npm - auramaxx - Versions diffs - 1.0.0-alpha.4 - Mend

auramaxx 1.0.0-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (363) hide show

package/LICENSE +26 -0
package/README.md +112 -0
package/bin/aurawallet.js +121 -0
package/docs/ADAPTERS.md +467 -0
package/docs/API.md +2679 -0
package/docs/APPS.md +198 -0
package/docs/ARCHITECTURE.md +350 -0
package/docs/AUTH.md +698 -0
package/docs/BEST-PRACTICES.md +121 -0
package/docs/CLI.md +61 -0
package/docs/DEVELOPING-APPS.md +452 -0
package/docs/EXTENSION.md +97 -0
package/docs/JOBS.md +33 -0
package/docs/MCP.md +76 -0
package/docs/PROTOCOL.md +142 -0
package/docs/SETUP.md +219 -0
package/docs/WORKSPACE.md +672 -0
package/docs/agent-auth.md +63 -0
package/docs/aura-file.md +48 -0
package/docs/credentials.md +53 -0
package/docs/external/getting-started.md +65 -0
package/docs/external/overview.md +45 -0
package/docs/external/use-cases.md +48 -0
package/docs/external/why-aura.md +35 -0
package/docs/jobs/connect-agent.md +77 -0
package/docs/jobs/migrate-from-dotenv.md +79 -0
package/docs/jobs/recover-from-lockout.md +72 -0
package/docs/jobs/secure-ci.md +63 -0
package/docs/oauth2.md +42 -0
package/docs/passkeys.md +60 -0
package/docs/security.md +540 -0
package/docs/specs/aura-open-protocol.md +61 -0
package/docs/specs/aura-provider-plugin.md +24 -0
package/docs/specs/aura-registry-model.md +31 -0
package/docs/specs/fixtures/invalid-bad-key.aura +1 -0
package/docs/specs/fixtures/invalid-bad-unicode-escape.aura +1 -0
package/docs/specs/fixtures/invalid-duplicate-key.aura +2 -0
package/docs/specs/fixtures/valid-basic.aura +4 -0
package/docs/specs/fixtures/valid-provider-ref.aura +1 -0
package/docs/specs/fixtures/valid-quoted-escapes.aura +2 -0
package/docs/templates/RELEASE_NOTES_TEMPLATE.md +22 -0
package/docs/totp.md +40 -0
package/docs/wallet/AI.md +508 -0
package/docs/wallet/DEVELOPING-STRATEGIES.md +713 -0
package/docs/wallet/README.md +47 -0
package/docs/wallet/STRATEGY.md +89 -0
package/next.config.ts +21 -0
package/package.json +151 -0
package/postcss.config.mjs +8 -0
package/prisma/migrations/20260214170000_baseline/migration.sql +511 -0
package/prisma/migrations/20260216214537_add_passkey_model/migration.sql +18 -0
package/prisma/migrations/20260217150500_add_credential_access_audit/migration.sql +31 -0
package/prisma/migrations/migration_lock.toml +3 -0
package/prisma/schema.prisma +447 -0
package/public/logo-chevron.svg +31 -0
package/public/logo-concentric.svg +31 -0
package/public/logo-crosshatch.svg +39 -0
package/public/logo-dashed.svg +39 -0
package/public/logo-horizontal.svg +31 -0
package/public/logo-m56.svg +64 -0
package/public/logo.webp +0 -0
package/scripts/add-app.js +245 -0
package/scripts/init.sh +57 -0
package/scripts/migrate-apikeys-to-credentials.ts +35 -0
package/scripts/sandbox-agent-flow.sh +235 -0
package/scripts/sandbox.sh +175 -0
package/scripts/validate-job-docs.mjs +125 -0
package/server/abi/SwapHelper.json +438 -0
package/server/cli/approval.ts +447 -0
package/server/cli/commands/app.ts +204 -0
package/server/cli/commands/cron.ts +24 -0
package/server/cli/commands/doctor.ts +1007 -0
package/server/cli/commands/env.ts +456 -0
package/server/cli/commands/init.ts +752 -0
package/server/cli/commands/mcp.ts +125 -0
package/server/cli/commands/restore.ts +314 -0
package/server/cli/commands/shell-hook.ts +468 -0
package/server/cli/commands/start.ts +62 -0
package/server/cli/commands/status.ts +59 -0
package/server/cli/commands/stop.ts +14 -0
package/server/cli/commands/token.ts +180 -0
package/server/cli/commands/unlock.ts +49 -0
package/server/cli/commands/vault.ts +417 -0
package/server/cli/index.ts +328 -0
package/server/cli/lib/aura-parser.ts +64 -0
package/server/cli/lib/credential-create.ts +74 -0
package/server/cli/lib/credential-resolve.ts +254 -0
package/server/cli/lib/dotenv-migrate.ts +116 -0
package/server/cli/lib/dotenv-parser.ts +146 -0
package/server/cli/lib/http.ts +91 -0
package/server/cli/lib/init-steps.ts +76 -0
package/server/cli/lib/local-agent-trust.ts +45 -0
package/server/cli/lib/process.ts +136 -0
package/server/cli/lib/prompt.ts +85 -0
package/server/cli/lib/theme.ts +240 -0
package/server/cli/socket.ts +570 -0
package/server/cli/transport-client.ts +50 -0
package/server/cron/index.ts +137 -0
package/server/cron/job.ts +31 -0
package/server/cron/jobs/balance-sync.ts +436 -0
package/server/cron/jobs/incoming-scan.ts +506 -0
package/server/cron/jobs/native-price.ts +70 -0
package/server/cron/jobs/orphan-cleanup.ts +40 -0
package/server/cron/jobs/strategy-runner.ts +175 -0
package/server/cron/scheduler.ts +125 -0
package/server/index.ts +406 -0
package/server/lib/adapters/factory.ts +110 -0
package/server/lib/adapters/index.ts +19 -0
package/server/lib/adapters/router.ts +297 -0
package/server/lib/adapters/telegram.ts +645 -0
package/server/lib/adapters/types.ts +89 -0
package/server/lib/adapters/webhook.ts +95 -0
package/server/lib/address.ts +49 -0
package/server/lib/agent-auth/contracts.ts +1194 -0
package/server/lib/agent-profiles.ts +328 -0
package/server/lib/ai.ts +285 -0
package/server/lib/api-registry/contracts.ts +86 -0
package/server/lib/api-registry/validation.ts +172 -0
package/server/lib/apikey-migration.ts +189 -0
package/server/lib/app-installer.ts +505 -0
package/server/lib/app-tokens.ts +247 -0
package/server/lib/auth.ts +314 -0
package/server/lib/batch.ts +242 -0
package/server/lib/cold.ts +874 -0
package/server/lib/config.ts +381 -0
package/server/lib/credential-access-audit.ts +85 -0
package/server/lib/credential-access-policy.ts +110 -0
package/server/lib/credential-health.ts +343 -0
package/server/lib/credential-import.ts +487 -0
package/server/lib/credential-scope.ts +87 -0
package/server/lib/credential-shares.ts +190 -0
package/server/lib/credential-transport.ts +342 -0
package/server/lib/credential-vault.ts +77 -0
package/server/lib/credentials.ts +333 -0
package/server/lib/crypto.ts +8 -0
package/server/lib/db.ts +15 -0
package/server/lib/defaults.ts +366 -0
package/server/lib/dex/index.ts +80 -0
package/server/lib/dex/relay.ts +235 -0
package/server/lib/dex/types.ts +59 -0
package/server/lib/dex/uniswap.ts +370 -0
package/server/lib/e2e-agent/artifacts.ts +36 -0
package/server/lib/e2e-agent/contracts.ts +112 -0
package/server/lib/e2e-agent/validation.ts +135 -0
package/server/lib/encrypt.ts +128 -0
package/server/lib/error.ts +20 -0
package/server/lib/events.ts +205 -0
package/server/lib/hot.ts +357 -0
package/server/lib/key-fingerprint.ts +28 -0
package/server/lib/logger.ts +331 -0
package/server/lib/network.ts +137 -0
package/server/lib/notifications.ts +219 -0
package/server/lib/oauth2-refresh.ts +241 -0
package/server/lib/oursecret.ts +54 -0
package/server/lib/passkey-credential.ts +360 -0
package/server/lib/passkey.ts +68 -0
package/server/lib/permissions.ts +248 -0
package/server/lib/pino.ts +24 -0
package/server/lib/policy-preview.ts +138 -0
package/server/lib/price.ts +338 -0
package/server/lib/prices.ts +34 -0
package/server/lib/project-scope.ts +239 -0
package/server/lib/resolve-action.ts +427 -0
package/server/lib/resolve.ts +36 -0
package/server/lib/sessions.ts +632 -0
package/server/lib/solana/connection.ts +26 -0
package/server/lib/solana/jupiter.ts +128 -0
package/server/lib/solana/transfer.ts +108 -0
package/server/lib/solana/wallet.ts +136 -0
package/server/lib/strategy/emits.ts +21 -0
package/server/lib/strategy/engine.ts +1305 -0
package/server/lib/strategy/executor.ts +115 -0
package/server/lib/strategy/hook-context.ts +158 -0
package/server/lib/strategy/hooks.ts +990 -0
package/server/lib/strategy/index.ts +28 -0
package/server/lib/strategy/installer.ts +305 -0
package/server/lib/strategy/loader.ts +256 -0
package/server/lib/strategy/message.ts +235 -0
package/server/lib/strategy/repository.ts +218 -0
package/server/lib/strategy/session-logger.ts +693 -0
package/server/lib/strategy/sources.ts +288 -0
package/server/lib/strategy/state.ts +189 -0
package/server/lib/strategy/templates.ts +403 -0
package/server/lib/strategy/tick.ts +404 -0
package/server/lib/strategy/types.ts +230 -0
package/server/lib/swap.ts +3 -0
package/server/lib/temp.ts +86 -0
package/server/lib/token-metadata.ts +86 -0
package/server/lib/token-safety.ts +200 -0
package/server/lib/token-search.ts +444 -0
package/server/lib/totp.ts +194 -0
package/server/lib/transactions.ts +123 -0
package/server/lib/transport.ts +75 -0
package/server/lib/txhistory/decoder.ts +262 -0
package/server/lib/txhistory/enricher.ts +652 -0
package/server/lib/txhistory/index.ts +391 -0
package/server/lib/txhistory/signatures.ts +59 -0
package/server/lib/verified-summary.ts +421 -0
package/server/mcp/profile-policy.ts +30 -0
package/server/mcp/server.ts +619 -0
package/server/mcp/tools.ts +523 -0
package/server/middleware/auth.ts +119 -0
package/server/middleware/requestLogger.ts +84 -0
package/server/routes/actions.ts +459 -0
package/server/routes/adapters.ts +703 -0
package/server/routes/addressbook.ts +113 -0
package/server/routes/ai.ts +34 -0
package/server/routes/apikeys.ts +295 -0
package/server/routes/apps.ts +601 -0
package/server/routes/auth.ts +457 -0
package/server/routes/backup.ts +340 -0
package/server/routes/batch.ts +270 -0
package/server/routes/bookmarks.ts +162 -0
package/server/routes/credential-shares.ts +198 -0
package/server/routes/credential-vaults.ts +154 -0
package/server/routes/credentials.ts +1290 -0
package/server/routes/dashboard.ts +71 -0
package/server/routes/defaults.ts +124 -0
package/server/routes/fund.ts +229 -0
package/server/routes/import.ts +352 -0
package/server/routes/launch.ts +665 -0
package/server/routes/lock.ts +54 -0
package/server/routes/logs.ts +68 -0
package/server/routes/nuke.ts +111 -0
package/server/routes/passkey-credentials.ts +99 -0
package/server/routes/passkey.ts +346 -0
package/server/routes/portfolio.ts +217 -0
package/server/routes/price.ts +63 -0
package/server/routes/resolve.ts +31 -0
package/server/routes/security.ts +45 -0
package/server/routes/send-evm.ts +241 -0
package/server/routes/send-solana.ts +281 -0
package/server/routes/send.ts +178 -0
package/server/routes/setup.ts +210 -0
package/server/routes/strategy.ts +894 -0
package/server/routes/swap-evm.ts +353 -0
package/server/routes/swap-solana.ts +177 -0
package/server/routes/swap.ts +356 -0
package/server/routes/token.ts +247 -0
package/server/routes/unlock.ts +403 -0
package/server/routes/wallet-assets.ts +361 -0
package/server/routes/wallet-transactions.ts +515 -0
package/server/routes/wallet.ts +710 -0
package/server/types.ts +146 -0
package/skills/aurawallet/SKILL.md +739 -0
package/skills/aurawallet-setup/SKILL.md +74 -0
package/skills/security-review/SKILL.md +148 -0
package/src/app/api/agent-requests/route.ts +30 -0
package/src/app/api/apps/install/route.ts +126 -0
package/src/app/api/apps/manifests/route.ts +16 -0
package/src/app/api/apps/static/[...path]/route.ts +57 -0
package/src/app/api/events/route.ts +92 -0
package/src/app/api/page.tsx +212 -0
package/src/app/api/workspace/[id]/apps/[wid]/route.ts +119 -0
package/src/app/api/workspace/[id]/apps/route.ts +81 -0
package/src/app/api/workspace/[id]/export/route.ts +67 -0
package/src/app/api/workspace/[id]/route.ts +168 -0
package/src/app/api/workspace/auth.ts +34 -0
package/src/app/api/workspace/config/route.ts +106 -0
package/src/app/api/workspace/import/route.ts +127 -0
package/src/app/api/workspace/route.ts +116 -0
package/src/app/app/page.tsx +2122 -0
package/src/app/apple-icon.png +0 -0
package/src/app/docs/page.tsx +178 -0
package/src/app/favicon.ico +0 -0
package/src/app/globals.css +572 -0
package/src/app/health/page.tsx +5 -0
package/src/app/hello/page.tsx +15 -0
package/src/app/icon.png +0 -0
package/src/app/layout.tsx +34 -0
package/src/app/page.tsx +986 -0
package/src/app/providers.tsx +90 -0
package/src/app/share/[token]/page.tsx +295 -0
package/src/components/ChainSelector.tsx +144 -0
package/src/components/HumanActionBar.tsx +695 -0
package/src/components/NotificationDrawer.tsx +129 -0
package/src/components/apps/AgentKeysApp.tsx +490 -0
package/src/components/apps/App.tsx +153 -0
package/src/components/apps/AppGrid.tsx +15 -0
package/src/components/apps/DetailedAddressDrawer.tsx +325 -0
package/src/components/apps/DraggableApp.tsx +562 -0
package/src/components/apps/IFrameApp.tsx +73 -0
package/src/components/apps/LogsApp.tsx +360 -0
package/src/components/apps/SendApp.tsx +394 -0
package/src/components/apps/SetupWizardApp.tsx +1004 -0
package/src/components/apps/SystemDefaultsApp.tsx +845 -0
package/src/components/apps/ThirdPartyApp.tsx +428 -0
package/src/components/apps/TokenApp.tsx +319 -0
package/src/components/apps/TransactionsApp.tsx +438 -0
package/src/components/apps/WalletDetailApp.tsx +1505 -0
package/src/components/apps/index.ts +13 -0
package/src/components/design-system/Button.tsx +53 -0
package/src/components/design-system/ChainIndicator.tsx +65 -0
package/src/components/design-system/ChainSelector.tsx +137 -0
package/src/components/design-system/ConfirmationModal.tsx +106 -0
package/src/components/design-system/ConfirmationPopover.tsx +81 -0
package/src/components/design-system/Drawer.tsx +123 -0
package/src/components/design-system/FilterDropdown.tsx +72 -0
package/src/components/design-system/Modal.tsx +206 -0
package/src/components/design-system/Popover.tsx +142 -0
package/src/components/design-system/TextInput.tsx +85 -0
package/src/components/design-system/Toggle.tsx +58 -0
package/src/components/design-system/index.ts +11 -0
package/src/components/docs/DocsThemeToggle.tsx +49 -0
package/src/components/health/CredentialHealthDashboard.tsx +214 -0
package/src/components/icons/ChainIcons.tsx +72 -0
package/src/components/layout/AppStoreDrawer.tsx +369 -0
package/src/components/layout/ContentArea.tsx +21 -0
package/src/components/layout/TabBar.tsx +278 -0
package/src/components/layout/WalletSidebar.tsx +1033 -0
package/src/components/layout/index.ts +4 -0
package/src/components/marketing/AuraWalletSpecOverlay.tsx +635 -0
package/src/components/marketing/DeviceMorphExperience.tsx +216 -0
package/src/components/vault/ApiKeysConsole.tsx +1080 -0
package/src/components/vault/AuditConsole.tsx +584 -0
package/src/components/vault/CredentialDetail.tsx +455 -0
package/src/components/vault/CredentialEmpty.tsx +55 -0
package/src/components/vault/CredentialField.tsx +361 -0
package/src/components/vault/CredentialForm.tsx +1212 -0
package/src/components/vault/CredentialList.tsx +165 -0
package/src/components/vault/CredentialRow.tsx +97 -0
package/src/components/vault/CredentialShareModal.tsx +178 -0
package/src/components/vault/CredentialVault.tsx +754 -0
package/src/components/vault/CredentialWalletWidget.tsx +103 -0
package/src/components/vault/ImportCredentialsModal.tsx +515 -0
package/src/components/vault/LargeTypeModal.tsx +64 -0
package/src/components/vault/PasswordGenerator.tsx +224 -0
package/src/components/vault/TOTPDisplay.tsx +123 -0
package/src/components/vault/VaultSidebar.tsx +413 -0
package/src/components/vault/types.ts +54 -0
package/src/context/AuthContext.tsx +337 -0
package/src/context/PriceContext.tsx +113 -0
package/src/context/ThemeContext.tsx +164 -0
package/src/context/WebSocketContext.tsx +269 -0
package/src/context/WorkspaceContext.tsx +668 -0
package/src/hooks/index.ts +3 -0
package/src/hooks/useAgentActions.ts +368 -0
package/src/hooks/useBalance.ts +103 -0
package/src/hooks/useBalances.ts +129 -0
package/src/instrumentation.ts +12 -0
package/src/lib/api.ts +449 -0
package/src/lib/app-loader.ts +148 -0
package/src/lib/app-registry.ts +178 -0
package/src/lib/app-sdk.ts +157 -0
package/src/lib/audit-console-adapter.ts +151 -0
package/src/lib/auth-client.ts +75 -0
package/src/lib/config.ts +74 -0
package/src/lib/crypto.ts +112 -0
package/src/lib/db.ts +21 -0
package/src/lib/docs.ts +390 -0
package/src/lib/events.ts +361 -0
package/src/lib/pino.ts +24 -0
package/src/lib/theme-handlers.ts +168 -0
package/src/lib/theme.ts +351 -0
package/src/lib/tokenData.ts +378 -0
package/src/lib/vault-crypto.ts +129 -0
package/src/lib/websocket-server.ts +302 -0
package/src/lib/websocket-setup.ts +79 -0
package/src/lib/wordlist.ts +2050 -0
package/src/lib/workspace-handlers.ts +285 -0
package/start.sh +80 -0
package/tailwind.config.ts +99 -0
package/tsconfig.json +42 -0

package/server/cli/commands/mcp.ts ADDED Viewed

@@ -0,0 +1,125 @@
+/**
+ * aurawallet mcp — Start the MCP server (stdio transport)
+ *
+ * Spawned by MCP clients (Claude Code, Claude Desktop, Cursor, etc.) via config:
+ *   { "command": "npx", "args": ["aurawallet", "mcp"], "env": { "AURA_TOKEN": "<token>" } }
+ *
+ * Flags:
+ *   --install  Auto-detect IDEs and write MCP config entries
+ */
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import { getErrorMessage } from '../../lib/error';
+const args = process.argv.slice(2);
+if (args.includes('--install')) {
+  installMcpConfigs();
+} else {
+  // The MCP server runs on import — connects stdio transport and registers tools
+  import('../../mcp/server.js');
+}
+interface IdeTarget {
+  name: string;
+  configPath: string;
+  global: boolean;
+}
+function installMcpConfigs(): void {
+  const home = os.homedir();
+  const targets: IdeTarget[] = [
+    {
+      name: 'Claude Desktop',
+      configPath: path.join(home, 'Library', 'Application Support', 'Claude', 'claude_desktop_config.json'),
+      global: true,
+    },
+    {
+      name: 'Cursor',
+      configPath: path.join(home, '.cursor', 'mcp.json'),
+      global: true,
+    },
+    {
+      name: 'VS Code',
+      configPath: path.join(process.cwd(), '.vscode', 'mcp.json'),
+      global: false,
+    },
+    {
+      name: 'Windsurf',
+      configPath: path.join(home, '.windsurf', 'mcp.json'),
+      global: true,
+    },
+  ];
+  const mcpEntry = {
+    command: 'npx',
+    args: ['aurawallet', 'mcp'],
+  };
+  console.log('\n  AuraWallet MCP Installer');
+  console.log('  ───────────────────────\n');
+  let updated = 0;
+  let skipped = 0;
+  let notFound = 0;
+  let errors = 0;
+  for (const target of targets) {
+    const configDir = path.dirname(target.configPath);
+    // Only touch configs for IDEs that are actually present.
+    // Do not create new IDE directories implicitly.
+    if (!fs.existsSync(configDir)) {
+      console.log(`  ${target.name}: not found (${configDir} not found)`);
+      notFound++;
+      continue;
+    }
+    // Read existing config or start fresh. If the file is malformed, skip it
+    // instead of overwriting user data with {}.
+    let config: Record<string, unknown> = {};
+    if (fs.existsSync(target.configPath)) {
+      try {
+        const raw = fs.readFileSync(target.configPath, 'utf-8');
+        config = JSON.parse(raw);
+      } catch (error) {
+        const message = getErrorMessage(error);
+        console.log(`  ${target.name}: skipped (invalid JSON in ${target.configPath}: ${message})`);
+        errors++;
+        continue;
+      }
+    }
+    // Check if aurawallet entry already exists
+    if (
+      config.mcpServers !== undefined &&
+      (typeof config.mcpServers !== 'object' || config.mcpServers === null || Array.isArray(config.mcpServers))
+    ) {
+      console.log(`  ${target.name}: skipped (mcpServers must be an object in ${target.configPath})`);
+      errors++;
+      continue;
+    }
+    const mcpServers = (config.mcpServers || {}) as Record<string, unknown>;
+    if (mcpServers.aurawallet) {
+      console.log(`  ${target.name}: already configured`);
+      skipped++;
+      continue;
+    }
+    // Merge the entry
+    mcpServers.aurawallet = mcpEntry;
+    config.mcpServers = mcpServers;
+    fs.writeFileSync(target.configPath, JSON.stringify(config, null, 2) + '\n');
+    console.log(`  ${target.name}: configured (${target.configPath})`);
+    updated++;
+  }
+  console.log('');
+  console.log(`  Done: ${updated} updated, ${skipped} already configured, ${notFound} not found, ${errors} skipped due to errors`);
+  console.log('');
+}

package/server/cli/commands/restore.ts ADDED Viewed

@@ -0,0 +1,314 @@
+#!/usr/bin/env tsx
+/**
+ * npx aurawallet restore — Restore from a backup
+ *
+ * Usage:
+ *   npx aurawallet restore --list              # List available backups
+ *   npx aurawallet restore --latest            # Restore most recent backup
+ *   npx aurawallet restore <filename>          # Restore specific backup
+ *   npx aurawallet restore --dry-run <file>    # Preview without modifying
+ *   npx aurawallet restore --dry-run --latest  # Preview latest restore
+ */
+import { readdir, stat, copyFile, unlink, rename } from 'fs/promises';
+import { join } from 'path';
+import { existsSync, mkdirSync } from 'fs';
+import { execSync } from 'child_process';
+import { createServer } from 'net';
+import { getDbPath } from '../../lib/config';
+import { getBackupsDir, ensureBackupsDir, verifyIntegrity } from '../../routes/backup';
+const DATA_DIR = join(getDbPath(), '..');
+const CREDENTIALS_DIR = join(DATA_DIR, 'credentials');
+interface BackupEntry {
+  filename: string;
+  timestamp: string;
+  size: number;
+  date: Date;
+}
+async function listBackups(): Promise<BackupEntry[]> {
+  const backupsDir = getBackupsDir();
+  ensureBackupsDir();
+  const files = await readdir(backupsDir);
+  const backups: BackupEntry[] = [];
+  for (const file of files) {
+    if (file.startsWith('aurawallet.db.') && file.endsWith('.bak')) {
+      const match = file.match(/aurawallet\.db\.(\d{8}_\d{6})\.bak/);
+      if (!match) continue;
+      const filePath = join(backupsDir, file);
+      const fileStat = await stat(filePath);
+      backups.push({
+        filename: file,
+        timestamp: match[1],
+        size: fileStat.size,
+        date: fileStat.mtime,
+      });
+    }
+  }
+  backups.sort((a, b) => b.date.getTime() - a.date.getTime());
+  return backups;
+}
+function formatSize(bytes: number): string {
+  if (bytes < 1024) return `${bytes} B`;
+  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB`;
+  return `${(bytes / (1024 * 1024)).toFixed(1)} MB`;
+}
+function formatTimestamp(ts: string): string {
+  // YYYYMMDD_HHMMSS -> YYYY-MM-DD HH:MM:SS
+  return `${ts.slice(0, 4)}-${ts.slice(4, 6)}-${ts.slice(6, 8)} ${ts.slice(9, 11)}:${ts.slice(11, 13)}:${ts.slice(13, 15)}`;
+}
+async function checkServerRunning(): Promise<boolean> {
+  return new Promise((resolve) => {
+    const server = createServer();
+    server.once('error', (error: NodeJS.ErrnoException) => {
+      if (error.code === 'EADDRINUSE') {
+        resolve(true);
+      } else {
+        resolve(false);
+      }
+    });
+    server.once('listening', () => {
+      server.close();
+      resolve(false);
+    });
+    server.listen(4242, '127.0.0.1');
+  });
+}
+async function createPreRestoreBackup(): Promise<string> {
+  const dbFile = getDbPath();
+  if (!existsSync(dbFile)) return '';
+  const backupsDir = getBackupsDir();
+  ensureBackupsDir();
+  const now = new Date();
+  const timestamp = now.toISOString().replace(/[-:]/g, '').replace('T', '_').split('.')[0];
+  const filename = `pre-restore.${timestamp}.bak`;
+  const backupPath = join(backupsDir, filename);
+  await copyFile(dbFile, backupPath);
+  return filename;
+}
+async function restoreCredentials(backupsDir: string, timestamp: string): Promise<number> {
+  const allFiles = await readdir(backupsDir);
+  const credBackups = allFiles.filter(
+    (f) => f.startsWith(`credentials.${timestamp}.cred-`) && f.endsWith('.json')
+  );
+  if (credBackups.length === 0) return 0;
+  if (!existsSync(CREDENTIALS_DIR)) {
+    mkdirSync(CREDENTIALS_DIR, { recursive: true });
+  }
+  // Remove existing credentials
+  if (existsSync(CREDENTIALS_DIR)) {
+    const existing = await readdir(CREDENTIALS_DIR);
+    for (const f of existing) {
+      if (f.startsWith('cred-') && f.endsWith('.json')) {
+        await unlink(join(CREDENTIALS_DIR, f));
+      }
+    }
+  }
+  // Copy from backup
+  for (const f of credBackups) {
+    const destName = f.replace(`credentials.${timestamp}.`, '');
+    await copyFile(join(backupsDir, f), join(CREDENTIALS_DIR, destName));
+  }
+  return credBackups.length;
+}
+async function runMigrations(): Promise<number> {
+  try {
+    const output = execSync('npx prisma migrate deploy', {
+      cwd: join(__dirname, '..', '..', '..'),
+      env: { ...process.env, DATABASE_URL: `file:${getDbPath()}` },
+      encoding: 'utf-8',
+      stdio: ['pipe', 'pipe', 'pipe'],
+    });
+    // Count applied migrations from output
+    const matches = output.match(/(\d+) migration/);
+    return matches ? parseInt(matches[1], 10) : 0;
+  } catch (error: any) {
+    const errMsg = error.stderr || error.message || 'Unknown error';
+    console.error(`\n  ✗ Migration FAILED: ${errMsg}`);
+    console.error('  This is a critical error — the restored DB may have an incompatible schema.');
+    throw new Error(`Migration failed: ${errMsg}`);
+  }
+}
+async function main() {
+  const args = process.argv.slice(2);
+  const listFlag = args.includes('--list');
+  const latestFlag = args.includes('--latest');
+  const dryRun = args.includes('--dry-run');
+  const filename = args.find((a) => !a.startsWith('--'));
+  if (!listFlag && !latestFlag && !filename) {
+    console.log(`
+  aurawallet restore — Restore from a backup
+  Usage:
+    npx aurawallet restore --list              List available backups
+    npx aurawallet restore --latest            Restore most recent backup
+    npx aurawallet restore <filename>          Restore specific backup
+    npx aurawallet restore --dry-run --latest  Preview without modifying
+`);
+    process.exit(0);
+  }
+  // --list: show backups and exit
+  if (listFlag) {
+    const backups = await listBackups();
+    if (backups.length === 0) {
+      console.log('No backups found.');
+      process.exit(0);
+    }
+    console.log(`\n  Available backups (${backups.length}):\n`);
+    for (const b of backups) {
+      console.log(`    ${b.filename}  ${formatTimestamp(b.timestamp)}  ${formatSize(b.size)}`);
+    }
+    console.log();
+    process.exit(0);
+  }
+  // Determine which backup to restore
+  let targetFilename: string;
+  if (latestFlag) {
+    const backups = await listBackups();
+    if (backups.length === 0) {
+      console.error('No backups found.');
+      process.exit(1);
+    }
+    targetFilename = backups[0].filename;
+  } else {
+    targetFilename = filename!;
+  }
+  // Validate filename
+  if (!targetFilename.match(/^aurawallet\.db\.\d{8}_\d{6}\.bak$/)) {
+    console.error(`Invalid backup filename: ${targetFilename}`);
+    process.exit(1);
+  }
+  const backupsDir = getBackupsDir();
+  const backupPath = join(backupsDir, targetFilename);
+  if (!existsSync(backupPath)) {
+    console.error(`Backup not found: ${targetFilename}`);
+    process.exit(1);
+  }
+  const backupStat = await stat(backupPath);
+  const tsMatch = targetFilename.match(/aurawallet\.db\.(\d{8}_\d{6})\.bak/)!;
+  const timestamp = tsMatch[1];
+  // Count matching credential backups
+  const allFiles = await readdir(backupsDir);
+  const credCount = allFiles.filter(
+    (f) => f.startsWith(`credentials.${timestamp}.cred-`) && f.endsWith('.json')
+  ).length;
+  console.log(`\n  Restore target: ${targetFilename}`);
+  console.log(`  Created:        ${formatTimestamp(timestamp)}`);
+  console.log(`  Size:           ${formatSize(backupStat.size)}`);
+  console.log(`  Credentials:    ${credCount} file(s)`);
+  // Verify backup integrity
+  console.log('\n  Verifying backup integrity...');
+  if (!verifyIntegrity(backupPath)) {
+    console.error('  ✗ Backup FAILED integrity check. Aborting.');
+    process.exit(1);
+  }
+  console.log('  ✓ Backup integrity OK');
+  if (dryRun) {
+    console.log('\n  --dry-run: No changes made.\n');
+    process.exit(0);
+  }
+  // Check if server is running
+  const serverRunning = await checkServerRunning();
+  if (serverRunning) {
+    console.log('\n  ⚠️  WARNING: Server appears to be running on port 4242.');
+    console.log('  Stop it first with `npx aurawallet stop` for clean restore.');
+    console.log('  Proceeding anyway...\n');
+  }
+  // Pre-restore safety backup
+  const preRestoreName = await createPreRestoreBackup();
+  if (preRestoreName) {
+    console.log(`  Pre-restore backup: ${preRestoreName}`);
+  }
+  // Restore DB
+  const dbPath = getDbPath();
+  const tempPath = dbPath + '.restore-tmp';
+  await copyFile(backupPath, tempPath);
+  await rename(tempPath, dbPath);
+  console.log('  ✓ Database restored');
+  // Restore credentials
+  const restoredCreds = await restoreCredentials(backupsDir, timestamp);
+  console.log(`  ✓ Credentials restored: ${restoredCreds} file(s)`);
+  // Run migrations
+  console.log('  Running schema migrations...');
+  let migrationsApplied: number;
+  try {
+    migrationsApplied = await runMigrations();
+  } catch {
+    if (preRestoreName) {
+      console.error(`\n  Reverting to pre-restore backup: ${preRestoreName}`);
+      const revertTemp = dbPath + '.revert-tmp';
+      await copyFile(join(backupsDir, preRestoreName), revertTemp);
+      await rename(revertTemp, dbPath);
+      console.error('  ✓ Reverted to pre-restore state.');
+    }
+    process.exit(1);
+  }
+  console.log(`  ✓ Migrations applied: ${migrationsApplied}`);
+  // Final integrity check
+  console.log('  Verifying restored database...');
+  if (!verifyIntegrity(dbPath)) {
+    console.error('  ✗ Restored DB FAILED integrity check!');
+    console.error(`  Safety backup available: ${preRestoreName}`);
+    process.exit(1);
+  }
+  console.log('  ✓ Restored database integrity OK');
+  // Clean up old pre-restore backups (keep last 3)
+  const allBackupFiles = await readdir(backupsDir);
+  const preRestoreFiles = allBackupFiles
+    .filter(f => f.startsWith('pre-restore.') && f.endsWith('.bak'))
+    .sort()
+    .reverse();
+  if (preRestoreFiles.length > 3) {
+    for (let i = 3; i < preRestoreFiles.length; i++) {
+      await unlink(join(backupsDir, preRestoreFiles[i]));
+    }
+    console.log(`  ✓ Cleaned up ${preRestoreFiles.length - 3} old pre-restore backup(s)`);
+  }
+  console.log(`\n  ✅ Restore complete!\n`);
+}
+main().catch((err) => {
+  console.error('Restore failed:', err.message || err);
+  process.exit(1);
+});