nyxora 1.5.8 → 1.6.0

package/packages/core/src/agent/reasoning.ts

@@ -0,0 +1,466 @@
+import fs from 'fs';
+import path from 'path';
+import { OpenAI } from 'openai';
+import { loadConfig } from '../config/parser';
+import { Logger } from '../memory/logger';
+import { Tracker } from '../gateway/tracker';
+import { getBalanceToolDefinition, getBalance } from '../web3/skills/getBalance';
+import { transferToolDefinition, prepareTransfer } from '../web3/skills/transfer';
+import { getPriceToolDefinition, getPrice } from '../web3/skills/getPrice';
+import { swapTokenToolDefinition, prepareSwapToken } from '../web3/skills/swapToken';
+import { bridgeTokenToolDefinition, prepareBridgeToken } from '../web3/skills/bridgeToken';
+import { mintNftToolDefinition, prepareMintNft } from '../web3/skills/mintNft';
+import { customTxToolDefinition, prepareCustomTx } from '../web3/skills/customTx';
+import { createWalletToolDefinition, createWallet } from '../web3/skills/createWallet';
+import { checkSecurityToolDefinition, checkTokenSecurity } from '../web3/skills/checkSecurity';
+import { marketAnalysisToolDefinition, analyzeMarket } from '../web3/skills/marketAnalysis';
+import { checkPortfolioToolDefinition, checkPortfolio } from '../web3/skills/checkPortfolio';
+import { checkAddressToolDefinition, checkAddress } from '../web3/skills/checkAddress';
+import { getMyAddressToolDefinition, getMyAddress } from '../web3/skills/getMyAddress';
+import { createLimitOrderToolDefinition, listLimitOrdersToolDefinition, cancelLimitOrderToolDefinition, limitOrderManager } from './limitOrderManager';
+import { updateProfileToolDefinition, updateProfile } from './updateProfile';
+import { updateSecurityPolicyToolDefinition, updateSecurityPolicy } from '../system/skills/updateSecurityPolicy';
+import { readLocalFileToolDefinition, readLocalFile } from '../system/skills/readFile';
+import { writeLocalFileToolDefinition, writeLocalFile } from '../system/skills/writeFile';
+import { runTerminalCommandToolDefinition, runTerminalCommand } from '../system/skills/executeShell';
+import { browseWebsiteToolDefinition, browseWebsite } from '../system/skills/browseWeb';
+import { installExternalSkillToolDefinition, installExternalSkill } from '../system/skills/installSkill';
+import { pluginManager } from '../system/pluginManager';
+import { getPath } from '../config/paths';
+import pc from 'picocolors';
+
+export const logger = new Logger();
+
+let currentKeyIndex = 0;
+
+function getOpenAI(): OpenAI {
+  const config = loadConfig();
+  
+  if (config.llm.provider === 'ollama') {
+    return new OpenAI({
+      baseURL: process.env.OLLAMA_BASE_URL ? `${process.env.OLLAMA_BASE_URL}/v1` : 'http://localhost:11434/v1',
+      apiKey: 'ollama', // API key is not required for local Ollama
+    });
+  }
+
+  // Get API key from config (UI) or fallback to .env
+  let apiKey = '';
+  
+  let configuredKeys = config.llm.api_keys;
+  if (typeof configuredKeys === 'string') {
+    configuredKeys = [configuredKeys];
+  }
+  
+  if (Array.isArray(configuredKeys) && configuredKeys.length > 0) {
+    // Filter out empty keys
+    const keys = configuredKeys.filter(k => typeof k === 'string' && k.trim() !== '');
+    if (keys.length > 0) {
+      currentKeyIndex = currentKeyIndex % keys.length;
+      apiKey = keys[currentKeyIndex];
+      console.log(`[LLM] Using rotated API Key (${currentKeyIndex + 1}/${keys.length}): ${apiKey.substring(0, 4)}...`);
+      currentKeyIndex++; // Increment for next request
+    }
+  }
+
+  // Fallbacks if no valid keys found in config.llm.api_keys
+  if (!apiKey) {
+    if (config.llm.provider === 'gemini') {
+      apiKey = config.llm.credentials?.gemini_key || '';
+    } else if (config.llm.provider === 'openrouter') {
+      apiKey = config.llm.credentials?.openrouter_key || '';
+    } else {
+      apiKey = config.llm.credentials?.openai_key || '';
+    }
+    if (!apiKey) {
+      throw new Error(`No API Key found for ${config.llm.provider} in config.yaml. Please run 'nyxora setup' to configure it.`);
+    }
+    console.log(`[LLM] Using default API Key from config.yaml`);
+  }
+
+  if (config.llm.provider === 'gemini') {
+    return new OpenAI({
+      baseURL: 'https://generativelanguage.googleapis.com/v1beta/openai/',
+      apiKey: apiKey,
+    });
+  } else if (config.llm.provider === 'openrouter') {
+    return new OpenAI({
+      baseURL: 'https://openrouter.ai/api/v1',
+      apiKey: apiKey,
+    });
+  } else {
+    return new OpenAI({
+      apiKey: apiKey,
+    });
+  }
+}
+
+async function executeWithRetry(
+  requestBuilder: (client: OpenAI) => Promise<any>,
+  maxRetries = 3
+): Promise<any> {
+  let retries = 0;
+  
+  while (retries <= maxRetries) {
+    try {
+      const client = getOpenAI();
+      return await requestBuilder(client);
+    } catch (error: any) {
+      const status = error?.status || error?.response?.status;
+      
+      // 401 Unauthorized or 400 Bad Request - don't retry, it's fatal
+      if (status === 401 || status === 400) {
+        console.error(`[LLM] Fatal Error ${status}: ${error.message}. Aborting.`);
+        throw error;
+      }
+      
+      // 429 Rate Limit - rotate provider/key immediately and retry
+      if (status === 429) {
+        console.warn(`[LLM] Rate Limit (429) hit. Rotating key...`);
+        // getOpenAI() automatically rotates to next key if available
+        retries++;
+        if (retries > maxRetries) throw error;
+        continue; // Try next key immediately
+      }
+      
+      // 500, 502, 503, Timeout, Network error - Exponential Backoff
+      retries++;
+      if (retries > maxRetries) {
+        console.error(`[LLM] Max retries reached.`);
+        throw error;
+      }
+      
+      const delayMs = Math.pow(2, retries) * 1000; // 2s, 4s, 8s
+      console.warn(`[LLM] API Error (${status || error.message}). Retrying in ${delayMs}ms...`);
+      await new Promise(resolve => setTimeout(resolve, delayMs));
+    }
+  }
+}
+
+function getSystemPrompt() {
+  const config = loadConfig();
+  let basePrompt = `You are an autonomous Web3 agent operating on EVM chains.
+You are equipped with a native wallet. 
+CRITICAL RULE: You must always reply in the exact same language that the user uses to talk to you. If the user speaks Indonesian, reply in Indonesian. If they speak English, reply in English.
+CRITICAL RULE: If the user asks to check "my balance", "saldo saya", or anything about their own wallet, DO NOT ask them for an address. You must immediately call the get_balance tool and LEAVE THE ADDRESS PARAMETER EMPTY. The system will automatically use the injected private key wallet.
+Always use the tools to interact with the blockchain.
+If the user doesn't specify a chain, default to: ${config.agent.default_chain}.`;
+
+  // Read IDENTITY.md for core AI persona
+  try {
+    const identityMdPath = getPath('IDENTITY.md');
+    if (fs.existsSync(identityMdPath)) {
+      const identityInstructions = fs.readFileSync(identityMdPath, 'utf8');
+      basePrompt += `\n\n--- CORE IDENTITY & PERSONA ---\n${identityInstructions}`;
+    }
+  } catch (error) {
+    console.error('Failed to read IDENTITY.md:', error);
+  }
+
+  // Read user.md for custom instructions
+  try {
+    const userMdPath = getPath('user.md');
+    if (fs.existsSync(userMdPath)) {
+      const customInstructions = fs.readFileSync(userMdPath, 'utf8');
+      basePrompt += `\n\n--- CUSTOM USER INSTRUCTIONS ---\n${customInstructions}`;
+    }
+  } catch (error) {
+    console.error('Failed to read user.md:', error);
+  }
+
+  // Read security_policy.md for NLP security constraints
+  try {
+    const policyPath = getPath('security_policy.md');
+    if (fs.existsSync(policyPath)) {
+      const securityInstructions = fs.readFileSync(policyPath, 'utf8');
+      basePrompt += `\n\n--- SECURITY POLICY (MANDATORY RULES) ---\n${securityInstructions}\n\nCRITICAL: If the user asks you to perform an action that violates the Security Policy above, YOU MUST NOT EXECUTE IT DIRECTLY. Instead, ask for their explicit permission first.`;
+    }
+  } catch (error) {
+    console.error('Failed to read security_policy.md:', error);
+  }
+
+  return basePrompt;
+}
+
+export async function processUserInput(input: string, role: 'user' | 'system' = 'user', onProgress?: (msg: string) => void): Promise<string> {
+  const config = loadConfig();
+  // Add input to memory
+  logger.addEntry({ role, content: input });
+
+  const history = logger.getHistory();
+  
+  // Format messages for OpenAI
+  const messages: any[] = [
+    { role: 'system', content: getSystemPrompt() },
+    ...history
+      .filter(m => !(m.role === 'tool' && !m.tool_call_id))
+      .map(m => {
+        let role = m.role;
+        if (role === 'system') role = 'user';
+        const msg: any = { role, content: m.content || "" };
+        if (m.name) msg.name = m.name;
+        if (m.tool_call_id) msg.tool_call_id = m.tool_call_id;
+        if (m.tool_calls) msg.tool_calls = m.tool_calls;
+        return msg;
+      })
+  ];
+
+  try {
+    if (config.llm.provider !== 'openai' && config.llm.provider !== 'ollama' && config.llm.provider !== 'gemini' && config.llm.provider !== 'openrouter') {
+      return `Provider ${config.llm.provider} is configured, but currently only OpenAI, OpenRouter, Ollama, and Gemini adapters are implemented.`;
+    }
+
+    const response = await executeWithRetry(async (client) => {
+      return await client.chat.completions.create({
+        model: config.llm.model,
+        temperature: config.llm.temperature,
+        messages: messages,
+        tools: [
+          getBalanceToolDefinition as any, 
+          transferToolDefinition as any, 
+          getPriceToolDefinition as any, 
+          swapTokenToolDefinition as any,
+          bridgeTokenToolDefinition as any,
+          mintNftToolDefinition as any,
+          customTxToolDefinition as any,
+          createWalletToolDefinition as any,
+          checkSecurityToolDefinition as any,
+          marketAnalysisToolDefinition as any,
+          checkPortfolioToolDefinition as any,
+          checkAddressToolDefinition as any,
+          getMyAddressToolDefinition as any,
+          createLimitOrderToolDefinition as any,
+          listLimitOrdersToolDefinition as any,
+          cancelLimitOrderToolDefinition as any,
+          updateProfileToolDefinition as any,
+          updateSecurityPolicyToolDefinition as any,
+          readLocalFileToolDefinition as any,
+          writeLocalFileToolDefinition as any,
+          runTerminalCommandToolDefinition as any,
+          browseWebsiteToolDefinition as any,
+          installExternalSkillToolDefinition as any,
+          ...pluginManager.getToolDefinitions()
+        ],
+        tool_choice: "auto",
+      });
+    });
+
+    const responseMessage = response.choices[0].message;
+    
+    // Log tracking
+    Tracker.addMessage();
+    if (response.usage?.total_tokens) {
+      Tracker.addTokens(response.usage.total_tokens, config.llm.provider);
+    }
+    Tracker.addEvent('llm.response', { provider: config.llm.provider, tool_calls: responseMessage.tool_calls?.length || 0 });
+
+    // Log assistant response
+    logger.addEntry({
+      role: 'assistant',
+      content: responseMessage.content || "",
+      tool_calls: responseMessage.tool_calls,
+    });
+
+    // Check if the model wants to call a tool
+    if (responseMessage.tool_calls && responseMessage.tool_calls.length > 0) {
+      for (const _toolCall of responseMessage.tool_calls) {
+        const toolCall = _toolCall as any;
+        let result = "";
+        const args = JSON.parse(toolCall.function.arguments);
+        const toolName = toolCall.function.name;
+
+        console.log(pc.yellow(`[⚡ Eksekusi Tool] AI memanggil ${toolName}...`));
+        if (onProgress) onProgress(`_⚡ Menjalankan alat: ${toolName}..._`);
+
+        try {
+          switch (toolName) {
+            case 'get_balance': {
+              result = await getBalance(args.chainName, args.address, args.token);
+              break;
+            }
+            case 'transfer_token':
+            case 'transfer_native': {
+              if (config.permissions?.web3?.allow_transfer === false) {
+                result = `[Security Blocked] Runtime Permission Denied: Web3 transfers are disabled. Update config.yaml to allow.`;
+                break;
+              }
+              result = await prepareTransfer(args.chainName, args.toAddress, args.amountStr || args.amountEth, args.token);
+              break;
+            }
+            case 'get_price': {
+              result = await getPrice(args.coinId);
+              break;
+            }
+            case 'swap_token': {
+              if (config.permissions?.web3?.allow_swap === false) {
+                result = `[Security Blocked] Runtime Permission Denied: Web3 swaps are disabled. Update config.yaml to allow.`;
+                break;
+              }
+              // Note: max_usd_per_tx validation would ideally be calculated here before prepareSwapToken
+              result = await prepareSwapToken(args.chainName, args.fromToken, args.toToken, args.amountStr || args.amount, args.mode, args.providerName);
+              break;
+            }
+            case 'bridge_token': {
+              if (config.permissions?.web3?.allow_transfer === false) {
+                result = `[Security Blocked] Runtime Permission Denied: Web3 bridging (transfer) is disabled. Update config.yaml to allow.`;
+                break;
+              }
+              result = await prepareBridgeToken(args.fromChainName, args.toChainName, args.fromToken, args.toToken, args.amountStr, args.mode, args.providerName);
+              break;
+            }
+            case 'mint_nft': {
+              result = await prepareMintNft(args.chainName, args.contractAddress, args.functionSignature, args.argsStr, args.valueEth);
+              break;
+            }
+            case 'custom_tx': {
+              if (config.permissions?.web3?.allow_transfer === false) {
+                result = `[Security Blocked] Runtime Permission Denied: Custom transactions are blocked because transfers are disabled.`;
+                break;
+              }
+              result = await prepareCustomTx(args.chainName, args.toAddress, args.dataHex, args.valueEth, args.gasLimitStr);
+              break;
+            }
+            case 'create_wallet': {
+              result = await createWallet();
+              break;
+            }
+            case 'check_token_security': {
+              result = await checkTokenSecurity(args.chainName, args.contractAddress);
+              break;
+            }
+            case 'analyze_market': {
+              result = await analyzeMarket(args.chainName, args.tokenAddressOrSymbol);
+              break;
+            }
+            case 'check_portfolio': {
+              result = await checkPortfolio(args.chainName, args.address);
+              break;
+            }
+            case 'check_address': {
+              result = await checkAddress(args.chainName, args.address);
+              break;
+            }
+            case 'get_my_address': {
+              result = await getMyAddress();
+              break;
+            }
+            case 'create_limit_order': {
+              if (config.permissions?.web3?.allow_swap === false) {
+                result = `[Security Blocked] Runtime Permission Denied: Limit orders require swap permissions. Update config.yaml to allow.`;
+                break;
+              }
+              result = limitOrderManager.createOrder(args.chainName, args.fromToken, args.toToken, args.amountStr, args.targetPriceUsd, args.condition);
+              break;
+            }
+            case 'list_limit_orders': {
+              result = limitOrderManager.listOrders();
+              break;
+            }
+            case 'cancel_limit_order': {
+              result = limitOrderManager.cancelOrder(args.id);
+              break;
+            }
+            case 'update_profile': {
+              result = updateProfile(args.content, args.mode);
+              break;
+            }
+            case 'update_security_policy': {
+              result = updateSecurityPolicy(args.rule, args.action);
+              break;
+            }
+            case 'read_local_file': {
+              result = readLocalFile(args.filePath);
+              break;
+            }
+            case 'write_local_file': {
+              if (config.permissions?.system?.allow_file_write === false) {
+                result = `[Security Blocked] Runtime Permission Denied: File writing is disabled. Update config.yaml to allow.`;
+                break;
+              }
+              result = writeLocalFile(args.filePath, args.content);
+              break;
+            }
+            case 'run_terminal_command': {
+              if (config.permissions?.system?.allow_shell_execution === false) {
+                result = `[Security Blocked] Runtime Permission Denied: Shell execution is disabled. Update config.yaml to allow.`;
+                break;
+              }
+              result = await runTerminalCommand(args.command);
+              break;
+            }
+            case 'browse_website': {
+              result = await browseWebsite(args.url);
+              break;
+            }
+            case 'install_external_skill': {
+              result = await installExternalSkill(args.url);
+              break;
+            }
+            default: {
+              const externalResult = await pluginManager.executeTool(toolName, args);
+              if (externalResult !== null) {
+                result = externalResult;
+              } else {
+                result = `Error: Tool ${toolName} is not implemented.`;
+              }
+              break;
+            }
+          }
+
+          if (result.includes('[Security Blocked]') || result.startsWith('Error:')) {
+            console.log(pc.red(`[❌ Gagal] Tool ${toolName} mengembalikan error atau diblokir.`));
+          } else {
+            console.log(pc.green(`[✅ Sukses] Tool ${toolName} berhasil dieksekusi.`));
+          }
+
+        } catch (toolError: any) {
+          result = `Error executing ${toolName}: ${toolError.message}`;
+          console.log(pc.red(`[❌ Error Crash] Eksekusi ${toolName} gagal total: ${toolError.message}`));
+        }
+
+        logger.addEntry({
+          role: 'tool',
+          tool_call_id: toolCall.id,
+          name: toolName,
+          content: result,
+        });
+      }
+
+      // Second call to get the final answer after tool execution
+      const secondMessages = [
+        { role: 'system', content: getSystemPrompt() },
+        ...logger.getHistory()
+          .filter(m => !(m.role === 'tool' && !m.tool_call_id))
+          .map(m => {
+            let role = m.role;
+            if (role === 'system') role = 'user';
+            const msg: any = { role, content: m.content || "" };
+            if (m.name) msg.name = m.name;
+            if (m.tool_call_id) msg.tool_call_id = m.tool_call_id;
+            if (m.tool_calls) msg.tool_calls = m.tool_calls;
+            return msg;
+          })
+      ];
+
+      const secondResponse = await executeWithRetry(async (client) => {
+        return await client.chat.completions.create({
+          model: config.llm.model,
+          messages: secondMessages,
+        });
+      });
+
+      if (secondResponse.usage?.total_tokens) {
+        Tracker.addTokens(secondResponse.usage.total_tokens, config.llm.provider);
+      }
+      Tracker.addEvent('llm.final_response', { provider: config.llm.provider });
+
+      const finalContent = secondResponse.choices[0].message.content || "";
+      logger.addEntry({ role: 'assistant', content: finalContent });
+      return finalContent;
+    }
+
+    return responseMessage.content || "No response generated.";
+  } catch (error: any) {
+    console.error("LLM Error:", error);
+    return `Error connecting to AI Provider: ${error.message}`;
+  }
+}

package/packages/core/src/agent/transactionManager.ts

@@ -0,0 +1,49 @@
+import crypto from 'crypto';
+
+export type TransactionType = 'transfer' | 'swap' | 'bridge' | 'mint' | 'custom';
+
+export interface PendingTransaction {
+  id: string;
+  type: TransactionType;
+  chainName: string;
+  details: any;
+  status: 'pending' | 'approved' | 'rejected' | 'executed' | 'failed';
+  result?: string;
+  createdAt: number;
+}
+
+class TransactionManager {
+  private transactions: Map<string, PendingTransaction> = new Map();
+
+  createPendingTransaction(type: TransactionType, chainName: string, details: any): PendingTransaction {
+    const id = crypto.randomUUID();
+    const tx: PendingTransaction = {
+      id,
+      type,
+      chainName,
+      details,
+      status: 'pending',
+      createdAt: Date.now(),
+    };
+    this.transactions.set(id, tx);
+    return tx;
+  }
+
+  getPending(): PendingTransaction[] {
+    return Array.from(this.transactions.values()).filter(t => t.status === 'pending');
+  }
+
+  getTransaction(id: string): PendingTransaction | undefined {
+    return this.transactions.get(id);
+  }
+
+  updateStatus(id: string, status: PendingTransaction['status'], result?: string) {
+    const tx = this.transactions.get(id);
+    if (tx) {
+      tx.status = status;
+      if (result) tx.result = result;
+    }
+  }
+}
+
+export const txManager = new TransactionManager();

package/packages/core/src/agent/updateProfile.ts

@@ -0,0 +1,47 @@
+import fs from 'fs';
+import { getPath } from '../config/paths';
+
+export function updateProfile(content: string, mode: 'append' | 'replace'): string {
+  try {
+    const userMdPath = getPath('user.md');
+    
+    if (mode === 'replace') {
+      fs.writeFileSync(userMdPath, content, 'utf8');
+      return "Profile replaced successfully. New user.md has been saved.";
+    } else {
+      let existingContent = "";
+      if (fs.existsSync(userMdPath)) {
+        existingContent = fs.readFileSync(userMdPath, 'utf8');
+      }
+      
+      const newContent = existingContent + "\n" + content;
+      fs.writeFileSync(userMdPath, newContent, 'utf8');
+      return "Profile appended successfully. New instructions added to user.md.";
+    }
+  } catch (error: any) {
+    return `Failed to update profile: ${error.message}`;
+  }
+}
+
+export const updateProfileToolDefinition = {
+  type: "function",
+  function: {
+    name: "update_profile",
+    description: "Updates or rewrites the user.md file. Use this when the user asks you to remember something about them, change their persona, or update your instructions.",
+    parameters: {
+      type: "object",
+      properties: {
+        content: {
+          type: "string",
+          description: "The content to write or append to user.md",
+        },
+        mode: {
+          type: "string",
+          enum: ["append", "replace"],
+          description: "Whether to append the content to the existing file or replace the entire file.",
+        }
+      },
+      required: ["content", "mode"],
+    },
+  },
+};

package/packages/core/src/config/parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["parser.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,GAAG,EAAE;QACH,QAAQ,EAAE,QAAQ,GAAG,WAAW,GAAG,QAAQ,CAAC;QAC5C,KAAK,EAAE,MAAM,CAAC;QACd,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,MAAM,EAAE;QACN,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AAED,wBAAgB,UAAU,IAAI,aAAa,CAc1C"}

package/packages/core/src/config/parser.ts

@@ -0,0 +1,106 @@
+import fs from 'fs';
+import yaml from 'yaml';
+import path from 'path';
+import { getPath } from './paths';
+
+export interface NyxoraConfig {
+  agent: {
+    name: string;
+    default_chain: string;
+  };
+  llm: {
+    provider: 'openai' | 'anthropic' | 'ollama' | 'gemini' | 'openrouter';
+    model: string;
+    temperature: number;
+    api_keys?: string[];
+    credentials?: {
+      openai_key?: string;
+      gemini_key?: string;
+      openrouter_key?: string;
+    };
+  };
+  memory: {
+    type: string;
+    path: string;
+  };
+  web3?: {
+    rpc_urls?: Record<string, string>;
+  };
+  integrations?: {
+    telegram?: {
+      enabled: boolean;
+      bot_token?: string;
+    };
+  };
+  permissions?: {
+    web3?: {
+      allow_transfer?: boolean;
+      allow_swap?: boolean;
+      max_usd_per_tx?: number;
+    };
+    system?: {
+      allow_shell_execution?: boolean;
+      allow_file_write?: boolean;
+    };
+  };
+}
+
+export function loadConfig(): NyxoraConfig {
+  const configPath = getPath('config.yaml');
+  try {
+    const file = fs.readFileSync(configPath, 'utf8');
+    const parsed = yaml.parse(file) as Partial<NyxoraConfig>;
+    
+    // Merge with defaults
+    return {
+      agent: parsed.agent || { name: 'Nyxora-Default', default_chain: 'base' },
+      llm: parsed.llm || { 
+        provider: 'openai', 
+        model: 'gpt-4o-mini', 
+        temperature: 0.2, 
+        api_keys: [],
+        credentials: {}
+      },
+      memory: parsed.memory || { type: 'file', path: './memory.json' },
+      web3: parsed.web3 || { rpc_urls: {} },
+      integrations: parsed.integrations || {
+        telegram: { enabled: false }
+      },
+      permissions: parsed.permissions || {
+        web3: { allow_transfer: false, allow_swap: true, max_usd_per_tx: 50 },
+        system: { allow_shell_execution: false, allow_file_write: false }
+      }
+    } as NyxoraConfig;
+  } catch (error) {
+    console.error('Failed to load config.yaml. Using default configuration.', error);
+    return {
+      agent: { name: 'Nyxora-Default', default_chain: 'base' },
+      llm: { 
+        provider: 'openai', 
+        model: 'gpt-4o-mini', 
+        temperature: 0.2, 
+        api_keys: [],
+        credentials: {}
+      },
+      memory: { type: 'file', path: './memory.json' },
+      web3: { rpc_urls: {} },
+      integrations: {
+        telegram: { enabled: false }
+      },
+      permissions: {
+        web3: { allow_transfer: false, allow_swap: true, max_usd_per_tx: 50 },
+        system: { allow_shell_execution: false, allow_file_write: false }
+      }
+    };
+  }
+}
+
+export function saveConfig(newConfig: NyxoraConfig): void {
+  const configPath = getPath('config.yaml');
+  try {
+    const yamlStr = yaml.stringify(newConfig);
+    fs.writeFileSync(configPath, yamlStr, 'utf8');
+  } catch (error) {
+    console.error('Failed to save config.yaml', error);
+  }
+}