nyxora 1.7.0 → 1.7.2

package/.dockerignore

@@ -0,0 +1,12 @@
+node_modules
+.git
+.github
+.env
+.env.*
+*.log
+.DS_Store
+dist
+build
+.nyxora
+vault.key
+api_vault.key

package/CHANGELOG.md

@@ -5,6 +5,27 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.7.2] - Unreleased
+
+### UI/UX Enhancements
+- **Google Workspace Logout**: Users can now easily disconnect their Google Workspace accounts directly from the Dashboard (OS Skills tab). This triggers a secure token purge from both the OS Keyring and local storage, ensuring privacy and seamless account switching.
+
+## [1.7.1]
+
+### CLI Enhancements
+- **Global Version Checker**: Implemented native version checking for the global CLI manager. Users can now run `nyxora -v`, `nyxora --version`, or `nyxora version` to instantly check their installed daemon version without starting the application.
+- **Smart Web Search Setup Wizard**: The `nyxora setup` command now includes an interactive prompt allowing users to choose their preferred Web Search Engine (Tavily, Brave, or Decentralized Mesh) and configure their API keys.
+- **Fast CLI Shortcuts**: Added the `nyxora set-key <provider> <key>` global command shortcut allowing developers to quickly inject or override any API Key (OpenAI, Gemini, OpenRouter, Tavily, Brave) directly into the secure vault without traversing the wizard.
+
+### AI Engine Optimizations
+- **Hybrid API Vault (Security)**: API Keys are no longer stored in plain text inside `config.yaml`. Nyxora now encrypts and stores them via `@napi-rs/keyring` utilizing OS-native credential management. For Headless/VPS Linux environments lacking DBUS/Secret Service, it automatically falls back to an isolated `api_vault.key` with strict `0600` permissions.
+- **Root-Level Config Auto-Migration**: Restructured `config.yaml` to move all API keys out of the nested `llm.credentials` into a logical, root-level `credentials` object. Implemented a silent auto-migration routine in `parser.ts` that safely upgrades legacy config files on boot without breaking existing setups.
+- **Web Search Smart Memory Cache**: Embedded a local Memory Cache (`Map`) into the `searchWeb` skill with a 5-minute (300,000ms) TTL. Exact duplicate queries now execute in 0ms and consume 0 API quota, dramatically improving conversation flow.
+- **Deep Research Mode**: The `search_web` tool definition now accepts a dynamic `depth` parameter (1 to 3). If users instruct the AI to conduct comprehensive research, Nyxora will automatically trigger `advanced` API payloads and extract up to 15 top web snippets simultaneously.
+- **Strict Skill Prioritization**: Added CRITICAL RULE 7 to the core NLP System Prompt. The AI is now hard-coded to prioritize native Web3 Skills (e.g. `get_price`, `analyze_market`, `check_security`) for all crypto-related queries, using `search_web` exclusively as a fallback mechanism.
+- **Dual-Engine Web Search (L3 Failover)**: Completely removed the fragile `duck-duck-scrape` dependency. The `search_web` skill is now powered by a robust L3 Auto-Failover architecture. Users can configure enterprise-grade search providers (Tavily or Brave). If the primary provider hits a rate limit (429) or invalid key (401/403), Nyxora seamlessly falls back to the secondary provider, and ultimately to a Decentralized SearXNG Mesh as a final safety net, guaranteeing 100% uptime.
+
+
 ## [1.7.0]
 
 ### Bug Fixes & Optimizations

package/DOCKER.md

@@ -0,0 +1,68 @@
+# 🐳 Nyxora Docker Guide
+
+This document provides a comprehensive guide to installing, configuring interactively, and running the Nyxora Agent fully containerized via Docker. This approach ensures Nyxora can run seamlessly across different environments (Linux, macOS, Windows) without requiring a local Node.js installation.
+
+## 🛠 1. Get the Docker Image
+
+You have two options to obtain the Nyxora Docker image:
+
+### Option A: Pull Pre-built Image (Recommended & Fastest)
+Nyxora officially publishes Docker images via GitHub Container Registry (GHCR) upon every release.
+```bash
+docker pull ghcr.io/nyxoraai/nyxora:latest
+```
+
+### Option B: Build Locally
+If you are developing or prefer to compile it yourself, run this in the root directory:
+```bash
+docker build -t ghcr.io/nyxoraai/nyxora:latest .
+```
+> **Note:** The initial build takes time as it compiles C++/Rust system modules (`isolated-vm`, `libsecret`).
+
+---
+
+## ⚙️ 2. Interactive Setup (Secure & Isolated)
+Nyxora requires an initial configuration (API Keys, Web3 Wallet, etc.). Run the command below to launch the **Interactive Setup Wizard** securely inside Docker. 
+
+This command mounts a volume and saves your configurations safely to a `.nyxora_docker` folder in your computer's Home directory, ensuring your existing local Nyxora installation remains untouched.
+```bash
+docker run -it --rm -v ~/.nyxora_docker:/root/.nyxora ghcr.io/nyxoraai/nyxora:latest npx ts-node -T packages/core/src/gateway/setup-cli.ts
+```
+*Complete the setup by answering the prompts in your terminal. Once you see "Setup Successful!", this temporary container will automatically delete itself.*
+
+---
+
+## 🚀 3. Start Nyxora (Background Daemon)
+Now that the setup is complete, it's time to start the main architecture (Core API, Policy Engine, and Signer Vault) as a non-stop background daemon:
+```bash
+docker run -d --name nyxora-daemon -p 3000:3000 -p 3001:3001 -v ~/.nyxora_docker:/root/.nyxora ghcr.io/nyxoraai/nyxora:latest
+```
+*(This command will output a long container ID indicating that the daemon is successfully running).*
+
+---
+
+## 🔑 4. Retrieve the Auth Token
+For security reasons, the Web Dashboard is locked behind a randomly generated runtime token upon every boot. Retrieve this token from the Docker logs:
+```bash
+docker logs nyxora-daemon
+```
+Look for a line that says: `[Launcher] Generated Internal Auth Token: <LONG_TOKEN_CODE>`. Please copy that token code.
+
+---
+
+## 💻 5. Access the Web Dashboard
+Open your preferred web browser, and access the following URL (replace `<LONG_TOKEN_CODE>` with the token you copied in Step 4):
+```text
+http://localhost:3000/?token=<LONG_TOKEN_CODE>
+```
+Congratulations! Your Nyxora Agent is now fully operational.
+
+---
+
+## 🧰 Docker Management Reference
+Here are some useful commands for managing your Nyxora daemon in the future:
+
+*   **Stop Nyxora:** `docker stop nyxora-daemon`
+*   **Start Nyxora again:** `docker start nyxora-daemon`
+*   **Monitor real-time AI logs:** `docker logs -f nyxora-daemon` (Press `Ctrl+C` to exit the stream).
+*   **Remove the container (e.g., to reset or upgrade):** `docker rm -f nyxora-daemon`

package/Dockerfile

@@ -0,0 +1,43 @@
+FROM node:22-bookworm-slim
+
+# Set working directory
+WORKDIR /app
+
+# Set Production Environment
+# Install native dependencies required for isolated-vm, keyring, etc.
+RUN apt-get update && apt-get install -y \
+    python3 \
+    make \
+    g++ \
+    libsecret-1-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy package metadata first to leverage Docker caching
+COPY package*.json ./
+COPY packages/core/package*.json ./packages/core/
+COPY packages/dashboard/package*.json ./packages/dashboard/
+COPY packages/mcp-server/package*.json ./packages/mcp-server/
+COPY packages/policy/package*.json ./packages/policy/
+COPY packages/signer/package*.json ./packages/signer/
+
+# Install dependencies
+RUN npm install
+
+# Copy the rest of the application code
+COPY . .
+
+# Build the dashboard (frontend)
+RUN npm run build --workspace=dashboard
+
+# Set Production Environment now that build is done
+ENV NODE_ENV=production
+
+# Expose the ports used by Core/Dashboard and Policy Engine
+EXPOSE 3000
+EXPOSE 3001
+
+# PERSISTENT STORAGE: Protect Nyxora's memory and configuration
+VOLUME ["/root/.nyxora"]
+
+# Start the daemon in the foreground
+CMD ["npx", "ts-node", "-T", "launcher.ts"]

package/bin/nyxora.mjs

@@ -217,6 +217,14 @@ async function main() {
     case 'dashboard': await dashboard(); break;
     case 'clean-logs': await cleanLogs(); break;
     case 'autostart': await autostart(process.argv[3]); break;
+    case '-v':
+    case '--v':
+    case '--version':
+    case 'version':
+      const pkgPath = path.join(projectRoot, 'package.json');
+      const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+      console.log(`Nyxora v${pkg.version}`);
+      break;
     default:
       console.log(`
 Nyxora CLI Manager

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nyxora",
-  "version": "1.7.0",
+  "version": "1.7.2",
   "license": "MIT",
   "workspaces": [
     "packages/*"
@@ -26,7 +26,6 @@
     "concurrently": "^9.2.1",
     "cors": "^2.8.6",
     "dotenv": "^17.4.2",
-    "duck-duck-scrape": "^2.2.7",
     "express": "^5.2.1",
     "express-rate-limit": "^7.5.0",
     "helmet": "^8.0.0",

package/packages/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nyxora-agent-core",
-  "version": "1.7.0",
+  "version": "1.7.2",
   "private": true,
   "main": "src/gateway/server.ts",
   "dependencies": {

package/packages/core/src/agent/limitOrderManager.ts

@@ -2,7 +2,7 @@ import fs from 'fs';
 import path from 'path';
 import { loadConfig } from '../config/parser';
 import { getPath } from '../config/paths';
-import { ChainName } from '../web3/config';
+import { ChainName, SUPPORTED_CHAIN_NAMES } from '../web3/config';
 import { resolveToken } from '../web3/utils/tokens';
 import { prepareSwapToken, executeSwap } from '../web3/skills/swapToken';
 import { txManager } from './transactionManager';
@@ -158,7 +158,7 @@ export const createLimitOrderToolDefinition = {
     parameters: {
       type: "object",
       properties: {
-        chainName: { type: "string", enum: ["ethereum", "base", "bsc", "arbitrum", "optimism", "sepolia"] },
+        chainName: { type: "string", enum: SUPPORTED_CHAIN_NAMES },
         fromToken: { type: "string", description: "Token to sell" },
         toToken: { type: "string", description: "Token to buy" },
         amountStr: { type: "string", description: "Amount to sell" },

package/packages/core/src/agent/reasoning.ts

@@ -1,7 +1,7 @@
 import fs from 'fs';
 import path from 'path';
 import { OpenAI } from 'openai';
-import { loadConfig } from '../config/parser';
+import { loadConfig, loadApiKeys } from '../config/parser';
 import { Logger } from '../memory/logger';
 import { Tracker } from '../gateway/tracker';
 import { getBalanceToolDefinition, getBalance } from '../web3/skills/getBalance';
@@ -48,8 +48,9 @@ export const logger = new Logger();
 
 let currentKeyIndex = 0;
 
-function getOpenAI(): OpenAI {
+async function getOpenAI(): Promise<OpenAI> {
   const config = loadConfig();
+  const vaultKeys = await loadApiKeys();
   
   if (config.llm.provider === 'ollama') {
     return new OpenAI({
@@ -80,16 +81,16 @@ function getOpenAI(): OpenAI {
   // Fallbacks if no valid keys found in config.llm.api_keys
   if (!apiKey) {
     if (config.llm.provider === 'gemini') {
-      apiKey = config.llm.credentials?.gemini_key || '';
+      apiKey = vaultKeys.gemini_key || config.credentials?.gemini_key || '';
     } else if (config.llm.provider === 'openrouter') {
-      apiKey = config.llm.credentials?.openrouter_key || '';
+      apiKey = vaultKeys.openrouter_key || config.credentials?.openrouter_key || '';
     } else {
-      apiKey = config.llm.credentials?.openai_key || '';
+      apiKey = vaultKeys.openai_key || config.credentials?.openai_key || '';
     }
     if (!apiKey) {
-      throw new Error(`No API Key found for ${config.llm.provider} in config.yaml. Please run 'nyxora setup' to configure it.`);
+      throw new Error(`No API Key found for ${config.llm.provider}. Please run 'nyxora setup' to configure it.`);
     }
-    console.log(`[LLM] Using default API Key from config.yaml`);
+    console.log(`[LLM] Using API Key from secure vault`);
   }
 
   if (config.llm.provider === 'gemini') {
@@ -117,7 +118,7 @@ async function executeWithRetry(
   
   while (retries <= maxRetries) {
     try {
-      const client = getOpenAI();
+      const client = await getOpenAI();
       return await requestBuilder(client);
     } catch (error: any) {
       const status = error?.status || error?.response?.status;
@@ -166,7 +167,8 @@ CRITICAL RULE 3: FORMATTING & CONCISENESS.
   - When displaying a list of assets, tokens, portfolio, or transaction history, YOU MUST USE MARKDOWN TABLES. Do not use bullet points for financial data.
 CRITICAL RULE 4: When the user asks to check "my balance", "saldo saya", or anything about their own wallet generally, ALWAYS use the check_portfolio tool to show all assets on the chain that have a USD value greater than 0. LEAVE THE ADDRESS PARAMETER EMPTY. Do NOT use get_balance unless the user explicitly asks for the balance of ONE specific token.
 CRITICAL RULE 5: If the user doesn't specify a chain, default to: ${config.agent.default_chain}. If the user mentions a specific chain (e.g., "on BNB", "di Base"), you MUST override the default and execute the tool on that specific chain.
-CRITICAL RULE 6: If you use the default chain because the user forgot to specify one, you MUST politely confirm which chain you checked in your response (e.g., "I checked your balance on the ${config.agent.default_chain} network..."). Do not issue scary warnings.`;
+CRITICAL RULE 6: If you use the default chain because the user forgot to specify one, you MUST politely confirm which chain you checked in your response (e.g., "I checked your balance on the ${config.agent.default_chain} network..."). Do not issue scary warnings.
+CRITICAL RULE 7: TOOL PRIORITIZATION. When the user asks about crypto prices, market analysis, token security, or blockchain data, YOU MUST prioritize using the dedicated Web3 skills (e.g., get_price, analyze_market, check_security) FIRST. Only if those tools fail or cannot provide the requested information, you may fallback to using search_web.`;
 
   // Read IDENTITY.md for core AI persona
   try {
@@ -426,7 +428,7 @@ export async function processUserInput(input: string, role: 'user' | 'system' =
               break;
             }
             case 'search_web': {
-              result = await searchWeb(args.query);
+              result = await searchWeb(args.query, args.depth);
               break;
             }
             case 'install_external_skill': {

package/packages/core/src/config/parser.ts

@@ -3,6 +3,39 @@ import yaml from 'yaml';
 import path from 'path';
 import { getPath } from './paths';
 
+export async function loadApiKeys(): Promise<Record<string, string>> {
+  const vaultPath = getPath('api_vault.key');
+  try {
+    const { Entry } = require('@napi-rs/keyring');
+    const entry = new Entry('nyxora', 'api_keys');
+    const data = await entry.getPassword();
+    if (data) return JSON.parse(data);
+  } catch (e) {
+    if (fs.existsSync(vaultPath)) {
+      try {
+        const file = fs.readFileSync(vaultPath, 'utf8');
+        return JSON.parse(file);
+      } catch (err) {}
+    }
+  }
+  return {};
+}
+
+export async function saveApiKeys(newKeys: Record<string, string>): Promise<void> {
+  const vaultPath = getPath('api_vault.key');
+  const currentKeys = await loadApiKeys();
+  const mergedKeys = { ...currentKeys, ...newKeys };
+  const dataString = JSON.stringify(mergedKeys);
+
+  try {
+    const { Entry } = require('@napi-rs/keyring');
+    const entry = new Entry('nyxora', 'api_keys');
+    await entry.setPassword(dataString);
+  } catch (e) {
+    fs.writeFileSync(vaultPath, dataString, { mode: 0o600 });
+  }
+}
+
 export interface NyxoraConfig {
   agent: {
     name: string;
@@ -13,11 +46,19 @@ export interface NyxoraConfig {
     model: string;
     temperature: number;
     api_keys?: string[];
-    credentials?: {
-      openai_key?: string;
-      gemini_key?: string;
-      openrouter_key?: string;
-    };
+    credentials?: any; // Deprecated, kept for parsing during migration
+  };
+  web_search?: {
+    provider: 'tavily' | 'brave' | 'mesh';
+    enabled: boolean;
+  };
+  credentials?: {
+    openai_key?: string;
+    gemini_key?: string;
+    openrouter_key?: string;
+    tavily_key?: string;
+    brave_key?: string;
+    [key: string]: string | undefined;
   };
   memory: {
     type: string;
@@ -52,6 +93,47 @@ export function loadConfig(): NyxoraConfig {
     const file = fs.readFileSync(configPath, 'utf8');
     const parsed = yaml.parse(file) as Partial<NyxoraConfig>;
     
+    // Auto-migration logic: move llm.credentials to root credentials
+    let needsSave = false;
+    if (parsed.llm && (parsed.llm as any).credentials) {
+      if (!parsed.credentials) {
+        parsed.credentials = {};
+      }
+      const oldCreds = (parsed.llm as any).credentials;
+      Object.keys(oldCreds).forEach(key => {
+        if (oldCreds[key] && !parsed.credentials![key]) {
+          parsed.credentials![key] = oldCreds[key];
+        }
+      });
+      delete (parsed.llm as any).credentials;
+      needsSave = true;
+    }
+
+    if (needsSave) {
+      try {
+        const yamlStr = yaml.stringify(parsed);
+        fs.writeFileSync(configPath, yamlStr, 'utf8');
+        console.log('[Config] Auto-migrated llm.credentials to root credentials.');
+      } catch (e) {
+        console.error('[Config] Failed to auto-migrate config file', e);
+      }
+    }
+    
+    // Auto-migrate from config.yaml to Keyring/Vault
+    if (parsed.credentials && Object.keys(parsed.credentials).length > 0) {
+      const credsToMigrate = { ...parsed.credentials };
+      saveApiKeys(credsToMigrate).then(() => {
+        console.log('[Config] Auto-migrated API keys to secure vault.');
+        delete parsed.credentials;
+        try {
+          const yamlStr = yaml.stringify(parsed);
+          fs.writeFileSync(configPath, yamlStr, 'utf8');
+        } catch (e) {}
+      }).catch(e => {
+        console.error('[Config] Failed to migrate API keys to secure vault', e);
+      });
+    }
+    
     // Merge with defaults
     return {
       agent: parsed.agent || { name: 'Nyxora-Default', default_chain: 'base' },
@@ -59,9 +141,13 @@ export function loadConfig(): NyxoraConfig {
         provider: 'openai', 
         model: 'gpt-4o-mini', 
         temperature: 0.2, 
-        api_keys: [],
-        credentials: {}
+        api_keys: []
+      },
+      web_search: parsed.web_search || {
+        provider: 'mesh',
+        enabled: true
       },
+      credentials: parsed.credentials || {},
       memory: parsed.memory || { type: 'file', path: './memory.json' },
       web3: parsed.web3 || { rpc_urls: {} },
       integrations: parsed.integrations || {
@@ -72,17 +158,25 @@ export function loadConfig(): NyxoraConfig {
         system: { allow_shell_execution: false, allow_file_write: false }
       }
     } as NyxoraConfig;
-  } catch (error) {
-    console.error('Failed to load config.yaml. Using default configuration.', error);
+  } catch (error: any) {
+    if (error.code === 'ENOENT') {
+      console.log('[Config] No config.yaml found. Using default configuration.');
+    } else {
+      console.error('[Config] Failed to load config.yaml. Using default configuration.', error);
+    }
     return {
       agent: { name: 'Nyxora-Default', default_chain: 'base' },
       llm: { 
         provider: 'openai', 
         model: 'gpt-4o-mini', 
         temperature: 0.2, 
-        api_keys: [],
-        credentials: {}
+        api_keys: []
+      },
+      web_search: {
+        provider: 'mesh',
+        enabled: true
       },
+      credentials: {},
       memory: { type: 'file', path: './memory.json' },
       web3: { rpc_urls: {} },
       integrations: {

package/packages/core/src/gateway/cli.ts

@@ -13,6 +13,7 @@ import { runSetupWizard } from './setup';
 import { password, isCancel } from '@clack/prompts';
 import { getSessionToken } from '../utils/state';
 import pc from 'picocolors';
+import { saveApiKeys } from '../config/parser';
 
 async function main() {
   // 1. Determine configuration directory
@@ -30,6 +31,33 @@ console.log(`================================`);
     process.exit(0);
   }
 
+  // Check for set-key shortcut
+  if (process.argv.includes('set-key')) {
+    const setKeyIndex = process.argv.indexOf('set-key');
+    const provider = process.argv[setKeyIndex + 1];
+    const key = process.argv[setKeyIndex + 2];
+    
+    if (!provider || !key) {
+      console.error(pc.red('Usage: nyxora set-key <provider> <api_key>'));
+      console.error(pc.gray('Example: nyxora set-key tavily tvly-xxx'));
+      process.exit(1);
+    }
+    
+    const keyMap: Record<string, string> = {
+      'openai': 'openai_key',
+      'gemini': 'gemini_key',
+      'openrouter': 'openrouter_key',
+      'tavily': 'tavily_key',
+      'brave': 'brave_key'
+    };
+    
+    const mappedKey = keyMap[provider.toLowerCase()] || `${provider.toLowerCase()}_key`;
+    
+    await saveApiKeys({ [mappedKey]: key });
+    console.log(pc.green(`✅ API Key for ${provider} saved securely to vault.`));
+    process.exit(0);
+  }
+
   // 2. Setup boilerplate files if in global mode and they don't exist
   let isFirstBoot = false;
   if (isGlobalMode) {
@@ -65,8 +93,6 @@ console.log(`================================`);
   // 4. Start the Express API Server (which also serves the static dashboard and Telegram bot)
   startServer();
   const token = getSessionToken(); // Initialize token file
-  console.log(`🌐 Nyxora API Server running on port ${process.env.PORT || 3000}`);
-  
   setTimeout(() => {
     console.log(pc.cyan(`\n✨ Dashboard URL: http://localhost:3000/?token=${token}`));
     console.log(pc.gray(`   (Developers: Vite hot-reload available at http://localhost:5173/?token=${token})\n`));

package/packages/core/src/gateway/googleAuthModule.ts

@@ -145,6 +145,25 @@ export async function getAccessToken(): Promise<string | null> {
   }
 }
 
+export async function logoutGoogle(): Promise<boolean> {
+  try {
+    const { Entry } = require('@napi-rs/keyring');
+    const entry = new Entry('nyxora', 'google_refresh_token');
+    await entry.deletePassword();
+  } catch (e) {}
+
+  try {
+    if (fs.existsSync(FALLBACK_TOKEN_PATH)) {
+      fs.unlinkSync(FALLBACK_TOKEN_PATH);
+    }
+  } catch (e) {}
+
+  accessToken = null;
+  tokenExpiry = 0;
+  console.log('[Google Auth] Successfully logged out.');
+  return true;
+}
+
 // ---- Secure Storage for Refresh Token ----
 
 async function saveRefreshToken(token: string) {

package/packages/core/src/gateway/server.ts

@@ -44,7 +44,7 @@ import { readGmailInboxToolDefinition, listCalendarEventsToolDefinition, appendR
 
 import { startTelegramBot } from './telegram';
 import { formatTransactionSuccess, formatTransactionError } from '../utils/formatter';
-import { initGoogleAuth, getAuthUrl, processCallback, isAuthenticated } from './googleAuthModule';
+import { initGoogleAuth, getAuthUrl, processCallback, isAuthenticated, logoutGoogle } from './googleAuthModule';
 
 // Initialize Google Auth
 initGoogleAuth();
@@ -291,7 +291,13 @@ app.get('/api/auth/google/callback', async (req, res) => {
 });
 
 app.get('/api/auth/google/status', async (req, res) => {
-  res.json({ connected: await isAuthenticated() });
+  const connected = await isAuthenticated();
+  res.json({ connected });
+});
+
+app.delete('/api/auth/google', async (req, res) => {
+  const success = await logoutGoogle();
+  res.json({ success });
 });
 
 app.get('/api/transactions', (req, res) => {
@@ -405,7 +411,7 @@ export function startServer() {
   limitOrderManager.startMonitor();
 
   const PORT = Number(process.env.PORT || 3000);
-  app.listen(PORT, '127.0.0.1', () => {
+  app.listen(PORT, '0.0.0.0', () => {
     console.log(`🤖 Nyxora API Server running on port ${PORT}`);
     
     // Start the Telegram bot listener

package/packages/core/src/gateway/setup.ts

@@ -3,7 +3,7 @@ import pc from 'picocolors';
 import fs from 'fs';
 import path from 'path';
 import { getAppDir } from '../config/paths';
-import { loadConfig, saveConfig } from '../config/parser';
+import { loadConfig, saveConfig, saveApiKeys } from '../config/parser';
 import crypto from 'crypto';
 
 function encryptKey(privateKey: string, password: string) {
@@ -161,6 +161,25 @@ Provider: ${config.llm.provider}`;
     if (isCancel(apiKey)) return process.exit(0);
   }
 
+  // 3.5. Smart Web Search Setup
+  const searchProvider = await select({
+    message: 'Enable Smart Web Search for Nyxora AI?',
+    options: [
+      { value: 'skip', label: 'Skip (Use basic decentralized mesh)' },
+      { value: 'tavily', label: 'Tavily Search (Built for AI - 1000 free/mo)' },
+      { value: 'brave', label: 'Brave Search (Privacy focused - 2000 free/mo)' },
+    ],
+  });
+  if (isCancel(searchProvider)) return process.exit(0);
+
+  let searchApiKey = '';
+  if (searchProvider !== 'skip') {
+    searchApiKey = (await password({
+      message: `Enter API Key for ${searchProvider} (Get it free at ${searchProvider === 'tavily' ? 'tavily.com' : 'search.brave.com'}):`,
+    })) as string;
+    if (isCancel(searchApiKey)) return process.exit(0);
+  }
+
   // 4. Default Chain
   const defaultChain = await select({
     message: 'Select Default Chain:',
@@ -169,8 +188,9 @@ Provider: ${config.llm.provider}`;
       { value: 'ethereum', label: 'Ethereum Mainnet' },
       { value: 'bsc', label: 'BSC' },
       { value: 'base', label: 'Base' },
-      { value: 'optimism', label: 'Optimism' },
-      { value: 'arbitrum', label: 'Arbitrum' },
+      { value: 'arbitrum', label: 'Arbitrum One' },
+      { value: 'optimism', label: 'OP Mainnet' },
+      { value: 'polygon', label: 'Polygon (Matic)' },
       { value: 'sepolia', label: 'Sepolia (Testnet)' },
     ],
   });
@@ -233,8 +253,8 @@ Provider: ${config.llm.provider}`;
     message: 'Web3 Wallet Setup:',
     options: [
       { value: 'skip', label: 'Skip for now (No Web3 execution)' },
-      { value: 'generate', label: 'Auto-Generate New Wallet (Recommended for testing)' },
-      { value: 'manual', label: 'Input Manual Private Key' },
+      { value: 'generate', label: 'Auto-Generate New Wallet' },
+      { value: 'manual', label: 'Manual Input (Existing Private Key)' },
     ],
   });
   if (isCancel(walletSetupType)) return process.exit(0);
@@ -260,11 +280,26 @@ Provider: ${config.llm.provider}`;
   config.llm.model = model as string;
   config.agent.default_chain = defaultChain as string;
   
-  if (!config.llm.credentials) config.llm.credentials = {};
+  const newApiKeys: Record<string, string> = {};
   if (apiKey) {
-    if (provider === 'openai') config.llm.credentials.openai_key = apiKey;
-    if (provider === 'gemini') config.llm.credentials.gemini_key = apiKey;
-    if (provider === 'openrouter') config.llm.credentials.openrouter_key = apiKey;
+    if (provider === 'openai') newApiKeys.openai_key = apiKey;
+    if (provider === 'gemini') newApiKeys.gemini_key = apiKey;
+    if (provider === 'openrouter') newApiKeys.openrouter_key = apiKey;
+  }
+
+  if (!config.web_search) config.web_search = { provider: 'mesh', enabled: true };
+  if (searchProvider !== 'skip') {
+    config.web_search.provider = searchProvider as any;
+    if (searchApiKey) {
+      if (searchProvider === 'tavily') newApiKeys.tavily_key = searchApiKey;
+      if (searchProvider === 'brave') newApiKeys.brave_key = searchApiKey;
+    }
+  } else {
+    config.web_search.provider = 'mesh';
+  }
+
+  if (Object.keys(newApiKeys).length > 0) {
+    await saveApiKeys(newApiKeys);
   }
 
   if (!config.integrations) config.integrations = {};

package/packages/core/src/gateway/telegram.ts

@@ -238,7 +238,9 @@ export function startTelegramBot() {
       console.error('[Telegram] Telegraf error:', err);
     });
 
-    bot.launch();
+    bot.launch().catch(err => {
+      console.error('[Telegram] Connection failed (likely blocked by ISP or timeout):', err.message);
+    });
     
     if (isPaired) {
       console.log('🤖 Telegram Bot is running and securely listening for your messages...');