npm - auramaxx - Versions diffs - 1.0.0-alpha.4 - Mend

auramaxx 1.0.0-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (363) hide show

package/LICENSE +26 -0
package/README.md +112 -0
package/bin/aurawallet.js +121 -0
package/docs/ADAPTERS.md +467 -0
package/docs/API.md +2679 -0
package/docs/APPS.md +198 -0
package/docs/ARCHITECTURE.md +350 -0
package/docs/AUTH.md +698 -0
package/docs/BEST-PRACTICES.md +121 -0
package/docs/CLI.md +61 -0
package/docs/DEVELOPING-APPS.md +452 -0
package/docs/EXTENSION.md +97 -0
package/docs/JOBS.md +33 -0
package/docs/MCP.md +76 -0
package/docs/PROTOCOL.md +142 -0
package/docs/SETUP.md +219 -0
package/docs/WORKSPACE.md +672 -0
package/docs/agent-auth.md +63 -0
package/docs/aura-file.md +48 -0
package/docs/credentials.md +53 -0
package/docs/external/getting-started.md +65 -0
package/docs/external/overview.md +45 -0
package/docs/external/use-cases.md +48 -0
package/docs/external/why-aura.md +35 -0
package/docs/jobs/connect-agent.md +77 -0
package/docs/jobs/migrate-from-dotenv.md +79 -0
package/docs/jobs/recover-from-lockout.md +72 -0
package/docs/jobs/secure-ci.md +63 -0
package/docs/oauth2.md +42 -0
package/docs/passkeys.md +60 -0
package/docs/security.md +540 -0
package/docs/specs/aura-open-protocol.md +61 -0
package/docs/specs/aura-provider-plugin.md +24 -0
package/docs/specs/aura-registry-model.md +31 -0
package/docs/specs/fixtures/invalid-bad-key.aura +1 -0
package/docs/specs/fixtures/invalid-bad-unicode-escape.aura +1 -0
package/docs/specs/fixtures/invalid-duplicate-key.aura +2 -0
package/docs/specs/fixtures/valid-basic.aura +4 -0
package/docs/specs/fixtures/valid-provider-ref.aura +1 -0
package/docs/specs/fixtures/valid-quoted-escapes.aura +2 -0
package/docs/templates/RELEASE_NOTES_TEMPLATE.md +22 -0
package/docs/totp.md +40 -0
package/docs/wallet/AI.md +508 -0
package/docs/wallet/DEVELOPING-STRATEGIES.md +713 -0
package/docs/wallet/README.md +47 -0
package/docs/wallet/STRATEGY.md +89 -0
package/next.config.ts +21 -0
package/package.json +151 -0
package/postcss.config.mjs +8 -0
package/prisma/migrations/20260214170000_baseline/migration.sql +511 -0
package/prisma/migrations/20260216214537_add_passkey_model/migration.sql +18 -0
package/prisma/migrations/20260217150500_add_credential_access_audit/migration.sql +31 -0
package/prisma/migrations/migration_lock.toml +3 -0
package/prisma/schema.prisma +447 -0
package/public/logo-chevron.svg +31 -0
package/public/logo-concentric.svg +31 -0
package/public/logo-crosshatch.svg +39 -0
package/public/logo-dashed.svg +39 -0
package/public/logo-horizontal.svg +31 -0
package/public/logo-m56.svg +64 -0
package/public/logo.webp +0 -0
package/scripts/add-app.js +245 -0
package/scripts/init.sh +57 -0
package/scripts/migrate-apikeys-to-credentials.ts +35 -0
package/scripts/sandbox-agent-flow.sh +235 -0
package/scripts/sandbox.sh +175 -0
package/scripts/validate-job-docs.mjs +125 -0
package/server/abi/SwapHelper.json +438 -0
package/server/cli/approval.ts +447 -0
package/server/cli/commands/app.ts +204 -0
package/server/cli/commands/cron.ts +24 -0
package/server/cli/commands/doctor.ts +1007 -0
package/server/cli/commands/env.ts +456 -0
package/server/cli/commands/init.ts +752 -0
package/server/cli/commands/mcp.ts +125 -0
package/server/cli/commands/restore.ts +314 -0
package/server/cli/commands/shell-hook.ts +468 -0
package/server/cli/commands/start.ts +62 -0
package/server/cli/commands/status.ts +59 -0
package/server/cli/commands/stop.ts +14 -0
package/server/cli/commands/token.ts +180 -0
package/server/cli/commands/unlock.ts +49 -0
package/server/cli/commands/vault.ts +417 -0
package/server/cli/index.ts +328 -0
package/server/cli/lib/aura-parser.ts +64 -0
package/server/cli/lib/credential-create.ts +74 -0
package/server/cli/lib/credential-resolve.ts +254 -0
package/server/cli/lib/dotenv-migrate.ts +116 -0
package/server/cli/lib/dotenv-parser.ts +146 -0
package/server/cli/lib/http.ts +91 -0
package/server/cli/lib/init-steps.ts +76 -0
package/server/cli/lib/local-agent-trust.ts +45 -0
package/server/cli/lib/process.ts +136 -0
package/server/cli/lib/prompt.ts +85 -0
package/server/cli/lib/theme.ts +240 -0
package/server/cli/socket.ts +570 -0
package/server/cli/transport-client.ts +50 -0
package/server/cron/index.ts +137 -0
package/server/cron/job.ts +31 -0
package/server/cron/jobs/balance-sync.ts +436 -0
package/server/cron/jobs/incoming-scan.ts +506 -0
package/server/cron/jobs/native-price.ts +70 -0
package/server/cron/jobs/orphan-cleanup.ts +40 -0
package/server/cron/jobs/strategy-runner.ts +175 -0
package/server/cron/scheduler.ts +125 -0
package/server/index.ts +406 -0
package/server/lib/adapters/factory.ts +110 -0
package/server/lib/adapters/index.ts +19 -0
package/server/lib/adapters/router.ts +297 -0
package/server/lib/adapters/telegram.ts +645 -0
package/server/lib/adapters/types.ts +89 -0
package/server/lib/adapters/webhook.ts +95 -0
package/server/lib/address.ts +49 -0
package/server/lib/agent-auth/contracts.ts +1194 -0
package/server/lib/agent-profiles.ts +328 -0
package/server/lib/ai.ts +285 -0
package/server/lib/api-registry/contracts.ts +86 -0
package/server/lib/api-registry/validation.ts +172 -0
package/server/lib/apikey-migration.ts +189 -0
package/server/lib/app-installer.ts +505 -0
package/server/lib/app-tokens.ts +247 -0
package/server/lib/auth.ts +314 -0
package/server/lib/batch.ts +242 -0
package/server/lib/cold.ts +874 -0
package/server/lib/config.ts +381 -0
package/server/lib/credential-access-audit.ts +85 -0
package/server/lib/credential-access-policy.ts +110 -0
package/server/lib/credential-health.ts +343 -0
package/server/lib/credential-import.ts +487 -0
package/server/lib/credential-scope.ts +87 -0
package/server/lib/credential-shares.ts +190 -0
package/server/lib/credential-transport.ts +342 -0
package/server/lib/credential-vault.ts +77 -0
package/server/lib/credentials.ts +333 -0
package/server/lib/crypto.ts +8 -0
package/server/lib/db.ts +15 -0
package/server/lib/defaults.ts +366 -0
package/server/lib/dex/index.ts +80 -0
package/server/lib/dex/relay.ts +235 -0
package/server/lib/dex/types.ts +59 -0
package/server/lib/dex/uniswap.ts +370 -0
package/server/lib/e2e-agent/artifacts.ts +36 -0
package/server/lib/e2e-agent/contracts.ts +112 -0
package/server/lib/e2e-agent/validation.ts +135 -0
package/server/lib/encrypt.ts +128 -0
package/server/lib/error.ts +20 -0
package/server/lib/events.ts +205 -0
package/server/lib/hot.ts +357 -0
package/server/lib/key-fingerprint.ts +28 -0
package/server/lib/logger.ts +331 -0
package/server/lib/network.ts +137 -0
package/server/lib/notifications.ts +219 -0
package/server/lib/oauth2-refresh.ts +241 -0
package/server/lib/oursecret.ts +54 -0
package/server/lib/passkey-credential.ts +360 -0
package/server/lib/passkey.ts +68 -0
package/server/lib/permissions.ts +248 -0
package/server/lib/pino.ts +24 -0
package/server/lib/policy-preview.ts +138 -0
package/server/lib/price.ts +338 -0
package/server/lib/prices.ts +34 -0
package/server/lib/project-scope.ts +239 -0
package/server/lib/resolve-action.ts +427 -0
package/server/lib/resolve.ts +36 -0
package/server/lib/sessions.ts +632 -0
package/server/lib/solana/connection.ts +26 -0
package/server/lib/solana/jupiter.ts +128 -0
package/server/lib/solana/transfer.ts +108 -0
package/server/lib/solana/wallet.ts +136 -0
package/server/lib/strategy/emits.ts +21 -0
package/server/lib/strategy/engine.ts +1305 -0
package/server/lib/strategy/executor.ts +115 -0
package/server/lib/strategy/hook-context.ts +158 -0
package/server/lib/strategy/hooks.ts +990 -0
package/server/lib/strategy/index.ts +28 -0
package/server/lib/strategy/installer.ts +305 -0
package/server/lib/strategy/loader.ts +256 -0
package/server/lib/strategy/message.ts +235 -0
package/server/lib/strategy/repository.ts +218 -0
package/server/lib/strategy/session-logger.ts +693 -0
package/server/lib/strategy/sources.ts +288 -0
package/server/lib/strategy/state.ts +189 -0
package/server/lib/strategy/templates.ts +403 -0
package/server/lib/strategy/tick.ts +404 -0
package/server/lib/strategy/types.ts +230 -0
package/server/lib/swap.ts +3 -0
package/server/lib/temp.ts +86 -0
package/server/lib/token-metadata.ts +86 -0
package/server/lib/token-safety.ts +200 -0
package/server/lib/token-search.ts +444 -0
package/server/lib/totp.ts +194 -0
package/server/lib/transactions.ts +123 -0
package/server/lib/transport.ts +75 -0
package/server/lib/txhistory/decoder.ts +262 -0
package/server/lib/txhistory/enricher.ts +652 -0
package/server/lib/txhistory/index.ts +391 -0
package/server/lib/txhistory/signatures.ts +59 -0
package/server/lib/verified-summary.ts +421 -0
package/server/mcp/profile-policy.ts +30 -0
package/server/mcp/server.ts +619 -0
package/server/mcp/tools.ts +523 -0
package/server/middleware/auth.ts +119 -0
package/server/middleware/requestLogger.ts +84 -0
package/server/routes/actions.ts +459 -0
package/server/routes/adapters.ts +703 -0
package/server/routes/addressbook.ts +113 -0
package/server/routes/ai.ts +34 -0
package/server/routes/apikeys.ts +295 -0
package/server/routes/apps.ts +601 -0
package/server/routes/auth.ts +457 -0
package/server/routes/backup.ts +340 -0
package/server/routes/batch.ts +270 -0
package/server/routes/bookmarks.ts +162 -0
package/server/routes/credential-shares.ts +198 -0
package/server/routes/credential-vaults.ts +154 -0
package/server/routes/credentials.ts +1290 -0
package/server/routes/dashboard.ts +71 -0
package/server/routes/defaults.ts +124 -0
package/server/routes/fund.ts +229 -0
package/server/routes/import.ts +352 -0
package/server/routes/launch.ts +665 -0
package/server/routes/lock.ts +54 -0
package/server/routes/logs.ts +68 -0
package/server/routes/nuke.ts +111 -0
package/server/routes/passkey-credentials.ts +99 -0
package/server/routes/passkey.ts +346 -0
package/server/routes/portfolio.ts +217 -0
package/server/routes/price.ts +63 -0
package/server/routes/resolve.ts +31 -0
package/server/routes/security.ts +45 -0
package/server/routes/send-evm.ts +241 -0
package/server/routes/send-solana.ts +281 -0
package/server/routes/send.ts +178 -0
package/server/routes/setup.ts +210 -0
package/server/routes/strategy.ts +894 -0
package/server/routes/swap-evm.ts +353 -0
package/server/routes/swap-solana.ts +177 -0
package/server/routes/swap.ts +356 -0
package/server/routes/token.ts +247 -0
package/server/routes/unlock.ts +403 -0
package/server/routes/wallet-assets.ts +361 -0
package/server/routes/wallet-transactions.ts +515 -0
package/server/routes/wallet.ts +710 -0
package/server/types.ts +146 -0
package/skills/aurawallet/SKILL.md +739 -0
package/skills/aurawallet-setup/SKILL.md +74 -0
package/skills/security-review/SKILL.md +148 -0
package/src/app/api/agent-requests/route.ts +30 -0
package/src/app/api/apps/install/route.ts +126 -0
package/src/app/api/apps/manifests/route.ts +16 -0
package/src/app/api/apps/static/[...path]/route.ts +57 -0
package/src/app/api/events/route.ts +92 -0
package/src/app/api/page.tsx +212 -0
package/src/app/api/workspace/[id]/apps/[wid]/route.ts +119 -0
package/src/app/api/workspace/[id]/apps/route.ts +81 -0
package/src/app/api/workspace/[id]/export/route.ts +67 -0
package/src/app/api/workspace/[id]/route.ts +168 -0
package/src/app/api/workspace/auth.ts +34 -0
package/src/app/api/workspace/config/route.ts +106 -0
package/src/app/api/workspace/import/route.ts +127 -0
package/src/app/api/workspace/route.ts +116 -0
package/src/app/app/page.tsx +2122 -0
package/src/app/apple-icon.png +0 -0
package/src/app/docs/page.tsx +178 -0
package/src/app/favicon.ico +0 -0
package/src/app/globals.css +572 -0
package/src/app/health/page.tsx +5 -0
package/src/app/hello/page.tsx +15 -0
package/src/app/icon.png +0 -0
package/src/app/layout.tsx +34 -0
package/src/app/page.tsx +986 -0
package/src/app/providers.tsx +90 -0
package/src/app/share/[token]/page.tsx +295 -0
package/src/components/ChainSelector.tsx +144 -0
package/src/components/HumanActionBar.tsx +695 -0
package/src/components/NotificationDrawer.tsx +129 -0
package/src/components/apps/AgentKeysApp.tsx +490 -0
package/src/components/apps/App.tsx +153 -0
package/src/components/apps/AppGrid.tsx +15 -0
package/src/components/apps/DetailedAddressDrawer.tsx +325 -0
package/src/components/apps/DraggableApp.tsx +562 -0
package/src/components/apps/IFrameApp.tsx +73 -0
package/src/components/apps/LogsApp.tsx +360 -0
package/src/components/apps/SendApp.tsx +394 -0
package/src/components/apps/SetupWizardApp.tsx +1004 -0
package/src/components/apps/SystemDefaultsApp.tsx +845 -0
package/src/components/apps/ThirdPartyApp.tsx +428 -0
package/src/components/apps/TokenApp.tsx +319 -0
package/src/components/apps/TransactionsApp.tsx +438 -0
package/src/components/apps/WalletDetailApp.tsx +1505 -0
package/src/components/apps/index.ts +13 -0
package/src/components/design-system/Button.tsx +53 -0
package/src/components/design-system/ChainIndicator.tsx +65 -0
package/src/components/design-system/ChainSelector.tsx +137 -0
package/src/components/design-system/ConfirmationModal.tsx +106 -0
package/src/components/design-system/ConfirmationPopover.tsx +81 -0
package/src/components/design-system/Drawer.tsx +123 -0
package/src/components/design-system/FilterDropdown.tsx +72 -0
package/src/components/design-system/Modal.tsx +206 -0
package/src/components/design-system/Popover.tsx +142 -0
package/src/components/design-system/TextInput.tsx +85 -0
package/src/components/design-system/Toggle.tsx +58 -0
package/src/components/design-system/index.ts +11 -0
package/src/components/docs/DocsThemeToggle.tsx +49 -0
package/src/components/health/CredentialHealthDashboard.tsx +214 -0
package/src/components/icons/ChainIcons.tsx +72 -0
package/src/components/layout/AppStoreDrawer.tsx +369 -0
package/src/components/layout/ContentArea.tsx +21 -0
package/src/components/layout/TabBar.tsx +278 -0
package/src/components/layout/WalletSidebar.tsx +1033 -0
package/src/components/layout/index.ts +4 -0
package/src/components/marketing/AuraWalletSpecOverlay.tsx +635 -0
package/src/components/marketing/DeviceMorphExperience.tsx +216 -0
package/src/components/vault/ApiKeysConsole.tsx +1080 -0
package/src/components/vault/AuditConsole.tsx +584 -0
package/src/components/vault/CredentialDetail.tsx +455 -0
package/src/components/vault/CredentialEmpty.tsx +55 -0
package/src/components/vault/CredentialField.tsx +361 -0
package/src/components/vault/CredentialForm.tsx +1212 -0
package/src/components/vault/CredentialList.tsx +165 -0
package/src/components/vault/CredentialRow.tsx +97 -0
package/src/components/vault/CredentialShareModal.tsx +178 -0
package/src/components/vault/CredentialVault.tsx +754 -0
package/src/components/vault/CredentialWalletWidget.tsx +103 -0
package/src/components/vault/ImportCredentialsModal.tsx +515 -0
package/src/components/vault/LargeTypeModal.tsx +64 -0
package/src/components/vault/PasswordGenerator.tsx +224 -0
package/src/components/vault/TOTPDisplay.tsx +123 -0
package/src/components/vault/VaultSidebar.tsx +413 -0
package/src/components/vault/types.ts +54 -0
package/src/context/AuthContext.tsx +337 -0
package/src/context/PriceContext.tsx +113 -0
package/src/context/ThemeContext.tsx +164 -0
package/src/context/WebSocketContext.tsx +269 -0
package/src/context/WorkspaceContext.tsx +668 -0
package/src/hooks/index.ts +3 -0
package/src/hooks/useAgentActions.ts +368 -0
package/src/hooks/useBalance.ts +103 -0
package/src/hooks/useBalances.ts +129 -0
package/src/instrumentation.ts +12 -0
package/src/lib/api.ts +449 -0
package/src/lib/app-loader.ts +148 -0
package/src/lib/app-registry.ts +178 -0
package/src/lib/app-sdk.ts +157 -0
package/src/lib/audit-console-adapter.ts +151 -0
package/src/lib/auth-client.ts +75 -0
package/src/lib/config.ts +74 -0
package/src/lib/crypto.ts +112 -0
package/src/lib/db.ts +21 -0
package/src/lib/docs.ts +390 -0
package/src/lib/events.ts +361 -0
package/src/lib/pino.ts +24 -0
package/src/lib/theme-handlers.ts +168 -0
package/src/lib/theme.ts +351 -0
package/src/lib/tokenData.ts +378 -0
package/src/lib/vault-crypto.ts +129 -0
package/src/lib/websocket-server.ts +302 -0
package/src/lib/websocket-setup.ts +79 -0
package/src/lib/wordlist.ts +2050 -0
package/src/lib/workspace-handlers.ts +285 -0
package/start.sh +80 -0
package/tailwind.config.ts +99 -0
package/tsconfig.json +42 -0

package/src/lib/api.ts ADDED Viewed

@@ -0,0 +1,449 @@
+/**
+ * Unified API client for calling both Express and Next.js backends
+ *
+ * Usage:
+ *   import { api, Api, unlockWallet, setupWallet } from '@/lib/api';
+ *
+ *   // Wallet operations (Express :4242)
+ *   const wallets = await api.get(Api.Wallet, '/wallets');
+ *   await api.post(Api.Wallet, '/wallet/rename', { address, name });
+ *
+ *   // Encrypted unlock/setup (password encrypted with server's RSA key)
+ *   const result = await unlockWallet(password);
+ *   const result = await setupWallet(password);
+ *
+ *   // Workspace operations (Next.js :4747)
+ *   const workspaces = await api.get(Api.Workspace, '/workspace');
+ *
+ */
+import { encryptPassword, getTokenMintPubkey } from './crypto';
+// Derive ports from dashboard port at runtime (no env var coordination needed)
+// Convention: wallet = dashboard - 505, WS = dashboard + 1
+// Default: 4747 → wallet 4242, WS 4748
+// Sandbox: 5747 → wallet 5242, WS 5748
+const IS_LOCAL = typeof window !== 'undefined'
+  && (window.location.hostname === 'localhost' || window.location.hostname === '127.0.0.1');
+const DASHBOARD_PORT_NUM = typeof window !== 'undefined'
+  ? parseInt(window.location.port || '4747', 10)
+  : parseInt(process.env.DASHBOARD_PORT || '4747', 10);
+// When accessed via tunnel (non-localhost), use sibling subdomains over HTTPS
+// e.g. wallet.auramaxx.xyz → wallet-api.auramaxx.xyz for Express
+const EXPRESS_URL = typeof window !== 'undefined'
+  ? IS_LOCAL
+    ? `http://${window.location.hostname}:${DASHBOARD_PORT_NUM - 505}`
+    : `https://wallet-api.${window.location.hostname.split('.').slice(1).join('.')}`
+  : `http://localhost:${DASHBOARD_PORT_NUM - 505}`;
+const NEXTJS_URL = typeof window !== 'undefined'
+  ? IS_LOCAL
+    ? `http://${window.location.hostname}:${DASHBOARD_PORT_NUM}`
+    : `${window.location.protocol}//${window.location.host}`
+  : `http://localhost:${DASHBOARD_PORT_NUM}`;
+/**
+ * API target enum - determines which backend to call
+ */
+export enum Api {
+  /** Express :4242 - wallet operations, auth, agents, transactions */
+  Wallet = 'wallet',
+  /** Next.js :4747/api - workspace CRUD */
+  Workspace = 'workspace',
+  /** Next.js :4747/api - event logs from database */
+  Events = 'events',
+  /** Next.js :4747/api - agent dashboard (requests + tokens) */
+  AgentDashboard = 'agentDashboard',
+}
+const API_CONFIG: Record<Api, { baseUrl: string; pathPrefix: string }> = {
+  [Api.Wallet]: { baseUrl: EXPRESS_URL, pathPrefix: '' },
+  [Api.Workspace]: { baseUrl: NEXTJS_URL, pathPrefix: '/api' },
+  [Api.Events]: { baseUrl: NEXTJS_URL, pathPrefix: '/api' },
+  [Api.AgentDashboard]: { baseUrl: NEXTJS_URL, pathPrefix: '/api' },
+};
+const TOKEN_STORAGE_KEY = 'aurawallet_admin_token';
+/**
+ * Get auth token from sessionStorage
+ */
+function getToken(): string | null {
+  if (typeof window === 'undefined') return null;
+  return sessionStorage.getItem(TOKEN_STORAGE_KEY);
+}
+/**
+ * Make an authenticated request to the specified backend
+ */
+async function request<T>(
+  target: Api,
+  path: string,
+  options: RequestInit = {}
+): Promise<T> {
+  const token = getToken();
+  const config = API_CONFIG[target];
+  const headers: HeadersInit = {
+    'Content-Type': 'application/json',
+    ...options.headers,
+  };
+  if (token) {
+    (headers as Record<string, string>)['Authorization'] = `Bearer ${token}`;
+  }
+  const url = `${config.baseUrl}${config.pathPrefix}${path}`;
+  const res = await fetch(url, {
+    ...options,
+    headers,
+  });
+  const data = await res.json().catch(() => ({ error: res.statusText }));
+  if (!res.ok) {
+    const error = new Error(data.error || `Request failed: ${res.status}`);
+    (error as Error & { status: number }).status = res.status;
+    throw error;
+  }
+  return data as T;
+}
+/**
+ * API client with typed methods
+ */
+/** Get the base URL for the wallet (Express) API */
+export function getWalletBaseUrl(): string {
+  return EXPRESS_URL;
+}
+export const api = {
+  /**
+   * GET request
+   */
+  get: <T>(target: Api, path: string, params?: Record<string, string | number | boolean>, options?: RequestInit) => {
+    let url = path;
+    if (params) {
+      const searchParams = new URLSearchParams();
+      for (const [key, value] of Object.entries(params)) {
+        if (value !== undefined && value !== null) {
+          searchParams.set(key, String(value));
+        }
+      }
+      const queryString = searchParams.toString();
+      if (queryString) {
+        url = `${path}?${queryString}`;
+      }
+    }
+    return request<T>(target, url, { method: 'GET', ...options });
+  },
+  /**
+   * POST request
+   */
+  post: <T>(target: Api, path: string, body?: unknown) =>
+    request<T>(target, path, {
+      method: 'POST',
+      body: body ? JSON.stringify(body) : undefined,
+    }),
+  /**
+   * PUT request
+   */
+  put: <T>(target: Api, path: string, body?: unknown) =>
+    request<T>(target, path, {
+      method: 'PUT',
+      body: body ? JSON.stringify(body) : undefined,
+    }),
+  /**
+   * PATCH request
+   */
+  patch: <T>(target: Api, path: string, body?: unknown) =>
+    request<T>(target, path, {
+      method: 'PATCH',
+      body: body ? JSON.stringify(body) : undefined,
+    }),
+  /**
+   * DELETE request
+   */
+  delete: <T>(target: Api, path: string) =>
+    request<T>(target, path, { method: 'DELETE' }),
+  /**
+   * Get the base URL for a target (useful for debugging)
+   */
+  getBaseUrl: (target: Api = Api.Wallet) => {
+    const config = API_CONFIG[target];
+    return `${config.baseUrl}${config.pathPrefix}`;
+  },
+};
+// Type definitions for common API responses
+export interface WalletData {
+  address: string;
+  tier: 'cold' | 'hot' | 'temp';
+  chain: string;
+  balance?: string;
+  name?: string;
+  color?: string;
+  emoji?: string;
+  description?: string;
+  hidden?: boolean;
+  tokenHash?: string;
+  createdAt?: string;
+}
+export interface WalletsResponse {
+  wallets: WalletData[];
+  unlocked: boolean;
+  agent?: { id: string; remaining: number };
+}
+export interface TrackedAsset {
+  id: string;
+  walletAddress: string;
+  tokenAddress: string;
+  symbol: string | null;
+  name: string | null;
+  decimals: number;
+  lastBalance: string | null;
+  lastBalanceAt: string | null;
+  isHidden: boolean;
+  chain: string;
+  poolAddress: string | null;
+  poolVersion: string | null;
+  icon: string | null;
+  createdAt: string;
+  updatedAt: string;
+}
+export interface AssetsResponse {
+  success: boolean;
+  assets: TrackedAsset[];
+  pagination: {
+    total: number;
+    limit: number;
+    offset: number;
+    hasMore: boolean;
+  };
+}
+export interface Transaction {
+  id: string;
+  walletAddress: string;
+  txHash: string | null;
+  type: string;
+  status: string;
+  amount: string | null;
+  tokenAddress: string | null;
+  tokenAmount: string | null;
+  from: string | null;
+  to: string | null;
+  description: string | null;
+  blockNumber: number | null;
+  chain: string;
+  createdAt: string;
+  updatedAt: string;
+  executedAt: string | null;
+}
+export interface TransactionsResponse {
+  success: boolean;
+  transactions: Transaction[];
+  pagination: {
+    total: number;
+    limit: number;
+    offset: number;
+    hasMore: boolean;
+  };
+}
+export interface DashboardResponse {
+  success: boolean;
+  requests: Array<{
+    id: string;
+    type: string;
+    status: string;
+    createdAt: string;
+    metadata?: string;
+    chain: string;
+    amount?: string;
+  }>;
+  tokens: {
+    active: Array<{
+      tokenHash: string;
+      agentId: string;
+      limit: number;
+      spent: number;
+      remaining: number;
+      permissions: string[];
+      expiresAt: number;
+      isActive: boolean;
+      isRevoked: boolean;
+      isExpired: boolean;
+    }>;
+    inactive: Array<{
+      tokenHash: string;
+      agentId: string;
+      limit: number;
+      spent: number;
+      remaining: number;
+      permissions: string[];
+      expiresAt: number;
+      isActive: boolean;
+      isRevoked: boolean;
+      isExpired: boolean;
+    }>;
+  };
+  counts: {
+    pendingActions: number;
+    activeTokens: number;
+    inactiveTokens: number;
+  };
+}
+// ============================================================================
+// Encrypted Password Transport
+// ============================================================================
+// Cached server public key (cleared on failed decryption to force refetch)
+let serverPublicKey: string | null = null;
+/**
+ * Fetch the server's public key for encrypting passwords
+ * Key is cached until server restart (which invalidates it)
+ */
+async function getServerPublicKey(): Promise<string> {
+  if (!serverPublicKey) {
+    const res = await api.get<{ publicKey: string }>(Api.Wallet, '/auth/connect');
+    serverPublicKey = res.publicKey;
+  }
+  return serverPublicKey;
+}
+/**
+ * Clear cached public key (call on decryption failure to force refetch)
+ */
+export function clearServerPublicKey(): void {
+  serverPublicKey = null;
+}
+export interface UnlockResponse {
+  success: boolean;
+  message?: string;
+  address?: string;
+  token?: string;
+  error?: string;
+}
+export interface SetupResponse {
+  success: boolean;
+  address?: string;
+  mnemonic?: string;
+  token?: string;
+  message?: string;
+  error?: string;
+}
+export interface ChangePrimaryPasswordResponse {
+  success: boolean;
+  message?: string;
+}
+/**
+ * Unlock the wallet with encrypted password transport
+ * @param password - Plaintext password (will be encrypted before sending)
+ * @param vaultId - Optional vault ID (defaults to primary vault)
+ * @returns Unlock response with optional admin token
+ */
+export async function unlockWallet(password: string, vaultId?: string, pubkey?: string): Promise<UnlockResponse> {
+  const publicKey = await getServerPublicKey();
+  const encrypted = await encryptPassword(password, publicKey);
+  const tokenPubkey = pubkey ?? await getTokenMintPubkey();
+  const path = vaultId ? `/unlock/${vaultId}` : '/unlock';
+  try {
+    return await api.post<UnlockResponse>(Api.Wallet, path, { encrypted, pubkey: tokenPubkey });
+  } catch (err) {
+    // If decryption failed on server, clear cached key and retry once
+    const error = err as Error & { status?: number };
+    if (error.message?.includes('decrypt') || error.message?.includes('refetch')) {
+      clearServerPublicKey();
+      const newKey = await getServerPublicKey();
+      const newEncrypted = await encryptPassword(password, newKey);
+      return await api.post<UnlockResponse>(Api.Wallet, path, { encrypted: newEncrypted, pubkey: tokenPubkey });
+    }
+    throw err;
+  }
+}
+/**
+ * Set up a new cold wallet with encrypted password transport
+ * @param password - Plaintext password (will be encrypted before sending)
+ * @returns Setup response with mnemonic
+ */
+export async function setupWallet(password: string, pubkey?: string): Promise<SetupResponse> {
+  const publicKey = await getServerPublicKey();
+  const encrypted = await encryptPassword(password, publicKey);
+  const tokenPubkey = pubkey ?? await getTokenMintPubkey();
+  try {
+    return await api.post<SetupResponse>(Api.Wallet, '/setup', { encrypted, pubkey: tokenPubkey });
+  } catch (err) {
+    // If decryption failed on server, clear cached key and retry once
+    const error = err as Error & { status?: number };
+    if (error.message?.includes('decrypt') || error.message?.includes('refetch')) {
+      clearServerPublicKey();
+      const newKey = await getServerPublicKey();
+      const newEncrypted = await encryptPassword(password, newKey);
+      return await api.post<SetupResponse>(Api.Wallet, '/setup', { encrypted: newEncrypted, pubkey: tokenPubkey });
+    }
+    throw err;
+  }
+}
+/**
+ * Change the primary vault password with encrypted password transport.
+ */
+export async function changePrimaryVaultPassword(
+  currentPassword: string,
+  newPassword: string,
+): Promise<ChangePrimaryPasswordResponse> {
+  const publicKey = await getServerPublicKey();
+  const currentEncrypted = await encryptPassword(currentPassword, publicKey);
+  const newEncrypted = await encryptPassword(newPassword, publicKey);
+  try {
+    return await api.post<ChangePrimaryPasswordResponse>(Api.Wallet, '/setup/password', {
+      currentEncrypted,
+      newEncrypted,
+    });
+  } catch (err) {
+    const error = err as Error & { status?: number };
+    if (error.message?.includes('decrypt') || error.message?.includes('refetch')) {
+      clearServerPublicKey();
+      const newKey = await getServerPublicKey();
+      const retryCurrentEncrypted = await encryptPassword(currentPassword, newKey);
+      const retryNewEncrypted = await encryptPassword(newPassword, newKey);
+      return await api.post<ChangePrimaryPasswordResponse>(Api.Wallet, '/setup/password', {
+        currentEncrypted: retryCurrentEncrypted,
+        newEncrypted: retryNewEncrypted,
+      });
+    }
+    throw err;
+  }
+}
+/**
+ * Re-key session with a new RSA public key (no password required).
+ * Used after page refresh when token survives but keypair is lost.
+ */
+export async function rekeySession(pubkey: string): Promise<{ success: boolean; token: string }> {
+  return api.post<{ success: boolean; token: string }>(Api.Wallet, '/unlock/rekey', { pubkey });
+}

package/src/lib/app-loader.ts ADDED Viewed

@@ -0,0 +1,148 @@
+import fs from 'fs';
+import path from 'path';
+export interface AppManifest {
+  id: string;
+  name: string;
+  icon: string;
+  category: string;
+  size: { width: number; height: number };
+  permissions: string[];
+  data: string[];
+  description: string;
+  path: string;
+  hasUi: boolean;
+}
+/**
+ * Parse simple YAML frontmatter from app.md
+ * Handles key: value lines and arrays (- item)
+ */
+function parseFrontmatter(content: string): Record<string, unknown> {
+  const lines = content.split('\n');
+  const result: Record<string, unknown> = {};
+  let inFrontmatter = false;
+  let currentKey: string | null = null;
+  let currentArray: string[] | null = null;
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (trimmed === '---') {
+      if (inFrontmatter) break; // End of frontmatter
+      inFrontmatter = true;
+      continue;
+    }
+    if (!inFrontmatter) continue;
+    // Array item
+    if (trimmed.startsWith('- ') && currentKey) {
+      if (!currentArray) currentArray = [];
+      currentArray.push(trimmed.slice(2).trim());
+      continue;
+    }
+    // Save previous array
+    if (currentKey && currentArray) {
+      result[currentKey] = currentArray;
+      currentArray = null;
+      currentKey = null;
+    }
+    // Key: value line
+    const colonIdx = trimmed.indexOf(':');
+    if (colonIdx > 0) {
+      const key = trimmed.slice(0, colonIdx).trim();
+      const value = trimmed.slice(colonIdx + 1).trim();
+      if (value === '' || value === '[]') {
+        // Start of array or empty value or inline empty array
+        currentKey = key;
+        currentArray = [];
+      } else {
+        result[key] = value;
+        currentKey = null;
+      }
+    }
+  }
+  // Save trailing array
+  if (currentKey && currentArray) {
+    result[currentKey] = currentArray;
+  }
+  return result;
+}
+/**
+ * Extract description from markdown body (after frontmatter)
+ */
+function extractDescription(content: string): string {
+  const parts = content.split('---');
+  if (parts.length < 3) return '';
+  // Everything after the second --- is the body
+  const body = parts.slice(2).join('---').trim();
+  // Take first paragraph
+  const firstParagraph = body.split('\n\n')[0];
+  return firstParagraph.replace(/^#+\s*/, '').trim();
+}
+/**
+ * Parse size string like "2x2" into { width, height }
+ * Grid units: 1 = 320px width, 280px height
+ */
+function parseSize(size: string): { width: number; height: number } {
+  const match = size.match(/^(\d+)x(\d+)$/);
+  if (!match) return { width: 320, height: 280 };
+  return {
+    width: parseInt(match[1]) * 320,
+    height: parseInt(match[2]) * 280,
+  };
+}
+/**
+ * Load all app manifests from the apps/ directory
+ */
+export function loadAppManifests(): AppManifest[] {
+  const appsDir = path.join(process.cwd(), 'apps');
+  if (!fs.existsSync(appsDir)) return [];
+  const manifests: AppManifest[] = [];
+  const entries = fs.readdirSync(appsDir, { withFileTypes: true });
+  for (const entry of entries) {
+    if (!entry.isDirectory()) continue;
+    const appMdPath = path.join(appsDir, entry.name, 'app.md');
+    const indexHtmlPath = path.join(appsDir, entry.name, 'index.html');
+    if (!fs.existsSync(appMdPath)) continue;
+    const hasUi = fs.existsSync(indexHtmlPath);
+    try {
+      const content = fs.readFileSync(appMdPath, 'utf-8');
+      const fm = parseFrontmatter(content);
+      const description = extractDescription(content);
+      manifests.push({
+        id: entry.name,
+        name: (fm.name as string) || entry.name,
+        icon: (fm.icon as string) || 'Box',
+        category: (fm.category as string) || 'general',
+        size: parseSize((fm.size as string) || '1x1'),
+        permissions: (fm.permissions as string[]) || [],
+        data: (fm.data as string[]) || [],
+        description,
+        path: entry.name,
+        hasUi,
+      });
+    } catch (err) {
+      console.error(`[app-loader] Failed to load app ${entry.name}:`, err);
+    }
+  }
+  return manifests;
+}