hedgequantx 2.5.6 → 2.5.8

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hedgequantx",
-  "version": "2.5.6",
+  "version": "2.5.8",
   "description": "HedgeQuantX - Prop Futures Trading CLI",
   "main": "src/app.js",
   "bin": {

package/src/menus/ai-agent.js

@@ -6,7 +6,7 @@
 const chalk = require('chalk');
 const ora = require('ora');
 
-const { getLogoWidth, drawBoxHeader, drawBoxFooter, displayBanner } = require('../ui');
+const { getLogoWidth, drawBoxHeader, drawBoxHeaderContinue, drawBoxFooter, displayBanner } = require('../ui');
 const { prompts } = require('../utils');
 const aiService = require('../services/ai');
 const { getCategories, getProvidersByCategory } = require('../services/ai/providers');
@@ -31,7 +31,7 @@ const aiAgentMenu = async () => {
   
   console.clear();
   displayBanner();
-  drawBoxHeader('AI AGENT', boxWidth);
+  drawBoxHeaderContinue('AI AGENT', boxWidth);
   
   // Show current status
   const connection = aiService.getConnection();
@@ -104,7 +104,7 @@ const showExistingTokens = async () => {
   
   console.clear();
   displayBanner();
-  drawBoxHeader('SCANNING FOR EXISTING SESSIONS...', boxWidth);
+  drawBoxHeaderContinue('SCANNING FOR EXISTING SESSIONS...', boxWidth);
   console.log(makeLine(''));
   console.log(makeLine(chalk.gray('CHECKING VS CODE, CURSOR, CLAUDE CLI, OPENCODE...')));
   console.log(makeLine(''));

package/src/menus/dashboard.js

@@ -80,20 +80,34 @@ const dashboardMenu = async (service) => {
   
   console.log(chalk.cyan('╠' + '═'.repeat(W) + '╣'));
   
-  // Menu in 2 columns
-  const col1Width = Math.floor(W / 2);
-  const menuRow = (left, right) => {
-    const leftPlain = left.replace(/\x1b\[[0-9;]*m/g, '');
-    const rightPlain = right.replace(/\x1b\[[0-9;]*m/g, '');
-    const leftPadded = '  ' + left + ' '.repeat(Math.max(0, col1Width - leftPlain.length - 2));
-    const rightPadded = right + ' '.repeat(Math.max(0, W - col1Width - rightPlain.length));
-    console.log(chalk.cyan('║') + leftPadded + rightPadded + chalk.cyan('║'));
+  // Menu in 3 columns
+  const colWidth = Math.floor(W / 3);
+  
+  const menuRow3 = (col1, col2, col3) => {
+    const c1Plain = col1.replace(/\x1b\[[0-9;]*m/g, '');
+    const c2Plain = col2.replace(/\x1b\[[0-9;]*m/g, '');
+    const c3Plain = col3.replace(/\x1b\[[0-9;]*m/g, '');
+    
+    const c1Padded = '  ' + col1 + ' '.repeat(Math.max(0, colWidth - c1Plain.length - 2));
+    const c2Padded = col2 + ' '.repeat(Math.max(0, colWidth - c2Plain.length));
+    const c3Padded = col3 + ' '.repeat(Math.max(0, W - colWidth * 2 - c3Plain.length));
+    
+    console.log(chalk.cyan('║') + c1Padded + c2Padded + c3Padded + chalk.cyan('║'));
   };
   
-  menuRow(chalk.cyan('[1] VIEW ACCOUNTS'), chalk.cyan('[2] VIEW STATS'));
-  menuRow(chalk.cyan('[+] ADD PROP-ACCOUNT'), chalk.magenta('[A] ALGO TRADING'));
-  menuRow(chalk.magenta('[I] AI AGENT'), chalk.yellow('[U] UPDATE HQX'));
-  menuRow(chalk.red('[X] DISCONNECT'), '');
+  const centerLine = (content) => {
+    const plainLen = content.replace(/\x1b\[[0-9;]*m/g, '').length;
+    const padding = W - plainLen;
+    const leftPad = Math.floor(padding / 2);
+    console.log(chalk.cyan('║') + ' '.repeat(leftPad) + content + ' '.repeat(padding - leftPad) + chalk.cyan('║'));
+  };
+  
+  menuRow3(chalk.cyan('[1] VIEW ACCOUNTS'), chalk.cyan('[2] VIEW STATS'), chalk.cyan('[+] ADD ACCOUNT'));
+  menuRow3(chalk.magenta('[A] ALGO TRADING'), chalk.magenta('[I] AI AGENT'), chalk.yellow('[U] UPDATE HQX'));
+  
+  // Separator and disconnect button centered
+  console.log(chalk.cyan('╠' + '═'.repeat(W) + '╣'));
+  centerLine(chalk.red('[X] DISCONNECT'));
   
   console.log(chalk.cyan('╚' + '═'.repeat(W) + '╝'));
   

package/src/services/ai/token-scanner.js

@@ -214,11 +214,33 @@ const TOKEN_SOURCES = {
     name: 'CLAUDE CLI',
     icon: '🤖',
     paths: {
-      darwin: [path.join(homeDir, '.claude')],
-      linux: [path.join(homeDir, '.claude')],
-      win32: [path.join(homeDir, '.claude')]
+      darwin: [
+        path.join(homeDir, '.claude'),
+        path.join(homeDir, '.config', 'claude'),
+        path.join(getAppDataDir(), 'Claude')
+      ],
+      linux: [
+        path.join(homeDir, '.claude'),
+        path.join(homeDir, '.config', 'claude')
+      ],
+      win32: [
+        path.join(homeDir, '.claude'),
+        path.join(getAppDataDir(), 'Claude')
+      ]
     },
-    configFiles: ['.credentials.json', 'credentials.json', 'config.json', '.credentials', 'settings.json', 'settings.local.json', 'auth.json']
+    configFiles: ['.credentials.json', 'credentials.json', 'config.json', '.credentials', 'settings.json', 'settings.local.json', 'auth.json', 'claude.json']
+  },
+  
+  // Claude config in home directory
+  claudeHome: {
+    name: 'CLAUDE CONFIG',
+    icon: '🤖',
+    paths: {
+      darwin: [homeDir],
+      linux: [homeDir],
+      win32: [homeDir]
+    },
+    configFiles: ['.claude.json', '.clauderc', '.claude_credentials']
   },
   
   opencode: {
@@ -496,6 +518,383 @@ const getFileModTime = (filePath) => {
   }
 };
 
+/**
+ * Known credential entries for AI providers (used by all OS)
+ * Organized by IDE/App
+ */
+const CREDENTIAL_ENTRIES = [
+  // VS Code
+  { service: 'Claude Code-credentials', provider: 'anthropic', name: 'CLAUDE CODE (VS CODE)', ide: 'vscode' },
+  { service: 'vscode.anthropic-credentials', provider: 'anthropic', name: 'VS CODE ANTHROPIC', ide: 'vscode' },
+  { service: 'vscode-openai', provider: 'openai', name: 'VS CODE OPENAI', ide: 'vscode' },
+  { service: 'copilot-credentials', provider: 'openai', name: 'GITHUB COPILOT', ide: 'vscode' },
+  
+  // VS Code Insiders
+  { service: 'Claude Code-credentials-insiders', provider: 'anthropic', name: 'CLAUDE CODE (INSIDERS)', ide: 'vscode-insiders' },
+  
+  // Cursor
+  { service: 'Cursor-credentials', provider: 'anthropic', name: 'CURSOR (CLAUDE)', ide: 'cursor' },
+  { service: 'cursor.anthropic-credentials', provider: 'anthropic', name: 'CURSOR ANTHROPIC', ide: 'cursor' },
+  { service: 'cursor.openai-credentials', provider: 'openai', name: 'CURSOR OPENAI', ide: 'cursor' },
+  
+  // Windsurf
+  { service: 'Windsurf-credentials', provider: 'anthropic', name: 'WINDSURF (CLAUDE)', ide: 'windsurf' },
+  { service: 'windsurf.anthropic-credentials', provider: 'anthropic', name: 'WINDSURF ANTHROPIC', ide: 'windsurf' },
+  
+  // Zed
+  { service: 'Zed-credentials', provider: 'anthropic', name: 'ZED (CLAUDE)', ide: 'zed' },
+  { service: 'zed.anthropic-credentials', provider: 'anthropic', name: 'ZED ANTHROPIC', ide: 'zed' },
+  { service: 'zed.openai-credentials', provider: 'openai', name: 'ZED OPENAI', ide: 'zed' },
+  
+  // Claude CLI / App
+  { service: 'Claude Safe Storage', provider: 'anthropic', name: 'CLAUDE CLI', ide: 'claude-cli' },
+  { service: 'claude-cli-credentials', provider: 'anthropic', name: 'CLAUDE CLI', ide: 'claude-cli' },
+  
+  // Continue.dev
+  { service: 'Continue-credentials', provider: 'anthropic', name: 'CONTINUE.DEV', ide: 'continue' },
+  { service: 'continue.anthropic-credentials', provider: 'anthropic', name: 'CONTINUE ANTHROPIC', ide: 'continue' },
+  { service: 'continue.openai-credentials', provider: 'openai', name: 'CONTINUE OPENAI', ide: 'continue' },
+  
+  // Cline
+  { service: 'Cline-credentials', provider: 'anthropic', name: 'CLINE', ide: 'cline' },
+  { service: 'saoudrizwan.claude-dev-credentials', provider: 'anthropic', name: 'CLINE (CLAUDE DEV)', ide: 'cline' },
+  
+  // OpenCode
+  { service: 'OpenCode-credentials', provider: 'anthropic', name: 'OPENCODE', ide: 'opencode' },
+  { service: 'opencode.anthropic-credentials', provider: 'anthropic', name: 'OPENCODE ANTHROPIC', ide: 'opencode' },
+  
+  // Aider
+  { service: 'Aider-credentials', provider: 'anthropic', name: 'AIDER', ide: 'aider' },
+  { service: 'aider.anthropic-credentials', provider: 'anthropic', name: 'AIDER ANTHROPIC', ide: 'aider' },
+  { service: 'aider.openai-credentials', provider: 'openai', name: 'AIDER OPENAI', ide: 'aider' },
+  
+  // Generic OpenAI
+  { service: 'openai-credentials', provider: 'openai', name: 'OPENAI', ide: 'generic' },
+  
+  // Generic OpenRouter
+  { service: 'openrouter-credentials', provider: 'openrouter', name: 'OPENROUTER', ide: 'generic' },
+];
+
+/**
+ * Parse credential JSON and extract tokens
+ */
+const parseCredentialJson = (output, entry) => {
+  const results = [];
+  
+  try {
+    const data = JSON.parse(output);
+    
+    // Extract Claude OAuth access token
+    if (data.claudeAiOauth?.accessToken) {
+      results.push({
+        source: `SECURE STORAGE - ${entry.name}`,
+        sourceId: 'secureStorage',
+        icon: '🔐',
+        type: data.claudeAiOauth.subscriptionType === 'max' ? 'session' : 'api_key',
+        provider: entry.provider,
+        providerName: PROVIDER_PATTERNS[entry.provider]?.displayName || entry.provider.toUpperCase(),
+        token: data.claudeAiOauth.accessToken,
+        refreshToken: data.claudeAiOauth.refreshToken,
+        expiresAt: data.claudeAiOauth.expiresAt,
+        subscriptionType: data.claudeAiOauth.subscriptionType,
+        lastUsed: new Date()
+      });
+    }
+    
+    // Extract OpenAI token
+    if (data.accessToken && entry.provider === 'openai') {
+      results.push({
+        source: `SECURE STORAGE - ${entry.name}`,
+        sourceId: 'secureStorage',
+        icon: '🔐',
+        type: 'session',
+        provider: entry.provider,
+        providerName: PROVIDER_PATTERNS[entry.provider]?.displayName || entry.provider.toUpperCase(),
+        token: data.accessToken,
+        lastUsed: new Date()
+      });
+    }
+    
+    // Generic API key in JSON
+    if (data.apiKey) {
+      results.push({
+        source: `SECURE STORAGE - ${entry.name}`,
+        sourceId: 'secureStorage',
+        icon: '🔐',
+        type: 'api_key',
+        provider: entry.provider,
+        providerName: PROVIDER_PATTERNS[entry.provider]?.displayName || entry.provider.toUpperCase(),
+        token: data.apiKey,
+        lastUsed: new Date()
+      });
+    }
+  } catch {
+    // Not JSON, treat as raw token
+    if (output.length > 20) {
+      for (const [providerId, provider] of Object.entries(PROVIDER_PATTERNS)) {
+        for (const pattern of provider.keyPatterns) {
+          pattern.lastIndex = 0;
+          if (pattern.test(output)) {
+            results.push({
+              source: `SECURE STORAGE - ${entry.name}`,
+              sourceId: 'secureStorage',
+              icon: '🔐',
+              type: 'api_key',
+              provider: providerId,
+              providerName: provider.displayName,
+              token: output,
+              lastUsed: new Date()
+            });
+            break;
+          }
+        }
+      }
+    }
+  }
+  
+  return results;
+};
+
+/**
+ * Read tokens from macOS Keychain
+ */
+const readMacOSKeychain = () => {
+  if (platform !== 'darwin') return [];
+  
+  const results = [];
+  const { execSync } = require('child_process');
+  
+  for (const entry of CREDENTIAL_ENTRIES) {
+    try {
+      const output = execSync(
+        `security find-generic-password -s "${entry.service}" -w 2>/dev/null`,
+        { encoding: 'utf8', timeout: 5000, stdio: ['pipe', 'pipe', 'pipe'] }
+      ).trim();
+      
+      if (output) {
+        results.push(...parseCredentialJson(output, entry));
+      }
+    } catch {
+      // Entry not found or access denied
+    }
+  }
+  
+  return results;
+};
+
+/**
+ * Read tokens from Linux Secret Service (libsecret/gnome-keyring)
+ */
+const readLinuxSecretService = () => {
+  if (platform !== 'linux') return [];
+  
+  const results = [];
+  const { execSync } = require('child_process');
+  
+  // Check if secret-tool is available
+  try {
+    execSync('which secret-tool', { stdio: 'pipe' });
+  } catch {
+    return results; // secret-tool not available
+  }
+  
+  for (const entry of CREDENTIAL_ENTRIES) {
+    try {
+      // Try different attribute combinations
+      const commands = [
+        `secret-tool lookup service "${entry.service}" 2>/dev/null`,
+        `secret-tool lookup application "${entry.service}" 2>/dev/null`,
+        `secret-tool lookup xdg:schema "org.freedesktop.Secret.Generic" service "${entry.service}" 2>/dev/null`,
+      ];
+      
+      for (const cmd of commands) {
+        try {
+          const output = execSync(cmd, { 
+            encoding: 'utf8', 
+            timeout: 5000, 
+            stdio: ['pipe', 'pipe', 'pipe'] 
+          }).trim();
+          
+          if (output) {
+            results.push(...parseCredentialJson(output, entry));
+            break; // Found it, no need to try other commands
+          }
+        } catch {
+          // Command failed, try next
+        }
+      }
+    } catch {
+      // Entry not found
+    }
+  }
+  
+  // Also check VS Code's pass-based storage on Linux
+  const passEntries = [
+    'vscode/Claude Code-credentials',
+    'vscode/Cursor-credentials',
+    'vscode/openai-credentials',
+  ];
+  
+  for (const passPath of passEntries) {
+    try {
+      const output = execSync(`pass show "${passPath}" 2>/dev/null`, {
+        encoding: 'utf8',
+        timeout: 5000,
+        stdio: ['pipe', 'pipe', 'pipe']
+      }).trim();
+      
+      if (output) {
+        const entry = CREDENTIAL_ENTRIES.find(e => passPath.includes(e.service)) || 
+          { service: passPath, provider: 'unknown', name: passPath };
+        results.push(...parseCredentialJson(output, entry));
+      }
+    } catch {
+      // pass entry not found
+    }
+  }
+  
+  return results;
+};
+
+/**
+ * Read tokens from Windows Credential Manager
+ */
+const readWindowsCredentialManager = () => {
+  if (platform !== 'win32') return [];
+  
+  const results = [];
+  const { execSync } = require('child_process');
+  
+  for (const entry of CREDENTIAL_ENTRIES) {
+    try {
+      // Use PowerShell to read from Credential Manager
+      const psCommand = `
+        $cred = Get-StoredCredential -Target "${entry.service}" -ErrorAction SilentlyContinue
+        if ($cred) { 
+          [System.Runtime.InteropServices.Marshal]::PtrToStringAuto(
+            [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($cred.Password)
+          )
+        }
+      `;
+      
+      const output = execSync(`powershell -Command "${psCommand.replace(/\n/g, ' ')}"`, {
+        encoding: 'utf8',
+        timeout: 10000,
+        stdio: ['pipe', 'pipe', 'pipe']
+      }).trim();
+      
+      if (output) {
+        results.push(...parseCredentialJson(output, entry));
+      }
+    } catch {
+      // Try cmdkey as fallback (less reliable for getting password)
+      try {
+        // cmdkey can list but not retrieve passwords directly
+        // VS Code on Windows often uses DPAPI-encrypted files instead
+      } catch {
+        // Entry not found
+      }
+    }
+  }
+  
+  // Also check VS Code's DPAPI-encrypted storage on Windows
+  const vscodeCredPath = path.join(
+    process.env.APPDATA || '',
+    'Code',
+    'User',
+    'globalStorage',
+    'state.vscdb'
+  );
+  
+  if (pathExists(vscodeCredPath)) {
+    const dbResults = readVSCodeStateDb(vscodeCredPath);
+    results.push(...dbResults);
+  }
+  
+  return results;
+};
+
+/**
+ * Read tokens from OS secure storage (unified function)
+ */
+const readSecureStorage = () => {
+  switch (platform) {
+    case 'darwin':
+      return readMacOSKeychain();
+    case 'linux':
+      return readLinuxSecretService();
+    case 'win32':
+      return readWindowsCredentialManager();
+    default:
+      return [];
+  }
+};
+
+/**
+ * Try to read VS Code SQLite state database
+ */
+const readVSCodeStateDb = (dbPath) => {
+  const results = [];
+  
+  try {
+    // Try using sqlite3 CLI if available
+    const { execSync } = require('child_process');
+    
+    // Check if sqlite3 is available
+    try {
+      execSync('which sqlite3', { stdio: 'pipe' });
+    } catch {
+      return results; // sqlite3 not available
+    }
+    
+    // Query for keys that might contain tokens
+    const queries = [
+      "SELECT key, value FROM ItemTable WHERE key LIKE '%apiKey%' OR key LIKE '%token%' OR key LIKE '%credential%' OR key LIKE '%session%'",
+      "SELECT key, value FROM ItemTable WHERE key LIKE '%anthropic%' OR key LIKE '%openai%' OR key LIKE '%claude%'"
+    ];
+    
+    for (const query of queries) {
+      try {
+        const output = execSync(`sqlite3 "${dbPath}" "${query}"`, { 
+          encoding: 'utf8',
+          timeout: 5000,
+          stdio: ['pipe', 'pipe', 'pipe']
+        });
+        
+        if (output) {
+          const lines = output.trim().split('\n');
+          for (const line of lines) {
+            const [key, value] = line.split('|');
+            if (value && value.length > 20) {
+              // Try to identify provider
+              for (const [providerId, provider] of Object.entries(PROVIDER_PATTERNS)) {
+                for (const pattern of provider.keyPatterns) {
+                  pattern.lastIndex = 0;
+                  if (pattern.test(value)) {
+                    results.push({
+                      type: 'api_key',
+                      provider: providerId,
+                      providerName: provider.displayName,
+                      token: value,
+                      keyPath: key
+                    });
+                  }
+                }
+              }
+            }
+          }
+        }
+      } catch {
+        // Query failed, continue
+      }
+    }
+  } catch {
+    // SQLite read failed
+  }
+  
+  return results;
+};
+
 /**
  * List files in directory (recursive optional)
  */
@@ -848,10 +1247,18 @@ const scanSource = (sourceId) => {
 const scanAllSources = () => {
   const allResults = [];
   
-  // First, scan environment variables (highest priority)
+  // First, scan OS secure storage (Keychain, libsecret, Credential Manager)
+  // This is the most reliable source for IDE tokens
+  try {
+    allResults.push(...readSecureStorage());
+  } catch (err) {
+    // Silent fail
+  }
+  
+  // Then scan environment variables
   allResults.push(...scanEnvironmentVariables());
   
-  // Then scan all tool sources
+  // Then scan all tool sources (config files)
   for (const sourceId of Object.keys(TOKEN_SOURCES)) {
     if (sourceId === 'envVars') continue; // Already scanned
     
@@ -969,10 +1376,12 @@ const getSystemInfo = () => {
 module.exports = {
   TOKEN_SOURCES,
   PROVIDER_PATTERNS,
+  CREDENTIAL_ENTRIES,
   scanAllSources,
   scanForProvider,
   scanSource,
   scanEnvironmentVariables,
+  readSecureStorage,
   formatResults,
   timeAgo,
   hasExistingTokens,

package/src/ui/box.js

@@ -55,7 +55,7 @@ const padText = (text, width) => {
 };
 
 /**
- * Draw box header with title
+ * Draw box header with title (starts new box with ╔)
  */
 const drawBoxHeader = (title, width) => {
   const innerWidth = width - 2;
@@ -64,6 +64,16 @@ const drawBoxHeader = (title, width) => {
   console.log(chalk.cyan('\u2560' + '\u2550'.repeat(innerWidth) + '\u2563'));
 };
 
+/**
+ * Draw box header that continues from previous box (uses ╠ instead of ╔)
+ */
+const drawBoxHeaderContinue = (title, width) => {
+  const innerWidth = width - 2;
+  console.log(chalk.cyan('\u2560' + '\u2550'.repeat(innerWidth) + '\u2563'));
+  console.log(chalk.cyan('\u2551') + chalk.cyan.bold(centerText(title, innerWidth)) + chalk.cyan('\u2551'));
+  console.log(chalk.cyan('\u2560' + '\u2550'.repeat(innerWidth) + '\u2563'));
+};
+
 /**
  * Draw box footer
  */
@@ -104,6 +114,7 @@ module.exports = {
   centerText,
   padText,
   drawBoxHeader,
+  drawBoxHeaderContinue,
   drawBoxFooter,
   drawBoxRow,
   drawBoxSeparator,

package/src/ui/index.js

@@ -10,6 +10,7 @@ const {
   centerText,
   padText,
   drawBoxHeader,
+  drawBoxHeaderContinue,
   drawBoxFooter,
   drawBoxRow,
   drawBoxSeparator,
@@ -105,6 +106,7 @@ module.exports = {
   centerText,
   padText,
   drawBoxHeader,
+  drawBoxHeaderContinue,
   drawBoxFooter,
   drawBoxRow,
   drawBoxSeparator,