npm - nyxora - Versions diffs - 1.6.1 → 1.6.2 - Mend

nyxora 1.6.1 → 1.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +3 -3
package/SECURITY.md +22 -10
package/package.json +1 -1
package/packages/core/package.json +1 -1
package/packages/dashboard/package.json +1 -1
package/packages/policy/package.json +1 -1
package/packages/signer/package.json +1 -1

package/README.md CHANGED Viewed

@@ -1,13 +1,13 @@
 # Nyxora Agent 🤖
 **Production-Grade Secure AI Execution Framework for Web3 Agents.**
-[![Version](https://img.shields.io/badge/version-1.6.1-blue.svg)](https://github.com/perasyudha/Nyxora)
+[![Version](https://img.shields.io/badge/version-1.6.2-blue.svg)](https://github.com/perasyudha/Nyxora)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![Security: Production-Grade](https://img.shields.io/badge/Security-Production--Grade-blue.svg)](#️-advanced-security-threat-model)
 [![Execution: Cryptographic Approval](https://img.shields.io/badge/Execution-Cryptographic--Approval-orange.svg)](#️-advanced-security-threat-model)
 [![Privacy: Local-Only Keys](https://img.shields.io/badge/Privacy-Local--Only--Keys-success.svg)](#️-advanced-security-threat-model)
-Nyxora (v1.6.1) is a **secure, non-custodial runtime infrastructure for autonomous onchain agents** built with a robust Monorepo architecture (Node.js & React). Designed for autonomous workflows with a premium Glassmorphism UI dashboard and strict client-side key isolation.
+Nyxora (v1.6.2) is a **secure, non-custodial runtime infrastructure for autonomous onchain agents** built with a robust Monorepo architecture (Node.js & React). Designed for autonomous workflows with a premium Glassmorphism UI dashboard and strict client-side key isolation.
 It operates under an institutional-grade **Cryptographically Bound Human-in-the-Loop** execution model, ensuring that Remote AIs (LLMs) never have unilateral access to your funds.
@@ -15,7 +15,7 @@ It operates under an institutional-grade **Cryptographically Bound Human-in-the-
 ## 🔥 Key Features
-### Advanced Security Architecture (v1.6.1)
+### Advanced Security Architecture (v1.6.2)
 *   **3-Tier IPC Architecture**: Nyxora is split into isolated processes: **Core** (LLM Runtime), **Policy Engine** (Guardrails on port 3001), and **Signer Vault** (Isolated Key Manager on Unix Sockets).
 *   **Cryptographically Bound Approval**: Policy changes and transactions requested by the AI are drafted as hashes (`sha256`). Approval via the UI requires a challenge nonce, preventing Man-in-the-Middle (MITM) attacks.
 *   **Immutable Policy Guardrails**: Transaction limits (e.g. `max_usd_per_tx`) are strictly enforced by the Policy Engine. The LLM has zero write-access to bypass these rules.

package/SECURITY.md CHANGED Viewed

@@ -12,20 +12,32 @@ Large Language Models (LLMs) are incredibly powerful reasoning engines, but they
 To achieve this, Nyxora uses a **3-Tier Monorepo IPC (Inter-Process Communication)** architecture:
-![Architecture Workflow](https://raw.githubusercontent.com/perasyudha/Nyxora/main/assets/architecture.svg)
 1. **Core Runtime (Port 3000):** Executes the LLM logic, handles the UI dashboard, and processes chat inputs.
 2. **Policy Engine (Port 3001):** A strict middleware that evaluates all transaction requests against hard limits (e.g., `max_usd_per_tx`).
 3. **Signer Vault (Unix Socket):** A completely isolated Node.js process that holds the decrypted private keys in memory. It listens exclusively on `/tmp/nyxora-signer.sock`.
 ### The Security Flow
-When the LLM decides to swap tokens:
-1. LLM generates a JSON tool call (`executeSwap`).
-2. Core Runtime forwards this payload to the **Policy Engine**.
-3. The Policy Engine evaluates the payload against immutable limits.
-4. If it exceeds limits, a proposal is created and sent to the Human Operator for approval.
-5. If approved, the Policy Engine forwards the signed JWT instruction to the **Signer Vault**.
-6. The Signer Vault signs the transaction locally via `viem` and broadcasts it to the RPC.
+When the LLM processes a transaction instruction (e.g., swapping tokens), the lifecycle is as follows:
+```text
+[1] User (Dashboard/Telegram) ──> Sends prompt "Please swap ETH to USDC"
+                                      │
+[2] Core Runtime (LLM)        <── Understands context & generates JSON Tool Call
+                                      │
+[3] Policy Engine             <── Receives payload, evaluates rules & limits
+                                      │
+[4] User (Dashboard/Telegram) <── (If Auth required) Requests Approval (Challenge Nonce)
+                                      │
+[5] Signer Vault              <── Receives certified instruction from Policy
+                                      │
+[6] Blockchain RPC            <── Signer Vault signs & broadcasts to RPC
+                                      │
+[7] User (Dashboard/Telegram) <── Success status returned to chat interface
+```
+The diagram above illustrates the lifecycle of a transaction initiated from the user interface. Due to Nyxora's layered architecture, the LLM in the Core Runtime acts solely as a planner generating transaction data structures. The actual cryptographic execution and signing are strictly locked and fully controlled by the Policy Engine and Signer Vault after you provide authorization.
+> **Performance Note:** Although the multi-layered security flow above appears complex and lengthy, the entire internal verification, IPC communication, and cryptographic signing process is highly optimized and takes only a few **milliseconds (ms)** to complete.
 ---
@@ -65,4 +77,4 @@ Community plugins and custom skills are executed inside a sandboxed environment.
 ## 4. Reporting Vulnerabilities
 If you discover a vulnerability in the Nyxora architecture, please DO NOT open a public issue.
-Instead, email the core maintainer directly at **security@nyxora.ai**.
+Instead, email the core maintainer directly at **ainyxor@gmail.com**.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nyxora",
-  "version": "1.6.1",
+  "version": "1.6.2",
   "workspaces": [
     "packages/*"
   ],

package/packages/core/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@nyxora/core",
-  "version": "1.6.1",
+  "version": "1.6.2",
   "private": true,
   "main": "src/gateway/server.ts",
   "dependencies": {

package/packages/dashboard/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "dashboard",
   "private": true,
-  "version": "1.6.1",
+  "version": "1.6.2",
   "type": "module",
   "scripts": {
     "dev": "vite",

package/packages/policy/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@nyxora/policy",
-  "version": "1.6.1",
+  "version": "1.6.2",
   "private": true,
   "main": "src/server.ts",
   "dependencies": {

package/packages/signer/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@nyxora/signer",
-  "version": "1.6.1",
+  "version": "1.6.2",
   "private": true,
   "main": "src/server.ts",
   "dependencies": {