npm - auramaxx - Versions diffs - 1.0.0-alpha.4 - Mend

auramaxx 1.0.0-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (363) hide show

package/LICENSE +26 -0
package/README.md +112 -0
package/bin/aurawallet.js +121 -0
package/docs/ADAPTERS.md +467 -0
package/docs/API.md +2679 -0
package/docs/APPS.md +198 -0
package/docs/ARCHITECTURE.md +350 -0
package/docs/AUTH.md +698 -0
package/docs/BEST-PRACTICES.md +121 -0
package/docs/CLI.md +61 -0
package/docs/DEVELOPING-APPS.md +452 -0
package/docs/EXTENSION.md +97 -0
package/docs/JOBS.md +33 -0
package/docs/MCP.md +76 -0
package/docs/PROTOCOL.md +142 -0
package/docs/SETUP.md +219 -0
package/docs/WORKSPACE.md +672 -0
package/docs/agent-auth.md +63 -0
package/docs/aura-file.md +48 -0
package/docs/credentials.md +53 -0
package/docs/external/getting-started.md +65 -0
package/docs/external/overview.md +45 -0
package/docs/external/use-cases.md +48 -0
package/docs/external/why-aura.md +35 -0
package/docs/jobs/connect-agent.md +77 -0
package/docs/jobs/migrate-from-dotenv.md +79 -0
package/docs/jobs/recover-from-lockout.md +72 -0
package/docs/jobs/secure-ci.md +63 -0
package/docs/oauth2.md +42 -0
package/docs/passkeys.md +60 -0
package/docs/security.md +540 -0
package/docs/specs/aura-open-protocol.md +61 -0
package/docs/specs/aura-provider-plugin.md +24 -0
package/docs/specs/aura-registry-model.md +31 -0
package/docs/specs/fixtures/invalid-bad-key.aura +1 -0
package/docs/specs/fixtures/invalid-bad-unicode-escape.aura +1 -0
package/docs/specs/fixtures/invalid-duplicate-key.aura +2 -0
package/docs/specs/fixtures/valid-basic.aura +4 -0
package/docs/specs/fixtures/valid-provider-ref.aura +1 -0
package/docs/specs/fixtures/valid-quoted-escapes.aura +2 -0
package/docs/templates/RELEASE_NOTES_TEMPLATE.md +22 -0
package/docs/totp.md +40 -0
package/docs/wallet/AI.md +508 -0
package/docs/wallet/DEVELOPING-STRATEGIES.md +713 -0
package/docs/wallet/README.md +47 -0
package/docs/wallet/STRATEGY.md +89 -0
package/next.config.ts +21 -0
package/package.json +151 -0
package/postcss.config.mjs +8 -0
package/prisma/migrations/20260214170000_baseline/migration.sql +511 -0
package/prisma/migrations/20260216214537_add_passkey_model/migration.sql +18 -0
package/prisma/migrations/20260217150500_add_credential_access_audit/migration.sql +31 -0
package/prisma/migrations/migration_lock.toml +3 -0
package/prisma/schema.prisma +447 -0
package/public/logo-chevron.svg +31 -0
package/public/logo-concentric.svg +31 -0
package/public/logo-crosshatch.svg +39 -0
package/public/logo-dashed.svg +39 -0
package/public/logo-horizontal.svg +31 -0
package/public/logo-m56.svg +64 -0
package/public/logo.webp +0 -0
package/scripts/add-app.js +245 -0
package/scripts/init.sh +57 -0
package/scripts/migrate-apikeys-to-credentials.ts +35 -0
package/scripts/sandbox-agent-flow.sh +235 -0
package/scripts/sandbox.sh +175 -0
package/scripts/validate-job-docs.mjs +125 -0
package/server/abi/SwapHelper.json +438 -0
package/server/cli/approval.ts +447 -0
package/server/cli/commands/app.ts +204 -0
package/server/cli/commands/cron.ts +24 -0
package/server/cli/commands/doctor.ts +1007 -0
package/server/cli/commands/env.ts +456 -0
package/server/cli/commands/init.ts +752 -0
package/server/cli/commands/mcp.ts +125 -0
package/server/cli/commands/restore.ts +314 -0
package/server/cli/commands/shell-hook.ts +468 -0
package/server/cli/commands/start.ts +62 -0
package/server/cli/commands/status.ts +59 -0
package/server/cli/commands/stop.ts +14 -0
package/server/cli/commands/token.ts +180 -0
package/server/cli/commands/unlock.ts +49 -0
package/server/cli/commands/vault.ts +417 -0
package/server/cli/index.ts +328 -0
package/server/cli/lib/aura-parser.ts +64 -0
package/server/cli/lib/credential-create.ts +74 -0
package/server/cli/lib/credential-resolve.ts +254 -0
package/server/cli/lib/dotenv-migrate.ts +116 -0
package/server/cli/lib/dotenv-parser.ts +146 -0
package/server/cli/lib/http.ts +91 -0
package/server/cli/lib/init-steps.ts +76 -0
package/server/cli/lib/local-agent-trust.ts +45 -0
package/server/cli/lib/process.ts +136 -0
package/server/cli/lib/prompt.ts +85 -0
package/server/cli/lib/theme.ts +240 -0
package/server/cli/socket.ts +570 -0
package/server/cli/transport-client.ts +50 -0
package/server/cron/index.ts +137 -0
package/server/cron/job.ts +31 -0
package/server/cron/jobs/balance-sync.ts +436 -0
package/server/cron/jobs/incoming-scan.ts +506 -0
package/server/cron/jobs/native-price.ts +70 -0
package/server/cron/jobs/orphan-cleanup.ts +40 -0
package/server/cron/jobs/strategy-runner.ts +175 -0
package/server/cron/scheduler.ts +125 -0
package/server/index.ts +406 -0
package/server/lib/adapters/factory.ts +110 -0
package/server/lib/adapters/index.ts +19 -0
package/server/lib/adapters/router.ts +297 -0
package/server/lib/adapters/telegram.ts +645 -0
package/server/lib/adapters/types.ts +89 -0
package/server/lib/adapters/webhook.ts +95 -0
package/server/lib/address.ts +49 -0
package/server/lib/agent-auth/contracts.ts +1194 -0
package/server/lib/agent-profiles.ts +328 -0
package/server/lib/ai.ts +285 -0
package/server/lib/api-registry/contracts.ts +86 -0
package/server/lib/api-registry/validation.ts +172 -0
package/server/lib/apikey-migration.ts +189 -0
package/server/lib/app-installer.ts +505 -0
package/server/lib/app-tokens.ts +247 -0
package/server/lib/auth.ts +314 -0
package/server/lib/batch.ts +242 -0
package/server/lib/cold.ts +874 -0
package/server/lib/config.ts +381 -0
package/server/lib/credential-access-audit.ts +85 -0
package/server/lib/credential-access-policy.ts +110 -0
package/server/lib/credential-health.ts +343 -0
package/server/lib/credential-import.ts +487 -0
package/server/lib/credential-scope.ts +87 -0
package/server/lib/credential-shares.ts +190 -0
package/server/lib/credential-transport.ts +342 -0
package/server/lib/credential-vault.ts +77 -0
package/server/lib/credentials.ts +333 -0
package/server/lib/crypto.ts +8 -0
package/server/lib/db.ts +15 -0
package/server/lib/defaults.ts +366 -0
package/server/lib/dex/index.ts +80 -0
package/server/lib/dex/relay.ts +235 -0
package/server/lib/dex/types.ts +59 -0
package/server/lib/dex/uniswap.ts +370 -0
package/server/lib/e2e-agent/artifacts.ts +36 -0
package/server/lib/e2e-agent/contracts.ts +112 -0
package/server/lib/e2e-agent/validation.ts +135 -0
package/server/lib/encrypt.ts +128 -0
package/server/lib/error.ts +20 -0
package/server/lib/events.ts +205 -0
package/server/lib/hot.ts +357 -0
package/server/lib/key-fingerprint.ts +28 -0
package/server/lib/logger.ts +331 -0
package/server/lib/network.ts +137 -0
package/server/lib/notifications.ts +219 -0
package/server/lib/oauth2-refresh.ts +241 -0
package/server/lib/oursecret.ts +54 -0
package/server/lib/passkey-credential.ts +360 -0
package/server/lib/passkey.ts +68 -0
package/server/lib/permissions.ts +248 -0
package/server/lib/pino.ts +24 -0
package/server/lib/policy-preview.ts +138 -0
package/server/lib/price.ts +338 -0
package/server/lib/prices.ts +34 -0
package/server/lib/project-scope.ts +239 -0
package/server/lib/resolve-action.ts +427 -0
package/server/lib/resolve.ts +36 -0
package/server/lib/sessions.ts +632 -0
package/server/lib/solana/connection.ts +26 -0
package/server/lib/solana/jupiter.ts +128 -0
package/server/lib/solana/transfer.ts +108 -0
package/server/lib/solana/wallet.ts +136 -0
package/server/lib/strategy/emits.ts +21 -0
package/server/lib/strategy/engine.ts +1305 -0
package/server/lib/strategy/executor.ts +115 -0
package/server/lib/strategy/hook-context.ts +158 -0
package/server/lib/strategy/hooks.ts +990 -0
package/server/lib/strategy/index.ts +28 -0
package/server/lib/strategy/installer.ts +305 -0
package/server/lib/strategy/loader.ts +256 -0
package/server/lib/strategy/message.ts +235 -0
package/server/lib/strategy/repository.ts +218 -0
package/server/lib/strategy/session-logger.ts +693 -0
package/server/lib/strategy/sources.ts +288 -0
package/server/lib/strategy/state.ts +189 -0
package/server/lib/strategy/templates.ts +403 -0
package/server/lib/strategy/tick.ts +404 -0
package/server/lib/strategy/types.ts +230 -0
package/server/lib/swap.ts +3 -0
package/server/lib/temp.ts +86 -0
package/server/lib/token-metadata.ts +86 -0
package/server/lib/token-safety.ts +200 -0
package/server/lib/token-search.ts +444 -0
package/server/lib/totp.ts +194 -0
package/server/lib/transactions.ts +123 -0
package/server/lib/transport.ts +75 -0
package/server/lib/txhistory/decoder.ts +262 -0
package/server/lib/txhistory/enricher.ts +652 -0
package/server/lib/txhistory/index.ts +391 -0
package/server/lib/txhistory/signatures.ts +59 -0
package/server/lib/verified-summary.ts +421 -0
package/server/mcp/profile-policy.ts +30 -0
package/server/mcp/server.ts +619 -0
package/server/mcp/tools.ts +523 -0
package/server/middleware/auth.ts +119 -0
package/server/middleware/requestLogger.ts +84 -0
package/server/routes/actions.ts +459 -0
package/server/routes/adapters.ts +703 -0
package/server/routes/addressbook.ts +113 -0
package/server/routes/ai.ts +34 -0
package/server/routes/apikeys.ts +295 -0
package/server/routes/apps.ts +601 -0
package/server/routes/auth.ts +457 -0
package/server/routes/backup.ts +340 -0
package/server/routes/batch.ts +270 -0
package/server/routes/bookmarks.ts +162 -0
package/server/routes/credential-shares.ts +198 -0
package/server/routes/credential-vaults.ts +154 -0
package/server/routes/credentials.ts +1290 -0
package/server/routes/dashboard.ts +71 -0
package/server/routes/defaults.ts +124 -0
package/server/routes/fund.ts +229 -0
package/server/routes/import.ts +352 -0
package/server/routes/launch.ts +665 -0
package/server/routes/lock.ts +54 -0
package/server/routes/logs.ts +68 -0
package/server/routes/nuke.ts +111 -0
package/server/routes/passkey-credentials.ts +99 -0
package/server/routes/passkey.ts +346 -0
package/server/routes/portfolio.ts +217 -0
package/server/routes/price.ts +63 -0
package/server/routes/resolve.ts +31 -0
package/server/routes/security.ts +45 -0
package/server/routes/send-evm.ts +241 -0
package/server/routes/send-solana.ts +281 -0
package/server/routes/send.ts +178 -0
package/server/routes/setup.ts +210 -0
package/server/routes/strategy.ts +894 -0
package/server/routes/swap-evm.ts +353 -0
package/server/routes/swap-solana.ts +177 -0
package/server/routes/swap.ts +356 -0
package/server/routes/token.ts +247 -0
package/server/routes/unlock.ts +403 -0
package/server/routes/wallet-assets.ts +361 -0
package/server/routes/wallet-transactions.ts +515 -0
package/server/routes/wallet.ts +710 -0
package/server/types.ts +146 -0
package/skills/aurawallet/SKILL.md +739 -0
package/skills/aurawallet-setup/SKILL.md +74 -0
package/skills/security-review/SKILL.md +148 -0
package/src/app/api/agent-requests/route.ts +30 -0
package/src/app/api/apps/install/route.ts +126 -0
package/src/app/api/apps/manifests/route.ts +16 -0
package/src/app/api/apps/static/[...path]/route.ts +57 -0
package/src/app/api/events/route.ts +92 -0
package/src/app/api/page.tsx +212 -0
package/src/app/api/workspace/[id]/apps/[wid]/route.ts +119 -0
package/src/app/api/workspace/[id]/apps/route.ts +81 -0
package/src/app/api/workspace/[id]/export/route.ts +67 -0
package/src/app/api/workspace/[id]/route.ts +168 -0
package/src/app/api/workspace/auth.ts +34 -0
package/src/app/api/workspace/config/route.ts +106 -0
package/src/app/api/workspace/import/route.ts +127 -0
package/src/app/api/workspace/route.ts +116 -0
package/src/app/app/page.tsx +2122 -0
package/src/app/apple-icon.png +0 -0
package/src/app/docs/page.tsx +178 -0
package/src/app/favicon.ico +0 -0
package/src/app/globals.css +572 -0
package/src/app/health/page.tsx +5 -0
package/src/app/hello/page.tsx +15 -0
package/src/app/icon.png +0 -0
package/src/app/layout.tsx +34 -0
package/src/app/page.tsx +986 -0
package/src/app/providers.tsx +90 -0
package/src/app/share/[token]/page.tsx +295 -0
package/src/components/ChainSelector.tsx +144 -0
package/src/components/HumanActionBar.tsx +695 -0
package/src/components/NotificationDrawer.tsx +129 -0
package/src/components/apps/AgentKeysApp.tsx +490 -0
package/src/components/apps/App.tsx +153 -0
package/src/components/apps/AppGrid.tsx +15 -0
package/src/components/apps/DetailedAddressDrawer.tsx +325 -0
package/src/components/apps/DraggableApp.tsx +562 -0
package/src/components/apps/IFrameApp.tsx +73 -0
package/src/components/apps/LogsApp.tsx +360 -0
package/src/components/apps/SendApp.tsx +394 -0
package/src/components/apps/SetupWizardApp.tsx +1004 -0
package/src/components/apps/SystemDefaultsApp.tsx +845 -0
package/src/components/apps/ThirdPartyApp.tsx +428 -0
package/src/components/apps/TokenApp.tsx +319 -0
package/src/components/apps/TransactionsApp.tsx +438 -0
package/src/components/apps/WalletDetailApp.tsx +1505 -0
package/src/components/apps/index.ts +13 -0
package/src/components/design-system/Button.tsx +53 -0
package/src/components/design-system/ChainIndicator.tsx +65 -0
package/src/components/design-system/ChainSelector.tsx +137 -0
package/src/components/design-system/ConfirmationModal.tsx +106 -0
package/src/components/design-system/ConfirmationPopover.tsx +81 -0
package/src/components/design-system/Drawer.tsx +123 -0
package/src/components/design-system/FilterDropdown.tsx +72 -0
package/src/components/design-system/Modal.tsx +206 -0
package/src/components/design-system/Popover.tsx +142 -0
package/src/components/design-system/TextInput.tsx +85 -0
package/src/components/design-system/Toggle.tsx +58 -0
package/src/components/design-system/index.ts +11 -0
package/src/components/docs/DocsThemeToggle.tsx +49 -0
package/src/components/health/CredentialHealthDashboard.tsx +214 -0
package/src/components/icons/ChainIcons.tsx +72 -0
package/src/components/layout/AppStoreDrawer.tsx +369 -0
package/src/components/layout/ContentArea.tsx +21 -0
package/src/components/layout/TabBar.tsx +278 -0
package/src/components/layout/WalletSidebar.tsx +1033 -0
package/src/components/layout/index.ts +4 -0
package/src/components/marketing/AuraWalletSpecOverlay.tsx +635 -0
package/src/components/marketing/DeviceMorphExperience.tsx +216 -0
package/src/components/vault/ApiKeysConsole.tsx +1080 -0
package/src/components/vault/AuditConsole.tsx +584 -0
package/src/components/vault/CredentialDetail.tsx +455 -0
package/src/components/vault/CredentialEmpty.tsx +55 -0
package/src/components/vault/CredentialField.tsx +361 -0
package/src/components/vault/CredentialForm.tsx +1212 -0
package/src/components/vault/CredentialList.tsx +165 -0
package/src/components/vault/CredentialRow.tsx +97 -0
package/src/components/vault/CredentialShareModal.tsx +178 -0
package/src/components/vault/CredentialVault.tsx +754 -0
package/src/components/vault/CredentialWalletWidget.tsx +103 -0
package/src/components/vault/ImportCredentialsModal.tsx +515 -0
package/src/components/vault/LargeTypeModal.tsx +64 -0
package/src/components/vault/PasswordGenerator.tsx +224 -0
package/src/components/vault/TOTPDisplay.tsx +123 -0
package/src/components/vault/VaultSidebar.tsx +413 -0
package/src/components/vault/types.ts +54 -0
package/src/context/AuthContext.tsx +337 -0
package/src/context/PriceContext.tsx +113 -0
package/src/context/ThemeContext.tsx +164 -0
package/src/context/WebSocketContext.tsx +269 -0
package/src/context/WorkspaceContext.tsx +668 -0
package/src/hooks/index.ts +3 -0
package/src/hooks/useAgentActions.ts +368 -0
package/src/hooks/useBalance.ts +103 -0
package/src/hooks/useBalances.ts +129 -0
package/src/instrumentation.ts +12 -0
package/src/lib/api.ts +449 -0
package/src/lib/app-loader.ts +148 -0
package/src/lib/app-registry.ts +178 -0
package/src/lib/app-sdk.ts +157 -0
package/src/lib/audit-console-adapter.ts +151 -0
package/src/lib/auth-client.ts +75 -0
package/src/lib/config.ts +74 -0
package/src/lib/crypto.ts +112 -0
package/src/lib/db.ts +21 -0
package/src/lib/docs.ts +390 -0
package/src/lib/events.ts +361 -0
package/src/lib/pino.ts +24 -0
package/src/lib/theme-handlers.ts +168 -0
package/src/lib/theme.ts +351 -0
package/src/lib/tokenData.ts +378 -0
package/src/lib/vault-crypto.ts +129 -0
package/src/lib/websocket-server.ts +302 -0
package/src/lib/websocket-setup.ts +79 -0
package/src/lib/wordlist.ts +2050 -0
package/src/lib/workspace-handlers.ts +285 -0
package/start.sh +80 -0
package/tailwind.config.ts +99 -0
package/tsconfig.json +42 -0

package/server/lib/strategy/tick.ts ADDED Viewed

@@ -0,0 +1,404 @@
+/**
+ * Tick Runner
+ * ===========
+ * Orchestrates a single tick for a strategy:
+ * 1. Fetch sources
+ * 2. Call tick hook → intents + state
+ * 3. Approve (if config.approve)
+ * 4. For each intent → call execute hook → action
+ * 5. Execute action → outcome
+ * 6. Call result hook → state updates + follow-ups
+ * 7. Follow-up intents re-enter step 3 (depth limit: 3)
+ */
+import { createHash } from 'crypto';
+import { StrategyManifest, StrategyConfig, HookResult, Intent, Action, ActionOutcome } from './types';
+import { fetchAllSources } from './sources';
+import { callHook } from './hooks';
+import { executeAction } from './executor';
+import { getState, updateState, getConfigOverrides, restoreState, persistState } from './state';
+import { requestHumanApproval, requestActionToken } from './engine';
+import { emitWalletEvent } from '../events';
+import { getTokenHash } from '../auth';
+import { getSessionBudget } from '../sessions';
+import { processEmits } from './emits';
+import { getDefaultSync } from '../defaults';
+import {
+  startTickSession,
+  logTickEvent,
+  logError as sessionLogError,
+  endTickSession,
+} from './session-logger';
+import { getErrorMessage } from '../error';
+/**
+ * Emit a strategy event via the existing event system.
+ */
+function emitStrategyEvent(type: string, strategyId: string, data: Record<string, unknown>): void {
+  emitWalletEvent(type, { strategyId, ...data });
+}
+function getMaxFollowupDepth(): number {
+  return getDefaultSync<number>('ai.max_followup_depth', 3);
+}
+/** Last context hash per strategy — used to skip duplicate LLM calls */
+const lastContextHash = new Map<string, string>();
+/** Hash a string with SHA-256 (fast, collision-resistant) */
+function hashContext(contextStr: string): string {
+  return createHash('sha256').update(contextStr).digest('hex').slice(0, 16);
+}
+/** Clear context hash for a strategy (e.g. on disable/reset) */
+export function clearContextHash(id: string): void {
+  lastContextHash.delete(id);
+}
+/** Clear all context hashes (e.g. on engine shutdown) */
+export function clearAllContextHashes(): void {
+  lastContextHash.clear();
+}
+/**
+ * Run a single tick for a strategy.
+ */
+export async function runTick(
+  manifest: StrategyManifest,
+  token?: string,
+): Promise<void> {
+  const startTime = Date.now();
+  const tag = `[strategy:${manifest.id}]`;
+  const sessionId = startTickSession(manifest.id);
+  // Re-read state from DB to pick up changes from app UI (e.g. human moves)
+  await restoreState(manifest.id);
+  const state = getState(manifest.id);
+  const configOverrides = await getConfigOverrides(manifest.id);
+  const config: StrategyConfig = { ...manifest.config, ...configOverrides };
+  console.log(`${tag} ── tick start (sources=${manifest.sources.length})`);
+  // 1. Fetch sources
+  let sourceData: Record<string, unknown[]>;
+  try {
+    const srcStart = Date.now();
+    sourceData = await fetchAllSources(manifest, config, null, token);
+    const srcKeys = Object.keys(sourceData);
+    const srcCounts = srcKeys.map(k => `${k}:${sourceData[k].length}`).join(', ');
+    console.log(`${tag}   sources fetched in ${Date.now() - srcStart}ms → {${srcCounts}}`);
+    logTickEvent(sessionId, 'Sources', `${srcCounts} (${Date.now() - srcStart}ms)`);
+  } catch (err) {
+    const errorAction = config.errors?.sourceFail || 'skip';
+    const errMsg = getErrorMessage(err);
+    console.error(`${tag}   source fetch FAILED: ${errMsg} (policy=${errorAction})`);
+    emitStrategyEvent('strategy:error', manifest.id, { error: errMsg, phase: 'sources' });
+    sessionLogError(sessionId, err);
+    if (errorAction === 'pause') {
+      endTickSession(sessionId, 'error', Date.now() - startTime);
+      throw err; // Let engine handle pause
+    }
+    // skip or retry — for skip, just return; retry handled by engine
+    if (errorAction === 'skip') {
+      endTickSession(sessionId, 'error', Date.now() - startTime);
+      return;
+    }
+    endTickSession(sessionId, 'error', Date.now() - startTime);
+    throw err;
+  }
+  // 2. Build context and check if it changed since last tick
+  const context = {
+    sources: sourceData,
+    positions: state.positions || [],
+    state,
+    config,
+    permissions: manifest.permissions,
+    budget: token ? getSessionBudget(getTokenHash(token)) : { limits: {}, spent: {}, remaining: {} },
+  };
+  const contextStr = JSON.stringify(context);
+  const contextHash = hashContext(contextStr);
+  const prevHash = lastContextHash.get(manifest.id);
+  if (prevHash === contextHash) {
+    const dur = Date.now() - startTime;
+    console.log(`${tag} ── tick skipped in ${dur}ms (context unchanged, hash=${contextHash})`);
+    logTickEvent(sessionId, 'Context', `unchanged (hash=${contextHash}), skipped AI call`);
+    endTickSession(sessionId, 'completed', dur);
+    return;
+  }
+  // 3. Call tick hook
+  console.log(`${tag}   calling tick hook...`);
+  const hookStart = Date.now();
+  const tickResult = await callHook(manifest, 'tick', context, token);
+  lastContextHash.set(manifest.id, contextHash);
+  const hookDur = Date.now() - hookStart;
+  console.log(`${tag}   tick hook returned in ${hookDur}ms → intents=${tickResult.intents.length}, stateKeys=${Object.keys(tickResult.state).join(',') || '(none)'}`);
+  logTickEvent(sessionId, 'Hook', `${hookDur}ms, intents=${tickResult.intents.length}`);
+  // Update state from tick hook
+  if (tickResult.state && Object.keys(tickResult.state).length > 0) {
+    updateState(manifest.id, tickResult.state);
+    await persistState(manifest.id);
+    console.log(`${tag}   state updated + persisted: ${JSON.stringify(tickResult.state).slice(0, 200)}`);
+  }
+  // Broadcast any emit events from the tick hook
+  processEmits(manifest.id, tickResult);
+  if (tickResult.log) {
+    console.log(`${tag}   hook log: ${tickResult.log}`);
+  }
+  if (!tickResult.intents || tickResult.intents.length === 0) {
+    const dur = Date.now() - startTime;
+    console.log(`${tag} ── tick done in ${dur}ms (no intents)`);
+    logTickEvent(sessionId, 'Intents', 'none');
+    endTickSession(sessionId, 'completed', dur);
+    emitStrategyEvent('strategy:tick', manifest.id, {
+      intents: 0,
+      duration: dur,
+      state: getState(manifest.id),
+    });
+    return; // Nothing to do
+  }
+  console.log(`${tag}   processing ${tickResult.intents.length} intent(s): ${tickResult.intents.map(i => i.type || 'unknown').join(', ')}`);
+  // Process intents (with follow-up support)
+  await processIntents(manifest, tickResult.intents, config, token, 0);
+  const dur = Date.now() - startTime;
+  console.log(`${tag} ── tick done in ${dur}ms (${tickResult.intents.length} intents processed)`);
+  logTickEvent(sessionId, 'Intents', `${tickResult.intents.length} processed`);
+  endTickSession(sessionId, 'completed', dur);
+  emitStrategyEvent('strategy:tick', manifest.id, {
+    intents: tickResult.intents.length,
+    duration: dur,
+    state: getState(manifest.id),
+  });
+}
+/**
+ * Process intents through approval → execute → result pipeline.
+ * Supports recursive follow-ups with depth limit.
+ */
+export async function processIntents(
+  manifest: StrategyManifest,
+  intents: Intent[],
+  config: StrategyConfig,
+  token?: string,
+  depth: number = 0,
+): Promise<void> {
+  const tag = `[strategy:${manifest.id}]`;
+  const maxDepth = getMaxFollowupDepth();
+  if (depth >= maxDepth) {
+    console.warn(`${tag}   follow-up depth limit reached (${maxDepth}), stopping`);
+    return;
+  }
+  if (depth > 0) {
+    console.log(`${tag}   processing ${intents.length} follow-up intent(s) at depth ${depth}`);
+  }
+  // 3. Batch approve (if config.approve and no per-intent permissions)
+  // Intents with `permissions` array use per-action tokens instead of batch approval
+  const batchIntents = intents.filter(i => !i.permissions || !Array.isArray(i.permissions));
+  const actionIntents = intents.filter(i => i.permissions && Array.isArray(i.permissions));
+  let batchApproved = true;
+  if (config.approve && batchIntents.length > 0) {
+    console.log(`${tag}   waiting for batch approval of ${batchIntents.length} intent(s)...`);
+    emitStrategyEvent('strategy:approve', manifest.id, { intents: batchIntents });
+    batchApproved = await requestHumanApproval(manifest.id, batchIntents);
+    if (!batchApproved) {
+      console.log(`${tag}   batch intents REJECTED or timed out`);
+      // Still process action intents (they get their own approval)
+      if (actionIntents.length === 0) return;
+    } else {
+      console.log(`${tag}   batch intents APPROVED`);
+    }
+  }
+  // Build the ordered list: approved batch intents + per-action intents
+  const toProcess: Array<{ intent: Intent; intentToken?: string }> = [];
+  // Add batch-approved intents (use strategy token). If approval was required and rejected, skip.
+  const approvedBatchIntents = batchApproved ? batchIntents : [];
+  for (const intent of approvedBatchIntents) {
+    toProcess.push({ intent, intentToken: token });
+  }
+  // Per-action intents: each gets its own approval + scoped token
+  for (const intent of actionIntents) {
+    console.log(`${tag}   [${intent.type}] requesting per-action token...`);
+    const result = await requestActionToken(manifest.id, intent);
+    if (!result.approved) {
+      console.log(`${tag}   [${intent.type}] action REJECTED or timed out`);
+      continue;
+    }
+    console.log(`${tag}   [${intent.type}] action APPROVED (temp token)`);
+    toProcess.push({ intent, intentToken: result.token });
+  }
+  // 4-6. Execute each intent
+  const followUps: Intent[] = [];
+  let stateUpdated = false;
+  for (let i = 0; i < toProcess.length; i++) {
+    const { intent, intentToken } = toProcess[i];
+    const intentLabel = intent.type || `#${i}`;
+    try {
+      // 4. Determine action: pre-computed or via execute hook
+      let action: Action | null;
+      const intentAction = intent.action as Record<string, unknown> | undefined;
+      if (intentAction && typeof intentAction.endpoint === 'string' && typeof intentAction.method === 'string') {
+        // Pre-computed action — skip execute hook
+        action = {
+          endpoint: intentAction.endpoint,
+          method: intentAction.method,
+          body: intentAction.body as Record<string, unknown> | undefined,
+          headers: intentAction.headers as Record<string, string> | undefined,
+        };
+        console.log(`${tag}   [${intentLabel}] using pre-computed action`);
+      } else if (manifest.hooks.execute) {
+        // Call execute hook
+        console.log(`${tag}   [${intentLabel}] calling execute hook...`);
+        const execStart = Date.now();
+        const execResult = await callHook(manifest, 'execute', {
+          intent,
+          config,
+        });
+        console.log(`${tag}   [${intentLabel}] execute hook returned in ${Date.now() - execStart}ms`);
+        action = extractAction(execResult);
+      } else {
+        console.warn(`${tag}   [${intentLabel}] no action and no execute hook, skipping`);
+        continue;
+      }
+      if (!action) {
+        console.warn(`${tag}   [${intentLabel}] execute hook returned NO action, skipping`);
+        continue;
+      }
+      console.log(`${tag}   [${intentLabel}] action: ${action.method} ${action.endpoint}${action.body ? ' (has body)' : ''}`);
+      // 5. Execute action (use intentToken which may be a per-action temp token)
+      let outcome: ActionOutcome;
+      try {
+        const actionStart = Date.now();
+        outcome = await executeAction(action, manifest.id, intentToken, manifest.allowedHosts);
+        const actionMs = Date.now() - actionStart;
+        if (outcome.success) {
+          console.log(`${tag}   [${intentLabel}] action OK in ${actionMs}ms`);
+        } else {
+          console.error(`${tag}   [${intentLabel}] action FAILED in ${actionMs}ms: ${outcome.error}`);
+        }
+      } catch (err) {
+        const errMsg = getErrorMessage(err);
+        outcome = { success: false, error: errMsg };
+        const errorAction = config.errors?.executeFail || 'skip';
+        console.error(`${tag}   [${intentLabel}] action threw: ${errMsg} (policy=${errorAction})`);
+        emitStrategyEvent('strategy:error', manifest.id, {
+          error: errMsg,
+          phase: 'execute',
+          intent,
+        });
+        if (errorAction === 'pause') {
+          throw err;
+        }
+        if (errorAction === 'skip') continue;
+        // retry handled by engine
+      }
+      // 6. Call result hook
+      if (manifest.hooks.result) {
+        console.log(`${tag}   [${intentLabel}] calling result hook...`);
+        const resStart = Date.now();
+        const resultResult = await callHook(manifest, 'result', {
+          intent,
+          action,
+          outcome,
+          state: getState(manifest.id),
+        });
+        console.log(`${tag}   [${intentLabel}] result hook returned in ${Date.now() - resStart}ms → followUps=${resultResult.intents.length}, stateKeys=${Object.keys(resultResult.state).join(',') || '(none)'}`);
+        if (resultResult.state && Object.keys(resultResult.state).length > 0) {
+          updateState(manifest.id, resultResult.state);
+          stateUpdated = true;
+        }
+        // Collect follow-up intents
+        if (resultResult.intents && resultResult.intents.length > 0) {
+          followUps.push(...resultResult.intents);
+        }
+        // Broadcast any emit events from the result hook
+        processEmits(manifest.id, resultResult);
+        if (resultResult.log) {
+          console.log(`${tag}   [${intentLabel}] result log: ${resultResult.log}`);
+        }
+      }
+    } catch (err) {
+      const errMsg = getErrorMessage(err);
+      console.error(`${tag}   [${intentLabel}] processing error: ${errMsg}`);
+      emitStrategyEvent('strategy:error', manifest.id, {
+        error: errMsg,
+        phase: 'intent',
+        intent,
+      });
+    }
+  }
+  // Process follow-up intents (recursive with depth limit)
+  if (followUps.length > 0) {
+    console.log(`${tag}   ${followUps.length} follow-up intent(s) queued`);
+    await processIntents(manifest, followUps, config, token, depth + 1);
+  }
+  if (stateUpdated) {
+    await persistState(manifest.id).catch((err) => {
+      console.warn(`${tag}   state persistence failed after intents:`, err);
+    });
+  }
+}
+/**
+ * Extract an Action from the execute hook result.
+ * The hook might return the action in intents[0] or directly in the response.
+ */
+function extractAction(hookResult: HookResult): Action | null {
+  // Try intents[0] first (agent returned action as an intent)
+  if (hookResult.intents && hookResult.intents.length > 0) {
+    const intent = hookResult.intents[0];
+    if (intent.endpoint && intent.method) {
+      return {
+        endpoint: intent.endpoint as string,
+        method: intent.method as string,
+        body: intent.body as Record<string, unknown> | undefined,
+        headers: intent.headers as Record<string, string> | undefined,
+      };
+    }
+  }
+  // Try state as action (agent put action params in state)
+  const state = hookResult.state;
+  if (state && state.endpoint && state.method) {
+    return {
+      endpoint: state.endpoint as string,
+      method: state.method as string,
+      body: state.body as Record<string, unknown> | undefined,
+      headers: state.headers as Record<string, string> | undefined,
+    };
+  }
+  return null;
+}

package/server/lib/strategy/types.ts ADDED Viewed

@@ -0,0 +1,230 @@
+/**
+ * Strategy Engine Types
+ * =====================
+ * Core type definitions for the cron-based strategy engine.
+ */
+/** Tick tier determines how often a strategy runs */
+export type TickTier = 'sniper' | 'active' | 'standard' | 'slow' | 'maintenance';
+/** Interval in ms for each tick tier */
+export const TICK_INTERVALS: Record<TickTier, number> = {
+  sniper: 10_000,
+  active: 30_000,
+  standard: 60_000,
+  slow: 300_000,
+  maintenance: 3_600_000,
+};
+/** External data source definition from app.md manifest */
+export interface SourceDef {
+  id: string;
+  url: string;
+  method: 'GET' | 'POST';
+  body?: Record<string, unknown>;
+  auth?: 'none' | 'header' | 'query' | 'bearer';
+  header?: string;
+  query?: string;
+  key?: string;
+  depends?: string;
+  job?: string;
+  optional?: boolean;
+  rateLimit?: string;
+  select?: Record<string, string>;
+}
+/** API key definition from app.md manifest */
+export interface KeyDef {
+  id: string;
+  name: string;
+  required?: boolean;
+  description?: string;
+}
+/** Job definition for multi-interval strategies */
+export interface JobDef {
+  id: string;
+  ticker: TickTier;
+  sources?: string[];
+}
+/** Hook instructions from app.md manifest */
+export interface HooksDef {
+  init?: string;
+  tick?: string;
+  execute?: string;
+  result?: string;
+  shutdown?: string;
+  message?: string;
+}
+/** Error handling config */
+export interface ErrorConfig {
+  sourceFail?: 'skip' | 'retry' | 'pause';
+  executeFail?: 'skip' | 'retry' | 'pause';
+  maxRetries?: number;
+  cooldown?: string;
+}
+/** Strategy config from app.md manifest */
+export interface StrategyConfig {
+  wallet?: string;
+  approve?: boolean;
+  errors?: ErrorConfig;
+  [key: string]: unknown;
+}
+/** Parsed strategy manifest from app.md */
+export interface StrategyManifest {
+  id: string;
+  name: string;
+  icon?: string;
+  category?: string;
+  size?: string;
+  autoStart?: boolean;
+  ticker?: TickTier;
+  jobs?: JobDef[];
+  sources: SourceDef[];
+  keys?: KeyDef[];
+  hooks: HooksDef;
+  config: StrategyConfig;
+  permissions: string[];
+  limits?: { fund?: number; send?: number };
+  allowedHosts?: string[];
+}
+/** Runtime state for an active strategy */
+export interface StrategyRuntime {
+  manifest: StrategyManifest;
+  enabled: boolean;
+  running: boolean;
+  token?: string;
+  tokenHash?: string;
+  lastTick?: number;
+  lastError?: string;
+  errorCount: number;
+  pausedUntil?: number;
+  authFailureCount?: number;
+}
+/** Intent — what the agent wants to do (high-level) */
+export interface Intent {
+  type: string;
+  [key: string]: unknown;
+}
+/** Action — how to do it (API call the engine executes) */
+export interface Action {
+  endpoint: string;
+  method: string;
+  body?: Record<string, unknown>;
+  headers?: Record<string, string>;
+}
+/** Result of executing an action */
+export interface ActionOutcome {
+  success: boolean;
+  data?: unknown;
+  error?: string;
+}
+/** A single emission from a hook to push data to the app iframe */
+export interface HookEmit {
+  channel: string;
+  data: unknown;
+}
+/** Metadata from the AI provider, attached by callHook() */
+export interface HookMeta {
+  model: string;
+  provider: string;
+  tokens: { input: number; output: number; cacheRead?: number };
+  durationMs: number;
+  costUsd?: number;
+  toolCallCount: number;
+}
+/** Result from calling a hook (LLM response) */
+export interface HookResult {
+  intents: Intent[];
+  state: Record<string, unknown>;
+  log?: string;
+  reply?: string;
+  emit?: HookEmit | HookEmit[];
+  /** AI provider metadata — model, tokens, timing. Attached by callHook(). */
+  _meta?: HookMeta;
+}
+/** Context passed to the tick hook */
+export interface TickContext {
+  sources: Record<string, unknown[]>;
+  positions?: unknown[];
+  state: Record<string, unknown>;
+  config: StrategyConfig;
+  wallets?: unknown[];
+  permissions: string[];
+  budget: { limits: Record<string, number>; spent: Record<string, number>; remaining: Record<string, number> };
+}
+/** Context passed to the execute hook */
+export interface ExecuteContext {
+  intent: Intent;
+  wallet?: unknown;
+  config: StrategyConfig;
+}
+/** Context passed to the result hook */
+export interface ResultContext {
+  intent: Intent;
+  action: Action;
+  outcome: ActionOutcome;
+  state: Record<string, unknown>;
+}
+/** Context passed to the init hook */
+export interface InitContext {
+  config: StrategyConfig;
+  wallets?: unknown[];
+  state: Record<string, unknown>;
+  storage?: Record<string, unknown>;
+}
+/** Context passed to the shutdown hook */
+export interface ShutdownContext {
+  positions?: unknown[];
+  state: Record<string, unknown>;
+}
+/** Context passed to the message hook */
+export interface MessageContext {
+  message: string;
+  appId: string;
+  state: Record<string, unknown>;
+  config: StrategyConfig;
+  permissions: string[];
+  budget: { limits: Record<string, number>; spent: Record<string, number>; remaining: Record<string, number> };
+}
+/** Strategy status for REST API */
+export interface StrategyStatus {
+  id: string;
+  name: string;
+  icon?: string;
+  ticker?: TickTier;
+  enabled: boolean;
+  running: boolean;
+  lastTick?: number;
+  lastError?: string;
+  errorCount: number;
+  pausedUntil?: number;
+}
+/** Pending approval for dashboard/REST */
+export interface PendingApproval {
+  id: string;
+  strategyId: string;
+  intents: Intent[];
+  createdAt: number;
+  resolve: (approved: boolean) => void;
+  timer: NodeJS.Timeout;
+}

package/server/lib/swap.ts ADDED Viewed

@@ -0,0 +1,3 @@
+// Re-export everything from the dex module for backwards compatibility
+export * from './dex';
+export { uniswapAdapter, SWAP_HELPER, WETH, getV4PoolKey, V4_HOOKS } from './dex/uniswap';