npm - auramaxx - Versions diffs - 1.0.0-alpha.4 - Mend

auramaxx 1.0.0-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (363) hide show

package/LICENSE +26 -0
package/README.md +112 -0
package/bin/aurawallet.js +121 -0
package/docs/ADAPTERS.md +467 -0
package/docs/API.md +2679 -0
package/docs/APPS.md +198 -0
package/docs/ARCHITECTURE.md +350 -0
package/docs/AUTH.md +698 -0
package/docs/BEST-PRACTICES.md +121 -0
package/docs/CLI.md +61 -0
package/docs/DEVELOPING-APPS.md +452 -0
package/docs/EXTENSION.md +97 -0
package/docs/JOBS.md +33 -0
package/docs/MCP.md +76 -0
package/docs/PROTOCOL.md +142 -0
package/docs/SETUP.md +219 -0
package/docs/WORKSPACE.md +672 -0
package/docs/agent-auth.md +63 -0
package/docs/aura-file.md +48 -0
package/docs/credentials.md +53 -0
package/docs/external/getting-started.md +65 -0
package/docs/external/overview.md +45 -0
package/docs/external/use-cases.md +48 -0
package/docs/external/why-aura.md +35 -0
package/docs/jobs/connect-agent.md +77 -0
package/docs/jobs/migrate-from-dotenv.md +79 -0
package/docs/jobs/recover-from-lockout.md +72 -0
package/docs/jobs/secure-ci.md +63 -0
package/docs/oauth2.md +42 -0
package/docs/passkeys.md +60 -0
package/docs/security.md +540 -0
package/docs/specs/aura-open-protocol.md +61 -0
package/docs/specs/aura-provider-plugin.md +24 -0
package/docs/specs/aura-registry-model.md +31 -0
package/docs/specs/fixtures/invalid-bad-key.aura +1 -0
package/docs/specs/fixtures/invalid-bad-unicode-escape.aura +1 -0
package/docs/specs/fixtures/invalid-duplicate-key.aura +2 -0
package/docs/specs/fixtures/valid-basic.aura +4 -0
package/docs/specs/fixtures/valid-provider-ref.aura +1 -0
package/docs/specs/fixtures/valid-quoted-escapes.aura +2 -0
package/docs/templates/RELEASE_NOTES_TEMPLATE.md +22 -0
package/docs/totp.md +40 -0
package/docs/wallet/AI.md +508 -0
package/docs/wallet/DEVELOPING-STRATEGIES.md +713 -0
package/docs/wallet/README.md +47 -0
package/docs/wallet/STRATEGY.md +89 -0
package/next.config.ts +21 -0
package/package.json +151 -0
package/postcss.config.mjs +8 -0
package/prisma/migrations/20260214170000_baseline/migration.sql +511 -0
package/prisma/migrations/20260216214537_add_passkey_model/migration.sql +18 -0
package/prisma/migrations/20260217150500_add_credential_access_audit/migration.sql +31 -0
package/prisma/migrations/migration_lock.toml +3 -0
package/prisma/schema.prisma +447 -0
package/public/logo-chevron.svg +31 -0
package/public/logo-concentric.svg +31 -0
package/public/logo-crosshatch.svg +39 -0
package/public/logo-dashed.svg +39 -0
package/public/logo-horizontal.svg +31 -0
package/public/logo-m56.svg +64 -0
package/public/logo.webp +0 -0
package/scripts/add-app.js +245 -0
package/scripts/init.sh +57 -0
package/scripts/migrate-apikeys-to-credentials.ts +35 -0
package/scripts/sandbox-agent-flow.sh +235 -0
package/scripts/sandbox.sh +175 -0
package/scripts/validate-job-docs.mjs +125 -0
package/server/abi/SwapHelper.json +438 -0
package/server/cli/approval.ts +447 -0
package/server/cli/commands/app.ts +204 -0
package/server/cli/commands/cron.ts +24 -0
package/server/cli/commands/doctor.ts +1007 -0
package/server/cli/commands/env.ts +456 -0
package/server/cli/commands/init.ts +752 -0
package/server/cli/commands/mcp.ts +125 -0
package/server/cli/commands/restore.ts +314 -0
package/server/cli/commands/shell-hook.ts +468 -0
package/server/cli/commands/start.ts +62 -0
package/server/cli/commands/status.ts +59 -0
package/server/cli/commands/stop.ts +14 -0
package/server/cli/commands/token.ts +180 -0
package/server/cli/commands/unlock.ts +49 -0
package/server/cli/commands/vault.ts +417 -0
package/server/cli/index.ts +328 -0
package/server/cli/lib/aura-parser.ts +64 -0
package/server/cli/lib/credential-create.ts +74 -0
package/server/cli/lib/credential-resolve.ts +254 -0
package/server/cli/lib/dotenv-migrate.ts +116 -0
package/server/cli/lib/dotenv-parser.ts +146 -0
package/server/cli/lib/http.ts +91 -0
package/server/cli/lib/init-steps.ts +76 -0
package/server/cli/lib/local-agent-trust.ts +45 -0
package/server/cli/lib/process.ts +136 -0
package/server/cli/lib/prompt.ts +85 -0
package/server/cli/lib/theme.ts +240 -0
package/server/cli/socket.ts +570 -0
package/server/cli/transport-client.ts +50 -0
package/server/cron/index.ts +137 -0
package/server/cron/job.ts +31 -0
package/server/cron/jobs/balance-sync.ts +436 -0
package/server/cron/jobs/incoming-scan.ts +506 -0
package/server/cron/jobs/native-price.ts +70 -0
package/server/cron/jobs/orphan-cleanup.ts +40 -0
package/server/cron/jobs/strategy-runner.ts +175 -0
package/server/cron/scheduler.ts +125 -0
package/server/index.ts +406 -0
package/server/lib/adapters/factory.ts +110 -0
package/server/lib/adapters/index.ts +19 -0
package/server/lib/adapters/router.ts +297 -0
package/server/lib/adapters/telegram.ts +645 -0
package/server/lib/adapters/types.ts +89 -0
package/server/lib/adapters/webhook.ts +95 -0
package/server/lib/address.ts +49 -0
package/server/lib/agent-auth/contracts.ts +1194 -0
package/server/lib/agent-profiles.ts +328 -0
package/server/lib/ai.ts +285 -0
package/server/lib/api-registry/contracts.ts +86 -0
package/server/lib/api-registry/validation.ts +172 -0
package/server/lib/apikey-migration.ts +189 -0
package/server/lib/app-installer.ts +505 -0
package/server/lib/app-tokens.ts +247 -0
package/server/lib/auth.ts +314 -0
package/server/lib/batch.ts +242 -0
package/server/lib/cold.ts +874 -0
package/server/lib/config.ts +381 -0
package/server/lib/credential-access-audit.ts +85 -0
package/server/lib/credential-access-policy.ts +110 -0
package/server/lib/credential-health.ts +343 -0
package/server/lib/credential-import.ts +487 -0
package/server/lib/credential-scope.ts +87 -0
package/server/lib/credential-shares.ts +190 -0
package/server/lib/credential-transport.ts +342 -0
package/server/lib/credential-vault.ts +77 -0
package/server/lib/credentials.ts +333 -0
package/server/lib/crypto.ts +8 -0
package/server/lib/db.ts +15 -0
package/server/lib/defaults.ts +366 -0
package/server/lib/dex/index.ts +80 -0
package/server/lib/dex/relay.ts +235 -0
package/server/lib/dex/types.ts +59 -0
package/server/lib/dex/uniswap.ts +370 -0
package/server/lib/e2e-agent/artifacts.ts +36 -0
package/server/lib/e2e-agent/contracts.ts +112 -0
package/server/lib/e2e-agent/validation.ts +135 -0
package/server/lib/encrypt.ts +128 -0
package/server/lib/error.ts +20 -0
package/server/lib/events.ts +205 -0
package/server/lib/hot.ts +357 -0
package/server/lib/key-fingerprint.ts +28 -0
package/server/lib/logger.ts +331 -0
package/server/lib/network.ts +137 -0
package/server/lib/notifications.ts +219 -0
package/server/lib/oauth2-refresh.ts +241 -0
package/server/lib/oursecret.ts +54 -0
package/server/lib/passkey-credential.ts +360 -0
package/server/lib/passkey.ts +68 -0
package/server/lib/permissions.ts +248 -0
package/server/lib/pino.ts +24 -0
package/server/lib/policy-preview.ts +138 -0
package/server/lib/price.ts +338 -0
package/server/lib/prices.ts +34 -0
package/server/lib/project-scope.ts +239 -0
package/server/lib/resolve-action.ts +427 -0
package/server/lib/resolve.ts +36 -0
package/server/lib/sessions.ts +632 -0
package/server/lib/solana/connection.ts +26 -0
package/server/lib/solana/jupiter.ts +128 -0
package/server/lib/solana/transfer.ts +108 -0
package/server/lib/solana/wallet.ts +136 -0
package/server/lib/strategy/emits.ts +21 -0
package/server/lib/strategy/engine.ts +1305 -0
package/server/lib/strategy/executor.ts +115 -0
package/server/lib/strategy/hook-context.ts +158 -0
package/server/lib/strategy/hooks.ts +990 -0
package/server/lib/strategy/index.ts +28 -0
package/server/lib/strategy/installer.ts +305 -0
package/server/lib/strategy/loader.ts +256 -0
package/server/lib/strategy/message.ts +235 -0
package/server/lib/strategy/repository.ts +218 -0
package/server/lib/strategy/session-logger.ts +693 -0
package/server/lib/strategy/sources.ts +288 -0
package/server/lib/strategy/state.ts +189 -0
package/server/lib/strategy/templates.ts +403 -0
package/server/lib/strategy/tick.ts +404 -0
package/server/lib/strategy/types.ts +230 -0
package/server/lib/swap.ts +3 -0
package/server/lib/temp.ts +86 -0
package/server/lib/token-metadata.ts +86 -0
package/server/lib/token-safety.ts +200 -0
package/server/lib/token-search.ts +444 -0
package/server/lib/totp.ts +194 -0
package/server/lib/transactions.ts +123 -0
package/server/lib/transport.ts +75 -0
package/server/lib/txhistory/decoder.ts +262 -0
package/server/lib/txhistory/enricher.ts +652 -0
package/server/lib/txhistory/index.ts +391 -0
package/server/lib/txhistory/signatures.ts +59 -0
package/server/lib/verified-summary.ts +421 -0
package/server/mcp/profile-policy.ts +30 -0
package/server/mcp/server.ts +619 -0
package/server/mcp/tools.ts +523 -0
package/server/middleware/auth.ts +119 -0
package/server/middleware/requestLogger.ts +84 -0
package/server/routes/actions.ts +459 -0
package/server/routes/adapters.ts +703 -0
package/server/routes/addressbook.ts +113 -0
package/server/routes/ai.ts +34 -0
package/server/routes/apikeys.ts +295 -0
package/server/routes/apps.ts +601 -0
package/server/routes/auth.ts +457 -0
package/server/routes/backup.ts +340 -0
package/server/routes/batch.ts +270 -0
package/server/routes/bookmarks.ts +162 -0
package/server/routes/credential-shares.ts +198 -0
package/server/routes/credential-vaults.ts +154 -0
package/server/routes/credentials.ts +1290 -0
package/server/routes/dashboard.ts +71 -0
package/server/routes/defaults.ts +124 -0
package/server/routes/fund.ts +229 -0
package/server/routes/import.ts +352 -0
package/server/routes/launch.ts +665 -0
package/server/routes/lock.ts +54 -0
package/server/routes/logs.ts +68 -0
package/server/routes/nuke.ts +111 -0
package/server/routes/passkey-credentials.ts +99 -0
package/server/routes/passkey.ts +346 -0
package/server/routes/portfolio.ts +217 -0
package/server/routes/price.ts +63 -0
package/server/routes/resolve.ts +31 -0
package/server/routes/security.ts +45 -0
package/server/routes/send-evm.ts +241 -0
package/server/routes/send-solana.ts +281 -0
package/server/routes/send.ts +178 -0
package/server/routes/setup.ts +210 -0
package/server/routes/strategy.ts +894 -0
package/server/routes/swap-evm.ts +353 -0
package/server/routes/swap-solana.ts +177 -0
package/server/routes/swap.ts +356 -0
package/server/routes/token.ts +247 -0
package/server/routes/unlock.ts +403 -0
package/server/routes/wallet-assets.ts +361 -0
package/server/routes/wallet-transactions.ts +515 -0
package/server/routes/wallet.ts +710 -0
package/server/types.ts +146 -0
package/skills/aurawallet/SKILL.md +739 -0
package/skills/aurawallet-setup/SKILL.md +74 -0
package/skills/security-review/SKILL.md +148 -0
package/src/app/api/agent-requests/route.ts +30 -0
package/src/app/api/apps/install/route.ts +126 -0
package/src/app/api/apps/manifests/route.ts +16 -0
package/src/app/api/apps/static/[...path]/route.ts +57 -0
package/src/app/api/events/route.ts +92 -0
package/src/app/api/page.tsx +212 -0
package/src/app/api/workspace/[id]/apps/[wid]/route.ts +119 -0
package/src/app/api/workspace/[id]/apps/route.ts +81 -0
package/src/app/api/workspace/[id]/export/route.ts +67 -0
package/src/app/api/workspace/[id]/route.ts +168 -0
package/src/app/api/workspace/auth.ts +34 -0
package/src/app/api/workspace/config/route.ts +106 -0
package/src/app/api/workspace/import/route.ts +127 -0
package/src/app/api/workspace/route.ts +116 -0
package/src/app/app/page.tsx +2122 -0
package/src/app/apple-icon.png +0 -0
package/src/app/docs/page.tsx +178 -0
package/src/app/favicon.ico +0 -0
package/src/app/globals.css +572 -0
package/src/app/health/page.tsx +5 -0
package/src/app/hello/page.tsx +15 -0
package/src/app/icon.png +0 -0
package/src/app/layout.tsx +34 -0
package/src/app/page.tsx +986 -0
package/src/app/providers.tsx +90 -0
package/src/app/share/[token]/page.tsx +295 -0
package/src/components/ChainSelector.tsx +144 -0
package/src/components/HumanActionBar.tsx +695 -0
package/src/components/NotificationDrawer.tsx +129 -0
package/src/components/apps/AgentKeysApp.tsx +490 -0
package/src/components/apps/App.tsx +153 -0
package/src/components/apps/AppGrid.tsx +15 -0
package/src/components/apps/DetailedAddressDrawer.tsx +325 -0
package/src/components/apps/DraggableApp.tsx +562 -0
package/src/components/apps/IFrameApp.tsx +73 -0
package/src/components/apps/LogsApp.tsx +360 -0
package/src/components/apps/SendApp.tsx +394 -0
package/src/components/apps/SetupWizardApp.tsx +1004 -0
package/src/components/apps/SystemDefaultsApp.tsx +845 -0
package/src/components/apps/ThirdPartyApp.tsx +428 -0
package/src/components/apps/TokenApp.tsx +319 -0
package/src/components/apps/TransactionsApp.tsx +438 -0
package/src/components/apps/WalletDetailApp.tsx +1505 -0
package/src/components/apps/index.ts +13 -0
package/src/components/design-system/Button.tsx +53 -0
package/src/components/design-system/ChainIndicator.tsx +65 -0
package/src/components/design-system/ChainSelector.tsx +137 -0
package/src/components/design-system/ConfirmationModal.tsx +106 -0
package/src/components/design-system/ConfirmationPopover.tsx +81 -0
package/src/components/design-system/Drawer.tsx +123 -0
package/src/components/design-system/FilterDropdown.tsx +72 -0
package/src/components/design-system/Modal.tsx +206 -0
package/src/components/design-system/Popover.tsx +142 -0
package/src/components/design-system/TextInput.tsx +85 -0
package/src/components/design-system/Toggle.tsx +58 -0
package/src/components/design-system/index.ts +11 -0
package/src/components/docs/DocsThemeToggle.tsx +49 -0
package/src/components/health/CredentialHealthDashboard.tsx +214 -0
package/src/components/icons/ChainIcons.tsx +72 -0
package/src/components/layout/AppStoreDrawer.tsx +369 -0
package/src/components/layout/ContentArea.tsx +21 -0
package/src/components/layout/TabBar.tsx +278 -0
package/src/components/layout/WalletSidebar.tsx +1033 -0
package/src/components/layout/index.ts +4 -0
package/src/components/marketing/AuraWalletSpecOverlay.tsx +635 -0
package/src/components/marketing/DeviceMorphExperience.tsx +216 -0
package/src/components/vault/ApiKeysConsole.tsx +1080 -0
package/src/components/vault/AuditConsole.tsx +584 -0
package/src/components/vault/CredentialDetail.tsx +455 -0
package/src/components/vault/CredentialEmpty.tsx +55 -0
package/src/components/vault/CredentialField.tsx +361 -0
package/src/components/vault/CredentialForm.tsx +1212 -0
package/src/components/vault/CredentialList.tsx +165 -0
package/src/components/vault/CredentialRow.tsx +97 -0
package/src/components/vault/CredentialShareModal.tsx +178 -0
package/src/components/vault/CredentialVault.tsx +754 -0
package/src/components/vault/CredentialWalletWidget.tsx +103 -0
package/src/components/vault/ImportCredentialsModal.tsx +515 -0
package/src/components/vault/LargeTypeModal.tsx +64 -0
package/src/components/vault/PasswordGenerator.tsx +224 -0
package/src/components/vault/TOTPDisplay.tsx +123 -0
package/src/components/vault/VaultSidebar.tsx +413 -0
package/src/components/vault/types.ts +54 -0
package/src/context/AuthContext.tsx +337 -0
package/src/context/PriceContext.tsx +113 -0
package/src/context/ThemeContext.tsx +164 -0
package/src/context/WebSocketContext.tsx +269 -0
package/src/context/WorkspaceContext.tsx +668 -0
package/src/hooks/index.ts +3 -0
package/src/hooks/useAgentActions.ts +368 -0
package/src/hooks/useBalance.ts +103 -0
package/src/hooks/useBalances.ts +129 -0
package/src/instrumentation.ts +12 -0
package/src/lib/api.ts +449 -0
package/src/lib/app-loader.ts +148 -0
package/src/lib/app-registry.ts +178 -0
package/src/lib/app-sdk.ts +157 -0
package/src/lib/audit-console-adapter.ts +151 -0
package/src/lib/auth-client.ts +75 -0
package/src/lib/config.ts +74 -0
package/src/lib/crypto.ts +112 -0
package/src/lib/db.ts +21 -0
package/src/lib/docs.ts +390 -0
package/src/lib/events.ts +361 -0
package/src/lib/pino.ts +24 -0
package/src/lib/theme-handlers.ts +168 -0
package/src/lib/theme.ts +351 -0
package/src/lib/tokenData.ts +378 -0
package/src/lib/vault-crypto.ts +129 -0
package/src/lib/websocket-server.ts +302 -0
package/src/lib/websocket-setup.ts +79 -0
package/src/lib/wordlist.ts +2050 -0
package/src/lib/workspace-handlers.ts +285 -0
package/start.sh +80 -0
package/tailwind.config.ts +99 -0
package/tsconfig.json +42 -0

package/server/lib/policy-preview.ts ADDED Viewed

@@ -0,0 +1,138 @@
+import type { ResolveProfileInput, ResolvedProfilePolicy } from './agent-profiles';
+export type DenyCode =
+  | 'DENY_PERMISSION_MISSING'
+  | 'DENY_CREDENTIAL_READ_SCOPE'
+  | 'DENY_CREDENTIAL_WRITE_SCOPE'
+  | 'DENY_EXCLUDED_FIELD'
+  | 'DENY_MAX_READS_EXCEEDED'
+  | 'DENY_RATE_LIMIT';
+export interface PolicyPreviewV1 {
+  version: 'v1';
+  request: {
+    profile: string;
+    profileVersion: string;
+    overrides?: ResolveProfileInput['overrides'];
+  };
+  effectivePolicy: {
+    permissions: string[];
+    credentialAccess: {
+      read: string[];
+      write: string[];
+      excludeFields: string[];
+      maxReads: number | null;
+    };
+    ttlSeconds: number;
+    maxReads: number | null;
+    rateBudget: {
+      state: 'none' | 'inherited' | 'explicit';
+      requests: number | null;
+      windowSeconds: number | null;
+      source: 'none' | 'profile' | 'override';
+    };
+  };
+  effectivePolicyHash: string;
+  overrideDelta: string[];
+  warnings: string[];
+  denyExamples: Array<{ code: DenyCode; message: string }>;
+}
+export function canonicalizeEffectivePolicy(policy: ResolvedProfilePolicy): PolicyPreviewV1['effectivePolicy'] {
+  return {
+    permissions: Array.from(new Set(policy.permissions)).sort(),
+    credentialAccess: {
+      read: Array.from(new Set(policy.credentialAccess.read || [])).sort(),
+      write: Array.from(new Set(policy.credentialAccess.write || [])).sort(),
+      excludeFields: Array.from(new Set(policy.credentialAccess.excludeFields || [])).sort(),
+      maxReads: typeof policy.credentialAccess.maxReads === 'number' ? policy.credentialAccess.maxReads : null,
+    },
+    ttlSeconds: policy.ttlSeconds,
+    maxReads: typeof policy.credentialAccess.maxReads === 'number' ? policy.credentialAccess.maxReads : null,
+    rateBudget: {
+      state: 'none',
+      requests: null,
+      windowSeconds: null,
+      source: 'none',
+    },
+  };
+}
+const DENY_ORDER: DenyCode[] = [
+  'DENY_PERMISSION_MISSING',
+  'DENY_CREDENTIAL_READ_SCOPE',
+  'DENY_CREDENTIAL_WRITE_SCOPE',
+  'DENY_EXCLUDED_FIELD',
+  'DENY_MAX_READS_EXCEEDED',
+  'DENY_RATE_LIMIT',
+];
+const DENY_MESSAGES: Record<DenyCode, string> = {
+  DENY_PERMISSION_MISSING: 'Operation denied: required permission is not granted by this policy.',
+  DENY_CREDENTIAL_READ_SCOPE: 'Credential read denied: target credential is outside allowed read scopes.',
+  DENY_CREDENTIAL_WRITE_SCOPE: 'Credential write denied: target credential is outside allowed write scopes.',
+  DENY_EXCLUDED_FIELD: 'Field access denied: requested field is explicitly excluded by policy.',
+  DENY_MAX_READS_EXCEEDED: 'Read denied: token maxReads budget would be exceeded.',
+  DENY_RATE_LIMIT: 'Rate limit denied: request would exceed configured token rate budget.',
+};
+export function buildDenyExamples(): Array<{ code: DenyCode; message: string }> {
+  return DENY_ORDER.map((code) => ({ code, message: DENY_MESSAGES[code] }));
+}
+export function buildPolicyPreviewV1(
+  input: ResolveProfileInput,
+  resolved: ResolvedProfilePolicy,
+): PolicyPreviewV1 {
+  const profileVersion = input.profileVersion || resolved.profile.version;
+  return {
+    version: 'v1',
+    request: {
+      profile: input.profileId,
+      profileVersion,
+      ...(input.overrides ? { overrides: input.overrides } : {}),
+    },
+    effectivePolicy: canonicalizeEffectivePolicy(resolved),
+    effectivePolicyHash: resolved.effectivePolicyHash,
+    overrideDelta: [...resolved.overrideDelta],
+    warnings: [...resolved.warnings],
+    denyExamples: buildDenyExamples(),
+  };
+}
+export interface PreviewErrorV1 {
+  version: 'v1';
+  code:
+    | 'ERR_UNAUTHORIZED'
+    | 'ERR_FORBIDDEN'
+    | 'ERR_PROFILE_NOT_FOUND'
+    | 'ERR_PROFILE_VERSION_UNSUPPORTED'
+    | 'ERR_OVERRIDE_INVALID'
+    | 'ERR_RESOLUTION_FAILED';
+  error: string;
+}
+export function mapPreviewError(code: string): { status: number; error: PreviewErrorV1 } {
+  if (code === 'AGENT_PROFILE_NOT_FOUND') {
+    return {
+      status: 404,
+      error: { version: 'v1', code: 'ERR_PROFILE_NOT_FOUND', error: 'Requested profile does not exist.' },
+    };
+  }
+  if (code === 'AGENT_PROFILE_VERSION_UNSUPPORTED') {
+    return {
+      status: 409,
+      error: { version: 'v1', code: 'ERR_PROFILE_VERSION_UNSUPPORTED', error: 'Requested profile version is unsupported.' },
+    };
+  }
+  if (code.startsWith('AGENT_PROFILE_')) {
+    return {
+      status: 422,
+      error: { version: 'v1', code: 'ERR_OVERRIDE_INVALID', error: 'Profile overrides are invalid for the selected profile.' },
+    };
+  }
+  return {
+    status: 500,
+    error: { version: 'v1', code: 'ERR_RESOLUTION_FAILED', error: 'Failed to resolve policy preview.' },
+  };
+}

package/server/lib/price.ts ADDED Viewed

@@ -0,0 +1,338 @@
+/**
+ * Token price lookup with cascading fallback:
+ * DexScreener → CoinGecko → Alchemy (if key exists)
+ *
+ * In-memory cache with 60-second TTL. No DB writes.
+ */
+import { isSolanaChain, normalizeAddress, getNativeCurrency } from './address';
+import { getAlchemyKey, ALCHEMY_PATHS } from './config';
+import { getEthToUsd, getSolToUsd } from './prices';
+export interface PriceResult {
+  priceUsd: string;
+  source: string;
+  cached: boolean;
+}
+interface CacheEntry {
+  priceUsd: string;
+  source: string;
+  fetchedAt: number;
+}
+const CACHE_TTL_MS = 60_000; // 60 seconds
+const priceCache = new Map<string, CacheEntry>();
+/** Clear cache — exposed for tests */
+export function clearPriceCache(): void {
+  priceCache.clear();
+}
+// CoinGecko platform ID mapping
+const COINGECKO_PLATFORMS: Record<string, string> = {
+  base: 'base',
+  ethereum: 'ethereum',
+  solana: 'solana',
+  polygon: 'polygon-pos',
+  arbitrum: 'arbitrum-one',
+  optimism: 'optimistic-ethereum',
+};
+/**
+ * Get USD price for a token. Returns null if no source has a price.
+ */
+export async function getTokenPrice(address: string, chain: string): Promise<PriceResult | null> {
+  // Native token shortcut — use existing cached prices from cron
+  if (address === 'native') {
+    return getNativePrice(chain);
+  }
+  const normalized = normalizeAddress(address, chain);
+  const cacheKey = `${chain}:${normalized}`;
+  // Check cache
+  const cached = priceCache.get(cacheKey);
+  if (cached && Date.now() - cached.fetchedAt < CACHE_TTL_MS) {
+    return { priceUsd: cached.priceUsd, source: cached.source, cached: true };
+  }
+  // Cascading fallback
+  let result = await fetchDexScreener(normalized, chain);
+  if (!result) result = await fetchCoinGecko(normalized, chain);
+  if (!result) result = await fetchAlchemy(normalized, chain);
+  if (!result) return null;
+  // Cache the result
+  priceCache.set(cacheKey, {
+    priceUsd: result.priceUsd,
+    source: result.source,
+    fetchedAt: Date.now(),
+  });
+  return { ...result, cached: false };
+}
+/**
+ * Batch price lookup — efficient for portfolio valuation.
+ * Uses CoinGecko batch (comma-separated per platform) first,
+ * then DexScreener in parallel for misses, then Alchemy batch.
+ */
+export async function getTokenPrices(
+  tokens: { address: string; chain: string }[],
+): Promise<Map<string, PriceResult>> {
+  const results = new Map<string, PriceResult>();
+  if (tokens.length === 0) return results;
+  const now = Date.now();
+  const misses: { address: string; chain: string; normalized: string; cacheKey: string }[] = [];
+  // 1. Check cache
+  for (const { address, chain } of tokens) {
+    const normalized = normalizeAddress(address, chain);
+    const cacheKey = `${chain}:${normalized}`;
+    const cached = priceCache.get(cacheKey);
+    if (cached && now - cached.fetchedAt < CACHE_TTL_MS) {
+      results.set(cacheKey, { priceUsd: cached.priceUsd, source: cached.source, cached: true });
+    } else {
+      misses.push({ address, chain, normalized, cacheKey });
+    }
+  }
+  if (misses.length === 0) return results;
+  // 2. CoinGecko batch — group by platform, comma-separate addresses
+  const remaining = await batchCoinGecko(misses, results);
+  // 3. DexScreener in parallel for CoinGecko misses
+  const afterDex = await batchDexScreener(remaining, results);
+  // 4. Alchemy batch for remaining misses
+  await batchAlchemy(afterDex, results);
+  return results;
+}
+/** CoinGecko batch: one API call per platform with comma-separated addresses */
+async function batchCoinGecko(
+  tokens: { address: string; chain: string; normalized: string; cacheKey: string }[],
+  results: Map<string, PriceResult>,
+): Promise<typeof tokens> {
+  // Group by platform
+  const byPlatform = new Map<string, typeof tokens>();
+  const unsupported: typeof tokens = [];
+  for (const t of tokens) {
+    const platformId = COINGECKO_PLATFORMS[t.chain];
+    if (!platformId) {
+      unsupported.push(t);
+      continue;
+    }
+    const group = byPlatform.get(platformId) || [];
+    group.push(t);
+    byPlatform.set(platformId, group);
+  }
+  const remaining = [...unsupported];
+  await Promise.all(
+    Array.from(byPlatform.entries()).map(async ([platformId, group]) => {
+      const addresses = group.map((t) => t.normalized).join(',');
+      try {
+        const res = await fetch(
+          `https://api.coingecko.com/api/v3/simple/token_price/${platformId}?contract_addresses=${addresses}&vs_currencies=usd`,
+          { signal: AbortSignal.timeout(5000) },
+        );
+        if (!res.ok) {
+          remaining.push(...group);
+          return;
+        }
+        const data = await res.json();
+        for (const t of group) {
+          const price = data[t.normalized.toLowerCase()]?.usd;
+          if (price !== undefined && price !== null) {
+            const entry = { priceUsd: price.toString(), source: 'coingecko' as const };
+            results.set(t.cacheKey, { ...entry, cached: false });
+            priceCache.set(t.cacheKey, { ...entry, fetchedAt: Date.now() });
+          } else {
+            remaining.push(t);
+          }
+        }
+      } catch {
+        remaining.push(...group);
+      }
+    }),
+  );
+  return remaining;
+}
+/** DexScreener: one API call per token, run in parallel */
+async function batchDexScreener(
+  tokens: { address: string; chain: string; normalized: string; cacheKey: string }[],
+  results: Map<string, PriceResult>,
+): Promise<typeof tokens> {
+  if (tokens.length === 0) return [];
+  const remaining: typeof tokens = [];
+  await Promise.all(
+    tokens.map(async (t) => {
+      const result = await fetchDexScreener(t.normalized, t.chain);
+      if (result) {
+        results.set(t.cacheKey, { ...result, cached: false });
+        priceCache.set(t.cacheKey, { ...result, fetchedAt: Date.now() });
+      } else {
+        remaining.push(t);
+      }
+    }),
+  );
+  return remaining;
+}
+/** Alchemy batch: one API call with multiple addresses (EVM only) */
+async function batchAlchemy(
+  tokens: { address: string; chain: string; normalized: string; cacheKey: string }[],
+  results: Map<string, PriceResult>,
+): Promise<void> {
+  if (tokens.length === 0) return;
+  const apiKey = await getAlchemyKey();
+  if (!apiKey) return;
+  // Filter to EVM only
+  const evmTokens = tokens.filter((t) => !isSolanaChain(t.chain) && ALCHEMY_PATHS[t.chain]);
+  if (evmTokens.length === 0) return;
+  const addressPayload = evmTokens.map((t) => ({
+    network: ALCHEMY_PATHS[t.chain].path,
+    address: t.normalized,
+  }));
+  try {
+    const res = await fetch(
+      `https://api.g.alchemy.com/prices/v1/${apiKey}/tokens/by-address`,
+      {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ addresses: addressPayload }),
+        signal: AbortSignal.timeout(5000),
+      },
+    );
+    if (!res.ok) return;
+    const data = await res.json();
+    for (let i = 0; i < evmTokens.length; i++) {
+      const priceEntry = data.data?.[i]?.prices?.find(
+        (p: any) => p.currency === 'usd' || p.currency === 'USD',
+      );
+      if (priceEntry?.value) {
+        const entry = { priceUsd: priceEntry.value, source: 'alchemy' as const };
+        results.set(evmTokens[i].cacheKey, { ...entry, cached: false });
+        priceCache.set(evmTokens[i].cacheKey, { ...entry, fetchedAt: Date.now() });
+      }
+    }
+  } catch {
+    // Alchemy failed — prices just won't be available for these tokens
+  }
+}
+async function getNativePrice(chain: string): Promise<PriceResult | null> {
+  const currency = getNativeCurrency(chain);
+  const price = currency === 'SOL' ? await getSolToUsd() : await getEthToUsd();
+  if (price === null) return null;
+  return { priceUsd: price.toString(), source: 'cache', cached: true };
+}
+/**
+ * DexScreener: free, 300 req/min, no key needed
+ */
+async function fetchDexScreener(address: string, chain: string): Promise<{ priceUsd: string; source: string } | null> {
+  try {
+    const res = await fetch(
+      `https://api.dexscreener.com/latest/dex/tokens/${address}`,
+      { signal: AbortSignal.timeout(5000) },
+    );
+    if (!res.ok) return null;
+    const data = await res.json();
+    const pairs = data.pairs
+      ?.filter((p: any) => p.chainId === chain)
+      ?.sort((a: any, b: any) => (b.liquidity?.usd || 0) - (a.liquidity?.usd || 0));
+    const best = pairs?.[0];
+    if (!best?.priceUsd) return null;
+    return { priceUsd: best.priceUsd, source: 'dexscreener' };
+  } catch {
+    return null;
+  }
+}
+/**
+ * CoinGecko: free tier, 5-15 req/min, no key needed
+ */
+async function fetchCoinGecko(address: string, chain: string): Promise<{ priceUsd: string; source: string } | null> {
+  const platformId = COINGECKO_PLATFORMS[chain];
+  if (!platformId) return null;
+  try {
+    const res = await fetch(
+      `https://api.coingecko.com/api/v3/simple/token_price/${platformId}?contract_addresses=${address}&vs_currencies=usd`,
+      { signal: AbortSignal.timeout(5000) },
+    );
+    if (!res.ok) return null;
+    const data = await res.json();
+    const key = address.toLowerCase();
+    const price = data[key]?.usd;
+    if (price === undefined || price === null) return null;
+    return { priceUsd: price.toString(), source: 'coingecko' };
+  } catch {
+    return null;
+  }
+}
+/**
+ * Alchemy: requires API key, EVM only
+ */
+async function fetchAlchemy(address: string, chain: string): Promise<{ priceUsd: string; source: string } | null> {
+  // Skip for Solana chains — Alchemy price API is EVM only
+  if (isSolanaChain(chain)) return null;
+  const apiKey = await getAlchemyKey();
+  if (!apiKey) return null;
+  const alchemyConfig = ALCHEMY_PATHS[chain];
+  if (!alchemyConfig) return null;
+  try {
+    const res = await fetch(
+      `https://api.g.alchemy.com/prices/v1/${apiKey}/tokens/by-address`,
+      {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          addresses: [{ network: alchemyConfig.path, address }],
+        }),
+        signal: AbortSignal.timeout(5000),
+      },
+    );
+    if (!res.ok) return null;
+    const data = await res.json();
+    const priceEntry = data.data?.[0]?.prices?.find(
+      (p: any) => p.currency === 'usd' || p.currency === 'USD',
+    );
+    if (!priceEntry?.value) return null;
+    return { priceUsd: priceEntry.value, source: 'alchemy' };
+  } catch {
+    return null;
+  }
+}

package/server/lib/prices.ts ADDED Viewed

@@ -0,0 +1,34 @@
+/**
+ * Price helpers — read cached native currency prices from DB.
+ * Prices are written by the cron server's native-price job.
+ */
+import { prisma } from './db';
+/**
+ * Get cached ETH→USD price. Returns null if no cached price exists.
+ */
+export async function getEthToUsd(): Promise<number | null> {
+  try {
+    const row = await prisma.nativePrice.findUnique({ where: { currency: 'ETH' } });
+    if (!row) return null;
+    const price = parseFloat(row.priceUsd);
+    return isNaN(price) ? null : price;
+  } catch {
+    return null;
+  }
+}
+/**
+ * Get cached SOL→USD price. Returns null if no cached price exists.
+ */
+export async function getSolToUsd(): Promise<number | null> {
+  try {
+    const row = await prisma.nativePrice.findUnique({ where: { currency: 'SOL' } });
+    if (!row) return null;
+    const price = parseFloat(row.priceUsd);
+    return isNaN(price) ? null : price;
+  } catch {
+    return null;
+  }
+}