nyxora 26.6.6 → 26.6.7

package/CHANGELOG.md

@@ -5,6 +5,28 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepashangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [26.6.7] - Unreleased
+### Enterprise Features & Web3 Enhancements
+- **Enterprise Portfolio Scanner**: Integrated a fully decentralized, real-time Dashboard UI (Nord Theme) to scan all native and ERC-20 token balances across 8 EVM chains natively, without relying on centralized third-party APIs.
+- **Real-Time USD Valuation**: Integrated DexScreener API into the Portfolio Scanner backend to actively compute and display USD portfolio values in real-time. Features an adaptive 2-minute memory cache system to ensure complete immunity against API rate-limits and eliminate LLM token consumption.
+- **Official Web3 Branding**: Integrated TrustWallet and CovalentHQ CDNs to automatically resolve and render official Native Chain icons and ERC-20 Token logos with dynamic address casing, delivering an authentic Tier-1 exchange aesthetic.
+- **Custom Token Management (AI Skill)**: Deployed the new `manage_custom_tokens` Web3 skill. The AI agent can now autonomously recognize, store, and manage user-specified custom token addresses (e.g., obscure/degen tokens) to `~/.nyxora/custom_tokens.json`. These are instantly synced with the Portfolio Scanner.
+- **MEV-Blocker Integration**: Upgraded the Ethereum mainnet routing core in `config.ts` to strictly prioritize `rpc.mevblocker.io` and `rpc.flashbots.net` as primary transports. All user transactions are now forcefully routed through Private Mempools, establishing complete immunity against sandwich attacks and front-running bots.
+- **System Diagnosis (`nyxora doctor`)**: Added a new CLI tool `nyxora doctor` to automatically verify OS requirements, node versions, filesystem permissions, SQLite database r/w access, Keyring vault security, and network port availability for seamless troubleshooting.
+
+### Security & UX Updates
+- **CLI Wallet Management (`nyxora wallet update`)**: Added a highly requested sub-command to allow users to securely overwrite their OS Keyring Web3 wallet directly via the CLI without having to re-run the full LLM setup wizard. Features an aggressive visual confirmation step to prevent accidental Private Key destruction.
+- **Terminal UI Resilience**: Replaced dynamic `note()` text rendering with static linear console logs in the `nyxora setup` wizard. This completely eliminates a UI truncation bug where the `clack` prompter would swallow the 12-word mnemonic phrase on small terminal windows.
+- **Helmet CSP Optimization**: Adjusted the Gateway Server's Content Security Policy (CSP) to securely whitelist decentralized image repositories (GitHub raw, CovalentHQ) without compromising strict anti-XSS protection protocols.
+- **BIP-39 Mnemonic Generation**: Upgraded the `nyxora setup` CLI wizard. When auto-generating a new wallet, the system now provides a standard 12-word Seed Phrase (Mnemonic) instead of a raw hex Private Key, vastly improving user security and cross-wallet compatibility (e.g., MetaMask). The private key is still autonomously extracted and locked in the OS Keyring.
+- **One-Liner Install Script**: Added a new hacker-style `curl | bash` installation method at `https://nyxoraai.github.io/Nyxora/install.sh` for Linux/macOS, and a native PowerShell script `install.ps1` for Windows, providing an instant, frictionless setup experience across all major operating systems.
+- **Global Localization Standardization**: Swept and translated the entire AI reasoning log engine (`reasoning.ts`) from Indonesian to standardized English to maintain strict international professional standards across console output and UI feedback.
+
+### Bug Fixes & Optimizations
+- **ERC-20 Decimals Resolution**: Completely eradicated a critical math bug where all custom tokens were assumed to have 18 decimals. The backend now executes parallel `decimals()` on-chain queries alongside `balanceOf()`, guaranteeing 100% mathematical precision for tokens like USDC/USDT (6 decimals).
+- **NPM Monorepo Build Fix**: Fixed the `packages/core` workspace `package.json` to correctly include the `"build": "tsc"` script and aligned its internal versioning (`v26.6.7`). This resolves the NPM workspace lifecycle crash during global build triggers.
+- **NPM Optimization**: Added official keywords (`web3`, `ai`, `agent`, `crypto`, `mcp`, `automation`, `defi`, `zero-trust`) to the root `package.json` to significantly improve Nyxora's discoverability and SEO on the NPM Registry.
+
 ## [26.6.6] - 2026-06-05
 ### Enterprise Stability Upgrades
 - **Strict LLM Output Validation**: Added robust try-catch parsing for LLM tool arguments in `reasoning.ts`. If the AI outputs malformed JSON, the error is fed back into the reasoning loop, allowing the model to autonomously self-correct without crashing the agent pipeline.

package/README.md

@@ -1,4 +1,4 @@
-# Nyxora Agent 🤖
+# Nyxora Agent <img src="./packages/dashboard/public/favicon.svg" width="36" align="top" />
 **Your Personal Web3 Assistant.**
 
 
@@ -75,9 +75,23 @@ To dive deeper into the technical details of our Zero-Knowledge security archite
 ### Global Installation via NPM (Recommended)
 The easiest and fastest way to use Nyxora is to install it globally via NPM. This ensures you get the latest version and can run Nyxora from anywhere on your machine.
 
+The fastest way to install Nyxora is via our automated installation script:
+
+**For Linux & macOS (Bash):**
+```bash
+curl -fsSL https://nyxoraai.github.io/Nyxora/install.sh | bash
+```
+
+**For Windows (PowerShell):**
+```powershell
+iwr https://nyxoraai.github.io/Nyxora/install.ps1 -useb | iex
+```
+
+Alternatively, you can install it manually on any operating system using NPM:
+
 ```bash
-# 1. Install Nyxora globally
 npm install -g nyxora@latest
+```
 
 # 2. Run the Interactive Setup Wizard (API Keys, Wallet, Telegram)
 nyxora setup

package/bin/nyxora.mjs

@@ -247,11 +247,41 @@ async function setKey(cliArgs) {
   await new Promise(resolve => child.on('close', resolve));
 }
 
+async function wallet(cliArgs) {
+  const compiledCli = path.join(projectRoot, 'dist', 'packages/core/src/gateway/cli.js');
+  const useCompiled = fs.existsSync(compiledCli);
+  const cmd = useCompiled ? 'node' : 'npx';
+  const args = useCompiled ? [compiledCli, 'wallet', ...cliArgs] : ['ts-node', '-T', 'packages/core/src/gateway/cli.ts', 'wallet', ...cliArgs];
+  const child = spawn(cmd, args, {
+    cwd: projectRoot,
+    stdio: 'inherit',
+    env: { ...process.env, TS_NODE_CACHE: 'false' }
+  });
+  
+  await new Promise(resolve => child.on('close', resolve));
+}
+
+async function runDoctor() {
+  const compiledCli = path.join(projectRoot, 'dist', 'packages/core/src/gateway/doctor.js');
+  const useCompiled = fs.existsSync(compiledCli);
+  const cmd = useCompiled ? 'node' : 'npx';
+  const args = useCompiled ? [compiledCli] : ['ts-node', '-T', 'packages/core/src/gateway/doctor.ts'];
+  const child = spawn(cmd, args, {
+    cwd: projectRoot,
+    stdio: 'inherit',
+    env: { ...process.env, TS_NODE_CACHE: 'false' }
+  });
+  
+  await new Promise(resolve => child.on('close', resolve));
+}
+
 async function main() {
   switch (command) {
+    case 'doctor': await runDoctor(); break;
     case 'setup': await setup(); break;
     case 'clear': await clearMemory(process.argv.slice(3)); break;
     case 'set-key': await setKey(process.argv.slice(3)); break;
+    case 'wallet': await wallet(process.argv.slice(3)); break;
     case 'start': await start(); break;
     case 'stop': await stop(); break;
     case 'restart': await restart(); break;
@@ -277,10 +307,12 @@ Commands:
   restart        Restart the daemon
   setup          Run the interactive Setup Wizard
   dashboard      Open the dashboard in your browser
+  doctor         Run system diagnostics and check requirements
   clear          Atomically clear the AI's short/long-term memory SQLite database
   clean-logs     Clear the daemon logs
   autostart      Enable/disable autostart on boot (usage: nyxora autostart enable)
   set-key        Securely save API Key (usage: nyxora set-key <provider> <key>)
+  wallet         Manage your Web3 Wallet (usage: nyxora wallet update)
 
 Options:
   -v, --version  Show current version

package/dist/packages/core/src/agent/reasoning.js

@@ -24,6 +24,7 @@ const marketAnalysis_1 = require("../web3/skills/marketAnalysis");
 const checkPortfolio_1 = require("../web3/skills/checkPortfolio");
 const checkAddress_1 = require("../web3/skills/checkAddress");
 const getMyAddress_1 = require("../web3/skills/getMyAddress");
+const manageCustomTokens_1 = require("../web3/skills/manageCustomTokens");
 const limitOrderManager_1 = require("./limitOrderManager");
 const updateProfile_1 = require("./updateProfile");
 const updateSecurityPolicy_1 = require("../system/skills/updateSecurityPolicy");
@@ -207,7 +208,7 @@ async function processUserInput(input, role = 'user', onProgress, sessionId) {
         const lowerInput = input.toLowerCase();
         const hasWeb3Keyword = /swap|transfer|price|token|crypto|bridge|wallet|balance|portfolio|buy|sell|send|receive|address|market|limit|mint|nft/i.test(lowerInput);
         const hasGoogleKeyword = /email|gmail|calendar|sheet|doc|form|event/i.test(lowerInput);
-        const WEB3_TOOLS = [getBalance_1.getBalanceToolDefinition, transfer_1.transferToolDefinition, getPrice_1.getPriceToolDefinition, swapToken_1.swapTokenToolDefinition, bridgeToken_1.bridgeTokenToolDefinition, mintNft_1.mintNftToolDefinition, customTx_1.customTxToolDefinition, createWallet_1.createWalletToolDefinition, checkSecurity_1.checkSecurityToolDefinition, marketAnalysis_1.marketAnalysisToolDefinition, checkPortfolio_1.checkPortfolioToolDefinition, checkAddress_1.checkAddressToolDefinition, getMyAddress_1.getMyAddressToolDefinition, limitOrderManager_1.createLimitOrderToolDefinition, limitOrderManager_1.listLimitOrdersToolDefinition, limitOrderManager_1.cancelLimitOrderToolDefinition];
+        const WEB3_TOOLS = [getBalance_1.getBalanceToolDefinition, transfer_1.transferToolDefinition, getPrice_1.getPriceToolDefinition, swapToken_1.swapTokenToolDefinition, bridgeToken_1.bridgeTokenToolDefinition, mintNft_1.mintNftToolDefinition, customTx_1.customTxToolDefinition, createWallet_1.createWalletToolDefinition, checkSecurity_1.checkSecurityToolDefinition, marketAnalysis_1.marketAnalysisToolDefinition, checkPortfolio_1.checkPortfolioToolDefinition, checkAddress_1.checkAddressToolDefinition, getMyAddress_1.getMyAddressToolDefinition, manageCustomTokens_1.manageCustomTokensDefinition, limitOrderManager_1.createLimitOrderToolDefinition, limitOrderManager_1.listLimitOrdersToolDefinition, limitOrderManager_1.cancelLimitOrderToolDefinition];
         const SYSTEM_TOOLS = [updateProfile_1.updateProfileToolDefinition, updateSecurityPolicy_1.updateSecurityPolicyToolDefinition, analyzeDocument_1.analyzeDocumentToolDefinition, readFile_1.readLocalFileToolDefinition, writeFile_1.writeLocalFileToolDefinition, executeShell_1.runTerminalCommandToolDefinition, browseWeb_1.browseWebsiteToolDefinition, searchWeb_1.searchWebToolDefinition, installSkill_1.installExternalSkillToolDefinition];
         const GOOGLE_TOOLS = [googleWorkspace_1.readGmailInboxToolDefinition, googleWorkspace_1.listCalendarEventsToolDefinition, googleWorkspace_1.appendRowToSheetsToolDefinition, googleWorkspace_1.readGoogleDocsToolDefinition, googleWorkspace_1.readGoogleFormResponsesToolDefinition];
         let activeTools = [];
@@ -251,9 +252,9 @@ async function processUserInput(input, role = 'user', onProgress, sessionId) {
                 let result = "";
                 let args = {};
                 const toolName = toolCall.function.name;
-                console.log(picocolors_1.default.yellow(`[⚡ Eksekusi Tool] AI memanggil ${toolName}...`));
+                console.log(picocolors_1.default.yellow(`[⚡ Tool Execution] AI is calling ${toolName}...`));
                 if (onProgress)
-                    onProgress(`_⚡ Menjalankan alat: ${toolName}..._`);
+                    onProgress(`_⚡ Running tool: ${toolName}..._`);
                 // Phase 1: LLM Output Validation (Anti-Halusinasi)
                 try {
                     args = JSON.parse(toolCall.function.arguments);
@@ -342,6 +343,10 @@ async function processUserInput(input, role = 'user', onProgress, sessionId) {
                             result = await (0, getMyAddress_1.getMyAddress)();
                             break;
                         }
+                        case 'manage_custom_tokens': {
+                            result = await (0, manageCustomTokens_1.executeManageCustomTokens)(args);
+                            break;
+                        }
                         case 'create_limit_order': {
                             if (config.permissions?.web3?.allow_swap === false) {
                                 result = `[Security Blocked] Runtime Permission Denied: Limit orders require swap permissions. Update config.yaml to allow.`;
@@ -434,15 +439,15 @@ async function processUserInput(input, role = 'user', onProgress, sessionId) {
                         }
                     }
                     if (result.includes('[Security Blocked]') || result.startsWith('Error:')) {
-                        console.log(picocolors_1.default.red(`[❌ Gagal] Tool ${toolName} mengembalikan error atau diblokir.`));
+                        console.log(picocolors_1.default.red(`[❌ Failed] Tool ${toolName} returned an error or was blocked.`));
                     }
                     else {
-                        console.log(picocolors_1.default.green(`[✅ Sukses] Tool ${toolName} berhasil dieksekusi.`));
+                        console.log(picocolors_1.default.green(`[✅ Success] Tool ${toolName} executed successfully.`));
                     }
                 }
                 catch (toolError) {
                     result = `Error executing ${toolName}: ${toolError.message}`;
-                    console.log(picocolors_1.default.red(`[❌ Error Crash] Eksekusi ${toolName} gagal total: ${toolError.message}`));
+                    console.error(picocolors_1.default.red(`[❌ Error Crash] Execution of ${toolName} failed completely: ${toolError.message}`));
                 }
                 exports.logger.addEntry({
                     role: 'tool',

package/dist/packages/core/src/gateway/cli.js

@@ -1,5 +1,38 @@
 #!/usr/bin/env node
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -8,9 +41,11 @@ const safeLogger_1 = require("../utils/safeLogger");
 (0, safeLogger_1.initSafeLogger)();
 const fs_1 = __importDefault(require("fs"));
 const path_1 = __importDefault(require("path"));
+const os_1 = __importDefault(require("os"));
 const paths_1 = require("../config/paths");
 const server_1 = require("./server");
 const setup_1 = require("./setup");
+const prompts_1 = require("@clack/prompts");
 const state_1 = require("../utils/state");
 const picocolors_1 = __importDefault(require("picocolors"));
 const parser_1 = require("../config/parser");
@@ -27,6 +62,12 @@ async function main() {
         await (0, setup_1.runSetupWizard)();
         process.exit(0);
     }
+    // Check for doctor command
+    if (process.argv.includes('doctor')) {
+        const { runDoctor } = await Promise.resolve().then(() => __importStar(require('./doctor')));
+        await runDoctor();
+        process.exit(0);
+    }
     // Check for memory clear command
     if (process.argv.includes('clear')) {
         if (process.argv.includes('--force') || process.argv.includes('-y')) {
@@ -68,6 +109,40 @@ async function main() {
         console.log(picocolors_1.default.green(`✅ API Key for ${provider} saved securely to vault.`));
         process.exit(0);
     }
+    // Check for wallet command
+    if (process.argv.includes('wallet')) {
+        if (process.argv.includes('update')) {
+            console.log(picocolors_1.default.cyan('\n🔄 Wallet Update Wizard'));
+            const proceed = await (0, prompts_1.confirm)({
+                message: picocolors_1.default.bgRed(picocolors_1.default.white(' ⚠️ WARNING ')) + picocolors_1.default.yellow(' This will immediately OVERWRITE your existing wallet in the OS Vault.\nIf you have not backed up your current Private Key, you will lose access to its funds forever.\n\nAre you absolutely sure you want to proceed?'),
+            });
+            if ((0, prompts_1.isCancel)(proceed) || !proceed)
+                process.exit(0);
+            const pk = await (0, prompts_1.password)({
+                message: 'Enter your new Private Key (0x...):',
+            });
+            if ((0, prompts_1.isCancel)(pk))
+                process.exit(0);
+            try {
+                const { Entry } = await Promise.resolve().then(() => __importStar(require('@napi-rs/keyring')));
+                const entry = new Entry('nyxora', 'wallet');
+                await entry.setPassword(pk);
+                console.log(picocolors_1.default.green('✅ Wallet updated securely in OS Native Vault.'));
+                console.log(picocolors_1.default.yellow('⚠️ Please restart your Nyxora agent for the new wallet to take effect.\n'));
+            }
+            catch (e) {
+                const vaultPath = path_1.default.join(os_1.default.homedir(), '.nyxora', 'vault.key');
+                fs_1.default.writeFileSync(vaultPath, `PRIVATE_KEY=${pk}\n`, { mode: 0o600 });
+                console.log(picocolors_1.default.green('✅ Wallet updated securely in fallback vault.key.'));
+                console.log(picocolors_1.default.yellow('⚠️ Please restart your Nyxora agent for the new wallet to take effect.\n'));
+            }
+            process.exit(0);
+        }
+        else {
+            console.error(picocolors_1.default.red('Usage: nyxora wallet update'));
+            process.exit(1);
+        }
+    }
     // 2. Setup boilerplate files if in global mode and they don't exist
     let isFirstBoot = false;
     if (isGlobalMode) {

package/dist/packages/core/src/gateway/doctor.js

@@ -0,0 +1,131 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runDoctor = runDoctor;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const net_1 = __importDefault(require("net"));
+const picocolors_1 = __importDefault(require("picocolors"));
+const paths_1 = require("../config/paths");
+const parser_1 = require("../config/parser");
+async function runDoctor() {
+    console.log(picocolors_1.default.cyan('\n🔍 Nyxora System Doctor\n'));
+    let allGood = true;
+    const printStatus = (name, status, errorMsg) => {
+        if (status) {
+            console.log(`${picocolors_1.default.green('✓')} ${name}`);
+        }
+        else {
+            console.log(`${picocolors_1.default.red('✗')} ${name}`);
+            if (errorMsg)
+                console.log(`  ${picocolors_1.default.gray(errorMsg)}`);
+            allGood = false;
+        }
+    };
+    // 1. Check Node Version
+    const nodeVer = process.versions.node;
+    const majorVer = parseInt(nodeVer.split('.')[0], 10);
+    printStatus(`Node.js Version (${nodeVer})`, majorVer >= 22, `Please upgrade to Node.js v22 or higher.`);
+    // 2. Check App Directory & Config
+    const appDir = (0, paths_1.getAppDir)();
+    const configPath = path_1.default.join(appDir, 'config.yaml');
+    let configOk = false;
+    let configErr = '';
+    if (fs_1.default.existsSync(configPath)) {
+        try {
+            (0, parser_1.loadConfig)();
+            configOk = true;
+        }
+        catch (e) {
+            configErr = `Invalid YAML syntax: ${e.message}`;
+        }
+    }
+    else {
+        configErr = `config.yaml not found at ${configPath}`;
+    }
+    printStatus(`Configuration File`, configOk, configErr);
+    // 3. Check SQLite DB access
+    const dbPath = path_1.default.join(appDir, 'memory.db');
+    let dbOk = false;
+    let dbErr = '';
+    try {
+        if (fs_1.default.existsSync(dbPath)) {
+            fs_1.default.accessSync(dbPath, fs_1.default.constants.R_OK | fs_1.default.constants.W_OK);
+            dbOk = true;
+        }
+        else {
+            dbOk = true; // Not created yet, which is fine
+        }
+    }
+    catch (e) {
+        dbErr = `Cannot read/write memory.db: ${e.message}`;
+    }
+    printStatus(`SQLite Database Permissions`, dbOk, dbErr);
+    // 4. Check OS Keyring
+    let keyringOk = false;
+    let keyringErr = '';
+    try {
+        const { getPassword } = require('@napi-rs/keyring');
+        // Just try to access it. If it throws native error, keyring is inaccessible
+        try {
+            getPassword('nyxora', 'test_ping_doctor');
+        }
+        catch (e) {
+            // It's normal to throw "The specified item could not be found in the keychain"
+            // But if it crashes or throws permission error, it's bad.
+        }
+        keyringOk = true;
+    }
+    catch (e) {
+        keyringErr = `OS Vault inaccessible: ${e.message}. Ensure libsecret is installed on Linux.`;
+    }
+    printStatus(`OS Native Vault (Keyring)`, keyringOk, keyringErr);
+    // 5. Check Ports
+    const checkPort = (port) => {
+        return new Promise((resolve) => {
+            const server = net_1.default.createServer();
+            server.unref();
+            server.on('error', () => resolve(false)); // Port in use
+            server.listen(port, () => {
+                server.close(() => resolve(true)); // Port free
+            });
+        });
+    };
+    const port3000Free = await checkPort(3000);
+    const port3001Free = await checkPort(3001);
+    let isDaemonRunning = false;
+    const pidPath = path_1.default.join(appDir, 'daemon.pid');
+    if (fs_1.default.existsSync(pidPath)) {
+        try {
+            const pidStr = fs_1.default.readFileSync(pidPath, 'utf8').trim();
+            process.kill(parseInt(pidStr, 10), 0);
+            isDaemonRunning = true;
+        }
+        catch (e) { }
+    }
+    if (isDaemonRunning && !port3000Free) {
+        console.log(`${picocolors_1.default.green('✓')} Port 3000 (Dashboard) ${picocolors_1.default.cyan('[In Use by Nyxora]')}`);
+    }
+    else {
+        printStatus(`Port 3000 (Dashboard)`, port3000Free, `Port is already in use by another application.`);
+    }
+    if (isDaemonRunning && !port3001Free) {
+        console.log(`${picocolors_1.default.green('✓')} Port 3001 (Gateway API) ${picocolors_1.default.cyan('[In Use by Nyxora]')}`);
+    }
+    else {
+        printStatus(`Port 3001 (Gateway API)`, port3001Free, `Port is already in use by another application.`);
+    }
+    console.log('\n================================');
+    if (allGood) {
+        console.log(picocolors_1.default.green('🚀 All systems are completely healthy! Nyxora is ready to fly.'));
+    }
+    else {
+        console.log(picocolors_1.default.yellow('⚠️ Some checks failed. Please fix the issues above for optimal performance.'));
+    }
+    console.log('================================\n');
+}
+if (require.main === module) {
+    runDoctor();
+}

package/dist/packages/core/src/gateway/googleAuthModule.js

@@ -37,7 +37,7 @@ async function initGoogleAuth() {
         // Check if we already have a refresh token saved
         const refreshToken = await getRefreshToken();
         if (refreshToken) {
-            console.log('[Google Auth] Refresh token found in secure storage.');
+            // console.log('[Google Auth] Refresh token found in secure storage.'); // Suppressed to avoid CLI prompt disruption
             return true;
         }
         return false;

package/dist/packages/core/src/gateway/server.js

@@ -9,9 +9,13 @@ const cors_1 = __importDefault(require("cors"));
 const path_1 = __importDefault(require("path"));
 const helmet_1 = __importDefault(require("helmet"));
 const express_rate_limit_1 = __importDefault(require("express-rate-limit"));
+const paths_1 = require("../config/paths");
 const state_1 = require("../utils/state");
+const fs_1 = __importDefault(require("fs"));
 const reasoning_1 = require("../agent/reasoning");
 const parser_1 = require("../config/parser");
+const config_1 = require("../web3/config");
+const tokens_1 = require("../web3/utils/tokens");
 const tracker_1 = require("./tracker");
 const transactionManager_1 = require("../agent/transactionManager");
 const limitOrderManager_1 = require("../agent/limitOrderManager");
@@ -21,6 +25,7 @@ const swapToken_1 = require("../web3/skills/swapToken");
 const getBalance_1 = require("../web3/skills/getBalance");
 const checkAddress_1 = require("../web3/skills/checkAddress");
 const getMyAddress_1 = require("../web3/skills/getMyAddress");
+const manageCustomTokens_1 = require("../web3/skills/manageCustomTokens");
 const getPrice_1 = require("../web3/skills/getPrice");
 const checkSecurity_1 = require("../web3/skills/checkSecurity");
 const checkPortfolio_1 = require("../web3/skills/checkPortfolio");
@@ -59,7 +64,17 @@ console.error = function (...args) {
     originalError.apply(console, args);
 };
 const app = (0, express_1.default)();
-app.use((0, helmet_1.default)());
+app.use((0, helmet_1.default)({
+    contentSecurityPolicy: {
+        directives: {
+            defaultSrc: ["'self'"],
+            imgSrc: ["'self'", 'data:', 'https://raw.githubusercontent.com', 'https://logos.covalenthq.com'],
+            scriptSrc: ["'self'", "'unsafe-inline'"],
+            styleSrc: ["'self'", "'unsafe-inline'"],
+            connectSrc: ["'self'", 'https://*']
+        }
+    }
+}));
 app.use((0, cors_1.default)({
     origin: function (origin, callback) {
         if (!origin || /^(http:\/\/(localhost|127\.0\.0\.1):\d+)$/.test(origin)) {
@@ -208,6 +223,7 @@ app.get('/api/skills', (req, res) => {
         checkPortfolio_1.checkPortfolioToolDefinition,
         marketAnalysis_1.marketAnalysisToolDefinition,
         createWallet_1.createWalletToolDefinition,
+        manageCustomTokens_1.manageCustomTokensDefinition,
         limitOrderManager_2.createLimitOrderToolDefinition,
         limitOrderManager_2.listLimitOrdersToolDefinition,
         limitOrderManager_2.cancelLimitOrderToolDefinition
@@ -361,6 +377,8 @@ app.post('/api/transactions/:id/reject', async (req, res) => {
 });
 let cachedTrending = null;
 let lastTrendingFetch = 0;
+let cachedPrices = {};
+let lastPricesFetch = 0;
 app.get('/api/trending', async (req, res) => {
     const now = Date.now();
     if (cachedTrending && now - lastTrendingFetch < 5 * 60 * 1000) {
@@ -388,6 +406,158 @@ app.get('/api/trending', async (req, res) => {
         res.status(500).json({ error: err.message });
     }
 });
+app.get('/api/portfolio', async (req, res) => {
+    try {
+        const userAddress = await (0, config_1.getAddress)();
+        const customTokensPath = path_1.default.join((0, paths_1.getPath)('custom_tokens.json'));
+        let customTokens = {};
+        if (fs_1.default.existsSync(customTokensPath)) {
+            try {
+                customTokens = JSON.parse(fs_1.default.readFileSync(customTokensPath, 'utf8'));
+            }
+            catch (e) { }
+        }
+        const portfolio = {};
+        await Promise.all(config_1.SUPPORTED_CHAIN_NAMES.map(async (chainName) => {
+            portfolio[chainName] = [];
+            try {
+                const publicClient = (0, config_1.getPublicClient)(chainName);
+                // 1. Get Native Balance
+                const nativeBal = await publicClient.getBalance({ address: userAddress });
+                if (nativeBal > 0n) {
+                    portfolio[chainName].push({
+                        symbol: chainName === 'bsc' ? 'BNB' : chainName === 'polygon' ? 'POL' : 'ETH',
+                        address: 'native',
+                        balanceRaw: nativeBal.toString(),
+                        decimals: 18,
+                        isNative: true
+                    });
+                }
+                // 2. Combine TOKEN_MAP and customTokens for this chain
+                const tokensToQuery = { ...(tokens_1.TOKEN_MAP[chainName] || {}) };
+                if (customTokens[chainName]) {
+                    Object.assign(tokensToQuery, customTokens[chainName]);
+                }
+                // 3. Query all ERC-20 balances in parallel
+                await Promise.all(Object.entries(tokensToQuery).map(async ([symbol, address]) => {
+                    if (address === '0x0000000000000000000000000000000000000000')
+                        return; // Skip native placeholder
+                    try {
+                        const balPromise = publicClient.readContract({
+                            address: address,
+                            abi: tokens_1.ERC20_ABI,
+                            functionName: 'balanceOf',
+                            args: [userAddress]
+                        });
+                        const decPromise = publicClient.readContract({
+                            address: address,
+                            abi: tokens_1.ERC20_ABI,
+                            functionName: 'decimals'
+                        });
+                        const [bal, decimals] = await Promise.all([balPromise, decPromise]);
+                        if (bal > 0n) {
+                            portfolio[chainName].push({
+                                symbol,
+                                address,
+                                balanceRaw: bal.toString(),
+                                decimals: decimals, // Now using actual on-chain decimals
+                                isNative: false
+                            });
+                        }
+                    }
+                    catch (e) {
+                        // Ignore read errors
+                    }
+                }));
+            }
+            catch (e) {
+                console.error(`Portfolio error on ${chainName}:`, e);
+            }
+        }));
+        // --- DexScreener Price Fetching ---
+        const addressesToFetch = new Set();
+        const wrapMap = {
+            ethereum: 'WETH', arbitrum: 'WETH', base: 'WETH', optimism: 'WETH', sepolia: 'WETH', base_sepolia: 'WETH',
+            bsc: 'WBNB', polygon: 'WMATIC'
+        };
+        for (const chain of Object.keys(portfolio)) {
+            for (const t of portfolio[chain]) {
+                if (t.isNative) {
+                    const wToken = wrapMap[chain] || 'WETH';
+                    const wAddr = (tokens_1.TOKEN_MAP[chain]?.[wToken]) || '';
+                    if (wAddr)
+                        addressesToFetch.add(wAddr.toLowerCase());
+                }
+                else {
+                    addressesToFetch.add(t.address.toLowerCase());
+                }
+            }
+        }
+        const uniqueAddrs = Array.from(addressesToFetch);
+        const now = Date.now();
+        let priceMap = cachedPrices;
+        if (uniqueAddrs.length > 0 && now - lastPricesFetch > 2 * 60 * 1000) {
+            try {
+                const newPrices = {};
+                await Promise.all(uniqueAddrs.map(async (addr) => {
+                    try {
+                        const res = await fetch(`https://api.dexscreener.com/latest/dex/tokens/${addr}`);
+                        if (res.ok) {
+                            const data = await res.json();
+                            if (data.pairs && data.pairs.length > 0) {
+                                // Find the pair with highest liquidity
+                                let bestPair = data.pairs[0];
+                                let maxLiq = 0;
+                                for (const p of data.pairs) {
+                                    const liq = p.liquidity?.usd || 0;
+                                    if (liq > maxLiq) {
+                                        maxLiq = liq;
+                                        bestPair = p;
+                                    }
+                                }
+                                // Calculate price from bestPair
+                                if (bestPair.priceUsd) {
+                                    const baseAddr = bestPair.baseToken.address.toLowerCase();
+                                    const quoteAddr = bestPair.quoteToken?.address?.toLowerCase();
+                                    if (baseAddr === addr) {
+                                        newPrices[addr] = parseFloat(bestPair.priceUsd);
+                                    }
+                                    else if (quoteAddr === addr && bestPair.priceNative && parseFloat(bestPair.priceNative) > 0) {
+                                        newPrices[addr] = parseFloat(bestPair.priceUsd) / parseFloat(bestPair.priceNative);
+                                    }
+                                }
+                            }
+                        }
+                    }
+                    catch (e) {
+                        console.error(`DexScreener error for ${addr}:`, e);
+                    }
+                }));
+                console.log('DexScreener Fetched Prices:', newPrices);
+                cachedPrices = { ...cachedPrices, ...newPrices };
+                priceMap = cachedPrices;
+                lastPricesFetch = now;
+            }
+            catch (e) {
+                console.error('DexScreener fetch error:', e);
+            }
+        }
+        for (const chain of Object.keys(portfolio)) {
+            for (const t of portfolio[chain]) {
+                let lookupAddr = t.address.toLowerCase();
+                if (t.isNative) {
+                    const wToken = wrapMap[chain] || 'WETH';
+                    lookupAddr = ((tokens_1.TOKEN_MAP[chain]?.[wToken]) || '').toLowerCase();
+                }
+                t.priceUsd = priceMap[lookupAddr] || 0;
+            }
+        }
+        res.json(portfolio);
+    }
+    catch (err) {
+        res.status(500).json({ error: err.message });
+    }
+});
 app.post('/api/chat', async (req, res) => {
     try {
         const { message, session_id } = req.body;

package/dist/packages/core/src/gateway/setup.js

@@ -304,9 +304,14 @@ Provider: ${config.llm.provider}`;
             return process.exit(0);
     }
     else if (walletSetupType === 'generate') {
-        privateKey = (0, accounts_1.generatePrivateKey)();
-        const account = (0, accounts_1.privateKeyToAccount)(privateKey);
-        (0, prompts_1.note)(`New Wallet Generated!\n\nAddress: ${account.address}\nPrivate Key: ${privateKey}\n\nIMPORTANT: Backup this Private Key NOW! It is securely injected into your local vault, but you will need it to import your wallet elsewhere.`, 'Wallet Created');
+        const seedPhrase = (0, accounts_1.generateMnemonic)(accounts_1.english);
+        const account = (0, accounts_1.mnemonicToAccount)(seedPhrase);
+        privateKey = '0x' + Buffer.from(account.getHdKey().privateKey).toString('hex');
+        prompts_1.log.success('New Wallet Generated!');
+        prompts_1.log.info(`Address: ${account.address}`);
+        prompts_1.log.info(`Private Key: ${privateKey}`);
+        prompts_1.log.info(`Seed Phrase (Mnemonic): ${seedPhrase}`);
+        prompts_1.log.warn('IMPORTANT: Write down these 12 words (or the Private Key) NOW! This is your ONLY backup. The credentials have been securely injected into your local OS vault.');
     }
     // --- SAVING ---
     // Update Config.yaml