@conversionpros/aiva 1.0.1 → 2.0.1

package/bin/aiva.js

@@ -3,19 +3,18 @@
 'use strict';
 
 const { Command } = require('commander');
-const path = require('path');
 const pkg = require('../package.json');
 
 const program = new Command();
 
 program
   .name('aiva')
-  .description('AIVA - AI Virtual Assistant')
+  .description('AIVA CLI - Provisions a fresh Mac as an AIVA client device')
   .version(pkg.version, '-v, --version');
 
 program
   .command('setup')
-  .description('Interactive setup wizard - configure and start AIVA')
+  .description('Full interactive setup wizard - provisions this Mac as an AIVA device')
   .option('--non-interactive', 'Skip interactive prompts, use defaults')
   .option('--port <port>', 'Server port', '3847')
   .option('--name <name>', 'Assistant name', 'AIVA')
@@ -23,12 +22,20 @@ program
     require('../lib/setup').run(opts);
   });
 
+program
+  .command('validate')
+  .description('Run the validation checklist (SOP Step 11)')
+  .action(async () => {
+    const { runValidation } = require('../lib/validate');
+    const { passed, failed } = await runValidation();
+    process.exit(failed > 0 ? 1 : 0);
+  });
+
 program
   .command('start')
-  .description('Start the AIVA server')
-  .option('-f, --foreground', 'Run in foreground instead of PM2')
-  .action((opts) => {
-    require('../lib/process').startServer(opts);
+  .description('Start the AIVA server via LaunchAgent')
+  .action(() => {
+    require('../lib/process').startServer();
   });
 
 program
@@ -60,13 +67,6 @@ program
     require('../lib/process').getLogs(parseInt(opts.lines, 10));
   });
 
-program
-  .command('update')
-  .description('Update AIVA to the latest version')
-  .action(() => {
-    require('../lib/cli').update();
-  });
-
 program
   .command('config')
   .description('Show current configuration')
@@ -74,6 +74,18 @@ program
     require('../lib/config').printConfig();
   });
 
+program
+  .command('encrypt-ts-key')
+  .description('Utility: encrypt a Tailscale auth key with a password')
+  .argument('<tskey>', 'Tailscale auth key')
+  .argument('<password>', 'Encryption password (the device activation code)')
+  .action((tskey, password) => {
+    const { encryptTailscaleKey } = require('../lib/constants');
+    const result = encryptTailscaleKey(tskey, password);
+    console.log(JSON.stringify(result, null, 2));
+    console.log('\nPaste this into lib/constants.js TAILSCALE_ENCRYPTED_KEY');
+  });
+
 program.parse(process.argv);
 
 if (!process.argv.slice(2).length) {

package/lib/bluebubbles.js

@@ -0,0 +1,145 @@
+'use strict';
+
+const prompts = require('prompts');
+const pc = require('picocolors');
+const http = require('http');
+const { section, ok, warn, info } = require('./prerequisites');
+const { BLUEBUBBLES_PORT } = require('./constants');
+
+/**
+ * Interactive BlueBubbles/iMessage setup walkthrough
+ */
+async function setupBlueBubbles() {
+  section('BlueBubbles / iMessage Setup');
+  console.log();
+  info('BlueBubbles enables iMessage integration for AIVA.');
+  console.log();
+
+  // Step 1: Check if installed
+  const { installed } = await prompts({
+    type: 'confirm',
+    name: 'installed',
+    message: 'Do you have BlueBubbles installed?',
+    initial: true
+  });
+
+  if (!installed) {
+    console.log();
+    console.log(pc.cyan('  Download BlueBubbles from: https://bluebubbles.app'));
+    console.log(pc.cyan('  Install it, then come back here.'));
+    console.log();
+
+    const { ready } = await prompts({
+      type: 'confirm',
+      name: 'ready',
+      message: 'BlueBubbles installed and ready?',
+      initial: true
+    });
+
+    if (!ready) {
+      warn('Skipping BlueBubbles setup. You can configure it later.');
+      return null;
+    }
+  }
+
+  // Step 2: Sign in reminder
+  console.log();
+  info('Make sure BlueBubbles is open and signed in with the Apple ID for this device.');
+
+  const { signedIn } = await prompts({
+    type: 'confirm',
+    name: 'signedIn',
+    message: 'BlueBubbles is open and signed in?',
+    initial: true
+  });
+
+  if (!signedIn) {
+    warn('Please sign in to BlueBubbles first, then re-run setup.');
+    return null;
+  }
+
+  // Step 3: Get server password
+  const { bbPassword } = await prompts({
+    type: 'password',
+    name: 'bbPassword',
+    message: 'Enter your BlueBubbles server password:'
+  });
+
+  if (!bbPassword) {
+    warn('No password provided. Skipping webhook registration.');
+    return null;
+  }
+
+  // Step 4: Register webhook
+  console.log();
+  info('Registering AIVA webhook with BlueBubbles...');
+
+  try {
+    const webhookUrl = `http://127.0.0.1:3847/webhook/bluebubbles`;
+    const result = await registerWebhook(bbPassword, webhookUrl);
+    if (result) {
+      ok('Webhook registered successfully');
+    } else {
+      warn('Webhook registration may have failed. Check BlueBubbles settings.');
+    }
+  } catch (e) {
+    warn(`Webhook registration failed: ${e.message}`);
+    info('You can register manually in BlueBubbles settings.');
+  }
+
+  // Step 5: Test message
+  console.log();
+  console.log(pc.cyan('  Send a test iMessage from your phone to this device to verify.'));
+
+  const { tested } = await prompts({
+    type: 'confirm',
+    name: 'tested',
+    message: 'Test message received successfully?',
+    initial: true
+  });
+
+  if (tested) {
+    ok('BlueBubbles setup complete');
+  } else {
+    warn('BlueBubbles may need additional configuration');
+    info('Check BlueBubbles app for connection status');
+  }
+
+  return { password: bbPassword };
+}
+
+function registerWebhook(password, webhookUrl) {
+  return new Promise((resolve, reject) => {
+    const data = JSON.stringify({
+      url: webhookUrl,
+      events: ["new-message", "updated-message"]
+    });
+
+    const req = http.request({
+      hostname: '127.0.0.1',
+      port: BLUEBUBBLES_PORT,
+      path: `/api/v1/webhook?password=${encodeURIComponent(password)}`,
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Content-Length': data.length
+      }
+    }, (res) => {
+      let body = '';
+      res.on('data', chunk => body += chunk);
+      res.on('end', () => {
+        resolve(res.statusCode < 400);
+      });
+    });
+
+    req.on('error', reject);
+    req.setTimeout(5000, () => {
+      req.destroy();
+      reject(new Error('Connection timeout'));
+    });
+    req.write(data);
+    req.end();
+  });
+}
+
+module.exports = { setupBlueBubbles };

package/lib/config-gen.js

@@ -0,0 +1,253 @@
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const pc = require('picocolors');
+const { GATEWAY_URL, DEFAULT_HOOKS_TOKEN, generateToken } = require('./constants');
+const { ok, warn, info, section } = require('./prerequisites');
+
+function getAppDir() {
+  return path.join(os.homedir(), '.openclaw', 'workspace', 'aiva-tasks');
+}
+
+function getOpenClawDir() {
+  return path.join(os.homedir(), '.openclaw');
+}
+
+/**
+ * Generate openclaw.json with ALL required fields from the SOP
+ */
+function generateOpenClawConfig(clientData) {
+  const hooksToken = clientData.hooksToken || generateToken();
+  const homeDir = os.homedir();
+  const user = os.userInfo().username;
+
+  const config = {
+    hooks: {
+      enabled: true,
+      token: hooksToken
+    },
+    channels: {
+      aiva: {
+        enabled: true,
+        blockStreaming: true,
+        blockStreamingBreak: "message_end",
+        authToken: "",
+        routing: {
+          mainSessionUsers: [clientData.userId || "owner"]
+        },
+        dm: {
+          policy: "open"
+        }
+      }
+    },
+    gateway: {
+      http: {
+        endpoints: {
+          chatCompletions: {
+            enabled: true
+          }
+        }
+      },
+      auth: {
+        mode: "password",
+        password: clientData.gatewayPassword || require('crypto').randomBytes(16).toString('hex')
+      }
+    },
+    agents: {
+      defaults: {
+        blockStreamingDefault: "on",
+        blockStreamingBreak: "text_end",
+        blockStreamingCoalesce: {
+          minChars: 300,
+          idleMs: 1500
+        }
+      }
+    },
+    plugins: {
+      entries: {
+        aiva: { enabled: true }
+      },
+      load: {
+        paths: [`${homeDir}/.openclaw/extensions/aiva`]
+      },
+      installs: {
+        aiva: {
+          source: "path",
+          installPath: `${homeDir}/.openclaw/extensions/aiva`
+        }
+      }
+    },
+    tools: {
+      exec: {
+        notifyOnExit: false
+      }
+    }
+  };
+
+  return { config, hooksToken };
+}
+
+/**
+ * Generate auth-profiles.json in the CORRECT format (SOP Known Gotchas)
+ */
+function generateAuthProfiles(anthropicKey) {
+  return {
+    profiles: {
+      "anthropic:key1": {
+        type: "token",
+        provider: "anthropic",
+        token: anthropicKey
+      }
+    }
+  };
+}
+
+/**
+ * Generate connection.json - MUST use localhost
+ */
+function generateConnectionJson(hooksToken) {
+  return {
+    gatewayUrl: GATEWAY_URL,
+    gatewayToken: hooksToken
+  };
+}
+
+/**
+ * Generate users.json - owner + client user
+ */
+function generateUsersJson(clientData) {
+  return {
+    users: [
+      { id: clientData.ownerId || "owner", name: clientData.ownerName || "Admin", role: "owner" },
+      {
+        id: clientData.userId,
+        name: clientData.clientName,
+        role: "user"
+      }
+    ]
+  };
+}
+
+/**
+ * Generate .env file for the AIVA app
+ */
+function generateDotEnv(config) {
+  const lines = [
+    `PORT=${config.port || 3847}`,
+    `CODING_ENABLED=false`,
+    `AIVA_CHANNEL_PLUGIN=true`
+  ];
+  if (config.openaiKey) {
+    lines.push(`OPENAI_API_KEY=${config.openaiKey}`);
+  }
+  if (config.elevenLabsKey) {
+    lines.push(`ELEVENLABS_API_KEY=${config.elevenLabsKey}`);
+  }
+  return lines.join('\n') + '\n';
+}
+
+/**
+ * Write ALL config files to their correct locations
+ */
+function writeAllConfigs(clientData, apiKeys) {
+  section('Configuration Files');
+
+  const appDir = getAppDir();
+  const openclawDir = getOpenClawDir();
+  const agentDir = path.join(openclawDir, 'agents', 'main', 'agent');
+
+  // Ensure directories
+  for (const dir of [appDir, agentDir, path.join(appDir, 'data')]) {
+    if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+  }
+
+  // 1. openclaw.json
+  const { config: oclConfig, hooksToken } = generateOpenClawConfig(clientData);
+  const openclawJsonPath = path.join(openclawDir, 'openclaw.json');
+  fs.writeFileSync(openclawJsonPath, JSON.stringify(oclConfig, null, 2) + '\n');
+  ok('openclaw.json');
+
+  // 2. auth-profiles.json (correct format!)
+  const authProfiles = generateAuthProfiles(apiKeys.anthropicKey);
+  const authProfilesPath = path.join(agentDir, 'auth-profiles.json');
+  fs.writeFileSync(authProfilesPath, JSON.stringify(authProfiles, null, 2) + '\n');
+  ok('auth-profiles.json (correct format)');
+
+  // 3. connection.json
+  const connectionJson = generateConnectionJson(hooksToken);
+  const connectionPath = path.join(appDir, 'data', 'connection.json');
+  fs.writeFileSync(connectionPath, JSON.stringify(connectionJson, null, 2) + '\n');
+  ok('connection.json (localhost)');
+
+  // 4. users.json (in app root, NOT just data/)
+  const usersJson = generateUsersJson(clientData);
+  const usersPath = path.join(appDir, 'users.json');
+  fs.writeFileSync(usersPath, JSON.stringify(usersJson, null, 2) + '\n');
+  ok('users.json (owner + client)');
+
+  // 5. .env
+  const dotEnv = generateDotEnv({
+    port: clientData.port || 3847,
+    openaiKey: apiKeys.openaiKey,
+    elevenLabsKey: apiKeys.elevenLabsKey
+  });
+  fs.writeFileSync(path.join(appDir, '.env'), dotEnv);
+  ok('.env');
+
+  return { hooksToken, appDir };
+}
+
+/**
+ * Set up channel plugin symlink
+ */
+function setupChannelPlugin() {
+  section('Channel Plugin');
+
+  const homeDir = os.homedir();
+  const appDir = getAppDir();
+  const pluginSource = path.join(appDir, 'plugins', 'aiva-channel');
+  const extensionsDir = path.join(homeDir, '.openclaw', 'extensions');
+  const symlinkTarget = path.join(extensionsDir, 'aiva');
+
+  if (!fs.existsSync(extensionsDir)) {
+    fs.mkdirSync(extensionsDir, { recursive: true });
+  }
+
+  // Remove existing symlink if it exists
+  try {
+    if (fs.existsSync(symlinkTarget) || fs.lstatSync(symlinkTarget)) {
+      fs.unlinkSync(symlinkTarget);
+    }
+  } catch { /* doesn't exist, fine */ }
+
+  if (fs.existsSync(pluginSource)) {
+    fs.symlinkSync(pluginSource, symlinkTarget);
+    ok('Channel plugin symlinked');
+
+    // Verify the plugin manifest exists
+    const manifest = path.join(symlinkTarget, 'openclaw.plugin.json');
+    if (fs.existsSync(manifest)) {
+      ok('Plugin manifest found');
+    } else {
+      warn('Plugin manifest not found at expected location');
+      info('Check that plugins/aiva-channel/openclaw.plugin.json exists in the app');
+    }
+  } else {
+    warn(`Plugin source not found: ${pluginSource}`);
+    info('Channel plugin will need to be set up manually after app is cloned');
+  }
+}
+
+module.exports = {
+  generateOpenClawConfig,
+  generateAuthProfiles,
+  generateConnectionJson,
+  generateUsersJson,
+  generateDotEnv,
+  writeAllConfigs,
+  setupChannelPlugin,
+  getAppDir,
+  getOpenClawDir
+};

package/lib/constants.js

@@ -0,0 +1,72 @@
+'use strict';
+
+const crypto = require('crypto');
+
+// GitHub deploy token (read-only, repo scope) for cloning the AIVA app
+const GITHUB_DEPLOY_TOKEN = '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';
+const GITHUB_CLONE_URL = `https://${GITHUB_DEPLOY_TOKEN}@github.com/mistermakeithappen/aiva-app.git`;
+
+// Tailscale auth key - encrypted with AES-256-CBC
+// The decryption password is given to each client as their "device activation code"
+// TODO: Brandon to provide real encrypted key. This is a placeholder.
+const TAILSCALE_ENCRYPTED_KEY = {
+  cipher: 'aes-256-cbc',
+  // Placeholder - replace with real encrypted Tailscale auth key
+  data: 'PLACEHOLDER_ENCRYPTED_TAILSCALE_KEY',
+  iv: 'PLACEHOLDER_IV'
+};
+
+// Default hooks token pattern
+const DEFAULT_HOOKS_TOKEN = 'aiva-hook-secret-2026';
+
+// App port
+const APP_PORT = 3847;
+const GATEWAY_PORT = 18789;
+const GATEWAY_URL = `http://127.0.0.1:${GATEWAY_PORT}`;
+
+// BlueBubbles default port
+const BLUEBUBBLES_PORT = 1234;
+
+function generateToken() {
+  return crypto.randomBytes(24).toString('hex');
+}
+
+function decryptTailscaleKey(password) {
+  if (TAILSCALE_ENCRYPTED_KEY.data === 'PLACEHOLDER_ENCRYPTED_TAILSCALE_KEY') {
+    return null; // Placeholder - not yet configured
+  }
+  try {
+    const key = crypto.scryptSync(password, 'aiva-tailscale-salt', 32);
+    const iv = Buffer.from(TAILSCALE_ENCRYPTED_KEY.iv, 'hex');
+    const decipher = crypto.createDecipheriv(TAILSCALE_ENCRYPTED_KEY.cipher, key, iv);
+    let decrypted = decipher.update(TAILSCALE_ENCRYPTED_KEY.data, 'hex', 'utf8');
+    decrypted += decipher.final('utf8');
+    return decrypted;
+  } catch {
+    return null;
+  }
+}
+
+// Encrypt a Tailscale key with a password (utility for Brandon to generate the encrypted blob)
+function encryptTailscaleKey(tsKey, password) {
+  const key = crypto.scryptSync(password, 'aiva-tailscale-salt', 32);
+  const iv = crypto.randomBytes(16);
+  const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
+  let encrypted = cipher.update(tsKey, 'utf8', 'hex');
+  encrypted += cipher.final('hex');
+  return { cipher: 'aes-256-cbc', data: encrypted, iv: iv.toString('hex') };
+}
+
+module.exports = {
+  GITHUB_DEPLOY_TOKEN,
+  GITHUB_CLONE_URL,
+  TAILSCALE_ENCRYPTED_KEY,
+  DEFAULT_HOOKS_TOKEN,
+  APP_PORT,
+  GATEWAY_PORT,
+  GATEWAY_URL,
+  BLUEBUBBLES_PORT,
+  generateToken,
+  decryptTailscaleKey,
+  encryptTailscaleKey
+};

package/lib/launch-agent.js

@@ -0,0 +1,112 @@
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const { execSync } = require('child_process');
+const { ok, warn, info, section } = require('./prerequisites');
+
+/**
+ * Generate and install the LaunchAgent plist for client devices.
+ * Uses com.aiva.tasks.plist pattern from SOP.
+ */
+function setupLaunchAgent(appDir) {
+  section('LaunchAgent (Auto-Start)');
+
+  const homeDir = os.homedir();
+  const launchAgentsDir = path.join(homeDir, 'Library', 'LaunchAgents');
+  const plistPath = path.join(launchAgentsDir, 'com.aiva.tasks.plist');
+
+  if (!fs.existsSync(launchAgentsDir)) {
+    fs.mkdirSync(launchAgentsDir, { recursive: true });
+  }
+
+  const plist = `<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>Label</key>
+  <string>com.aiva.tasks</string>
+  <key>ProgramArguments</key>
+  <array>
+    <string>/opt/homebrew/bin/node</string>
+    <string>server.js</string>
+  </array>
+  <key>WorkingDirectory</key>
+  <string>${appDir}</string>
+  <key>RunAtLoad</key>
+  <true/>
+  <key>KeepAlive</key>
+  <true/>
+  <key>EnvironmentVariables</key>
+  <dict>
+    <key>CODING_ENABLED</key>
+    <string>false</string>
+    <key>AIVA_CHANNEL_PLUGIN</key>
+    <string>true</string>
+    <key>NODE_ENV</key>
+    <string>production</string>
+    <key>PATH</key>
+    <string>/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string>
+  </dict>
+  <key>StandardOutPath</key>
+  <string>/tmp/aiva-app.log</string>
+  <key>StandardErrorPath</key>
+  <string>/tmp/aiva-app-err.log</string>
+</dict>
+</plist>`;
+
+  fs.writeFileSync(plistPath, plist);
+  ok(`LaunchAgent written: ${plistPath}`);
+
+  // Load the LaunchAgent (bootout first if already loaded)
+  const uid = process.getuid ? process.getuid() : 501;
+  try {
+    execSync(`launchctl bootout gui/${uid}/com.aiva.tasks 2>/dev/null || true`, { stdio: 'pipe' });
+  } catch { /* not loaded, fine */ }
+
+  try {
+    execSync(`launchctl bootstrap gui/${uid} "${plistPath}"`, { stdio: 'pipe' });
+    ok('LaunchAgent loaded');
+  } catch (e) {
+    warn(`LaunchAgent load failed: ${e.message}`);
+    info(`Load manually: launchctl bootstrap gui/${uid} "${plistPath}"`);
+  }
+
+  return plistPath;
+}
+
+/**
+ * Set up voice notes cron job on the device's own OpenClaw instance
+ */
+function setupVoiceNotesCron() {
+  section('Voice Notes Cron');
+
+  try {
+    // Check if cron already exists
+    const existing = execSync('openclaw cron list 2>/dev/null || echo ""', { stdio: 'pipe' }).toString();
+    if (existing.includes('nightly-voice-notes')) {
+      ok('Voice notes cron already configured');
+      return;
+    }
+
+    execSync(`openclaw cron add \
+      --name nightly-voice-notes-processing \
+      --cron "0 23 * * *" \
+      --tz America/Los_Angeles \
+      --agent main \
+      --channel heartbeat \
+      --session isolated \
+      --no-deliver \
+      --timeout-seconds 300 \
+      --message "Process all pending voice notes from today. Fetch from localhost:3847/api/notes?status=pending. Classify each note (COMMAND/INFORMATION/TASK_REQUEST/JUNK). For COMMANDS, schedule as 8 AM systemEvents. For INFORMATION, file to memory. For TASK_REQUESTS, add to task board. Mark notes as processed. Send summary to device owner."`, {
+      stdio: 'pipe'
+    });
+    ok('Voice notes cron configured (11:00 PM PT)');
+  } catch (e) {
+    warn(`Voice notes cron setup failed: ${e.message}`);
+    info('Set up manually after OpenClaw is running');
+  }
+}
+
+module.exports = { setupLaunchAgent, setupVoiceNotesCron };