nyxora 1.6.2 → 1.6.4

package/packages/core/src/gateway/cli.ts

@@ -59,72 +59,10 @@ console.log(`================================`);
     await runSetupWizard();
   }
 
-  // 3. Load Private Key into Memory
-  const keystorePath = path.join(appDir, 'keystore.json');
-  if (fs.existsSync(keystorePath)) {
-    const masterPassword = await password({
-      message: '🔒 Vault locked! Enter Master Password to access Nyxora:',
-    });
-
-    if (isCancel(masterPassword) || !masterPassword) {
-      console.log(pc.red('Access denied. Exiting Nyxora.'));
-      return process.exit(0);
-    }
-
-    try {
-      const keystore = JSON.parse(fs.readFileSync(keystorePath, 'utf8'));
-      const internalToken = process.env.INTERNAL_AUTH_TOKEN;
-      let unlocked = false;
-      for (let i = 0; i < 5; i++) {
-        try {
-          const res = await fetch('http://127.0.0.1:3001/unlock', {
-            method: 'POST',
-            headers: {
-              'Content-Type': 'application/json',
-              'Authorization': `Bearer ${internalToken}`
-            },
-            body: JSON.stringify({ keystore, password: masterPassword })
-          });
-          
-          const data = await res.json();
-          if (res.ok && data.success) {
-            console.log(pc.green(`✅ Vault successfully unlocked. Agent Address: ${data.address}`));
-            unlocked = true;
-            break;
-          } else {
-            console.log(pc.red(`❌ Failed to unlock Vault: ${data.error || 'Unknown error'}`));
-            break; // Stop retrying on auth error
-          }
-        } catch (e: any) {
-          if (i === 4) {
-            console.log(pc.red(`❌ IPC Connection to Policy failed: ${e.message}`));
-          } else {
-            await new Promise(r => setTimeout(r, 1000));
-          }
-        }
-      }
-      
-      if (!unlocked) {
-        console.log(pc.yellow('⚠️ Proceeding anyway. You can retry unlock via Dashboard later.'));
-      }
-    } catch (err: any) {
-      console.log(pc.red(`❌ Failed to read keystore or connect: ${err.message}`));
-    }
-  } else {
-    console.log(pc.yellow('⚠️ Keystore not found. Web3 features will be disabled unless you run `nyxora setup`.'));
-  }
-
   // 4. Start the Express API Server (which also serves the static dashboard and Telegram bot)
   startServer();
-
-  // 5. Open the Dashboard in the default browser
-  const PORT = process.env.PORT || 3000;
-  const token = getSessionToken();
-  setTimeout(() => {
-    const url = `http://localhost:${PORT}?token=${token}`;
-    console.log(`🌐 Opening Dashboard at ${url}`);
-    open(url);
-  }, 1500);
+  getSessionToken(); // Initialize token file
+  console.log(`🌐 Nyxora API Server running on port ${process.env.PORT || 3000}`);
 }
 
 main().catch(console.error);

package/packages/core/src/gateway/server.ts

@@ -5,6 +5,7 @@ import helmet from 'helmet';
 import rateLimit from 'express-rate-limit';
 import http from 'http';
 import jwt from 'jsonwebtoken';
+import crypto from 'crypto';
 import { getPath } from '../config/paths';
 import { getSessionToken } from '../utils/state';
 
@@ -31,17 +32,21 @@ import { executeCustomTx, customTxToolDefinition } from '../web3/skills/customTx
 import { startTelegramBot } from './telegram';
 import { formatTransactionSuccess, formatTransactionError } from '../utils/formatter';
 
+import util from 'util';
+
 // Intercept console.log and console.error
 const originalLog = console.log;
 const originalError = console.error;
 
+const safeFormat = (a: any) => typeof a === 'object' ? util.inspect(a, { depth: 2 }) : String(a);
+
 console.log = function (...args) {
-  Tracker.addGatewayLog(args.map(a => typeof a === 'object' ? JSON.stringify(a) : String(a)).join(' '));
+  Tracker.addGatewayLog(args.map(safeFormat).join(' '));
   originalLog.apply(console, args);
 };
 
 console.error = function (...args) {
-  Tracker.addGatewayLog(args.map(a => typeof a === 'object' ? JSON.stringify(a) : String(a)).join(' '), { level: 'error' });
+  Tracker.addGatewayLog(args.map(safeFormat).join(' '), { level: 'error' });
   originalError.apply(console, args);
 };
 
@@ -52,7 +57,7 @@ app.use(express.json());
 
 const apiLimiter = rateLimit({
   windowMs: 15 * 60 * 1000,
-  max: 100,
+  max: 10000, // Increased from 100 to 10000 to prevent breaking dashboard polling (which polls every 2s)
   message: 'Too many requests from this IP, please try again after 15 minutes'
 });
 app.use('/api/', apiLimiter);
@@ -61,7 +66,7 @@ app.use('/api/', apiLimiter);
 app.use('/api', (req, res, next) => {
   const token = req.headers['x-nyxora-token'];
   if (token !== getSessionToken()) {
-    return res.status(401).json({ error: 'Unauthorized: Invalid or missing token' });
+    return res.status(401).json({ error: `Unauthorized: Invalid or missing token. Expected: ${getSessionToken()}, Received: ${token}` });
   }
   next();
 });
@@ -76,7 +81,8 @@ app.get('/', (req, res) => {
 
 app.get('/api/history', (req, res) => {
   try {
-    const history = logger.getHistory();
+    const sessionId = req.query.session_id as string | undefined;
+    const history = logger.getHistory(sessionId);
     // Filter out internal system prompt for the frontend
     const cleanHistory = history.filter((msg: any) => msg.role !== 'system');
     res.json(cleanHistory);
@@ -87,7 +93,8 @@ app.get('/api/history', (req, res) => {
 
 app.delete('/api/history', (req, res) => {
   try {
-    logger.clear();
+    const sessionId = req.query.session_id as string | undefined;
+    logger.clear(sessionId);
     Tracker.addEvent('memory.cleared');
     res.json({ success: true });
   } catch (error: any) {
@@ -95,6 +102,45 @@ app.delete('/api/history', (req, res) => {
   }
 });
 
+app.get('/api/sessions', (req, res) => {
+  try {
+    res.json(logger.getSessions());
+  } catch (error: any) {
+    res.status(500).json({ error: error.message });
+  }
+});
+
+app.post('/api/sessions', (req, res) => {
+  try {
+    const { title } = req.body;
+    const id = logger.createSession(title || 'New Chat');
+    res.json({ id });
+  } catch (error: any) {
+    res.status(500).json({ error: error.message });
+  }
+});
+
+app.delete('/api/sessions/:id', (req, res) => {
+  try {
+    logger.deleteSession(req.params.id);
+    res.json({ success: true });
+  } catch (error: any) {
+    res.status(500).json({ error: error.message });
+  }
+});
+
+app.put('/api/sessions/:id', (req, res) => {
+  try {
+    const { title } = req.body;
+    if (title) {
+      logger.renameSession(req.params.id, title);
+    }
+    res.json({ success: true });
+  } catch (error: any) {
+    res.status(500).json({ error: error.message });
+  }
+});
+
 app.get('/api/config', (req, res) => {
   try {
     const config = loadConfig();
@@ -155,6 +201,10 @@ app.post('/api/transactions/:id/approve', (req, res) => {
 
   const jwtToken = jwt.sign({ service: 'core' }, token, { expiresIn: '1m' });
 
+  // Generate Challenge Nonce
+  const nonce = crypto.randomBytes(16).toString('hex');
+  const approvalHash = crypto.createHash('sha256').update(id + nonce + token).digest('hex');
+
   const options = {
     hostname: '127.0.0.1',
     port: 3001,
@@ -166,6 +216,9 @@ app.post('/api/transactions/:id/approve', (req, res) => {
     }
   };
 
+  const requestPayload = JSON.stringify({ nonce, approvalHash });
+  options.headers['Content-Length'] = Buffer.byteLength(requestPayload);
+
   const proxyReq = http.request(options, (proxyRes) => {
     res.status(proxyRes.statusCode || 200);
     proxyRes.pipe(res);
@@ -175,6 +228,7 @@ app.post('/api/transactions/:id/approve', (req, res) => {
     res.status(500).json({ error: 'Policy Engine unreachable: ' + e.message });
   });
 
+  proxyReq.write(requestPayload);
   proxyReq.end();
 });
 
@@ -188,15 +242,42 @@ app.post('/api/transactions/:id/reject', (req, res) => {
   res.json({ success: true });
 });
 
+let cachedTrending: string[] | null = null;
+let lastTrendingFetch = 0;
+
+app.get('/api/trending', async (req, res) => {
+  const now = Date.now();
+  if (cachedTrending && now - lastTrendingFetch < 5 * 60 * 1000) {
+    return res.json(cachedTrending);
+  }
+  try {
+    const response = await fetch('https://api.coingecko.com/api/v3/search/trending');
+    if (response.ok) {
+      const data = await response.json();
+      const top5 = data.coins.slice(0, 5).map((c: any) => '$' + c.item.symbol.toUpperCase());
+      cachedTrending = top5;
+      lastTrendingFetch = now;
+      res.json(top5);
+    } else {
+      // Fallback if coingecko rate limits
+      if (cachedTrending) return res.json(cachedTrending);
+      res.status(response.status).json({ error: 'Failed to fetch trending' });
+    }
+  } catch (err: any) {
+    if (cachedTrending) return res.json(cachedTrending);
+    res.status(500).json({ error: err.message });
+  }
+});
+
 app.post('/api/chat', async (req, res) => {
   try {
-    const { message } = req.body;
+    const { message, session_id } = req.body;
     if (!message) {
       return res.status(400).json({ error: 'Message is required' });
     }
     
     // Process input (this will automatically add to memory)
-    const response = await processUserInput(message);
+    const response = await processUserInput(message, 'user', undefined, session_id);
     
     res.json({ response });
   } catch (error: any) {

package/packages/core/src/gateway/setup-cli.ts

@@ -0,0 +1,7 @@
+import { runSetupWizard } from './setup';
+import * as process from 'process';
+
+runSetupWizard().catch((err) => {
+  console.error("Setup failed:", err);
+  process.exit(1);
+});

package/packages/core/src/gateway/setup.ts

@@ -1,4 +1,4 @@
-import { intro, outro, confirm, select, text, isCancel, cancel, note, password } from '@clack/prompts';
+import { intro, outro, confirm, select, text, isCancel, cancel, note, password, spinner } from '@clack/prompts';
 import pc from 'picocolors';
 import fs from 'fs';
 import path from 'path';
@@ -184,11 +184,48 @@ Provider: ${config.llm.provider}`;
   if (isCancel(setupTelegram)) return process.exit(0);
 
   let telegramToken = '';
+  let authorizedChatId = config.integrations?.telegram?.authorized_chat_id;
   if (setupTelegram) {
     telegramToken = (await password({
       message: 'Enter Telegram Bot Token from @BotFather (Leave empty if already set):',
     })) as string;
     if (isCancel(telegramToken)) return process.exit(0);
+
+    if (telegramToken && !authorizedChatId) {
+      const s = spinner();
+      const pin = Math.floor(100000 + Math.random() * 900000).toString();
+      
+      note(pc.cyan(`1. Open Telegram and search for your Bot.\n2. Send this exact message to your bot:\n\n   /auth ${pin}\n\nWaiting for your message...`), 'Telegram Pairing Required');
+      s.start(`Waiting for /auth ${pin} on Telegram...`);
+
+      try {
+        const { Telegraf } = require('telegraf');
+        const bot = new Telegraf(telegramToken);
+        let paired = false;
+
+        bot.command('auth', (ctx: any) => {
+          const text = ctx.message.text.split(' ');
+          if (text[1] === pin) {
+            authorizedChatId = ctx.chat.id;
+            paired = true;
+            ctx.reply('✅ Bot successfully paired with Nyxora!');
+            bot.stop();
+          } else {
+            ctx.reply('❌ Invalid PIN.');
+          }
+        });
+
+        bot.launch();
+
+        // Wait until paired
+        while (!paired) {
+          await new Promise(r => setTimeout(r, 1000));
+        }
+        s.stop(`Bot successfully paired with Chat ID: ${authorizedChatId}`);
+      } catch (err: any) {
+        s.stop(`Failed to start bot listener: ${err.message}. You can pair it later.`);
+      }
+    }
   }
 
   // 6. Wallet Setup
@@ -214,21 +251,7 @@ Provider: ${config.llm.provider}`;
     note(`New Wallet Generated!\n\nAddress: ${account.address}\nPrivate Key: ${privateKey}\n\nIMPORTANT: Backup this Private Key NOW! It is securely injected into your local vault, but you will need it to import your wallet elsewhere.`, 'Wallet Created');
   }
 
-  let masterPassword = '';
-  if (privateKey) {
-    masterPassword = (await password({
-      message: 'Enter a strong MASTER PASSWORD to encrypt your key vault:',
-    })) as string;
-    if (isCancel(masterPassword) || !masterPassword) return process.exit(0);
 
-    const masterPasswordConfirm = (await password({
-      message: 'Confirm MASTER PASSWORD:',
-    })) as string;
-    if (isCancel(masterPasswordConfirm) || masterPassword !== masterPasswordConfirm) {
-      console.log(pc.red('❌ Passwords do not match. Setup cancelled.'));
-      return process.exit(1);
-    }
-  }
 
   // --- SAVING ---
   
@@ -251,24 +274,25 @@ Provider: ${config.llm.provider}`;
   if (setupTelegram && telegramToken) {
     config.integrations.telegram.bot_token = telegramToken as string;
   }
+  
+  if (authorizedChatId) {
+    config.integrations.telegram.authorized_chat_id = authorizedChatId;
+  }
 
   saveConfig(config);
 
-  // Update keystore.json exclusively for Private Key
-  if (privateKey && masterPassword) {
-    const keystorePath = path.join(appDir, 'keystore.json');
+  // Save Private Key to OS Keyring or fallback to .env
+  if (privateKey) {
     try {
-      const encryptedData = encryptKey(privateKey as string, masterPassword);
-      fs.writeFileSync(keystorePath, JSON.stringify(encryptedData, null, 2), 'utf8');
-      
-      // Cleanup old .env if it existed
-      const envPath = path.join(appDir, '.env');
-      if (fs.existsSync(envPath)) {
-        fs.unlinkSync(envPath);
-        console.log(pc.yellow('Legacy .env file has been deleted for security.'));
-      }
+      const { Entry } = require('@napi-rs/keyring');
+      const entry = new Entry('nyxora', 'wallet');
+      await entry.setPassword(privateKey as string);
+      console.log(pc.green('Private key saved securely to OS Keyring.'));
     } catch (error) {
-      console.error('Failed to save keystore.json:', error);
+      console.warn(pc.yellow('Failed to save to OS Keyring (Module mismatch or headless server). Falling back to local vault.key'));
+      const vaultPath = path.join(appDir, 'vault.key');
+      fs.writeFileSync(vaultPath, `PRIVATE_KEY=${privateKey}\n`, { mode: 0o600 });
+      console.log(pc.green('Private key saved to ~/.nyxora/vault.key with 0600 permissions.'));
     }
   }