nyxora 1.6.13 → 1.7.1

package/CHANGELOG.md

@@ -5,6 +5,34 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.7.1]
+
+### CLI Enhancements
+- **Global Version Checker**: Implemented native version checking for the global CLI manager. Users can now run `nyxora -v`, `nyxora --version`, or `nyxora version` to instantly check their installed daemon version without starting the application.
+- **Smart Web Search Setup Wizard**: The `nyxora setup` command now includes an interactive prompt allowing users to choose their preferred Web Search Engine (Tavily, Brave, or Decentralized Mesh) and configure their API keys.
+- **Fast CLI Shortcuts**: Added the `nyxora set-key <provider> <key>` global command shortcut allowing developers to quickly inject or override any API Key (OpenAI, Gemini, OpenRouter, Tavily, Brave) directly into the secure vault without traversing the wizard.
+
+### AI Engine Optimizations
+- **Hybrid API Vault (Security)**: API Keys are no longer stored in plain text inside `config.yaml`. Nyxora now encrypts and stores them via `@napi-rs/keyring` utilizing OS-native credential management. For Headless/VPS Linux environments lacking DBUS/Secret Service, it automatically falls back to an isolated `api_vault.key` with strict `0600` permissions.
+- **Root-Level Config Auto-Migration**: Restructured `config.yaml` to move all API keys out of the nested `llm.credentials` into a logical, root-level `credentials` object. Implemented a silent auto-migration routine in `parser.ts` that safely upgrades legacy config files on boot without breaking existing setups.
+- **Web Search Smart Memory Cache**: Embedded a local Memory Cache (`Map`) into the `searchWeb` skill with a 5-minute (300,000ms) TTL. Exact duplicate queries now execute in 0ms and consume 0 API quota, dramatically improving conversation flow.
+- **Deep Research Mode**: The `search_web` tool definition now accepts a dynamic `depth` parameter (1 to 3). If users instruct the AI to conduct comprehensive research, Nyxora will automatically trigger `advanced` API payloads and extract up to 15 top web snippets simultaneously.
+- **Strict Skill Prioritization**: Added CRITICAL RULE 7 to the core NLP System Prompt. The AI is now hard-coded to prioritize native Web3 Skills (e.g. `get_price`, `analyze_market`, `check_security`) for all crypto-related queries, using `search_web` exclusively as a fallback mechanism.
+- **Dual-Engine Web Search (L3 Failover)**: Completely removed the fragile `duck-duck-scrape` dependency. The `search_web` skill is now powered by a robust L3 Auto-Failover architecture. Users can configure enterprise-grade search providers (Tavily or Brave). If the primary provider hits a rate limit (429) or invalid key (401/403), Nyxora seamlessly falls back to the secondary provider, and ultimately to a Decentralized SearXNG Mesh as a final safety net, guaranteeing 100% uptime.
+
+
+## [1.7.0]
+
+### Bug Fixes & Optimizations
+- **Time Sync Hallucination**: Fixed a critical issue where the AI hallucinates the current date and time. Nyxora now dynamically injects the host OS's exact `new Date().toLocaleString()` into the system prompt upon every execution.
+- **Aggressive UI Auto-Scroll**: Resolved a severe React rendering bug in the dashboard where the 2-second history polling forced the chat window to aggressively scroll to the bottom. Auto-scroll is now strictly isolated to new message arrivals (`messages.length`).
+- **Orphaned OS Skills**: Re-wired the `search_web` (Internet Search) and `analyze_document` (PDF/DOCX Extractor) skills back into the core reasoning engine. These skills were previously orphaned and inaccessible to the AI despite being active in the dashboard.
+- **Multicall3 Portfolio Engine**: Fully replaced parallel `client.getBalance` and ERC20 fetching with a hyper-efficient `Multicall3` architecture. Balances are now chunked (max 30 tokens per batch) to guarantee zero rate-limits and payload errors on public RPCs.
+- **ChatGPT-Level NLP Persona**: Upgraded the AI's core reasoning engine to natively understand unstructured text, slang, and informal contexts. Rigidly enforced Markdown Table generation for all financial data.
+- **Telegram HTML Parser**: Implemented a custom `formatToTelegramHTML` function. Nyxora now escapes dangerous characters (`<`, `>`, `&`) and automatically wraps AI-generated Markdown tables into `<pre>` monospaced blocks, completely eliminating the "Bad Request" rendering crash on Telegram.
+- **Dynamic Tx Formatter (Tap-to-Copy)**: The post-transaction approval message is now bilingual (auto-detecting English/Indonesian from chat history). Transaction Hashes and wallet addresses are wrapped in `<code>` tags for seamless tap-to-copy UX on mobile devices.
+- **CLI Setup Typography**: Updated outdated CLI prompts that falsely referenced legacy `AES-256-GCM` encryption. The CLI now correctly informs the user that Private Keys are securely locked inside the OS Native Keyring Vault.
+
 ## [1.6.7]
 
 ### UI/UX

package/README.md

@@ -8,7 +8,7 @@
 [![Execution: Cryptographic Approval](https://img.shields.io/badge/Execution-Cryptographic--Approval-orange.svg)](#️-advanced-security-threat-model)
 [![Privacy: Local-Only Keys](https://img.shields.io/badge/Privacy-Local--Only--Keys-success.svg)](#️-advanced-security-threat-model)
 
-Nyxora is a **secure, non-custodial runtime infrastructure for autonomous onchain agents** built with a robust Monorepo architecture (Node.js & React). Designed for autonomous workflows with a premium Glassmorphism UI dashboard and strict client-side key isolation. 
+Nyxora is a **secure, non-custodial runtime infrastructure for autonomous onchain agents** built with a robust Monorepo architecture (Node.js & React). Designed for autonomous workflows with a premium Utility-Centric dark-themed UI and strict client-side key isolation. 
 
 **Nyxora now natively supports the Model Context Protocol (MCP)**. You can transform your external AI agents (like Claude Desktop and Cursor) into secure Web3 actors that execute swaps and fetch balances using Nyxora's secure signer vault. [View the MCP Integration Guide](https://nyxoraAI.github.io/Nyxora/guide/mcp-integration)
 
@@ -25,7 +25,7 @@ It operates under an institutional-grade **Cryptographically Bound Human-in-the-
 *   **Plugin Sandbox VM**: Execute community-built external skills securely inside an airtight Node.js `vm` chamber with zero access to your file system or terminal processes.
 
 ### 🌐 Web3 Skills (On-Chain)
-*   **Anti-Rugpull & Security Scanner**: Nyxora can scan smart contracts via GoPlus Labs to detect Honeypots, Hidden Taxes, and malicious proxy upgrades before you buy.
+*   **Security Scanner**: Nyxora can scan smart contracts via GoPlus Labs to detect Honeypots, Hidden Taxes, and malicious proxy upgrades before you buy.
 *   **Automated Take Profit (TP) & Cut Loss (CL)**: The trader's holy grail. Set natural language rules (e.g., "Sell my PEPE if price drops below $0.001"). Nyxora runs a background cron monitor and executes the swap while you sleep.
 *   **Cross-Chain Hybrid Market Scanner**: Real-time asset tracking combining CoinGecko global data with DexScreener on-chain metrics across Ethereum, Base, Solana, BSC, and more.
 *   **"Lean Degen" Auto-Whitelist**: Automatically intercepts Contract Addresses (CAs) whenever you check balances or swap tokens, saving them to your localized `user_whitelist.json` for future tracking.

package/bin/nyxora.mjs

@@ -217,6 +217,14 @@ async function main() {
     case 'dashboard': await dashboard(); break;
     case 'clean-logs': await cleanLogs(); break;
     case 'autostart': await autostart(process.argv[3]); break;
+    case '-v':
+    case '--v':
+    case '--version':
+    case 'version':
+      const pkgPath = path.join(projectRoot, 'package.json');
+      const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+      console.log(`Nyxora v${pkg.version}`);
+      break;
     default:
       console.log(`
 Nyxora CLI Manager

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nyxora",
-  "version": "1.6.13",
+  "version": "1.7.1",
   "license": "MIT",
   "workspaces": [
     "packages/*"
@@ -26,7 +26,6 @@
     "concurrently": "^9.2.1",
     "cors": "^2.8.6",
     "dotenv": "^17.4.2",
-    "duck-duck-scrape": "^2.2.7",
     "express": "^5.2.1",
     "express-rate-limit": "^7.5.0",
     "helmet": "^8.0.0",

package/packages/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nyxora-agent-core",
-  "version": "1.6.7",
+  "version": "1.7.1",
   "private": true,
   "main": "src/gateway/server.ts",
   "dependencies": {

package/packages/core/src/agent/limitOrderManager.ts

@@ -2,7 +2,7 @@ import fs from 'fs';
 import path from 'path';
 import { loadConfig } from '../config/parser';
 import { getPath } from '../config/paths';
-import { ChainName } from '../web3/config';
+import { ChainName, SUPPORTED_CHAIN_NAMES } from '../web3/config';
 import { resolveToken } from '../web3/utils/tokens';
 import { prepareSwapToken, executeSwap } from '../web3/skills/swapToken';
 import { txManager } from './transactionManager';
@@ -158,7 +158,7 @@ export const createLimitOrderToolDefinition = {
     parameters: {
       type: "object",
       properties: {
-        chainName: { type: "string", enum: ["ethereum", "base", "bsc", "arbitrum", "optimism", "sepolia"] },
+        chainName: { type: "string", enum: SUPPORTED_CHAIN_NAMES },
         fromToken: { type: "string", description: "Token to sell" },
         toToken: { type: "string", description: "Token to buy" },
         amountStr: { type: "string", description: "Amount to sell" },

package/packages/core/src/agent/reasoning.ts

@@ -1,7 +1,7 @@
 import fs from 'fs';
 import path from 'path';
 import { OpenAI } from 'openai';
-import { loadConfig } from '../config/parser';
+import { loadConfig, loadApiKeys } from '../config/parser';
 import { Logger } from '../memory/logger';
 import { Tracker } from '../gateway/tracker';
 import { getBalanceToolDefinition, getBalance } from '../web3/skills/getBalance';
@@ -21,10 +21,12 @@ import { getMyAddressToolDefinition, getMyAddress } from '../web3/skills/getMyAd
 import { createLimitOrderToolDefinition, listLimitOrdersToolDefinition, cancelLimitOrderToolDefinition, limitOrderManager } from './limitOrderManager';
 import { updateProfileToolDefinition, updateProfile } from './updateProfile';
 import { updateSecurityPolicyToolDefinition, updateSecurityPolicy } from '../system/skills/updateSecurityPolicy';
+import { analyzeDocumentToolDefinition, analyzeDocument } from '../system/skills/analyzeDocument';
 import { readLocalFileToolDefinition, readLocalFile } from '../system/skills/readFile';
 import { writeLocalFileToolDefinition, writeLocalFile } from '../system/skills/writeFile';
 import { runTerminalCommandToolDefinition, runTerminalCommand } from '../system/skills/executeShell';
 import { browseWebsiteToolDefinition, browseWebsite } from '../system/skills/browseWeb';
+import { searchWebToolDefinition, searchWeb } from '../system/skills/searchWeb';
 import { installExternalSkillToolDefinition, installExternalSkill } from '../system/skills/installSkill';
 import { 
   readGmailInbox, 
@@ -46,8 +48,9 @@ export const logger = new Logger();
 
 let currentKeyIndex = 0;
 
-function getOpenAI(): OpenAI {
+async function getOpenAI(): Promise<OpenAI> {
   const config = loadConfig();
+  const vaultKeys = await loadApiKeys();
   
   if (config.llm.provider === 'ollama') {
     return new OpenAI({
@@ -78,16 +81,16 @@ function getOpenAI(): OpenAI {
   // Fallbacks if no valid keys found in config.llm.api_keys
   if (!apiKey) {
     if (config.llm.provider === 'gemini') {
-      apiKey = config.llm.credentials?.gemini_key || '';
+      apiKey = vaultKeys.gemini_key || config.credentials?.gemini_key || '';
     } else if (config.llm.provider === 'openrouter') {
-      apiKey = config.llm.credentials?.openrouter_key || '';
+      apiKey = vaultKeys.openrouter_key || config.credentials?.openrouter_key || '';
     } else {
-      apiKey = config.llm.credentials?.openai_key || '';
+      apiKey = vaultKeys.openai_key || config.credentials?.openai_key || '';
     }
     if (!apiKey) {
-      throw new Error(`No API Key found for ${config.llm.provider} in config.yaml. Please run 'nyxora setup' to configure it.`);
+      throw new Error(`No API Key found for ${config.llm.provider}. Please run 'nyxora setup' to configure it.`);
     }
-    console.log(`[LLM] Using default API Key from config.yaml`);
+    console.log(`[LLM] Using API Key from secure vault`);
   }
 
   if (config.llm.provider === 'gemini') {
@@ -115,7 +118,7 @@ async function executeWithRetry(
   
   while (retries <= maxRetries) {
     try {
-      const client = getOpenAI();
+      const client = await getOpenAI();
       return await requestBuilder(client);
     } catch (error: any) {
       const status = error?.status || error?.response?.status;
@@ -151,12 +154,21 @@ async function executeWithRetry(
 
 function getSystemPrompt() {
   const config = loadConfig();
+  const currentDateTime = new Date().toLocaleString('en-US', { timeZoneName: 'short' });
   let basePrompt = `You are an autonomous Web3 agent operating on EVM chains.
-You are equipped with a native wallet. 
-CRITICAL RULE: You must always reply in the exact same language that the user uses to talk to you. If the user speaks Indonesian, reply in Indonesian. If they speak English, reply in English.
-CRITICAL RULE: When the user asks to check "my balance", "saldo saya", or anything about their own wallet generally, ALWAYS use the check_portfolio tool to show all assets on the chain that have a USD value greater than 0. LEAVE THE ADDRESS PARAMETER EMPTY. Do NOT use get_balance unless the user explicitly asks for the balance of ONE specific token (e.g., "what is my ETH balance?").
-CRITICAL RULE: If the user doesn't specify a chain, default to: ${config.agent.default_chain}. If the user mentions a specific chain (e.g., "on BNB", "di Base"), you MUST override the default and execute the tool on that specific chain.
-CRITICAL RULE: If you use the default chain because the user forgot to specify one, you MUST politely confirm which chain you checked in your response (e.g., "I checked your balance on the ${config.agent.default_chain} network..."). Do not issue scary warnings.`;
+You are equipped with a native wallet.
+The current real-world date and time is: ${currentDateTime}. Use this for any time-related questions.
+
+CRITICAL RULE 1: ADVANCED NLP & PERSONA. You must act as a highly intelligent, adaptive, and intuitive assistant (similar to ChatGPT or Gemini). You must seamlessly understand the user's language structure, including slang, shorthand, informal context, and mixed languages. However, you must maintain a professional and highly accurate Web3 operational standard.
+CRITICAL RULE 2: LANGUAGE MATCHING. You must always reply in the exact same language that the user uses to talk to you. If the user speaks Indonesian, reply in Indonesian. If they speak English, reply in English.
+CRITICAL RULE 3: FORMATTING & CONCISENESS. 
+  - Your responses MUST be concise and to the point. Do not add unnecessary fluff or overly long explanations unless explicitly asked.
+  - When displaying numbers or monetary values, separate thousands with commas (e.g., $1,000,000) for readability.
+  - When displaying a list of assets, tokens, portfolio, or transaction history, YOU MUST USE MARKDOWN TABLES. Do not use bullet points for financial data.
+CRITICAL RULE 4: When the user asks to check "my balance", "saldo saya", or anything about their own wallet generally, ALWAYS use the check_portfolio tool to show all assets on the chain that have a USD value greater than 0. LEAVE THE ADDRESS PARAMETER EMPTY. Do NOT use get_balance unless the user explicitly asks for the balance of ONE specific token.
+CRITICAL RULE 5: If the user doesn't specify a chain, default to: ${config.agent.default_chain}. If the user mentions a specific chain (e.g., "on BNB", "di Base"), you MUST override the default and execute the tool on that specific chain.
+CRITICAL RULE 6: If you use the default chain because the user forgot to specify one, you MUST politely confirm which chain you checked in your response (e.g., "I checked your balance on the ${config.agent.default_chain} network..."). Do not issue scary warnings.
+CRITICAL RULE 7: TOOL PRIORITIZATION. When the user asks about crypto prices, market analysis, token security, or blockchain data, YOU MUST prioritize using the dedicated Web3 skills (e.g., get_price, analyze_market, check_security) FIRST. Only if those tools fail or cannot provide the requested information, you may fallback to using search_web.`;
 
   // Read IDENTITY.md for core AI persona
   try {
@@ -246,10 +258,12 @@ export async function processUserInput(input: string, role: 'user' | 'system' =
           cancelLimitOrderToolDefinition as any,
           updateProfileToolDefinition as any,
           updateSecurityPolicyToolDefinition as any,
+          analyzeDocumentToolDefinition as any,
           readLocalFileToolDefinition as any,
           writeLocalFileToolDefinition as any,
           runTerminalCommandToolDefinition as any,
           browseWebsiteToolDefinition as any,
+          searchWebToolDefinition as any,
           installExternalSkillToolDefinition as any,
           readGmailInboxToolDefinition as any,
           listCalendarEventsToolDefinition as any,
@@ -382,7 +396,11 @@ export async function processUserInput(input: string, role: 'user' | 'system' =
               break;
             }
             case 'update_security_policy': {
-              result = updateSecurityPolicy(args.rule, args.action);
+              result = await updateSecurityPolicy(args.policy, args.action || 'add');
+              break;
+            }
+            case 'analyze_document': {
+              result = await analyzeDocument(args.filePath);
               break;
             }
             case 'read_local_file': {
@@ -409,6 +427,10 @@ export async function processUserInput(input: string, role: 'user' | 'system' =
               result = await browseWebsite(args.url);
               break;
             }
+            case 'search_web': {
+              result = await searchWeb(args.query, args.depth);
+              break;
+            }
             case 'install_external_skill': {
               result = await installExternalSkill(args.url);
               break;

package/packages/core/src/config/parser.ts

@@ -3,6 +3,39 @@ import yaml from 'yaml';
 import path from 'path';
 import { getPath } from './paths';
 
+export async function loadApiKeys(): Promise<Record<string, string>> {
+  const vaultPath = getPath('api_vault.key');
+  try {
+    const { Entry } = require('@napi-rs/keyring');
+    const entry = new Entry('nyxora', 'api_keys');
+    const data = await entry.getPassword();
+    if (data) return JSON.parse(data);
+  } catch (e) {
+    if (fs.existsSync(vaultPath)) {
+      try {
+        const file = fs.readFileSync(vaultPath, 'utf8');
+        return JSON.parse(file);
+      } catch (err) {}
+    }
+  }
+  return {};
+}
+
+export async function saveApiKeys(newKeys: Record<string, string>): Promise<void> {
+  const vaultPath = getPath('api_vault.key');
+  const currentKeys = await loadApiKeys();
+  const mergedKeys = { ...currentKeys, ...newKeys };
+  const dataString = JSON.stringify(mergedKeys);
+
+  try {
+    const { Entry } = require('@napi-rs/keyring');
+    const entry = new Entry('nyxora', 'api_keys');
+    await entry.setPassword(dataString);
+  } catch (e) {
+    fs.writeFileSync(vaultPath, dataString, { mode: 0o600 });
+  }
+}
+
 export interface NyxoraConfig {
   agent: {
     name: string;
@@ -13,11 +46,19 @@ export interface NyxoraConfig {
     model: string;
     temperature: number;
     api_keys?: string[];
-    credentials?: {
-      openai_key?: string;
-      gemini_key?: string;
-      openrouter_key?: string;
-    };
+    credentials?: any; // Deprecated, kept for parsing during migration
+  };
+  web_search?: {
+    provider: 'tavily' | 'brave' | 'mesh';
+    enabled: boolean;
+  };
+  credentials?: {
+    openai_key?: string;
+    gemini_key?: string;
+    openrouter_key?: string;
+    tavily_key?: string;
+    brave_key?: string;
+    [key: string]: string | undefined;
   };
   memory: {
     type: string;
@@ -52,6 +93,47 @@ export function loadConfig(): NyxoraConfig {
     const file = fs.readFileSync(configPath, 'utf8');
     const parsed = yaml.parse(file) as Partial<NyxoraConfig>;
     
+    // Auto-migration logic: move llm.credentials to root credentials
+    let needsSave = false;
+    if (parsed.llm && (parsed.llm as any).credentials) {
+      if (!parsed.credentials) {
+        parsed.credentials = {};
+      }
+      const oldCreds = (parsed.llm as any).credentials;
+      Object.keys(oldCreds).forEach(key => {
+        if (oldCreds[key] && !parsed.credentials![key]) {
+          parsed.credentials![key] = oldCreds[key];
+        }
+      });
+      delete (parsed.llm as any).credentials;
+      needsSave = true;
+    }
+
+    if (needsSave) {
+      try {
+        const yamlStr = yaml.stringify(parsed);
+        fs.writeFileSync(configPath, yamlStr, 'utf8');
+        console.log('[Config] Auto-migrated llm.credentials to root credentials.');
+      } catch (e) {
+        console.error('[Config] Failed to auto-migrate config file', e);
+      }
+    }
+    
+    // Auto-migrate from config.yaml to Keyring/Vault
+    if (parsed.credentials && Object.keys(parsed.credentials).length > 0) {
+      const credsToMigrate = { ...parsed.credentials };
+      saveApiKeys(credsToMigrate).then(() => {
+        console.log('[Config] Auto-migrated API keys to secure vault.');
+        delete parsed.credentials;
+        try {
+          const yamlStr = yaml.stringify(parsed);
+          fs.writeFileSync(configPath, yamlStr, 'utf8');
+        } catch (e) {}
+      }).catch(e => {
+        console.error('[Config] Failed to migrate API keys to secure vault', e);
+      });
+    }
+    
     // Merge with defaults
     return {
       agent: parsed.agent || { name: 'Nyxora-Default', default_chain: 'base' },
@@ -59,9 +141,13 @@ export function loadConfig(): NyxoraConfig {
         provider: 'openai', 
         model: 'gpt-4o-mini', 
         temperature: 0.2, 
-        api_keys: [],
-        credentials: {}
+        api_keys: []
       },
+      web_search: parsed.web_search || {
+        provider: 'mesh',
+        enabled: true
+      },
+      credentials: parsed.credentials || {},
       memory: parsed.memory || { type: 'file', path: './memory.json' },
       web3: parsed.web3 || { rpc_urls: {} },
       integrations: parsed.integrations || {
@@ -80,9 +166,13 @@ export function loadConfig(): NyxoraConfig {
         provider: 'openai', 
         model: 'gpt-4o-mini', 
         temperature: 0.2, 
-        api_keys: [],
-        credentials: {}
+        api_keys: []
+      },
+      web_search: {
+        provider: 'mesh',
+        enabled: true
       },
+      credentials: {},
       memory: { type: 'file', path: './memory.json' },
       web3: { rpc_urls: {} },
       integrations: {

package/packages/core/src/gateway/cli.ts

@@ -13,6 +13,7 @@ import { runSetupWizard } from './setup';
 import { password, isCancel } from '@clack/prompts';
 import { getSessionToken } from '../utils/state';
 import pc from 'picocolors';
+import { saveApiKeys } from '../config/parser';
 
 async function main() {
   // 1. Determine configuration directory
@@ -30,6 +31,33 @@ console.log(`================================`);
     process.exit(0);
   }
 
+  // Check for set-key shortcut
+  if (process.argv.includes('set-key')) {
+    const setKeyIndex = process.argv.indexOf('set-key');
+    const provider = process.argv[setKeyIndex + 1];
+    const key = process.argv[setKeyIndex + 2];
+    
+    if (!provider || !key) {
+      console.error(pc.red('Usage: nyxora set-key <provider> <api_key>'));
+      console.error(pc.gray('Example: nyxora set-key tavily tvly-xxx'));
+      process.exit(1);
+    }
+    
+    const keyMap: Record<string, string> = {
+      'openai': 'openai_key',
+      'gemini': 'gemini_key',
+      'openrouter': 'openrouter_key',
+      'tavily': 'tavily_key',
+      'brave': 'brave_key'
+    };
+    
+    const mappedKey = keyMap[provider.toLowerCase()] || `${provider.toLowerCase()}_key`;
+    
+    await saveApiKeys({ [mappedKey]: key });
+    console.log(pc.green(`✅ API Key for ${provider} saved securely to vault.`));
+    process.exit(0);
+  }
+
   // 2. Setup boilerplate files if in global mode and they don't exist
   let isFirstBoot = false;
   if (isGlobalMode) {
@@ -65,8 +93,6 @@ console.log(`================================`);
   // 4. Start the Express API Server (which also serves the static dashboard and Telegram bot)
   startServer();
   const token = getSessionToken(); // Initialize token file
-  console.log(`🌐 Nyxora API Server running on port ${process.env.PORT || 3000}`);
-  
   setTimeout(() => {
     console.log(pc.cyan(`\n✨ Dashboard URL: http://localhost:3000/?token=${token}`));
     console.log(pc.gray(`   (Developers: Vite hot-reload available at http://localhost:5173/?token=${token})\n`));

package/packages/core/src/gateway/setup.ts

@@ -3,7 +3,7 @@ import pc from 'picocolors';
 import fs from 'fs';
 import path from 'path';
 import { getAppDir } from '../config/paths';
-import { loadConfig, saveConfig } from '../config/parser';
+import { loadConfig, saveConfig, saveApiKeys } from '../config/parser';
 import crypto from 'crypto';
 
 function encryptKey(privateKey: string, password: string) {
@@ -161,6 +161,25 @@ Provider: ${config.llm.provider}`;
     if (isCancel(apiKey)) return process.exit(0);
   }
 
+  // 3.5. Smart Web Search Setup
+  const searchProvider = await select({
+    message: 'Enable Smart Web Search for Nyxora AI?',
+    options: [
+      { value: 'skip', label: 'Skip (Use basic decentralized mesh)' },
+      { value: 'tavily', label: 'Tavily Search (Built for AI - 1000 free/mo)' },
+      { value: 'brave', label: 'Brave Search (Privacy focused - 2000 free/mo)' },
+    ],
+  });
+  if (isCancel(searchProvider)) return process.exit(0);
+
+  let searchApiKey = '';
+  if (searchProvider !== 'skip') {
+    searchApiKey = (await password({
+      message: `Enter API Key for ${searchProvider} (Get it free at ${searchProvider === 'tavily' ? 'tavily.com' : 'search.brave.com'}):`,
+    })) as string;
+    if (isCancel(searchApiKey)) return process.exit(0);
+  }
+
   // 4. Default Chain
   const defaultChain = await select({
     message: 'Select Default Chain:',
@@ -169,8 +188,9 @@ Provider: ${config.llm.provider}`;
       { value: 'ethereum', label: 'Ethereum Mainnet' },
       { value: 'bsc', label: 'BSC' },
       { value: 'base', label: 'Base' },
-      { value: 'optimism', label: 'Optimism' },
-      { value: 'arbitrum', label: 'Arbitrum' },
+      { value: 'arbitrum', label: 'Arbitrum One' },
+      { value: 'optimism', label: 'OP Mainnet' },
+      { value: 'polygon', label: 'Polygon (Matic)' },
       { value: 'sepolia', label: 'Sepolia (Testnet)' },
     ],
   });
@@ -233,8 +253,8 @@ Provider: ${config.llm.provider}`;
     message: 'Web3 Wallet Setup:',
     options: [
       { value: 'skip', label: 'Skip for now (No Web3 execution)' },
-      { value: 'generate', label: 'Auto-Generate New Wallet (Recommended for testing)' },
-      { value: 'manual', label: 'Input Manual Private Key' },
+      { value: 'generate', label: 'Auto-Generate New Wallet' },
+      { value: 'manual', label: 'Manual Input (Existing Private Key)' },
     ],
   });
   if (isCancel(walletSetupType)) return process.exit(0);
@@ -242,7 +262,7 @@ Provider: ${config.llm.provider}`;
   let privateKey = '';
   if (walletSetupType === 'manual') {
     privateKey = (await password({
-      message: 'Enter Wallet Private Key (0x...)\n  (Will be AES-256-GCM encrypted. See documentation for import guides):',
+      message: 'Enter Wallet Private Key (0x...)\n  (Will be securely locked in your OS Native Keyring Vault):',
     })) as string;
     if (isCancel(privateKey)) return process.exit(0);
   } else if (walletSetupType === 'generate') {
@@ -260,11 +280,26 @@ Provider: ${config.llm.provider}`;
   config.llm.model = model as string;
   config.agent.default_chain = defaultChain as string;
   
-  if (!config.llm.credentials) config.llm.credentials = {};
+  const newApiKeys: Record<string, string> = {};
   if (apiKey) {
-    if (provider === 'openai') config.llm.credentials.openai_key = apiKey;
-    if (provider === 'gemini') config.llm.credentials.gemini_key = apiKey;
-    if (provider === 'openrouter') config.llm.credentials.openrouter_key = apiKey;
+    if (provider === 'openai') newApiKeys.openai_key = apiKey;
+    if (provider === 'gemini') newApiKeys.gemini_key = apiKey;
+    if (provider === 'openrouter') newApiKeys.openrouter_key = apiKey;
+  }
+
+  if (!config.web_search) config.web_search = { provider: 'mesh', enabled: true };
+  if (searchProvider !== 'skip') {
+    config.web_search.provider = searchProvider as any;
+    if (searchApiKey) {
+      if (searchProvider === 'tavily') newApiKeys.tavily_key = searchApiKey;
+      if (searchProvider === 'brave') newApiKeys.brave_key = searchApiKey;
+    }
+  } else {
+    config.web_search.provider = 'mesh';
+  }
+
+  if (Object.keys(newApiKeys).length > 0) {
+    await saveApiKeys(newApiKeys);
   }
 
   if (!config.integrations) config.integrations = {};

package/packages/core/src/gateway/telegram.ts

@@ -10,6 +10,31 @@ import { executeCustomTx } from '../web3/skills/customTx';
 import { formatTransactionSuccess, formatTransactionError } from '../utils/formatter';
 import pc from 'picocolors';
 
+export function formatToTelegramHTML(text: string): string {
+  if (!text) return "";
+  let html = text
+    .replace(/&/g, '&')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;');
+    
+  html = html.replace(/\*\*(.*?)\*\*/g, '<b>$1</b>');
+  // Match italic * avoiding bullet points at the start of a line
+  html = html.replace(/(?<!^|\n)\*(?!\s)(.*?)(?<!\s)\*/g, '<i>$1</i>');
+  html = html.replace(/_(.*?)_/g, '<i>$1</i>');
+  
+  // Convert code blocks and inline code
+  html = html.replace(/```([\s\S]*?)```/g, '<pre><code>$1</code></pre>');
+  html = html.replace(/`([^`]+)`/g, '<code>$1</code>');
+  
+  // Transform Markdown Tables to <pre> monospaced blocks so they don't break on mobile
+  const tableRegex = /(?:\|.*\|(?:\n|$))+/g;
+  html = html.replace(tableRegex, (match) => {
+     return `<pre>${match.trim()}</pre>\n`;
+  });
+
+  return html;
+}
+
 export function startTelegramBot() {
   const config = loadConfig();
   const token = config.integrations?.telegram?.bot_token;
@@ -104,10 +129,10 @@ export function startTelegramBot() {
         const onProgress = async (progressText: string) => {
           try {
             if (!progressMsgId) {
-              const sent = await ctx.reply(progressText, { parse_mode: 'Markdown' });
+              const sent = await ctx.reply(`<i>${progressText.replace(/_/g, '')}</i>`, { parse_mode: 'HTML' });
               progressMsgId = sent.message_id;
             } else {
-              await ctx.telegram.editMessageText(ctx.chat.id, progressMsgId, undefined, progressText, { parse_mode: 'Markdown' });
+              await ctx.telegram.editMessageText(ctx.chat.id, progressMsgId, undefined, `<i>${progressText.replace(/_/g, '')}</i>`, { parse_mode: 'HTML' });
             }
           } catch (e) {}
         };
@@ -122,17 +147,20 @@ export function startTelegramBot() {
         if (pendingTxs.length > 0) {
           const latestTx = pendingTxs[pendingTxs.length - 1];
           if (Date.now() - latestTx.createdAt < 120000) {
-            await ctx.reply(response, Markup.inlineKeyboard([
-              [
-                Markup.button.callback('✅ Approve', `approve_${latestTx.id}`),
-                Markup.button.callback('❌ Reject', `reject_${latestTx.id}`)
-              ]
-            ]));
+            await ctx.reply(formatToTelegramHTML(response), {
+              parse_mode: 'HTML',
+              ...Markup.inlineKeyboard([
+                [
+                  Markup.button.callback('✅ Approve', `approve_${latestTx.id}`),
+                  Markup.button.callback('❌ Reject', `reject_${latestTx.id}`)
+                ]
+              ])
+            });
             return;
           }
         }
 
-        await ctx.reply(response);
+        await ctx.reply(formatToTelegramHTML(response), { parse_mode: 'HTML' });
       } catch (error: any) {
         console.error('[Telegram] Error processing message:', error);
         await ctx.reply('❌ Sorry, I encountered an error while processing your message.');
@@ -170,8 +198,19 @@ export function startTelegramBot() {
         }
         
         txManager.updateStatus(txId, 'executed', result);
-        const prettyMsg = formatTransactionSuccess(tx, result);
-        await ctx.reply(`✅ Transaction processed:\n\n${prettyMsg}`);
+        
+        // Pass session history to formatTransactionSuccess to detect language
+        const sessionId = ctx.chat?.id.toString() || 'default';
+        const history = logger.getHistory(sessionId);
+        let isIndonesian = false;
+        if (history.length > 0) {
+           const lastMsg = history[history.length - 1].content.toLowerCase();
+           const idWords = ['saya', 'kamu', 'aku', 'apa', 'bagaimana', 'kenapa', 'bisa', 'tolong', 'ke', 'di', 'dari', 'yang', 'ini', 'itu', 'buat', 'cek', 'saldo'];
+           if (idWords.some(w => lastMsg.includes(w))) isIndonesian = true;
+        }
+
+        const prettyMsg = formatTransactionSuccess(tx, result, isIndonesian);
+        await ctx.reply(formatToTelegramHTML(`✅ **Transaction processed:**\n\n${prettyMsg}`), { parse_mode: 'HTML' });
         
         logger.addEntry({ role: 'assistant', content: `✅ Transaction processed:\n\n${prettyMsg}` });
         logger.addEntry({ role: 'tool', name: tx.type === 'swap' ? 'swap_token' : 'transfer_native', content: result });
@@ -199,7 +238,9 @@ export function startTelegramBot() {
       console.error('[Telegram] Telegraf error:', err);
     });
 
-    bot.launch();
+    bot.launch().catch(err => {
+      console.error('[Telegram] Connection failed (likely blocked by ISP or timeout):', err.message);
+    });
     
     if (isPaired) {
       console.log('🤖 Telegram Bot is running and securely listening for your messages...');