@conversionpros/aiva 1.0.0

package/router-v2/utils/ai.js

@@ -0,0 +1,129 @@
+// ── AI Call Wrapper (Sonnet via OpenClaw proxy) ───────────
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+
+const PROXY_URL = 'http://127.0.0.1:18789/v1/chat/completions';
+const CONFIG_PATH = path.join(process.env.HOME || '/Users/brandonburgan', '.openclaw', 'openclaw.json');
+const DEFAULT_MODEL = 'claude-sonnet-4-20250514';
+
+let _cachedPassword = null;
+
+function getOpenClawPassword() {
+  if (_cachedPassword) return _cachedPassword;
+  try {
+    const config = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf-8'));
+    _cachedPassword = config?.gateway?.auth?.password || '';
+    return _cachedPassword;
+  } catch {
+    return '';
+  }
+}
+
+function log(msg, data) {
+  const ts = new Date().toISOString();
+  if (data) console.log(`[${ts}] [AI] ${msg}`, JSON.stringify(data));
+  else console.log(`[${ts}] [AI] ${msg}`);
+}
+
+function sleep(ms) { return new Promise(r => setTimeout(r, ms)); }
+
+/**
+ * Call Sonnet via the OpenClaw proxy with retry and backoff.
+ * @param {Object} options
+ * @param {Array<{role: string, content: string}>} options.messages - Chat messages
+ * @param {Array<Object>} [options.tools] - Tool definitions for function calling
+ * @param {string} [options.model] - Model override (default: latest Sonnet)
+ * @param {number} [options.maxTokens=1000] - Max tokens
+ * @param {number} [options.temperature=0.7] - Temperature
+ * @param {number} [options.timeoutMs=60000] - Request timeout
+ * @returns {Promise<{content: string|null, toolCalls: Array|null, usage: Object|null}>}
+ */
+async function callSonnet({ messages, tools, model, maxTokens = 1000, temperature = 0.7, timeoutMs = 60000 }) {
+  const password = getOpenClawPassword();
+  if (!password) {
+    log('No OpenClaw password found');
+    return { content: null, toolCalls: null, usage: null };
+  }
+
+  const body = {
+    model: model || DEFAULT_MODEL,
+    max_tokens: maxTokens,
+    temperature,
+    messages,
+  };
+  if (tools && tools.length > 0) {
+    body.tools = tools;
+  }
+
+  // Retry with exponential backoff
+  const delays = [0, 5000, 15000, 30000, 60000];
+  for (let attempt = 0; attempt < delays.length; attempt++) {
+    if (attempt > 0) {
+      log(`Retry ${attempt}/${delays.length - 1}, waiting ${delays[attempt] / 1000}s`);
+      await sleep(delays[attempt]);
+    }
+
+    try {
+      const resp = await fetch(PROXY_URL, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'Authorization': `Bearer ${password}`,
+        },
+        body: JSON.stringify(body),
+        signal: AbortSignal.timeout(timeoutMs),
+      });
+
+      if (!resp.ok) {
+        const errText = await resp.text().catch(() => 'unknown');
+        log('Proxy HTTP error', { status: resp.status, body: errText.substring(0, 200), attempt });
+        continue;
+      }
+
+      const data = await resp.json();
+      const choice = data.choices?.[0];
+      if (!choice) {
+        log('No choices in response', { attempt });
+        continue;
+      }
+
+      const message = choice.message;
+      const content = message?.content?.trim() || null;
+      const toolCalls = message?.tool_calls || null;
+
+      return {
+        content,
+        toolCalls,
+        usage: data.usage || null,
+      };
+    } catch (e) {
+      log('Proxy request error', { error: e.message, attempt });
+      continue;
+    }
+  }
+
+  log('All retries exhausted');
+  return { content: null, toolCalls: null, usage: null };
+}
+
+/**
+ * Simple text-in/text-out AI call.
+ * @param {string} systemPrompt - System prompt
+ * @param {string} userMessage - User message
+ * @param {Object} [opts] - Additional options (model, maxTokens, temperature)
+ * @returns {Promise<string|null>} Response text or null on failure
+ */
+async function callAI(systemPrompt, userMessage, opts = {}) {
+  const result = await callSonnet({
+    messages: [
+      { role: 'system', content: systemPrompt },
+      { role: 'user', content: userMessage },
+    ],
+    ...opts,
+  });
+  return result.content;
+}
+
+module.exports = { callSonnet, callAI, DEFAULT_MODEL };

package/router-v2/utils/phone.js

@@ -0,0 +1,52 @@
+// ── Phone Number Normalization Utilities ──────────────────
+'use strict';
+
+/**
+ * Normalize a phone number to E.164 format.
+ * Strips all non-digit characters (except leading +), ensures +1 prefix for US numbers.
+ * @param {string} raw - Raw phone number input
+ * @returns {string} E.164 normalized phone number (e.g. +15551234567)
+ */
+function normalizePhone(raw) {
+  if (!raw) return '';
+  let cleaned = String(raw).replace(/[^\d+]/g, '');
+  // Remove leading + to work with digits only
+  const hasPlus = cleaned.startsWith('+');
+  cleaned = cleaned.replace(/^\+/, '');
+  // Remove leading 1 if 11 digits (US format)
+  if (cleaned.length === 11 && cleaned.startsWith('1')) {
+    return '+' + cleaned;
+  }
+  // 10 digits - assume US, add +1
+  if (cleaned.length === 10) {
+    return '+1' + cleaned;
+  }
+  // Already has country code or international
+  if (hasPlus || cleaned.length > 10) {
+    return '+' + cleaned;
+  }
+  // Fallback - return what we have with +
+  return '+' + cleaned;
+}
+
+/**
+ * Check if a phone number is valid (basic check - has enough digits).
+ * @param {string} phone - Phone number (should be E.164)
+ * @returns {boolean}
+ */
+function isValidPhone(phone) {
+  if (!phone) return false;
+  const digits = phone.replace(/\D/g, '');
+  return digits.length >= 10 && digits.length <= 15;
+}
+
+/**
+ * Strip +1 prefix for display purposes.
+ * @param {string} phone - E.164 phone number
+ * @returns {string} Phone without country code
+ */
+function stripCountryCode(phone) {
+  return (phone || '').replace(/^\+1/, '');
+}
+
+module.exports = { normalizePhone, isValidPhone, stripCountryCode };

package/router-v2/utils/response-validator.js

@@ -0,0 +1,98 @@
+// ── Response Validator - Haiku post-validation layer ──
+// Checks if Sonnet's response overpromises capabilities the contact doesn't have.
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+
+const PROXY_URL = 'http://127.0.0.1:18789/v1/chat/completions';
+const MODEL = 'claude-haiku-4-20250514';
+const CONFIG_PATH = path.join(process.env.HOME || '/Users/brandonburgan', '.openclaw', 'openclaw.json');
+
+let _cachedPassword = null;
+function getPassword() {
+  if (_cachedPassword) return _cachedPassword;
+  try {
+    const config = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf-8'));
+    _cachedPassword = config?.gateway?.auth?.password || '';
+    return _cachedPassword;
+  } catch { return ''; }
+}
+
+/**
+ * Validate a Sonnet response against actual contact permissions.
+ * Uses Haiku via the OpenClaw proxy to check if the response overpromises.
+ * Fails open (returns valid) on any error.
+ *
+ * @param {string} responseText - Sonnet's generated response
+ * @param {Object} permissions - What the contact CAN do
+ * @param {boolean} permissions.canSchedule
+ * @param {boolean} permissions.canCreateTask
+ * @param {boolean} permissions.canCreateReminder
+ * @param {boolean} permissions.canSendFile
+ * @param {boolean} permissions.canSendMessage
+ * @returns {Promise<{valid: boolean, reason: string|null}>}
+ */
+async function validateResponse(responseText, permissions) {
+  try {
+    // Build list of denied capabilities
+    const denied = [];
+    if (!permissions.canSchedule) denied.push('scheduling/booking appointments/checking calendar availability');
+    if (!permissions.canCreateTask) denied.push('creating tasks');
+    if (!permissions.canCreateReminder) denied.push('setting reminders');
+    if (!permissions.canSendFile) denied.push('sending files');
+    if (!permissions.canSendMessage) denied.push('sending messages to others');
+
+    // If everything is allowed, no need to validate
+    if (denied.length === 0) return { valid: true, reason: null };
+
+    const prompt = `You are a strict compliance validator. The assistant has these PROHIBITED capabilities: ${denied.join(', ')}.
+
+The assistant MUST NOT:
+- Promise, imply, or suggest it will do any prohibited action
+- Say it will "pass along", "let someone know", "check on that", "get back to you", or relay any request related to a prohibited capability
+- Mention Brandon or any human by name in relation to a prohibited capability
+- Acknowledge the request in any way that implies it will be handled
+
+If the response does ANY of the above, it is overpromising.
+
+Response to validate: "${responseText}"
+
+JSON only: {"overpromises": true/false, "capability": "which one or null"}`;
+
+    const password = getPassword();
+    const resp = await fetch(PROXY_URL, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${password}` },
+      body: JSON.stringify({
+        model: MODEL,
+        messages: [{ role: 'user', content: prompt }],
+        max_tokens: 100,
+        temperature: 0,
+      }),
+      signal: AbortSignal.timeout(10000),
+    });
+
+    if (!resp.ok) {
+      console.log(`[${new Date().toISOString()}] [VALIDATOR] Proxy error ${resp.status} (fail-open)`);
+      return { valid: true, reason: null };
+    }
+
+    const data = await resp.json();
+    const text = data.choices?.[0]?.message?.content || '';
+    const match = text.match(/\{[^}]+\}/);
+    if (!match) return { valid: true, reason: null };
+
+    const parsed = JSON.parse(match[0]);
+    if (parsed.overpromises) {
+      return { valid: false, reason: parsed.capability || 'unknown' };
+    }
+    return { valid: true, reason: null };
+  } catch (err) {
+    // Fail open
+    console.log(`[${new Date().toISOString()}] [VALIDATOR] Error (fail-open): ${err.message}`);
+    return { valid: true, reason: null };
+  }
+}
+
+module.exports = { validateResponse };

package/router-v2/utils/sanitize.js

@@ -0,0 +1,222 @@
+// ── Outbound Message Sanitization ─────────────────────────
+// Ported from v1 router.js - every regex, every block pattern.
+// This is the last line of defense before a message reaches a contact.
+'use strict';
+
+// ── Block patterns - messages matching 2+ of these (or 1 strong) are blocked ──
+const OUTBOUND_BLOCK_PATTERNS = [
+  // Command/tool output
+  /gog\s+calendar/i,
+  /GOG_KEYRING_PASSWORD/i,
+  /openclaw\s+(cron|gateway|message|session)/i,
+  /imsg\s+send/i,
+  /execSync|exec\(|spawn\(/i,
+  /curl\s+/i,
+  /POST\s+\/api\//i,
+  /GET\s+\/api\//i,
+  /localhost:\d+/i,
+  /127\.0\.0\.1/i,
+  /\$ \w+/, // shell prompts
+  // Error output
+  /Error:|ERR!|ECONNREFUSED|ETIMEDOUT|ENOENT|stack trace/i,
+  /at\s+\w+\s+\(.*:\d+:\d+\)/, // stack trace lines
+  /Command failed|exit code|stderr/i,
+  // Internal reasoning / chain-of-thought
+  /<thinking>[\s\S]*?<\/thinking>/i,
+  /\[ROUTER[\-:]|ROUTER-ALERT/i,
+  /\[Actionable:|CALENDAR_REQUEST|REMINDER_REQUEST|TASK_REQUEST/,
+  /escalat(?:ion|e|ing)\s+(?:to|code|request)/i,
+  /pending.action|pending_items|pending_request/i,
+  /system\s*prompt|chain.of.thought/i,
+  /HEARTBEAT_OK|HEARTBEAT\.md/i,
+  /AGENTS\.md|IDENTITY\.md|MEMORY\.md|TOOLS\.md/i,
+  /sub-?agent|subagent|spawned.*agent/i,
+  /webhook.*openclaw|openclaw.*webhook/i,
+  /callback.*url|callbackUrl/i,
+  // Schedule/calendar internals (not human-facing)
+  /available\s+slots?\s*:/i,
+  /Brandon'?s\s+(?:full\s+)?schedule/i,
+  // API keys and tokens
+  /sk-ant-|Bearer\s+\w{20,}|eyJ[A-Za-z0-9_-]{20,}/i,
+  /x-aiva-internal/i,
+  // JSON blobs (likely internal data)
+  /\{"(?:status|error|requestId|phone|pending|action)":/,
+];
+
+// Strong patterns - a single match is enough to block
+const STRONG_BLOCK_PATTERNS = [
+  /GOG_KEYRING_PASSWORD/i,
+  /sk-ant-|Bearer\s+\w{20,}/i,
+  /<thinking>[\s\S]*?<\/thinking>/i,
+  /x-aiva-internal/i,
+  /HEARTBEAT_OK|HEARTBEAT\.md/i,
+  /AGENTS\.md|IDENTITY\.md|TOOLS\.md/i,
+  /at\s+\w+\s+\(.*:\d+:\d+\)/,
+  /\{"(?:status|error|requestId|phone|pending|action)":/,
+  /openclaw/i,
+];
+
+// Error message patterns
+const ERROR_PATTERNS = [
+  /no response from openclaw/i,
+  /openclaw.*error/i,
+  /internal server error/i,
+  /ECONNREFUSED/i,
+  /agent.*timeout/i,
+  /session.*failed/i,
+  /tool.*error/i,
+];
+
+// Chain-of-thought patterns to strip from responses
+const COT_PATTERNS = [
+  /(?:Wait,?\s+(?:I need to|let me|I should|actually))[^\n]*/gi,
+  /(?:Let me (?:re-?read|reconsider|re-?think|re-?evaluate|look at))[^\n]*/gi,
+  /(?:Actually,?\s+(?:I think|let me|I should|on second thought))[^\n]*/gi,
+  /(?:Hmm,?\s+(?:I think|let me|I should|looking at))[^\n]*/gi,
+  /(?:On second thought)[^\n]*/gi,
+  /(?:I need to (?:reconsider|re-?think|re-?evaluate|check|be careful))[^\n]*/gi,
+  /(?:I'm responding as (?:Brandon's|an?) (?:assistant|AI))[^\n]*/gi,
+];
+
+// Internal directive patterns to strip
+const INTERNAL_PATTERNS = [
+  /(?:I should\s)[^\n]*/gi,
+  /(?:I need to\s)[^\n]*/gi,
+  /(?:Looking at the conversation)[^\n]*/gi,
+  /(?:Analyzing (?:the |this ))[^\n]*/gi,
+  /(?:Based on (?:the |my )(?:instructions|rules|system prompt|context))[^\n]*/gi,
+  /(?:The (?:user|contact|sender) (?:is asking|wants|seems))[^\n]*/gi,
+  /(?:My (?:task|job|role|goal) (?:is|here is))[^\n]*/gi,
+];
+
+// Sensitive line patterns for stripping from multi-part responses
+const SENSITIVE_LINE_PATTERNS = [
+  /api[_-]?key/i, /password/i, /token/i, /secret/i, /openclaw/i,
+  /localhost/i, /127\.0\.0\.1/i, /\.openclaw\//i, /curl\s/i,
+  /sk-ant-/i, /sk-or-/i, /ghp_/i, /xai-/i, /r8_/i,
+  /supabase/i, /cloudflare/i, /twilio/i, /replicate/i,
+  /SID:/i, /Base64:/i, /\.json/i, /PM2/i, /ngrok/i,
+  /sessions_send/i, /sessions_spawn/i, /heartbeat/i,
+  /AGENTS\.md/i, /HEARTBEAT\.md/i, /MEMORY\.md/i, /TOOLS\.md/i,
+  /task.*board/i, /cron.*job/i, /gateway/i,
+];
+
+/**
+ * Check if a message contains internal content that should NEVER reach a contact.
+ * @param {string} text - Message text to check
+ * @returns {boolean} True if the message contains internal content
+ */
+function isInternalContent(text) {
+  if (!text) return false;
+  const matchCount = OUTBOUND_BLOCK_PATTERNS.reduce((count, p) => count + (p.test(text) ? 1 : 0), 0);
+  const strongMatch = STRONG_BLOCK_PATTERNS.some(p => p.test(text));
+  return strongMatch || matchCount >= 2;
+}
+
+/**
+ * Check if a message is an error message from internal systems.
+ * @param {string} text - Message text to check
+ * @returns {boolean}
+ */
+function isErrorMessage(text) {
+  if (!text) return false;
+  return ERROR_PATTERNS.some(p => p.test(text));
+}
+
+/**
+ * Sanitize a response before sending to a contact.
+ * Strips chain-of-thought, internal directives, em dashes, and other artifacts.
+ * Returns null if the message should be suppressed entirely.
+ * @param {string} text - Raw response text
+ * @returns {string|null} Sanitized text, or null if message should be suppressed
+ */
+function sanitizeResponse(text) {
+  if (!text) return null;
+  let result = text;
+
+  // 1. Strip thinking blocks
+  result = result.replace(/<thinking>[\s\S]*?<\/thinking>/gi, '');
+
+  // 2. NO_REPLY anywhere in text - suppress entire message
+  if (/NO_REPLY/i.test(result)) return null;
+
+  // 3. Strip chain-of-thought patterns
+  for (const pat of COT_PATTERNS) {
+    result = result.replace(pat, '');
+  }
+
+  // 4. Strip internal directive lines
+  for (const pat of INTERNAL_PATTERNS) {
+    result = result.replace(pat, '');
+  }
+
+  // 5. Handle multiple draft concatenation - take last clean block
+  const draftSplitters = /(?:Wait|Actually|Let me re|Hmm|On second thought)[^\n]*\n/i;
+  if (draftSplitters.test(result)) {
+    const parts = result.split(draftSplitters).map(p => p.trim()).filter(Boolean);
+    if (parts.length > 1) {
+      result = parts[parts.length - 1];
+    }
+  }
+
+  // 6. Replace em dashes, en dashes, and horizontal bars with commas (AI artifact, looks unnatural in texts)
+  result = result.replace(/[\u2013\u2014\u2015]/g, ',').replace(/ , /g, ', ');
+
+  // 7. Final cleanup
+  result = result.replace(/\n{3,}/g, '\n\n').trim();
+  if (!result || result.length === 0) return null;
+
+  return result;
+}
+
+/**
+ * Strip sensitive lines from multi-part text (e.g. conversation history assembly).
+ * @param {string} text - Text that may contain sensitive lines
+ * @returns {string} Text with sensitive lines removed
+ */
+function stripSensitiveLines(text) {
+  if (!text) return '';
+  const lines = text.split('\n');
+  return lines.filter(line => !SENSITIVE_LINE_PATTERNS.some(p => p.test(line))).join('\n');
+}
+
+/**
+ * Full sanitization pipeline for outbound messages.
+ * Combines sanitizeResponse + isInternalContent + isErrorMessage checks.
+ * @param {string} text - Raw outbound message
+ * @param {boolean} isMaster - Whether sending to the master phone (less restrictive)
+ * @returns {{ text: string|null, blocked: boolean, reason: string }}
+ */
+function sanitizeOutbound(text, isMaster = false) {
+  if (!text) return { text: null, blocked: true, reason: 'empty' };
+
+  // Sanitize first
+  let sanitized = sanitizeResponse(text);
+  if (!sanitized) return { text: null, blocked: true, reason: 'sanitizer_null' };
+
+  // For non-master phones, check for internal content and errors
+  if (!isMaster) {
+    if (isInternalContent(sanitized)) {
+      return { text: null, blocked: true, reason: 'internal_content' };
+    }
+    if (isErrorMessage(sanitized)) {
+      return { text: null, blocked: true, reason: 'error_message' };
+    }
+  }
+
+  // Clean up escape sequences and extra whitespace for text messages
+  sanitized = sanitized.replace(/\\n/g, '\n').replace(/\\t/g, ' ');
+  sanitized = sanitized.replace(/\n{3,}/g, '\n\n').trim();
+
+  return { text: sanitized, blocked: false, reason: null };
+}
+
+module.exports = {
+  isInternalContent,
+  isErrorMessage,
+  sanitizeResponse,
+  stripSensitiveLines,
+  sanitizeOutbound,
+  OUTBOUND_BLOCK_PATTERNS,
+  STRONG_BLOCK_PATTERNS,
+};