npm - teleton - Versions diffs - 0.8.3 → 0.8.4 - Mend

teleton 0.8.3 → 0.8.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/README.md +230 -294
package/dist/{bootstrap-DDFVEMYI.js → bootstrap-NNEI3Z5H.js} +3 -5
package/dist/{chunk-OIMAE24Q.js → chunk-5LOHRZYY.js} +15 -4
package/dist/{chunk-2ERTYRHA.js → chunk-G7PCW63M.js} +10 -10
package/dist/chunk-JROBTXWY.js +908 -0
package/dist/{chunk-7MWKT67G.js → chunk-LZQOX6YY.js} +13 -670
package/dist/{chunk-AERHOXGC.js → chunk-NH2CNRKJ.js} +223 -91
package/dist/{chunk-33Z47EXI.js → chunk-UMUONAD6.js} +11 -13
package/dist/cli/index.js +13 -16
package/dist/index.js +4 -5
package/dist/{server-N4T7E25M.js → server-AJCOURH7.js} +4 -5
package/dist/{server-JF6FX772.js → server-WWGVDFPW.js} +5 -6
package/dist/{setup-server-IX3BFPPH.js → setup-server-VDY64CWW.js} +3 -3
package/package.json +1 -1
package/dist/chunk-AEHTQI3H.js +0 -142
package/dist/chunk-FUNF6H4W.js +0 -251

package/dist/chunk-JROBTXWY.js ADDED Viewed

@@ -0,0 +1,908 @@
+import {
+  ConfigSchema,
+  expandPath
+} from "./chunk-NH2CNRKJ.js";
+import {
+  COINGECKO_API_URL,
+  tonapiFetch
+} from "./chunk-VFA7QMCZ.js";
+import {
+  getSupportedProviders
+} from "./chunk-6OOHHJ4N.js";
+import {
+  fetchWithTimeout
+} from "./chunk-XQUHC3JZ.js";
+import {
+  TELETON_ROOT
+} from "./chunk-EYWNOHMJ.js";
+import {
+  createLogger
+} from "./chunk-NQ6FZKCE.js";
+// src/ton/endpoint.ts
+var ENDPOINT_CACHE_TTL_MS = 6e4;
+var ORBS_HOST = "ton.access.orbs.network";
+var ORBS_TOPOLOGY_URL = `https://${ORBS_HOST}/mngr/nodes?npm_version=2.3.3`;
+var TONCENTER_URL = `https://toncenter.com/api/v2/jsonRPC`;
+var _cache = null;
+var _toncenterApiKey;
+function setToncenterApiKey(key) {
+  _toncenterApiKey = key;
+}
+function getToncenterApiKey() {
+  return _toncenterApiKey;
+}
+async function discoverOrbsEndpoint() {
+  const res = await fetch(ORBS_TOPOLOGY_URL, { signal: AbortSignal.timeout(5e3) });
+  const nodes = await res.json();
+  const healthy = nodes.filter(
+    (n) => n.Healthy === "1" && n.Weight > 0 && n.Mngr?.health?.["v2-mainnet"]
+  );
+  if (healthy.length === 0) throw new Error("no healthy orbs nodes");
+  const totalWeight = healthy.reduce((sum, n) => sum + n.Weight, 0);
+  let r = Math.floor(Math.random() * totalWeight);
+  let chosen = healthy[0];
+  for (const node of healthy) {
+    r -= node.Weight;
+    if (r < 0) {
+      chosen = node;
+      break;
+    }
+  }
+  return `https://${ORBS_HOST}/${chosen.NodeId}/1/mainnet/toncenter-api-v2/jsonRPC`;
+}
+async function getCachedHttpEndpoint() {
+  if (_cache && Date.now() - _cache.ts < ENDPOINT_CACHE_TTL_MS) {
+    return _cache.url;
+  }
+  let url;
+  if (_toncenterApiKey) {
+    try {
+      const testUrl = `https://toncenter.com/api/v2/getAddressInformation?address=EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM9c`;
+      const res = await fetch(testUrl, {
+        headers: { "X-API-Key": _toncenterApiKey },
+        signal: AbortSignal.timeout(5e3)
+      });
+      if (!res.ok) throw new Error(`TonCenter ${res.status}`);
+      url = TONCENTER_URL;
+    } catch {
+      try {
+        url = await discoverOrbsEndpoint();
+      } catch {
+        url = TONCENTER_URL;
+      }
+    }
+  } else {
+    try {
+      url = await discoverOrbsEndpoint();
+    } catch {
+      url = TONCENTER_URL;
+    }
+  }
+  _cache = { url, ts: Date.now() };
+  return url;
+}
+function invalidateEndpointCache() {
+  _cache = null;
+}
+// src/ton/wallet-service.ts
+import { mnemonicNew, mnemonicToPrivateKey, mnemonicValidate } from "@ton/crypto";
+import { WalletContractV5R1, TonClient, fromNano } from "@ton/ton";
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
+import { join, dirname } from "path";
+var log = createLogger("TON");
+var WALLET_FILE = join(TELETON_ROOT, "wallet.json");
+var _walletCache;
+var _keyPairCache = null;
+var _tonClientCache = null;
+async function generateWallet() {
+  const mnemonic = await mnemonicNew(24);
+  const keyPair = await mnemonicToPrivateKey(mnemonic);
+  const wallet = WalletContractV5R1.create({
+    workchain: 0,
+    publicKey: keyPair.publicKey
+  });
+  const address = wallet.address.toString({ bounceable: true, testOnly: false });
+  return {
+    version: "w5r1",
+    address,
+    publicKey: keyPair.publicKey.toString("hex"),
+    mnemonic,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function saveWallet(wallet) {
+  const dir = dirname(WALLET_FILE);
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+  writeFileSync(WALLET_FILE, JSON.stringify(wallet, null, 2), { encoding: "utf-8", mode: 384 });
+  _walletCache = void 0;
+  _keyPairCache = null;
+}
+function loadWallet() {
+  if (_walletCache !== void 0) return _walletCache;
+  if (!existsSync(WALLET_FILE)) {
+    _walletCache = null;
+    return null;
+  }
+  try {
+    const content = readFileSync(WALLET_FILE, "utf-8");
+    const parsed = JSON.parse(content);
+    if (!parsed.mnemonic || !Array.isArray(parsed.mnemonic) || parsed.mnemonic.length !== 24) {
+      throw new Error("Invalid wallet.json: mnemonic must be a 24-word array");
+    }
+    _walletCache = parsed;
+    return _walletCache;
+  } catch (error) {
+    log.error({ err: error }, "Failed to load wallet");
+    _walletCache = null;
+    return null;
+  }
+}
+function walletExists() {
+  return existsSync(WALLET_FILE);
+}
+async function importWallet(mnemonic) {
+  const valid = await mnemonicValidate(mnemonic);
+  if (!valid) {
+    throw new Error("Invalid mnemonic: words do not form a valid TON seed phrase");
+  }
+  const keyPair = await mnemonicToPrivateKey(mnemonic);
+  const wallet = WalletContractV5R1.create({
+    workchain: 0,
+    publicKey: keyPair.publicKey
+  });
+  const address = wallet.address.toString({ bounceable: true, testOnly: false });
+  return {
+    version: "w5r1",
+    address,
+    publicKey: keyPair.publicKey.toString("hex"),
+    mnemonic,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function getWalletAddress() {
+  const wallet = loadWallet();
+  return wallet?.address || null;
+}
+async function getCachedTonClient() {
+  const endpoint = await getCachedHttpEndpoint();
+  if (_tonClientCache && _tonClientCache.endpoint === endpoint) {
+    return _tonClientCache.client;
+  }
+  const apiKey = getToncenterApiKey();
+  const client = new TonClient({ endpoint, ...apiKey && { apiKey } });
+  _tonClientCache = { client, endpoint };
+  return client;
+}
+function invalidateTonClientCache() {
+  _tonClientCache = null;
+  invalidateEndpointCache();
+}
+async function getKeyPair() {
+  if (_keyPairCache) return _keyPairCache;
+  const wallet = loadWallet();
+  if (!wallet) return null;
+  _keyPairCache = await mnemonicToPrivateKey(wallet.mnemonic);
+  return _keyPairCache;
+}
+async function getWalletBalance(address) {
+  try {
+    const client = await getCachedTonClient();
+    const { Address } = await import("@ton/core");
+    const addressObj = Address.parse(address);
+    const balance = await client.getBalance(addressObj);
+    const balanceFormatted = fromNano(balance);
+    return {
+      balance: balanceFormatted,
+      balanceNano: balance.toString()
+    };
+  } catch (error) {
+    log.error({ err: error }, "Failed to get balance");
+    return null;
+  }
+}
+var TON_PRICE_CACHE_TTL_MS = 3e4;
+var _tonPriceCache = null;
+async function getTonPrice() {
+  if (_tonPriceCache && Date.now() - _tonPriceCache.timestamp < TON_PRICE_CACHE_TTL_MS) {
+    return { ..._tonPriceCache };
+  }
+  try {
+    const response = await tonapiFetch(`/rates?tokens=ton&currencies=usd`);
+    if (response.ok) {
+      const data = await response.json();
+      const price = data?.rates?.TON?.prices?.USD;
+      if (typeof price === "number" && price > 0) {
+        _tonPriceCache = { usd: price, source: "TonAPI", timestamp: Date.now() };
+        return _tonPriceCache;
+      }
+    }
+  } catch {
+  }
+  try {
+    const response = await fetchWithTimeout(
+      `${COINGECKO_API_URL}/simple/price?ids=the-open-network&vs_currencies=usd`
+    );
+    if (!response.ok) {
+      throw new Error(`CoinGecko API error: ${response.status}`);
+    }
+    const data = await response.json();
+    const price = data["the-open-network"]?.usd;
+    if (typeof price === "number" && price > 0) {
+      _tonPriceCache = { usd: price, source: "CoinGecko", timestamp: Date.now() };
+      return _tonPriceCache;
+    }
+  } catch (error) {
+    log.error({ err: error }, "Failed to get TON price");
+  }
+  return null;
+}
+// src/config/configurable-keys.ts
+import { readFileSync as readFileSync2, writeFileSync as writeFileSync2, existsSync as existsSync2 } from "fs";
+import { parse, stringify } from "yaml";
+var noValidation = () => void 0;
+var identity = (v) => v;
+var nonEmpty = (v) => v.length > 0 ? void 0 : "Must not be empty";
+function numberInRange(min, max) {
+  return (v) => {
+    const n = Number(v);
+    if (isNaN(n)) return "Must be a number";
+    if (n < min || n > max) return `Must be between ${min} and ${max}`;
+    return void 0;
+  };
+}
+function enumValidator(options) {
+  return (v) => options.includes(v) ? void 0 : `Must be one of: ${options.join(", ")}`;
+}
+function positiveInteger(v) {
+  const n = Number(v);
+  if (!Number.isInteger(n) || n <= 0) return "Must be a positive integer";
+  return void 0;
+}
+function validateUrl(v) {
+  if (v === "") return void 0;
+  if (v.startsWith("http://") || v.startsWith("https://")) return void 0;
+  return "Must be empty or start with http:// or https://";
+}
+var CONFIGURABLE_KEYS = {
+  // ─── API Keys ──────────────────────────────────────────────────────
+  "agent.api_key": {
+    type: "string",
+    category: "API Keys",
+    label: "LLM API Key",
+    description: "LLM provider API key",
+    sensitive: true,
+    hotReload: "instant",
+    validate: (v) => v.length >= 10 ? void 0 : "Must be at least 10 characters",
+    mask: (v) => v.slice(0, 8) + "****",
+    parse: identity
+  },
+  tavily_api_key: {
+    type: "string",
+    category: "API Keys",
+    label: "Tavily API Key",
+    description: "Tavily API key for web search",
+    sensitive: true,
+    hotReload: "instant",
+    validate: (v) => v.startsWith("tvly-") ? void 0 : "Must start with 'tvly-'",
+    mask: (v) => v.slice(0, 9) + "****",
+    parse: identity
+  },
+  tonapi_key: {
+    type: "string",
+    category: "API Keys",
+    label: "TonAPI Key",
+    description: "TonAPI key for higher rate limits",
+    sensitive: true,
+    hotReload: "instant",
+    validate: (v) => v.length >= 10 ? void 0 : "Must be at least 10 characters",
+    mask: (v) => v.slice(0, 10) + "****",
+    parse: identity
+  },
+  toncenter_api_key: {
+    type: "string",
+    category: "API Keys",
+    label: "TonCenter API Key",
+    description: "TonCenter API key for dedicated RPC endpoint (free at toncenter.com)",
+    sensitive: true,
+    hotReload: "instant",
+    validate: (v) => v.length >= 10 ? void 0 : "Must be at least 10 characters",
+    mask: (v) => v.slice(0, 10) + "****",
+    parse: identity
+  },
+  "telegram.bot_token": {
+    type: "string",
+    category: "API Keys",
+    label: "Bot Token",
+    description: "Bot token from @BotFather",
+    sensitive: true,
+    hotReload: "instant",
+    validate: (v) => v.includes(":") ? void 0 : "Must contain ':' (e.g., 123456:ABC...)",
+    mask: (v) => v.split(":")[0] + ":****",
+    parse: identity
+  },
+  // ─── Agent ─────────────────────────────────────────────────────────
+  "agent.provider": {
+    type: "enum",
+    category: "Agent",
+    label: "Provider",
+    description: "LLM provider",
+    sensitive: false,
+    hotReload: "instant",
+    options: getSupportedProviders().map((p) => p.id),
+    validate: enumValidator(getSupportedProviders().map((p) => p.id)),
+    mask: identity,
+    parse: identity
+  },
+  "agent.model": {
+    type: "string",
+    category: "Agent",
+    label: "Model",
+    description: "Main LLM model ID",
+    sensitive: false,
+    hotReload: "instant",
+    validate: nonEmpty,
+    mask: identity,
+    parse: identity
+  },
+  "agent.utility_model": {
+    type: "string",
+    category: "Agent",
+    label: "Utility Model",
+    description: "Cheap model for summarization (auto-detected if empty)",
+    sensitive: false,
+    hotReload: "instant",
+    validate: noValidation,
+    mask: identity,
+    parse: identity
+  },
+  "agent.temperature": {
+    type: "number",
+    category: "Agent",
+    label: "Temperature",
+    description: "Response creativity (0.0 = deterministic, 2.0 = max)",
+    sensitive: false,
+    hotReload: "instant",
+    validate: numberInRange(0, 2),
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  "agent.max_tokens": {
+    type: "number",
+    category: "Agent",
+    label: "Max Tokens",
+    description: "Maximum response length in tokens",
+    sensitive: false,
+    hotReload: "instant",
+    validate: numberInRange(256, 128e3),
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  "agent.max_agentic_iterations": {
+    type: "number",
+    category: "Agent",
+    label: "Max Iterations",
+    description: "Max tool-call loop iterations per message",
+    sensitive: false,
+    hotReload: "instant",
+    validate: numberInRange(1, 20),
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  "agent.base_url": {
+    type: "string",
+    category: "Agent",
+    label: "API Base URL",
+    description: "Base URL for local LLM server (requires restart)",
+    sensitive: false,
+    hotReload: "restart",
+    validate: validateUrl,
+    mask: identity,
+    parse: identity
+  },
+  "cocoon.port": {
+    type: "number",
+    category: "Agent",
+    label: "Cocoon Port",
+    description: "Cocoon proxy port (requires restart)",
+    sensitive: false,
+    hotReload: "restart",
+    validate: numberInRange(1, 65535),
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  // ─── Session ───────────────────────────────────────────────────
+  "agent.session_reset_policy.daily_reset_enabled": {
+    type: "boolean",
+    category: "Session",
+    label: "Daily Reset",
+    description: "Enable daily session reset at specified hour",
+    sensitive: false,
+    hotReload: "instant",
+    validate: enumValidator(["true", "false"]),
+    mask: identity,
+    parse: (v) => v === "true"
+  },
+  "agent.session_reset_policy.daily_reset_hour": {
+    type: "number",
+    category: "Session",
+    label: "Reset Hour",
+    description: "Hour (0-23 UTC) for daily session reset",
+    sensitive: false,
+    hotReload: "instant",
+    validate: numberInRange(0, 23),
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  "agent.session_reset_policy.idle_expiry_enabled": {
+    type: "boolean",
+    category: "Session",
+    label: "Idle Expiry",
+    description: "Enable automatic session expiry after idle period",
+    sensitive: false,
+    hotReload: "instant",
+    validate: enumValidator(["true", "false"]),
+    mask: identity,
+    parse: (v) => v === "true"
+  },
+  "agent.session_reset_policy.idle_expiry_minutes": {
+    type: "number",
+    category: "Session",
+    label: "Idle Minutes",
+    description: "Idle minutes before session expires (minimum 1)",
+    sensitive: false,
+    hotReload: "instant",
+    validate: numberInRange(1, Number.MAX_SAFE_INTEGER),
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  // ─── Telegram ──────────────────────────────────────────────────────
+  "telegram.bot_username": {
+    type: "string",
+    category: "Telegram",
+    label: "Bot Username",
+    description: "Bot username without @",
+    sensitive: false,
+    hotReload: "instant",
+    validate: (v) => v.length >= 3 ? void 0 : "Must be at least 3 characters",
+    mask: identity,
+    parse: identity
+  },
+  "telegram.dm_policy": {
+    type: "enum",
+    category: "Telegram",
+    label: "DM Policy",
+    description: "Who can message the bot in private",
+    sensitive: false,
+    hotReload: "instant",
+    options: ["admin-only", "allowlist", "open", "disabled"],
+    optionLabels: {
+      "admin-only": "Admin Only",
+      allowlist: "Allow Users",
+      open: "Open",
+      disabled: "Disabled"
+    },
+    validate: enumValidator(["open", "allowlist", "admin-only", "disabled"]),
+    mask: identity,
+    parse: identity
+  },
+  "telegram.group_policy": {
+    type: "enum",
+    category: "Telegram",
+    label: "Group Policy",
+    description: "Which groups the bot can respond in",
+    sensitive: false,
+    hotReload: "instant",
+    options: ["open", "allowlist", "admin-only", "disabled"],
+    optionLabels: {
+      open: "Open",
+      allowlist: "Allow Groups",
+      "admin-only": "Admin Only",
+      disabled: "Disabled"
+    },
+    validate: enumValidator(["open", "allowlist", "admin-only", "disabled"]),
+    mask: identity,
+    parse: identity
+  },
+  "telegram.require_mention": {
+    type: "boolean",
+    category: "Telegram",
+    label: "Require Mention",
+    description: "Require @mention in groups to respond",
+    sensitive: false,
+    hotReload: "instant",
+    validate: enumValidator(["true", "false"]),
+    mask: identity,
+    parse: (v) => v === "true"
+  },
+  "telegram.owner_name": {
+    type: "string",
+    category: "Telegram",
+    label: "Owner Name",
+    description: "Owner's first name (used in system prompt)",
+    sensitive: false,
+    hotReload: "instant",
+    validate: noValidation,
+    mask: identity,
+    parse: identity
+  },
+  "telegram.owner_username": {
+    type: "string",
+    category: "Telegram",
+    label: "Owner Username",
+    description: "Owner's Telegram username (without @)",
+    sensitive: false,
+    hotReload: "instant",
+    validate: noValidation,
+    mask: identity,
+    parse: identity
+  },
+  "telegram.debounce_ms": {
+    type: "number",
+    category: "Telegram",
+    label: "Debounce (ms)",
+    description: "Group message debounce delay in ms (0 = disabled)",
+    sensitive: false,
+    hotReload: "instant",
+    validate: numberInRange(0, 1e4),
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  "telegram.agent_channel": {
+    type: "string",
+    category: "Telegram",
+    label: "Agent Channel",
+    description: "Channel username for auto-publishing",
+    sensitive: false,
+    hotReload: "instant",
+    validate: noValidation,
+    mask: identity,
+    parse: identity
+  },
+  "telegram.typing_simulation": {
+    type: "boolean",
+    category: "Telegram",
+    label: "Typing Simulation",
+    description: "Simulate typing indicator before sending replies",
+    sensitive: false,
+    hotReload: "instant",
+    validate: enumValidator(["true", "false"]),
+    mask: identity,
+    parse: (v) => v === "true"
+  },
+  "telegram.owner_id": {
+    type: "number",
+    category: "Telegram",
+    label: "Admin ID",
+    description: "Primary admin Telegram user ID (auto-added to Admin IDs)",
+    sensitive: false,
+    hotReload: "instant",
+    validate: positiveInteger,
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  "telegram.max_message_length": {
+    type: "number",
+    category: "Telegram",
+    label: "Max Message Length",
+    description: "Maximum message length in characters",
+    sensitive: false,
+    hotReload: "instant",
+    validate: numberInRange(1, 32768),
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  "telegram.rate_limit_messages_per_second": {
+    type: "number",
+    category: "Telegram",
+    label: "Rate Limit \u2014 Messages/sec",
+    description: "Rate limit: messages per second (requires restart)",
+    sensitive: false,
+    hotReload: "restart",
+    validate: numberInRange(0.1, 10),
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  "telegram.rate_limit_groups_per_minute": {
+    type: "number",
+    category: "Telegram",
+    label: "Rate Limit \u2014 Groups/min",
+    description: "Rate limit: groups per minute (requires restart)",
+    sensitive: false,
+    hotReload: "restart",
+    validate: numberInRange(1, 60),
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  "telegram.admin_ids": {
+    type: "array",
+    itemType: "number",
+    category: "Telegram",
+    label: "Admin IDs",
+    description: "Admin user IDs with elevated access",
+    sensitive: false,
+    hotReload: "instant",
+    validate: positiveInteger,
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  "telegram.allow_from": {
+    type: "array",
+    itemType: "number",
+    category: "Telegram",
+    label: "Allowed Users",
+    description: "User IDs allowed for DM access",
+    sensitive: false,
+    hotReload: "instant",
+    validate: positiveInteger,
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  "telegram.group_allow_from": {
+    type: "array",
+    itemType: "number",
+    category: "Telegram",
+    label: "Allowed Groups",
+    description: "Group IDs allowed for group access",
+    sensitive: false,
+    hotReload: "instant",
+    validate: positiveInteger,
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  // ─── Embedding ─────────────────────────────────────────────────────
+  "embedding.provider": {
+    type: "enum",
+    category: "Embedding",
+    label: "Embedding Provider",
+    description: "Embedding provider for RAG",
+    sensitive: false,
+    hotReload: "instant",
+    options: ["local", "anthropic", "none"],
+    validate: enumValidator(["local", "anthropic", "none"]),
+    mask: identity,
+    parse: identity
+  },
+  "embedding.model": {
+    type: "string",
+    category: "Embedding",
+    label: "Embedding Model",
+    description: "Embedding model ID (requires restart)",
+    sensitive: false,
+    hotReload: "restart",
+    validate: noValidation,
+    mask: identity,
+    parse: identity
+  },
+  // ─── WebUI ─────────────────────────────────────────────────────────
+  "webui.port": {
+    type: "number",
+    category: "WebUI",
+    label: "WebUI Port",
+    description: "HTTP server port (requires restart)",
+    sensitive: false,
+    hotReload: "restart",
+    validate: numberInRange(1024, 65535),
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  "webui.log_requests": {
+    type: "boolean",
+    category: "WebUI",
+    label: "Log HTTP Requests",
+    description: "Log all HTTP requests to console",
+    sensitive: false,
+    hotReload: "instant",
+    validate: enumValidator(["true", "false"]),
+    mask: identity,
+    parse: (v) => v === "true"
+  },
+  // ─── Deals ─────────────────────────────────────────────────────────
+  "deals.enabled": {
+    type: "boolean",
+    category: "Deals",
+    label: "Deals Enabled",
+    description: "Enable the deals/escrow module",
+    sensitive: false,
+    hotReload: "instant",
+    validate: enumValidator(["true", "false"]),
+    mask: identity,
+    parse: (v) => v === "true"
+  },
+  "deals.expiry_seconds": {
+    type: "number",
+    category: "Deals",
+    label: "Deal Expiry",
+    description: "Deal expiry timeout in seconds",
+    sensitive: false,
+    hotReload: "instant",
+    validate: numberInRange(10, 3600),
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  "deals.buy_max_floor_percent": {
+    type: "number",
+    category: "Deals",
+    label: "Buy Max Floor %",
+    description: "Maximum floor % for buy deals",
+    sensitive: false,
+    hotReload: "instant",
+    validate: numberInRange(1, 100),
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  "deals.sell_min_floor_percent": {
+    type: "number",
+    category: "Deals",
+    label: "Sell Min Floor %",
+    description: "Minimum floor % for sell deals",
+    sensitive: false,
+    hotReload: "instant",
+    validate: numberInRange(100, 500),
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  // ─── TON Proxy ────────────────────────────────────────────────────
+  "ton_proxy.enabled": {
+    type: "boolean",
+    category: "TON Proxy",
+    label: "TON Proxy Enabled",
+    description: "Enable Tonutils-Proxy for .ton site access (auto-downloads binary on first run)",
+    sensitive: false,
+    hotReload: "instant",
+    validate: enumValidator(["true", "false"]),
+    mask: identity,
+    parse: (v) => v === "true"
+  },
+  "ton_proxy.port": {
+    type: "number",
+    category: "TON Proxy",
+    label: "Proxy Port",
+    description: "HTTP proxy port for .ton sites (default: 8080)",
+    sensitive: false,
+    hotReload: "restart",
+    validate: numberInRange(1, 65535),
+    mask: identity,
+    parse: (v) => Number(v)
+  },
+  "ton_proxy.binary_path": {
+    type: "string",
+    category: "TON Proxy",
+    label: "Binary Path",
+    description: "Custom path to tonutils-proxy-cli (leave empty for auto-download)",
+    sensitive: false,
+    hotReload: "restart",
+    validate: noValidation,
+    mask: identity,
+    parse: identity
+  },
+  // ─── Capabilities ──────────────────────────────────────────────────
+  "capabilities.exec.mode": {
+    type: "enum",
+    category: "Coding Agent",
+    label: "Exec Mode",
+    description: "System execution: off (disabled) or yolo (full system access)",
+    sensitive: false,
+    hotReload: "restart",
+    options: ["off", "yolo"],
+    optionLabels: { off: "Disabled", yolo: "YOLO" },
+    validate: enumValidator(["off", "yolo"]),
+    mask: identity,
+    parse: identity
+  },
+  "capabilities.exec.scope": {
+    type: "enum",
+    category: "Coding Agent",
+    label: "Exec Scope",
+    description: "Who can trigger exec tools",
+    sensitive: false,
+    hotReload: "restart",
+    options: ["admin-only", "allowlist", "all"],
+    optionLabels: { "admin-only": "Admin Only", allowlist: "Allowlist", all: "Everyone" },
+    validate: enumValidator(["admin-only", "allowlist", "all"]),
+    mask: identity,
+    parse: identity
+  },
+  // ─── Developer ─────────────────────────────────────────────────────
+  "dev.hot_reload": {
+    type: "boolean",
+    category: "Developer",
+    label: "Hot Reload",
+    description: "Watch ~/.teleton/plugins/ for live changes",
+    sensitive: false,
+    hotReload: "instant",
+    validate: enumValidator(["true", "false"]),
+    mask: identity,
+    parse: (v) => v === "true"
+  }
+};
+var FORBIDDEN_SEGMENTS = /* @__PURE__ */ new Set(["__proto__", "constructor", "prototype"]);
+function assertSafePath(parts) {
+  if (parts.some((p) => FORBIDDEN_SEGMENTS.has(p))) {
+    throw new Error("Invalid config path: forbidden segment");
+  }
+}
+function getNestedValue(obj, path) {
+  const parts = path.split(".");
+  assertSafePath(parts);
+  let current = obj;
+  for (const part of parts) {
+    if (current == null || typeof current !== "object") return void 0;
+    current = current[part];
+  }
+  return current;
+}
+function setNestedValue(obj, path, value) {
+  const parts = path.split(".");
+  assertSafePath(parts);
+  let current = obj;
+  for (let i = 0; i < parts.length - 1; i++) {
+    if (current[parts[i]] == null || typeof current[parts[i]] !== "object") {
+      current[parts[i]] = {};
+    }
+    current = current[parts[i]];
+  }
+  current[parts[parts.length - 1]] = value;
+}
+function deleteNestedValue(obj, path) {
+  const parts = path.split(".");
+  assertSafePath(parts);
+  let current = obj;
+  for (let i = 0; i < parts.length - 1; i++) {
+    if (current == null || typeof current !== "object") return;
+    current = current[parts[i]];
+  }
+  if (current != null && typeof current === "object") {
+    delete current[parts[parts.length - 1]];
+  }
+}
+function readRawConfig(configPath) {
+  const fullPath = expandPath(configPath);
+  if (!existsSync2(fullPath)) {
+    throw new Error(`Config file not found: ${fullPath}
+Run 'teleton setup' to create one.`);
+  }
+  const raw = parse(readFileSync2(fullPath, "utf-8"));
+  if (!raw || typeof raw !== "object") {
+    throw new Error(`Invalid config file: ${fullPath}`);
+  }
+  return raw;
+}
+function writeRawConfig(raw, configPath) {
+  const clone = { ...raw };
+  delete clone.market;
+  const result = ConfigSchema.safeParse(clone);
+  if (!result.success) {
+    throw new Error(`Refusing to save invalid config: ${result.error.message}`);
+  }
+  raw.meta = raw.meta ?? {};
+  raw.meta.last_modified_at = (/* @__PURE__ */ new Date()).toISOString();
+  const fullPath = expandPath(configPath);
+  writeFileSync2(fullPath, stringify(raw), { encoding: "utf-8", mode: 384 });
+}
+export {
+  setToncenterApiKey,
+  invalidateEndpointCache,
+  generateWallet,
+  saveWallet,
+  loadWallet,
+  walletExists,
+  importWallet,
+  getWalletAddress,
+  getCachedTonClient,
+  invalidateTonClientCache,
+  getKeyPair,
+  getWalletBalance,
+  getTonPrice,
+  CONFIGURABLE_KEYS,
+  getNestedValue,
+  setNestedValue,
+  deleteNestedValue,
+  readRawConfig,
+  writeRawConfig
+};