nyxora 1.7.1 → 1.7.3

package/.dockerignore

@@ -0,0 +1,12 @@
+node_modules
+.git
+.github
+.env
+.env.*
+*.log
+.DS_Store
+dist
+build
+.nyxora
+vault.key
+api_vault.key

package/CHANGELOG.md

@@ -5,6 +5,27 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.7.3] - Unreleased
+
+### Web3 Routing & Integrations
+- **Multi-Router Selection (DeFi)**: Added a dynamic Router dropdown to the Dashboard UI, allowing users to forcefully route transactions through specific protocols natively. Supported routers include `1inch`, `CowSwap (MEV-Protected)`, `Li.Fi`, `Relay`, `Uniswap V2`, `Uniswap V3`, and `PancakeSwap`. This integration heavily relies on deep aggregator proxying (bypassing the need for complex V2/V3 ABI calldata overhead) to ensure 100% smooth, anti-fail execution without requiring additional API keys.
+
+### Security & Polish
+- **Dashboard:** Redacted the sensitive Nyxora Auth Token from appearing in the Gateway Logs component on the frontend to prevent visual leakage during screen sharing or screenshots.
+
+## [1.7.2] - 2026-06-04
+
+### UI/UX Enhancements
+- **Google Workspace Logout**: Users can now easily disconnect their Google Workspace accounts directly from the Dashboard (OS Skills tab). This triggers a secure token purge from both the OS Keyring and local storage, ensuring privacy and seamless account switching.
+
+### Cloud-Native Deployment
+- **Official Docker & GHCR Support**: Added comprehensive Docker containerization support (`Dockerfile`) and automated publishing pipelines to GitHub Container Registry (GHCR). 
+- **Docker Documentation**: Added a dedicated `DOCKER.md` guide explaining how to pull, interactively configure, and run the Nyxora daemon via Docker with isolated Volume storage (`/root/.nyxora`).
+
+### Documentation & Compliance
+- **Legal Infrastructure**: Added standard `Privacy Policy` (`privacy.md`) and `Terms of Service` (`terms.md`) to the VitePress documentation to prepare for official Google OAuth App Verification.
+- **Enterprise Roadmap Evolution**: Updated the documentation roadmap to reflect our "Nyxora Next Update" vision, outlining future plans for a Rust-Native Signer, Idempotent Policy Engine, Multi-VM Architecture, and Google App Verification.
+
 ## [1.7.1]
 
 ### CLI Enhancements

package/DOCKER.md

@@ -0,0 +1,68 @@
+# 🐳 Nyxora Docker Guide
+
+This document provides a comprehensive guide to installing, configuring interactively, and running the Nyxora Agent fully containerized via Docker. This approach ensures Nyxora can run seamlessly across different environments (Linux, macOS, Windows) without requiring a local Node.js installation.
+
+## 🛠 1. Get the Docker Image
+
+You have two options to obtain the Nyxora Docker image:
+
+### Option A: Pull Pre-built Image (Recommended & Fastest)
+Nyxora officially publishes Docker images via GitHub Container Registry (GHCR) upon every release.
+```bash
+docker pull ghcr.io/nyxoraai/nyxora:latest
+```
+
+### Option B: Build Locally
+If you are developing or prefer to compile it yourself, run this in the root directory:
+```bash
+docker build -t ghcr.io/nyxoraai/nyxora:latest .
+```
+> **Note:** The initial build takes time as it compiles C++/Rust system modules (`isolated-vm`, `libsecret`).
+
+---
+
+## ⚙️ 2. Interactive Setup (Secure & Isolated)
+Nyxora requires an initial configuration (API Keys, Web3 Wallet, etc.). Run the command below to launch the **Interactive Setup Wizard** securely inside Docker. 
+
+This command mounts a volume and saves your configurations safely to a `.nyxora_docker` folder in your computer's Home directory, ensuring your existing local Nyxora installation remains untouched.
+```bash
+docker run -it --rm -v ~/.nyxora_docker:/root/.nyxora ghcr.io/nyxoraai/nyxora:latest npx ts-node -T packages/core/src/gateway/setup-cli.ts
+```
+*Complete the setup by answering the prompts in your terminal. Once you see "Setup Successful!", this temporary container will automatically delete itself.*
+
+---
+
+## 🚀 3. Start Nyxora (Background Daemon)
+Now that the setup is complete, it's time to start the main architecture (Core API, Policy Engine, and Signer Vault) as a non-stop background daemon:
+```bash
+docker run -d --name nyxora-daemon -p 3000:3000 -p 3001:3001 -v ~/.nyxora_docker:/root/.nyxora ghcr.io/nyxoraai/nyxora:latest
+```
+*(This command will output a long container ID indicating that the daemon is successfully running).*
+
+---
+
+## 🔑 4. Retrieve the Auth Token
+For security reasons, the Web Dashboard is locked behind a randomly generated runtime token upon every boot. Retrieve this token from the Docker logs:
+```bash
+docker logs nyxora-daemon
+```
+Look for a line that says: `[Launcher] Generated Internal Auth Token: <LONG_TOKEN_CODE>`. Please copy that token code.
+
+---
+
+## 💻 5. Access the Web Dashboard
+Open your preferred web browser, and access the following URL (replace `<LONG_TOKEN_CODE>` with the token you copied in Step 4):
+```text
+http://localhost:3000/?token=<LONG_TOKEN_CODE>
+```
+Congratulations! Your Nyxora Agent is now fully operational.
+
+---
+
+## 🧰 Docker Management Reference
+Here are some useful commands for managing your Nyxora daemon in the future:
+
+*   **Stop Nyxora:** `docker stop nyxora-daemon`
+*   **Start Nyxora again:** `docker start nyxora-daemon`
+*   **Monitor real-time AI logs:** `docker logs -f nyxora-daemon` (Press `Ctrl+C` to exit the stream).
+*   **Remove the container (e.g., to reset or upgrade):** `docker rm -f nyxora-daemon`

package/Dockerfile

@@ -0,0 +1,43 @@
+FROM node:22-bookworm-slim
+
+# Set working directory
+WORKDIR /app
+
+# Set Production Environment
+# Install native dependencies required for isolated-vm, keyring, etc.
+RUN apt-get update && apt-get install -y \
+    python3 \
+    make \
+    g++ \
+    libsecret-1-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy package metadata first to leverage Docker caching
+COPY package*.json ./
+COPY packages/core/package*.json ./packages/core/
+COPY packages/dashboard/package*.json ./packages/dashboard/
+COPY packages/mcp-server/package*.json ./packages/mcp-server/
+COPY packages/policy/package*.json ./packages/policy/
+COPY packages/signer/package*.json ./packages/signer/
+
+# Install dependencies
+RUN npm install
+
+# Copy the rest of the application code
+COPY . .
+
+# Build the dashboard (frontend)
+RUN npm run build --workspace=dashboard
+
+# Set Production Environment now that build is done
+ENV NODE_ENV=production
+
+# Expose the ports used by Core/Dashboard and Policy Engine
+EXPOSE 3000
+EXPOSE 3001
+
+# PERSISTENT STORAGE: Protect Nyxora's memory and configuration
+VOLUME ["/root/.nyxora"]
+
+# Start the daemon in the foreground
+CMD ["npx", "ts-node", "-T", "launcher.ts"]

package/README.md

@@ -40,6 +40,7 @@ It operates under an institutional-grade **Cryptographically Bound Human-in-the-
 *   **Zero-Click Multi-Session**: Instantly create isolated chat sessions with smart auto-naming triggered by your first prompt, exactly like ChatGPT.
 *   **Dynamic Trending Tokens**: Live top 5 crypto assets feed directly injected into the dashboard, completely clickable for instant AI market analysis.
 *   **Premium Utility-Centric UI**: A sleek, dark-themed dashboard built for high readability and professional Web3 execution, featuring Pseudo-Generative UI widgets (`<BalanceWidget>`, `<MarketWidget>`, `<SwapWidget>`).
+*   **Context Overrides Defaults (NLP Intelligence)**: The Dashboard configuration (default chain & router) acts only as a safety net. If you issue an explicit command via Telegram (e.g., *"Swap 10 USDC to USDT on Arbitrum using Li.Fi"*), the NLP engine dynamically bypasses the default settings and executes exactly what you asked for, ensuring maximum flexibility.
 *   **Deep Personalization**: Feed the agent custom rules via `user.md` and define its core persona via `IDENTITY.md`.
 
 ---

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nyxora",
-  "version": "1.7.1",
+  "version": "1.7.3",
   "license": "MIT",
   "workspaces": [
     "packages/*"

package/packages/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nyxora-agent-core",
-  "version": "1.7.1",
+  "version": "1.7.3",
   "private": true,
   "main": "src/gateway/server.ts",
   "dependencies": {

package/packages/core/src/config/parser.ts

@@ -39,7 +39,9 @@ export async function saveApiKeys(newKeys: Record<string, string>): Promise<void
 export interface NyxoraConfig {
   agent: {
     name: string;
+    description: string;
     default_chain: string;
+    default_router?: string;
   };
   llm: {
     provider: 'openai' | 'anthropic' | 'ollama' | 'gemini' | 'openrouter';
@@ -136,7 +138,7 @@ export function loadConfig(): NyxoraConfig {
     
     // Merge with defaults
     return {
-      agent: parsed.agent || { name: 'Nyxora-Default', default_chain: 'base' },
+      agent: parsed.agent || { name: 'Nyxora-Default', description: 'An autonomous agent running on your local machine.', default_chain: 'base', default_router: 'auto' },
       llm: parsed.llm || { 
         provider: 'openai', 
         model: 'gpt-4o-mini', 
@@ -158,10 +160,19 @@ export function loadConfig(): NyxoraConfig {
         system: { allow_shell_execution: false, allow_file_write: false }
       }
     } as NyxoraConfig;
-  } catch (error) {
-    console.error('Failed to load config.yaml. Using default configuration.', error);
+  } catch (error: any) {
+    if (error.code === 'ENOENT') {
+      console.log('[Config] No config.yaml found. Using default configuration.');
+    } else {
+      console.error('[Config] Failed to load config.yaml. Using default configuration.', error);
+    }
     return {
-      agent: { name: 'Nyxora-Default', default_chain: 'base' },
+      agent: {
+      name: "Nyxora-Default",
+      description: "An autonomous agent running on your local machine.",
+      default_chain: "ethereum",
+      default_router: "auto"
+    },
       llm: { 
         provider: 'openai', 
         model: 'gpt-4o-mini', 

package/packages/core/src/gateway/googleAuthModule.ts

@@ -145,6 +145,25 @@ export async function getAccessToken(): Promise<string | null> {
   }
 }
 
+export async function logoutGoogle(): Promise<boolean> {
+  try {
+    const { Entry } = require('@napi-rs/keyring');
+    const entry = new Entry('nyxora', 'google_refresh_token');
+    await entry.deletePassword();
+  } catch (e) {}
+
+  try {
+    if (fs.existsSync(FALLBACK_TOKEN_PATH)) {
+      fs.unlinkSync(FALLBACK_TOKEN_PATH);
+    }
+  } catch (e) {}
+
+  accessToken = null;
+  tokenExpiry = 0;
+  console.log('[Google Auth] Successfully logged out.');
+  return true;
+}
+
 // ---- Secure Storage for Refresh Token ----
 
 async function saveRefreshToken(token: string) {

package/packages/core/src/gateway/server.ts

@@ -44,7 +44,7 @@ import { readGmailInboxToolDefinition, listCalendarEventsToolDefinition, appendR
 
 import { startTelegramBot } from './telegram';
 import { formatTransactionSuccess, formatTransactionError } from '../utils/formatter';
-import { initGoogleAuth, getAuthUrl, processCallback, isAuthenticated } from './googleAuthModule';
+import { initGoogleAuth, getAuthUrl, processCallback, isAuthenticated, logoutGoogle } from './googleAuthModule';
 
 // Initialize Google Auth
 initGoogleAuth();
@@ -291,7 +291,13 @@ app.get('/api/auth/google/callback', async (req, res) => {
 });
 
 app.get('/api/auth/google/status', async (req, res) => {
-  res.json({ connected: await isAuthenticated() });
+  const connected = await isAuthenticated();
+  res.json({ connected });
+});
+
+app.delete('/api/auth/google', async (req, res) => {
+  const success = await logoutGoogle();
+  res.json({ success });
 });
 
 app.get('/api/transactions', (req, res) => {
@@ -405,7 +411,7 @@ export function startServer() {
   limitOrderManager.startMonitor();
 
   const PORT = Number(process.env.PORT || 3000);
-  app.listen(PORT, '127.0.0.1', () => {
+  app.listen(PORT, '0.0.0.0', () => {
     console.log(`🤖 Nyxora API Server running on port ${PORT}`);
     
     // Start the Telegram bot listener

package/packages/core/src/web3/skills/swapToken.ts

@@ -3,7 +3,8 @@ import { getPublicClient, getAddress, ChainName, SUPPORTED_CHAIN_NAMES } from '.
 import { txManager } from '../../agent/transactionManager';
 import { resolveToken, ERC20_ABI } from '../utils/tokens';
 import { saveTokenToWhitelist } from '../../utils/userWhitelistManager';
-import crypto from 'crypto';
+import { loadConfig } from '../../config/parser';
+import * as crypto from 'crypto';
 
 const CHAIN_IDS: Record<string, number> = {
   ethereum: 1,
@@ -15,7 +16,7 @@ const CHAIN_IDS: Record<string, number> = {
   polygon: 137,
 };
 
-async function getLifiQuote(fromChainId: number, toChainId: number, fromToken: string, toToken: string, amountWei: string, userAddress: string, slippage: number) {
+async function getLifiQuote(fromChainId: number, toChainId: number, fromToken: string, toToken: string, amountWei: string, userAddress: string, slippage: number, providerName?: string) {
   const url = new URL('https://li.quest/v1/quote');
   url.searchParams.append('fromChain', fromChainId.toString());
   url.searchParams.append('toChain', toChainId.toString());
@@ -24,6 +25,21 @@ async function getLifiQuote(fromChainId: number, toChainId: number, fromToken: s
   url.searchParams.append('fromAmount', amountWei);
   url.searchParams.append('fromAddress', userAddress);
   url.searchParams.append('slippage', slippage.toString());
+  
+  // Specific Exchange forcing (Native-feel integration via Aggregator constraint)
+  if (providerName && providerName !== 'lifi' && providerName !== 'auto') {
+    // Map our internal names to Li.Fi exchange names
+    const exchangeMap: Record<string, string> = {
+      'uniswap_v2': 'uniswap_v2',
+      'uniswap_v3': 'uniswap_v3',
+      'pancakeswap': 'pancakeswap',
+      '1inch': 'oneinch',
+      'cowswap': 'cowswap'
+    };
+    if (exchangeMap[providerName]) {
+      url.searchParams.append('allowExchanges', exchangeMap[providerName]);
+    }
+  }
 
   const res = await fetch(url.toString());
   if (!res.ok) {
@@ -65,7 +81,7 @@ export async function prepareSwapToken(
   toToken: string, 
   amountStr: string,
   mode: "auto" | "manual" = "auto",
-  providerName: "lifi" | "relay" = "lifi",
+  providerName: "auto" | "lifi" | "relay" | "uniswap_v2" | "uniswap_v3" | "pancakeswap" | "1inch" | "cowswap" = "auto",
   slippagePercent: number = 0.5
 ): Promise<string> {
   try {
@@ -101,7 +117,17 @@ export async function prepareSwapToken(
     let approvalAddress: string | null = null;
     let expectedOutputStr = "";
 
-    let actualProvider = mode === "auto" ? "lifi" : providerName;
+    // If auto, read from global configuration set by Dashboard UI
+    let actualProvider = mode === "auto" ? "auto" : providerName;
+    if (actualProvider === "auto") {
+      try {
+        const config = loadConfig();
+        actualProvider = (config.agent.default_router as any) || "lifi";
+        if (actualProvider === "auto") actualProvider = "lifi"; // strict fallback
+      } catch (e) {
+        actualProvider = "lifi";
+      }
+    }
     const isTestnet = chainId === 11155111;
 
     // --- SEPOLIA TESTNET MOCK ---
@@ -121,14 +147,7 @@ export async function prepareSwapToken(
     }
     // --- END MOCK ---
 
-    if (actualProvider === "lifi") {
-      const quote = await getLifiQuote(chainId, chainId, fromTokenAddress, toTokenAddress, amountWei, userAddress, slippagePercent / 100);
-      txRequest = quote.transactionRequest;
-      approvalAddress = quote.estimate.approvalAddress;
-      
-      const toDecimals = quote.action.toToken.decimals;
-      expectedOutputStr = formatUnits(BigInt(quote.estimate.toAmount), toDecimals);
-    } else if (actualProvider === "relay") {
+    if (actualProvider === "relay") {
       const relayQuote = await getRelayQuote(chainId, chainId, fromTokenAddress, toTokenAddress, amountWei, userAddress);
       if (!relayQuote.steps || relayQuote.steps.length === 0) throw new Error("No route found by Relay.");
       
@@ -144,6 +163,15 @@ export async function prepareSwapToken(
       }
       
       expectedOutputStr = relayQuote.details?.currencyOut?.amountFormatted || "Unknown";
+    } else {
+      // Use Li.Fi for lifi, 1inch, cowswap, uniswap_v2, uniswap_v3, pancakeswap
+      // We mapped the allowExchanges inside getLifiQuote
+      const quote = await getLifiQuote(chainId, chainId, fromTokenAddress, toTokenAddress, amountWei, userAddress, slippagePercent / 100, actualProvider);
+      txRequest = quote.transactionRequest;
+      approvalAddress = quote.estimate.approvalAddress;
+      
+      const toDecimals = quote.action.toToken.decimals;
+      expectedOutputStr = formatUnits(BigInt(quote.estimate.toAmount), toDecimals);
     }
 
     // Check allowance early so we know if we need to auto-approve
@@ -250,11 +278,11 @@ export const swapTokenToolDefinition = {
         mode: {
           type: "string",
           enum: ["auto", "manual"],
-          description: "auto uses lifi. manual uses the specified provider."
+          description: "auto uses default router. manual uses the specified provider."
         },
         providerName: {
           type: "string",
-          enum: ["lifi", "relay"],
+          enum: ["auto", "lifi", "relay", "uniswap_v2", "uniswap_v3", "pancakeswap", "1inch", "cowswap"],
           description: "Used if mode is manual."
         }
       },

package/packages/core/src/web3/utils/routers.ts

@@ -0,0 +1,102 @@
+export const ROUTER_ADDRESSES: Record<string, Record<string, string>> = {
+  uniswap_v2: {
+    ethereum: '0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D'
+  },
+  uniswap_v3: {
+    ethereum: '0x68b3465833fb72A70ecDF485E0e4C7bD8665Fc45',
+    base: '0x2626664c2603336E57B271c5C0b26F421741e481',
+    arbitrum: '0x68b3465833fb72A70ecDF485E0e4C7bD8665Fc45',
+    optimism: '0x68b3465833fb72A70ecDF485E0e4C7bD8665Fc45',
+    polygon: '0x68b3465833fb72A70ecDF485E0e4C7bD8665Fc45'
+  },
+  pancakeswap: {
+    bsc: '0x10ED43C718714eb63d5aA57B78B54704E256024E'
+  }
+};
+
+export const UNISWAP_V2_ROUTER_ABI = [
+  {
+    "inputs": [
+      { "internalType": "uint256", "name": "amountIn", "type": "uint256" },
+      { "internalType": "uint256", "name": "amountOutMin", "type": "uint256" },
+      { "internalType": "address[]", "name": "path", "type": "address[]" },
+      { "internalType": "address", "name": "to", "type": "address" },
+      { "internalType": "uint256", "name": "deadline", "type": "uint256" }
+    ],
+    "name": "swapExactTokensForTokens",
+    "outputs": [{ "internalType": "uint256[]", "name": "amounts", "type": "uint256[]" }],
+    "stateMutability": "nonpayable",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      { "internalType": "uint256", "name": "amountIn", "type": "uint256" },
+      { "internalType": "address[]", "name": "path", "type": "address[]" }
+    ],
+    "name": "getAmountsOut",
+    "outputs": [{ "internalType": "uint256[]", "name": "amounts", "type": "uint256[]" }],
+    "stateMutability": "view",
+    "type": "function"
+  }
+];
+
+export const UNISWAP_V3_ROUTER_ABI = [
+  {
+    "inputs": [
+      {
+        "components": [
+          { "internalType": "address", "name": "tokenIn", "type": "address" },
+          { "internalType": "address", "name": "tokenOut", "type": "address" },
+          { "internalType": "uint24", "name": "fee", "type": "uint24" },
+          { "internalType": "address", "name": "recipient", "type": "address" },
+          { "internalType": "uint256", "name": "amountIn", "type": "uint256" },
+          { "internalType": "uint256", "name": "amountOutMinimum", "type": "uint256" },
+          { "internalType": "uint160", "name": "sqrtPriceLimitX96", "type": "uint160" }
+        ],
+        "internalType": "struct IV3SwapRouter.ExactInputSingleParams",
+        "name": "params",
+        "type": "tuple"
+      }
+    ],
+    "name": "exactInputSingle",
+    "outputs": [{ "internalType": "uint256", "name": "amountOut", "type": "uint256" }],
+    "stateMutability": "payable",
+    "type": "function"
+  }
+];
+
+export const UNISWAP_V3_QUOTER_ABI = [
+  {
+    "inputs": [
+      {
+        "components": [
+          { "internalType": "address", "name": "tokenIn", "type": "address" },
+          { "internalType": "address", "name": "tokenOut", "type": "address" },
+          { "internalType": "uint256", "name": "amountIn", "type": "uint256" },
+          { "internalType": "uint24", "name": "fee", "type": "uint24" },
+          { "internalType": "uint160", "name": "sqrtPriceLimitX96", "type": "uint160" }
+        ],
+        "internalType": "struct IQuoterV2.QuoteExactInputSingleParams",
+        "name": "params",
+        "type": "tuple"
+      }
+    ],
+    "name": "quoteExactInputSingle",
+    "outputs": [
+      { "internalType": "uint256", "name": "amountOut", "type": "uint256" },
+      { "internalType": "uint160", "name": "sqrtPriceX96After", "type": "uint160" },
+      { "internalType": "uint32", "name": "initializedTicksCrossed", "type": "uint32" },
+      { "internalType": "uint256", "name": "gasEstimate", "type": "uint256" }
+    ],
+    "stateMutability": "nonpayable",
+    "type": "function"
+  }
+];
+
+export const QUOTER_ADDRESSES: Record<string, string> = {
+  ethereum: '0x61fFE014bA17989E743c5F6cB21bF9697530B21e',
+  base: '0x3d4e44Eb1374240CE5F1B871ab261CD16335B76a',
+  arbitrum: '0x61fFE014bA17989E743c5F6cB21bF9697530B21e',
+  optimism: '0x61fFE014bA17989E743c5F6cB21bF9697530B21e',
+  polygon: '0x61fFE014bA17989E743c5F6cB21bF9697530B21e'
+};