auramaxx 0.0.1

package/server/cli/lib/http.ts

@@ -0,0 +1,91 @@
+/**
+ * HTTP helpers for CLI commands
+ */
+
+const DEFAULT_SERVER_URL = 'http://localhost:4242';
+
+/**
+ * Get the wallet server URL from env or default
+ */
+export function serverUrl(): string {
+  return process.env.WALLET_SERVER_URL || DEFAULT_SERVER_URL;
+}
+
+/**
+ * Fetch JSON from the wallet server
+ */
+export async function fetchJson<T = unknown>(
+  path: string,
+  opts: { method?: string; body?: unknown; token?: string } = {}
+): Promise<T> {
+  const url = `${serverUrl()}${path}`;
+  const headers: Record<string, string> = { 'Content-Type': 'application/json' };
+  if (opts.token) {
+    headers['Authorization'] = `Bearer ${opts.token}`;
+  }
+
+  const response = await fetch(url, {
+    method: opts.method || (opts.body ? 'POST' : 'GET'),
+    headers,
+    body: opts.body ? JSON.stringify(opts.body) : undefined,
+  });
+
+  const data = await response.json() as T & { error?: string };
+
+  if (!response.ok) {
+    throw new Error((data as { error?: string }).error || `HTTP ${response.status}`);
+  }
+
+  return data;
+}
+
+/**
+ * Fetch the server's RSA public key for password encryption
+ */
+export async function fetchPublicKey(): Promise<string> {
+  const data = await fetchJson<{ publicKey: string }>('/auth/connect');
+  return data.publicKey;
+}
+
+/**
+ * Check if the wallet server is running
+ */
+export async function isServerRunning(): Promise<boolean> {
+  try {
+    await fetchJson('/health');
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Poll /health until the server is up, or timeout
+ */
+export async function waitForServer(timeoutMs: number = 15000): Promise<void> {
+  const start = Date.now();
+  while (Date.now() - start < timeoutMs) {
+    if (await isServerRunning()) return;
+    await new Promise((r) => setTimeout(r, 500));
+  }
+  throw new Error(`Server did not start within ${timeoutMs / 1000}s`);
+}
+
+/**
+ * Setup status from GET /setup
+ */
+export interface SetupStatus {
+  hasWallet: boolean;
+  unlocked: boolean;
+  address: string | null;
+  adapters?: { telegram: boolean; webhook: boolean };
+  apiKeys?: { alchemy: boolean; anthropic: boolean };
+  defaultChain?: string;
+}
+
+/**
+ * Fetch setup status from the wallet server
+ */
+export async function fetchSetupStatus(): Promise<SetupStatus> {
+  return fetchJson<SetupStatus>('/setup');
+}

package/server/cli/lib/init-steps.ts

@@ -0,0 +1,76 @@
+/**
+ * Filesystem + Prisma setup steps for init command
+ */
+
+import * as path from 'path';
+import * as fs from 'fs';
+import * as os from 'os';
+import { execSync } from 'child_process';
+import { findProjectRoot } from './process';
+
+function getDataDir(): string {
+  return process.env.WALLET_DATA_DIR || path.join(os.homedir(), '.auramaxx');
+}
+
+/**
+ * Create the ~/.auramaxx/ directory structure
+ */
+export function ensureDirectories(): void {
+  const dataDir = getDataDir();
+  const dirs = [
+    dataDir,
+    path.join(dataDir, 'hot'),
+    path.join(dataDir, 'pending'),
+  ];
+
+  for (const dir of dirs) {
+    if (!fs.existsSync(dir)) {
+      fs.mkdirSync(dir, { recursive: true });
+    }
+  }
+
+  // Root-level tmp/backups directories are no longer created here.
+}
+
+/**
+ * Run Prisma migrations against ~/.auramaxx/auramaxx.db
+ */
+export function runMigrations(root?: string): void {
+  const projectRoot = root || findProjectRoot();
+  const dbUrl = process.env.DATABASE_URL || `file:${getDataDir()}/auramaxx.db`;
+  const env = { ...process.env, DATABASE_URL: dbUrl };
+
+  try {
+    // Try deploy first (production-style, no prompts)
+    execSync('npx prisma migrate deploy', {
+      cwd: projectRoot,
+      env,
+      stdio: 'pipe',
+    });
+  } catch {
+    // Fallback to dev migration (creates migration if needed)
+    execSync('npx prisma migrate dev --name init', {
+      cwd: projectRoot,
+      env,
+      stdio: 'pipe',
+    });
+  }
+}
+
+/**
+ * Generate the Prisma client
+ */
+export function generatePrismaClient(root?: string): void {
+  const projectRoot = root || findProjectRoot();
+  execSync('npx prisma generate', {
+    cwd: projectRoot,
+    stdio: 'pipe',
+  });
+}
+
+/**
+ * Check if a primary vault file already exists
+ */
+export function hasVault(): boolean {
+  return fs.existsSync(path.join(getDataDir(), 'vault-primary.json'));
+}

package/server/cli/lib/local-agent-trust.ts

@@ -0,0 +1,45 @@
+import type { LocalAgentProfileMode } from '../../lib/agent-profiles';
+import { fetchJson } from './http';
+
+export interface LocalAgentTrustDefaults {
+  profile: LocalAgentProfileMode;
+  profileVersion: 'v1';
+  autoApprove: boolean;
+}
+
+export function resolveLocalAgentModeChoice(input: string): LocalAgentProfileMode {
+  const normalized = input.trim().toLowerCase();
+  if (normalized === '2' || normalized === 'strict') return 'strict';
+  if (normalized === '3' || normalized === 'admin') return 'admin';
+  return 'dev';
+}
+
+export function toLocalAgentTrustDefaults(profile: LocalAgentProfileMode): LocalAgentTrustDefaults {
+  return {
+    profile,
+    profileVersion: 'v1',
+    autoApprove: profile !== 'strict',
+  };
+}
+
+export async function persistLocalAgentTrustDefaults(token: string, profile: LocalAgentProfileMode): Promise<LocalAgentTrustDefaults> {
+  const defaults = toLocalAgentTrustDefaults(profile);
+
+  await fetchJson('/defaults/trust.localProfile', {
+    method: 'PATCH',
+    body: { value: defaults.profile },
+    token,
+  });
+  await fetchJson('/defaults/trust.localProfileVersion', {
+    method: 'PATCH',
+    body: { value: defaults.profileVersion },
+    token,
+  });
+  await fetchJson('/defaults/trust.localAutoApprove', {
+    method: 'PATCH',
+    body: { value: defaults.autoApprove },
+    token,
+  });
+
+  return defaults;
+}

package/server/cli/lib/lock-unlock-helper.ts

@@ -0,0 +1,71 @@
+import { spawnSync } from 'child_process';
+import { promptSelect } from './prompt';
+import { getErrorMessage } from '../../lib/error';
+
+export interface LockUnlockHelperInput {
+  context: string;
+  error?: unknown;
+  statusCode?: number;
+  payload?: unknown;
+}
+
+function dashboardUrl(): string {
+  const port = process.env.DASHBOARD_PORT || '4747';
+  return `http://localhost:${port}`;
+}
+
+function toSearchableText(input: LockUnlockHelperInput): string {
+  const parts: string[] = [];
+  if (input.error) parts.push(getErrorMessage(input.error));
+  if (typeof input.payload === 'string') parts.push(input.payload);
+  if (input.payload && typeof input.payload === 'object') {
+    try {
+      parts.push(JSON.stringify(input.payload));
+    } catch {
+      // ignore
+    }
+  }
+  return parts.join(' ').toLowerCase();
+}
+
+function isLikelyLockError(input: LockUnlockHelperInput): boolean {
+  if (input.statusCode === 423) return true;
+  const text = toSearchableText(input);
+  const hasLockWord = text.includes('locked') || text.includes('unlock');
+  const hasVaultContext = text.includes('vault') || text.includes('wallet') || text.includes('daemon');
+  return hasLockWord && hasVaultContext;
+}
+
+function printSharedGuidance(context: string): void {
+  console.error(`\nVault is locked (${context}).`);
+  console.error(`1) Unlock in dashboard: ${dashboardUrl()}`);
+  console.error('2) Unlock in terminal now (hidden password): auramaxx unlock');
+}
+
+export async function maybeHandleLockError(input: LockUnlockHelperInput): Promise<boolean> {
+  if (!isLikelyLockError(input)) return false;
+
+  const interactive = Boolean(process.stdin.isTTY && process.stdout.isTTY);
+  printSharedGuidance(input.context);
+
+  if (!interactive) {
+    console.error('Non-interactive shell detected; run `auramaxx unlock` and retry.');
+    return true;
+  }
+
+  const choice = await promptSelect('Choose unlock path:', [
+    { value: 'dashboard', label: 'dashboard', aliases: ['1', 'open'] },
+    { value: 'terminal', label: 'terminal (unlock now)', aliases: ['2', 'cli'] },
+  ], 'terminal');
+
+  if (choice === 'terminal') {
+    const result = spawnSync('npx', ['auramaxx', 'unlock'], { stdio: 'inherit', env: process.env });
+    if (result.status !== 0) {
+      console.error('Terminal unlock did not complete successfully.');
+    }
+  } else {
+    console.error(`Open ${dashboardUrl()} and unlock, then retry your command.`);
+  }
+
+  return true;
+}

package/server/cli/lib/process.ts

@@ -0,0 +1,162 @@
+/**
+ * Process management for CLI commands
+ */
+
+import { spawn, ChildProcess, execSync } from 'child_process';
+import { randomBytes } from 'crypto';
+import * as path from 'path';
+import * as fs from 'fs';
+import { resolveAuraSocketPath } from '../../lib/socket-path';
+
+/**
+ * Find the project root by walking up from __dirname to find the package.json.
+ */
+export function findProjectRoot(): string {
+  let dir = __dirname;
+  for (let i = 0; i < 10; i++) {
+    const pkgPath = path.join(dir, 'package.json');
+    if (fs.existsSync(pkgPath)) {
+      try {
+        const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+        if (pkg.name === 'auramaxx') return dir;
+      } catch {
+        // Not valid JSON, keep going
+      }
+    }
+    const parent = path.dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  throw new Error('Could not find auramaxx project root');
+}
+
+/**
+ * Stop any running AuraMaxx server processes
+ */
+export function stopServer(): void {
+  // In sandbox mode, don't kill other processes — the sandbox script manages its own
+  if (process.env.SANDBOX_MODE) return;
+
+  // Kill by command-line pattern (catches tsx shim + npx wrapper)
+  const patterns = [
+    'tsx server/index.ts',
+    'tsx watch server/index.ts',
+    'tsx server/cron/index.ts',
+    'next dev -p 4747',
+    'next start -p 4747',
+  ];
+
+  for (const pattern of patterns) {
+    try {
+      execSync(`pkill -f "${pattern}" 2>/dev/null`, { stdio: 'ignore' });
+    } catch {
+      // Process not found, that's fine
+    }
+  }
+
+  // Also kill by port — catches node worker processes that tsx spawns
+  // (the worker command line doesn't contain "tsx server/index.ts")
+  const ports = [
+    process.env.WALLET_SERVER_PORT || '4242',
+    process.env.DASHBOARD_PORT || '4747',
+  ];
+  for (const port of ports) {
+    try {
+      execSync(`lsof -ti TCP:${port} -s TCP:LISTEN | xargs kill 2>/dev/null`, { stdio: 'ignore' });
+    } catch {
+      // Nothing listening, that's fine
+    }
+  }
+
+  // Give processes a moment to die
+  try {
+    execSync('sleep 0.5', { stdio: 'ignore' });
+  } catch {
+    // Ignore
+  }
+}
+
+/**
+ * Start the AuraMaxx server processes
+ * Returns child processes for cleanup
+ */
+export function startServer(opts: { headless?: boolean; debug?: boolean; background?: boolean } = {}): ChildProcess[] {
+  const root = findProjectRoot();
+  const children: ChildProcess[] = [];
+
+  // Set BYPASS_RATE_LIMIT for local dev
+  // Generate a shared secret so the cron server can authenticate with the wallet server's internal endpoints.
+  // Regenerated every start, so it's ephemeral like the SIGNING_KEY.
+  const cronSecret = randomBytes(32).toString('hex');
+  const env = { ...process.env, BYPASS_RATE_LIMIT: 'true', STRATEGY_CRON_SHARED_SECRET: cronSecret };
+  const useNodeTsxLoader = process.env.SANDBOX_MODE === 'true' || process.env.AURA_FORCE_NODE_TSX === '1';
+  const tsRunnerCmd = useNodeTsxLoader ? process.execPath : 'npx';
+  const tsRunnerArgs = (entryFile: string) =>
+    useNodeTsxLoader ? ['--import', 'tsx', entryFile] : ['tsx', entryFile];
+  const debug = opts.debug === true;
+  const stdioMode: 'ignore' | 'inherit' = debug ? 'inherit' : 'ignore';
+  // Only detach children in background mode. In foreground mode, children stay
+  // in the same process group so they die together with the parent on Cmd+C.
+  const detached = opts.background === true;
+
+  // Start Express server
+  const server = spawn(tsRunnerCmd, tsRunnerArgs('server/index.ts'), {
+    cwd: root,
+    env,
+    stdio: stdioMode,
+    detached,
+  });
+  if (detached) server.unref();
+  children.push(server);
+
+  // Start cron server
+  const cron = spawn(tsRunnerCmd, tsRunnerArgs('server/cron/index.ts'), {
+    cwd: root,
+    env,
+    stdio: stdioMode,
+    detached,
+  });
+  if (detached) cron.unref();
+  children.push(cron);
+
+  // Start Next.js dashboard unless headless
+  if (!opts.headless) {
+    const dashboardPort = process.env.DASHBOARD_PORT || '4747';
+    const dashboard = spawn('npx', ['next', 'dev', '-p', dashboardPort], {
+      cwd: root,
+      env,
+      stdio: stdioMode,
+      detached,
+    });
+    if (detached) dashboard.unref();
+    children.push(dashboard);
+  }
+
+  return children;
+}
+
+/**
+ * Clean up temp files (lock files, socket files)
+ */
+export function cleanupTempFiles(): void {
+  const uid = process.getuid?.() ?? 'unknown';
+  const socketPath = resolveAuraSocketPath({
+    uid,
+    serverPort: process.env.WALLET_SERVER_PORT,
+    serverUrl: process.env.WALLET_SERVER_URL,
+  });
+  const files = [
+    `/tmp/aura-cli-${uid}.lock`,
+    socketPath,
+  ];
+
+  for (const file of files) {
+    try {
+      if (fs.existsSync(file)) {
+        fs.unlinkSync(file);
+      }
+    } catch {
+      // Ignore cleanup errors
+    }
+  }
+}