nyxora 1.6.4 → 1.6.6

package/README.md

@@ -1,13 +1,16 @@
 # Nyxora Agent 🤖
 **Production-Grade Secure AI Execution Framework for Web3 Agents.**
 
-[![Version](https://img.shields.io/badge/version-1.6.3-blue.svg)](https://github.com/perasyudha/Nyxora)
+[![Version](https://img.shields.io/badge/version-1.6.5-blue.svg)](https://github.com/perasyudha/Nyxora)
+[![MCP Supported](https://img.shields.io/badge/MCP-Supported-blue.svg)](#)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![Security: Production-Grade](https://img.shields.io/badge/Security-Production--Grade-blue.svg)](#️-advanced-security-threat-model)
 [![Execution: Cryptographic Approval](https://img.shields.io/badge/Execution-Cryptographic--Approval-orange.svg)](#️-advanced-security-threat-model)
 [![Privacy: Local-Only Keys](https://img.shields.io/badge/Privacy-Local--Only--Keys-success.svg)](#️-advanced-security-threat-model)
 
-Nyxora (v1.6.3) is a **secure, non-custodial runtime infrastructure for autonomous onchain agents** built with a robust Monorepo architecture (Node.js & React). Designed for autonomous workflows with a premium Glassmorphism UI dashboard and strict client-side key isolation. 
+Nyxora (v1.6.5) is a **secure, non-custodial runtime infrastructure for autonomous onchain agents** built with a robust Monorepo architecture (Node.js & React). Designed for autonomous workflows with a premium Glassmorphism UI dashboard and strict client-side key isolation. 
+
+**Nyxora now natively supports the Model Context Protocol (MCP)**. You can transform your external AI agents (like Claude Desktop and Cursor) into secure Web3 actors that execute swaps and fetch balances using Nyxora's secure signer vault. [View the MCP Integration Guide](https://perasyudha.github.io/Nyxora/guide/mcp-integration)
 
 It operates under an institutional-grade **Cryptographically Bound Human-in-the-Loop** execution model, ensuring that Remote AIs (LLMs) never have unilateral access to your funds.
 
@@ -15,7 +18,7 @@ It operates under an institutional-grade **Cryptographically Bound Human-in-the-
 
 ## 🔥 Key Features
 
-### Advanced Security Architecture (v1.6.3)
+### Advanced Security Architecture
 *   **3-Tier IPC Architecture**: Nyxora is split into isolated processes: **Core** (LLM Runtime), **Policy Engine** (Guardrails on port 3001), and **Signer Vault** (Isolated Key Manager on Unix Sockets).
 *   **Cryptographically Bound Approval**: Policy changes and transactions requested by the AI are drafted as hashes (`sha256`). Approval via the UI requires a challenge nonce, preventing Man-in-the-Middle (MITM) attacks.
 *   **Immutable Policy Guardrails**: Transaction limits (e.g. `max_usd_per_tx`) are strictly enforced by the Policy Engine. The LLM has zero write-access to bypass these rules.
@@ -111,5 +114,12 @@ For complete technical deep-dives into our Cryptographic Architecture, please vi
 
 *(Includes guides on Secure Wallet Imports, Architecture Blueprints, Troubleshooting, and Custom Skill Development).*
 
+---
+
+**❤️ Support the Project**
+
+Building and maintaining a highly secure, zero-trust architecture takes significant time and resources. If you love what we are building, you can help us keep Nyxora open, secure, and constantly evolving by sending a coffee our way:
+- **EVM:** `0x18a30d5db50d287dba669c5672cd71246cc4c4c6`
+
 ---
 **License:** MIT License

package/launcher.ts

@@ -1,3 +1,6 @@
+import { initSafeLogger } from './packages/core/src/utils/safeLogger';
+initSafeLogger();
+
 import { spawn } from 'child_process';
 import crypto from 'crypto';
 import fs from 'fs';
@@ -6,6 +9,12 @@ import path from 'path';
 const INTERNAL_AUTH_TOKEN = crypto.randomBytes(64).toString('hex');
 console.log(`[Launcher] Generated Internal Auth Token: ${INTERNAL_AUTH_TOKEN.substring(0, 8)}...`);
 
+const nyxoraDir = path.join(process.env.HOME || process.env.USERPROFILE || '', '.nyxora');
+if (!fs.existsSync(nyxoraDir)) fs.mkdirSync(nyxoraDir, { recursive: true, mode: 0o700 });
+const tokenPath = path.join(nyxoraDir, 'runtime.token');
+fs.writeFileSync(tokenPath, INTERNAL_AUTH_TOKEN, { mode: 0o600 });
+console.log(`[Launcher] Secured runtime token at ${tokenPath} (0600)`);
+
 const env = {
   ...process.env,
   INTERNAL_AUTH_TOKEN,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nyxora",
-  "version": "1.6.4",
+  "version": "1.6.6",
   "license": "MIT",
   "workspaces": [
     "packages/*"
@@ -19,17 +19,20 @@
   },
   "dependencies": {
     "@clack/prompts": "^1.4.0",
+    "@modelcontextprotocol/sdk": "^1.5.0",
     "concurrently": "^9.2.1",
     "cors": "^2.8.6",
     "dotenv": "^17.4.2",
     "express": "^5.2.1",
     "express-rate-limit": "^7.5.0",
     "helmet": "^8.0.0",
+    "isolated-vm": "^6.1.2",
     "jsonwebtoken": "^9.0.2",
     "@napi-rs/keyring": "^1.3.0",
     "open": "^11.0.0",
     "openai": "^6.39.0",
     "picocolors": "^1.1.1",
+    "telegraf": "^4.16.3",
     "ts-node": "^10.9.2",
     "typescript": "^6.0.3",
     "viem": "^2.51.0",

package/packages/core/package.json

@@ -1,6 +1,6 @@
 {
-  "name": "@nyxora/core",
-  "version": "1.6.4",
+  "name": "nyxora-agent-core",
+  "version": "1.6.6",
   "private": true,
   "main": "src/gateway/server.ts",
   "dependencies": {

package/packages/core/src/gateway/cli.ts

@@ -1,5 +1,8 @@
 #!/usr/bin/env node
 
+import { initSafeLogger } from '../utils/safeLogger';
+initSafeLogger();
+
 import fs from 'fs';
 import path from 'path';
 import os from 'os';

package/packages/core/src/utils/safeLogger.js

@@ -0,0 +1,59 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.initSafeLogger = initSafeLogger;
+exports.safeLog = safeLog;
+exports.safeError = safeError;
+exports.safeWarn = safeWarn;
+const PRIVATE_KEY_REGEX = /0x[a-fA-F0-9]{64}/g;
+const JWT_REGEX = /eyJ[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+/g;
+function sanitize(args) {
+    return args.map(arg => {
+        if (typeof arg === 'string') {
+            return arg
+                .replace(PRIVATE_KEY_REGEX, '[REDACTED_PRIVATE_KEY]')
+                .replace(JWT_REGEX, '[REDACTED_JWT]');
+        }
+        if (arg instanceof Error) {
+            const sanitizedError = new Error(arg.message
+                .replace(PRIVATE_KEY_REGEX, '[REDACTED_PRIVATE_KEY]')
+                .replace(JWT_REGEX, '[REDACTED_JWT]'));
+            sanitizedError.stack = arg.stack?.replace(PRIVATE_KEY_REGEX, '[REDACTED_PRIVATE_KEY]').replace(JWT_REGEX, '[REDACTED_JWT]');
+            return sanitizedError;
+        }
+        if (typeof arg === 'object' && arg !== null) {
+            try {
+                const str = JSON.stringify(arg);
+                const sanitizedStr = str
+                    .replace(PRIVATE_KEY_REGEX, '[REDACTED_PRIVATE_KEY]')
+                    .replace(JWT_REGEX, '[REDACTED_JWT]');
+                return JSON.parse(sanitizedStr);
+            }
+            catch (e) {
+                return arg;
+            }
+        }
+        return arg;
+    });
+}
+const originalLog = console.log.bind(console);
+const originalError = console.error.bind(console);
+const originalWarn = console.warn.bind(console);
+function initSafeLogger() {
+    // @ts-ignore
+    if (console.__isSafe)
+        return;
+    console.log = (...args) => originalLog(...sanitize(args));
+    console.error = (...args) => originalError(...sanitize(args));
+    console.warn = (...args) => originalWarn(...sanitize(args));
+    // @ts-ignore
+    console.__isSafe = true;
+}
+function safeLog(...args) {
+    originalLog(...sanitize(args));
+}
+function safeError(...args) {
+    originalError(...sanitize(args));
+}
+function safeWarn(...args) {
+    originalWarn(...sanitize(args));
+}

package/packages/core/src/utils/safeLogger.ts

@@ -0,0 +1,60 @@
+const PRIVATE_KEY_REGEX = /0x[a-fA-F0-9]{64}/g;
+const JWT_REGEX = /eyJ[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+/g;
+
+function sanitize(args: any[]): any[] {
+  return args.map(arg => {
+    if (typeof arg === 'string') {
+      return arg
+        .replace(PRIVATE_KEY_REGEX, '[REDACTED_PRIVATE_KEY]')
+        .replace(JWT_REGEX, '[REDACTED_JWT]');
+    }
+    if (arg instanceof Error) {
+      const sanitizedError = new Error(arg.message
+        .replace(PRIVATE_KEY_REGEX, '[REDACTED_PRIVATE_KEY]')
+        .replace(JWT_REGEX, '[REDACTED_JWT]')
+      );
+      sanitizedError.stack = arg.stack?.replace(PRIVATE_KEY_REGEX, '[REDACTED_PRIVATE_KEY]').replace(JWT_REGEX, '[REDACTED_JWT]');
+      return sanitizedError;
+    }
+    if (typeof arg === 'object' && arg !== null) {
+      try {
+        const str = JSON.stringify(arg);
+        const sanitizedStr = str
+          .replace(PRIVATE_KEY_REGEX, '[REDACTED_PRIVATE_KEY]')
+          .replace(JWT_REGEX, '[REDACTED_JWT]');
+        return JSON.parse(sanitizedStr);
+      } catch (e) {
+        return arg;
+      }
+    }
+    return arg;
+  });
+}
+
+const originalLog = console.log.bind(console);
+const originalError = console.error.bind(console);
+const originalWarn = console.warn.bind(console);
+
+export function initSafeLogger() {
+  // @ts-ignore
+  if (console.__isSafe) return;
+  
+  console.log = (...args: any[]) => originalLog(...sanitize(args));
+  console.error = (...args: any[]) => originalError(...sanitize(args));
+  console.warn = (...args: any[]) => originalWarn(...sanitize(args));
+  
+  // @ts-ignore
+  console.__isSafe = true;
+}
+
+export function safeLog(...args: any[]) {
+  originalLog(...sanitize(args));
+}
+
+export function safeError(...args: any[]) {
+  originalError(...sanitize(args));
+}
+
+export function safeWarn(...args: any[]) {
+  originalWarn(...sanitize(args));
+}

package/packages/dashboard/package.json

@@ -1,7 +1,7 @@
 {
   "name": "dashboard",
   "private": true,
-  "version": "1.6.4",
+  "version": "1.6.6",
   "type": "module",
   "scripts": {
     "dev": "vite",

package/packages/mcp-server/dist/server.js

@@ -0,0 +1,111 @@
+"use strict";
+// MCP Server uses Stdio, so we avoid global hooks that might write to stdout.
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const mcp_js_1 = require("@modelcontextprotocol/sdk/server/mcp.js");
+const stdio_js_1 = require("@modelcontextprotocol/sdk/server/stdio.js");
+const zod_1 = require("zod");
+const http_1 = __importDefault(require("http"));
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+let JWT_SECRET = process.env.INTERNAL_AUTH_TOKEN;
+if (!JWT_SECRET) {
+    try {
+        const tokenPath = path_1.default.join(process.env.HOME || process.env.USERPROFILE || '', '.nyxora', 'runtime.token');
+        JWT_SECRET = fs_1.default.readFileSync(tokenPath, 'utf8').trim();
+    }
+    catch (e) {
+        console.error("Missing INTERNAL_AUTH_TOKEN in mcp-server process and could not read ~/.nyxora/runtime.token");
+        process.exit(1);
+    }
+}
+const server = new mcp_js_1.McpServer({
+    name: "Nyxora MCP Server",
+    version: "1.6.5"
+});
+// Helper to make internal requests to Policy Engine
+function callPolicyEngine(path, method, payload) {
+    return new Promise((resolve, reject) => {
+        const dataString = payload ? JSON.stringify(payload) : '';
+        const options = {
+            hostname: '127.0.0.1',
+            port: 3001,
+            path: path,
+            method: method,
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': `Bearer ${jsonwebtoken_1.default.sign({ service: 'mcp-server' }, JWT_SECRET, { expiresIn: '1m' })}`,
+                'Content-Length': Buffer.byteLength(dataString)
+            }
+        };
+        const req = http_1.default.request(options, (res) => {
+            let data = '';
+            res.on('data', chunk => data += chunk);
+            res.on('end', () => {
+                try {
+                    const parsed = JSON.parse(data);
+                    if (res.statusCode && res.statusCode >= 400) {
+                        reject(new Error(`Policy Engine Rejected (${res.statusCode}): ${parsed.error || parsed.message || data}`));
+                    }
+                    else {
+                        resolve(parsed);
+                    }
+                }
+                catch (e) {
+                    reject(new Error(`Failed to parse Policy Engine response: ${data}`));
+                }
+            });
+        });
+        req.on('error', (e) => reject(new Error(`Policy Engine Connection Error: ${e.message}`)));
+        if (dataString) {
+            req.write(dataString);
+        }
+        req.end();
+    });
+}
+// Tool: get_wallet_address
+server.tool("get_wallet_address", "Fetch the secure Ethereum wallet address managed by the Nyxora Signer Vault. Use this to know the agent's identity.", {}, async () => {
+    try {
+        const response = await callPolicyEngine('/address', 'GET');
+        return {
+            content: [{ type: "text", text: `Wallet Address: ${response.address}` }]
+        };
+    }
+    catch (e) {
+        return {
+            isError: true,
+            content: [{ type: "text", text: e.message }]
+        };
+    }
+});
+// Tool: request_transaction
+server.tool("request_transaction", "Request an EVM transaction (transfer, swap, bridge). This will be evaluated by the Policy Engine. If approved, it returns a pending Transaction ID.", {
+    type: zod_1.z.enum(['transfer', 'swap', 'bridge', 'mint', 'custom']).describe("The type of transaction"),
+    chainName: zod_1.z.string().describe("The target blockchain network (e.g. 'ethereum', 'base', 'arbitrum')"),
+    details: zod_1.z.any().describe("Detailed payload. For 'transfer': { to: string, amountWei: string }. For 'swap': { tokenIn: string, tokenOut: string, amountInWei: string }.")
+}, async (args) => {
+    try {
+        const response = await callPolicyEngine('/request-tx', 'POST', args);
+        return {
+            content: [{ type: "text", text: `Transaction requested successfully. Transaction ID: ${response.id}. Status: ${response.status}` }]
+        };
+    }
+    catch (e) {
+        return {
+            isError: true,
+            content: [{ type: "text", text: `Transaction Request Failed! ${e.message}` }]
+        };
+    }
+});
+async function main() {
+    const transport = new stdio_js_1.StdioServerTransport();
+    await server.connect(transport);
+    console.error("Nyxora MCP Server running on stdio"); // stdio logs use stderr so stdout is purely for MCP JSON-RPC
+}
+main().catch((error) => {
+    console.error("Fatal error in MCP Server:", error);
+    process.exit(1);
+});

package/packages/mcp-server/package.json

@@ -0,0 +1,19 @@
+{
+  "name": "nyxora-mcp-server",
+  "version": "1.6.6",
+  "description": "Nyxora MCP Server for external AI clients",
+  "main": "dist/server.js",
+  "scripts": {
+    "build": "tsc",
+    "start": "node dist/server.js",
+    "dev": "ts-node src/server.ts"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.5.0",
+    "zod": "^3.24.2"
+  },
+  "devDependencies": {
+    "typescript": "^5.0.0",
+    "@types/node": "^20.0.0"
+  }
+}

package/packages/mcp-server/src/server.ts

@@ -0,0 +1,124 @@
+// MCP Server uses Stdio, so we avoid global hooks that might write to stdout.
+
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { z } from "zod";
+import http from 'http';
+import jwt from 'jsonwebtoken';
+import fs from 'fs';
+import path from 'path';
+
+let JWT_SECRET = process.env.INTERNAL_AUTH_TOKEN;
+
+if (!JWT_SECRET) {
+  try {
+    const tokenPath = path.join(process.env.HOME || process.env.USERPROFILE || '', '.nyxora', 'runtime.token');
+    JWT_SECRET = fs.readFileSync(tokenPath, 'utf8').trim();
+  } catch (e) {
+    console.error("Missing INTERNAL_AUTH_TOKEN in mcp-server process and could not read ~/.nyxora/runtime.token");
+    process.exit(1);
+  }
+}
+
+const server = new McpServer({
+  name: "Nyxora MCP Server",
+  version: "1.6.5"
+});
+
+// Helper to make internal requests to Policy Engine
+function callPolicyEngine(path: string, method: string, payload?: any): Promise<any> {
+  return new Promise((resolve, reject) => {
+    const dataString = payload ? JSON.stringify(payload) : '';
+    
+    const options = {
+      hostname: '127.0.0.1',
+      port: 3001,
+      path: path,
+      method: method,
+      headers: {
+        'Content-Type': 'application/json',
+        'Authorization': `Bearer ${jwt.sign({ service: 'mcp-server' }, JWT_SECRET as string, { expiresIn: '1m' })}`,
+        'Content-Length': Buffer.byteLength(dataString)
+      }
+    };
+
+    const req = http.request(options, (res) => {
+      let data = '';
+      res.on('data', chunk => data += chunk);
+      res.on('end', () => {
+        try {
+          const parsed = JSON.parse(data);
+          if (res.statusCode && res.statusCode >= 400) {
+            reject(new Error(`Policy Engine Rejected (${res.statusCode}): ${parsed.error || parsed.message || data}`));
+          } else {
+            resolve(parsed);
+          }
+        } catch (e) {
+          reject(new Error(`Failed to parse Policy Engine response: ${data}`));
+        }
+      });
+    });
+
+    req.on('error', (e) => reject(new Error(`Policy Engine Connection Error: ${e.message}`)));
+    
+    if (dataString) {
+      req.write(dataString);
+    }
+    req.end();
+  });
+}
+
+// Tool: get_wallet_address
+server.tool(
+  "get_wallet_address",
+  "Fetch the secure Ethereum wallet address managed by the Nyxora Signer Vault. Use this to know the agent's identity.",
+  {},
+  async () => {
+    try {
+      const response = await callPolicyEngine('/address', 'GET');
+      return {
+        content: [{ type: "text", text: `Wallet Address: ${response.address}` }]
+      };
+    } catch (e: any) {
+      return {
+        isError: true,
+        content: [{ type: "text", text: e.message }]
+      };
+    }
+  }
+);
+
+// Tool: request_transaction
+server.tool(
+  "request_transaction",
+  "Request an EVM transaction (transfer, swap, bridge). This will be evaluated by the Policy Engine. If approved, it returns a pending Transaction ID.",
+  {
+    type: z.enum(['transfer', 'swap', 'bridge', 'mint', 'custom']).describe("The type of transaction"),
+    chainName: z.string().describe("The target blockchain network (e.g. 'ethereum', 'base', 'arbitrum')"),
+    details: z.any().describe("Detailed payload. For 'transfer': { to: string, amountWei: string }. For 'swap': { tokenIn: string, tokenOut: string, amountInWei: string }.")
+  },
+  async (args) => {
+    try {
+      const response = await callPolicyEngine('/request-tx', 'POST', args);
+      return {
+        content: [{ type: "text", text: `Transaction requested successfully. Transaction ID: ${response.id}. Status: ${response.status}` }]
+      };
+    } catch (e: any) {
+      return {
+        isError: true,
+        content: [{ type: "text", text: `Transaction Request Failed! ${e.message}` }]
+      };
+    }
+  }
+);
+
+async function main() {
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+  console.error("Nyxora MCP Server running on stdio"); // stdio logs use stderr so stdout is purely for MCP JSON-RPC
+}
+
+main().catch((error) => {
+  console.error("Fatal error in MCP Server:", error);
+  process.exit(1);
+});

package/packages/mcp-server/tsconfig.json

@@ -0,0 +1,15 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "Node16",
+    "moduleResolution": "Node16",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "outDir": "./dist",
+    "rootDir": "./src"
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist"]
+}

package/packages/mcp-server/tsconfig.tsbuildinfo

@@ -0,0 +1 @@
+{"root":["./src/server.ts"],"version":"6.0.3"}

package/packages/policy/package.json

@@ -1,6 +1,6 @@
 {
-  "name": "@nyxora/policy",
-  "version": "1.6.4",
+  "name": "nyxora-agent-policy",
+  "version": "1.6.6",
   "private": true,
   "main": "src/server.ts",
   "dependencies": {

package/packages/policy/src/server.ts

@@ -1,3 +1,6 @@
+import { initSafeLogger } from '../../core/src/utils/safeLogger';
+initSafeLogger();
+
 import express from 'express';
 import jwt from 'jsonwebtoken';
 import fs from 'fs';

package/packages/signer/package.json

@@ -1,6 +1,6 @@
 {
-  "name": "@nyxora/signer",
-  "version": "1.6.4",
+  "name": "nyxora-agent-signer",
+  "version": "1.6.6",
   "private": true,
   "main": "src/server.ts",
   "dependencies": {

package/packages/signer/src/server.ts

@@ -1,3 +1,6 @@
+import { initSafeLogger } from '../../core/src/utils/safeLogger';
+initSafeLogger();
+
 import express from 'express';
 import fs from 'fs';
 import jwt from 'jsonwebtoken';
@@ -43,6 +46,18 @@ async function loadPrivateKey() {
   // Fallback to vault.key
   const vaultPath = path.join(os.homedir(), '.nyxora', 'vault.key');
   if (fs.existsSync(vaultPath)) {
+    const stats = fs.statSync(vaultPath);
+    const mode = stats.mode & 0o777;
+    if (os.platform() !== 'win32' && mode !== 0o600) {
+      console.error(`\n======================================================`);
+      console.error(`FATAL: Insecure permissions detected on vault.key`);
+      console.error(`File permissions must be strictly 0600 (-rw-------)`);
+      console.error(`Current permissions: 0${mode.toString(8)}`);
+      console.error(`Refusing to start. Please run: chmod 600 ${vaultPath}`);
+      console.error(`======================================================\n`);
+      process.exit(1);
+    }
+
     const content = fs.readFileSync(vaultPath, 'utf8');
     const match = content.match(/PRIVATE_KEY=(.+)/);
     if (match && match[1]) {