nyxora 1.6.2 → 1.6.4

package/packages/core/src/gateway/telegram.ts

@@ -1,6 +1,6 @@
-import TelegramBot from 'node-telegram-bot-api';
+import { Telegraf, Markup } from 'telegraf';
 import { processUserInput, logger } from '../agent/reasoning';
-import { loadConfig } from '../config/parser';
+import { loadConfig, saveConfig } from '../config/parser';
 import { txManager } from '../agent/transactionManager';
 import { executeTransfer } from '../web3/skills/transfer';
 import { executeSwap } from '../web3/skills/swapToken';
@@ -14,143 +14,201 @@ export function startTelegramBot() {
   const config = loadConfig();
   const token = config.integrations?.telegram?.bot_token;
 
-  
   if (!token) {
     console.log('[Telegram] No TELEGRAM_BOT_TOKEN found in config.yaml. Bot is disabled.');
     return;
   }
 
   try {
-    const bot = new TelegramBot(token, { polling: true });
-
-    bot.on('message', async (msg) => {
-      const chatId = msg.chat.id;
-      const text = msg.text;
-
-      if (!text) return;
+    const bot = new Telegraf(token);
+    
+    // Pairing state variables
+    const isPaired = !!config.integrations?.telegram?.authorized_chat_id;
+    let generatedPin = '';
+    let pinExpiry = 0;
+
+    if (!isPaired) {
+      generatedPin = Math.floor(100000 + Math.random() * 900000).toString();
+      pinExpiry = Date.now() + 5 * 60 * 1000; // 5 minutes TTL
+      
+      console.log(pc.yellow('\n==================================================='));
+      console.log(pc.yellow('🔐 OTORISASI BOT TELEGRAM DIBUTUHKAN'));
+      console.log(pc.yellow('==================================================='));
+      console.log('Bot Telegram Anda saat ini terkunci demi keamanan.');
+      console.log('Buka Telegram Anda, dan kirimkan perintah berikut ke bot Anda:\n');
+      console.log(pc.cyan(`  /auth ${generatedPin}\n`));
+      console.log(pc.gray('(Kode OTP ini akan kedaluwarsa dalam 5 menit)\n'));
+      console.log('⏳ Menunggu pesan masuk...');
+    }
+
+    // Security Middleware (OTP & Authorization)
+    bot.use(async (ctx, next) => {
+      const currentConfig = loadConfig();
+      const authId = currentConfig.integrations?.telegram?.authorized_chat_id;
+      
+      if (authId) {
+        // Paired mode: Reject unauthorized users silently
+        if (ctx.chat?.id !== authId) {
+          return;
+        }
+        return next();
+      }
 
-      if (text === '/clear') {
-        logger.clear();
-        bot.sendMessage(chatId, '✅ Memori AI telah dihapus. Mari kita mulai obrolan baru!');
-        return;
+      // Pairing mode: Listen for /auth command
+      if (ctx.message && 'text' in ctx.message) {
+        const text = ctx.message.text || '';
+        if (text.startsWith('/auth ')) {
+          const pin = text.split(' ')[1];
+          if (Date.now() > pinExpiry) {
+            await ctx.reply('❌ The pairing PIN has expired. Please restart the CLI to generate a new one.');
+            return;
+          }
+          if (pin === generatedPin) {
+            // Success
+            if (!currentConfig.integrations) currentConfig.integrations = {};
+            if (!currentConfig.integrations.telegram) currentConfig.integrations.telegram = { enabled: true, bot_token: token };
+            
+            currentConfig.integrations.telegram.authorized_chat_id = ctx.chat?.id;
+            saveConfig(currentConfig);
+            
+            await ctx.reply('✅ Otorisasi Berhasil! Agen Nyxora kini hanya akan mematuhi perintah Anda. Koneksi diamankan.');
+            console.log(pc.green(`\n[Telegram] Successfully paired with Chat ID: ${ctx.chat?.id}`));
+            return; // Done parsing auth, ignore this specific message for further logic
+          } else {
+            await ctx.reply('❌ PIN salah.');
+            return;
+          }
+        }
       }
+      
+      // If not paired and not an auth command, silently drop
+      return;
+    });
 
-      // Log incoming message
-      console.log(`[Telegram] Received from ${msg.from?.first_name}: ${text}`);
+    bot.command('clear', async (ctx) => {
+      logger.clear();
+      await ctx.reply('✅ Memori AI telah dihapus. Mari kita mulai obrolan baru!');
+    });
+
+    bot.on('text', async (ctx) => {
+      const text = ctx.message.text;
+      if (text.startsWith('/')) return; // Ignore other commands
 
-      // Send typing action to Telegram
-      bot.sendChatAction(chatId, 'typing');
+      console.log(`[Telegram] Received from ${ctx.from?.first_name || 'User'}: ${text}`);
+      
+      // Send typing action
+      await ctx.sendChatAction('typing');
 
       try {
         let progressMsgId: number | null = null;
         const onProgress = async (progressText: string) => {
           try {
             if (!progressMsgId) {
-              const sent = await bot.sendMessage(chatId, progressText, { parse_mode: 'Markdown' });
+              const sent = await ctx.reply(progressText, { parse_mode: 'Markdown' });
               progressMsgId = sent.message_id;
             } else {
-              await bot.editMessageText(progressText, { chat_id: chatId, message_id: progressMsgId, parse_mode: 'Markdown' });
+              await ctx.telegram.editMessageText(ctx.chat.id, progressMsgId, undefined, progressText, { parse_mode: 'Markdown' });
             }
           } catch (e) {}
         };
 
-        // Feed the message to the AI agent
         const response = await processUserInput(text, 'user', onProgress);
-        
+
         if (progressMsgId) {
-          // Clean up the progress message
-          bot.deleteMessage(chatId, progressMsgId).catch(() => {});
+          await ctx.telegram.deleteMessage(ctx.chat.id, progressMsgId).catch(() => {});
         }
-        
-        // Send the AI's response back to Telegram
-        
-        // Check for newly created pending transactions
+
         const pendingTxs = txManager.getPending();
         if (pendingTxs.length > 0) {
           const latestTx = pendingTxs[pendingTxs.length - 1];
-          // If the transaction was created within the last 2 minutes, show the inline keyboard
           if (Date.now() - latestTx.createdAt < 120000) {
-            bot.sendMessage(chatId, response, {
-              reply_markup: {
-                inline_keyboard: [[
-                  { text: '✅ Approve', callback_data: `approve_${latestTx.id}` },
-                  { text: '❌ Reject', callback_data: `reject_${latestTx.id}` }
-                ]]
-              }
-            });
+            await ctx.reply(response, Markup.inlineKeyboard([
+              [
+                Markup.button.callback('✅ Approve', `approve_${latestTx.id}`),
+                Markup.button.callback('❌ Reject', `reject_${latestTx.id}`)
+              ]
+            ]));
             return;
           }
         }
-        
-        bot.sendMessage(chatId, response);
+
+        await ctx.reply(response);
       } catch (error: any) {
         console.error('[Telegram] Error processing message:', error);
-        bot.sendMessage(chatId, '❌ Sorry, I encountered an error while processing your message.');
+        await ctx.reply('❌ Sorry, I encountered an error while processing your message.');
       }
     });
 
-    bot.on('callback_query', async (query) => {
-      const chatId = query.message?.chat.id;
-      if (!chatId || !query.data) return;
-
-      const [action, txId] = query.data.split('_');
+    // Handle callbacks
+    bot.action(/^approve_(.+)$/, async (ctx) => {
+      const txId = ctx.match[1];
       const tx = txManager.getTransaction(txId);
 
       if (!tx || tx.status !== 'pending') {
-        bot.answerCallbackQuery(query.id, { text: 'Transaction not found or already processed.', show_alert: true });
+        await ctx.answerCbQuery('Transaction not found or already processed.', { show_alert: true });
         return;
       }
 
-      if (action === 'approve') {
-        bot.answerCallbackQuery(query.id, { text: 'Processing transaction...' });
-        bot.sendMessage(chatId, `⏳ Processing transaction ${txId}...`);
-        try {
-          let result = '';
-          if (tx.type === 'transfer') {
-            result = await executeTransfer(tx.chainName as any, tx.details);
-          } else if (tx.type === 'swap') {
-            result = await executeSwap(tx.chainName as any, tx.details);
-          } else if (tx.type === 'bridge') {
-            result = await executeBridge(tx.chainName as any, tx.details);
-          } else if (tx.type === 'mint') {
-            result = await executeMintNft(tx.chainName as any, tx.details);
-          } else if (tx.type === 'custom') {
-            result = await executeCustomTx(tx.chainName as any, tx.details);
-          }
-          txManager.updateStatus(txId, 'executed', result);
-          const prettyMsg = formatTransactionSuccess(tx, result);
-          bot.sendMessage(chatId, `✅ Transaction processed:\n\n${prettyMsg}`);
-          
-          // Sync with dashboard
-          logger.addEntry({ role: 'assistant', content: `✅ Transaction processed:\n\n${prettyMsg}` });
-          logger.addEntry({ role: 'tool', name: tx.type === 'swap' ? 'swap_token' : 'transfer_native', content: result });
-          
-          // Background update to LLM
-          processUserInput(`Transaction ${txId} was APPROVED via Telegram. Result: ${result}`, 'system').catch(() => {});
-        } catch (err: any) {
-          txManager.updateStatus(txId, 'failed', err.message);
-          const prettyError = formatTransactionError(tx, err.message);
-          bot.sendMessage(chatId, prettyError);
-          
-          // Background update to LLM
-          processUserInput(`Transaction ${txId} FAILED via Telegram. Error: ${err.message}`, 'system').catch(() => {});
+      await ctx.answerCbQuery('Processing transaction...');
+      await ctx.reply(`⏳ Processing transaction ${txId}...`);
+      
+      // Remove inline keyboard immediately
+      await ctx.editMessageReplyMarkup(undefined).catch(() => {});
+
+      try {
+        let result = '';
+        if (tx.type === 'transfer') {
+          result = await executeTransfer(tx.chainName as any, tx.details);
+        } else if (tx.type === 'swap') {
+          result = await executeSwap(tx.chainName as any, tx.details);
+        } else if (tx.type === 'bridge') {
+          result = await executeBridge(tx.chainName as any, tx.details);
+        } else if (tx.type === 'mint') {
+          result = await executeMintNft(tx.chainName as any, tx.details);
+        } else if (tx.type === 'custom') {
+          result = await executeCustomTx(tx.chainName as any, tx.details);
         }
-      } else if (action === 'reject') {
-        txManager.updateStatus(txId, 'rejected');
-        processUserInput(`Transaction ${txId} was REJECTED via Telegram. Acknowledge this briefly.`, 'system').catch(() => {});
-        bot.answerCallbackQuery(query.id, { text: 'Transaction cancelled.' });
-        bot.sendMessage(chatId, `❌ Transaction cancelled.`);
+        
+        txManager.updateStatus(txId, 'executed', result);
+        const prettyMsg = formatTransactionSuccess(tx, result);
+        await ctx.reply(`✅ Transaction processed:\n\n${prettyMsg}`);
+        
+        logger.addEntry({ role: 'assistant', content: `✅ Transaction processed:\n\n${prettyMsg}` });
+        logger.addEntry({ role: 'tool', name: tx.type === 'swap' ? 'swap_token' : 'transfer_native', content: result });
+        
+        processUserInput(`Transaction ${txId} was APPROVED via Telegram. Result: ${result}`, 'system').catch(() => {});
+      } catch (err: any) {
+        txManager.updateStatus(txId, 'failed', err.message);
+        const prettyError = formatTransactionError(tx, err.message);
+        await ctx.reply(prettyError);
+        processUserInput(`Transaction ${txId} FAILED via Telegram. Error: ${err.message}`, 'system').catch(() => {});
       }
+    });
+
+    bot.action(/^reject_(.+)$/, async (ctx) => {
+      const txId = ctx.match[1];
+      txManager.updateStatus(txId, 'rejected');
+      processUserInput(`Transaction ${txId} was REJECTED via Telegram. Acknowledge this briefly.`, 'system').catch(() => {});
       
-      // Remove inline keyboard
-      bot.editMessageReplyMarkup({ inline_keyboard: [] }, { chat_id: chatId, message_id: query.message?.message_id });
+      await ctx.answerCbQuery('Transaction cancelled.');
+      await ctx.reply(`❌ Transaction cancelled.`);
+      await ctx.editMessageReplyMarkup(undefined).catch(() => {});
     });
 
-    bot.on('polling_error', (error) => {
-      console.error('[Telegram] Polling error:', error);
+    bot.catch((err) => {
+      console.error('[Telegram] Telegraf error:', err);
     });
 
-    console.log('🤖 Telegram Bot is running and listening for messages...');
+    bot.launch();
+    
+    if (isPaired) {
+      console.log('🤖 Telegram Bot is running and securely listening for your messages...');
+    }
+    
+    // Enable graceful stop
+    process.once('SIGINT', () => bot.stop('SIGINT'));
+    process.once('SIGTERM', () => bot.stop('SIGTERM'));
+
   } catch (error) {
     console.error('[Telegram] Failed to initialize bot:', error);
   }

package/packages/core/src/memory/logger.ts

@@ -1,6 +1,7 @@
 import fs from 'fs';
 import path from 'path';
-import Database from 'better-sqlite3';
+import crypto from 'crypto';
+import { DatabaseSync } from 'node:sqlite';
 import { loadConfig } from '../config/parser';
 import { getPath } from '../config/paths';
 
@@ -10,10 +11,17 @@ export interface MemoryEntry {
   name?: string;
   tool_call_id?: string;
   tool_calls?: any[];
+  session_id?: string;
+}
+
+export interface ChatSession {
+  id: string;
+  title: string;
+  timestamp: string;
 }
 
 export class Logger {
-  private db: Database.Database;
+  private db: DatabaseSync;
 
   constructor() {
     const config = loadConfig() || {};
@@ -29,14 +37,23 @@ export class Logger {
         fs.mkdirSync(dir, { recursive: true });
     }
 
-    this.db = new Database(fullPath);
+    this.db = new DatabaseSync(fullPath);
     this.initDb();
   }
 
   private initDb() {
+    this.db.exec(`
+      CREATE TABLE IF NOT EXISTS sessions (
+        id TEXT PRIMARY KEY,
+        title TEXT NOT NULL,
+        timestamp DATETIME DEFAULT CURRENT_TIMESTAMP
+      )
+    `);
+
     this.db.exec(`
       CREATE TABLE IF NOT EXISTS messages (
         id INTEGER PRIMARY KEY AUTOINCREMENT,
+        session_id TEXT,
         role TEXT NOT NULL,
         content TEXT NOT NULL,
         name TEXT,
@@ -46,6 +63,13 @@ export class Logger {
       )
     `);
 
+    // Ensure session_id exists for older DBs
+    try {
+      this.db.prepare('ALTER TABLE messages ADD COLUMN session_id TEXT').run();
+    } catch (e) {
+      // Column probably already exists
+    }
+
     // Migration logic from old memory.json to SQLite
     const config = loadConfig() || {};
     const oldJsonPath = getPath((config && (config as any).memory && (config as any).memory.path) ? (config as any).memory.path : 'memory.json');
@@ -62,17 +86,24 @@ export class Logger {
             VALUES (@role, @content, @name, @tool_call_id, @tool_calls)
           `);
           
-          const insertMany = this.db.transaction((entries: any[]) => {
-            for (const entry of entries) {
-              insert.run({
-                role: entry.role,
-                content: entry.content || '',
-                name: entry.name || null,
-                tool_call_id: entry.tool_call_id || null,
-                tool_calls: entry.tool_calls ? JSON.stringify(entry.tool_calls) : null
-              });
+          const insertMany = (entries: any[]) => {
+            this.db.exec('BEGIN TRANSACTION');
+            try {
+              for (const entry of entries) {
+                insert.run({
+                  role: entry.role,
+                  content: entry.content || '',
+                  name: entry.name || null,
+                  tool_call_id: entry.tool_call_id || null,
+                  tool_calls: entry.tool_calls ? JSON.stringify(entry.tool_calls) : null
+                });
+              }
+              this.db.exec('COMMIT');
+            } catch (e) {
+              this.db.exec('ROLLBACK');
+              throw e;
             }
-          });
+          };
           
           insertMany(oldMemory);
           console.log('[Nyxora Memory] Successfully migrated memory.json to SQLite database (Atomic Storage).');
@@ -86,8 +117,34 @@ export class Logger {
     }
   }
 
-  public getHistory(): MemoryEntry[] {
-    const rows = this.db.prepare('SELECT role, content, name, tool_call_id, tool_calls FROM messages ORDER BY id ASC').all();
+  public getSessions(): ChatSession[] {
+    const rows = this.db.prepare('SELECT id, title, timestamp FROM sessions ORDER BY timestamp DESC').all();
+    return rows as unknown as ChatSession[];
+  }
+
+  public createSession(title: string): string {
+    const id = crypto.randomUUID();
+    this.db.prepare('INSERT INTO sessions (id, title) VALUES (?, ?)').run(id, title);
+    return id;
+  }
+
+  public deleteSession(sessionId: string) {
+    this.db.prepare('DELETE FROM messages WHERE session_id = ?').run(sessionId);
+    this.db.prepare('DELETE FROM sessions WHERE id = ?').run(sessionId);
+  }
+
+  public renameSession(sessionId: string, newTitle: string) {
+    this.db.prepare('UPDATE sessions SET title = ? WHERE id = ?').run(newTitle, sessionId);
+  }
+
+  public getHistory(sessionId?: string): MemoryEntry[] {
+    let rows;
+    if (sessionId) {
+      rows = this.db.prepare('SELECT role, content, name, tool_call_id, tool_calls, session_id FROM messages WHERE session_id = ? ORDER BY id ASC').all(sessionId);
+    } else {
+      rows = this.db.prepare('SELECT role, content, name, tool_call_id, tool_calls, session_id FROM messages WHERE session_id IS NULL ORDER BY id ASC').all();
+    }
+    
     return rows.map((row: any) => {
       const entry: MemoryEntry = {
         role: row.role,
@@ -96,17 +153,19 @@ export class Logger {
       if (row.name) entry.name = row.name;
       if (row.tool_call_id) entry.tool_call_id = row.tool_call_id;
       if (row.tool_calls) entry.tool_calls = JSON.parse(row.tool_calls);
+      if (row.session_id) entry.session_id = row.session_id;
       return entry;
     });
   }
 
-  public addEntry(entry: MemoryEntry) {
+  public addEntry(entry: MemoryEntry, sessionId?: string) {
     const insert = this.db.prepare(`
-      INSERT INTO messages (role, content, name, tool_call_id, tool_calls)
-      VALUES (@role, @content, @name, @tool_call_id, @tool_calls)
+      INSERT INTO messages (session_id, role, content, name, tool_call_id, tool_calls)
+      VALUES (@session_id, @role, @content, @name, @tool_call_id, @tool_calls)
     `);
     
     insert.run({
+      session_id: sessionId || null,
       role: entry.role,
       content: entry.content || '',
       name: entry.name || null,
@@ -115,7 +174,11 @@ export class Logger {
     });
   }
 
-  public clear() {
-    this.db.prepare('DELETE FROM messages').run();
+  public clear(sessionId?: string) {
+    if (sessionId) {
+      this.db.prepare('DELETE FROM messages WHERE session_id = ?').run(sessionId);
+    } else {
+      this.db.prepare('DELETE FROM messages WHERE session_id IS NULL').run();
+    }
   }
 }

package/packages/core/src/system/pluginManager.ts

@@ -1,6 +1,6 @@
 import fs from 'fs';
 import path from 'path';
-import vm from 'vm';
+import ivm from 'isolated-vm';
 
 // Define how an external skill should look like
 export interface ExternalSkill {
@@ -26,44 +26,58 @@ export class PluginManager {
         try {
           const absolutePath = path.resolve(pluginsDir, file);
           const code = fs.readFileSync(absolutePath, 'utf8');
-          
-          // Construct a restricted require function for the sandbox
-          const restrictedRequire = (moduleName: string) => {
-            const blockedModules = ['fs', 'child_process', 'os', 'net', 'tls', 'cluster', 'worker_threads'];
-            if (blockedModules.includes(moduleName)) {
-              throw new Error(`Sandboxing error: Access to the '${moduleName}' module is blocked for security reasons.`);
-            }
-            // Allow fetch and other safe modules by delegating to actual require
-            return require(moduleName);
-          };
-
-          // Create the sandbox environment
-          const sandbox = {
-            require: restrictedRequire,
-            console: console,
-            module: { exports: {} as any },
-            exports: {},
-            process: { env: {} }, // Hide actual environment variables
-            Buffer: Buffer,
-            setTimeout: setTimeout,
-            clearTimeout: clearTimeout,
-            setInterval: setInterval,
-            clearInterval: clearInterval,
-          };
 
-          const context = vm.createContext(sandbox);
-          const script = new vm.Script(code, { filename: file });
+          const isolate = new ivm.Isolate({ memoryLimit: 128 });
+          const context = isolate.createContextSync();
+          const jail = context.global;
+          jail.setSync('global', jail.derefInto());
           
-          // Execute the plugin code inside the VM
-          script.runInContext(context);
+          // Inject a safe fetch
+          const safeFetch = new ivm.Reference(async (url: string, options: any) => {
+             if (url.includes('127.0.0.1') || url.includes('localhost') || url.includes('::1')) {
+                 throw new Error("SSRF Protection: Access to localhost is blocked.");
+             }
+             const res = await fetch(url, options);
+             const text = await res.text();
+             return text; // Only return text to avoid passing complex Response objects
+          });
+          jail.setSync('fetchText', safeFetch);
           
-          const moduleExports = sandbox.module.exports;
+          // Inject console
+          const logCallback = new ivm.Reference((...args: any[]) => console.log('[Plugin]', ...args));
+          jail.setSync('log', logCallback);
+
+          const scriptCode = `
+             const console = { log: (...args) => log(...args) };
+             const fetch = async (url, options) => {
+                const text = await fetchText.apply(undefined, [url, options], { arguments: { copy: true }, result: { promise: true } });
+                return { text: async () => text, json: async () => JSON.parse(text) };
+             };
+             const module = { exports: {} };
+             const exports = module.exports;
+             ${code}
+             module.exports;
+          `;
+
+          const script = isolate.compileScriptSync(scriptCode, { filename: file });
+          const moduleExportsRef = script.runSync(context);
 
-          if (moduleExports.toolDefinition && moduleExports.execute) {
-            const toolName = moduleExports.toolDefinition.function.name;
-            this.skills.set(toolName, moduleExports as ExternalSkill);
-            console.log(`[PluginManager] Loaded sandboxed external skill: ${toolName}`);
+          const toolDefinition = moduleExportsRef.getSync('toolDefinition');
+          const executeRef = moduleExportsRef.getSync('execute');
+
+          if (toolDefinition && executeRef && typeof executeRef === 'object') {
+             const toolName = toolDefinition.function.name;
+             
+             const safeExecute = async (args: any) => {
+                const result = await executeRef.apply(undefined, [args], { arguments: { copy: true }, result: { promise: true, copy: true } });
+                return result;
+             };
+
+             this.skills.set(toolName, { toolDefinition, execute: safeExecute });
+             console.log(`[PluginManager] Loaded sandboxed external skill: ${toolName}`);
           }
+          
+          moduleExportsRef.release();
         } catch (error: any) {
           console.error(`[PluginManager] Failed to load sandboxed plugin ${file}:`, error.message);
         }

package/packages/core/src/utils/state.ts

@@ -1,10 +1,23 @@
-let sessionToken: string | null = null;
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
 
+let sessionToken: string | null = null;
 import crypto from 'crypto';
 
 export function getSessionToken(): string {
   if (!sessionToken) {
-    sessionToken = crypto.randomBytes(32).toString('hex');
+    const tokenFile = path.join(os.homedir(), '.nyxora', 'auth.token');
+    try {
+      if (fs.existsSync(tokenFile)) {
+        sessionToken = fs.readFileSync(tokenFile, 'utf8').trim();
+      } else {
+        sessionToken = crypto.randomBytes(32).toString('hex');
+        fs.writeFileSync(tokenFile, sessionToken, { mode: 0o600 });
+      }
+    } catch(e) {
+      if (!sessionToken) sessionToken = crypto.randomBytes(32).toString('hex');
+    }
   }
   return sessionToken;
 }

package/packages/core/src/web3/config.ts

@@ -1,4 +1,4 @@
-import { createPublicClient, http, PublicClient } from 'viem';
+import { createPublicClient, http, fallback, PublicClient, Transport } from 'viem';
 import { mainnet, base, bsc, arbitrum, optimism, sepolia } from 'viem/chains';
 import { loadConfig } from '../config/parser';
 
@@ -18,12 +18,27 @@ export function getPublicClient(chainName: ChainName): PublicClient {
   if (!chain) throw new Error(`Unsupported chain: ${chainName}`);
 
   const config = loadConfig();
-  const rpcUrl = config.web3?.rpc_urls?.[chainName];
+  const customRpcRaw = config.web3?.rpc_urls?.[chainName];
+  
+  const transports: Transport[] = [];
+  
+  if (customRpcRaw) {
+    if (Array.isArray(customRpcRaw)) {
+      customRpcRaw.forEach(url => {
+        if (url.trim()) transports.push(http(url.trim()));
+      });
+    } else if (typeof customRpcRaw === 'string' && customRpcRaw.trim()) {
+      transports.push(http(customRpcRaw.trim()));
+    }
+  }
+  
+  // Always append the default public RPC as the last resort
+  transports.push(http());
 
   // @ts-ignore
   return createPublicClient({
     chain,
-    transport: http(rpcUrl),
+    transport: fallback(transports, { rank: false }),
   });
 }