nyxora 1.6.0 → 1.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +19 -7
  2. package/SECURITY.md +25 -10
  3. package/package.json +1 -1
  4. package/packages/core/package.json +1 -1
  5. package/packages/dashboard/package.json +1 -1
  6. package/packages/policy/package.json +1 -1
  7. package/packages/signer/package.json +1 -1
package/README.md CHANGED
@@ -1,13 +1,13 @@
1
1
  # Nyxora Agent 🤖
2
2
  **Production-Grade Secure AI Execution Framework for Web3 Agents.**
3
3
 
4
- [![Version](https://img.shields.io/badge/version-1.6.0-blue.svg)](https://github.com/perasyudha/Nyxora)
4
+ [![Version](https://img.shields.io/badge/version-1.6.2-blue.svg)](https://github.com/perasyudha/Nyxora)
5
5
  [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
6
6
  [![Security: Production-Grade](https://img.shields.io/badge/Security-Production--Grade-blue.svg)](#️-advanced-security-threat-model)
7
7
  [![Execution: Cryptographic Approval](https://img.shields.io/badge/Execution-Cryptographic--Approval-orange.svg)](#️-advanced-security-threat-model)
8
8
  [![Privacy: Local-Only Keys](https://img.shields.io/badge/Privacy-Local--Only--Keys-success.svg)](#️-advanced-security-threat-model)
9
9
 
10
- Nyxora (v1.6.0) is a **secure, non-custodial runtime infrastructure for autonomous onchain agents** built with a robust Monorepo architecture (Node.js & React). Designed for autonomous workflows with a premium Glassmorphism UI dashboard and strict client-side key isolation.
10
+ Nyxora (v1.6.2) is a **secure, non-custodial runtime infrastructure for autonomous onchain agents** built with a robust Monorepo architecture (Node.js & React). Designed for autonomous workflows with a premium Glassmorphism UI dashboard and strict client-side key isolation.
11
11
 
12
12
  It operates under an institutional-grade **Cryptographically Bound Human-in-the-Loop** execution model, ensuring that Remote AIs (LLMs) never have unilateral access to your funds.
13
13
 
@@ -15,7 +15,7 @@ It operates under an institutional-grade **Cryptographically Bound Human-in-the-
15
15
 
16
16
  ## 🔥 Key Features
17
17
 
18
- ### Advanced Security Architecture (v1.6.0)
18
+ ### Advanced Security Architecture (v1.6.2)
19
19
  * **3-Tier IPC Architecture**: Nyxora is split into isolated processes: **Core** (LLM Runtime), **Policy Engine** (Guardrails on port 3001), and **Signer Vault** (Isolated Key Manager on Unix Sockets).
20
20
  * **Cryptographically Bound Approval**: Policy changes and transactions requested by the AI are drafted as hashes (`sha256`). Approval via the UI requires a challenge nonce, preventing Man-in-the-Middle (MITM) attacks.
21
21
  * **Immutable Policy Guardrails**: Transaction limits (e.g. `max_usd_per_tx`) are strictly enforced by the Policy Engine. The LLM has zero write-access to bypass these rules.
@@ -56,8 +56,22 @@ To dive deeper into the technical details of our Zero-Knowledge security archite
56
56
 
57
57
  ## 🚀 Quick Start & Installation
58
58
 
59
- ### Local Development & Execution
60
- With the new v1.6.0 Monorepo architecture, launching Nyxora is completely automated via the internal `launcher.ts` orchestrator.
59
+ ### Global Installation via NPM (Recommended)
60
+ The easiest and fastest way to use Nyxora is to install it globally via NPM. This ensures you get the latest version and can run Nyxora from anywhere on your machine.
61
+
62
+ ```bash
63
+ # 1. Install Nyxora globally
64
+ npm install -g nyxora@latest
65
+
66
+ # 2. Run the Interactive Setup Wizard (API Keys, Wallet, Model Selection)
67
+ nyxora setup
68
+
69
+ # 3. Start the Nyxora Orchestrator and Dashboard
70
+ nyxora
71
+ ```
72
+
73
+ ### Local Development (From Source)
74
+ If you wish to modify the code or run from source, you can use the Monorepo architecture.
61
75
 
62
76
  ```bash
63
77
  git clone https://github.com/perasyudha/Nyxora.git
@@ -65,8 +79,6 @@ cd Nyxora
65
79
 
66
80
  # 1. Install Dependencies
67
81
  npm install
68
- npx ts-node -T packages/core/src/gateway/cli.ts setup
69
-
70
82
 
71
83
  # 2. Build the Dashboard UI
72
84
  npm run build
package/SECURITY.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # Nyxora Security Architecture & Threat Model
2
2
 
3
- Nyxora (v1.5.2) employs an institutional-grade, **Cryptographically Bound Human-in-the-Loop** security model to protect user assets and private keys against compromised LLMs, supply chain attacks, and prompt injections.
3
+ Nyxora employs an institutional-grade, **Cryptographically Bound Human-in-the-Loop** security model to protect user assets and private keys against compromised LLMs, supply chain attacks, and prompt injections.
4
4
 
5
5
  ---
6
6
 
@@ -11,22 +11,37 @@ The core philosophy of Nyxora is **Zero-Knowledge to the LLM**.
11
11
  Large Language Models (LLMs) are incredibly powerful reasoning engines, but they are inherently vulnerable to Prompt Injection and hallucinations. Therefore, the LLM must *never* have unilateral access to private keys or the ability to bypass security guardrails.
12
12
 
13
13
  To achieve this, Nyxora uses a **3-Tier Monorepo IPC (Inter-Process Communication)** architecture:
14
+
14
15
  1. **Core Runtime (Port 3000):** Executes the LLM logic, handles the UI dashboard, and processes chat inputs.
15
16
  2. **Policy Engine (Port 3001):** A strict middleware that evaluates all transaction requests against hard limits (e.g., `max_usd_per_tx`).
16
17
  3. **Signer Vault (Unix Socket):** A completely isolated Node.js process that holds the decrypted private keys in memory. It listens exclusively on `/tmp/nyxora-signer.sock`.
17
18
 
18
19
  ### The Security Flow
19
- When the LLM decides to swap tokens:
20
- 1. LLM generates a JSON tool call (`executeSwap`).
21
- 2. Core Runtime forwards this payload to the **Policy Engine**.
22
- 3. The Policy Engine evaluates the payload against immutable limits.
23
- 4. If it exceeds limits, a proposal is created and sent to the Human Operator for approval.
24
- 5. If approved, the Policy Engine forwards the signed JWT instruction to the **Signer Vault**.
25
- 6. The Signer Vault signs the transaction locally via `viem` and broadcasts it to the RPC.
20
+ When the LLM processes a transaction instruction (e.g., swapping tokens), the lifecycle is as follows:
21
+
22
+ ```text
23
+ [1] User (Dashboard/Telegram) ──> Sends prompt "Please swap ETH to USDC"
24
+
25
+ [2] Core Runtime (LLM) <── Understands context & generates JSON Tool Call
26
+
27
+ [3] Policy Engine <── Receives payload, evaluates rules & limits
28
+
29
+ [4] User (Dashboard/Telegram) <── (If Auth required) Requests Approval (Challenge Nonce)
30
+
31
+ [5] Signer Vault <── Receives certified instruction from Policy
32
+
33
+ [6] Blockchain RPC <── Signer Vault signs & broadcasts to RPC
34
+
35
+ [7] User (Dashboard/Telegram) <── Success status returned to chat interface
36
+ ```
37
+
38
+ The diagram above illustrates the lifecycle of a transaction initiated from the user interface. Due to Nyxora's layered architecture, the LLM in the Core Runtime acts solely as a planner generating transaction data structures. The actual cryptographic execution and signing are strictly locked and fully controlled by the Policy Engine and Signer Vault after you provide authorization.
39
+
40
+ > **Performance Note:** Although the multi-layered security flow above appears complex and lengthy, the entire internal verification, IPC communication, and cryptographic signing process is highly optimized and takes only a few **milliseconds (ms)** to complete.
26
41
 
27
42
  ---
28
43
 
29
- ## 2. Advanced Cryptographic Security (v1.6.0 Roadmap / v1.5.2 Blueprint)
44
+ ## 2. Advanced Cryptographic Security
30
45
 
31
46
  To prevent advanced Man-in-the-Middle (MITM) attacks and UI compromises, Nyxora is adopting the following cryptographic standards:
32
47
 
@@ -62,4 +77,4 @@ Community plugins and custom skills are executed inside a sandboxed environment.
62
77
  ## 4. Reporting Vulnerabilities
63
78
 
64
79
  If you discover a vulnerability in the Nyxora architecture, please DO NOT open a public issue.
65
- Instead, email the core maintainer directly at **security@nyxora.ai**.
80
+ Instead, email the core maintainer directly at **ainyxor@gmail.com**.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nyxora",
3
- "version": "1.6.0",
3
+ "version": "1.6.2",
4
4
  "workspaces": [
5
5
  "packages/*"
6
6
  ],
package/packages/core/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@nyxora/core",
3
- "version": "1.6.0",
3
+ "version": "1.6.2",
4
4
  "private": true,
5
5
  "main": "src/gateway/server.ts",
6
6
  "dependencies": {
package/packages/dashboard/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "dashboard",
3
3
  "private": true,
4
- "version": "1.6.0",
4
+ "version": "1.6.2",
5
5
  "type": "module",
6
6
  "scripts": {
7
7
  "dev": "vite",
package/packages/policy/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@nyxora/policy",
3
- "version": "1.6.0",
3
+ "version": "1.6.2",
4
4
  "private": true,
5
5
  "main": "src/server.ts",
6
6
  "dependencies": {
package/packages/signer/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@nyxora/signer",
3
- "version": "1.6.0",
3
+ "version": "1.6.2",
4
4
  "private": true,
5
5
  "main": "src/server.ts",
6
6
  "dependencies": {