logiqical 0.4.0 → 0.5.0

package/dist/vault.mjs

@@ -0,0 +1,271 @@
+#!/usr/bin/env node
+#!/usr/bin/env node
+
+// src/cli/vault.ts
+import { createServer } from "http";
+import { Wallet, JsonRpcProvider, ethers } from "ethers";
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+var CONFIG_DIR = join(homedir(), ".logiqical");
+var KEYS_DIR = join(CONFIG_DIR, "keys");
+var VAULT_STATE_FILE = join(CONFIG_DIR, "vault-state.json");
+var DEFAULT_PORT = 7842;
+function loadConfig() {
+  const configFile = join(CONFIG_DIR, "config.json");
+  if (existsSync(configFile)) return JSON.parse(readFileSync(configFile, "utf-8"));
+  return {};
+}
+function loadVaultState() {
+  if (existsSync(VAULT_STATE_FILE)) {
+    return JSON.parse(readFileSync(VAULT_STATE_FILE, "utf-8"));
+  }
+  const config = loadConfig();
+  return {
+    spentThisHour: "0",
+    spentToday: "0",
+    hourStart: Date.now(),
+    dayStart: Date.now(),
+    policy: config.policy || {}
+  };
+}
+function saveVaultState(state) {
+  if (!existsSync(CONFIG_DIR)) mkdirSync(CONFIG_DIR, { recursive: true });
+  writeFileSync(VAULT_STATE_FILE, JSON.stringify(state, null, 2));
+}
+function resetBudgetPeriods(state) {
+  const now = Date.now();
+  if (now - state.hourStart > 36e5) {
+    state.spentThisHour = "0";
+    state.hourStart = now;
+  }
+  if (now - state.dayStart > 864e5) {
+    state.spentToday = "0";
+    state.dayStart = now;
+  }
+  return state;
+}
+function checkPolicy(policy, tx, state) {
+  const valueWei = BigInt(tx.value || "0");
+  const valueEth = parseFloat(ethers.formatEther(valueWei));
+  if (policy.maxPerTx) {
+    const max = parseFloat(policy.maxPerTx);
+    if (valueEth > max) return `Transaction value ${valueEth} exceeds max per tx (${max})`;
+  }
+  if (policy.maxPerHour) {
+    const max = parseFloat(policy.maxPerHour);
+    const spent = parseFloat(state.spentThisHour);
+    if (spent + valueEth > max) return `Would exceed hourly budget (${spent + valueEth} > ${max})`;
+  }
+  if (policy.maxPerDay) {
+    const max = parseFloat(policy.maxPerDay);
+    const spent = parseFloat(state.spentToday);
+    if (spent + valueEth > max) return `Would exceed daily budget (${spent + valueEth} > ${max})`;
+  }
+  if (policy.allowedContracts && policy.allowedContracts.length > 0) {
+    const allowed = policy.allowedContracts.map((a) => a.toLowerCase());
+    if (!allowed.includes(tx.to.toLowerCase())) {
+      return `Contract ${tx.to} not in allowlist`;
+    }
+  }
+  if (policy.blockedContracts && policy.blockedContracts.length > 0) {
+    const blocked = policy.blockedContracts.map((b) => b.toLowerCase());
+    if (blocked.includes(tx.to.toLowerCase())) {
+      return `Contract ${tx.to} is blocked`;
+    }
+  }
+  return null;
+}
+function createVaultServer(wallet, provider, state) {
+  async function readBody(req) {
+    return new Promise((resolve, reject) => {
+      let data = "";
+      req.on("data", (chunk) => {
+        data += chunk.toString();
+      });
+      req.on("end", () => {
+        try {
+          resolve(JSON.parse(data));
+        } catch {
+          reject(new Error("Invalid JSON"));
+        }
+      });
+    });
+  }
+  function json(res, statusCode, body) {
+    res.writeHead(statusCode, { "Content-Type": "application/json" });
+    res.end(JSON.stringify(body));
+  }
+  return async (req, res) => {
+    const remoteAddr = req.socket.remoteAddress;
+    if (remoteAddr !== "127.0.0.1" && remoteAddr !== "::1" && remoteAddr !== "::ffff:127.0.0.1") {
+      return json(res, 403, { error: "Vault only accepts localhost connections" });
+    }
+    const url = req.url || "/";
+    const method = req.method || "GET";
+    try {
+      if (url === "/health" && method === "GET") {
+        return json(res, 200, { status: "ok", address: wallet.address });
+      }
+      if (url === "/address" && method === "GET") {
+        return json(res, 200, { address: wallet.address });
+      }
+      if (url === "/policy" && method === "GET") {
+        return json(res, 200, { policy: state.policy });
+      }
+      if (url === "/policy" && method === "POST") {
+        const body = await readBody(req);
+        state.policy = { ...state.policy, ...body };
+        saveVaultState(state);
+        return json(res, 200, { policy: state.policy });
+      }
+      if (url === "/budget" && method === "GET") {
+        state = resetBudgetPeriods(state);
+        return json(res, 200, {
+          spentThisHour: state.spentThisHour,
+          spentToday: state.spentToday,
+          hourlyLimit: state.policy.maxPerHour || null,
+          dailyLimit: state.policy.maxPerDay || null,
+          hourlyRemaining: state.policy.maxPerHour ? String(Math.max(0, parseFloat(state.policy.maxPerHour) - parseFloat(state.spentThisHour))) : null,
+          dailyRemaining: state.policy.maxPerDay ? String(Math.max(0, parseFloat(state.policy.maxPerDay) - parseFloat(state.spentToday))) : null
+        });
+      }
+      if (url === "/sign" && method === "POST") {
+        const body = await readBody(req);
+        const { to, data, value, chainId, gasLimit } = body;
+        if (!to) return json(res, 400, { error: "Missing 'to' field" });
+        state = resetBudgetPeriods(state);
+        const policyError = checkPolicy(state.policy, { to, value: value || "0" }, state);
+        if (policyError) {
+          return json(res, 403, { error: policyError, code: "POLICY_VIOLATION" });
+        }
+        if (state.policy.simulateBeforeSend) {
+          try {
+            await provider.call({
+              to,
+              data,
+              value: value ? BigInt(value) : void 0,
+              from: wallet.address
+            });
+          } catch (e) {
+            return json(res, 400, {
+              error: `Simulation failed: ${e.reason || e.message || "would revert"}`,
+              code: "SIMULATION_FAILED"
+            });
+          }
+        }
+        if (state.policy.dryRun) {
+          return json(res, 200, {
+            signedTx: null,
+            dryRun: true,
+            message: "Dry run \u2014 transaction not signed"
+          });
+        }
+        const tx = { to, data: data || "0x", value: value || "0" };
+        if (gasLimit) tx.gasLimit = gasLimit;
+        if (chainId) tx.chainId = chainId;
+        const signedTx = await wallet.signTransaction(tx);
+        const valueWei = BigInt(value || "0");
+        if (valueWei > 0n) {
+          const valueEth = parseFloat(ethers.formatEther(valueWei));
+          state.spentThisHour = String(parseFloat(state.spentThisHour) + valueEth);
+          state.spentToday = String(parseFloat(state.spentToday) + valueEth);
+          saveVaultState(state);
+        }
+        return json(res, 200, { signedTx });
+      }
+      if (url === "/sign-message" && method === "POST") {
+        const body = await readBody(req);
+        if (!body.message) return json(res, 400, { error: "Missing 'message' field" });
+        const signature = await wallet.signMessage(body.message);
+        return json(res, 200, { signature });
+      }
+      if (url === "/sign-typed-data" && method === "POST") {
+        const body = await readBody(req);
+        const { domain, types, value } = body;
+        if (!domain || !types || !value) {
+          return json(res, 400, { error: "Missing domain, types, or value" });
+        }
+        const signature = await wallet.signTypedData(domain, types, value);
+        return json(res, 200, { signature });
+      }
+      if (url === "/broadcast" && method === "POST") {
+        const body = await readBody(req);
+        if (!body.signedTx) return json(res, 400, { error: "Missing 'signedTx' field" });
+        const txResponse = await provider.broadcastTransaction(body.signedTx);
+        return json(res, 200, {
+          hash: txResponse.hash,
+          nonce: txResponse.nonce
+        });
+      }
+      return json(res, 404, { error: `Unknown endpoint: ${method} ${url}` });
+    } catch (e) {
+      return json(res, 500, { error: e.message });
+    }
+  };
+}
+async function main() {
+  const args = process.argv.slice(2).filter((a) => a !== "vault");
+  const portArg = args.indexOf("--port");
+  const port = portArg >= 0 ? parseInt(args[portArg + 1]) : parseInt(process.env.LOGIQICAL_VAULT_PORT || String(DEFAULT_PORT));
+  console.log("");
+  console.log("  \x1B[1mLogiqical Vault Daemon\x1B[0m");
+  console.log("  \x1B[2mSigns transactions, enforces policies. Keys never leave this process.\x1B[0m");
+  console.log("");
+  const keystorePath = join(KEYS_DIR, "agent.json");
+  if (!existsSync(keystorePath)) {
+    console.error("  No wallet found. Run: logiqical setup");
+    process.exit(1);
+  }
+  const config = loadConfig();
+  const password = config.password || "logiqical-agent";
+  console.log("  Loading keystore...");
+  const keystoreData = JSON.parse(readFileSync(keystorePath, "utf-8"));
+  const decrypted = await Wallet.fromEncryptedJson(keystoreData.encryptedJson, password);
+  const rpcUrl = config.rpcUrl || "https://api.avax.network/ext/bc/C/rpc";
+  const provider = new JsonRpcProvider(rpcUrl, 43114);
+  const wallet = new Wallet(decrypted.privateKey, provider);
+  let state = loadVaultState();
+  state = resetBudgetPeriods(state);
+  console.log(`  Address:  \x1B[32m${wallet.address}\x1B[0m`);
+  console.log(`  Network:  Avalanche C-Chain`);
+  console.log(`  Port:     ${port}`);
+  if (state.policy.maxPerTx || state.policy.maxPerDay) {
+    console.log(`  Policy:   max/tx: ${state.policy.maxPerTx || "none"}, max/day: ${state.policy.maxPerDay || "none"}, simulate: ${state.policy.simulateBeforeSend ?? false}`);
+  } else {
+    console.log("  Policy:   \x1B[33mnone set \u2014 all transactions will be signed\x1B[0m");
+  }
+  const server = createServer(createVaultServer(wallet, provider, state));
+  server.listen(port, "127.0.0.1", () => {
+    console.log("");
+    console.log(`  \x1B[32mVault running on http://127.0.0.1:${port}\x1B[0m`);
+    console.log("");
+    console.log("  Endpoints:");
+    console.log("    GET  /health          \u2014 health check");
+    console.log("    GET  /address         \u2014 wallet address");
+    console.log("    GET  /policy          \u2014 current policy");
+    console.log("    POST /policy          \u2014 update policy");
+    console.log("    GET  /budget          \u2014 spending budget status");
+    console.log("    POST /sign            \u2014 sign a transaction (policy-enforced)");
+    console.log("    POST /sign-message    \u2014 sign an arbitrary message");
+    console.log("    POST /sign-typed-data \u2014 sign EIP-712 typed data");
+    console.log("    POST /broadcast       \u2014 broadcast signed tx");
+    console.log("");
+    console.log("  \x1B[2mPress Ctrl+C to stop\x1B[0m");
+  });
+  process.on("SIGINT", () => {
+    console.log("\n  Shutting down vault...");
+    saveVaultState(state);
+    server.close();
+    process.exit(0);
+  });
+  process.on("SIGTERM", () => {
+    saveVaultState(state);
+    server.close();
+    process.exit(0);
+  });
+}
+main().catch((e) => {
+  console.error("Error:", e.message);
+  process.exit(1);
+});

package/package.json

@@ -1,12 +1,14 @@
 {
   "name": "logiqical",
-  "version": "0.4.0",
-  "description": "Agent wallet SDK for Avalanche + Arena — swap, stake, launchpad, DEX, perps, bridge, social, signals, copy trading, 91 MCP tools. No backend needed.",
+  "version": "0.5.0",
+  "description": "Agent wallet SDK for Avalanche + Arena — 91 MCP tools, admin CLI, vault daemon, skill packs. No backend needed.",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
   "types": "dist/index.d.ts",
   "bin": {
-    "logiqical-mcp": "dist/cli.mjs"
+    "logiqical": "dist/admin.mjs",
+    "logiqical-mcp": "dist/cli.mjs",
+    "logiqical-vault": "dist/vault.mjs"
   },
   "exports": {
     ".": {
@@ -16,7 +18,8 @@
     }
   },
   "files": [
-    "dist"
+    "dist",
+    "skills"
   ],
   "scripts": {
     "build": "tsup",

package/skills/logiqical/CLAUDE.md

@@ -0,0 +1,180 @@
+# Logiqical Agent SDK
+
+You have access to the Logiqical SDK — a non-custodial agent wallet for Avalanche and Arena with 91 MCP tools across 15 modules.
+
+## Setup
+
+The agent wallet is already booted. Use MCP tools directly. No imports needed.
+
+## Core Concepts
+
+- **Every on-chain action goes through MCP tools** — you call tools, they sign and broadcast
+- **Spending policies are enforced automatically** — per-tx limits, hourly/daily budgets, simulation
+- **Arena API key is required** for social, perps, and tickets tools (set via `ARENA_API_KEY` env var)
+
+## Available Tools (91 total)
+
+### Wallet (4 tools)
+- `get_address` — your agent wallet address
+- `get_balance` — AVAX balance
+- `send_avax` — send AVAX to any address
+- `sign_message` — sign arbitrary messages
+
+### ARENA Token (6 tools)
+- `get_balances` — AVAX + ARENA balances
+- `swap_quote_buy` — quote AVAX to ARENA
+- `swap_quote_sell` — quote ARENA to AVAX
+- `swap_buy_arena` — buy ARENA with AVAX
+- `swap_sell_arena` — sell ARENA for AVAX
+
+### Staking (4 tools)
+- `stake_info` — staked amount + pending rewards
+- `stake_arena` — stake ARENA tokens
+- `unstake_arena` — unstake + claim rewards
+- `buy_and_stake` — buy ARENA + stake in one tx
+
+### DEX — Any Token Swap (6 tools)
+- `dex_tokens` — list known tokens
+- `dex_token_info` — look up any ERC-20 by address
+- `dex_balance` — check any token balance
+- `dex_quote` — quote any token pair
+- `dex_swap` — swap any tokens on Avalanche
+
+### Launchpad (6 tools)
+- `launchpad_overview` — platform stats
+- `launchpad_recent` — recently launched tokens
+- `launchpad_token` — full token info by ID
+- `launchpad_quote` — bonding curve price quote
+- `launchpad_buy` — buy a launchpad token
+- `launchpad_sell` — sell a launchpad token
+
+### Tickets (8 tools)
+- `tickets_buy_price` / `tickets_sell_price` — price quotes
+- `tickets_balance` — ticket balance
+- `tickets_supply` — total supply
+- `tickets_fees` — fee structure
+- `tickets_buy` / `tickets_sell` — buy/sell tickets
+
+### Bridge — Cross-Chain (8 tools)
+- `bridge_info` — supported chains + USDC addresses
+- `bridge_chains` — all supported chains
+- `bridge_tokens` — tokens on specified chains
+- `bridge_quote` — bridge quote with transaction
+- `bridge_routes` — multiple route options
+- `bridge_status` — check transfer status
+
+### Perps — Perpetual Futures (12 tools)
+- `perps_register` — register for Hyperliquid perps
+- `perps_registration_status` — check registration
+- `perps_wallet_address` — get Hyperliquid wallet
+- `perps_trading_pairs` — all 250+ pairs
+- `perps_update_leverage` — set leverage (1-50x)
+- `perps_place_order` — place orders
+- `perps_cancel_orders` — cancel orders
+- `perps_close_position` — close a position
+- `perps_orders` — view open orders
+- `perps_positions` — positions + margin summary
+- `perps_deposit_info` — Hyperliquid deposit addresses
+- `perps_arbitrum_usdc_balance` — USDC balance on Arbitrum
+- `perps_deposit_usdc` — build USDC deposit tx
+
+### Signals Intelligence (6 tools)
+- `signals_market` — price, funding, OI, volume
+- `signals_technical` — SMA, RSI, trend, support/resistance
+- `signals_whales` — whale positions from orderbook
+- `signals_funding` — funding rate extremes
+- `signals_summary` — full signal digest + verdict
+- `signals_scan` — scan all markets for opportunities
+
+### Social (14 tools)
+- `social_search_users` — search Arena users
+- `social_user_by_handle` — get user by handle
+- `social_me` — your Arena profile
+- `social_top_users` — top users
+- `social_follow` / `social_unfollow` — follow/unfollow
+- `social_update_profile` — update profile
+- `social_conversations` — list chats
+- `social_send_message` — send a message
+- `social_messages` — read messages
+- `social_create_thread` — create a post
+- `social_like_thread` — like a thread
+- `social_post_trade` — auto-post a trade update
+
+### Agent Registration (1 tool)
+- `agent_register` — register a new AI agent on Arena (returns API key)
+
+### Copy Trading (3 tools)
+- `copy_get_positions` — get target wallet positions
+- `copy_calculate_orders` — calculate mirror orders
+- `copy_execute` — one-shot copy trade
+
+### Market Data (6 tools)
+- `market_price` — prices, 24h change, market cap
+- `market_trending` — trending coins
+- `market_top` — top by market cap
+- `market_search` — search coins
+- `market_avax_price` / `market_arena_price` — quick price checks
+
+### DeFi (8 tools)
+- `defi_savax_info` — sAVAX exchange rate + balances
+- `defi_savax_quote` — quote AVAX to sAVAX
+- `defi_savax_stake` — stake AVAX to sAVAX
+- `defi_savax_unstake` — unstake sAVAX
+- `defi_vault_info` — ERC-4626 vault info
+- `defi_vault_quote` — vault deposit quote
+- `defi_vault_deposit` — deposit into vault
+- `defi_vault_withdraw` — withdraw from vault
+
+### Policy (3 tools)
+- `policy_get` — current spending policy
+- `policy_set` — replace policy
+- `policy_budget` — budget status (spent today, remaining)
+
+### Contract Call (1 tool)
+- `call_contract` — call any smart contract method
+
+## Patterns
+
+### Before trading, always check balances first
+```
+1. get_balance (check AVAX)
+2. get_balances (check ARENA)
+3. Then swap/trade
+```
+
+### Before perps, check registration
+```
+1. perps_registration_status
+2. If not registered: perps_register
+3. Then trade
+```
+
+### For copy trading
+```
+1. copy_get_positions (see what the target holds)
+2. copy_calculate_orders (see what you'd need to do)
+3. copy_execute (or execute manually with perps_place_order)
+```
+
+### For cross-chain operations
+```
+1. bridge_info (get chain IDs and token addresses)
+2. bridge_quote (get quote + tx)
+3. Execute the bridge tx
+4. bridge_status (poll until complete)
+```
+
+### Always check policy before large trades
+```
+1. policy_budget (check remaining budget)
+2. If over limit, inform the user
+3. policy_set to adjust if user approves
+```
+
+## Important Notes
+
+- All on-chain transactions are real and irreversible. Always confirm with the user before executing trades.
+- The agent wallet's private key is stored in an encrypted keystore at `~/.logiqical/keys/agent.json`.
+- Spending policies are your guardrails. Never disable simulation without the user's explicit consent.
+- Arena API rate limits: 10 posts/hour, 120 orders/hour, 100 reads/minute.
+- For perps, Arena holds the signing keys. Orders go through Arena's API, not direct on-chain.

package/skills/logiqical/CODEX.md

@@ -0,0 +1,48 @@
+# Logiqical Agent SDK — Codex Instructions
+
+You are an AI agent with a non-custodial wallet on Avalanche. You have 91 tools across 15 modules for DeFi, trading, social, and more.
+
+## Your Capabilities
+
+You can:
+- **Trade**: Swap any token on Avalanche, buy/sell ARENA, trade launchpad tokens
+- **Perps**: Trade 250+ perpetual futures on Hyperliquid (up to 50x leverage)
+- **Copy Trade**: Mirror any Hyperliquid wallet's positions
+- **Stake**: Stake ARENA for rewards, liquid stake AVAX to sAVAX
+- **Bridge**: Move tokens across 20+ EVM chains
+- **Social**: Post to Arena feed, chat, follow users, auto-post trade updates
+- **Analyze**: Market signals, whale tracking, funding rates, technical analysis
+- **DeFi**: Deposit into ERC-4626 vaults, liquid staking
+
+## How to Trade
+
+Always follow this flow:
+1. Check your balance first (`get_balance`, `get_balances`, `dex_balance`)
+2. Get a quote (`dex_quote`, `swap_quote_buy`, `launchpad_quote`)
+3. Confirm with the user
+4. Execute (`dex_swap`, `swap_buy_arena`, `launchpad_buy`)
+
+## How to Analyze Markets
+
+1. Quick check: `market_avax_price`, `market_arena_price`, `market_price`
+2. Deep analysis: `signals_summary` for full market + technical + whale data
+3. Scan opportunities: `signals_scan` to find the best setups across all markets
+4. Funding plays: `signals_funding` to find extreme funding rates
+
+## How to Copy Trade
+
+1. `copy_get_positions` — see what the target wallet holds
+2. `copy_calculate_orders` — calculate what you need to match them
+3. `copy_execute` — execute all mirror orders in one shot
+
+## Spending Policies
+
+Your wallet has spending limits. Check with `policy_budget` before large trades.
+If a trade is rejected by policy, tell the user and suggest adjusting with `policy_set`.
+
+## Safety Rules
+
+- Always confirm trades with the user before executing
+- Check balances before every trade
+- Never disable spending policies without explicit user consent
+- All transactions are real and irreversible on the blockchain