@conversionpros/aiva 1.0.0

package/google-oauth.js

@@ -0,0 +1,310 @@
+/**
+ * Google OAuth 2.0 Integration - Phase 1
+ * Handles OAuth flow, token management, and account status.
+ * 
+ * Endpoints:
+ *   GET  /api/integrations/google/auth-url     - Generate OAuth URL
+ *   GET  /api/integrations/google/callback      - Handle OAuth callback
+ *   GET  /api/integrations/google/status        - List connected accounts
+ *   DELETE /api/integrations/google/disconnect   - Disconnect an account
+ */
+
+const express = require('express');
+const crypto = require('crypto');
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const { v4: uuidv4 } = require('uuid');
+
+const router = express.Router();
+
+// ─── Config ───────────────────────────────────────────────────────────────────
+
+const GOOGLE_CLIENT_ID = process.env.GOOGLE_CLIENT_ID;
+const GOOGLE_CLIENT_SECRET = process.env.GOOGLE_CLIENT_SECRET;
+const GOOGLE_REDIRECT_URI = process.env.GOOGLE_REDIRECT_URI || 'http://localhost:3847/api/integrations/google/callback';
+const TOKENS_FILE = path.join(__dirname, 'data', 'oauth-tokens.json');
+
+const SCOPES = [
+  'https://www.googleapis.com/auth/gmail.modify',
+  'https://www.googleapis.com/auth/calendar',
+  'https://www.googleapis.com/auth/contacts.readonly',
+  'https://www.googleapis.com/auth/userinfo.email',
+  'https://www.googleapis.com/auth/userinfo.profile',
+];
+
+// In-memory CSRF state store (5 min TTL)
+const pendingStates = new Map();
+
+// ─── Encryption (matches existing tokens.json pattern) ────────────────────────
+
+function getEncryptionKey() {
+  return crypto.createHash('sha256').update('aiva-tokens-' + os.hostname()).digest();
+}
+
+function encrypt(text) {
+  const key = getEncryptionKey();
+  const iv = crypto.randomBytes(12);
+  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
+  let enc = cipher.update(text, 'utf8', 'hex');
+  enc += cipher.final('hex');
+  const tag = cipher.getAuthTag().toString('hex');
+  return `${iv.toString('hex')}:${tag}:${enc}`;
+}
+
+function decrypt(stored) {
+  const key = getEncryptionKey();
+  const [ivHex, tagHex, enc] = stored.split(':');
+  const decipher = crypto.createDecipheriv('aes-256-gcm', key, Buffer.from(ivHex, 'hex'));
+  decipher.setAuthTag(Buffer.from(tagHex, 'hex'));
+  let dec = decipher.update(enc, 'hex', 'utf8');
+  dec += decipher.final('utf8');
+  return dec;
+}
+
+// ─── Token Storage ────────────────────────────────────────────────────────────
+
+function loadTokens() {
+  try {
+    if (fs.existsSync(TOKENS_FILE)) {
+      return JSON.parse(fs.readFileSync(TOKENS_FILE, 'utf8'));
+    }
+  } catch (e) {
+    console.error('[google-oauth] Failed to load tokens:', e.message);
+  }
+  return { google: { accounts: [] } };
+}
+
+function saveTokens(data) {
+  const dir = path.dirname(TOKENS_FILE);
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+  fs.writeFileSync(TOKENS_FILE, JSON.stringify(data, null, 2));
+}
+
+// ─── PKCE Helpers ─────────────────────────────────────────────────────────────
+
+function generateCodeVerifier() {
+  return crypto.randomBytes(64).toString('base64url');
+}
+
+function generateCodeChallenge(verifier) {
+  return crypto.createHash('sha256').update(verifier).digest('base64url');
+}
+
+// ─── Token Refresh ────────────────────────────────────────────────────────────
+
+async function refreshAccessToken(account) {
+  const refreshToken = decrypt(account.refresh_token);
+  const resp = await fetch('https://oauth2.googleapis.com/token', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    body: new URLSearchParams({
+      client_id: GOOGLE_CLIENT_ID,
+      client_secret: GOOGLE_CLIENT_SECRET,
+      refresh_token: refreshToken,
+      grant_type: 'refresh_token',
+    }),
+  });
+
+  if (!resp.ok) {
+    const err = await resp.text();
+    console.error('[google-oauth] Refresh failed:', err);
+    return null;
+  }
+
+  const data = await resp.json();
+  account.access_token = encrypt(data.access_token);
+  account.token_expiry = new Date(Date.now() + data.expires_in * 1000).toISOString();
+  if (data.refresh_token) {
+    account.refresh_token = encrypt(data.refresh_token);
+  }
+  return account;
+}
+
+/**
+ * Get a valid access token for an account, refreshing if needed.
+ * Exported so email/calendar modules can use it.
+ */
+async function getValidAccessToken(accountId) {
+  const store = loadTokens();
+  const account = store.google.accounts.find(a => a.id === accountId);
+  if (!account) throw new Error('Account not found');
+
+  const expiry = new Date(account.token_expiry);
+  const fiveMinFromNow = new Date(Date.now() + 5 * 60 * 1000);
+
+  if (expiry > fiveMinFromNow) {
+    return { token: decrypt(account.access_token), email: account.email };
+  }
+
+  // Refresh needed
+  const refreshed = await refreshAccessToken(account);
+  if (!refreshed) {
+    account.status = 'expired';
+    saveTokens(store);
+    throw new Error('GOOGLE_AUTH_EXPIRED');
+  }
+  account.status = 'connected';
+  saveTokens(store);
+  return { token: decrypt(account.access_token), email: account.email };
+}
+
+// ─── Routes ───────────────────────────────────────────────────────────────────
+
+// Generate OAuth authorization URL
+router.get('/auth-url', (req, res) => {
+  if (!GOOGLE_CLIENT_ID || !GOOGLE_CLIENT_SECRET) {
+    return res.json({ success: false, error: 'Google OAuth not configured. Set GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET.' });
+  }
+
+  const state = crypto.randomBytes(32).toString('hex');
+  const codeVerifier = generateCodeVerifier();
+  const codeChallenge = generateCodeChallenge(codeVerifier);
+
+  // Store state with 5 min TTL
+  pendingStates.set(state, { codeVerifier, createdAt: Date.now() });
+  setTimeout(() => pendingStates.delete(state), 5 * 60 * 1000);
+
+  const params = new URLSearchParams({
+    client_id: GOOGLE_CLIENT_ID,
+    redirect_uri: GOOGLE_REDIRECT_URI,
+    response_type: 'code',
+    scope: SCOPES.join(' '),
+    state,
+    code_challenge: codeChallenge,
+    code_challenge_method: 'S256',
+    access_type: 'offline',
+    prompt: 'consent',
+  });
+
+  const url = `https://accounts.google.com/o/oauth2/v2/auth?${params}`;
+  res.json({ success: true, data: { url } });
+});
+
+// OAuth callback
+router.get('/callback', async (req, res) => {
+  const { code, state, error } = req.query;
+
+  if (error) {
+    return res.redirect('/#settings?oauth=error&message=' + encodeURIComponent(error));
+  }
+
+  if (!state || !pendingStates.has(state)) {
+    return res.redirect('/#settings?oauth=error&message=Invalid+state+token');
+  }
+
+  const { codeVerifier } = pendingStates.get(state);
+  pendingStates.delete(state);
+
+  try {
+    // Exchange code for tokens
+    const tokenResp = await fetch('https://oauth2.googleapis.com/token', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+      body: new URLSearchParams({
+        client_id: GOOGLE_CLIENT_ID,
+        client_secret: GOOGLE_CLIENT_SECRET,
+        code,
+        code_verifier: codeVerifier,
+        grant_type: 'authorization_code',
+        redirect_uri: GOOGLE_REDIRECT_URI,
+      }),
+    });
+
+    if (!tokenResp.ok) {
+      const err = await tokenResp.text();
+      console.error('[google-oauth] Token exchange failed:', err);
+      return res.redirect('/#settings?oauth=error&message=Token+exchange+failed');
+    }
+
+    const tokens = await tokenResp.json();
+
+    // Get user profile
+    const profileResp = await fetch('https://www.googleapis.com/oauth2/v2/userinfo', {
+      headers: { Authorization: `Bearer ${tokens.access_token}` },
+    });
+    const profile = await profileResp.json();
+
+    // Store account
+    const store = loadTokens();
+    
+    // Check if this email is already connected — update if so
+    const existingIdx = store.google.accounts.findIndex(a => a.email === profile.email);
+    const account = {
+      id: existingIdx >= 0 ? store.google.accounts[existingIdx].id : uuidv4(),
+      email: profile.email,
+      name: profile.name || profile.email,
+      picture: profile.picture || null,
+      type: profile.hd ? 'workspace' : 'personal',
+      access_token: encrypt(tokens.access_token),
+      refresh_token: encrypt(tokens.refresh_token),
+      token_expiry: new Date(Date.now() + tokens.expires_in * 1000).toISOString(),
+      scopes: SCOPES,
+      status: 'connected',
+      connected_at: new Date().toISOString(),
+    };
+
+    if (existingIdx >= 0) {
+      store.google.accounts[existingIdx] = account;
+    } else {
+      store.google.accounts.push(account);
+    }
+    saveTokens(store);
+
+    console.log(`[google-oauth] Connected: ${profile.email} (${account.type})`);
+    return res.redirect('/#settings?oauth=success&email=' + encodeURIComponent(profile.email));
+
+  } catch (e) {
+    console.error('[google-oauth] Callback error:', e);
+    return res.redirect('/#settings?oauth=error&message=' + encodeURIComponent(e.message));
+  }
+});
+
+// Account status
+router.get('/status', (req, res) => {
+  const store = loadTokens();
+  const accounts = store.google.accounts.map(a => ({
+    id: a.id,
+    email: a.email,
+    name: a.name,
+    picture: a.picture,
+    type: a.type,
+    status: a.status || 'connected',
+    token_expiry: a.token_expiry,
+    connected_at: a.connected_at,
+    scopes: a.scopes,
+  }));
+  res.json({ success: true, data: { accounts, configured: !!(GOOGLE_CLIENT_ID && GOOGLE_CLIENT_SECRET) } });
+});
+
+// Disconnect account
+router.delete('/disconnect', async (req, res) => {
+  const { accountId } = req.body || {};
+  if (!accountId) return res.json({ success: false, error: 'accountId required' });
+
+  const store = loadTokens();
+  const idx = store.google.accounts.findIndex(a => a.id === accountId);
+  if (idx < 0) return res.json({ success: false, error: 'Account not found' });
+
+  const account = store.google.accounts[idx];
+
+  // Attempt to revoke with Google
+  try {
+    const token = decrypt(account.refresh_token);
+    await fetch(`https://oauth2.googleapis.com/revoke?token=${encodeURIComponent(token)}`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    });
+  } catch (e) {
+    console.warn('[google-oauth] Revocation failed (deleting locally anyway):', e.message);
+  }
+
+  // Delete locally regardless
+  store.google.accounts.splice(idx, 1);
+  saveTokens(store);
+
+  console.log(`[google-oauth] Disconnected: ${account.email}`);
+  res.json({ success: true, data: { email: account.email } });
+});
+
+module.exports = { router, getValidAccessToken, loadTokens, decrypt, encrypt };

package/grok-imagine.js

@@ -0,0 +1,97 @@
+/**
+ * Grok Imagine — Image & Video Generation via xAI API
+ */
+
+const XAI_API_KEY = process.env.XAI_API_KEY || 'xai-Gn37fuJg5ty4gvWFG2rbth34AxNORUKH8r4vTXQDtjwMGUqKZ7nYy8u2YStosGUCVBEg7VMHSqQZcKS4';
+const IMAGE_API = 'https://api.x.ai/v1/images/generations';
+const VIDEO_API = 'https://api.x.ai/v1/videos/generations';
+const VIDEO_POLL_BASE = 'https://api.x.ai/v1/videos';
+
+const headers = () => ({
+  'Authorization': `Bearer ${XAI_API_KEY}`,
+  'Content-Type': 'application/json',
+});
+
+function sleep(ms) { return new Promise(r => setTimeout(r, ms)); }
+
+/**
+ * Generate an image from a text prompt (or edit with imageUrl).
+ */
+async function generateImage(prompt, options = {}) {
+  const body = {
+    model: 'grok-imagine-image',
+    prompt,
+    n: options.n || 1,
+    response_format: 'url',
+  };
+  if (options.imageUrl) body.image_url = options.imageUrl;
+
+  console.log('[grok-imagine] Generating image:', prompt);
+  const res = await fetch(IMAGE_API, { method: 'POST', headers: headers(), body: JSON.stringify(body) });
+  if (!res.ok) {
+    const err = await res.text();
+    throw new Error(`Image generation failed (${res.status}): ${err}`);
+  }
+  const data = await res.json();
+  const url = data.data?.[0]?.url;
+  if (!url) throw new Error('No image URL in response');
+  console.log('[grok-imagine] Image generated:', url.substring(0, 80));
+  return { url };
+}
+
+/**
+ * Generate a video (async — polls until done).
+ */
+async function generateVideo(prompt, options = {}) {
+  const body = {
+    model: 'grok-imagine-video',
+    prompt,
+  };
+  if (options.duration) body.duration = options.duration;
+  if (options.aspectRatio || options.aspect_ratio) body.aspect_ratio = options.aspectRatio || options.aspect_ratio;
+  if (options.resolution) body.resolution = options.resolution;
+  if (options.imageUrl) body.image_url = options.imageUrl;
+  if (options.videoUrl) body.video_url = options.videoUrl;
+
+  console.log('[grok-imagine] Starting video generation:', prompt);
+  const res = await fetch(VIDEO_API, { method: 'POST', headers: headers(), body: JSON.stringify(body) });
+  if (!res.ok) {
+    const err = await res.text();
+    throw new Error(`Video generation failed (${res.status}): ${err}`);
+  }
+  const { request_id } = await res.json();
+  if (!request_id) throw new Error('No request_id in video response');
+  console.log('[grok-imagine] Video request_id:', request_id);
+
+  // Poll every 5 sec, timeout 10 min
+  const timeout = Date.now() + 10 * 60 * 1000;
+  while (Date.now() < timeout) {
+    await sleep(5000);
+    const poll = await fetch(`${VIDEO_POLL_BASE}/${request_id}`, { headers: headers() });
+    if (!poll.ok) {
+      console.warn('[grok-imagine] Poll error:', poll.status);
+      continue;
+    }
+    const status = await poll.json();
+    console.log('[grok-imagine] Video status:', status.status);
+    if (status.status === 'done') {
+      const url = status.video?.url;
+      if (!url) throw new Error('Video done but no URL');
+      return { url, duration: status.video?.duration };
+    }
+    if (status.status === 'expired') throw new Error('Video generation expired');
+  }
+  throw new Error('Video generation timed out (10 min)');
+}
+
+/** Convenience: edit an image */
+async function editImage(prompt, sourceImageUrl) {
+  return generateImage(prompt, { imageUrl: sourceImageUrl });
+}
+
+/** Convenience: edit a video */
+async function editVideo(prompt, sourceVideoUrl) {
+  return generateVideo(prompt, { videoUrl: sourceVideoUrl });
+}
+
+module.exports = { generateImage, generateVideo, editImage, editVideo };

package/health-reporter.js

@@ -0,0 +1,287 @@
+#!/usr/bin/env node
+/**
+ * AIVA Health Reporter
+ * Runs on each device, collects health data every 5 minutes,
+ * and POSTs it to the dashboard.
+ */
+
+const http = require('http');
+const https = require('https');
+const { execSync } = require('child_process');
+const os = require('os');
+const fs = require('fs');
+const path = require('path');
+
+// Config from env
+const DASHBOARD_URL = process.env.DASHBOARD_URL || 'http://localhost:3456';
+const DEVICE_ID = process.env.DEVICE_ID || os.hostname();
+const HEARTBEAT_TOKEN = process.env.HEARTBEAT_TOKEN || '';
+const INTERVAL_MS = 5 * 60 * 1000; // 5 minutes
+const LOCAL_PORT = 3853;
+const LOG_FILE = path.join(__dirname, 'data', 'health-reporter.log');
+
+// Ensure data dir exists
+try { fs.mkdirSync(path.join(__dirname, 'data'), { recursive: true }); } catch {}
+
+function log(msg) {
+  const line = `[${new Date().toISOString()}] ${msg}`;
+  console.log(line);
+  try { fs.appendFileSync(LOG_FILE, line + '\n'); } catch {}
+}
+
+function run(cmd, fallback = null) {
+  try { return execSync(cmd, { encoding: 'utf8', timeout: 10000 }).trim(); } catch { return fallback; }
+}
+
+function getGitHash() {
+  return run(`git -C "${__dirname}" rev-parse HEAD`, 'unknown');
+}
+
+function getDiskSpace() {
+  try {
+    const raw = run('df -k / | tail -1');
+    if (!raw) return null;
+    const parts = raw.split(/\s+/);
+    const total = parseInt(parts[1]) * 1024;
+    const used = parseInt(parts[2]) * 1024;
+    const available = parseInt(parts[3]) * 1024;
+    return { total, used, available, percentUsed: Math.round((used / total) * 100) };
+  } catch { return null; }
+}
+
+function getMemoryUsage() {
+  const total = os.totalmem();
+  const free = os.freemem();
+  return { total, free, used: total - free, percentUsed: Math.round(((total - free) / total) * 100) };
+}
+
+function getProcessStatus() {
+  // Check PM2 first
+  const pm2List = run('pm2 jlist 2>/dev/null');
+  if (pm2List) {
+    try {
+      const procs = JSON.parse(pm2List);
+      const aivaProc = procs.find(p => p.name === 'aiva-app');
+      if (aivaProc) {
+        return {
+          manager: 'pm2',
+          running: aivaProc.pm2_env?.status === 'online',
+          status: aivaProc.pm2_env?.status || 'unknown',
+          uptime: aivaProc.pm2_env?.pm_uptime ? Date.now() - aivaProc.pm2_env.pm_uptime : null,
+          restarts: aivaProc.pm2_env?.restart_time || 0,
+          pid: aivaProc.pid
+        };
+      }
+    } catch {}
+  }
+  // Check LaunchAgent
+  const launchCheck = run('launchctl list 2>/dev/null | grep aiva');
+  return {
+    manager: launchCheck ? 'launchagent' : 'unknown',
+    running: !!launchCheck,
+    status: launchCheck ? 'running' : 'not found'
+  };
+}
+
+function getAutoDeployStatus() {
+  // Check if auto-deploy process is running
+  const pm2List = run('pm2 jlist 2>/dev/null');
+  let running = false;
+  if (pm2List) {
+    try {
+      const procs = JSON.parse(pm2List);
+      running = procs.some(p => p.name === 'auto-deploy' && p.pm2_env?.status === 'online');
+    } catch {}
+  }
+  // Check auto-deploy log for last activity
+  const logPath = path.join(__dirname, 'data', 'auto-deploy.log');
+  let lastCheck = null, lastUpdate = null;
+  try {
+    const lines = fs.readFileSync(logPath, 'utf8').split('\n').filter(Boolean).slice(-50);
+    for (const line of lines.reverse()) {
+      if (!lastCheck && line.includes('Checking')) lastCheck = line.match(/\[(.*?)\]/)?.[1];
+      if (!lastUpdate && (line.includes('Updated') || line.includes('Deployed'))) lastUpdate = line.match(/\[(.*?)\]/)?.[1];
+      if (lastCheck && lastUpdate) break;
+    }
+  } catch {}
+  return { running, lastCheck, lastUpdate };
+}
+
+function getErrorCount() {
+  // Parse recent PM2 logs for errors in last hour
+  const oneHourAgo = Date.now() - 3600000;
+  let count = 0;
+  try {
+    const logDir = path.join(os.homedir(), '.pm2', 'logs');
+    const files = fs.readdirSync(logDir).filter(f => f.includes('error') || f.includes('aiva'));
+    for (const file of files) {
+      const stat = fs.statSync(path.join(logDir, file));
+      if (stat.mtimeMs < oneHourAgo) continue;
+      const content = fs.readFileSync(path.join(logDir, file), 'utf8');
+      const lines = content.split('\n');
+      for (const line of lines) {
+        if (line.toLowerCase().includes('error') || line.toLowerCase().includes('exception')) {
+          // Try to extract timestamp
+          const ts = line.match(/\d{4}-\d{2}-\d{2}[T ]\d{2}:\d{2}/);
+          if (ts && new Date(ts[0]).getTime() > oneHourAgo) count++;
+          else if (!ts) count++; // Count if no timestamp
+        }
+      }
+    }
+  } catch {}
+  return count;
+}
+
+function getMemorySearchStatus() {
+  try {
+    const raw = run('export PATH="/opt/homebrew/bin:$PATH"; openclaw memory status --deep 2>&1');
+    if (!raw) return { status: 'unknown', error: 'no output' };
+    
+    const providerMatch = raw.match(/Provider:\s*(.+)/);
+    const embeddingsMatch = raw.match(/Embeddings:\s*(.+)/);
+    const indexedMatch = raw.match(/Indexed:\s*(.+)/);
+    const chunksMatch = raw.match(/(\d+)\s*chunks/);
+    
+    const embeddingsReady = embeddingsMatch && embeddingsMatch[1].trim().toLowerCase() === 'ready';
+    
+    return {
+      status: embeddingsReady ? 'healthy' : 'broken',
+      provider: providerMatch ? providerMatch[1].trim() : 'unknown',
+      embeddings: embeddingsMatch ? embeddingsMatch[1].trim() : 'unknown',
+      indexed: indexedMatch ? indexedMatch[1].trim() : 'unknown',
+      chunks: chunksMatch ? parseInt(chunksMatch[1]) : 0
+    };
+  } catch (e) {
+    return { status: 'error', error: e.message };
+  }
+}
+
+function getTokenStatus() {
+  try {
+    const tokensPath = path.join(__dirname, 'data', 'tokens.json');
+    const tokens = JSON.parse(fs.readFileSync(tokensPath, 'utf8'));
+    return Object.keys(tokens).map(name => ({
+      name,
+      configured: !!tokens[name] && tokens[name] !== ''
+    }));
+  } catch { return []; }
+}
+
+async function checkConnectivity(url) {
+  return new Promise(resolve => {
+    const mod = url.startsWith('https') ? https : http;
+    const req = mod.get(url, { timeout: 5000 }, (res) => {
+      resolve(true);
+      res.resume();
+    });
+    req.on('error', () => resolve(false));
+    req.on('timeout', () => { req.destroy(); resolve(false); });
+  });
+}
+
+async function collectHealthData() {
+  const [canReachGithub, canReachDashboard] = await Promise.all([
+    checkConnectivity('https://github.com'),
+    checkConnectivity(DASHBOARD_URL)
+  ]);
+
+  return {
+    deviceId: DEVICE_ID,
+    timestamp: new Date().toISOString(),
+    gitHash: getGitHash(),
+    uptime: {
+      process: Math.floor(process.uptime()),
+      system: Math.floor(os.uptime())
+    },
+    disk: getDiskSpace(),
+    memory: getMemoryUsage(),
+    appProcess: getProcessStatus(),
+    autoDeploy: getAutoDeployStatus(),
+    nodeVersion: process.version,
+    macosVersion: run('sw_vers -productVersion', os.release()),
+    hostname: os.hostname(),
+    errorCount: getErrorCount(),
+    tokens: getTokenStatus(),
+    memorySearch: getMemorySearchStatus(),
+    network: {
+      github: canReachGithub,
+      dashboard: canReachDashboard
+    }
+  };
+}
+
+function postHeartbeat(data) {
+  return new Promise((resolve, reject) => {
+    const url = new URL('/api/devices/heartbeat', DASHBOARD_URL);
+    const payload = JSON.stringify(data);
+    const mod = url.protocol === 'https:' ? https : http;
+
+    const req = mod.request(url, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Content-Length': Buffer.byteLength(payload),
+        'X-Device-Id': DEVICE_ID,
+        'X-Heartbeat-Token': HEARTBEAT_TOKEN
+      },
+      timeout: 10000
+    }, (res) => {
+      let body = '';
+      res.on('data', c => body += c);
+      res.on('end', () => resolve({ status: res.statusCode, body }));
+    });
+
+    req.on('error', reject);
+    req.on('timeout', () => { req.destroy(); reject(new Error('timeout')); });
+    req.write(payload);
+    req.end();
+  });
+}
+
+let lastHealthData = null;
+
+async function heartbeatCycle() {
+  try {
+    log('Collecting health data...');
+    const data = await collectHealthData();
+    lastHealthData = data;
+
+    log(`Sending heartbeat to ${DASHBOARD_URL}...`);
+    const result = await postHeartbeat(data);
+    log(`Heartbeat sent: ${result.status}`);
+  } catch (err) {
+    log(`Heartbeat error: ${err.message}`);
+  }
+}
+
+// Local /health endpoint for diagnostics
+const server = http.createServer(async (req, res) => {
+  if (req.url === '/health' && req.method === 'GET') {
+    const data = lastHealthData || await collectHealthData();
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(data, null, 2));
+  } else {
+    res.writeHead(404);
+    res.end('Not found');
+  }
+});
+
+server.listen(LOCAL_PORT, () => {
+  log(`Health reporter started. Device: ${DEVICE_ID}`);
+  log(`Local diagnostics: http://localhost:${LOCAL_PORT}/health`);
+  log(`Dashboard: ${DASHBOARD_URL}`);
+
+  // Initial heartbeat
+  heartbeatCycle();
+
+  // Schedule every 5 minutes
+  setInterval(heartbeatCycle, INTERVAL_MS);
+});
+
+server.on('error', (err) => {
+  if (err.code === 'EADDRINUSE') {
+    log(`Port ${LOCAL_PORT} in use, running without local endpoint`);
+    heartbeatCycle();
+    setInterval(heartbeatCycle, INTERVAL_MS);
+  }
+});