gnoman 0.1.0

package/gnoman2.0/backend/services/robinhood/integrationService.ts

@@ -0,0 +1,140 @@
+import { RobinhoodCryptoClient, type ClientOptions, type OrderResponse, type OrderStatus } from './client';
+import { runtimeTelemetry } from '../runtimeTelemetryService';
+import { secretsResolver } from '../../utils/secretsResolver';
+import { getSecureSetting, setSecureSetting } from '../secureSettingsService';
+
+interface RobinhoodCryptoConfig {
+  apiKey: string;
+  privateKey: string;
+}
+
+const ROBINHOOD_CONFIG_KEY = 'robinhood.crypto.config';
+
+export interface RobinhoodCryptoConfigStatus {
+  configured: boolean;
+  apiKeyPreview?: string;
+  enabled: boolean;
+  mode: 'official-crypto-only';
+}
+
+const isEnabled = () => process.env.ENABLE_ROBINHOOD_CRYPTO === 'true';
+
+const maskApiKey = (apiKey: string) => {
+  if (apiKey.length <= 8) {
+    return `${apiKey.slice(0, 2)}***`;
+  }
+  return `${apiKey.slice(0, 4)}***${apiKey.slice(-4)}`;
+};
+
+const readConfig = async (): Promise<RobinhoodCryptoConfig | null> => {
+  const config = await getSecureSetting<RobinhoodCryptoConfig | null>(ROBINHOOD_CONFIG_KEY, null);
+  if (!config || !config.apiKey?.trim() || !config.privateKey?.trim()) {
+    const apiKey = await secretsResolver.resolve('ROBINHOOD_CRYPTO_API_KEY', { failClosed: false });
+    const privateKey = await secretsResolver.resolve('ROBINHOOD_CRYPTO_PRIVATE_KEY', { failClosed: false });
+    if (apiKey && privateKey) {
+      return { apiKey, privateKey };
+    }
+    return null;
+  }
+  return {
+    apiKey: config.apiKey.trim(),
+    privateKey: config.privateKey.trim()
+  };
+};
+
+export const getRobinhoodCryptoConfigStatus = async (): Promise<RobinhoodCryptoConfigStatus> => {
+  const enabled = isEnabled();
+  runtimeTelemetry.setRobinhoodEnabled(enabled);
+  const config = await readConfig();
+  if (!config) {
+    const reason = enabled ? 'missing creds' : 'disabled';
+    console.info(JSON.stringify({ event: 'ROBINHOOD', enabled, reason }));
+    return { configured: false, enabled, mode: 'official-crypto-only' };
+  }
+  console.info(JSON.stringify({ event: 'ROBINHOOD', enabled, reason: enabled ? 'configured' : 'disabled' }));
+  return {
+    configured: true,
+    apiKeyPreview: maskApiKey(config.apiKey),
+    enabled,
+    mode: 'official-crypto-only'
+  };
+};
+
+export const setRobinhoodCryptoConfig = async (apiKey: string, privateKey: string) => {
+  await setSecureSetting(ROBINHOOD_CONFIG_KEY, {
+    apiKey: apiKey.trim(),
+    privateKey: privateKey.trim()
+  });
+  return getRobinhoodCryptoConfigStatus();
+};
+
+const createClient = async (options: ClientOptions = {}) => {
+  if (!isEnabled()) {
+    throw new Error('Robinhood Crypto Trading API is disabled. Set ENABLE_ROBINHOOD_CRYPTO=true to enable.');
+  }
+  const config = await readConfig();
+  if (!config) {
+    throw new Error('Robinhood crypto credentials are not configured.');
+  }
+  const client = new RobinhoodCryptoClient(config.apiKey, config.privateKey, {
+    ...options,
+    onRequestComplete: (event) => {
+      runtimeTelemetry.recordRobinhoodRequest({ ...event, createdAt: new Date().toISOString() });
+      options.onRequestComplete?.(event);
+    }
+  });
+  runtimeTelemetry.setRobinhoodAuthStatus(true);
+  return client;
+};
+
+
+export const validateRobinhoodCryptoAuth = async (options: ClientOptions = {}) => {
+  try {
+    const client = await createClient(options);
+    await client.getAccounts();
+    runtimeTelemetry.setRobinhoodAuthStatus(true);
+    return { ok: true as const };
+  } catch (error) {
+    runtimeTelemetry.setRobinhoodAuthStatus(false, error instanceof Error ? error.message : 'Unknown error');
+    return { ok: false as const, reason: error instanceof Error ? error.message : 'Unknown error' };
+  }
+};
+
+export const purchaseRobinhoodCryptoWithCash = async (
+  symbol: string,
+  cashAmount: number,
+  options: ClientOptions = {}
+): Promise<OrderResponse> => {
+  const client = await createClient(options);
+  const order = await client.placeOrder(symbol.trim().toUpperCase(), cashAmount);
+  runtimeTelemetry.recordRobinhoodOrder({ action: 'created', id: String(order.id ?? 'unknown'), createdAt: new Date().toISOString() });
+  return order;
+};
+
+export const getRobinhoodCryptoOrderStatus = async (
+  orderId: string,
+  options: ClientOptions = {}
+): Promise<OrderStatus> => {
+  const client = await createClient(options);
+  const status = await client.getOrderStatus(orderId);
+  runtimeTelemetry.recordRobinhoodOrder({ action: 'status', id: String(status.id ?? orderId), state: String(status.state ?? 'unknown'), createdAt: new Date().toISOString() });
+  return status;
+};
+
+export const cancelRobinhoodCryptoOrder = async (orderId: string, options: ClientOptions = {}): Promise<OrderStatus> => {
+  const client = await createClient(options);
+  const result = await client.cancelOrder(orderId);
+  runtimeTelemetry.recordRobinhoodOrder({ action: 'canceled', id: String(result.id ?? orderId), state: String(result.state ?? 'canceled'), createdAt: new Date().toISOString() });
+  return result;
+};
+
+
+export const getRobinhoodCryptoAccounts = async (options: ClientOptions = {}) => {
+  const client = await createClient(options);
+  return client.getAccounts();
+};
+
+export const getRobinhoodCryptoMarketData = async (symbol: string, options: ClientOptions = {}) => {
+  const client = await createClient(options);
+  return client.getMarketData(symbol);
+};

package/gnoman2.0/backend/services/robinhood/provider.ts

@@ -0,0 +1,22 @@
+import type { ClientOptions, OrderResponse, OrderStatus } from './client';
+import { cancelRobinhoodCryptoOrder, getRobinhoodCryptoOrderStatus, purchaseRobinhoodCryptoWithCash } from './integrationService';
+
+export interface ExchangeProvider {
+  placeMarketBuy(symbol: string, cashAmount: number, options?: ClientOptions): Promise<OrderResponse>;
+  cancelOrder(orderId: string, options?: ClientOptions): Promise<Record<string, unknown>>;
+  getOrderStatus(orderId: string, options?: ClientOptions): Promise<OrderStatus>;
+}
+
+export class RobinhoodCryptoProvider implements ExchangeProvider {
+  async placeMarketBuy(symbol: string, cashAmount: number, options: ClientOptions = {}) {
+    return purchaseRobinhoodCryptoWithCash(symbol, cashAmount, options);
+  }
+
+  async cancelOrder(orderId: string, options: ClientOptions = {}) {
+    return cancelRobinhoodCryptoOrder(orderId, options);
+  }
+
+  async getOrderStatus(orderId: string, options: ClientOptions = {}) {
+    return getRobinhoodCryptoOrderStatus(orderId, options);
+  }
+}

package/gnoman2.0/backend/services/robinhood/unofficialClient.ts

@@ -0,0 +1,66 @@
+/**
+ * WARNING: This client is for undocumented Robinhood equity endpoints.
+ * It is intentionally gated to reduce accidental production usage.
+ */
+export class RobinhoodUnofficialClient {
+  private readonly baseUrl = 'https://api.robinhood.com';
+
+  constructor(
+    private readonly accessToken: string,
+    private readonly fetchImpl: typeof fetch = fetch
+  ) {}
+
+  private assertEnabled() {
+    if (process.env.GNOMAN_ENABLE_UNOFFICIAL_ROBINHOOD !== 'true') {
+      throw new Error(
+        'Unofficial Robinhood stock endpoints are disabled. Set GNOMAN_ENABLE_UNOFFICIAL_ROBINHOOD=true to continue.'
+      );
+    }
+  }
+
+  async placeStockBuy(symbol: string, quantity: number) {
+    this.assertEnabled();
+    return this.doPost('/orders/', {
+      symbol,
+      quantity,
+      type: 'market',
+      side: 'buy',
+    });
+  }
+
+  async getOrderStatus(orderId: string) {
+    this.assertEnabled();
+    return this.doGet(`/orders/${encodeURIComponent(orderId)}/`);
+  }
+
+  private async doPost(path: string, payload: Record<string, unknown>) {
+    const response = await this.fetchImpl(`${this.baseUrl}${path}`, {
+      method: 'POST',
+      headers: this.headers(),
+      body: JSON.stringify(payload),
+    });
+    return this.requireOk(response);
+  }
+
+  private async doGet(path: string) {
+    const response = await this.fetchImpl(`${this.baseUrl}${path}`, {
+      method: 'GET',
+      headers: this.headers(),
+    });
+    return this.requireOk(response);
+  }
+
+  private headers() {
+    return {
+      Authorization: `Bearer ${this.accessToken}`,
+      'content-type': 'application/json',
+    };
+  }
+
+  private async requireOk(response: Response) {
+    if (!response.ok) {
+      throw new Error(`Unofficial Robinhood request failed (${response.status}): ${await response.text()}`);
+    }
+    return response.json();
+  }
+}

package/gnoman2.0/backend/services/rpcService.ts

@@ -0,0 +1,44 @@
+import { ethers } from 'ethers';
+import { secretsResolver } from '../utils/secretsResolver';
+
+export const resolveRpcUrl = async (preferred?: string) => {
+  const trimmed = preferred?.trim();
+  if (trimmed) {
+    return trimmed;
+  }
+  const resolved =
+    (await secretsResolver.resolve('GNOMAN_RPC_URL', { failClosed: false })) ??
+    (await secretsResolver.resolve('SAFE_RPC_URL', { failClosed: false })) ??
+    (await secretsResolver.resolve('RPC_URL', { failClosed: false }));
+  return resolved?.trim() || undefined;
+};
+
+export const requireRpcUrl = async (preferred?: string) => {
+  const rpcUrl = await resolveRpcUrl(preferred);
+  if (!rpcUrl) {
+    throw new Error('RPC URL missing. Configure GNOMAN_RPC_URL or encrypted local secrets file.');
+  }
+  return rpcUrl;
+};
+
+export const formatEtherBalance = (value: bigint) => {
+  const formatted = ethers.formatEther(value);
+  const [whole, fraction = ''] = formatted.split('.');
+  const paddedFraction = fraction.padEnd(4, '0').slice(0, 4);
+  return `${whole}.${paddedFraction}`;
+};
+
+export const getBalance = async (address: string, preferredRpcUrl?: string) => {
+  const rpcUrl = await resolveRpcUrl(preferredRpcUrl);
+  if (!rpcUrl) {
+    return undefined;
+  }
+  try {
+    const provider = new ethers.JsonRpcProvider(rpcUrl);
+    const balance = await provider.getBalance(address);
+    return formatEtherBalance(balance);
+  } catch (error) {
+    console.warn('Unable to fetch balance', error);
+    return undefined;
+  }
+};

package/gnoman2.0/backend/services/runtimeTelemetryService.ts

@@ -0,0 +1,158 @@
+import fs from 'fs';
+import path from 'path';
+
+export type SecretsTelemetryEntry = {
+  key: string;
+  required: boolean;
+  present: boolean;
+  source: string;
+  redacted: string;
+};
+
+export type AbiResolveEvent = {
+  chainId: number;
+  address: string;
+  contractName: string;
+  source: string;
+  cached: boolean;
+  functionsCount: number;
+  verified: boolean;
+  fetchedAt: string;
+};
+
+export type SafeExecutionTrace = {
+  safeAddress: string;
+  moduleAddress?: string;
+  outerTxTo?: string;
+  innerSafe: { to?: string; value?: string; data?: string; operation?: number };
+  finalTargetAddress?: string;
+  methodSignature?: string;
+  txHash?: string;
+  noBroadcastReason?: string;
+  createdAt: string;
+};
+
+export type RobinhoodRequestEvent = {
+  endpoint: string;
+  method: string;
+  statusCode: number;
+  latencyMs: number;
+  createdAt: string;
+};
+
+export type RobinhoodOrderEvent = {
+  action: 'created' | 'canceled' | 'filled' | 'status';
+  id: string;
+  state?: string;
+  createdAt: string;
+};
+
+const MAX_EVENTS = 20;
+const artifactDir = path.join(process.cwd(), '.gnoman', 'exec_package');
+const artifactPath = path.join(artifactDir, 'runtime-debug.jsonl');
+
+const ensureArtifactDir = () => {
+  if (!fs.existsSync(artifactDir)) {
+    fs.mkdirSync(artifactDir, { recursive: true });
+  }
+};
+
+const pushLimited = <T>(list: T[], value: T) => {
+  list.unshift(value);
+  if (list.length > MAX_EVENTS) {
+    list.length = MAX_EVENTS;
+  }
+};
+
+class RuntimeTelemetryService {
+  private secretsStatus: SecretsTelemetryEntry[] = [];
+
+  private abiResolves: AbiResolveEvent[] = [];
+
+  private safeTraces: SafeExecutionTrace[] = [];
+
+  private robinhoodRequests: RobinhoodRequestEvent[] = [];
+
+  private robinhoodOrders: RobinhoodOrderEvent[] = [];
+
+  private robinhoodEnabled = false;
+
+  private robinhoodAuthStatus: { ok: boolean; reason?: string } = { ok: false, reason: 'Not attempted' };
+
+  private safeRuntime: { version?: string; mastercopyAddress?: string; moduleEnabled?: boolean } = {};
+
+  private appendArtifact(kind: string, payload: unknown) {
+    try {
+      ensureArtifactDir();
+      fs.appendFileSync(
+        artifactPath,
+        `${JSON.stringify({ kind, ts: new Date().toISOString(), payload })}\n`,
+        'utf8'
+      );
+    } catch (error) {
+      console.warn('Unable to append debug artifact', error);
+    }
+  }
+
+  setSecretsStatus(entries: SecretsTelemetryEntry[]) {
+    this.secretsStatus = entries;
+    this.appendArtifact('SECRETS_STATUS', entries.map(({ key, required, present, source, redacted }) => ({ key, required, present, source, redacted })));
+  }
+
+  recordAbiResolve(event: AbiResolveEvent) {
+    pushLimited(this.abiResolves, event);
+    this.appendArtifact('ABI_RESOLVED', event);
+  }
+
+  recordSafeTrace(trace: SafeExecutionTrace) {
+    pushLimited(this.safeTraces, trace);
+    this.appendArtifact('SAFE_EXECUTION_TRACE', trace);
+  }
+
+  setSafeRuntime(data: { version?: string; mastercopyAddress?: string; moduleEnabled?: boolean }) {
+    this.safeRuntime = { ...this.safeRuntime, ...data };
+    this.appendArtifact('SAFE_RUNTIME', this.safeRuntime);
+  }
+
+  setRobinhoodEnabled(enabled: boolean) {
+    this.robinhoodEnabled = enabled;
+  }
+
+  setRobinhoodAuthStatus(ok: boolean, reason?: string) {
+    this.robinhoodAuthStatus = { ok, reason };
+    this.appendArtifact('ROBINHOOD_AUTH', this.robinhoodAuthStatus);
+  }
+
+  recordRobinhoodRequest(event: RobinhoodRequestEvent) {
+    pushLimited(this.robinhoodRequests, event);
+    this.appendArtifact('ROBINHOOD_REQUEST', event);
+  }
+
+  recordRobinhoodOrder(event: RobinhoodOrderEvent) {
+    pushLimited(this.robinhoodOrders, event);
+    this.appendArtifact('ROBINHOOD_ORDER', event);
+  }
+
+  getSnapshot() {
+    return {
+      secrets: this.secretsStatus,
+      abi: {
+        lastResolves: this.abiResolves,
+        cacheHits: this.abiResolves.filter((entry) => entry.cached).length,
+        cacheMisses: this.abiResolves.filter((entry) => !entry.cached).length
+      },
+      safe: {
+        ...this.safeRuntime,
+        traces: this.safeTraces
+      },
+      robinhood: {
+        enabled: this.robinhoodEnabled,
+        auth: this.robinhoodAuthStatus,
+        requests: this.robinhoodRequests,
+        orders: this.robinhoodOrders
+      }
+    };
+  }
+}
+
+export const runtimeTelemetry = new RuntimeTelemetryService();

package/gnoman2.0/backend/services/safeConfigRepository.ts

@@ -0,0 +1,205 @@
+import crypto from 'crypto';
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+
+export interface PersistedSafeDelegate {
+  address: string;
+  label: string;
+  since: string;
+}
+
+export interface PersistedSafeTransaction {
+  hash: string;
+  payload: unknown;
+  approvals: string[];
+  createdAt: string;
+  meta?: Record<string, unknown>;
+  executed: boolean;
+}
+
+export interface PersistedSafeState {
+  address: string;
+  rpcUrl: string;
+  owners: string[];
+  threshold: number;
+  modules: string[];
+  delegates: PersistedSafeDelegate[];
+  fallbackHandler?: string;
+  guard?: string;
+  network?: string;
+  safeVersion?: string;
+  mastercopyAddress?: string;
+  transactions: PersistedSafeTransaction[];
+}
+
+export interface PersistedSafePayload {
+  version: number;
+  safes: PersistedSafeState[];
+}
+
+const DEFAULTS: PersistedSafePayload = { version: 1, safes: [] };
+
+const envPath = process.env.SAFE_CONFIG_PATH?.trim();
+const resolvedPath = path.resolve(envPath || path.join(process.cwd(), '.gnoman', 'safes.json'));
+
+const redactedConfigPath = resolvedPath;
+
+export interface EffectiveSafeConfig {
+  enabled: boolean;
+  txSubmissionMode: 'safe-module-simulated' | 'legacy-eoa';
+}
+
+export const resolveEffectiveSafeConfig = (): EffectiveSafeConfig => {
+  const rawEnabled = process.env.SAFE_MODE_ENABLED?.trim().toLowerCase();
+  const enabled = rawEnabled === undefined ? true : !['0', 'false', 'off', 'no'].includes(rawEnabled);
+  const txSubmissionMode = enabled ? 'safe-module-simulated' : 'legacy-eoa';
+
+  console.info(
+    JSON.stringify({
+      event: 'SAFE_RUNTIME_EFFECTIVE_CONFIG',
+      safeModeEnabled: enabled,
+      txSubmissionMode,
+      source: rawEnabled === undefined ? 'default' : 'SAFE_MODE_ENABLED'
+    })
+  );
+
+  return { enabled, txSubmissionMode };
+};
+
+function checksum(content: string) {
+  return crypto.createHash('sha256').update(content).digest('hex');
+}
+
+function safeStat(filePath: string) {
+  try {
+    const stat = fs.statSync(filePath);
+    return { exists: true, size: stat.size, mtime: stat.mtime.toISOString() };
+  } catch (error) {
+    return { exists: false, size: 0, mtime: null as string | null, error: error instanceof Error ? error.message : String(error) };
+  }
+}
+
+export class SafeConfigRepository {
+  readonly configPath = resolvedPath;
+
+  constructor() {
+    const stat = safeStat(this.configPath);
+    console.info(
+      JSON.stringify({
+        event: 'TRACE enter fn=SafeConfigRepository.constructor',
+        SAFE_CONFIG_PATH: redactedConfigPath,
+        fileExists: stat.exists,
+        size: stat.size,
+        mtime: stat.mtime
+      })
+    );
+    console.info(JSON.stringify({ event: 'TRACE exit fn=SafeConfigRepository.constructor ok=true' }));
+  }
+
+  load(): PersistedSafePayload {
+    console.info(JSON.stringify({ event: 'TRACE enter fn=SafeConfigRepository.load' }));
+    try {
+      const stat = safeStat(this.configPath);
+      console.info(
+        JSON.stringify({
+          event: 'SAFE_CONFIG_STATUS',
+          SAFE_CONFIG_PATH: redactedConfigPath,
+          fileExists: stat.exists,
+          size: stat.size,
+          mtime: stat.mtime
+        })
+      );
+      if (!stat.exists) {
+        console.error(JSON.stringify({ event: 'CONFIG_EARLY_RETURN', fn: 'SafeConfigRepository.load', reason: 'missing_file', path: redactedConfigPath }));
+        console.info(JSON.stringify({ event: 'TRACE exit fn=SafeConfigRepository.load ok=true' }));
+        return { ...DEFAULTS };
+      }
+
+      const raw = fs.readFileSync(this.configPath, 'utf8');
+      if (!raw.trim()) {
+        console.error(JSON.stringify({ event: 'CONFIG_EARLY_RETURN', fn: 'SafeConfigRepository.load', reason: 'empty_file', path: redactedConfigPath }));
+        console.info(JSON.stringify({ event: 'TRACE exit fn=SafeConfigRepository.load ok=true' }));
+        return { ...DEFAULTS };
+      }
+
+      const parsed = JSON.parse(raw) as Partial<PersistedSafePayload> | PersistedSafeState[];
+      const safes = Array.isArray(parsed) ? parsed : parsed.safes;
+      if (!Array.isArray(safes)) {
+        console.error(JSON.stringify({ event: 'CONFIG_EARLY_RETURN', fn: 'SafeConfigRepository.load', reason: 'schema_invalid', path: redactedConfigPath }));
+        console.info(JSON.stringify({ event: 'TRACE exit fn=SafeConfigRepository.load ok=true' }));
+        return { ...DEFAULTS };
+      }
+      const finalPayload: PersistedSafePayload = {
+        version: typeof (parsed as PersistedSafePayload).version === 'number' ? (parsed as PersistedSafePayload).version : 1,
+        safes
+      };
+      console.info(
+        JSON.stringify({
+          event: 'SAFE_EFFECTIVE_CONFIG',
+          path: redactedConfigPath,
+          safeCount: finalPayload.safes.length,
+          safes: finalPayload.safes.map((safe) => ({
+            address: safe.address,
+            rpcUrlHash: checksum(safe.rpcUrl ?? '').slice(0, 12),
+            owners: safe.owners?.length ?? 0,
+            threshold: safe.threshold,
+            modules: safe.modules?.length ?? 0
+          }))
+        })
+      );
+      console.info(JSON.stringify({ event: 'TRACE exit fn=SafeConfigRepository.load ok=true' }));
+      return finalPayload;
+    } catch (error) {
+      console.error(
+        JSON.stringify({
+          event: 'TRACE exit fn=SafeConfigRepository.load ok=false',
+          reason: error instanceof Error ? error.message : String(error),
+          callsite: 'SafeConfigRepository.load'
+        })
+      );
+      throw error;
+    }
+  }
+
+  save(payload: PersistedSafePayload) {
+    console.info(JSON.stringify({ event: 'TRACE enter fn=SafeConfigRepository.save', safes: payload.safes.length }));
+    const dir = path.dirname(this.configPath);
+    fs.mkdirSync(dir, { recursive: true });
+    const tmpPath = `${this.configPath}.tmp`;
+    const content = JSON.stringify(payload, null, 2);
+    const expectedChecksum = checksum(content);
+    const fd = fs.openSync(tmpPath, 'w');
+    try {
+      fs.writeFileSync(fd, content, 'utf8');
+      fs.fsyncSync(fd);
+    } finally {
+      fs.closeSync(fd);
+    }
+    fs.renameSync(tmpPath, this.configPath);
+
+    const readBack = fs.readFileSync(this.configPath, 'utf8');
+    const readChecksum = checksum(readBack);
+    if (readChecksum !== expectedChecksum) {
+      console.error(JSON.stringify({ event: 'SAFE_CONFIG_PERSIST_FAIL', reason: 'checksum_mismatch', expectedChecksum, readChecksum }));
+      throw new Error('Persisted safe config checksum mismatch after readback validation');
+    }
+
+    console.info(
+      JSON.stringify({
+        event: 'SAFE_CONFIG_PERSIST_OK',
+        path: this.configPath,
+        bytesWritten: Buffer.byteLength(content, 'utf8'),
+        checksum: expectedChecksum,
+        host: os.hostname()
+      })
+    );
+    console.info(JSON.stringify({ event: 'TRACE exit fn=SafeConfigRepository.save ok=true' }));
+  }
+
+  getEffectiveSafeConfig(): EffectiveSafeConfig {
+    return resolveEffectiveSafeConfig();
+  }
+}
+
+export const safeConfigRepository = new SafeConfigRepository();