spendos 0.1.0

package/src/venice-x402.ts

@@ -0,0 +1,234 @@
+import { randomBytes } from 'node:crypto';
+import { privateKeyToAccount } from 'viem/accounts';
+
+// ── Config ─────────────────────────────────────────────
+
+const VENICE_API = 'https://api.venice.ai/api/v1';
+const SIWE_DOMAIN = 'outerface.venice.ai';
+const BASE_CHAIN_ID = 8453;
+const VENICE_PAY_TO = '0x2670B922ef37C7Df47158725C0CC407b5382293F';
+const USDC_BASE = '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913';
+
+let walletKey: `0x${string}` | null = null;
+let walletAddress: string | null = null;
+
+export function initVeniceWallet(privateKey: string, address: string): void {
+  walletKey = privateKey as `0x${string}`;
+  walletAddress = address;
+  console.log(`[Venice x402] Wallet configured: ${address}`);
+}
+
+// ── SIWE Header ────────────────────────────────────────
+
+export async function buildSiweHeader(uri: string): Promise<string> {
+  if (!walletKey) throw new Error('Venice wallet not configured');
+
+  const account = privateKeyToAccount(walletKey);
+  const now = new Date();
+  const expiry = new Date(now.getTime() + 10 * 60 * 1000);
+  const nonce = randomBytes(16).toString('hex');
+
+  const message = [
+    `${SIWE_DOMAIN} wants you to sign in with your Ethereum account:`,
+    account.address,
+    '',
+    'Sign in to Venice AI',
+    '',
+    `URI: ${uri}`,
+    `Version: 1`,
+    `Chain ID: ${BASE_CHAIN_ID}`,
+    `Nonce: ${nonce}`,
+    `Issued At: ${now.toISOString()}`,
+    `Expiration Time: ${expiry.toISOString()}`,
+  ].join('\n');
+
+  const signature = await account.signMessage({ message });
+
+  return Buffer.from(JSON.stringify({
+    address: account.address.toLowerCase(),
+    message,
+    signature,
+    chainId: BASE_CHAIN_ID,
+    timestamp: now.getTime(),
+  }), 'utf-8').toString('base64');
+}
+
+// ── Balance Check ──────────────────────────────────────
+
+export interface VeniceBalance {
+  canConsume: boolean;
+  balanceUsd: number;
+  diemBalanceUsd: number;
+}
+
+export async function checkBalance(): Promise<VeniceBalance> {
+  if (!walletAddress) throw new Error('Venice wallet not configured');
+
+  const uri = `https://${SIWE_DOMAIN}/api/v1/x402/balance/${walletAddress}`;
+  const header = await buildSiweHeader(uri);
+
+  const res = await fetch(`${VENICE_API}/x402/balance/${walletAddress}`, {
+    headers: { 'X-Sign-In-With-X': header },
+  });
+
+  if (!res.ok) {
+    const text = await res.text();
+    throw new Error(`Venice balance check failed: ${res.status} ${text}`);
+  }
+
+  const data = await res.json() as any;
+  return {
+    canConsume: data.canConsume ?? false,
+    balanceUsd: parseFloat(data.balanceUsd ?? '0'),
+    diemBalanceUsd: parseFloat(data.diemBalanceUsd ?? '0'),
+  };
+}
+
+// ── Top-up via x402 ────────────────────────────────────
+
+export async function topUp(amountUsd: number = 5): Promise<{ credited: number; newBalance: number } | null> {
+  if (!walletKey) throw new Error('Venice wallet not configured');
+
+  try {
+    const account = privateKeyToAccount(walletKey);
+    const amountBaseUnits = BigInt(Math.round(amountUsd * 1e6));
+    const now = Math.floor(Date.now() / 1000);
+    const validAfter = BigInt(now - 60);
+    const validBefore = BigInt(now + 900);
+    const nonce = `0x${Array.from(crypto.getRandomValues(new Uint8Array(32))).map(b => b.toString(16).padStart(2, '0')).join('')}`;
+
+    // EIP-3009 transferWithAuthorization signature
+    const signature = await account.signTypedData({
+      domain: { name: 'USD Coin', version: '2', chainId: BASE_CHAIN_ID, verifyingContract: USDC_BASE as `0x${string}` },
+      types: {
+        TransferWithAuthorization: [
+          { name: 'from', type: 'address' }, { name: 'to', type: 'address' },
+          { name: 'value', type: 'uint256' }, { name: 'validAfter', type: 'uint256' },
+          { name: 'validBefore', type: 'uint256' }, { name: 'nonce', type: 'bytes32' },
+        ],
+      },
+      primaryType: 'TransferWithAuthorization',
+      message: {
+        from: account.address, to: VENICE_PAY_TO as `0x${string}`,
+        value: amountBaseUnits, validAfter, validBefore, nonce: nonce as `0x${string}`,
+      },
+    });
+
+    // Build x402 payment header with 'accepted' field (Venice requires this)
+    const header = Buffer.from(JSON.stringify({
+      x402Version: 2,
+      scheme: 'exact',
+      network: `eip155:${BASE_CHAIN_ID}`,
+      accepted: {
+        scheme: 'exact',
+        network: `eip155:${BASE_CHAIN_ID}`,
+        payTo: VENICE_PAY_TO,
+        amount: amountBaseUnits.toString(),
+        asset: USDC_BASE,
+        extra: { name: 'USD Coin', version: '2' },
+        resource: `${VENICE_API}/x402/top-up`,
+        description: 'Venice x402 top-up',
+        mimeType: 'application/json',
+        maxTimeoutSeconds: 300,
+      },
+      payload: {
+        signature,
+        authorization: {
+          from: account.address, to: VENICE_PAY_TO,
+          value: amountBaseUnits.toString(),
+          validAfter: validAfter.toString(),
+          validBefore: validBefore.toString(),
+          nonce,
+        },
+      },
+    })).toString('base64');
+
+    const res = await fetch(`${VENICE_API}/x402/top-up`, {
+      method: 'POST',
+      headers: { 'X-402-Payment': header },
+    });
+
+    if (!res.ok) {
+      const text = await res.text();
+      throw new Error(`Top-up failed: ${res.status} ${text}`);
+    }
+
+    const data = await res.json() as any;
+    const credited = data.data?.amountCredited ?? amountUsd;
+    const newBal = data.data?.newBalance ?? 0;
+    console.log(`[Venice x402] Topped up $${credited} — new balance: $${newBal}`);
+    return { credited, newBalance: newBal };
+  } catch (err) {
+    console.error(`[Venice x402] Top-up failed: ${err}`);
+    return null;
+  }
+}
+
+// ── Inference via wallet auth ──────────────────────────
+
+export async function walletInference(
+  model: string,
+  systemPrompt: string,
+  userContent: string,
+  maxTokens: number = 200,
+): Promise<string> {
+  const uri = `https://${SIWE_DOMAIN}/api/v1/chat/completions`;
+  const header = await buildSiweHeader(uri);
+
+  const res = await fetch(`${VENICE_API}/chat/completions`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'X-Sign-In-With-X': header,
+    },
+    body: JSON.stringify({
+      model,
+      messages: [
+        { role: 'system', content: systemPrompt },
+        { role: 'user', content: userContent },
+      ],
+      max_tokens: maxTokens,
+    }),
+  });
+
+  if (res.status === 402) {
+    // Insufficient balance — try auto top-up
+    console.log('[Venice x402] Balance insufficient, attempting auto top-up...');
+    const result = await topUp(5);
+    if (!result) throw new Error('Auto top-up failed and Venice balance is insufficient');
+
+    // Retry inference after top-up
+    const retryHeader = await buildSiweHeader(uri);
+    const retryRes = await fetch(`${VENICE_API}/chat/completions`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Sign-In-With-X': retryHeader,
+      },
+      body: JSON.stringify({
+        model,
+        messages: [
+          { role: 'system', content: systemPrompt },
+          { role: 'user', content: userContent },
+        ],
+        max_tokens: maxTokens,
+      }),
+    });
+
+    if (!retryRes.ok) {
+      const text = await retryRes.text();
+      throw new Error(`Venice inference failed after top-up: ${retryRes.status} ${text}`);
+    }
+
+    const retryData = await retryRes.json() as any;
+    return retryData.choices?.[0]?.message?.content ?? 'No summary generated.';
+  }
+
+  if (!res.ok) {
+    const text = await res.text();
+    throw new Error(`Venice inference failed: ${res.status} ${text}`);
+  }
+
+  const data = await res.json() as any;
+  return data.choices?.[0]?.message?.content ?? 'No summary generated.';
+}

package/src/xmtp.ts

@@ -0,0 +1,109 @@
+import type { DelegationRequest } from './governance.js';
+
+// ── State ──────────────────────────────────────────────
+
+let xmtpReady = false;
+let notifyAddress: string | null = null;
+let xmtpClient: any = null;
+let ownerAddress: string | null = null;
+
+// ── Init ───────────────────────────────────────────────
+
+export async function initXmtp(): Promise<string | null> {
+  try {
+    const { Client } = await import('@xmtp/node-sdk');
+    const { createWallet, getWallet, exportWallet } = await import('@open-wallet-standard/core');
+    const { mnemonicToAccount } = await import('viem/accounts');
+    const { toBytes } = await import('viem');
+    const { getRandomValues } = await import('node:crypto');
+
+    // Use a separate notify wallet — treasury keys never touch XMTP
+    const NOTIFY_WALLET = 'spendos-notify';
+    const OWS_VAULT = process.env.OWS_VAULT_PATH;
+    try { getWallet(NOTIFY_WALLET, OWS_VAULT); } catch { createWallet(NOTIFY_WALLET, undefined, undefined, OWS_VAULT); }
+
+    const mnemonic = exportWallet(NOTIFY_WALLET, undefined, OWS_VAULT);
+    const account = mnemonicToAccount(mnemonic);
+    notifyAddress = account.address;
+
+    // Get owner (treasury) address to send notifications TO
+    try {
+      const treasuryMnemonic = exportWallet('spendos-treasury', process.env.OWS_PASSPHRASE, OWS_VAULT);
+      const treasuryAccount = mnemonicToAccount(treasuryMnemonic);
+      ownerAddress = treasuryAccount.address;
+    } catch {
+      ownerAddress = null;
+    }
+
+    const signer = {
+      type: 'EOA' as const,
+      getIdentifier: () => ({ identifier: account.address, identifierKind: 0 }),
+      signMessage: async (message: string) => {
+        const sig = await account.signMessage({ message });
+        return toBytes(sig);
+      },
+    };
+
+    const dbEncryptionKey = getRandomValues(new Uint8Array(32));
+    xmtpClient = await Client.create(signer, { dbEncryptionKey });
+    xmtpReady = true;
+    console.log(`[XMTP] Client ready: ${notifyAddress} → notifications to ${ownerAddress ?? 'none'}`);
+    return notifyAddress;
+  } catch (err: any) {
+    console.log(`[XMTP] Init failed: ${err.message ?? err}`);
+    if (err.cause) console.log(`[XMTP] Cause: ${err.cause}`);
+    return null;
+  }
+}
+
+// ── Send XMTP Message ─────────────────────────────────
+
+async function sendXmtpMessage(text: string): Promise<boolean> {
+  if (!xmtpReady || !xmtpClient || !ownerAddress) return false;
+
+  try {
+    // Create or get conversation with the owner wallet
+    const conversation = await xmtpClient.conversations.newDm(ownerAddress);
+    await conversation.send(text);
+    console.log(`[XMTP] Sent to ${ownerAddress}: ${text.slice(0, 80)}`);
+    return true;
+  } catch (err: any) {
+    console.log(`[XMTP] Send failed: ${err.message ?? err}`);
+    return false;
+  }
+}
+
+// ── Notifications ─────────────────────────────────────
+
+export async function notifyDelegationRequest(d: DelegationRequest): Promise<boolean> {
+  const text = [
+    `🔔 SpendOS Delegation Request`,
+    ``,
+    `Agent: ${d.agentAddress}`,
+    `Reason: ${d.reason}`,
+    `Chains: ${d.chains.join(', ')}`,
+    `Budget: $${d.totalBudget}`,
+    `Risk: ${d.aiInterpretation?.riskLevel?.toUpperCase() ?? 'unknown'}`,
+    ``,
+    `Approve at https://spendos.xyz`,
+  ].join('\n');
+
+  const sent = await sendXmtpMessage(text);
+  if (!sent) console.log(`[XMTP/log] ${text.replace(/\n/g, ' | ')}`);
+  return sent;
+}
+
+export async function notifyDelegationDecision(
+  d: DelegationRequest,
+  action: 'approved' | 'rejected' | 'revoked' | 'expired',
+): Promise<boolean> {
+  const emoji = { approved: '✅', rejected: '❌', revoked: '🔄', expired: '⏰' }[action];
+  const text = `${emoji} Delegation ${action.toUpperCase()}: ${d.reason}`;
+  const sent = await sendXmtpMessage(text);
+  if (!sent) console.log(`[XMTP/log] ${text}`);
+  return sent;
+}
+
+export function getXmtpAddress(): string | null {
+  return notifyAddress;
+}

package/src/zerion.ts

@@ -0,0 +1,58 @@
+import type { WalletPortfolio } from './governance.js';
+
+const ZERION_API_KEY = process.env.ZERION_API_KEY ?? '';
+const ZERION_BASE = 'https://api.zerion.io/v1';
+
+export async function getWalletPortfolio(address: string): Promise<WalletPortfolio | null> {
+  if (!address) return null;
+
+  // Zerion API uses HTTP Basic Auth with API key as username
+  const authHeader = ZERION_API_KEY
+    ? `Basic ${Buffer.from(`${ZERION_API_KEY}:`).toString('base64')}`
+    : '';
+
+  try {
+    const res = await fetch(`${ZERION_BASE}/wallets/${address}/portfolio?currency=usd`, {
+      headers: authHeader ? {
+        'Authorization': authHeader,
+        'Accept': 'application/json',
+      } : { 'Accept': 'application/json' },
+      signal: AbortSignal.timeout(5000),
+    });
+
+    if (!res.ok) {
+      console.log(`[Zerion] Portfolio fetch failed: ${res.status}`);
+      return null;
+    }
+
+    const data = await res.json() as any;
+    const totalValue = data.data?.attributes?.total?.positions ?? 0;
+
+    // Get token positions
+    const tokensRes = await fetch(`${ZERION_BASE}/wallets/${address}/positions?filter[chain_ids]=base&currency=usd`, {
+      headers: authHeader ? {
+        'Authorization': authHeader,
+        'Accept': 'application/json',
+      } : { 'Accept': 'application/json' },
+      signal: AbortSignal.timeout(5000),
+    });
+
+    const tokens: WalletPortfolio['tokens'] = [];
+    if (tokensRes.ok) {
+      const tokensData = await tokensRes.json() as any;
+      for (const pos of (tokensData.data ?? []).slice(0, 10)) {
+        const attrs = pos.attributes;
+        tokens.push({
+          symbol: attrs?.fungible_info?.symbol ?? '???',
+          balance: String(attrs?.quantity?.float ?? '0'),
+          valueUsd: attrs?.value ?? 0,
+        });
+      }
+    }
+
+    return { totalValueUsd: totalValue, tokens };
+  } catch (err) {
+    console.log(`[Zerion] Error: ${err}`);
+    return null;
+  }
+}

package/start.sh

@@ -0,0 +1,168 @@
+#!/bin/sh
+set -e
+
+# Railway sets PORT (usually 8080). Export before anything starts.
+export PORT=${PORT:-8080}
+export SPENDOS_INTERNAL_URL="http://localhost:${PORT}"
+
+echo "[SpendOS] Starting on port $PORT..."
+
+# Symlink memory + jobs to persistent volume so they survive redeploys
+mkdir -p /data/memory
+ln -sfn /data/memory /app/memory
+
+# Persist agent-created jobs on volume
+mkdir -p /data/jobs
+# Copy seed jobs to volume (don't overwrite agent-created ones)
+cp -n /app/jobs/*.json /data/jobs/ 2>/dev/null || true
+# Symlink so runtime reads/writes to the volume
+rm -rf /app/jobs
+ln -sfn /data/jobs /app/jobs
+
+# 1. Start SpendOS Express server
+npx tsx src/server.ts &
+SPENDOS_PID=$!
+sleep 3
+
+echo "[SpendOS] Express server started on :${PORT:-3030} (PID $SPENDOS_PID)"
+
+# 2. Configure OpenClaw (only on first boot — check for marker file)
+FIRST_BOOT_MARKER="$OPENCLAW_STATE_DIR/.spendos-configured"
+if [ ! -f "$FIRST_BOOT_MARKER" ]; then
+  echo "[SpendOS] First boot — configuring OpenClaw..."
+
+# Set Venice model via SpendOS proxy
+openclaw config set agents.defaults.model.primary "spendos/kimi-k2-5" 2>/dev/null || true
+openclaw config set models.providers.spendos '{"baseUrl":"http://localhost:3030/v1","apiKey":"spendos","api":"openai-completions","models":[{"id":"kimi-k2-5","name":"kimi-k2-5","contextWindow":256000}]}' 2>/dev/null || true
+openclaw config set agents.defaults.models '{"spendos/kimi-k2-5":{"alias":"Venice via SpendOS"}}' 2>/dev/null || true
+openclaw config set gateway.mode local 2>/dev/null || true
+openclaw config set gateway.http.endpoints.chatCompletions.enabled true 2>/dev/null || true
+
+# Set SpendOS MCP server (pre-compiled JS — no tsx needed)
+openclaw mcp set spendos "{\"command\":\"node\",\"args\":[\"/app/dist/mcp-server.mjs\"],\"env\":{\"SPENDOS_URL\":\"http://localhost:${PORT:-3030}\"}}" 2>/dev/null || true
+
+# Set MoonPay MCP (safe tools only)
+openclaw mcp set moonpay '{"command":"npx","args":["@moonpay/cli","mcp"]}' 2>/dev/null || true
+
+# Set Zerion MCP
+openclaw mcp set zerion '{"url":"https://developers.zerion.io/mcp","transport":"streamable-http"}' 2>/dev/null || true
+
+# Install SpendOS skill + plugin into OpenClaw
+# Install skill
+mkdir -p $OPENCLAW_STATE_DIR/skills/spendos
+cp /app/skills/spendos/skill.md $OPENCLAW_STATE_DIR/skills/spendos/ 2>/dev/null || true
+
+# Install plugin
+mkdir -p $OPENCLAW_STATE_DIR/plugins
+cp -r /app/plugins/spendos-events $OPENCLAW_STATE_DIR/plugins/ 2>/dev/null || true
+cd $OPENCLAW_STATE_DIR/plugins/spendos-events && npm install --production 2>/dev/null || true
+cd /app
+
+# Register plugin with OpenClaw
+openclaw config set plugins.spendos-events "{\"path\":\"$OPENCLAW_STATE_DIR/plugins/spendos-events\"}" 2>/dev/null || true
+
+# Set workspace to /app so SOUL.md and AGENTS.md are loaded
+openclaw config set agents.defaults.workspace /app 2>/dev/null || true
+
+  # Security: block agent from reading secrets
+  openclaw config set tools.exec.env.denylist '["OWS_PASSPHRASE","OWS_IMPORT_MNEMONIC","DEPLOYER_PRIVATE_KEY","SPENDOS_ADMIN_TOKEN","OPENCLAW_GATEWAY_TOKEN_OVERRIDE","TWITTER_USERNAME","TWITTER_PASSWORD"]' 2>/dev/null || true
+
+  # Enable browser tool (Chromium installed in Docker image)
+  openclaw config set tools.browser.enabled true 2>/dev/null || true
+  openclaw config set tools.browser.executable "$CHROME_BIN" 2>/dev/null || true
+
+  # Restore Twitter cookies from persistent volume if they exist
+  if [ -f "/data/twitter-cookies.json" ]; then
+    openclaw config set tools.browser.cookies "/data/twitter-cookies.json" 2>/dev/null || true
+    echo "[SpendOS] Twitter cookies restored from volume"
+  fi
+
+  # Disable Slack channel (not needed, causes MODULE_NOT_FOUND errors)
+  openclaw config set channels.slack.enabled false 2>/dev/null || true
+
+  touch "$FIRST_BOOT_MARKER"
+  echo "[SpendOS] First boot configuration complete"
+else
+  echo "[SpendOS] OpenClaw already configured (restarting with existing sessions/memory)"
+fi
+
+# ALWAYS update these on every boot (not just first boot)
+if [ -n "$OPENCLAW_GATEWAY_TOKEN_OVERRIDE" ]; then
+  openclaw config set gateway.auth.token "$OPENCLAW_GATEWAY_TOKEN_OVERRIDE" 2>/dev/null || true
+fi
+# Re-register SpendOS MCP server (compiled JS, no tsx dependency)
+openclaw mcp set spendos "{\"command\":\"node\",\"args\":[\"/app/dist/mcp-server.mjs\"],\"env\":{\"SPENDOS_URL\":\"http://localhost:${PORT:-3030}\"}}" 2>/dev/null || true
+
+# 3. Set up cron jobs (if not already set)
+# Get OpenClaw gateway token for internal API calls
+# openclaw config get redacts the token, so read directly from the JSON config
+export OPENCLAW_GATEWAY_TOKEN=$(node -e "try{const c=JSON.parse(require('fs').readFileSync('$OPENCLAW_STATE_DIR/openclaw.json','utf8'));process.stdout.write(c.gateway?.auth?.token||'')}catch{}" 2>/dev/null || echo "")
+export OPENCLAW_INTERNAL_URL="http://localhost:18789"
+
+# OpenClaw gateway on INTERNAL port only — NOT exposed to internet
+openclaw gateway --port 18789 &
+GATEWAY_PID=$!
+sleep 5
+
+echo "[SpendOS] OpenClaw gateway started on :18789 INTERNAL (PID $GATEWAY_PID)"
+
+# Add cron jobs only on first boot
+# COST AWARENESS: each cron invocation costs ~$0.05 in Venice inference.
+# Only invoke the agent when there's revenue to justify it.
+# The venice-topup cron is removed — auto top-up is now built into the proxy.
+# Reset crons on every boot to pick up config changes
+openclaw cron remove --name "revenue-scanner" 2>/dev/null || true
+openclaw cron remove --name "venice-topup" 2>/dev/null || true
+if true; then
+openclaw cron add \
+  --name "revenue-scanner" \
+  --every "2h" \
+  --agent main \
+  --session isolated \
+  --timeout-seconds 90 \
+  --light-context \
+  --message "You are SpendOS. COST RULE: This cron costs ~\$0.05 per run. Only take actions that generate more than \$0.05 in expected value.
+
+Quick check: curl -s http://localhost:3030/api/pnl
+
+If earned > 0 and margin is improving, propose ONE yield delegation.
+If no revenue, create ONE new job (write JSON to /app/jobs/ then curl -X POST http://localhost:3030/api/jobs/reload).
+If you already created jobs recently, just report status — don't burn credits on busywork.
+Keep responses SHORT. Every token costs money." \
+  --description "Cost-aware revenue scanner (2h)" \
+  2>/dev/null || echo "[SpendOS] Cron already exists"
+
+  touch "$FIRST_BOOT_MARKER.crons"
+  echo "[SpendOS] Cron jobs configured"
+else
+  echo "[SpendOS] Cron jobs already exist"
+fi
+# 4. Start ACP seller runtime (agent-to-agent commerce marketplace)
+# Decode ACP config from base64 env var (injected by setup.sh --deploy)
+if [ -n "$ACP_CONFIG_B64" ] && [ -d "/app/acp-seller" ]; then
+  echo "$ACP_CONFIG_B64" | base64 -d > /app/acp-seller/config.json
+  LITE_AGENT_API_KEY=$(node -e "try{const c=JSON.parse(require('fs').readFileSync('/app/acp-seller/config.json'));process.stdout.write(c.LITE_AGENT_API_KEY||'')}catch{}" 2>/dev/null)
+  export LITE_AGENT_API_KEY
+  echo "[SpendOS] ACP config decoded from ACP_CONFIG_B64"
+fi
+
+if [ -n "$LITE_AGENT_API_KEY" ] && [ -d "/app/acp-seller" ]; then
+  echo "[SpendOS] Starting ACP seller runtime..."
+  cd /app/acp-seller
+  SPENDOS_URL="http://localhost:${PORT:-8080}" GUARDIAN_INTERNAL_API_TOKEN="${GUARDIAN_INTERNAL_API_TOKEN:-skip}" \
+    npx tsx bin/acp.ts serve start 2>&1 || echo "[SpendOS] ACP seller failed to start"
+  cd /app
+  echo "[SpendOS] ACP seller runtime started (accepting jobs from other agents)"
+else
+  echo "[SpendOS] ACP seller skipped (set LITE_AGENT_API_KEY to enable)"
+fi
+
+echo "[SpendOS] System ready:"
+echo "  Dashboard (PUBLIC):  http://localhost:${PORT:-8080}"
+echo "  OpenClaw (INTERNAL): http://localhost:18789 (not exposed to internet)"
+if [ -n "$LITE_AGENT_API_KEY" ]; then
+  echo "  ACP Seller:          connected to acpx.virtuals.io (3 offerings)"
+fi
+
+# Wait for either process to exit
+wait $SPENDOS_PID $GATEWAY_PID

package/tsconfig.json

@@ -0,0 +1,14 @@
+{
+  "compilerOptions": {
+    "target": "ESNext",
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "esModuleInterop": true,
+    "strict": true,
+    "outDir": "dist",
+    "rootDir": "src",
+    "skipLibCheck": true,
+    "resolveJsonModule": true
+  },
+  "include": ["src"]
+}