0
package/src/components/design-system/ConfirmationPopover.tsx +81 -0
package/src/components/design-system/DownloadButton.tsx +149 -0
package/src/components/design-system/Drawer.tsx +133 -0
package/src/components/design-system/FilterDropdown.tsx +183 -0
package/src/components/design-system/ItemPicker.tsx +157 -0
package/src/components/design-system/Modal.tsx +296 -0
package/src/components/design-system/Popover.tsx +142 -0
package/src/components/design-system/TextInput.tsx +85 -0
package/src/components/design-system/Toggle.tsx +65 -0
package/src/components/design-system/TyvekCollapsibleSection.tsx +55 -0
package/src/components/design-system/index.ts +14 -0
package/src/components/docs/ClientSideMarkdown.tsx +51 -0
package/src/components/docs/DocsSearchBar.tsx +118 -0
package/src/components/docs/DocsThemeToggle.tsx +38 -0
package/src/components/docs/PersistentDocGroup.tsx +91 -0
package/src/components/docs/ShareUrlButton.tsx +33 -0
package/src/components/docs/SidebarScrollMemory.tsx +56 -0
package/src/components/health/CredentialHealthDashboard.tsx +214 -0
package/src/components/icons/ChainIcons.tsx +72 -0
package/src/components/layout/AppStoreDrawer.tsx +369 -0
package/src/components/layout/ContentArea.tsx +21 -0
package/src/components/layout/CreateViewModal.tsx +88 -0
package/src/components/layout/LeftRail.tsx +114 -0
package/src/components/layout/TabBar.tsx +284 -0
package/src/components/layout/WalletSidebar.tsx +1030 -0
package/src/components/layout/index.ts +6 -0
package/src/components/marketing/AuraMaxxSpecOverlay.tsx +653 -0
package/src/components/marketing/DeviceMorphExperience.tsx +216 -0
package/src/components/vault/ApiKeysConsole.tsx +1272 -0
package/src/components/vault/AuditConsole.tsx +600 -0
package/src/components/vault/CredentialDetail.tsx +625 -0
package/src/components/vault/CredentialEmpty.tsx +55 -0
package/src/components/vault/CredentialField.tsx +583 -0
package/src/components/vault/CredentialForm.tsx +1484 -0
package/src/components/vault/CredentialList.tsx +265 -0
package/src/components/vault/CredentialRow.tsx +130 -0
package/src/components/vault/CredentialShareModal.tsx +273 -0
package/src/components/vault/CredentialVault.tsx +1662 -0
package/src/components/vault/CredentialWalletWidget.tsx +103 -0
package/src/components/vault/DocsConsole.tsx +113 -0
package/src/components/vault/ImportCredentialsModal.tsx +578 -0
package/src/components/vault/LargeTypeModal.tsx +88 -0
package/src/components/vault/PasswordGenerator.tsx +232 -0
package/src/components/vault/TOTPDisplay.tsx +108 -0
package/src/components/vault/TotpSetupPanel.tsx +198 -0
package/src/components/vault/VaultSidebar.tsx +881 -0
package/src/components/vault/credentialFormName.ts +91 -0
package/src/components/vault/hooks/useVaultKeyboardShortcuts.ts +69 -0
package/src/components/vault/types.ts +56 -0
package/src/context/AuthContext.tsx +365 -0
package/src/context/PriceContext.tsx +113 -0
package/src/context/ThemeContext.tsx +164 -0
package/src/context/WebSocketContext.tsx +269 -0
package/src/context/WorkspaceContext.tsx +668 -0
package/src/hooks/index.ts +4 -0
package/src/hooks/useAgentActions.ts +552 -0
package/src/hooks/useBalance.ts +103 -0
package/src/hooks/useBalances.ts +129 -0
package/src/hooks/useTheme.ts +156 -0
package/src/instrumentation.ts +12 -0
package/src/lib/api-docs.ts +154 -0
package/src/lib/api.ts +474 -0
package/src/lib/app-loader.ts +148 -0
package/src/lib/app-registry.ts +178 -0
package/src/lib/app-sdk.ts +157 -0
package/src/lib/audit-console-adapter.ts +151 -0
package/src/lib/auth-client.ts +75 -0
package/src/lib/config.ts +74 -0
package/src/lib/credential-field-schema.ts +11 -0
package/src/lib/crypto.ts +112 -0
package/src/lib/db.ts +21 -0
package/src/lib/docs.ts +544 -0
package/src/lib/events.ts +363 -0
package/src/lib/pino.ts +24 -0
package/src/lib/theme-handlers.ts +168 -0
package/src/lib/theme.ts +351 -0
package/src/lib/tokenData.ts +378 -0
package/src/lib/totp-import.ts +57 -0
package/src/lib/vault-crypto.ts +129 -0
package/src/lib/view-registry.ts +57 -0
package/src/lib/websocket-server.ts +302 -0
package/src/lib/websocket-setup.ts +79 -0
package/src/lib/wordlist.ts +2050 -0
package/src/lib/workspace-handlers.ts +285 -0
package/start.sh +170 -0
package/tailwind.config.ts +99 -0
package/tsconfig.json +42 -0

package/server/cli/commands/apikey.ts ADDED Viewed

@@ -0,0 +1,277 @@
+/**
+ * auramaxx apikey — API key management via CLI
+ */
+import {
+  bootstrapViaAuthRequest,
+  bootstrapViaSocket,
+  generateEphemeralKeypair,
+  type ProfileIssuanceSelection,
+} from '../../lib/credential-transport';
+import { getErrorMessage } from '../../lib/error';
+import { printHelp } from '../lib/theme';
+import { serverUrl } from '../lib/http';
+type JsonObject = Record<string, unknown>;
+function showHelp(): void {
+  printHelp('APIKEY', 'npx auramaxx apikey <subcommand> [options]', [
+    { name: 'list', desc: 'List configured API keys' },
+    { name: 'validate <service> <key>', desc: 'Validate API key with upstream provider' },
+    { name: 'set <service> <key>', desc: 'Create or update API key (name defaults to "default")' },
+    { name: 'delete <id>', desc: 'Delete API key by id' },
+  ], [
+    'Options:',
+    '  --name <name>               API key name for set (default: default)',
+    '  --metadata <json>           Metadata object for set',
+    '  --token <token>             Bearer token (default: AURA_TOKEN or socket fallback)',
+    '  --profile <id>              /auth fallback profile when socket bootstrap is blocked',
+    '  --profile-version <v>       /auth fallback profile version',
+    '  --profile-overrides <json>  Tighten-only profile override JSON',
+    '  --json                      JSON output',
+    '',
+    'Examples:',
+    '  npx auramaxx apikey list',
+    '  npx auramaxx apikey validate alchemy sk_xxx',
+    '  npx auramaxx apikey set alchemy sk_xxx --name default',
+    '  npx auramaxx apikey delete key_abc123',
+  ]);
+}
+function getFlagValue(args: string[], flag: string): string | undefined {
+  const idx = args.indexOf(flag);
+  return idx >= 0 ? args[idx + 1] : undefined;
+}
+function parseProfileSelection(args: string[]): ProfileIssuanceSelection {
+  const profile = getFlagValue(args, '--profile');
+  const profileVersion = getFlagValue(args, '--profile-version');
+  const profileOverridesRaw = getFlagValue(args, '--profile-overrides');
+  let profileOverrides: JsonObject | undefined;
+  if (profileOverridesRaw) {
+    const parsed = JSON.parse(profileOverridesRaw) as unknown;
+    if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
+      throw new Error('--profile-overrides must be a JSON object');
+    }
+    profileOverrides = parsed as JsonObject;
+  }
+  return {
+    ...(profile ? { profile } : {}),
+    ...(profileVersion ? { profileVersion } : {}),
+    ...(profileOverrides ? { profileOverrides } : {}),
+  };
+}
+async function resolveBearerToken(args: string[]): Promise<string> {
+  const explicit = getFlagValue(args, '--token') || process.env.AURA_TOKEN;
+  if (explicit) return explicit;
+  const selection = parseProfileSelection(args);
+  const keypair = generateEphemeralKeypair();
+  if (selection.profile) {
+    const result = await bootstrapViaAuthRequest(serverUrl(), 'cli-apikey', keypair, {
+      ...selection,
+      noWait: true,
+      onStatus: (message) => console.error(message),
+    });
+    if (result.approveUrl) {
+      console.error(`Approve at: ${result.approveUrl}`);
+    }
+    console.error(`After approval, re-run with: AURA_TOKEN=<token> npx auramaxx apikey ...`);
+    console.error(`Or use: npx auramaxx auth request --profile ${selection.profile} --raw-token`);
+    process.exit(1);
+  }
+  try {
+    return await bootstrapViaSocket('cli-apikey', keypair);
+  } catch (socketErr) {
+    return bootstrapViaAuthRequest(serverUrl(), 'cli-apikey', keypair, {
+      ...selection,
+      onStatus: (message) => console.error(message),
+    }).catch((authErr) => {
+      throw new Error(`${getErrorMessage(socketErr)}\n${getErrorMessage(authErr)}`);
+    });
+  }
+}
+async function requestJson(
+  path: string,
+  token: string,
+  opts: { method?: string; body?: unknown } = {},
+): Promise<Record<string, unknown>> {
+  const res = await fetch(`${serverUrl()}${path}`, {
+    method: opts.method || (opts.body !== undefined ? 'POST' : 'GET'),
+    headers: {
+      'Authorization': `Bearer ${token}`,
+      'Content-Type': 'application/json',
+    },
+    body: opts.body !== undefined ? JSON.stringify(opts.body) : undefined,
+    signal: AbortSignal.timeout(12_000),
+  });
+  const data = await res.json().catch(() => ({})) as Record<string, unknown>;
+  if (!res.ok) {
+    throw new Error(String(data.error || `HTTP ${res.status}`));
+  }
+  return data;
+}
+async function cmdList(args: string[]): Promise<number> {
+  const json = args.includes('--json');
+  const token = await resolveBearerToken(args);
+  const data = await requestJson('/apikeys', token);
+  if (json) {
+    console.log(JSON.stringify(data, null, 2));
+    return 0;
+  }
+  const apiKeys = Array.isArray((data as { apiKeys?: unknown[] }).apiKeys)
+    ? (data as { apiKeys: Array<{ id: string; service: string; name: string; keyMasked?: string }> }).apiKeys
+    : [];
+  if (apiKeys.length === 0) {
+    console.log('No API keys configured.');
+    return 0;
+  }
+  for (const key of apiKeys) {
+    console.log(`${key.id}  ${key.service}/${key.name}  ${key.keyMasked || ''}`.trim());
+  }
+  return 0;
+}
+async function cmdValidate(args: string[]): Promise<number> {
+  const service = args[0];
+  const key = args[1];
+  if (!service || !key) {
+    throw new Error('Usage: npx auramaxx apikey validate <service> <key>');
+  }
+  const json = args.includes('--json');
+  const token = await resolveBearerToken(args);
+  const data = await requestJson('/apikeys/validate', token, {
+    method: 'POST',
+    body: { service, key },
+  });
+  if (json) {
+    console.log(JSON.stringify(data, null, 2));
+  } else {
+    const valid = (data as { valid?: unknown }).valid === true;
+    console.log(`valid=${valid}`);
+    if (!valid && typeof data.error === 'string') {
+      console.log(`error=${data.error}`);
+    }
+  }
+  return (data as { valid?: unknown }).valid === true ? 0 : 1;
+}
+async function cmdSet(args: string[]): Promise<number> {
+  const service = args[0];
+  const key = args[1];
+  if (!service || !key) {
+    throw new Error('Usage: npx auramaxx apikey set <service> <key> [--name <name>]');
+  }
+  const name = getFlagValue(args, '--name') || 'default';
+  const metadataRaw = getFlagValue(args, '--metadata');
+  let metadata: JsonObject | undefined;
+  if (metadataRaw) {
+    const parsed = JSON.parse(metadataRaw) as unknown;
+    if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
+      throw new Error('--metadata must be a JSON object');
+    }
+    metadata = parsed as JsonObject;
+  }
+  const json = args.includes('--json');
+  const token = await resolveBearerToken(args);
+  const data = await requestJson('/apikeys', token, {
+    method: 'POST',
+    body: {
+      service,
+      name,
+      key,
+      ...(metadata ? { metadata } : {}),
+    },
+  });
+  if (json) {
+    console.log(JSON.stringify(data, null, 2));
+  } else {
+    console.log(`Saved API key ${service}/${name}.`);
+  }
+  return 0;
+}
+async function cmdDelete(args: string[]): Promise<number> {
+  const id = args[0];
+  if (!id) {
+    throw new Error('Usage: npx auramaxx apikey delete <id>');
+  }
+  const json = args.includes('--json');
+  const token = await resolveBearerToken(args);
+  const data = await requestJson(`/apikeys/${encodeURIComponent(id)}`, token, { method: 'DELETE' });
+  if (json) {
+    console.log(JSON.stringify(data, null, 2));
+  } else {
+    console.log(String((data as { message?: unknown }).message || 'Deleted API key.'));
+  }
+  return (data as { success?: unknown }).success === false ? 1 : 0;
+}
+async function main(): Promise<void> {
+  const args = process.argv.slice(2);
+  const subcommand = args[0];
+  if (!subcommand || subcommand === '--help' || subcommand === '-h') {
+    showHelp();
+    process.exit(0);
+  }
+  try {
+    let exitCode = 0;
+    switch (subcommand) {
+      case 'list':
+        exitCode = await cmdList(args.slice(1));
+        break;
+      case 'validate':
+        exitCode = await cmdValidate(args.slice(1));
+        break;
+      case 'set':
+      case 'create':
+      case 'upsert':
+        exitCode = await cmdSet(args.slice(1));
+        break;
+      case 'delete':
+      case 'del':
+      case 'rm':
+        exitCode = await cmdDelete(args.slice(1));
+        break;
+      default:
+        throw new Error(`Unknown apikey subcommand: ${subcommand}`);
+    }
+    process.exit(exitCode);
+  } catch (error) {
+    console.error(`API key command failed: ${getErrorMessage(error)}`);
+    process.exit(1);
+  }
+}
+if (import.meta.url === `file://${process.argv[1]}`) {
+  main().catch((error) => {
+    console.error(`API key command failed: ${getErrorMessage(error)}`);
+    process.exit(1);
+  });
+}

package/server/cli/commands/app.ts ADDED Viewed

@@ -0,0 +1,204 @@
+/**
+ * auramaxx app — Manage installed apps
+ *
+ * Usage:
+ *   npx auramaxx app install <source> [--name <id>] [--force]
+ *   npx auramaxx app remove <id> [--yes]
+ *   npx auramaxx app list
+ *   npx auramaxx app update <id>
+ */
+import {
+  installApp,
+  removeApp,
+  listApps,
+  updateApp,
+} from '../../lib/app-installer';
+import { promptConfirm } from '../lib/prompt';
+import { getErrorMessage } from '../../lib/error';
+const args = process.argv.slice(2);
+function getFlag(name: string): boolean {
+  return args.includes(`--${name}`);
+}
+function getFlagValue(name: string): string | undefined {
+  const idx = args.indexOf(`--${name}`);
+  if (idx === -1 || idx + 1 >= args.length) return undefined;
+  return args[idx + 1];
+}
+function showHelp() {
+  console.log(`
+  auramaxx app — Manage installed apps
+  Usage:
+    npx auramaxx app install <source> [--name <id>] [--force]
+    npx auramaxx app remove <id> [--yes]
+    npx auramaxx app list
+    npx auramaxx app update <id>
+  Sources:
+    Local path       ./path/to/app or /absolute/path
+    Git repo         github.com/user/repo
+    Tarball          https://example.com/app.tar.gz
+    Zip              https://example.com/app.zip
+    Subdirectory     github.com/user/repo#path=apps/my-app
+  Options:
+    --name <id>      Override the app folder name
+    --force          Overwrite existing app with same ID
+    --yes            Skip removal confirmation
+  Examples:
+    npx auramaxx app install github.com/user/my-app
+    npx auramaxx app install ./my-local-app --name custom-id
+    npx auramaxx app list
+    npx auramaxx app remove my-app
+    npx auramaxx app update my-app
+`);
+}
+async function main() {
+  const subcommand = args[0];
+  if (!subcommand || subcommand === '--help' || subcommand === '-h') {
+    showHelp();
+    process.exit(0);
+  }
+  switch (subcommand) {
+    case 'install': {
+      const source = args[1];
+      if (!source || source.startsWith('--')) {
+        console.error('  Error: Missing source argument\n');
+        console.error('  Usage: npx auramaxx app install <source> [--name <id>] [--force]');
+        process.exit(1);
+      }
+      const name = getFlagValue('name');
+      const force = getFlag('force');
+      console.log(`\n  Installing app from: ${source}`);
+      if (name) console.log(`  App ID: ${name}`);
+      if (force) console.log(`  Force: overwrite existing`);
+      console.log('');
+      try {
+        const result = installApp(source, { name, force });
+        console.log(`  ┌─────────────────────────────────────────┐`);
+        console.log(`  │ App installed successfully            │`);
+        console.log(`  ├─────────────────────────────────────────┤`);
+        console.log(`  │ ID:     ${result.id.padEnd(32)}│`);
+        console.log(`  │ Name:   ${result.name.padEnd(32)}│`);
+        console.log(`  │ Source: ${result.source.type.padEnd(32)}│`);
+        console.log(`  │ Path:   apps/${result.id.padEnd(23)}│`);
+        console.log(`  └─────────────────────────────────────────┘`);
+        console.log('');
+        console.log('  App will appear in the App Store under INSTALLED.');
+        console.log('  Restart the server or use the dashboard to load it.\n');
+      } catch (err) {
+        const msg = getErrorMessage(err);
+        console.error(`  Error: ${msg}\n`);
+        process.exit(1);
+      }
+      break;
+    }
+    case 'remove': {
+      const id = args[1];
+      if (!id || id.startsWith('--')) {
+        console.error('  Error: Missing app ID\n');
+        console.error('  Usage: npx auramaxx app remove <id> [--yes]');
+        process.exit(1);
+      }
+      const skipConfirm = getFlag('yes');
+      if (!skipConfirm) {
+        const confirmed = await promptConfirm(`  Remove app "${id}"?`);
+        if (!confirmed) {
+          console.log('  Cancelled.\n');
+          process.exit(0);
+        }
+      }
+      try {
+        removeApp(id);
+        console.log(`\n  App "${id}" removed.\n`);
+        console.log('  Note: App token will be revoked on next server restart.\n');
+      } catch (err) {
+        const msg = getErrorMessage(err);
+        console.error(`  Error: ${msg}\n`);
+        process.exit(1);
+      }
+      break;
+    }
+    case 'list': {
+      const apps = listApps();
+      if (apps.length === 0) {
+        console.log('\n  No apps installed.\n');
+        console.log('  Install a app:');
+        console.log('    npx auramaxx app install <source>\n');
+        process.exit(0);
+      }
+      console.log(`\n  Installed Apps (${apps.length})\n`);
+      for (const w of apps) {
+        const sourceLabel = w.source
+          ? `${w.source.type} — ${w.source.url}`
+          : 'local (no .source.json)';
+        const perms = w.permissions.length > 0
+          ? w.permissions.join(', ')
+          : 'none';
+        console.log(`  ┌ ${w.name} (${w.id})`);
+        console.log(`  │ ${w.description || '(no description)'}`);
+        console.log(`  │ Permissions: ${perms}`);
+        console.log(`  │ Source: ${sourceLabel}`);
+        if (w.source?.installedAt) {
+          console.log(`  │ Installed: ${w.source.installedAt}`);
+        }
+        console.log(`  └──`);
+        console.log('');
+      }
+      break;
+    }
+    case 'update': {
+      const id = args[1];
+      if (!id || id.startsWith('--')) {
+        console.error('  Error: Missing app ID\n');
+        console.error('  Usage: npx auramaxx app update <id>');
+        process.exit(1);
+      }
+      console.log(`\n  Updating app "${id}"...\n`);
+      try {
+        const result = updateApp(id);
+        console.log(`  App "${result.id}" updated from ${result.source.type} source.`);
+        console.log(`  Restart the server to load changes.\n`);
+      } catch (err) {
+        const msg = getErrorMessage(err);
+        console.error(`  Error: ${msg}\n`);
+        process.exit(1);
+      }
+      break;
+    }
+    default:
+      console.error(`  Unknown subcommand: ${subcommand}\n`);
+      showHelp();
+      process.exit(1);
+  }
+}
+main().catch((error) => {
+  console.error('Error:', getErrorMessage(error));
+  process.exit(1);
+});