nyxora 1.6.3 → 1.6.5

package/CHANGELOG.md

@@ -5,6 +5,29 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.6.4]
+
+### Added
+- **Node.js Native Database Engine**: Migrated the core `logger.ts` memory subsystem to use the built-in `node:sqlite` engine (Node 22+), maintaining ultra-fast 100% synchronous operations while dramatically reducing dependency bloat.
+- **Next-Gen OS Keyring (N-API)**: Migrated `keytar` to `@napi-rs/keyring`. This replaces legacy C++ bindings with modern Rust/NAPI-RS, retaining identical OS-level security (Mac Keychain, Windows Credential Manager) while eliminating the `prebuild-install` deprecation warning and streamlining global installation.
+
+### Removed
+- `better-sqlite3` and `keytar` dependencies entirely removed from the monorepo architecture.
+
+## [1.6.3]
+
+### Added
+- Implemented **Zero-Click Multi-Session** for instantaneous chat creation and switching.
+- Introduced **Smart Auto-Naming** for automatic contextual session titles.
+
+### Changed
+- **Redesigned Sidebar Architecture**: enhanced utility-centric design, significantly reducing gaps for a compact, elegant look.
+- Integrated **OS-Native Keyring**, replacing legacy AES-256-GCM and Master Password mechanics.
+- Updated and cleaned up legacy cryptography references in VitePress guides and README.
+
+### Fixed
+- Resolved deeply-nested monorepo CI/CD deployment failures by isolating `package-lock.json` and mitigating peer-dependency conflicts.
+
 ## [1.4.5]
 
 ### Fixed

package/README.md

@@ -1,13 +1,16 @@
 # Nyxora Agent 🤖
 **Production-Grade Secure AI Execution Framework for Web3 Agents.**
 
-[![Version](https://img.shields.io/badge/version-1.6.3-blue.svg)](https://github.com/perasyudha/Nyxora)
+[![Version](https://img.shields.io/badge/version-1.6.5-blue.svg)](https://github.com/perasyudha/Nyxora)
+[![MCP Supported](https://img.shields.io/badge/MCP-Supported-blue.svg)](#)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![Security: Production-Grade](https://img.shields.io/badge/Security-Production--Grade-blue.svg)](#️-advanced-security-threat-model)
 [![Execution: Cryptographic Approval](https://img.shields.io/badge/Execution-Cryptographic--Approval-orange.svg)](#️-advanced-security-threat-model)
 [![Privacy: Local-Only Keys](https://img.shields.io/badge/Privacy-Local--Only--Keys-success.svg)](#️-advanced-security-threat-model)
 
-Nyxora (v1.6.3) is a **secure, non-custodial runtime infrastructure for autonomous onchain agents** built with a robust Monorepo architecture (Node.js & React). Designed for autonomous workflows with a premium Glassmorphism UI dashboard and strict client-side key isolation. 
+Nyxora (v1.6.5) is a **secure, non-custodial runtime infrastructure for autonomous onchain agents** built with a robust Monorepo architecture (Node.js & React). Designed for autonomous workflows with a premium Glassmorphism UI dashboard and strict client-side key isolation. 
+
+**Nyxora now natively supports the Model Context Protocol (MCP)**. You can transform your external AI agents (like Claude Desktop and Cursor) into secure Web3 actors that execute swaps and fetch balances using Nyxora's secure signer vault. [View the MCP Integration Guide](https://perasyudha.github.io/Nyxora/guide/mcp-integration)
 
 It operates under an institutional-grade **Cryptographically Bound Human-in-the-Loop** execution model, ensuring that Remote AIs (LLMs) never have unilateral access to your funds.
 
@@ -15,7 +18,7 @@ It operates under an institutional-grade **Cryptographically Bound Human-in-the-
 
 ## 🔥 Key Features
 
-### Advanced Security Architecture (v1.6.3)
+### Advanced Security Architecture
 *   **3-Tier IPC Architecture**: Nyxora is split into isolated processes: **Core** (LLM Runtime), **Policy Engine** (Guardrails on port 3001), and **Signer Vault** (Isolated Key Manager on Unix Sockets).
 *   **Cryptographically Bound Approval**: Policy changes and transactions requested by the AI are drafted as hashes (`sha256`). Approval via the UI requires a challenge nonce, preventing Man-in-the-Middle (MITM) attacks.
 *   **Immutable Policy Guardrails**: Transaction limits (e.g. `max_usd_per_tx`) are strictly enforced by the Policy Engine. The LLM has zero write-access to bypass these rules.
@@ -111,5 +114,12 @@ For complete technical deep-dives into our Cryptographic Architecture, please vi
 
 *(Includes guides on Secure Wallet Imports, Architecture Blueprints, Troubleshooting, and Custom Skill Development).*
 
+---
+
+**❤️ Support the Project**
+
+Building and maintaining a highly secure, zero-trust architecture takes significant time and resources. If you love what we are building, you can help us keep Nyxora open, secure, and constantly evolving by sending a coffee our way:
+- **EVM:** `0x18a30d5db50d287dba669c5672cd71246cc4c4c6`
+
 ---
 **License:** MIT License

package/launcher.ts

@@ -1,3 +1,6 @@
+import { initSafeLogger } from './packages/core/src/utils/safeLogger';
+initSafeLogger();
+
 import { spawn } from 'child_process';
 import crypto from 'crypto';
 import fs from 'fs';
@@ -6,6 +9,12 @@ import path from 'path';
 const INTERNAL_AUTH_TOKEN = crypto.randomBytes(64).toString('hex');
 console.log(`[Launcher] Generated Internal Auth Token: ${INTERNAL_AUTH_TOKEN.substring(0, 8)}...`);
 
+const nyxoraDir = path.join(process.env.HOME || process.env.USERPROFILE || '', '.nyxora');
+if (!fs.existsSync(nyxoraDir)) fs.mkdirSync(nyxoraDir, { recursive: true, mode: 0o700 });
+const tokenPath = path.join(nyxoraDir, 'runtime.token');
+fs.writeFileSync(tokenPath, INTERNAL_AUTH_TOKEN, { mode: 0o600 });
+console.log(`[Launcher] Secured runtime token at ${tokenPath} (0600)`);
+
 const env = {
   ...process.env,
   INTERNAL_AUTH_TOKEN,

package/package.json

@@ -1,12 +1,12 @@
 {
   "name": "nyxora",
-  "version": "1.6.3",
+  "version": "1.6.5",
   "license": "MIT",
   "workspaces": [
     "packages/*"
   ],
   "bin": {
-    "nyxora": "./bin/nyxora.mjs"
+    "nyxora": "bin/nyxora.mjs"
   },
   "scripts": {
     "start": "node ./bin/nyxora.mjs start",
@@ -19,7 +19,6 @@
   },
   "dependencies": {
     "@clack/prompts": "^1.4.0",
-    "better-sqlite3": "^12.10.0",
     "concurrently": "^9.2.1",
     "cors": "^2.8.6",
     "dotenv": "^17.4.2",
@@ -27,7 +26,7 @@
     "express-rate-limit": "^7.5.0",
     "helmet": "^8.0.0",
     "jsonwebtoken": "^9.0.2",
-    "keytar": "^7.9.0",
+    "@napi-rs/keyring": "^1.3.0",
     "open": "^11.0.0",
     "openai": "^6.39.0",
     "picocolors": "^1.1.1",

package/packages/core/package.json

@@ -1,11 +1,10 @@
 {
-  "name": "@nyxora/core",
-  "version": "1.6.3",
+  "name": "nyxora-agent-core",
+  "version": "1.6.5",
   "private": true,
   "main": "src/gateway/server.ts",
   "dependencies": {
     "@clack/prompts": "^1.4.0",
-    "better-sqlite3": "^12.10.0",
     "cors": "^2.8.6",
     "express": "^5.2.1",
     "express-rate-limit": "^7.5.0",

package/packages/core/src/gateway/cli.ts

@@ -1,5 +1,8 @@
 #!/usr/bin/env node
 
+import { initSafeLogger } from '../utils/safeLogger';
+initSafeLogger();
+
 import fs from 'fs';
 import path from 'path';
 import os from 'os';

package/packages/core/src/gateway/setup.ts

@@ -284,8 +284,9 @@ Provider: ${config.llm.provider}`;
   // Save Private Key to OS Keyring or fallback to .env
   if (privateKey) {
     try {
-      const keytar = require('keytar');
-      await keytar.setPassword('nyxora', 'wallet', privateKey as string);
+      const { Entry } = require('@napi-rs/keyring');
+      const entry = new Entry('nyxora', 'wallet');
+      await entry.setPassword(privateKey as string);
       console.log(pc.green('Private key saved securely to OS Keyring.'));
     } catch (error) {
       console.warn(pc.yellow('Failed to save to OS Keyring (Module mismatch or headless server). Falling back to local vault.key'));

package/packages/core/src/memory/logger.ts

@@ -1,7 +1,7 @@
 import fs from 'fs';
 import path from 'path';
 import crypto from 'crypto';
-import Database from 'better-sqlite3';
+import { DatabaseSync } from 'node:sqlite';
 import { loadConfig } from '../config/parser';
 import { getPath } from '../config/paths';
 
@@ -21,7 +21,7 @@ export interface ChatSession {
 }
 
 export class Logger {
-  private db: Database.Database;
+  private db: DatabaseSync;
 
   constructor() {
     const config = loadConfig() || {};
@@ -37,7 +37,7 @@ export class Logger {
         fs.mkdirSync(dir, { recursive: true });
     }
 
-    this.db = new Database(fullPath);
+    this.db = new DatabaseSync(fullPath);
     this.initDb();
   }
 
@@ -86,17 +86,24 @@ export class Logger {
             VALUES (@role, @content, @name, @tool_call_id, @tool_calls)
           `);
           
-          const insertMany = this.db.transaction((entries: any[]) => {
-            for (const entry of entries) {
-              insert.run({
-                role: entry.role,
-                content: entry.content || '',
-                name: entry.name || null,
-                tool_call_id: entry.tool_call_id || null,
-                tool_calls: entry.tool_calls ? JSON.stringify(entry.tool_calls) : null
-              });
+          const insertMany = (entries: any[]) => {
+            this.db.exec('BEGIN TRANSACTION');
+            try {
+              for (const entry of entries) {
+                insert.run({
+                  role: entry.role,
+                  content: entry.content || '',
+                  name: entry.name || null,
+                  tool_call_id: entry.tool_call_id || null,
+                  tool_calls: entry.tool_calls ? JSON.stringify(entry.tool_calls) : null
+                });
+              }
+              this.db.exec('COMMIT');
+            } catch (e) {
+              this.db.exec('ROLLBACK');
+              throw e;
             }
-          });
+          };
           
           insertMany(oldMemory);
           console.log('[Nyxora Memory] Successfully migrated memory.json to SQLite database (Atomic Storage).');
@@ -112,7 +119,7 @@ export class Logger {
 
   public getSessions(): ChatSession[] {
     const rows = this.db.prepare('SELECT id, title, timestamp FROM sessions ORDER BY timestamp DESC').all();
-    return rows as ChatSession[];
+    return rows as unknown as ChatSession[];
   }
 
   public createSession(title: string): string {

package/packages/core/src/utils/safeLogger.js

@@ -0,0 +1,59 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.initSafeLogger = initSafeLogger;
+exports.safeLog = safeLog;
+exports.safeError = safeError;
+exports.safeWarn = safeWarn;
+const PRIVATE_KEY_REGEX = /0x[a-fA-F0-9]{64}/g;
+const JWT_REGEX = /eyJ[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+/g;
+function sanitize(args) {
+    return args.map(arg => {
+        if (typeof arg === 'string') {
+            return arg
+                .replace(PRIVATE_KEY_REGEX, '[REDACTED_PRIVATE_KEY]')
+                .replace(JWT_REGEX, '[REDACTED_JWT]');
+        }
+        if (arg instanceof Error) {
+            const sanitizedError = new Error(arg.message
+                .replace(PRIVATE_KEY_REGEX, '[REDACTED_PRIVATE_KEY]')
+                .replace(JWT_REGEX, '[REDACTED_JWT]'));
+            sanitizedError.stack = arg.stack?.replace(PRIVATE_KEY_REGEX, '[REDACTED_PRIVATE_KEY]').replace(JWT_REGEX, '[REDACTED_JWT]');
+            return sanitizedError;
+        }
+        if (typeof arg === 'object' && arg !== null) {
+            try {
+                const str = JSON.stringify(arg);
+                const sanitizedStr = str
+                    .replace(PRIVATE_KEY_REGEX, '[REDACTED_PRIVATE_KEY]')
+                    .replace(JWT_REGEX, '[REDACTED_JWT]');
+                return JSON.parse(sanitizedStr);
+            }
+            catch (e) {
+                return arg;
+            }
+        }
+        return arg;
+    });
+}
+const originalLog = console.log.bind(console);
+const originalError = console.error.bind(console);
+const originalWarn = console.warn.bind(console);
+function initSafeLogger() {
+    // @ts-ignore
+    if (console.__isSafe)
+        return;
+    console.log = (...args) => originalLog(...sanitize(args));
+    console.error = (...args) => originalError(...sanitize(args));
+    console.warn = (...args) => originalWarn(...sanitize(args));
+    // @ts-ignore
+    console.__isSafe = true;
+}
+function safeLog(...args) {
+    originalLog(...sanitize(args));
+}
+function safeError(...args) {
+    originalError(...sanitize(args));
+}
+function safeWarn(...args) {
+    originalWarn(...sanitize(args));
+}

package/packages/core/src/utils/safeLogger.ts

@@ -0,0 +1,60 @@
+const PRIVATE_KEY_REGEX = /0x[a-fA-F0-9]{64}/g;
+const JWT_REGEX = /eyJ[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+/g;
+
+function sanitize(args: any[]): any[] {
+  return args.map(arg => {
+    if (typeof arg === 'string') {
+      return arg
+        .replace(PRIVATE_KEY_REGEX, '[REDACTED_PRIVATE_KEY]')
+        .replace(JWT_REGEX, '[REDACTED_JWT]');
+    }
+    if (arg instanceof Error) {
+      const sanitizedError = new Error(arg.message
+        .replace(PRIVATE_KEY_REGEX, '[REDACTED_PRIVATE_KEY]')
+        .replace(JWT_REGEX, '[REDACTED_JWT]')
+      );
+      sanitizedError.stack = arg.stack?.replace(PRIVATE_KEY_REGEX, '[REDACTED_PRIVATE_KEY]').replace(JWT_REGEX, '[REDACTED_JWT]');
+      return sanitizedError;
+    }
+    if (typeof arg === 'object' && arg !== null) {
+      try {
+        const str = JSON.stringify(arg);
+        const sanitizedStr = str
+          .replace(PRIVATE_KEY_REGEX, '[REDACTED_PRIVATE_KEY]')
+          .replace(JWT_REGEX, '[REDACTED_JWT]');
+        return JSON.parse(sanitizedStr);
+      } catch (e) {
+        return arg;
+      }
+    }
+    return arg;
+  });
+}
+
+const originalLog = console.log.bind(console);
+const originalError = console.error.bind(console);
+const originalWarn = console.warn.bind(console);
+
+export function initSafeLogger() {
+  // @ts-ignore
+  if (console.__isSafe) return;
+  
+  console.log = (...args: any[]) => originalLog(...sanitize(args));
+  console.error = (...args: any[]) => originalError(...sanitize(args));
+  console.warn = (...args: any[]) => originalWarn(...sanitize(args));
+  
+  // @ts-ignore
+  console.__isSafe = true;
+}
+
+export function safeLog(...args: any[]) {
+  originalLog(...sanitize(args));
+}
+
+export function safeError(...args: any[]) {
+  originalError(...sanitize(args));
+}
+
+export function safeWarn(...args: any[]) {
+  originalWarn(...sanitize(args));
+}