minara 0.1.5 → 0.2.1

package/dist/touchid.js

@@ -0,0 +1,181 @@
+// ═══════════════════════════════════════════════════════════════════════════
+//  Touch ID (macOS) — biometric verification for sensitive operations
+// ═══════════════════════════════════════════════════════════════════════════
+import { execFileSync } from 'node:child_process';
+import { existsSync, writeFileSync, unlinkSync, chmodSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { platform } from 'node:os';
+import chalk from 'chalk';
+import { loadConfig, getMinaraDir } from './config.js';
+// Bump this when SWIFT_SOURCE changes to force recompilation
+const TOUCHID_BINARY_VERSION = '1';
+const SWIFT_SOURCE = `
+import Foundation
+import LocalAuthentication
+
+// Mode: "check" = just check availability, "auth" = perform authentication
+let mode = CommandLine.arguments.count > 1 ? CommandLine.arguments[1] : "auth"
+let context = LAContext()
+var error: NSError?
+
+guard context.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error) else {
+    let msg = error?.localizedDescription ?? "Touch ID not available"
+    fputs("unavailable:\\(msg)\\n", stderr)
+    exit(2)
+}
+
+if mode == "check" {
+    print("available")
+    exit(0)
+}
+
+// Auth mode — prompt for Touch ID
+let reason = CommandLine.arguments.count > 2
+    ? CommandLine.arguments[2]
+    : "Minara CLI: Authorize transaction"
+
+let semaphore = DispatchSemaphore(value: 0)
+var authSuccess = false
+
+context.evaluatePolicy(
+    .deviceOwnerAuthenticationWithBiometrics,
+    localizedReason: reason
+) { result, authError in
+    authSuccess = result
+    if !result {
+        let msg = authError?.localizedDescription ?? "Authentication failed"
+        fputs("failed:\\(msg)\\n", stderr)
+    }
+    semaphore.signal()
+}
+
+semaphore.wait()
+exit(authSuccess ? 0 : 1)
+`;
+// ─── Binary management ───────────────────────────────────────────────────
+const BINARY_NAME = 'touchid_auth';
+const VERSION_FILE = 'touchid_auth.version';
+function getBinaryPath() {
+    return join(getMinaraDir(), BINARY_NAME);
+}
+function getVersionPath() {
+    return join(getMinaraDir(), VERSION_FILE);
+}
+function isBinaryUpToDate() {
+    const binaryPath = getBinaryPath();
+    const versionPath = getVersionPath();
+    if (!existsSync(binaryPath) || !existsSync(versionPath))
+        return false;
+    try {
+        const ver = readFileSync(versionPath, 'utf-8').trim();
+        return ver === TOUCHID_BINARY_VERSION;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Compile the Touch ID Swift helper binary (cached in ~/.minara/).
+ * Returns the path to the compiled binary.
+ */
+function ensureBinary() {
+    const binaryPath = getBinaryPath();
+    if (isBinaryUpToDate())
+        return binaryPath;
+    const dir = getMinaraDir();
+    const sourcePath = join(dir, 'touchid_auth.swift');
+    writeFileSync(sourcePath, SWIFT_SOURCE, 'utf-8');
+    try {
+        execFileSync('/usr/bin/swiftc', [
+            '-O', // optimized build
+            '-o', binaryPath,
+            sourcePath,
+        ], {
+            timeout: 120_000, // 2 min timeout for first compile
+            stdio: 'pipe',
+        });
+        chmodSync(binaryPath, 0o700);
+        writeFileSync(getVersionPath(), TOUCHID_BINARY_VERSION, 'utf-8');
+    }
+    catch (err) {
+        // Clean up on failure
+        if (existsSync(binaryPath))
+            unlinkSync(binaryPath);
+        const msg = err instanceof Error ? err.message : String(err);
+        throw new Error(`Failed to compile Touch ID helper: ${msg}`);
+    }
+    finally {
+        if (existsSync(sourcePath))
+            unlinkSync(sourcePath);
+    }
+    return binaryPath;
+}
+// ─── Public API ──────────────────────────────────────────────────────────
+/**
+ * Check whether Touch ID hardware is available on this machine.
+ * Returns `false` on non-macOS or when hardware is absent / not enrolled.
+ */
+export function isTouchIdAvailable() {
+    if (platform() !== 'darwin')
+        return false;
+    try {
+        const binary = ensureBinary();
+        execFileSync(binary, ['check'], { timeout: 10_000, stdio: 'pipe' });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Perform a Touch ID verification.
+ * Resolves on success, throws on failure or cancellation.
+ */
+export function verifyTouchId(reason) {
+    const binary = ensureBinary();
+    const args = ['auth'];
+    if (reason)
+        args.push(reason);
+    execFileSync(binary, args, { timeout: 60_000, stdio: ['pipe', 'pipe', 'pipe'] });
+}
+/**
+ * If Touch ID is enabled in config, prompt the user for biometric
+ * verification. Exits the process on failure.
+ *
+ * Call this before any sensitive financial operation.
+ * On non-macOS platforms a warning is shown and execution continues.
+ */
+export async function requireTouchId() {
+    const config = loadConfig();
+    if (!config.touchId)
+        return; // Touch ID not enabled — no-op
+    if (platform() !== 'darwin') {
+        console.log(chalk.yellow('⚠'), 'Touch ID is only available on macOS. Skipping biometric check.');
+        return;
+    }
+    console.log('');
+    console.log(chalk.blue('🔐'), chalk.bold('Touch ID verification required'));
+    try {
+        verifyTouchId();
+        console.log(chalk.green('✔'), 'Touch ID verified');
+        console.log('');
+    }
+    catch (err) {
+        // Parse stderr for details
+        const stderr = (err && typeof err === 'object' && 'stderr' in err)
+            ? err.stderr?.toString().trim()
+            : '';
+        if (stderr.startsWith('unavailable:')) {
+            console.error(chalk.red('✖'), 'Touch ID is not available on this device.');
+            console.error(chalk.dim('  Tip: Run `minara config` to disable Touch ID protection.'));
+        }
+        else {
+            console.error(chalk.red('✖'), 'Touch ID verification failed. Operation cancelled.');
+            if (stderr) {
+                const detail = stderr.startsWith('failed:') ? stderr.slice(7) : stderr;
+                console.error(chalk.dim(`  ${detail}`));
+            }
+        }
+        process.exit(1);
+    }
+}

package/dist/types.d.ts

@@ -32,6 +32,17 @@ export interface AuthUser {
     accounts?: Record<string, unknown>;
     invitationCode?: string;
     mfaSettings?: Record<string, unknown>;
+    subscription?: {
+        planId?: number;
+        planName?: string;
+        status?: string;
+        interval?: string;
+        currentPeriodEnd?: string;
+        cancelAtPeriodEnd?: boolean;
+        [key: string]: unknown;
+    };
+    plan?: Record<string, unknown>;
+    [key: string]: unknown;
 }
 export interface DeviceAuthStartResponse {
     device_code: string;
@@ -68,7 +79,6 @@ export interface ChatRequestDTO {
     chatId?: string;
     parentMessageId?: string;
     thinking?: boolean;
-    deepresearch?: boolean;
     workMode?: string;
     platform?: string;
     message: {
@@ -246,41 +256,6 @@ export interface UpdateLimitOrderDto {
     targetPrice?: number;
     expiredAt?: number;
 }
-export interface CreateCopyTradeDto {
-    targetAddress: string;
-    chain: string;
-    name?: string;
-    mode?: 'fixedAmount';
-    copySell?: boolean;
-    copySellSamePercentage?: boolean;
-    copySellQuitPercentage?: number;
-    fixedAmount?: number;
-    status?: 'running' | 'paused';
-    expiredAt?: number;
-}
-export interface CopyTradeInfo {
-    id: string;
-    name?: string;
-    targetAddress: string;
-    chain: string;
-    mode?: string;
-    fixedAmount?: number;
-    copySell?: boolean;
-    status?: string;
-    createdAt?: string;
-}
-export interface UpdateCopyTradeDto {
-    chain: string;
-    name?: string;
-    mode?: 'fixedAmount';
-    copySell?: boolean;
-    copySellSamePercentage?: boolean;
-    copySellQuitPercentage?: number;
-    fixedAmount?: number;
-    targetAddress?: string;
-    status?: 'running' | 'paused';
-    expiredAt?: number;
-}
 export interface UserTradeConfig {
     slippage?: string;
     priorityFee?: string;
@@ -292,9 +267,15 @@ export interface TokenInfo {
     name?: string;
     address?: string;
     chain?: string;
+    logo?: string;
+    description?: string;
     price?: number;
-    change24h?: number;
+    priceChange24H?: number;
+    volume?: number;
+    volume24H?: number;
     marketCap?: number;
+    fdv?: number;
+    socialUrls?: Record<string, string>;
 }
 export interface DiscoverEvent {
     id: string;
@@ -304,11 +285,44 @@ export interface DiscoverEvent {
     createdAt?: string;
 }
 export interface PaymentPlan {
-    id: string;
-    name?: string;
-    price?: number;
+    _id: string;
+    id: number;
+    name: string;
+    price: number;
+    status: string;
+    interval: 'month' | 'year';
+    rules: {
+        limitDegenMode?: number;
+        limitDeepresearch?: number;
+        limitCredit?: string;
+        limitWorkflows?: number;
+    };
+    stripePriceId?: string;
+    inviteCount?: number;
+}
+export interface CreditPackage {
+    _id: string;
+    id: number;
+    amount: number;
+    degenMode: number;
+    stripePriceId: string;
+    credit: string;
+}
+export interface PlansResponse {
+    plans: PaymentPlan[];
+    packages: CreditPackage[];
+}
+export interface CheckoutSession {
+    url?: string;
+    sessionId?: string;
+    [key: string]: unknown;
+}
+export interface CryptoCheckout {
+    url?: string;
+    address?: string;
+    amount?: number;
     currency?: string;
-    interval?: string;
+    [key: string]: unknown;
 }
 export interface GasFeeInfo {
     chain?: string;

package/dist/utils.d.ts

@@ -30,5 +30,49 @@ export declare function selectChain(message?: string, compact?: boolean): Promis
  * prints a clean error instead of a raw stack trace.
  */
 export declare function wrapAction<A extends unknown[]>(fn: (...args: A) => Promise<void>): (...args: A) => Promise<void>;
+export interface TokenDisplayInfo {
+    symbol?: string;
+    name?: string;
+    address: string;
+    chain?: string;
+}
+/**
+ * Normalize a chain identifier from the token search API to a supported
+ * `Chain` value used by the swap / transfer APIs.
+ */
+export declare function normalizeChain(raw?: string): Chain | undefined;
+/**
+ * Look up token metadata by address, ticker, or name.
+ *
+ * - Input starting with `$` (e.g. `$BONK`) is treated as an exact ticker
+ *   search. Results are filtered to those whose symbol matches (case-insensitive).
+ * - Otherwise the raw input is sent to the search API and may match by
+ *   address, ticker, or name.
+ *
+ * When multiple candidates remain the user is prompted to disambiguate.
+ * The returned `address` is always the resolved contract address.
+ */
+export declare function lookupToken(tokenInput: string): Promise<TokenDisplayInfo>;
+/**
+ * Format token info for display: "$BONK — Bonk" or just the address when
+ * symbol/name are unavailable.
+ */
+export declare function formatTokenLabel(token: TokenDisplayInfo): string;
+/**
+ * Prompt the user for a mandatory second confirmation before executing a
+ * fund-related operation. Controlled by `confirmBeforeTransaction` in config
+ * (default: enabled). This confirmation is independent of the `-y` flag and
+ * Touch ID — it serves as an extra safety net.
+ *
+ * @param description  Short one-line summary of the operation.
+ * @param token        Optional token metadata to highlight in the prompt.
+ *
+ * Exits the process if the user declines.
+ */
+export declare function requireTransactionConfirmation(description: string, token?: TokenDisplayInfo, details?: {
+    chain?: string;
+    side?: string;
+    amount?: string;
+}): Promise<void>;
 /** Open a URL in the user's default browser (cross-platform). */
 export declare function openBrowser(url: string): void;

package/dist/utils.js

@@ -2,8 +2,9 @@ import chalk from 'chalk';
 import ora from 'ora';
 import { exec } from 'node:child_process';
 import { platform } from 'node:os';
-import { select } from '@inquirer/prompts';
+import { select, confirm } from '@inquirer/prompts';
 import { SUPPORTED_CHAINS } from './types.js';
+import { loadConfig } from './config.js';
 // ─── Logging helpers ─────────────────────────────────────────────────────────
 export function success(msg) {
     console.log(chalk.green('✔'), msg);
@@ -114,6 +115,228 @@ export function wrapAction(fn) {
         }
     };
 }
+const NATIVE_TOKEN_ADDRESS = {
+    sol: 'So11111111111111111111111111111111111111112',
+    solana: 'So11111111111111111111111111111111111111112',
+};
+const EVM_NATIVE = '0x' + '0'.repeat(40);
+function resolveNativeAddress(chain) {
+    if (!chain)
+        return EVM_NATIVE;
+    return NATIVE_TOKEN_ADDRESS[chain.toLowerCase()] ?? EVM_NATIVE;
+}
+const CHAIN_ALIAS = {
+    sol: 'solana',
+    eth: 'ethereum',
+    arb: 'arbitrum',
+    op: 'optimism',
+    matic: 'polygon',
+    poly: 'polygon',
+    avax: 'avalanche',
+    bnb: 'bsc',
+    bera: 'berachain',
+    // Numeric chain IDs returned by the token search API
+    '101': 'solana',
+    '1': 'ethereum',
+    '8453': 'base',
+    '42161': 'arbitrum',
+    '10': 'optimism',
+    '56': 'bsc',
+    '137': 'polygon',
+    '43114': 'avalanche',
+    '81457': 'blast',
+    '169': 'manta',
+    '34443': 'mode',
+    '146': 'sonic',
+    '80094': 'berachain',
+    '196': 'xlayer',
+    '4200': 'merlin',
+};
+/**
+ * Normalize a chain identifier from the token search API to a supported
+ * `Chain` value used by the swap / transfer APIs.
+ */
+export function normalizeChain(raw) {
+    if (!raw)
+        return undefined;
+    const lower = raw.toLowerCase();
+    if (SUPPORTED_CHAINS.includes(lower))
+        return lower;
+    return CHAIN_ALIAS[lower];
+}
+/** Capitalize chain name for display (e.g. "solana" → "Solana", "bsc" → "BSC"). */
+function displayChain(raw) {
+    const name = normalizeChain(raw) ?? raw ?? 'unknown';
+    if (name === 'bsc')
+        return 'BSC';
+    return name.charAt(0).toUpperCase() + name.slice(1);
+}
+/** Lower = cheaper gas. Used to sort chain choices so the cheapest is first. */
+const CHAIN_GAS_RANK = {
+    sol: 1, solana: 1, '101': 1,
+    base: 2, '8453': 2,
+    arbitrum: 3, arb: 3, '42161': 3,
+    optimism: 4, op: 4, '10': 4,
+    bsc: 5, bnb: 5, '56': 5,
+    polygon: 6, matic: 6, poly: 6, '137': 6,
+    sonic: 7, '146': 7,
+    avalanche: 8, avax: 8, '43114': 8,
+    berachain: 9, bera: 9, '80094': 9,
+    blast: 10, '81457': 10,
+    manta: 11, '169': 11,
+    mode: 12, '34443': 12,
+    ethereum: 50, eth: 50, '1': 50,
+};
+function chainGasRank(chain) {
+    if (!chain)
+        return 99;
+    return CHAIN_GAS_RANK[chain.toLowerCase()] ?? 30;
+}
+/**
+ * Look up token metadata by address, ticker, or name.
+ *
+ * - Input starting with `$` (e.g. `$BONK`) is treated as an exact ticker
+ *   search. Results are filtered to those whose symbol matches (case-insensitive).
+ * - Otherwise the raw input is sent to the search API and may match by
+ *   address, ticker, or name.
+ *
+ * When multiple candidates remain the user is prompted to disambiguate.
+ * The returned `address` is always the resolved contract address.
+ */
+export async function lookupToken(tokenInput) {
+    const isTicker = tokenInput.startsWith('$');
+    const keyword = isTicker ? tokenInput.slice(1) : tokenInput;
+    const spin = spinner('Looking up token…');
+    try {
+        const { searchTokens } = await import('./api/tokens.js');
+        const res = await searchTokens(keyword);
+        spin.stop();
+        if (!res.success || !res.data || res.data.length === 0) {
+            if (isTicker) {
+                warn(`No token found for ticker $${keyword}`);
+            }
+            return { address: tokenInput };
+        }
+        let tokens = res.data;
+        if (isTicker) {
+            const filtered = tokens.filter((t) => t.symbol?.toLowerCase() === keyword.toLowerCase());
+            if (filtered.length > 0)
+                tokens = filtered;
+        }
+        if (!isTicker) {
+            const exact = tokens.find((t) => t.address?.toLowerCase() === keyword.toLowerCase());
+            if (exact) {
+                return { symbol: exact.symbol, name: exact.name ?? displayChain(exact.chain), address: exact.address ?? resolveNativeAddress(exact.chain), chain: exact.chain };
+            }
+        }
+        if (tokens.length === 1) {
+            const t = tokens[0];
+            return { symbol: t.symbol, name: t.name ?? displayChain(t.chain), address: t.address ?? resolveNativeAddress(t.chain), chain: t.chain };
+        }
+        // Check if all results share the same symbol → multi-chain scenario
+        const uniqueSymbols = new Set(tokens.map((t) => t.symbol?.toLowerCase()));
+        if (uniqueSymbols.size === 1) {
+            const sorted = [...tokens].sort((a, b) => chainGasRank(a.chain) - chainGasRank(b.chain));
+            info(`$${sorted[0].symbol} is available on ${sorted.length} chains`);
+            const selected = await select({
+                message: 'Select chain:',
+                choices: sorted.map((t, i) => {
+                    const chainName = displayChain(t.chain);
+                    const addr = t.address
+                        ? chalk.dim(` · ${t.address.slice(0, 10)}…${t.address.slice(-6)}`)
+                        : chalk.dim(' · native token');
+                    const tag = i === 0 ? chalk.green(' (lowest gas)') : '';
+                    return { name: `${chalk.cyan(chainName)}${tag}${addr}`, value: t };
+                }),
+            });
+            return {
+                symbol: selected.symbol,
+                name: selected.name ?? displayChain(selected.chain),
+                address: selected.address ?? resolveNativeAddress(selected.chain),
+                chain: selected.chain,
+            };
+        }
+        info(`Found ${tokens.length} tokens matching "${tokenInput}"`);
+        const selected = await select({
+            message: 'Select the correct token:',
+            choices: tokens.map((t) => {
+                const sym = t.symbol ? chalk.bold('$' + t.symbol) : '?';
+                const chainName = displayChain(t.chain);
+                const label = t.name || chainName;
+                const desc = label ? ` — ${label}` : '';
+                const chainTag = chainName && chainName !== label ? chalk.dim(` [${chainName}]`) : '';
+                const addr = t.address ? `\n    ${chalk.yellow(t.address)}` : chalk.dim('\n    (native token)');
+                return { name: `${sym}${desc}${chainTag}${addr}`, value: t };
+            }),
+        });
+        return {
+            symbol: selected.symbol,
+            name: selected.name ?? displayChain(selected.chain),
+            address: selected.address ?? resolveNativeAddress(selected.chain),
+            chain: selected.chain,
+        };
+    }
+    catch {
+        spin.stop();
+        return { address: tokenInput };
+    }
+}
+/**
+ * Format token info for display: "$BONK — Bonk" or just the address when
+ * symbol/name are unavailable.
+ */
+export function formatTokenLabel(token) {
+    if (!token.symbol)
+        return chalk.yellow(token.address);
+    const ticker = chalk.bold('$' + token.symbol);
+    return token.name ? `${ticker} ${chalk.dim('—')} ${token.name}` : ticker;
+}
+// ─── Transaction confirmation ─────────────────────────────────────────────────
+/**
+ * Prompt the user for a mandatory second confirmation before executing a
+ * fund-related operation. Controlled by `confirmBeforeTransaction` in config
+ * (default: enabled). This confirmation is independent of the `-y` flag and
+ * Touch ID — it serves as an extra safety net.
+ *
+ * @param description  Short one-line summary of the operation.
+ * @param token        Optional token metadata to highlight in the prompt.
+ *
+ * Exits the process if the user declines.
+ */
+export async function requireTransactionConfirmation(description, token, details) {
+    const config = loadConfig();
+    if (config.confirmBeforeTransaction === false)
+        return;
+    console.log('');
+    console.log(chalk.yellow('⚠'), chalk.bold('Transaction confirmation'));
+    if (details?.chain) {
+        console.log(chalk.dim('  Chain    : ') + chalk.cyan(details.chain));
+    }
+    if (token) {
+        const ticker = token.symbol ? '$' + token.symbol : undefined;
+        const label = [ticker, token.name].filter(Boolean).join(' — ');
+        console.log(chalk.dim('  Token    : ') + (label ? chalk.bold(label) : chalk.dim('Unknown token')));
+        console.log(chalk.dim('  Address  : ') + chalk.yellow(token.address));
+    }
+    if (details?.side) {
+        const s = details.side.toLowerCase();
+        const colored = s === 'buy' ? chalk.green.bold(details.side.toUpperCase()) : chalk.red.bold(details.side.toUpperCase());
+        console.log(chalk.dim('  Side     : ') + colored);
+    }
+    if (details?.amount) {
+        console.log(chalk.dim('  Amount   : ') + chalk.bold(details.amount));
+    }
+    console.log(chalk.dim(`  Action   : ${description}`));
+    console.log('');
+    const ok = await confirm({
+        message: 'Are you sure you want to proceed?',
+        default: false,
+    });
+    if (!ok) {
+        console.log(chalk.dim('Operation cancelled.'));
+        process.exit(0);
+    }
+}
 // ─── Browser ──────────────────────────────────────────────────────────────────
 /** Open a URL in the user's default browser (cross-platform). */
 export function openBrowser(url) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "minara",
-  "version": "0.1.5",
+  "version": "0.2.1",
   "description": "CLI client for Minara.ai — login, trade, deposit/withdraw, chat and more from your terminal.",
   "type": "module",
   "main": "dist/index.js",