minara 0.2.8 → 0.3.0

package/dist/api/copytrade.d.ts

@@ -0,0 +1,19 @@
+import type { CreateCopyTradeDto, UpdateCopyTradeDto, CopyTradeInfo } from '../types.js';
+/** Create copy trade */
+export declare function createCopyTrade(token: string, dto: CreateCopyTradeDto): Promise<import("../types.js").ApiResponse<CopyTradeInfo>>;
+/** List user's copy trades */
+export declare function listCopyTrades(token: string): Promise<import("../types.js").ApiResponse<CopyTradeInfo[]>>;
+/** Get copy trade by ID */
+export declare function getCopyTrade(token: string, id: string): Promise<import("../types.js").ApiResponse<CopyTradeInfo>>;
+/** Update copy trade */
+export declare function updateCopyTrade(token: string, id: string, dto: UpdateCopyTradeDto): Promise<import("../types.js").ApiResponse<CopyTradeInfo>>;
+/** Delete copy trade */
+export declare function deleteCopyTrade(token: string, id: string): Promise<import("../types.js").ApiResponse<void>>;
+/** Start copy trade */
+export declare function startCopyTrade(token: string, id: string): Promise<import("../types.js").ApiResponse<void>>;
+/** Stop copy trade */
+export declare function stopCopyTrade(token: string, id: string): Promise<import("../types.js").ApiResponse<void>>;
+/** Get copy trade activity */
+export declare function getCopyTradeActivity(token: string, id: string): Promise<import("../types.js").ApiResponse<Record<string, unknown>[]>>;
+/** Get copy trade PnL chart */
+export declare function getCopyTradePnl(token: string, id: string): Promise<import("../types.js").ApiResponse<Record<string, unknown>>>;

package/dist/api/copytrade.js

@@ -0,0 +1,37 @@
+import { get, post, patch, del } from './client.js';
+/** Create copy trade */
+export function createCopyTrade(token, dto) {
+    return post('/copy-trade', { token, body: dto });
+}
+/** List user's copy trades */
+export function listCopyTrades(token) {
+    return get('/copy-trade', { token });
+}
+/** Get copy trade by ID */
+export function getCopyTrade(token, id) {
+    return get(`/copy-trade/${encodeURIComponent(id)}`, { token });
+}
+/** Update copy trade */
+export function updateCopyTrade(token, id, dto) {
+    return patch(`/copy-trade/${encodeURIComponent(id)}`, { token, body: dto });
+}
+/** Delete copy trade */
+export function deleteCopyTrade(token, id) {
+    return del(`/copy-trade/${encodeURIComponent(id)}`, { token });
+}
+/** Start copy trade */
+export function startCopyTrade(token, id) {
+    return patch(`/copy-trade/${encodeURIComponent(id)}/start`, { token });
+}
+/** Stop copy trade */
+export function stopCopyTrade(token, id) {
+    return patch(`/copy-trade/${encodeURIComponent(id)}/stop`, { token });
+}
+/** Get copy trade activity */
+export function getCopyTradeActivity(token, id) {
+    return get(`/copy-trade/${encodeURIComponent(id)}/activity`, { token });
+}
+/** Get copy trade PnL chart */
+export function getCopyTradePnl(token, id) {
+    return get(`/copy-trade/${encodeURIComponent(id)}/pnl/chart`, { token });
+}

package/dist/commands/config.js

@@ -41,7 +41,10 @@ export const configCommand = new Command('config')
                 default: config.baseUrl,
                 validate: (v) => {
                     try {
-                        new URL(v);
+                        const u = new URL(v);
+                        if (u.protocol !== 'https:' && u.hostname !== 'localhost' && u.hostname !== '127.0.0.1') {
+                            return 'Base URL must use HTTPS (HTTP allowed only for localhost)';
+                        }
                         return true;
                     }
                     catch {

package/dist/commands/copy-trade.d.ts

@@ -0,0 +1,2 @@
+import { Command } from 'commander';
+export declare const copyTradeCommand: Command;

package/dist/commands/copy-trade.js

@@ -0,0 +1,170 @@
+import { Command } from 'commander';
+import { input, select, confirm, number as numberPrompt } from '@inquirer/prompts';
+import chalk from 'chalk';
+import * as ctApi from '../api/copytrade.js';
+import { requireAuth } from '../config.js';
+import { success, info, spinner, assertApiOk, selectChain, wrapAction } from '../utils.js';
+// ─── create ──────────────────────────────────────────────────────────────
+const createCmd = new Command('create')
+    .description('Create a copy trade bot')
+    .option('-y, --yes', 'Skip confirmation')
+    .action(wrapAction(async (opts) => {
+    const creds = requireAuth();
+    const chain = await selectChain('Chain:', true);
+    const targetAddress = await input({
+        message: 'Target wallet address to copy:',
+        validate: (v) => (v.length > 5 ? true : 'Enter a valid address'),
+    });
+    const name = await input({ message: 'Name for this copy trade (optional):' }) || undefined;
+    const fixedAmount = await numberPrompt({ message: 'Fixed buy amount (USD) per copy:', min: 1, required: true });
+    const copySell = await confirm({ message: 'Also copy sell actions?', default: true });
+    let copySellSamePercentage = false;
+    let copySellQuitPercentage;
+    if (copySell) {
+        copySellSamePercentage = await confirm({
+            message: 'Copy sell with same percentage as target?',
+            default: true,
+        });
+        copySellQuitPercentage = (await numberPrompt({
+            message: 'Clear position alert % (when target sells >= this %, clear your position; 0 to skip):',
+            default: 0,
+        })) || undefined;
+    }
+    console.log('');
+    console.log(chalk.bold('Copy Trade Bot:'));
+    console.log(`  Chain          : ${chalk.cyan(chain)}`);
+    console.log(`  Target         : ${chalk.yellow(targetAddress)}`);
+    if (name)
+        console.log(`  Name           : ${name}`);
+    console.log(`  Buy Amount     : $${fixedAmount}`);
+    console.log(`  Copy Sell      : ${copySell ? 'Yes' : 'No'}`);
+    if (copySellSamePercentage)
+        console.log(`  Same %         : Yes`);
+    if (copySellQuitPercentage)
+        console.log(`  Quit Threshold : ${copySellQuitPercentage}%`);
+    console.log('');
+    if (!opts.yes) {
+        const ok = await confirm({ message: 'Create this copy trade?', default: false });
+        if (!ok)
+            return;
+    }
+    const spin = spinner('Creating copy trade…');
+    const res = await ctApi.createCopyTrade(creds.accessToken, {
+        chain, targetAddress, name,
+        mode: 'fixedAmount',
+        fixedAmount: fixedAmount,
+        copySell,
+        copySellSamePercentage,
+        copySellQuitPercentage,
+    });
+    spin.stop();
+    assertApiOk(res, 'Failed to create copy trade');
+    success('Copy trade created!');
+    if (res.data)
+        console.log(JSON.stringify(res.data, null, 2));
+}));
+// ─── list ────────────────────────────────────────────────────────────────
+const listCmd = new Command('list')
+    .alias('ls')
+    .description('List your copy trades')
+    .action(wrapAction(async () => {
+    const creds = requireAuth();
+    const spin = spinner('Fetching copy trades…');
+    const res = await ctApi.listCopyTrades(creds.accessToken);
+    spin.stop();
+    assertApiOk(res, 'Failed to fetch copy trades');
+    const data = res.data;
+    if (!data || data.length === 0) {
+        console.log(chalk.dim('No copy trades.'));
+        return;
+    }
+    console.log(JSON.stringify(data, null, 2));
+}));
+// ─── start / stop ────────────────────────────────────────────────────────
+async function pickCopyTrade(token) {
+    const spin = spinner('Fetching copy trades…');
+    const res = await ctApi.listCopyTrades(token);
+    spin.stop();
+    const trades = res.data;
+    if (!trades || trades.length === 0) {
+        info('No copy trades found.');
+        process.exit(0);
+    }
+    return select({
+        message: 'Select copy trade:',
+        choices: trades.map((t) => ({
+            name: `[${t.id.slice(0, 12)}…] ${t.name ?? t.targetAddress}  status=${t.status ?? '?'}`,
+            value: t.id,
+        })),
+    });
+}
+const startCmd = new Command('start')
+    .description('Start (resume) a copy trade')
+    .argument('[id]', 'Copy trade ID')
+    .action(wrapAction(async (idArg) => {
+    const creds = requireAuth();
+    const id = idArg ?? await pickCopyTrade(creds.accessToken);
+    const spin = spinner('Starting…');
+    const res = await ctApi.startCopyTrade(creds.accessToken, id);
+    spin.stop();
+    assertApiOk(res, 'Failed to start copy trade');
+    success('Copy trade started.');
+}));
+const stopCmd = new Command('stop')
+    .description('Stop (pause) a copy trade')
+    .argument('[id]', 'Copy trade ID')
+    .action(wrapAction(async (idArg) => {
+    const creds = requireAuth();
+    const id = idArg ?? await pickCopyTrade(creds.accessToken);
+    const ok = await confirm({ message: `Stop copy trade ${id.slice(0, 12)}…?`, default: false });
+    if (!ok)
+        return;
+    const spin = spinner('Stopping…');
+    const res = await ctApi.stopCopyTrade(creds.accessToken, id);
+    spin.stop();
+    assertApiOk(res, 'Failed to stop copy trade');
+    success('Copy trade stopped.');
+}));
+// ─── delete ──────────────────────────────────────────────────────────────
+const deleteCmd = new Command('delete')
+    .description('Delete a copy trade')
+    .argument('[id]', 'Copy trade ID')
+    .option('-y, --yes', 'Skip confirmation')
+    .action(wrapAction(async (idArg, opts) => {
+    const creds = requireAuth();
+    const id = idArg ?? await pickCopyTrade(creds.accessToken);
+    if (!opts?.yes) {
+        const ok = await confirm({ message: `Delete copy trade ${id.slice(0, 12)}…? This cannot be undone.`, default: false });
+        if (!ok)
+            return;
+    }
+    const spin = spinner('Deleting…');
+    const res = await ctApi.deleteCopyTrade(creds.accessToken, id);
+    spin.stop();
+    assertApiOk(res, 'Failed to delete copy trade');
+    success('Copy trade deleted.');
+}));
+// ─── parent ──────────────────────────────────────────────────────────────
+export const copyTradeCommand = new Command('copy-trade')
+    .alias('ct')
+    .description('Copy trading — follow wallet addresses')
+    .addCommand(createCmd)
+    .addCommand(listCmd)
+    .addCommand(startCmd)
+    .addCommand(stopCmd)
+    .addCommand(deleteCmd)
+    .action(wrapAction(async () => {
+    const action = await select({
+        message: 'Copy Trade:',
+        choices: [
+            { name: 'Create a new copy trade', value: 'create' },
+            { name: 'List copy trades', value: 'list' },
+            { name: 'Start a copy trade', value: 'start' },
+            { name: 'Stop a copy trade', value: 'stop' },
+            { name: 'Delete a copy trade', value: 'delete' },
+        ],
+    });
+    const sub = copyTradeCommand.commands.find((c) => c.name() === action);
+    if (sub)
+        await sub.parseAsync([], { from: 'user' });
+}));

package/dist/commands/deposit.js

@@ -53,7 +53,7 @@ async function showSpotDeposit(token) {
     console.log('');
 }
 // ─── moonpay (credit card on-ramp) ───────────────────────────────────────
-const MOONPAY_PK = 'pk_live_yIf64w79W6ufwip4j51PWbymdwGtI';
+const MOONPAY_PK = process.env.MOONPAY_PK ?? 'pk_live_yIf64w79W6ufwip4j51PWbymdwGtI';
 const MOONPAY_CURRENCIES = [
     { name: 'USDC (Base)', code: 'usdc_base', network: 'base' },
     { name: 'USDC (Ethereum)', code: 'usdc', network: 'ethereum' },

package/dist/commands/perps.js

@@ -3,7 +3,7 @@ import { input, select, confirm, number as numberPrompt } from '@inquirer/prompt
 import chalk from 'chalk';
 import * as perpsApi from '../api/perps.js';
 import { requireAuth } from '../config.js';
-import { success, info, warn, spinner, assertApiOk, formatOrderSide, wrapAction, requireTransactionConfirmation } from '../utils.js';
+import { success, info, warn, spinner, assertApiOk, formatOrderSide, wrapAction, requireTransactionConfirmation, validateAddress } from '../utils.js';
 import { requireTouchId } from '../touchid.js';
 import { printTxResult, printTable, printKV, POSITION_COLUMNS, FILL_COLUMNS } from '../formatters.js';
 // ─── deposit ─────────────────────────────────────────────────────────────
@@ -48,7 +48,7 @@ const withdrawCmd = new Command('withdraw')
         : await numberPrompt({ message: 'USDC amount to withdraw:', min: 0.01, required: true });
     const toAddress = opts.to ?? await input({
         message: 'Destination address:',
-        validate: (v) => (v.length > 5 ? true : 'Enter a valid address'),
+        validate: (v) => validateAddress(v, 'arbitrum'),
     });
     console.log(`\n  Withdraw : ${chalk.bold(amount)} USDC → ${chalk.yellow(toAddress)}\n`);
     warn('Withdrawals may take time to process.');
@@ -286,6 +286,8 @@ const cancelCmd = new Command('cancel')
 const closeCmd = new Command('close')
     .description('Close an open perps position at market price')
     .option('-y, --yes', 'Skip confirmation')
+    .option('-a, --all', 'Close all open positions (non-interactive)')
+    .option('-s, --symbol <symbol>', 'Close position by symbol (non-interactive, e.g. BTC, ETH)')
     .action(wrapAction(async (opts) => {
     const creds = requireAuth();
     const spin = spinner('Fetching positions…');
@@ -307,21 +309,119 @@ const closeCmd = new Command('close')
         const color = n >= 0 ? chalk.green : chalk.red;
         return color(`${n >= 0 ? '+' : ''}${fmt(n)}`);
     };
-    const selected = await select({
-        message: 'Select position to close:',
-        choices: positions.map((p) => {
+    // Helper to close specific positions (used by --all and --symbol)
+    const closePositions = async (positionsToClose, title) => {
+        console.log('');
+        console.log(chalk.bold(title));
+        console.log(`  Positions to close: ${positionsToClose.length}`);
+        positionsToClose.forEach((p) => {
             const symbol = String(p.symbol ?? '');
             const side = String(p.side ?? '').toLowerCase();
-            const sideLabel = side === 'long' || side === 'buy' ? chalk.green('LONG') : chalk.red('SHORT');
+            const sideLabel = side === 'long' || side === 'buy' ? 'LONG' : 'SHORT';
             const sz = String(p.size ?? '');
-            const entry = fmt(Number(p.entryPrice ?? 0));
-            const pnl = pnlFmt(Number(p.unrealizedPnl ?? 0));
-            return {
-                name: `${chalk.bold(symbol.padEnd(6))} ${sideLabel}  ${sz} @ ${chalk.yellow(entry)}  PnL: ${pnl}`,
-                value: p,
+            console.log(`    - ${symbol} ${sideLabel} ${sz}`);
+        });
+        console.log('');
+        if (!opts.yes) {
+            await requireTransactionConfirmation(`Close ${positionsToClose.length} position(s) @ Market`);
+        }
+        await requireTouchId();
+        const orderSpin = spinner('Closing positions…');
+        const results = [];
+        for (const pos of positionsToClose) {
+            const symbol = String(pos.symbol ?? '');
+            const side = String(pos.side ?? '').toLowerCase();
+            const sz = String(pos.size ?? '');
+            const isLong = side === 'long' || side === 'buy';
+            const isBuy = !isLong;
+            const assetMeta = assets.find((a) => a.name.toUpperCase() === symbol.toUpperCase());
+            const marketPx = assetMeta?.markPx;
+            if (!marketPx || marketPx <= 0) {
+                results.push({ symbol, side, success: false, error: 'Could not fetch price' });
+                continue;
+            }
+            const slippagePx = isBuy ? marketPx * 1.01 : marketPx * 0.99;
+            const limitPx = slippagePx.toPrecision(5);
+            const order = {
+                a: symbol,
+                b: isBuy,
+                p: limitPx,
+                s: sz,
+                r: true,
+                t: { trigger: { triggerPx: String(marketPx), tpsl: 'tp', isMarket: true } },
             };
-        }),
+            try {
+                const orderRes = await perpsApi.placeOrders(creds.accessToken, { orders: [order], grouping: 'na' });
+                if (orderRes.success) {
+                    results.push({ symbol, side, success: true });
+                }
+                else {
+                    const errMsg = orderRes.error ? `${orderRes.error.code}: ${orderRes.error.message}` : 'Unknown error';
+                    results.push({ symbol, side, success: false, error: errMsg });
+                }
+            }
+            catch (e) {
+                results.push({ symbol, side, success: false, error: String(e) });
+            }
+        }
+        orderSpin.stop();
+        // Report results
+        const succeeded = results.filter((r) => r.success);
+        const failed = results.filter((r) => !r.success);
+        if (succeeded.length > 0) {
+            success(`Closed ${succeeded.length} position(s):`);
+            succeeded.forEach((r) => {
+                console.log(`  ✓ ${r.symbol} ${r.side.toUpperCase()}`);
+            });
+        }
+        if (failed.length > 0) {
+            warn(`Failed to close ${failed.length} position(s):`);
+            failed.forEach((r) => {
+                console.log(`  ✗ ${r.symbol} ${r.side.toUpperCase()}: ${r.error}`);
+            });
+        }
+    };
+    // If --all flag is set, close all positions directly (non-interactive)
+    if (opts.all) {
+        await closePositions(positions, 'Close ALL Positions:');
+        return;
+    }
+    // If --symbol flag is set, close positions matching the symbol (non-interactive)
+    if (opts.symbol) {
+        const symbolUpper = opts.symbol.toUpperCase();
+        const matchingPositions = positions.filter((p) => String(p.symbol ?? '').toUpperCase() === symbolUpper);
+        if (matchingPositions.length === 0) {
+            warn(`No open positions found for symbol: ${opts.symbol}`);
+            return;
+        }
+        await closePositions(matchingPositions, `Close ${opts.symbol.toUpperCase()} Positions:`);
+        return;
+    }
+    const positionChoices = positions.map((p) => {
+        const symbol = String(p.symbol ?? '');
+        const side = String(p.side ?? '').toLowerCase();
+        const sideLabel = side === 'long' || side === 'buy' ? chalk.green('LONG') : chalk.red('SHORT');
+        const sz = String(p.size ?? '');
+        const entry = fmt(Number(p.entryPrice ?? 0));
+        const pnl = pnlFmt(Number(p.unrealizedPnl ?? 0));
+        return {
+            name: `${chalk.bold(symbol.padEnd(6))} ${sideLabel}  ${sz} @ ${chalk.yellow(entry)}  PnL: ${pnl}`,
+            value: p,
+        };
     });
+    // Add "ALL POSITIONS" option at the beginning
+    const allOption = { name: chalk.bold.cyan('[ CLOSE ALL POSITIONS ]'), value: '__ALL__' };
+    const choices = [allOption, ...positionChoices];
+    const selected = await select({
+        message: 'Select position to close:',
+        choices,
+    });
+    // Handle "ALL POSITIONS" selection
+    if (selected === '__ALL__') {
+        await closePositions(positions, 'Close ALL Positions:');
+        return;
+    }
+    // Single position close (existing logic)
     const symbol = String(selected.symbol ?? '');
     const side = String(selected.side ?? '').toLowerCase();
     const sz = String(selected.size ?? '');

package/dist/commands/transfer.js

@@ -2,7 +2,7 @@ import { Command } from 'commander';
 import { input } from '@inquirer/prompts';
 import { transfer } from '../api/crosschain.js';
 import { requireAuth } from '../config.js';
-import { success, spinner, assertApiOk, selectChain, wrapAction, requireTransactionConfirmation, lookupToken } from '../utils.js';
+import { success, spinner, assertApiOk, selectChain, wrapAction, requireTransactionConfirmation, lookupToken, validateAddress } from '../utils.js';
 import { requireTouchId } from '../touchid.js';
 import { printTxResult } from '../formatters.js';
 export const transferCommand = new Command('transfer')
@@ -33,7 +33,7 @@ export const transferCommand = new Command('transfer')
     // ── 4. Recipient ─────────────────────────────────────────────────────
     const recipient = opts.to ?? await input({
         message: 'Recipient address:',
-        validate: (v) => (v.length > 5 ? true : 'Enter a valid address'),
+        validate: (v) => validateAddress(v, chain),
     });
     // ── 5. Confirm & Touch ID ──────────────────────────────────────────
     if (!opts.yes) {

package/dist/commands/withdraw.js

@@ -3,7 +3,7 @@ import { input } from '@inquirer/prompts';
 import chalk from 'chalk';
 import { transfer, getAssets } from '../api/crosschain.js';
 import { requireAuth } from '../config.js';
-import { success, spinner, assertApiOk, selectChain, wrapAction, requireTransactionConfirmation, lookupToken } from '../utils.js';
+import { success, spinner, assertApiOk, selectChain, wrapAction, requireTransactionConfirmation, lookupToken, validateAddress } from '../utils.js';
 import { requireTouchId } from '../touchid.js';
 import { printTxResult } from '../formatters.js';
 export const withdrawCommand = new Command('withdraw')
@@ -57,7 +57,7 @@ export const withdrawCommand = new Command('withdraw')
     // ── 5. Destination ───────────────────────────────────────────────────
     const recipient = opts.to ?? await input({
         message: 'Destination address (your external wallet):',
-        validate: (v) => (v.length > 5 ? true : 'Enter a valid address'),
+        validate: (v) => validateAddress(v, chain),
     });
     // ── 6. Confirm & Touch ID ──────────────────────────────────────────
     if (!opts.yes) {

package/dist/config.js

@@ -14,8 +14,7 @@ function ensureDir() {
 // ─── Credentials ─────────────────────────────────────────────────────────────
 export function saveCredentials(creds) {
     ensureDir();
-    writeFileSync(CREDENTIALS_FILE, JSON.stringify(creds, null, 2), 'utf-8');
-    chmodSync(CREDENTIALS_FILE, 0o600);
+    writeFileSync(CREDENTIALS_FILE, JSON.stringify(creds, null, 2), { encoding: 'utf-8', mode: 0o600 });
 }
 export function loadCredentials() {
     if (!existsSync(CREDENTIALS_FILE))
@@ -65,7 +64,7 @@ export function saveConfig(config) {
     ensureDir();
     const current = loadConfig();
     const merged = { ...current, ...config };
-    writeFileSync(CONFIG_FILE, JSON.stringify(merged, null, 2), 'utf-8');
+    writeFileSync(CONFIG_FILE, JSON.stringify(merged, null, 2), { encoding: 'utf-8', mode: 0o600 });
 }
 export function getMinaraDir() {
     ensureDir();

package/dist/oauth-server.js

@@ -11,6 +11,15 @@
  */
 import { createServer } from 'node:http';
 import { URL } from 'node:url';
+// ── Helpers ───────────────────────────────────────────────────────────────
+function escapeHtml(str) {
+    return str
+        .replace(/&/g, '&')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;')
+        .replace(/'/g, '&#39;');
+}
 // ── HTML responses ────────────────────────────────────────────────────────
 const SUCCESS_HTML = `<!DOCTYPE html>
 <html>
@@ -48,7 +57,7 @@ const ERROR_HTML = (msg) => `<!DOCTYPE html>
 <body>
   <div class="card">
     <h1>✖ Login Failed</h1>
-    <p>${msg}</p>
+    <p>${escapeHtml(msg)}</p>
     <p>Please return to the terminal and try again.</p>
   </div>
 </body>

package/dist/utils.d.ts

@@ -75,5 +75,10 @@ export declare function requireTransactionConfirmation(description: string, toke
     amount?: string;
     destination?: string;
 }): Promise<void>;
+/**
+ * Validate a blockchain address based on the target chain.
+ * Returns `true` on success or an error message string on failure.
+ */
+export declare function validateAddress(address: string, chain?: string): true | string;
 /** Open a URL in the user's default browser (cross-platform). */
 export declare function openBrowser(url: string): void;

package/dist/utils.js

@@ -1,6 +1,6 @@
 import chalk from 'chalk';
 import ora from 'ora';
-import { exec } from 'node:child_process';
+import { execFile } from 'node:child_process';
 import { platform } from 'node:os';
 import { select, confirm } from '@inquirer/prompts';
 import { SUPPORTED_CHAINS } from './types.js';
@@ -340,16 +340,54 @@ export async function requireTransactionConfirmation(description, token, details
         process.exit(0);
     }
 }
+// ─── Address validation ──────────────────────────────────────────────────────
+const SOLANA_ADDR_RE = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
+const EVM_ADDR_RE = /^0x[0-9a-fA-F]{40}$/;
+/**
+ * Validate a blockchain address based on the target chain.
+ * Returns `true` on success or an error message string on failure.
+ */
+export function validateAddress(address, chain) {
+    const v = address.trim();
+    if (!v)
+        return 'Address is required';
+    const c = chain?.toLowerCase();
+    if (c === 'solana' || c === 'sol' || c === '101') {
+        if (!SOLANA_ADDR_RE.test(v))
+            return 'Invalid Solana address (expected base58, 32–44 chars)';
+        return true;
+    }
+    if (c && c !== 'solana') {
+        if (!EVM_ADDR_RE.test(v))
+            return 'Invalid EVM address (expected 0x + 40 hex chars)';
+        return true;
+    }
+    // Unknown chain — accept either format
+    if (!SOLANA_ADDR_RE.test(v) && !EVM_ADDR_RE.test(v)) {
+        return 'Invalid address format';
+    }
+    return true;
+}
 // ─── Browser ──────────────────────────────────────────────────────────────────
 /** Open a URL in the user's default browser (cross-platform). */
 export function openBrowser(url) {
     const plat = platform();
-    const cmd = plat === 'darwin' ? 'open' :
-        plat === 'win32' ? 'start ""' :
-            /* linux / others */ 'xdg-open';
-    exec(`${cmd} "${url}"`, (err) => {
+    let cmd;
+    let args;
+    if (plat === 'darwin') {
+        cmd = 'open';
+        args = [url];
+    }
+    else if (plat === 'win32') {
+        cmd = 'cmd';
+        args = ['/c', 'start', '', url];
+    }
+    else {
+        cmd = 'xdg-open';
+        args = [url];
+    }
+    execFile(cmd, args, (err) => {
         if (err) {
-            // Don't crash — the user can manually open the URL
             console.log(chalk.dim(`Could not open browser automatically. Please open this URL manually:`));
             console.log(chalk.cyan(url));
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "minara",
-  "version": "0.2.8",
+  "version": "0.3.0",
   "description": "CLI client for Minara.ai — login, trade, deposit/withdraw, chat and more from your terminal.",
   "type": "module",
   "main": "dist/index.js",