npm - auramaxx - Versions diffs - 1.0.0-alpha.4 - Mend

auramaxx 1.0.0-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (363) hide show

package/LICENSE +26 -0
package/README.md +112 -0
package/bin/aurawallet.js +121 -0
package/docs/ADAPTERS.md +467 -0
package/docs/API.md +2679 -0
package/docs/APPS.md +198 -0
package/docs/ARCHITECTURE.md +350 -0
package/docs/AUTH.md +698 -0
package/docs/BEST-PRACTICES.md +121 -0
package/docs/CLI.md +61 -0
package/docs/DEVELOPING-APPS.md +452 -0
package/docs/EXTENSION.md +97 -0
package/docs/JOBS.md +33 -0
package/docs/MCP.md +76 -0
package/docs/PROTOCOL.md +142 -0
package/docs/SETUP.md +219 -0
package/docs/WORKSPACE.md +672 -0
package/docs/agent-auth.md +63 -0
package/docs/aura-file.md +48 -0
package/docs/credentials.md +53 -0
package/docs/external/getting-started.md +65 -0
package/docs/external/overview.md +45 -0
package/docs/external/use-cases.md +48 -0
package/docs/external/why-aura.md +35 -0
package/docs/jobs/connect-agent.md +77 -0
package/docs/jobs/migrate-from-dotenv.md +79 -0
package/docs/jobs/recover-from-lockout.md +72 -0
package/docs/jobs/secure-ci.md +63 -0
package/docs/oauth2.md +42 -0
package/docs/passkeys.md +60 -0
package/docs/security.md +540 -0
package/docs/specs/aura-open-protocol.md +61 -0
package/docs/specs/aura-provider-plugin.md +24 -0
package/docs/specs/aura-registry-model.md +31 -0
package/docs/specs/fixtures/invalid-bad-key.aura +1 -0
package/docs/specs/fixtures/invalid-bad-unicode-escape.aura +1 -0
package/docs/specs/fixtures/invalid-duplicate-key.aura +2 -0
package/docs/specs/fixtures/valid-basic.aura +4 -0
package/docs/specs/fixtures/valid-provider-ref.aura +1 -0
package/docs/specs/fixtures/valid-quoted-escapes.aura +2 -0
package/docs/templates/RELEASE_NOTES_TEMPLATE.md +22 -0
package/docs/totp.md +40 -0
package/docs/wallet/AI.md +508 -0
package/docs/wallet/DEVELOPING-STRATEGIES.md +713 -0
package/docs/wallet/README.md +47 -0
package/docs/wallet/STRATEGY.md +89 -0
package/next.config.ts +21 -0
package/package.json +151 -0
package/postcss.config.mjs +8 -0
package/prisma/migrations/20260214170000_baseline/migration.sql +511 -0
package/prisma/migrations/20260216214537_add_passkey_model/migration.sql +18 -0
package/prisma/migrations/20260217150500_add_credential_access_audit/migration.sql +31 -0
package/prisma/migrations/migration_lock.toml +3 -0
package/prisma/schema.prisma +447 -0
package/public/logo-chevron.svg +31 -0
package/public/logo-concentric.svg +31 -0
package/public/logo-crosshatch.svg +39 -0
package/public/logo-dashed.svg +39 -0
package/public/logo-horizontal.svg +31 -0
package/public/logo-m56.svg +64 -0
package/public/logo.webp +0 -0
package/scripts/add-app.js +245 -0
package/scripts/init.sh +57 -0
package/scripts/migrate-apikeys-to-credentials.ts +35 -0
package/scripts/sandbox-agent-flow.sh +235 -0
package/scripts/sandbox.sh +175 -0
package/scripts/validate-job-docs.mjs +125 -0
package/server/abi/SwapHelper.json +438 -0
package/server/cli/approval.ts +447 -0
package/server/cli/commands/app.ts +204 -0
package/server/cli/commands/cron.ts +24 -0
package/server/cli/commands/doctor.ts +1007 -0
package/server/cli/commands/env.ts +456 -0
package/server/cli/commands/init.ts +752 -0
package/server/cli/commands/mcp.ts +125 -0
package/server/cli/commands/restore.ts +314 -0
package/server/cli/commands/shell-hook.ts +468 -0
package/server/cli/commands/start.ts +62 -0
package/server/cli/commands/status.ts +59 -0
package/server/cli/commands/stop.ts +14 -0
package/server/cli/commands/token.ts +180 -0
package/server/cli/commands/unlock.ts +49 -0
package/server/cli/commands/vault.ts +417 -0
package/server/cli/index.ts +328 -0
package/server/cli/lib/aura-parser.ts +64 -0
package/server/cli/lib/credential-create.ts +74 -0
package/server/cli/lib/credential-resolve.ts +254 -0
package/server/cli/lib/dotenv-migrate.ts +116 -0
package/server/cli/lib/dotenv-parser.ts +146 -0
package/server/cli/lib/http.ts +91 -0
package/server/cli/lib/init-steps.ts +76 -0
package/server/cli/lib/local-agent-trust.ts +45 -0
package/server/cli/lib/process.ts +136 -0
package/server/cli/lib/prompt.ts +85 -0
package/server/cli/lib/theme.ts +240 -0
package/server/cli/socket.ts +570 -0
package/server/cli/transport-client.ts +50 -0
package/server/cron/index.ts +137 -0
package/server/cron/job.ts +31 -0
package/server/cron/jobs/balance-sync.ts +436 -0
package/server/cron/jobs/incoming-scan.ts +506 -0
package/server/cron/jobs/native-price.ts +70 -0
package/server/cron/jobs/orphan-cleanup.ts +40 -0
package/server/cron/jobs/strategy-runner.ts +175 -0
package/server/cron/scheduler.ts +125 -0
package/server/index.ts +406 -0
package/server/lib/adapters/factory.ts +110 -0
package/server/lib/adapters/index.ts +19 -0
package/server/lib/adapters/router.ts +297 -0
package/server/lib/adapters/telegram.ts +645 -0
package/server/lib/adapters/types.ts +89 -0
package/server/lib/adapters/webhook.ts +95 -0
package/server/lib/address.ts +49 -0
package/server/lib/agent-auth/contracts.ts +1194 -0
package/server/lib/agent-profiles.ts +328 -0
package/server/lib/ai.ts +285 -0
package/server/lib/api-registry/contracts.ts +86 -0
package/server/lib/api-registry/validation.ts +172 -0
package/server/lib/apikey-migration.ts +189 -0
package/server/lib/app-installer.ts +505 -0
package/server/lib/app-tokens.ts +247 -0
package/server/lib/auth.ts +314 -0
package/server/lib/batch.ts +242 -0
package/server/lib/cold.ts +874 -0
package/server/lib/config.ts +381 -0
package/server/lib/credential-access-audit.ts +85 -0
package/server/lib/credential-access-policy.ts +110 -0
package/server/lib/credential-health.ts +343 -0
package/server/lib/credential-import.ts +487 -0
package/server/lib/credential-scope.ts +87 -0
package/server/lib/credential-shares.ts +190 -0
package/server/lib/credential-transport.ts +342 -0
package/server/lib/credential-vault.ts +77 -0
package/server/lib/credentials.ts +333 -0
package/server/lib/crypto.ts +8 -0
package/server/lib/db.ts +15 -0
package/server/lib/defaults.ts +366 -0
package/server/lib/dex/index.ts +80 -0
package/server/lib/dex/relay.ts +235 -0
package/server/lib/dex/types.ts +59 -0
package/server/lib/dex/uniswap.ts +370 -0
package/server/lib/e2e-agent/artifacts.ts +36 -0
package/server/lib/e2e-agent/contracts.ts +112 -0
package/server/lib/e2e-agent/validation.ts +135 -0
package/server/lib/encrypt.ts +128 -0
package/server/lib/error.ts +20 -0
package/server/lib/events.ts +205 -0
package/server/lib/hot.ts +357 -0
package/server/lib/key-fingerprint.ts +28 -0
package/server/lib/logger.ts +331 -0
package/server/lib/network.ts +137 -0
package/server/lib/notifications.ts +219 -0
package/server/lib/oauth2-refresh.ts +241 -0
package/server/lib/oursecret.ts +54 -0
package/server/lib/passkey-credential.ts +360 -0
package/server/lib/passkey.ts +68 -0
package/server/lib/permissions.ts +248 -0
package/server/lib/pino.ts +24 -0
package/server/lib/policy-preview.ts +138 -0
package/server/lib/price.ts +338 -0
package/server/lib/prices.ts +34 -0
package/server/lib/project-scope.ts +239 -0
package/server/lib/resolve-action.ts +427 -0
package/server/lib/resolve.ts +36 -0
package/server/lib/sessions.ts +632 -0
package/server/lib/solana/connection.ts +26 -0
package/server/lib/solana/jupiter.ts +128 -0
package/server/lib/solana/transfer.ts +108 -0
package/server/lib/solana/wallet.ts +136 -0
package/server/lib/strategy/emits.ts +21 -0
package/server/lib/strategy/engine.ts +1305 -0
package/server/lib/strategy/executor.ts +115 -0
package/server/lib/strategy/hook-context.ts +158 -0
package/server/lib/strategy/hooks.ts +990 -0
package/server/lib/strategy/index.ts +28 -0
package/server/lib/strategy/installer.ts +305 -0
package/server/lib/strategy/loader.ts +256 -0
package/server/lib/strategy/message.ts +235 -0
package/server/lib/strategy/repository.ts +218 -0
package/server/lib/strategy/session-logger.ts +693 -0
package/server/lib/strategy/sources.ts +288 -0
package/server/lib/strategy/state.ts +189 -0
package/server/lib/strategy/templates.ts +403 -0
package/server/lib/strategy/tick.ts +404 -0
package/server/lib/strategy/types.ts +230 -0
package/server/lib/swap.ts +3 -0
package/server/lib/temp.ts +86 -0
package/server/lib/token-metadata.ts +86 -0
package/server/lib/token-safety.ts +200 -0
package/server/lib/token-search.ts +444 -0
package/server/lib/totp.ts +194 -0
package/server/lib/transactions.ts +123 -0
package/server/lib/transport.ts +75 -0
package/server/lib/txhistory/decoder.ts +262 -0
package/server/lib/txhistory/enricher.ts +652 -0
package/server/lib/txhistory/index.ts +391 -0
package/server/lib/txhistory/signatures.ts +59 -0
package/server/lib/verified-summary.ts +421 -0
package/server/mcp/profile-policy.ts +30 -0
package/server/mcp/server.ts +619 -0
package/server/mcp/tools.ts +523 -0
package/server/middleware/auth.ts +119 -0
package/server/middleware/requestLogger.ts +84 -0
package/server/routes/actions.ts +459 -0
package/server/routes/adapters.ts +703 -0
package/server/routes/addressbook.ts +113 -0
package/server/routes/ai.ts +34 -0
package/server/routes/apikeys.ts +295 -0
package/server/routes/apps.ts +601 -0
package/server/routes/auth.ts +457 -0
package/server/routes/backup.ts +340 -0
package/server/routes/batch.ts +270 -0
package/server/routes/bookmarks.ts +162 -0
package/server/routes/credential-shares.ts +198 -0
package/server/routes/credential-vaults.ts +154 -0
package/server/routes/credentials.ts +1290 -0
package/server/routes/dashboard.ts +71 -0
package/server/routes/defaults.ts +124 -0
package/server/routes/fund.ts +229 -0
package/server/routes/import.ts +352 -0
package/server/routes/launch.ts +665 -0
package/server/routes/lock.ts +54 -0
package/server/routes/logs.ts +68 -0
package/server/routes/nuke.ts +111 -0
package/server/routes/passkey-credentials.ts +99 -0
package/server/routes/passkey.ts +346 -0
package/server/routes/portfolio.ts +217 -0
package/server/routes/price.ts +63 -0
package/server/routes/resolve.ts +31 -0
package/server/routes/security.ts +45 -0
package/server/routes/send-evm.ts +241 -0
package/server/routes/send-solana.ts +281 -0
package/server/routes/send.ts +178 -0
package/server/routes/setup.ts +210 -0
package/server/routes/strategy.ts +894 -0
package/server/routes/swap-evm.ts +353 -0
package/server/routes/swap-solana.ts +177 -0
package/server/routes/swap.ts +356 -0
package/server/routes/token.ts +247 -0
package/server/routes/unlock.ts +403 -0
package/server/routes/wallet-assets.ts +361 -0
package/server/routes/wallet-transactions.ts +515 -0
package/server/routes/wallet.ts +710 -0
package/server/types.ts +146 -0
package/skills/aurawallet/SKILL.md +739 -0
package/skills/aurawallet-setup/SKILL.md +74 -0
package/skills/security-review/SKILL.md +148 -0
package/src/app/api/agent-requests/route.ts +30 -0
package/src/app/api/apps/install/route.ts +126 -0
package/src/app/api/apps/manifests/route.ts +16 -0
package/src/app/api/apps/static/[...path]/route.ts +57 -0
package/src/app/api/events/route.ts +92 -0
package/src/app/api/page.tsx +212 -0
package/src/app/api/workspace/[id]/apps/[wid]/route.ts +119 -0
package/src/app/api/workspace/[id]/apps/route.ts +81 -0
package/src/app/api/workspace/[id]/export/route.ts +67 -0
package/src/app/api/workspace/[id]/route.ts +168 -0
package/src/app/api/workspace/auth.ts +34 -0
package/src/app/api/workspace/config/route.ts +106 -0
package/src/app/api/workspace/import/route.ts +127 -0
package/src/app/api/workspace/route.ts +116 -0
package/src/app/app/page.tsx +2122 -0
package/src/app/apple-icon.png +0 -0
package/src/app/docs/page.tsx +178 -0
package/src/app/favicon.ico +0 -0
package/src/app/globals.css +572 -0
package/src/app/health/page.tsx +5 -0
package/src/app/hello/page.tsx +15 -0
package/src/app/icon.png +0 -0
package/src/app/layout.tsx +34 -0
package/src/app/page.tsx +986 -0
package/src/app/providers.tsx +90 -0
package/src/app/share/[token]/page.tsx +295 -0
package/src/components/ChainSelector.tsx +144 -0
package/src/components/HumanActionBar.tsx +695 -0
package/src/components/NotificationDrawer.tsx +129 -0
package/src/components/apps/AgentKeysApp.tsx +490 -0
package/src/components/apps/App.tsx +153 -0
package/src/components/apps/AppGrid.tsx +15 -0
package/src/components/apps/DetailedAddressDrawer.tsx +325 -0
package/src/components/apps/DraggableApp.tsx +562 -0
package/src/components/apps/IFrameApp.tsx +73 -0
package/src/components/apps/LogsApp.tsx +360 -0
package/src/components/apps/SendApp.tsx +394 -0
package/src/components/apps/SetupWizardApp.tsx +1004 -0
package/src/components/apps/SystemDefaultsApp.tsx +845 -0
package/src/components/apps/ThirdPartyApp.tsx +428 -0
package/src/components/apps/TokenApp.tsx +319 -0
package/src/components/apps/TransactionsApp.tsx +438 -0
package/src/components/apps/WalletDetailApp.tsx +1505 -0
package/src/components/apps/index.ts +13 -0
package/src/components/design-system/Button.tsx +53 -0
package/src/components/design-system/ChainIndicator.tsx +65 -0
package/src/components/design-system/ChainSelector.tsx +137 -0
package/src/components/design-system/ConfirmationModal.tsx +106 -0
package/src/components/design-system/ConfirmationPopover.tsx +81 -0
package/src/components/design-system/Drawer.tsx +123 -0
package/src/components/design-system/FilterDropdown.tsx +72 -0
package/src/components/design-system/Modal.tsx +206 -0
package/src/components/design-system/Popover.tsx +142 -0
package/src/components/design-system/TextInput.tsx +85 -0
package/src/components/design-system/Toggle.tsx +58 -0
package/src/components/design-system/index.ts +11 -0
package/src/components/docs/DocsThemeToggle.tsx +49 -0
package/src/components/health/CredentialHealthDashboard.tsx +214 -0
package/src/components/icons/ChainIcons.tsx +72 -0
package/src/components/layout/AppStoreDrawer.tsx +369 -0
package/src/components/layout/ContentArea.tsx +21 -0
package/src/components/layout/TabBar.tsx +278 -0
package/src/components/layout/WalletSidebar.tsx +1033 -0
package/src/components/layout/index.ts +4 -0
package/src/components/marketing/AuraWalletSpecOverlay.tsx +635 -0
package/src/components/marketing/DeviceMorphExperience.tsx +216 -0
package/src/components/vault/ApiKeysConsole.tsx +1080 -0
package/src/components/vault/AuditConsole.tsx +584 -0
package/src/components/vault/CredentialDetail.tsx +455 -0
package/src/components/vault/CredentialEmpty.tsx +55 -0
package/src/components/vault/CredentialField.tsx +361 -0
package/src/components/vault/CredentialForm.tsx +1212 -0
package/src/components/vault/CredentialList.tsx +165 -0
package/src/components/vault/CredentialRow.tsx +97 -0
package/src/components/vault/CredentialShareModal.tsx +178 -0
package/src/components/vault/CredentialVault.tsx +754 -0
package/src/components/vault/CredentialWalletWidget.tsx +103 -0
package/src/components/vault/ImportCredentialsModal.tsx +515 -0
package/src/components/vault/LargeTypeModal.tsx +64 -0
package/src/components/vault/PasswordGenerator.tsx +224 -0
package/src/components/vault/TOTPDisplay.tsx +123 -0
package/src/components/vault/VaultSidebar.tsx +413 -0
package/src/components/vault/types.ts +54 -0
package/src/context/AuthContext.tsx +337 -0
package/src/context/PriceContext.tsx +113 -0
package/src/context/ThemeContext.tsx +164 -0
package/src/context/WebSocketContext.tsx +269 -0
package/src/context/WorkspaceContext.tsx +668 -0
package/src/hooks/index.ts +3 -0
package/src/hooks/useAgentActions.ts +368 -0
package/src/hooks/useBalance.ts +103 -0
package/src/hooks/useBalances.ts +129 -0
package/src/instrumentation.ts +12 -0
package/src/lib/api.ts +449 -0
package/src/lib/app-loader.ts +148 -0
package/src/lib/app-registry.ts +178 -0
package/src/lib/app-sdk.ts +157 -0
package/src/lib/audit-console-adapter.ts +151 -0
package/src/lib/auth-client.ts +75 -0
package/src/lib/config.ts +74 -0
package/src/lib/crypto.ts +112 -0
package/src/lib/db.ts +21 -0
package/src/lib/docs.ts +390 -0
package/src/lib/events.ts +361 -0
package/src/lib/pino.ts +24 -0
package/src/lib/theme-handlers.ts +168 -0
package/src/lib/theme.ts +351 -0
package/src/lib/tokenData.ts +378 -0
package/src/lib/vault-crypto.ts +129 -0
package/src/lib/websocket-server.ts +302 -0
package/src/lib/websocket-setup.ts +79 -0
package/src/lib/wordlist.ts +2050 -0
package/src/lib/workspace-handlers.ts +285 -0
package/start.sh +80 -0
package/tailwind.config.ts +99 -0
package/tsconfig.json +42 -0

package/src/components/vault/AuditConsole.tsx ADDED Viewed

@@ -0,0 +1,584 @@
+'use client';
+import React, { useCallback, useEffect, useMemo, useRef, useState } from 'react';
+import { AlertTriangle, Copy, RefreshCw } from 'lucide-react';
+import { api, Api, type DashboardResponse } from '@/lib/api';
+import { Button, FilterDropdown } from '@/components/design-system';
+import { useWebSocket } from '@/context/WebSocketContext';
+import { WALLET_EVENTS } from '@/lib/events';
+import {
+  dedupeAuditEvents,
+  fromLegacyLog,
+  fromTask40Row,
+  type UiAuditEvent,
+  type UiDecision,
+} from '@/lib/audit-console-adapter';
+type DashboardToken = DashboardResponse['tokens']['active'][number] & {
+  createdAt?: string;
+};
+type TokenStatusFilter = 'active' | 'revoked' | 'expired' | 'all';
+type TokenStatus = 'active' | 'revoked' | 'expired' | 'inactive';
+type TimeWindow = '1h' | '24h' | '7d';
+const PAGE_SIZE = 50;
+const HARD_CAP = 500;
+const STATUS_OPTIONS: { value: TokenStatusFilter; label: string }[] = [
+  { value: 'active', label: 'ACTIVE' },
+  { value: 'revoked', label: 'REVOKED' },
+  { value: 'expired', label: 'EXPIRED' },
+  { value: 'all', label: 'ALL' },
+];
+const WINDOW_OPTIONS: { value: TimeWindow; label: string }[] = [
+  { value: '1h', label: '1 HOUR' },
+  { value: '24h', label: '24 HOURS' },
+  { value: '7d', label: '7 DAYS' },
+];
+const DECISION_OPTIONS: { value: UiDecision | 'all'; label: string }[] = [
+  { value: 'all', label: 'ALL' },
+  { value: 'ALLOW', label: 'ALLOW' },
+  { value: 'DENY', label: 'DENY' },
+  { value: 'RATE_LIMIT', label: 'RATE_LIMIT' },
+  { value: 'ERROR', label: 'ERROR' },
+  { value: 'UNKNOWN', label: 'UNKNOWN' },
+];
+function toMs(value: string | number | undefined): number | null {
+  if (value == null) return null;
+  if (typeof value === 'number') return value < 1_000_000_000_000 ? value * 1000 : value;
+  const parsed = Date.parse(value);
+  return Number.isFinite(parsed) ? parsed : null;
+}
+function toWindowMs(window: TimeWindow): number {
+  if (window === '1h') return 60 * 60 * 1000;
+  if (window === '7d') return 7 * 24 * 60 * 60 * 1000;
+  return 24 * 60 * 60 * 1000;
+}
+function classifyTokenStatus(token: DashboardToken): TokenStatus {
+  if (token.isRevoked) return 'revoked';
+  const expiresAtMs = toMs(token.expiresAt);
+  if (token.isExpired || (expiresAtMs !== null && expiresAtMs <= Date.now())) return 'expired';
+  if (token.isActive) return 'active';
+  return 'inactive';
+}
+function shortHash(hash: string | undefined): string {
+  if (!hash) return '—';
+  if (hash.length <= 14) return hash;
+  return `${hash.slice(0, 8)}...${hash.slice(-6)}`;
+}
+function formatDate(value: string | number | undefined): string {
+  const ms = toMs(value);
+  if (ms === null) return '—';
+  return new Date(ms).toLocaleString();
+}
+function formatRelative(value: string | number | undefined): string {
+  const ms = toMs(value);
+  if (ms === null) return '—';
+  const diff = ms - Date.now();
+  if (diff <= 0) return 'expired';
+  const mins = Math.floor(diff / 60000);
+  if (mins < 60) return `${mins}m`;
+  const hours = Math.floor(mins / 60);
+  if (hours < 24) return `${hours}h`;
+  return `${Math.floor(hours / 24)}d`;
+}
+function statusTone(status: TokenStatus): string {
+  if (status === 'active') return 'text-[var(--color-success,#16a34a)]';
+  if (status === 'revoked') return 'text-[var(--color-warning,#ff4d00)]';
+  if (status === 'expired') return 'text-[var(--color-text-faint,#9ca3af)]';
+  return 'text-[var(--color-text-muted,#6b7280)]';
+}
+function permissionsSummary(permissions: string[]): string {
+  if (!permissions || permissions.length === 0) return '—';
+  if (permissions.length <= 2) return permissions.join(', ');
+  return `${permissions.slice(0, 2).join(', ')} +${permissions.length - 2}`;
+}
+export function AuditConsole(): React.JSX.Element {
+  const { subscribe } = useWebSocket();
+  const [tokens, setTokens] = useState<DashboardToken[]>([]);
+  const [events, setEvents] = useState<UiAuditEvent[]>([]);
+  const [statusFilter, setStatusFilter] = useState<TokenStatusFilter>('active');
+  const [timeWindow, setTimeWindow] = useState<TimeWindow>('24h');
+  const [searchQuery, setSearchQuery] = useState('');
+  const [selectedTokenKey, setSelectedTokenKey] = useState<string>('all');
+  const [decisionFilter, setDecisionFilter] = useState<UiDecision | 'all'>('all');
+  const [page, setPage] = useState(0);
+  const [loading, setLoading] = useState(true);
+  const [error, setError] = useState<string | null>(null);
+  const [notice, setNotice] = useState<string | null>(null);
+  const [revokingTokenKey, setRevokingTokenKey] = useState<string | null>(null);
+  const [copiedTokenKey, setCopiedTokenKey] = useState<string | null>(null);
+  const activitySectionRef = useRef<HTMLDivElement | null>(null);
+  const liveRefreshTimerRef = useRef<ReturnType<typeof setTimeout> | null>(null);
+  const fetchAll = useCallback(async () => {
+    setLoading(true);
+    setError(null);
+    try {
+      const [dashboard, access, legacy] = await Promise.all([
+        api.get<{ success: boolean; tokens: { active: DashboardToken[]; inactive: DashboardToken[] } }>(Api.Wallet, '/dashboard'),
+        api.get<{ success: boolean; rows: Record<string, unknown>[] }>(Api.Wallet, '/security/credential-access/recent', { limit: HARD_CAP }),
+        api.get<{ success: boolean; logs: Record<string, unknown>[] }>(Api.Wallet, '/logs', { category: 'agent', limit: 200 }),
+      ]);
+      const dashboardTokens = dashboard.success
+        ? [...(dashboard.tokens.active ?? []), ...(dashboard.tokens.inactive ?? [])]
+        : [];
+      const task40Rows = access.success ? access.rows.map(fromTask40Row) : [];
+      const legacyRows = legacy.success
+        ? legacy.logs
+            .filter((row) => {
+              const data = (row.data ?? {}) as Record<string, unknown>;
+              return data.action === 'credential_access_decision';
+            })
+            .map(fromLegacyLog)
+        : [];
+      const now = Date.now();
+      const merged = dedupeAuditEvents([...task40Rows, ...legacyRows]).filter((row) => row.timestamp <= now);
+      setTokens(dashboardTokens);
+      setEvents(merged.slice(0, HARD_CAP));
+      setPage(0);
+    } catch (err) {
+      setError(err instanceof Error ? err.message : 'Failed to load audit console');
+    } finally {
+      setLoading(false);
+    }
+  }, []);
+  useEffect(() => {
+    void fetchAll();
+  }, [fetchAll]);
+  const scheduleLiveRefresh = useCallback(() => {
+    if (liveRefreshTimerRef.current) return;
+    liveRefreshTimerRef.current = setTimeout(() => {
+      liveRefreshTimerRef.current = null;
+      void fetchAll();
+    }, 120);
+  }, [fetchAll]);
+  useEffect(() => {
+    const unsubs = [
+      subscribe(WALLET_EVENTS.TOKEN_CREATED, scheduleLiveRefresh),
+      subscribe(WALLET_EVENTS.TOKEN_REVOKED, scheduleLiveRefresh),
+      subscribe(WALLET_EVENTS.TOKEN_SPENT, scheduleLiveRefresh),
+      subscribe(WALLET_EVENTS.CREDENTIAL_CHANGED, scheduleLiveRefresh),
+      subscribe(WALLET_EVENTS.CREDENTIAL_ACCESSED, scheduleLiveRefresh),
+    ];
+    return () => {
+      unsubs.forEach((unsub) => unsub());
+      if (liveRefreshTimerRef.current) {
+        clearTimeout(liveRefreshTimerRef.current);
+        liveRefreshTimerRef.current = null;
+      }
+    };
+  }, [scheduleLiveRefresh, subscribe]);
+  useEffect(() => {
+    setPage(0);
+  }, [selectedTokenKey, decisionFilter, timeWindow, searchQuery]);
+  const cutoff = useMemo(() => Date.now() - toWindowMs(timeWindow), [timeWindow]);
+  const normalizedSearch = searchQuery.trim().toLowerCase();
+  const tokenRows = useMemo(() => {
+    return tokens.map((token, idx) => {
+      const key = token.tokenHash || token.agentId || `unknown-${idx}`;
+      return { key, token, status: classifyTokenStatus(token) };
+    });
+  }, [tokens]);
+  const tokenRowsByKey = useMemo(() => new Map(tokenRows.map((row) => [row.key, row])), [tokenRows]);
+  const selectedTokenRow = selectedTokenKey === 'all' ? null : tokenRowsByKey.get(selectedTokenKey) ?? null;
+  const windowedEvents = useMemo(
+    () => events.filter((row) => row.timestamp >= cutoff),
+    [events, cutoff],
+  );
+  const summary = useMemo(() => {
+    const activeCount = tokenRows.filter((row) => row.status === 'active').length;
+    const denied = windowedEvents.filter((row) => row.decision === 'DENY').length;
+    const rateLimited = windowedEvents.filter((row) => row.decision === 'RATE_LIMIT').length;
+    const unknown = windowedEvents.filter((row) => row.decision === 'UNKNOWN' || row.reasonCode === 'UNKNOWN').length;
+    return { activeCount, denied, rateLimited, unknown };
+  }, [tokenRows, windowedEvents]);
+  const filteredTokenRows = useMemo(() => {
+    return tokenRows.filter((row) => {
+      if (statusFilter !== 'all' && row.status !== statusFilter) return false;
+      if (!normalizedSearch) return true;
+      const haystack = `${row.key} ${row.token.tokenHash} ${row.token.agentId}`.toLowerCase();
+      return haystack.includes(normalizedSearch);
+    });
+  }, [tokenRows, statusFilter, normalizedSearch]);
+  const tokenOptions = useMemo(() => {
+    const options: Array<{ value: string; label: string }> = [{ value: 'all', label: 'ALL TOKENS' }];
+    const seen = new Set<string>(['all']);
+    filteredTokenRows.forEach((row) => {
+      if (seen.has(row.key)) return;
+      seen.add(row.key);
+      options.push({ value: row.key, label: `${row.token.agentId ?? 'unknown'} · ${shortHash(row.token.tokenHash ?? row.key)}` });
+    });
+    if (selectedTokenKey !== 'all' && !seen.has(selectedTokenKey)) {
+      const row = tokenRowsByKey.get(selectedTokenKey);
+      if (row) options.push({ value: row.key, label: `${row.token.agentId ?? 'unknown'} · ${shortHash(row.token.tokenHash ?? row.key)}` });
+    }
+    return options;
+  }, [filteredTokenRows, selectedTokenKey, tokenRowsByKey]);
+  const lastUsedByKey = useMemo(() => {
+    const map = new Map<string, number>();
+    windowedEvents.forEach((row) => {
+      const candidates = [
+        row.tokenHash,
+        row.tokenKey,
+        row.agentId ? `agent:${row.agentId}` : undefined,
+        row.agentId,
+      ].filter((v): v is string => Boolean(v));
+      candidates.forEach((key) => {
+        map.set(key, Math.max(map.get(key) ?? 0, row.timestamp));
+      });
+    });
+    return map;
+  }, [windowedEvents]);
+  const getLastUsed = useCallback(
+    (row: { key: string; token: DashboardToken }): number | null => {
+      const tokenHash = row.token.tokenHash;
+      if (tokenHash && lastUsedByKey.has(tokenHash)) return lastUsedByKey.get(tokenHash) ?? null;
+      if (lastUsedByKey.has(row.key)) return lastUsedByKey.get(row.key) ?? null;
+      if (row.token.agentId && lastUsedByKey.has(`agent:${row.token.agentId}`)) {
+        return lastUsedByKey.get(`agent:${row.token.agentId}`) ?? null;
+      }
+      if (row.token.agentId && lastUsedByKey.has(row.token.agentId)) return lastUsedByKey.get(row.token.agentId) ?? null;
+      return null;
+    },
+    [lastUsedByKey],
+  );
+  const filtered = useMemo(() => {
+    return windowedEvents.filter((row) => {
+      if (selectedTokenKey !== 'all') {
+        const selectedAgentId = selectedTokenRow?.token.agentId;
+        const tokenMatch = row.tokenKey === selectedTokenKey || row.tokenHash === selectedTokenKey;
+        const agentMatch = selectedAgentId ? row.agentId === selectedAgentId : false;
+        if (!tokenMatch && !agentMatch) return false;
+      }
+      if (decisionFilter !== 'all' && row.decision !== decisionFilter) return false;
+      if (normalizedSearch) {
+        const haystack = `${row.tokenHash ?? ''} ${row.tokenKey} ${row.agentId ?? ''}`.toLowerCase();
+        if (!haystack.includes(normalizedSearch)) return false;
+      }
+      return true;
+    });
+  }, [decisionFilter, windowedEvents, selectedTokenKey, selectedTokenRow, normalizedSearch]);
+  const pagedRows = useMemo(() => {
+    const start = page * PAGE_SIZE;
+    return filtered.slice(start, start + PAGE_SIZE);
+  }, [filtered, page]);
+  const handleOpenActivity = useCallback((tokenKey: string) => {
+    setSelectedTokenKey(tokenKey);
+    setPage(0);
+    if (activitySectionRef.current && typeof activitySectionRef.current.scrollIntoView === 'function') {
+      activitySectionRef.current.scrollIntoView({ behavior: 'smooth', block: 'start' });
+    }
+  }, []);
+  const handleCopyShortHash = useCallback(async (tokenKey: string, tokenHash: string | undefined) => {
+    if (!tokenHash || !navigator.clipboard) {
+      setNotice('Clipboard unavailable for this key.');
+      return;
+    }
+    try {
+      const value = shortHash(tokenHash);
+      await navigator.clipboard.writeText(value);
+      setCopiedTokenKey(tokenKey);
+      setNotice(`Copied ${value}`);
+      setTimeout(() => setCopiedTokenKey((prev) => (prev === tokenKey ? null : prev)), 1500);
+    } catch {
+      setNotice('Clipboard write failed.');
+    }
+  }, []);
+  const handleRevoke = useCallback(async (tokenKey: string, tokenHash: string | undefined) => {
+    if (!tokenHash) {
+      setNotice('Token hash unavailable; cannot revoke.');
+      return;
+    }
+    if (!window.confirm(`Revoke token ${shortHash(tokenHash)}?`)) return;
+    setRevokingTokenKey(tokenKey);
+    setNotice(null);
+    try {
+      const result = await api.post<{ success: boolean; error?: string }>(Api.Wallet, '/actions/tokens/revoke', { tokenHash });
+      if (!result.success) {
+        setNotice(result.error || 'Failed to revoke token.');
+        return;
+      }
+      setNotice(`Revoked ${shortHash(tokenHash)}`);
+      await fetchAll();
+    } catch (err) {
+      setNotice(err instanceof Error ? err.message : 'Failed to revoke token.');
+    } finally {
+      setRevokingTokenKey(null);
+    }
+  }, [fetchAll]);
+  if (loading) {
+    return <div className="p-4 font-mono text-[10px] text-[var(--color-text-muted,#6b7280)]">LOADING_AUDIT_CONSOLE…</div>;
+  }
+  if (error) {
+    return (
+      <div className="p-4 border border-[var(--color-warning,#ff4d00)] bg-[color-mix(in_srgb,var(--color-warning,#ff4d00)_10%,transparent)]">
+        <div className="flex items-center gap-2 font-mono text-[10px] text-[var(--color-warning,#ff4d00)]">
+          <AlertTriangle size={12} /> {error}
+        </div>
+      </div>
+    );
+  }
+  return (
+    <div className="h-full flex flex-col p-3 gap-3 overflow-hidden">
+      <div className="flex items-center justify-between border border-[var(--color-border,#d4d4d8)] p-2 bg-[var(--color-surface,#fff)]">
+        <div>
+          <div className="font-mono text-[11px] font-bold">AUDIT</div>
+          <div className="font-mono text-[9px] text-[var(--color-text-muted,#6b7280)]">
+            {WINDOW_OPTIONS.find((opt) => opt.value === timeWindow)?.label.toLowerCase()} · {Math.min(events.length, HARD_CAP)} rows
+            {events.length >= HARD_CAP ? ' (capped)' : ''}
+          </div>
+        </div>
+        <Button variant="secondary" size="sm" onClick={() => void fetchAll()} icon={<RefreshCw size={10} />}>
+          REFRESH
+        </Button>
+      </div>
+      <div className="grid grid-cols-2 xl:grid-cols-4 gap-2">
+        <div className="border border-[var(--color-border,#d4d4d8)] bg-[var(--color-surface,#fff)] p-2">
+          <div className="font-mono text-[8px] text-[var(--color-text-muted,#6b7280)]">ACTIVE KEYS</div>
+          <div className="font-mono text-[12px] font-bold">{summary.activeCount}</div>
+        </div>
+        <div className="border border-[var(--color-border,#d4d4d8)] bg-[var(--color-surface,#fff)] p-2">
+          <div className="font-mono text-[8px] text-[var(--color-text-muted,#6b7280)]">DENIES ({timeWindow})</div>
+          <div className="font-mono text-[12px] font-bold">{summary.denied}</div>
+        </div>
+        <div className="border border-[var(--color-border,#d4d4d8)] bg-[var(--color-surface,#fff)] p-2">
+          <div className="font-mono text-[8px] text-[var(--color-text-muted,#6b7280)]">RATE LIMITED ({timeWindow})</div>
+          <div className="font-mono text-[12px] font-bold">{summary.rateLimited}</div>
+        </div>
+        <div className="border border-[var(--color-border,#d4d4d8)] bg-[var(--color-surface,#fff)] p-2">
+          <div className="font-mono text-[8px] text-[var(--color-text-muted,#6b7280)]">UNKNOWN MAPS ({timeWindow})</div>
+          <div className="font-mono text-[12px] font-bold">{summary.unknown}</div>
+        </div>
+      </div>
+      <div className="grid grid-cols-1 md:grid-cols-2 xl:grid-cols-5 gap-2">
+        <FilterDropdown
+          label="Status"
+          options={STATUS_OPTIONS}
+          value={statusFilter}
+          onChange={(value) => setStatusFilter(value as TokenStatusFilter)}
+          compact
+        />
+        <FilterDropdown
+          label="Window"
+          options={WINDOW_OPTIONS}
+          value={timeWindow}
+          onChange={(value) => setTimeWindow(value as TimeWindow)}
+          compact
+        />
+        <FilterDropdown
+          label="Token"
+          options={tokenOptions}
+          value={selectedTokenKey}
+          onChange={setSelectedTokenKey}
+          compact
+        />
+        <FilterDropdown
+          label="Decision"
+          options={DECISION_OPTIONS}
+          value={decisionFilter}
+          onChange={(value) => setDecisionFilter(value as UiDecision | 'all')}
+          compact
+        />
+        <label className="font-mono text-[9px] flex flex-col gap-1">
+          SEARCH KEY / AGENT
+          <input
+            value={searchQuery}
+            onChange={(event) => setSearchQuery(event.target.value)}
+            placeholder="hash or agent id"
+            className="border border-[var(--color-border,#d4d4d8)] bg-[var(--color-surface,#fff)] px-2 py-1.5 text-[10px]"
+          />
+        </label>
+      </div>
+      {notice && (
+        <div className="font-mono text-[9px] border border-[var(--color-info,#0047ff)] p-2 text-[var(--color-info,#0047ff)] bg-[color-mix(in_srgb,var(--color-info,#0047ff)_8%,transparent)]">
+          {notice}
+        </div>
+      )}
+      <div className="border border-[var(--color-border,#d4d4d8)] bg-[var(--color-surface,#fff)] overflow-hidden">
+        <div className="px-2 py-1.5 border-b border-[var(--color-border,#d4d4d8)] font-mono text-[9px]">
+          KEY INVENTORY · {filteredTokenRows.length} ROWS
+        </div>
+        <div className="max-h-[220px] overflow-auto">
+          {filteredTokenRows.length === 0 ? (
+            <div className="p-4 font-mono text-[10px] text-[var(--color-text-muted,#6b7280)]">NO TOKENS MATCH FILTERS</div>
+          ) : (
+            <table className="w-full text-left">
+              <thead className="sticky top-0 bg-[var(--color-surface-alt,#fafafa)] border-b">
+                <tr className="font-mono text-[9px]">
+                  <th className="p-2">KEY</th>
+                  <th className="p-2">AGENT</th>
+                  <th className="p-2">PERMISSIONS</th>
+                  <th className="p-2">ISSUED</th>
+                  <th className="p-2">EXPIRES</th>
+                  <th className="p-2">LAST USED</th>
+                  <th className="p-2">ACTIONS</th>
+                </tr>
+              </thead>
+              <tbody>
+                {filteredTokenRows.map((row) => {
+                  const lastUsed = getLastUsed(row);
+                  const isRevoking = revokingTokenKey === row.key;
+                  const canRevoke = row.status === 'active' && Boolean(row.token.tokenHash);
+                  return (
+                    <tr key={row.key} className="border-b font-mono text-[9px]">
+                      <td className="p-2">
+                        <div>{shortHash(row.token.tokenHash ?? row.key)}</div>
+                        <div className={`text-[8px] uppercase ${statusTone(row.status)}`}>{row.status}</div>
+                      </td>
+                      <td className="p-2">{row.token.agentId ?? 'unknown'}</td>
+                      <td className="p-2">{permissionsSummary(row.token.permissions ?? [])}</td>
+                      <td className="p-2">{formatDate(row.token.createdAt)}</td>
+                      <td className="p-2">
+                        {formatDate(row.token.expiresAt)}
+                        <div className="text-[8px] text-[var(--color-text-faint,#9ca3af)]">{formatRelative(row.token.expiresAt)}</div>
+                      </td>
+                      <td className="p-2">{lastUsed ? new Date(lastUsed).toLocaleString() : '—'}</td>
+                      <td className="p-2">
+                        <div className="flex items-center gap-1">
+                          <button
+                            onClick={() => void handleCopyShortHash(row.key, row.token.tokenHash)}
+                            className="border px-1.5 py-0.5 text-[8px] disabled:opacity-40"
+                            title="Copy short hash"
+                            disabled={!row.token.tokenHash}
+                          >
+                            <span className="inline-flex items-center gap-1">
+                              <Copy size={8} />
+                              {copiedTokenKey === row.key ? 'COPIED' : 'COPY'}
+                            </span>
+                          </button>
+                          <button
+                            onClick={() => handleOpenActivity(row.key)}
+                            className="border px-1.5 py-0.5 text-[8px]"
+                            title="Open activity"
+                          >
+                            VIEW
+                          </button>
+                          <button
+                            onClick={() => void handleRevoke(row.key, row.token.tokenHash)}
+                            disabled={!canRevoke || isRevoking}
+                            className="border px-1.5 py-0.5 text-[8px] disabled:opacity-40 text-[var(--color-warning,#ff4d00)]"
+                            title={canRevoke ? 'Revoke token' : 'Token cannot be revoked'}
+                          >
+                            {isRevoking ? 'REVOKING' : 'REVOKE'}
+                          </button>
+                        </div>
+                      </td>
+                    </tr>
+                  );
+                })}
+              </tbody>
+            </table>
+          )}
+        </div>
+      </div>
+      <div ref={activitySectionRef} className="flex-1 overflow-auto border border-[var(--color-border,#d4d4d8)] bg-[var(--color-surface,#fff)]">
+        <div className="sticky top-0 z-10 px-2 py-1.5 border-b bg-[var(--color-surface-alt,#fafafa)] font-mono text-[9px] flex items-center justify-between">
+          <span>TOKEN ACTIVITY · {filtered.length} ROWS</span>
+          <span className="text-[var(--color-text-muted,#6b7280)]">
+            PAGE {page + 1} / {Math.max(1, Math.ceil(filtered.length / PAGE_SIZE))}
+          </span>
+        </div>
+        {events.length >= HARD_CAP && (
+          <div className="font-mono text-[9px] border-b border-[var(--color-warning,#ff4d00)] p-2 text-[var(--color-warning,#ff4d00)]">
+            RESULTS TRUNCATED AT 500 ROWS — NARROW FILTERS TO REDUCE VOLUME.
+          </div>
+        )}
+        {pagedRows.length === 0 ? (
+          <div className="p-4 font-mono text-[10px] text-[var(--color-text-muted,#6b7280)]">NO AUDIT EVENTS IN WINDOW</div>
+        ) : (
+          <table className="w-full text-left">
+            <thead className="sticky top-[31px] bg-[var(--color-surface-alt,#fafafa)] border-b">
+              <tr className="font-mono text-[9px]">
+                <th className="p-2">TIME</th>
+                <th className="p-2">TOKEN / AGENT</th>
+                <th className="p-2">DECISION</th>
+                <th className="p-2">REASON</th>
+                <th className="p-2">CONFIDENCE</th>
+                <th className="p-2">ENDPOINT</th>
+              </tr>
+            </thead>
+            <tbody>
+              {pagedRows.map((row) => (
+                <tr key={row.id} className="border-b font-mono text-[9px]">
+                  <td className="p-2">{new Date(row.timestamp).toLocaleString()}</td>
+                  <td className="p-2">{row.agentId ?? 'unknown'} · {row.tokenKey.slice(0, 10)}</td>
+                  <td className="p-2">{row.decision}</td>
+                  <td className="p-2">{row.reasonCode}{row.rawReasonCode && row.reasonCode === 'UNKNOWN' ? ` (${row.rawReasonCode})` : ''}</td>
+                  <td className="p-2" title={row.confidence === 'HIGH' ? 'Direct token hash match' : row.confidence === 'MEDIUM' ? 'Agent correlation' : 'Partial/ambiguous join'}>{row.confidence}</td>
+                  <td className="p-2">{row.endpoint ?? '—'}</td>
+                </tr>
+              ))}
+            </tbody>
+          </table>
+        )}
+      </div>
+      <div className="flex items-center justify-end gap-2">
+        <button
+          onClick={() => setPage((p) => Math.max(0, p - 1))}
+          disabled={page === 0}
+          className="font-mono text-[9px] border px-2 py-1 disabled:opacity-40"
+        >
+          PREV
+        </button>
+        <button
+          onClick={() => setPage((p) => (p + 1) * PAGE_SIZE < filtered.length ? p + 1 : p)}
+          disabled={(page + 1) * PAGE_SIZE >= filtered.length}
+          className="font-mono text-[9px] border px-2 py-1 disabled:opacity-40"
+        >
+          NEXT
+        </button>
+      </div>
+    </div>
+  );
+}