@conversionpros/aiva 1.0.0

package/notion-oauth.js

@@ -0,0 +1,323 @@
+/**
+ * Notion OAuth Integration
+ * Handles OAuth flow, token management, and Notion API proxy.
+ * 
+ * Endpoints:
+ *   GET    /api/integrations/notion/auth-url       - Generate OAuth URL
+ *   GET    /api/integrations/notion/callback        - Handle OAuth callback
+ *   GET    /api/integrations/notion/status          - List connected workspaces
+ *   DELETE /api/integrations/notion/disconnect      - Disconnect a workspace
+ *   GET    /api/integrations/notion/search          - Proxy search
+ *   GET    /api/integrations/notion/pages/:pageId   - Get page content
+ *   POST   /api/integrations/notion/pages           - Create page
+ */
+
+const express = require('express');
+const crypto = require('crypto');
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const { v4: uuidv4 } = require('uuid');
+
+const router = express.Router();
+
+// ─── Config ───────────────────────────────────────────────────────────────────
+
+const NOTION_CLIENT_ID = process.env.NOTION_CLIENT_ID || '315d872b-594c-8176-9040-00378fe5ec21';
+const NOTION_CLIENT_SECRET = process.env.NOTION_CLIENT_SECRET || 'secret_tmzIhJEbTFsM6EmeXQ6oX5IFFPLICS5XPYTx19ZqwVM';
+const NOTION_REDIRECT_URI = process.env.NOTION_REDIRECT_URI || 'https://app.aivahelpme.com/api/integrations/notion/callback';
+const TOKENS_FILE = path.join(__dirname, 'data', 'oauth-tokens.json');
+const NOTION_API_VERSION = '2022-06-28';
+
+// In-memory CSRF state store (5 min TTL)
+const pendingStates = new Map();
+
+// ─── Encryption (matches google-oauth.js) ─────────────────────────────────────
+
+function getEncryptionKey() {
+  return crypto.createHash('sha256').update('aiva-tokens-' + os.hostname()).digest();
+}
+
+function encrypt(text) {
+  const key = getEncryptionKey();
+  const iv = crypto.randomBytes(12);
+  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
+  let enc = cipher.update(text, 'utf8', 'hex');
+  enc += cipher.final('hex');
+  const tag = cipher.getAuthTag().toString('hex');
+  return `${iv.toString('hex')}:${tag}:${enc}`;
+}
+
+function decrypt(stored) {
+  const key = getEncryptionKey();
+  const [ivHex, tagHex, enc] = stored.split(':');
+  const decipher = crypto.createDecipheriv('aes-256-gcm', key, Buffer.from(ivHex, 'hex'));
+  decipher.setAuthTag(Buffer.from(tagHex, 'hex'));
+  let dec = decipher.update(enc, 'hex', 'utf8');
+  dec += decipher.final('utf8');
+  return dec;
+}
+
+// ─── Token Storage ────────────────────────────────────────────────────────────
+
+function loadTokens() {
+  try {
+    if (fs.existsSync(TOKENS_FILE)) {
+      return JSON.parse(fs.readFileSync(TOKENS_FILE, 'utf8'));
+    }
+  } catch (e) {
+    console.error('[notion-oauth] Failed to load tokens:', e.message);
+  }
+  return { google: { accounts: [] }, notion: { accounts: [] } };
+}
+
+function saveTokens(data) {
+  const dir = path.dirname(TOKENS_FILE);
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+  fs.writeFileSync(TOKENS_FILE, JSON.stringify(data, null, 2));
+}
+
+// ─── Helper: get token for an account ─────────────────────────────────────────
+
+function getNotionToken(accountId) {
+  const store = loadTokens();
+  if (!store.notion) return null;
+  const account = accountId
+    ? store.notion.accounts.find(a => a.id === accountId)
+    : store.notion.accounts[0];
+  if (!account) return null;
+  return {
+    token: decrypt(account.access_token),
+    workspace_name: account.workspace_name,
+    workspace_id: account.workspace_id,
+    bot_id: account.bot_id,
+  };
+}
+
+// ─── Routes ───────────────────────────────────────────────────────────────────
+
+// Generate OAuth authorization URL
+router.get('/auth-url', (req, res) => {
+  if (!NOTION_CLIENT_ID || !NOTION_CLIENT_SECRET) {
+    return res.json({ success: false, error: 'Notion OAuth not configured. Set NOTION_CLIENT_ID and NOTION_CLIENT_SECRET.' });
+  }
+
+  const state = crypto.randomBytes(32).toString('hex');
+  pendingStates.set(state, { createdAt: Date.now() });
+  setTimeout(() => pendingStates.delete(state), 5 * 60 * 1000);
+
+  const params = new URLSearchParams({
+    client_id: NOTION_CLIENT_ID,
+    response_type: 'code',
+    owner: 'user',
+    redirect_uri: NOTION_REDIRECT_URI,
+    state,
+  });
+
+  const url = `https://api.notion.com/v1/oauth/authorize?${params}`;
+  res.json({ success: true, data: { url } });
+});
+
+// OAuth callback
+router.get('/callback', async (req, res) => {
+  const { code, state, error } = req.query;
+
+  if (error) {
+    return res.redirect('/#settings?notion_oauth=error&message=' + encodeURIComponent(error));
+  }
+
+  if (!state || !pendingStates.has(state)) {
+    return res.redirect('/#settings?notion_oauth=error&message=Invalid+state+token');
+  }
+
+  pendingStates.delete(state);
+
+  try {
+    // Exchange code for token (Basic auth with client_id:client_secret)
+    const basicAuth = Buffer.from(`${NOTION_CLIENT_ID}:${NOTION_CLIENT_SECRET}`).toString('base64');
+    const tokenResp = await fetch('https://api.notion.com/v1/oauth/token', {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Authorization': `Basic ${basicAuth}`,
+      },
+      body: JSON.stringify({
+        grant_type: 'authorization_code',
+        code,
+        redirect_uri: NOTION_REDIRECT_URI,
+      }),
+    });
+
+    if (!tokenResp.ok) {
+      const err = await tokenResp.text();
+      console.error('[notion-oauth] Token exchange failed:', err);
+      return res.redirect('/#settings?notion_oauth=error&message=Token+exchange+failed');
+    }
+
+    const tokens = await tokenResp.json();
+
+    // Store workspace
+    const store = loadTokens();
+    if (!store.notion) store.notion = { accounts: [] };
+
+    // Check if this workspace is already connected - update if so
+    const existingIdx = store.notion.accounts.findIndex(a => a.workspace_id === tokens.workspace_id);
+    const account = {
+      id: existingIdx >= 0 ? store.notion.accounts[existingIdx].id : uuidv4(),
+      workspace_name: tokens.workspace_name || 'Unnamed Workspace',
+      workspace_id: tokens.workspace_id,
+      bot_id: tokens.bot_id,
+      access_token: encrypt(tokens.access_token),
+      status: 'connected',
+      connected_at: new Date().toISOString(),
+    };
+
+    if (existingIdx >= 0) {
+      store.notion.accounts[existingIdx] = account;
+    } else {
+      store.notion.accounts.push(account);
+    }
+    saveTokens(store);
+
+    console.log(`[notion-oauth] Connected workspace: ${tokens.workspace_name} (${tokens.workspace_id})`);
+    return res.redirect('/#settings?notion_oauth=success&workspace=' + encodeURIComponent(tokens.workspace_name || ''));
+
+  } catch (e) {
+    console.error('[notion-oauth] Callback error:', e);
+    return res.redirect('/#settings?notion_oauth=error&message=' + encodeURIComponent(e.message));
+  }
+});
+
+// Workspace status
+router.get('/status', (req, res) => {
+  const store = loadTokens();
+  const accounts = (store.notion?.accounts || []).map(a => ({
+    id: a.id,
+    workspace_name: a.workspace_name,
+    workspace_id: a.workspace_id,
+    bot_id: a.bot_id,
+    status: a.status || 'connected',
+    connected_at: a.connected_at,
+  }));
+  res.json({ success: true, data: { accounts, configured: !!(NOTION_CLIENT_ID && NOTION_CLIENT_SECRET) } });
+});
+
+// Disconnect workspace
+router.delete('/disconnect', (req, res) => {
+  const { accountId } = req.body || {};
+  if (!accountId) return res.json({ success: false, error: 'accountId required' });
+
+  const store = loadTokens();
+  if (!store.notion) return res.json({ success: false, error: 'No Notion workspaces found' });
+
+  const idx = store.notion.accounts.findIndex(a => a.id === accountId);
+  if (idx < 0) return res.json({ success: false, error: 'Workspace not found' });
+
+  const account = store.notion.accounts[idx];
+  store.notion.accounts.splice(idx, 1);
+  saveTokens(store);
+
+  console.log(`[notion-oauth] Disconnected workspace: ${account.workspace_name}`);
+  res.json({ success: true, data: { workspace_name: account.workspace_name } });
+});
+
+// Search Notion
+router.get('/search', async (req, res) => {
+  const { q, accountId } = req.query;
+  const tokenInfo = getNotionToken(accountId);
+  if (!tokenInfo) return res.json({ success: false, error: 'No Notion workspace connected' });
+
+  try {
+    const body = {};
+    if (q) body.query = q;
+
+    const resp = await fetch('https://api.notion.com/v1/search', {
+      method: 'POST',
+      headers: {
+        'Authorization': `Bearer ${tokenInfo.token}`,
+        'Notion-Version': NOTION_API_VERSION,
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify(body),
+    });
+
+    if (!resp.ok) {
+      const err = await resp.text();
+      console.error('[notion-oauth] Search failed:', err);
+      return res.json({ success: false, error: 'Notion search failed' });
+    }
+
+    const data = await resp.json();
+    res.json({ success: true, data });
+  } catch (e) {
+    res.json({ success: false, error: e.message });
+  }
+});
+
+// Get page content (blocks)
+router.get('/pages/:pageId', async (req, res) => {
+  const { accountId } = req.query;
+  const tokenInfo = getNotionToken(accountId);
+  if (!tokenInfo) return res.json({ success: false, error: 'No Notion workspace connected' });
+
+  try {
+    // Get page properties
+    const pageResp = await fetch(`https://api.notion.com/v1/pages/${req.params.pageId}`, {
+      headers: {
+        'Authorization': `Bearer ${tokenInfo.token}`,
+        'Notion-Version': NOTION_API_VERSION,
+      },
+    });
+
+    // Get page blocks (content)
+    const blocksResp = await fetch(`https://api.notion.com/v1/blocks/${req.params.pageId}/children?page_size=100`, {
+      headers: {
+        'Authorization': `Bearer ${tokenInfo.token}`,
+        'Notion-Version': NOTION_API_VERSION,
+      },
+    });
+
+    if (!pageResp.ok || !blocksResp.ok) {
+      return res.json({ success: false, error: 'Failed to fetch page' });
+    }
+
+    const page = await pageResp.json();
+    const blocks = await blocksResp.json();
+
+    res.json({ success: true, data: { page, blocks: blocks.results } });
+  } catch (e) {
+    res.json({ success: false, error: e.message });
+  }
+});
+
+// Create page
+router.post('/pages', async (req, res) => {
+  const { accountId } = req.query;
+  const tokenInfo = getNotionToken(accountId);
+  if (!tokenInfo) return res.json({ success: false, error: 'No Notion workspace connected' });
+
+  try {
+    const resp = await fetch('https://api.notion.com/v1/pages', {
+      method: 'POST',
+      headers: {
+        'Authorization': `Bearer ${tokenInfo.token}`,
+        'Notion-Version': NOTION_API_VERSION,
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify(req.body),
+    });
+
+    if (!resp.ok) {
+      const err = await resp.text();
+      console.error('[notion-oauth] Create page failed:', err);
+      return res.json({ success: false, error: 'Failed to create page' });
+    }
+
+    const data = await resp.json();
+    res.json({ success: true, data });
+  } catch (e) {
+    res.json({ success: false, error: e.message });
+  }
+});
+
+module.exports = { router, getNotionToken };

package/package.json

@@ -0,0 +1,61 @@
+{
+  "name": "@conversionpros/aiva",
+  "version": "1.0.0",
+  "description": "AIVA - AI Virtual Assistant. Personal AI assistant powered by OpenClaw.",
+  "main": "lib/server.js",
+  "bin": {
+    "aiva": "./bin/aiva.js"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "files": [
+    "bin/",
+    "lib/",
+    "public/",
+    "routes/",
+    "templates/",
+    "docs/",
+    "message-router/",
+    "router-v2/",
+    "scripts/",
+    "*.js",
+    "*.txt",
+    "*.sh",
+    "README.md"
+  ],
+  "dependencies": {
+    "@anthropic-ai/sdk": "^0.74.0",
+    "@deepgram/sdk": "^4.11.3",
+    "bcryptjs": "^3.0.3",
+    "better-sqlite3": "^12.6.2",
+    "commander": "^13.1.0",
+    "cors": "^2.8.5",
+    "dotenv": "^17.3.1",
+    "express": "^4.18.2",
+    "express-session": "^1.19.0",
+    "form-data": "^4.0.5",
+    "jsonwebtoken": "^9.0.3",
+    "multer": "^2.0.2",
+    "node-fetch": "^2.7.0",
+    "ora": "^5.4.1",
+    "picocolors": "^1.1.1",
+    "prompts": "^2.4.2",
+    "socket.io": "^4.8.3",
+    "ssh2": "^1.17.0",
+    "uuid": "^13.0.0",
+    "ws": "^8.19.0"
+  },
+  "keywords": [
+    "aiva",
+    "ai-assistant",
+    "openclaw",
+    "virtual-assistant"
+  ],
+  "author": "Conversion Marketing Pros",
+  "license": "UNLICENSED",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/conversionpros/aiva-cli"
+  }
+}

package/public/agent-config.html

@@ -0,0 +1,241 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<link rel="stylesheet" href="/styles/design-system.css">
+<title>AIVA - Agent Configuration</title>
+<style>
+body{font-family:var(--font-sans);background:var(--bg-secondary);color:var(--text);min-height:100vh;display:flex;flex-direction:column;align-items:center;padding:20px}
+.container{max-width:520px;width:100%}
+.header{text-align:center;margin-bottom:24px;padding:16px 0;border-bottom:1px solid var(--border-dim)}
+.header h1{font-size:18px;color:var(--text-dim);font-weight:500;letter-spacing:1px}
+.header .subtitle{font-size:14px;color:var(--text-dim);margin-top:6px}
+.header .contact-name{font-size:20px;font-weight:600;color:var(--text);margin-top:8px}
+.header .contact-phone{font-size:14px;color:var(--blue);margin-top:2px}
+
+.section{background:var(--surface-glass);border:1px solid var(--border-dim);border-radius:var(--radius-lg);padding:var(--space-lg);margin-bottom:var(--space-lg)}
+.section-title{font-size:16px;font-weight:600;color:var(--text);margin-bottom:var(--space-xs)}
+.section-desc{font-size:13px;color:var(--text-dim);margin-bottom:var(--space-lg);line-height:1.4}
+
+.presets{display:flex;gap:var(--space-sm);margin-bottom:var(--space-lg)}
+.preset-btn{flex:1;padding:8px 4px;background:var(--bg);border:1px solid var(--border);border-radius:var(--radius-md);color:var(--text-dim);font-size:12px;font-weight:600;cursor:pointer;transition:all .2s;font-family:inherit}
+.preset-btn:hover{border-color:var(--blue);color:var(--blue)}
+.preset-btn.active{border-color:var(--blue);background:#1c2333;color:var(--blue)}
+
+.skill-item{display:flex;align-items:flex-start;justify-content:space-between;padding:12px 0;border-bottom:1px solid var(--border-dim)}
+.skill-item:last-child{border-bottom:none}
+.skill-info{flex:1;margin-right:12px}
+.skill-name{font-size:14px;font-weight:600;color:var(--text-secondary)}
+.skill-desc{font-size:12px;color:var(--text-dim);margin-top:2px;line-height:1.4}
+
+.toggle{position:relative;width:44px;height:24px;flex-shrink:0;margin-top:2px}
+.toggle input{opacity:0;width:0;height:0}
+.toggle .slider{position:absolute;cursor:pointer;top:0;left:0;right:0;bottom:0;background:var(--border);border-radius:24px;transition:.2s}
+.toggle .slider:before{content:'';position:absolute;height:18px;width:18px;left:3px;bottom:3px;background:var(--text-dim);border-radius:50%;transition:.2s}
+.toggle input:checked+.slider{background:var(--green-border)}
+.toggle input:checked+.slider:before{transform:translateX(20px);background:#fff}
+
+.warning-banner{background:var(--yellow-bg);border:1px solid var(--yellow-border);border-radius:var(--radius-md);padding:10px 12px;margin-bottom:var(--space-lg);font-size:12px;color:var(--yellow-border);line-height:1.4}
+
+.collapsible-header{display:flex;align-items:center;justify-content:space-between;cursor:pointer;user-select:none}
+.collapsible-header .chevron{color:var(--text-dim);font-size:14px;transition:transform .2s}
+.collapsible-header.open .chevron{transform:rotate(180deg)}
+.collapsible-body{display:none;margin-top:var(--space-lg)}
+.collapsible-body.open{display:block}
+
+textarea{width:100%;background:var(--bg);border:1px solid var(--border);border-radius:var(--radius-md);padding:12px;font-size:14px;color:var(--text);resize:vertical;font-family:inherit;min-height:100px;transition:border-color .2s}
+textarea:focus{outline:none;border-color:var(--blue)}
+.char-count{text-align:right;font-size:11px;color:var(--text-muted);margin-top:var(--space-xs)}
+
+.btn{width:100%;padding:14px;background:var(--green-border);color:#fff;border:none;border-radius:var(--radius-lg);font-size:16px;font-weight:600;cursor:pointer;margin-top:var(--space-sm);transition:background .2s}
+.btn:hover{background:#2ea043}
+.btn:disabled{background:var(--border-dim);color:var(--text-muted);cursor:not-allowed}
+
+.status{text-align:center;padding:12px;border-radius:var(--radius-lg);margin-top:var(--space-md);font-size:14px;display:none}
+.status.success{display:block;background:var(--green-bg);border:1px solid var(--green-border);color:var(--green)}
+.status.error{display:block;background:var(--red-bg);border:1px solid var(--red-border);color:var(--red)}
+
+.loading{text-align:center;padding:60px;color:var(--text-dim)}
+.loading .spinner{display:inline-block;width:24px;height:24px;border:3px solid var(--border);border-top-color:var(--blue);border-radius:50%;animation:spin .8s linear infinite;margin-bottom:12px}
+@keyframes spin{to{transform:rotate(360deg)}}
+
+.error-page{text-align:center;padding:40px 20px}
+.error-page h2{color:var(--red);margin-bottom:12px}
+.error-page p{color:var(--text-dim)}
+</style>
+</head>
+<body>
+<div class="container" id="app">
+<div class="loading" id="loading"><div class="spinner"></div><br>Loading configuration...</div>
+</div>
+<script>
+const phone = new URLSearchParams(window.location.search).get('phone');
+const app = document.getElementById('app');
+
+const BASIC_SKILLS = ['search', 'calendar', 'knowledge', 'contacts'];
+
+function esc(s) { const d = document.createElement('div'); d.textContent = s || ''; return d.innerHTML; }
+
+if (!phone) {
+  app.innerHTML = '<div class="error-page"><h2>Invalid Link</h2><p>Missing phone number parameter.</p></div>';
+} else {
+  loadConfig();
+}
+
+async function loadConfig() {
+  try {
+    const res = await fetch(`/api/agent-sessions/${encodeURIComponent(phone)}/config`);
+    if (!res.ok) throw new Error(res.status === 404 ? 'Session not found for this contact.' : 'Failed to load configuration.');
+    const data = await res.json();
+    render(data);
+  } catch (e) {
+    app.innerHTML = `<div class="error-page"><h2>Error</h2><p>${esc(e.message)}</p></div>`;
+  }
+}
+
+function render(data) {
+  const contactName = data.contactName || 'this contact';
+  const skills = data.skills || [];
+  const toolPolicies = data.toolPolicies || [];
+  const instructions = data.instructions || '';
+  const enabledSkills = new Set(data.enabledSkills || []);
+  const enabledPolicies = data.enabledPolicies || {};
+
+  app.innerHTML = `
+    <div class="header">
+      <h1>AGENT CONFIGURATION</h1>
+      <div class="contact-name">${esc(contactName)}</div>
+      <div class="contact-phone">${esc(phone)}</div>
+    </div>
+
+    <div class="section">
+      <div class="section-title">Agent Skills</div>
+      <div class="section-desc">Choose what this agent can do for ${esc(contactName)}</div>
+      <div class="presets">
+        <button class="preset-btn" onclick="applyPreset('demo')">Demo (none)</button>
+        <button class="preset-btn" onclick="applyPreset('basic')">Basic</button>
+        <button class="preset-btn" onclick="applyPreset('full')">Full Access</button>
+      </div>
+      <div id="skills-list">
+        ${skills.map(s => `
+          <div class="skill-item">
+            <div class="skill-info">
+              <div class="skill-name">${esc(s.name)}</div>
+              <div class="skill-desc">${esc(s.description)}</div>
+            </div>
+            <label class="toggle">
+              <input type="checkbox" data-skill-id="${esc(s.id)}" ${enabledSkills.has(s.id) ? 'checked' : ''} onchange="updatePresetHighlight()">
+              <span class="slider"></span>
+            </label>
+          </div>
+        `).join('')}
+      </div>
+    </div>
+
+    <div class="section">
+      <div class="collapsible-header" onclick="togglePolicies()">
+        <div>
+          <div class="section-title">Tool Policies</div>
+          <div class="section-desc" style="margin-bottom:0">Advanced system-level permissions</div>
+        </div>
+        <span class="chevron">▼</span>
+      </div>
+      <div class="collapsible-body" id="policies-body">
+        <div class="warning-banner">⚠️ These controls grant low-level system access. Most contacts should not need any of these enabled.</div>
+        <div id="policies-list">
+          ${toolPolicies.map(p => `
+            <div class="skill-item">
+              <div class="skill-info">
+                <div class="skill-name">${esc(p.name)}</div>
+                <div class="skill-desc">${esc(p.description)}</div>
+              </div>
+              <label class="toggle">
+                <input type="checkbox" data-policy-id="${esc(p.id)}" ${enabledPolicies[p.id] ? 'checked' : ''}>
+                <span class="slider"></span>
+              </label>
+            </div>
+          `).join('')}
+        </div>
+      </div>
+    </div>
+
+    <div class="section">
+      <div class="section-title">Custom Instructions</div>
+      <div class="section-desc">Tell the agent how to behave with this contact</div>
+      <textarea id="instructions" maxlength="2000" placeholder="e.g., 'Be friendly and casual. This is my mom, help her with tech questions. Never discuss business details.'" oninput="updateCharCount()">${esc(instructions)}</textarea>
+      <div class="char-count" id="char-count">${instructions.length}/2000</div>
+    </div>
+
+    <button class="btn" id="save-btn" onclick="saveConfig()">Save Configuration</button>
+    <div class="status" id="status"></div>
+  `;
+
+  window._skillIds = skills.map(s => s.id);
+  updatePresetHighlight();
+}
+
+window.applyPreset = function(preset) {
+  const checkboxes = document.querySelectorAll('[data-skill-id]');
+  checkboxes.forEach(cb => {
+    if (preset === 'demo') cb.checked = false;
+    else if (preset === 'basic') cb.checked = BASIC_SKILLS.includes(cb.dataset.skillId);
+    else if (preset === 'full') cb.checked = true;
+  });
+  updatePresetHighlight();
+};
+
+window.updatePresetHighlight = function() {
+  const checkboxes = [...document.querySelectorAll('[data-skill-id]')];
+  const allOff = checkboxes.every(c => !c.checked);
+  const allOn = checkboxes.every(c => c.checked);
+  const isBasic = checkboxes.every(c => c.checked === BASIC_SKILLS.includes(c.dataset.skillId));
+  document.querySelectorAll('.preset-btn').forEach(b => b.classList.remove('active'));
+  if (allOff) document.querySelectorAll('.preset-btn')[0]?.classList.add('active');
+  else if (isBasic) document.querySelectorAll('.preset-btn')[1]?.classList.add('active');
+  else if (allOn) document.querySelectorAll('.preset-btn')[2]?.classList.add('active');
+};
+
+window.togglePolicies = function() {
+  const header = document.querySelector('.collapsible-header');
+  const body = document.getElementById('policies-body');
+  header.classList.toggle('open');
+  body.classList.toggle('open');
+};
+
+window.updateCharCount = function() {
+  const ta = document.getElementById('instructions');
+  document.getElementById('char-count').textContent = `${ta.value.length}/2000`;
+};
+
+window.saveConfig = async function() {
+  const btn = document.getElementById('save-btn');
+  const status = document.getElementById('status');
+  status.className = 'status';
+  btn.disabled = true;
+  btn.textContent = 'Saving...';
+
+  const skills = [...document.querySelectorAll('[data-skill-id]:checked')].map(c => c.dataset.skillId);
+  const tool_policies = {};
+  document.querySelectorAll('[data-policy-id]').forEach(c => { tool_policies[c.dataset.policyId] = c.checked; });
+  const instructions = document.getElementById('instructions').value.trim();
+
+  try {
+    const res = await fetch(`/api/agent-sessions/${encodeURIComponent(phone)}/config`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ skills, tool_policies, instructions })
+    });
+    if (!res.ok) { const d = await res.json().catch(() => ({})); throw new Error(d.error || 'Failed to save.'); }
+    status.className = 'status success';
+    status.textContent = '✓ Configuration saved successfully.';
+  } catch (e) {
+    status.className = 'status error';
+    status.textContent = e.message || 'Network error. Please try again.';
+  }
+  btn.disabled = false;
+  btn.textContent = 'Save Configuration';
+};
+</script>
+</body>
+</html>