npm - auramaxx - Versions diffs - 1.0.0-alpha.4 - Mend

auramaxx 1.0.0-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (363) hide show

package/LICENSE +26 -0
package/README.md +112 -0
package/bin/aurawallet.js +121 -0
package/docs/ADAPTERS.md +467 -0
package/docs/API.md +2679 -0
package/docs/APPS.md +198 -0
package/docs/ARCHITECTURE.md +350 -0
package/docs/AUTH.md +698 -0
package/docs/BEST-PRACTICES.md +121 -0
package/docs/CLI.md +61 -0
package/docs/DEVELOPING-APPS.md +452 -0
package/docs/EXTENSION.md +97 -0
package/docs/JOBS.md +33 -0
package/docs/MCP.md +76 -0
package/docs/PROTOCOL.md +142 -0
package/docs/SETUP.md +219 -0
package/docs/WORKSPACE.md +672 -0
package/docs/agent-auth.md +63 -0
package/docs/aura-file.md +48 -0
package/docs/credentials.md +53 -0
package/docs/external/getting-started.md +65 -0
package/docs/external/overview.md +45 -0
package/docs/external/use-cases.md +48 -0
package/docs/external/why-aura.md +35 -0
package/docs/jobs/connect-agent.md +77 -0
package/docs/jobs/migrate-from-dotenv.md +79 -0
package/docs/jobs/recover-from-lockout.md +72 -0
package/docs/jobs/secure-ci.md +63 -0
package/docs/oauth2.md +42 -0
package/docs/passkeys.md +60 -0
package/docs/security.md +540 -0
package/docs/specs/aura-open-protocol.md +61 -0
package/docs/specs/aura-provider-plugin.md +24 -0
package/docs/specs/aura-registry-model.md +31 -0
package/docs/specs/fixtures/invalid-bad-key.aura +1 -0
package/docs/specs/fixtures/invalid-bad-unicode-escape.aura +1 -0
package/docs/specs/fixtures/invalid-duplicate-key.aura +2 -0
package/docs/specs/fixtures/valid-basic.aura +4 -0
package/docs/specs/fixtures/valid-provider-ref.aura +1 -0
package/docs/specs/fixtures/valid-quoted-escapes.aura +2 -0
package/docs/templates/RELEASE_NOTES_TEMPLATE.md +22 -0
package/docs/totp.md +40 -0
package/docs/wallet/AI.md +508 -0
package/docs/wallet/DEVELOPING-STRATEGIES.md +713 -0
package/docs/wallet/README.md +47 -0
package/docs/wallet/STRATEGY.md +89 -0
package/next.config.ts +21 -0
package/package.json +151 -0
package/postcss.config.mjs +8 -0
package/prisma/migrations/20260214170000_baseline/migration.sql +511 -0
package/prisma/migrations/20260216214537_add_passkey_model/migration.sql +18 -0
package/prisma/migrations/20260217150500_add_credential_access_audit/migration.sql +31 -0
package/prisma/migrations/migration_lock.toml +3 -0
package/prisma/schema.prisma +447 -0
package/public/logo-chevron.svg +31 -0
package/public/logo-concentric.svg +31 -0
package/public/logo-crosshatch.svg +39 -0
package/public/logo-dashed.svg +39 -0
package/public/logo-horizontal.svg +31 -0
package/public/logo-m56.svg +64 -0
package/public/logo.webp +0 -0
package/scripts/add-app.js +245 -0
package/scripts/init.sh +57 -0
package/scripts/migrate-apikeys-to-credentials.ts +35 -0
package/scripts/sandbox-agent-flow.sh +235 -0
package/scripts/sandbox.sh +175 -0
package/scripts/validate-job-docs.mjs +125 -0
package/server/abi/SwapHelper.json +438 -0
package/server/cli/approval.ts +447 -0
package/server/cli/commands/app.ts +204 -0
package/server/cli/commands/cron.ts +24 -0
package/server/cli/commands/doctor.ts +1007 -0
package/server/cli/commands/env.ts +456 -0
package/server/cli/commands/init.ts +752 -0
package/server/cli/commands/mcp.ts +125 -0
package/server/cli/commands/restore.ts +314 -0
package/server/cli/commands/shell-hook.ts +468 -0
package/server/cli/commands/start.ts +62 -0
package/server/cli/commands/status.ts +59 -0
package/server/cli/commands/stop.ts +14 -0
package/server/cli/commands/token.ts +180 -0
package/server/cli/commands/unlock.ts +49 -0
package/server/cli/commands/vault.ts +417 -0
package/server/cli/index.ts +328 -0
package/server/cli/lib/aura-parser.ts +64 -0
package/server/cli/lib/credential-create.ts +74 -0
package/server/cli/lib/credential-resolve.ts +254 -0
package/server/cli/lib/dotenv-migrate.ts +116 -0
package/server/cli/lib/dotenv-parser.ts +146 -0
package/server/cli/lib/http.ts +91 -0
package/server/cli/lib/init-steps.ts +76 -0
package/server/cli/lib/local-agent-trust.ts +45 -0
package/server/cli/lib/process.ts +136 -0
package/server/cli/lib/prompt.ts +85 -0
package/server/cli/lib/theme.ts +240 -0
package/server/cli/socket.ts +570 -0
package/server/cli/transport-client.ts +50 -0
package/server/cron/index.ts +137 -0
package/server/cron/job.ts +31 -0
package/server/cron/jobs/balance-sync.ts +436 -0
package/server/cron/jobs/incoming-scan.ts +506 -0
package/server/cron/jobs/native-price.ts +70 -0
package/server/cron/jobs/orphan-cleanup.ts +40 -0
package/server/cron/jobs/strategy-runner.ts +175 -0
package/server/cron/scheduler.ts +125 -0
package/server/index.ts +406 -0
package/server/lib/adapters/factory.ts +110 -0
package/server/lib/adapters/index.ts +19 -0
package/server/lib/adapters/router.ts +297 -0
package/server/lib/adapters/telegram.ts +645 -0
package/server/lib/adapters/types.ts +89 -0
package/server/lib/adapters/webhook.ts +95 -0
package/server/lib/address.ts +49 -0
package/server/lib/agent-auth/contracts.ts +1194 -0
package/server/lib/agent-profiles.ts +328 -0
package/server/lib/ai.ts +285 -0
package/server/lib/api-registry/contracts.ts +86 -0
package/server/lib/api-registry/validation.ts +172 -0
package/server/lib/apikey-migration.ts +189 -0
package/server/lib/app-installer.ts +505 -0
package/server/lib/app-tokens.ts +247 -0
package/server/lib/auth.ts +314 -0
package/server/lib/batch.ts +242 -0
package/server/lib/cold.ts +874 -0
package/server/lib/config.ts +381 -0
package/server/lib/credential-access-audit.ts +85 -0
package/server/lib/credential-access-policy.ts +110 -0
package/server/lib/credential-health.ts +343 -0
package/server/lib/credential-import.ts +487 -0
package/server/lib/credential-scope.ts +87 -0
package/server/lib/credential-shares.ts +190 -0
package/server/lib/credential-transport.ts +342 -0
package/server/lib/credential-vault.ts +77 -0
package/server/lib/credentials.ts +333 -0
package/server/lib/crypto.ts +8 -0
package/server/lib/db.ts +15 -0
package/server/lib/defaults.ts +366 -0
package/server/lib/dex/index.ts +80 -0
package/server/lib/dex/relay.ts +235 -0
package/server/lib/dex/types.ts +59 -0
package/server/lib/dex/uniswap.ts +370 -0
package/server/lib/e2e-agent/artifacts.ts +36 -0
package/server/lib/e2e-agent/contracts.ts +112 -0
package/server/lib/e2e-agent/validation.ts +135 -0
package/server/lib/encrypt.ts +128 -0
package/server/lib/error.ts +20 -0
package/server/lib/events.ts +205 -0
package/server/lib/hot.ts +357 -0
package/server/lib/key-fingerprint.ts +28 -0
package/server/lib/logger.ts +331 -0
package/server/lib/network.ts +137 -0
package/server/lib/notifications.ts +219 -0
package/server/lib/oauth2-refresh.ts +241 -0
package/server/lib/oursecret.ts +54 -0
package/server/lib/passkey-credential.ts +360 -0
package/server/lib/passkey.ts +68 -0
package/server/lib/permissions.ts +248 -0
package/server/lib/pino.ts +24 -0
package/server/lib/policy-preview.ts +138 -0
package/server/lib/price.ts +338 -0
package/server/lib/prices.ts +34 -0
package/server/lib/project-scope.ts +239 -0
package/server/lib/resolve-action.ts +427 -0
package/server/lib/resolve.ts +36 -0
package/server/lib/sessions.ts +632 -0
package/server/lib/solana/connection.ts +26 -0
package/server/lib/solana/jupiter.ts +128 -0
package/server/lib/solana/transfer.ts +108 -0
package/server/lib/solana/wallet.ts +136 -0
package/server/lib/strategy/emits.ts +21 -0
package/server/lib/strategy/engine.ts +1305 -0
package/server/lib/strategy/executor.ts +115 -0
package/server/lib/strategy/hook-context.ts +158 -0
package/server/lib/strategy/hooks.ts +990 -0
package/server/lib/strategy/index.ts +28 -0
package/server/lib/strategy/installer.ts +305 -0
package/server/lib/strategy/loader.ts +256 -0
package/server/lib/strategy/message.ts +235 -0
package/server/lib/strategy/repository.ts +218 -0
package/server/lib/strategy/session-logger.ts +693 -0
package/server/lib/strategy/sources.ts +288 -0
package/server/lib/strategy/state.ts +189 -0
package/server/lib/strategy/templates.ts +403 -0
package/server/lib/strategy/tick.ts +404 -0
package/server/lib/strategy/types.ts +230 -0
package/server/lib/swap.ts +3 -0
package/server/lib/temp.ts +86 -0
package/server/lib/token-metadata.ts +86 -0
package/server/lib/token-safety.ts +200 -0
package/server/lib/token-search.ts +444 -0
package/server/lib/totp.ts +194 -0
package/server/lib/transactions.ts +123 -0
package/server/lib/transport.ts +75 -0
package/server/lib/txhistory/decoder.ts +262 -0
package/server/lib/txhistory/enricher.ts +652 -0
package/server/lib/txhistory/index.ts +391 -0
package/server/lib/txhistory/signatures.ts +59 -0
package/server/lib/verified-summary.ts +421 -0
package/server/mcp/profile-policy.ts +30 -0
package/server/mcp/server.ts +619 -0
package/server/mcp/tools.ts +523 -0
package/server/middleware/auth.ts +119 -0
package/server/middleware/requestLogger.ts +84 -0
package/server/routes/actions.ts +459 -0
package/server/routes/adapters.ts +703 -0
package/server/routes/addressbook.ts +113 -0
package/server/routes/ai.ts +34 -0
package/server/routes/apikeys.ts +295 -0
package/server/routes/apps.ts +601 -0
package/server/routes/auth.ts +457 -0
package/server/routes/backup.ts +340 -0
package/server/routes/batch.ts +270 -0
package/server/routes/bookmarks.ts +162 -0
package/server/routes/credential-shares.ts +198 -0
package/server/routes/credential-vaults.ts +154 -0
package/server/routes/credentials.ts +1290 -0
package/server/routes/dashboard.ts +71 -0
package/server/routes/defaults.ts +124 -0
package/server/routes/fund.ts +229 -0
package/server/routes/import.ts +352 -0
package/server/routes/launch.ts +665 -0
package/server/routes/lock.ts +54 -0
package/server/routes/logs.ts +68 -0
package/server/routes/nuke.ts +111 -0
package/server/routes/passkey-credentials.ts +99 -0
package/server/routes/passkey.ts +346 -0
package/server/routes/portfolio.ts +217 -0
package/server/routes/price.ts +63 -0
package/server/routes/resolve.ts +31 -0
package/server/routes/security.ts +45 -0
package/server/routes/send-evm.ts +241 -0
package/server/routes/send-solana.ts +281 -0
package/server/routes/send.ts +178 -0
package/server/routes/setup.ts +210 -0
package/server/routes/strategy.ts +894 -0
package/server/routes/swap-evm.ts +353 -0
package/server/routes/swap-solana.ts +177 -0
package/server/routes/swap.ts +356 -0
package/server/routes/token.ts +247 -0
package/server/routes/unlock.ts +403 -0
package/server/routes/wallet-assets.ts +361 -0
package/server/routes/wallet-transactions.ts +515 -0
package/server/routes/wallet.ts +710 -0
package/server/types.ts +146 -0
package/skills/aurawallet/SKILL.md +739 -0
package/skills/aurawallet-setup/SKILL.md +74 -0
package/skills/security-review/SKILL.md +148 -0
package/src/app/api/agent-requests/route.ts +30 -0
package/src/app/api/apps/install/route.ts +126 -0
package/src/app/api/apps/manifests/route.ts +16 -0
package/src/app/api/apps/static/[...path]/route.ts +57 -0
package/src/app/api/events/route.ts +92 -0
package/src/app/api/page.tsx +212 -0
package/src/app/api/workspace/[id]/apps/[wid]/route.ts +119 -0
package/src/app/api/workspace/[id]/apps/route.ts +81 -0
package/src/app/api/workspace/[id]/export/route.ts +67 -0
package/src/app/api/workspace/[id]/route.ts +168 -0
package/src/app/api/workspace/auth.ts +34 -0
package/src/app/api/workspace/config/route.ts +106 -0
package/src/app/api/workspace/import/route.ts +127 -0
package/src/app/api/workspace/route.ts +116 -0
package/src/app/app/page.tsx +2122 -0
package/src/app/apple-icon.png +0 -0
package/src/app/docs/page.tsx +178 -0
package/src/app/favicon.ico +0 -0
package/src/app/globals.css +572 -0
package/src/app/health/page.tsx +5 -0
package/src/app/hello/page.tsx +15 -0
package/src/app/icon.png +0 -0
package/src/app/layout.tsx +34 -0
package/src/app/page.tsx +986 -0
package/src/app/providers.tsx +90 -0
package/src/app/share/[token]/page.tsx +295 -0
package/src/components/ChainSelector.tsx +144 -0
package/src/components/HumanActionBar.tsx +695 -0
package/src/components/NotificationDrawer.tsx +129 -0
package/src/components/apps/AgentKeysApp.tsx +490 -0
package/src/components/apps/App.tsx +153 -0
package/src/components/apps/AppGrid.tsx +15 -0
package/src/components/apps/DetailedAddressDrawer.tsx +325 -0
package/src/components/apps/DraggableApp.tsx +562 -0
package/src/components/apps/IFrameApp.tsx +73 -0
package/src/components/apps/LogsApp.tsx +360 -0
package/src/components/apps/SendApp.tsx +394 -0
package/src/components/apps/SetupWizardApp.tsx +1004 -0
package/src/components/apps/SystemDefaultsApp.tsx +845 -0
package/src/components/apps/ThirdPartyApp.tsx +428 -0
package/src/components/apps/TokenApp.tsx +319 -0
package/src/components/apps/TransactionsApp.tsx +438 -0
package/src/components/apps/WalletDetailApp.tsx +1505 -0
package/src/components/apps/index.ts +13 -0
package/src/components/design-system/Button.tsx +53 -0
package/src/components/design-system/ChainIndicator.tsx +65 -0
package/src/components/design-system/ChainSelector.tsx +137 -0
package/src/components/design-system/ConfirmationModal.tsx +106 -0
package/src/components/design-system/ConfirmationPopover.tsx +81 -0
package/src/components/design-system/Drawer.tsx +123 -0
package/src/components/design-system/FilterDropdown.tsx +72 -0
package/src/components/design-system/Modal.tsx +206 -0
package/src/components/design-system/Popover.tsx +142 -0
package/src/components/design-system/TextInput.tsx +85 -0
package/src/components/design-system/Toggle.tsx +58 -0
package/src/components/design-system/index.ts +11 -0
package/src/components/docs/DocsThemeToggle.tsx +49 -0
package/src/components/health/CredentialHealthDashboard.tsx +214 -0
package/src/components/icons/ChainIcons.tsx +72 -0
package/src/components/layout/AppStoreDrawer.tsx +369 -0
package/src/components/layout/ContentArea.tsx +21 -0
package/src/components/layout/TabBar.tsx +278 -0
package/src/components/layout/WalletSidebar.tsx +1033 -0
package/src/components/layout/index.ts +4 -0
package/src/components/marketing/AuraWalletSpecOverlay.tsx +635 -0
package/src/components/marketing/DeviceMorphExperience.tsx +216 -0
package/src/components/vault/ApiKeysConsole.tsx +1080 -0
package/src/components/vault/AuditConsole.tsx +584 -0
package/src/components/vault/CredentialDetail.tsx +455 -0
package/src/components/vault/CredentialEmpty.tsx +55 -0
package/src/components/vault/CredentialField.tsx +361 -0
package/src/components/vault/CredentialForm.tsx +1212 -0
package/src/components/vault/CredentialList.tsx +165 -0
package/src/components/vault/CredentialRow.tsx +97 -0
package/src/components/vault/CredentialShareModal.tsx +178 -0
package/src/components/vault/CredentialVault.tsx +754 -0
package/src/components/vault/CredentialWalletWidget.tsx +103 -0
package/src/components/vault/ImportCredentialsModal.tsx +515 -0
package/src/components/vault/LargeTypeModal.tsx +64 -0
package/src/components/vault/PasswordGenerator.tsx +224 -0
package/src/components/vault/TOTPDisplay.tsx +123 -0
package/src/components/vault/VaultSidebar.tsx +413 -0
package/src/components/vault/types.ts +54 -0
package/src/context/AuthContext.tsx +337 -0
package/src/context/PriceContext.tsx +113 -0
package/src/context/ThemeContext.tsx +164 -0
package/src/context/WebSocketContext.tsx +269 -0
package/src/context/WorkspaceContext.tsx +668 -0
package/src/hooks/index.ts +3 -0
package/src/hooks/useAgentActions.ts +368 -0
package/src/hooks/useBalance.ts +103 -0
package/src/hooks/useBalances.ts +129 -0
package/src/instrumentation.ts +12 -0
package/src/lib/api.ts +449 -0
package/src/lib/app-loader.ts +148 -0
package/src/lib/app-registry.ts +178 -0
package/src/lib/app-sdk.ts +157 -0
package/src/lib/audit-console-adapter.ts +151 -0
package/src/lib/auth-client.ts +75 -0
package/src/lib/config.ts +74 -0
package/src/lib/crypto.ts +112 -0
package/src/lib/db.ts +21 -0
package/src/lib/docs.ts +390 -0
package/src/lib/events.ts +361 -0
package/src/lib/pino.ts +24 -0
package/src/lib/theme-handlers.ts +168 -0
package/src/lib/theme.ts +351 -0
package/src/lib/tokenData.ts +378 -0
package/src/lib/vault-crypto.ts +129 -0
package/src/lib/websocket-server.ts +302 -0
package/src/lib/websocket-setup.ts +79 -0
package/src/lib/wordlist.ts +2050 -0
package/src/lib/workspace-handlers.ts +285 -0
package/start.sh +80 -0
package/tailwind.config.ts +99 -0
package/tsconfig.json +42 -0

package/server/routes/backup.ts ADDED Viewed

@@ -0,0 +1,340 @@
+import { Router, Request, Response } from 'express';
+import { requireWalletAuth } from '../middleware/auth';
+import { requireAdmin } from '../lib/permissions';
+import { readdir, stat, copyFile, unlink, rename } from 'fs/promises';
+import { join, dirname } from 'path';
+import { existsSync, mkdirSync } from 'fs';
+import { DATA_PATHS, getDbPath } from '../lib/config';
+import { logger } from '../lib/logger';
+import Database from 'better-sqlite3';
+const router = Router();
+export function getBackupsDir(): string {
+  return join(dirname(getDbPath()), 'backups');
+}
+export function ensureBackupsDir(): void {
+  const dir = getBackupsDir();
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+}
+/**
+ * Run WAL checkpoint to flush all data to the main DB file.
+ */
+function walCheckpoint(dbPath: string): void {
+  const db = new Database(dbPath, { readonly: false });
+  try {
+    db.pragma('wal_checkpoint(TRUNCATE)');
+  } finally {
+    db.close();
+  }
+}
+/**
+ * Verify SQLite database integrity. Returns true if valid.
+ */
+export function verifyIntegrity(dbPath: string): boolean {
+  const db = new Database(dbPath, { readonly: true });
+  try {
+    const result = db.pragma('integrity_check') as { integrity_check: string }[];
+    return result.length === 1 && result[0].integrity_check === 'ok';
+  } finally {
+    db.close();
+  }
+}
+interface BackupInfo {
+  filename: string;
+  timestamp: string;
+  size: number;
+  date: string;
+}
+/**
+ * GET /backup - List all backups
+ * Requires: admin permission
+ */
+router.get('/', requireWalletAuth, requireAdmin, async (_req: Request, res: Response) => {
+  try {
+    const backupsDir = getBackupsDir();
+    ensureBackupsDir();
+    const files = await readdir(backupsDir);
+    const backups: BackupInfo[] = [];
+    for (const file of files) {
+      if (file.startsWith('aurawallet.db.') && file.endsWith('.bak')) {
+        const filePath = join(backupsDir, file);
+        const fileStat = await stat(filePath);
+        // Extract timestamp from filename: aurawallet.db.YYYYMMDD_HHMMSS.bak
+        const match = file.match(/aurawallet\.db\.(\d{8}_\d{6})\.bak/);
+        const timestamp = match ? match[1] : '';
+        backups.push({
+          filename: file,
+          timestamp,
+          size: fileStat.size,
+          date: fileStat.mtime.toISOString(),
+        });
+      }
+    }
+    // Sort by date descending (newest first)
+    backups.sort((a, b) => new Date(b.date).getTime() - new Date(a.date).getTime());
+    res.json({
+      success: true,
+      backups,
+    });
+  } catch (error) {
+    console.error('[Backup] Failed to list backups:', error);
+    res.status(500).json({ success: false, error: 'Failed to list backups' });
+  }
+});
+/**
+ * POST /backup - Create a new backup
+ * Requires: admin permission
+ */
+router.post('/', requireWalletAuth, requireAdmin, async (_req: Request, res: Response) => {
+  try {
+    const dbFile = getDbPath();
+    const backupsDir = getBackupsDir();
+    ensureBackupsDir();
+    // Check if database exists
+    if (!existsSync(dbFile)) {
+      res.status(404).json({ success: false, error: 'Database file not found' });
+      return;
+    }
+    // Generate timestamp
+    const now = new Date();
+    const timestamp = now.toISOString()
+      .replace(/[-:]/g, '')
+      .replace('T', '_')
+      .slice(0, 15);
+    const backupFilename = `aurawallet.db.${timestamp}.bak`;
+    const backupPath = join(backupsDir, backupFilename);
+    let credentialsCopied = 0;
+    // WAL checkpoint — flush all data to main DB file
+    walCheckpoint(dbFile);
+    // Atomic write: copy to temp file, then rename
+    const tempPath = backupPath + '.tmp';
+    await copyFile(dbFile, tempPath);
+    await rename(tempPath, backupPath);
+    // Verify backup integrity
+    if (!verifyIntegrity(backupPath)) {
+      await unlink(backupPath);
+      res.status(500).json({ success: false, error: 'Backup failed integrity check' });
+      return;
+    }
+    // Copy credential files alongside the DB backup.
+    if (existsSync(DATA_PATHS.credentials)) {
+      const credentialFiles = (await readdir(DATA_PATHS.credentials))
+        .filter(file => file.startsWith('cred-') && file.endsWith('.json'));
+      for (const file of credentialFiles) {
+        await copyFile(
+          join(DATA_PATHS.credentials, file),
+          join(backupsDir, `credentials.${timestamp}.${file}`),
+        );
+      }
+      credentialsCopied = credentialFiles.length;
+    }
+    // Clean up old backups (keep last 10)
+    const files = await readdir(backupsDir);
+    const backupFiles = files
+      .filter(f => f.startsWith('aurawallet.db.') && f.endsWith('.bak'))
+      .sort()
+      .reverse();
+    // Delete older backups beyond the 10th
+    for (let i = 10; i < backupFiles.length; i++) {
+      const oldBackup = backupFiles[i];
+      await unlink(join(backupsDir, oldBackup));
+      const match = oldBackup.match(/aurawallet\.db\.(\d{8}_\d{6})\.bak/);
+      if (!match) continue;
+      const oldTimestamp = match[1];
+      const oldCredentialFiles = files.filter(f => f.startsWith(`credentials.${oldTimestamp}.cred-`) && f.endsWith('.json'));
+      for (const oldCredentialFile of oldCredentialFiles) {
+        await unlink(join(backupsDir, oldCredentialFile));
+      }
+    }
+    const fileStat = await stat(backupPath);
+    logger.backup(backupFilename);
+    res.json({
+      success: true,
+      backup: {
+        filename: backupFilename,
+        timestamp,
+        size: fileStat.size,
+        date: fileStat.mtime.toISOString(),
+        credentialsCopied,
+      },
+    });
+  } catch (error) {
+    console.error('[Backup] Failed to create backup:', error);
+    res.status(500).json({ success: false, error: 'Failed to create backup' });
+  }
+});
+/**
+ * PUT /backup - Restore from a backup
+ * Requires: admin permission
+ *
+ * Hardened to match CLI restore: atomic write, pre-restore backup,
+ * integrity verification, schema migrations, and WAL cleanup.
+ */
+router.put('/', requireWalletAuth, requireAdmin, async (req: Request, res: Response) => {
+  try {
+    const { filename } = req.body;
+    if (!filename) {
+      res.status(400).json({ success: false, error: 'Filename is required' });
+      return;
+    }
+    // Validate filename format to prevent path traversal
+    if (!filename.match(/^aurawallet\.db\.\d{8}_\d{6}\.bak$/)) {
+      res.status(400).json({ success: false, error: 'Invalid backup filename' });
+      return;
+    }
+    const backupsDir = getBackupsDir();
+    const backupPath = join(backupsDir, filename);
+    if (!existsSync(backupPath)) {
+      res.status(404).json({ success: false, error: 'Backup file not found' });
+      return;
+    }
+    // Verify backup integrity before restoring
+    if (!verifyIntegrity(backupPath)) {
+      res.status(400).json({ success: false, error: 'Backup failed integrity check' });
+      return;
+    }
+    const dbPath = getDbPath();
+    // Create pre-restore safety backup
+    let preRestoreName = '';
+    if (existsSync(dbPath)) {
+      const now = new Date();
+      const ts = now.toISOString().replace(/[-:]/g, '').replace('T', '_').slice(0, 15);
+      preRestoreName = `pre-restore.${ts}.bak`;
+      await copyFile(dbPath, join(backupsDir, preRestoreName));
+    }
+    // Atomic write: copy to temp, then rename
+    const tempPath = dbPath + '.restore-tmp';
+    await copyFile(backupPath, tempPath);
+    await rename(tempPath, dbPath);
+    // Run schema migrations
+    try {
+      const { execSync } = await import('child_process');
+      execSync('npx prisma migrate deploy', {
+        cwd: join(dirname(dbPath), '..'),
+        env: { ...process.env, DATABASE_URL: `file:${dbPath}` },
+        encoding: 'utf-8',
+        stdio: ['pipe', 'pipe', 'pipe'],
+      });
+    } catch (migrationError: any) {
+      const errMsg = migrationError.stderr || migrationError.message || 'Unknown migration error';
+      logger.error(`[Backup] Migration failed after restore: ${errMsg}`);
+      // Restore the pre-restore backup since migration failed
+      if (preRestoreName && existsSync(join(backupsDir, preRestoreName))) {
+        const revertTemp = dbPath + '.revert-tmp';
+        await copyFile(join(backupsDir, preRestoreName), revertTemp);
+        await rename(revertTemp, dbPath);
+      }
+      res.status(500).json({
+        success: false,
+        error: `Restore aborted: schema migration failed. Pre-restore backup restored. Details: ${errMsg}`,
+      });
+      return;
+    }
+    // Verify restored DB integrity
+    if (!verifyIntegrity(dbPath)) {
+      logger.error('[Backup] Restored DB failed integrity check');
+      // Revert to pre-restore backup
+      if (preRestoreName && existsSync(join(backupsDir, preRestoreName))) {
+        const revertTemp = dbPath + '.revert-tmp';
+        await copyFile(join(backupsDir, preRestoreName), revertTemp);
+        await rename(revertTemp, dbPath);
+      }
+      res.status(500).json({
+        success: false,
+        error: 'Restored database failed integrity check. Pre-restore backup restored.',
+      });
+      return;
+    }
+    // Restore credential files from matching timestamp, if present.
+    const timestampMatch = filename.match(/aurawallet\.db\.(\d{8}_\d{6})\.bak$/);
+    let credentialsRestored = 0;
+    if (timestampMatch) {
+      const timestamp = timestampMatch[1];
+      const allBackupFiles = await readdir(backupsDir);
+      const credentialBackups = allBackupFiles
+        .filter(file => file.startsWith(`credentials.${timestamp}.cred-`) && file.endsWith('.json'));
+      if (credentialBackups.length > 0) {
+        if (!existsSync(DATA_PATHS.credentials)) {
+          mkdirSync(DATA_PATHS.credentials, { recursive: true });
+        }
+        const existingCredentialFiles = await readdir(DATA_PATHS.credentials);
+        for (const file of existingCredentialFiles) {
+          if (file.startsWith('cred-') && file.endsWith('.json')) {
+            await unlink(join(DATA_PATHS.credentials, file));
+          }
+        }
+        for (const backupFile of credentialBackups) {
+          const destName = backupFile.replace(`credentials.${timestamp}.`, '');
+          await copyFile(join(backupsDir, backupFile), join(DATA_PATHS.credentials, destName));
+        }
+        credentialsRestored = credentialBackups.length;
+      }
+    }
+    // Clean up old pre-restore backups (keep last 3)
+    const allFiles = await readdir(backupsDir);
+    const preRestoreFiles = allFiles
+      .filter(f => f.startsWith('pre-restore.') && f.endsWith('.bak'))
+      .sort()
+      .reverse();
+    for (let i = 3; i < preRestoreFiles.length; i++) {
+      await unlink(join(backupsDir, preRestoreFiles[i]));
+    }
+    res.json({
+      success: true,
+      message: 'Database restored successfully',
+      preRestoreBackup: preRestoreName,
+      credentialsRestored,
+    });
+  } catch (error) {
+    console.error('[Backup] Failed to restore backup:', error);
+    res.status(500).json({ success: false, error: 'Failed to restore backup' });
+  }
+});
+export default router;

package/server/routes/batch.ts ADDED Viewed

@@ -0,0 +1,270 @@
+/**
+ * POST /batch — Generic batch endpoint with dependency chaining.
+ *
+ * Dispatches sub-requests internally against the Express app.
+ * Auth is enforced per-sub-request via inherited headers.
+ */
+import { Router, Request, Response } from 'express';
+import http from 'http';
+import { Readable } from 'stream';
+import { Socket } from 'net';
+import {
+  validateBatchRequest,
+  resolveTemplates,
+  resolveBodyTemplates,
+  type BatchSubRequest,
+  type BatchResponse,
+} from '../lib/batch';
+const router = Router();
+const SUB_REQUEST_TIMEOUT_MS = 30_000;
+/**
+ * Dispatch a sub-request internally through the Express app.
+ * Creates mock req/res objects and calls app.handle().
+ */
+function dispatchInternal(
+  app: any,
+  method: string,
+  fullPath: string,
+  body: Record<string, unknown> | undefined,
+  parentReq: Request,
+): Promise<BatchResponse> {
+  return new Promise((resolve) => {
+    // Parse path and query string
+    const [pathname, queryString] = fullPath.split('?');
+    const query: Record<string, string> = {};
+    if (queryString) {
+      for (const pair of queryString.split('&')) {
+        const [key, ...rest] = pair.split('=');
+        query[decodeURIComponent(key)] = decodeURIComponent(rest.join('='));
+      }
+    }
+    // Build JSON body as a readable stream
+    const bodyStr = body ? JSON.stringify(body) : '';
+    const bodyBuf = Buffer.from(bodyStr);
+    // Create a mock IncomingMessage
+    const mockSocket = new Socket();
+    const req = new http.IncomingMessage(mockSocket);
+    req.method = method.toUpperCase();
+    req.url = fullPath;
+    (req as any).path = pathname;
+    (req as any).query = query;
+    (req as any).originalUrl = fullPath;
+    // Inherit auth headers from parent request
+    req.headers = {
+      'content-type': 'application/json',
+      host: parentReq.headers.host || 'localhost',
+    };
+    if (parentReq.headers.authorization) {
+      req.headers.authorization = parentReq.headers.authorization;
+    }
+    // Set content-length for body parsing
+    if (bodyStr) {
+      req.headers['content-length'] = String(bodyBuf.length);
+    }
+    // Push body data so express.json() can parse it
+    if (bodyBuf.length > 0) {
+      req.push(bodyBuf);
+    }
+    req.push(null); // EOF
+    // Create a mock ServerResponse that captures the output
+    const res = new http.ServerResponse(req);
+    let statusCode = 200;
+    let responseBody: unknown = null;
+    let resolved = false;
+    // Capture status
+    const origWriteHead = res.writeHead.bind(res);
+    res.writeHead = function (code: number, ...args: any[]) {
+      statusCode = code;
+      return origWriteHead(code, ...args);
+    } as any;
+    // Also capture statusCode set directly
+    Object.defineProperty(res, 'statusCode', {
+      get: () => statusCode,
+      set: (v: number) => { statusCode = v; },
+    });
+    // Intercept res.end() to capture the response body
+    const chunks: Buffer[] = [];
+    const origWrite = res.write.bind(res);
+    res.write = function (chunk: any, ...args: any[]) {
+      if (chunk) {
+        chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+      }
+      return origWrite(chunk, ...args);
+    } as any;
+    const origEnd = res.end.bind(res);
+    res.end = function (chunk?: any, ...args: any[]) {
+      if (chunk) {
+        chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+      }
+      if (!resolved) {
+        resolved = true;
+        const fullBody = Buffer.concat(chunks).toString('utf-8');
+        try {
+          responseBody = JSON.parse(fullBody);
+        } catch {
+          responseBody = fullBody || null;
+        }
+        resolve({ status: statusCode, body: responseBody });
+      }
+      return origEnd(chunk, ...args);
+    } as any;
+    // Also intercept json() if Express adds it (belt & suspenders)
+    (res as any).json = function (data: unknown) {
+      if (!resolved) {
+        resolved = true;
+        resolve({ status: statusCode, body: data });
+      }
+      // Still call the real json to ensure proper cleanup
+      const jsonStr = JSON.stringify(data);
+      res.setHeader('Content-Type', 'application/json');
+      origEnd(jsonStr);
+    };
+    // Timeout
+    const timer = setTimeout(() => {
+      if (!resolved) {
+        resolved = true;
+        resolve({ status: 504, body: { error: 'Sub-request timed out' } });
+        mockSocket.destroy();
+      }
+    }, SUB_REQUEST_TIMEOUT_MS);
+    // Clean up timer when resolved
+    const origResolve = resolve;
+    const wrappedResolve = (value: BatchResponse) => {
+      clearTimeout(timer);
+      origResolve(value);
+    };
+    // Patch: the resolve calls above already fire, so clear on end
+    res.on('finish', () => clearTimeout(timer));
+    // Dispatch through the Express app
+    app.handle(req, res);
+  });
+}
+// ── POST /batch ──
+router.post('/', async (req: Request, res: Response) => {
+  const { requests } = req.body || {};
+  // Validate
+  const validation = validateBatchRequest(requests);
+  if (!validation.valid) {
+    res.status(400).json({ success: false, error: validation.error });
+    return;
+  }
+  const { waves } = validation;
+  const requestMap = new Map<string, BatchSubRequest>();
+  for (const r of requests as BatchSubRequest[]) {
+    requestMap.set(r.id, r);
+  }
+  const responses = new Map<string, BatchResponse>();
+  const timings: Record<string, number> = {};
+  // Execute waves sequentially
+  for (const wave of waves) {
+    const wavePromises = wave.map(async (id) => {
+      const subReq = requestMap.get(id)!;
+      const start = Date.now();
+      // Check if dependency failed
+      if (subReq.dependsOn) {
+        const depResponse = responses.get(subReq.dependsOn);
+        if (depResponse && depResponse.status >= 400) {
+          const result: BatchResponse = {
+            status: 424,
+            body: { error: `Dependency "${subReq.dependsOn}" failed with status ${depResponse.status}` },
+          };
+          responses.set(id, result);
+          timings[id] = Date.now() - start;
+          return;
+        }
+      }
+      // Resolve templates in path
+      let resolvedPath: string;
+      try {
+        resolvedPath = resolveTemplates(subReq.path, responses);
+      } catch (err) {
+        const result: BatchResponse = {
+          status: 422,
+          body: { error: `Template resolution failed: ${(err as Error).message}` },
+        };
+        responses.set(id, result);
+        timings[id] = Date.now() - start;
+        return;
+      }
+      // Resolve templates in body
+      let resolvedBody: Record<string, unknown> | undefined;
+      if (subReq.body) {
+        try {
+          resolvedBody = resolveBodyTemplates(subReq.body, responses) as Record<string, unknown>;
+        } catch (err) {
+          const result: BatchResponse = {
+            status: 422,
+            body: { error: `Template resolution failed in body: ${(err as Error).message}` },
+          };
+          responses.set(id, result);
+          timings[id] = Date.now() - start;
+          return;
+        }
+      }
+      // Dispatch internally
+      const result = await dispatchInternal(
+        req.app,
+        subReq.method.toUpperCase(),
+        resolvedPath,
+        resolvedBody,
+        req,
+      );
+      responses.set(id, result);
+      timings[id] = Date.now() - start;
+    });
+    await Promise.all(wavePromises);
+  }
+  // Build response
+  const responseObj: Record<string, { status: number; body: unknown }> = {};
+  let succeeded = 0;
+  let failed = 0;
+  for (const [id, resp] of responses) {
+    responseObj[id] = { status: resp.status, body: resp.body };
+    if (resp.status < 400) {
+      succeeded++;
+    } else {
+      failed++;
+    }
+  }
+  res.json({
+    responses: responseObj,
+    meta: {
+      total: responses.size,
+      succeeded,
+      failed,
+      timings,
+    },
+  });
+});
+export default router;