@conversionpros/aiva 1.0.1 → 2.0.1

package/router-v2/utils/ai.js

@@ -1,129 +0,0 @@
-// ── AI Call Wrapper (Sonnet via OpenClaw proxy) ───────────
-'use strict';
-
-const fs = require('fs');
-const path = require('path');
-
-const PROXY_URL = 'http://127.0.0.1:18789/v1/chat/completions';
-const CONFIG_PATH = path.join(process.env.HOME || '/Users/brandonburgan', '.openclaw', 'openclaw.json');
-const DEFAULT_MODEL = 'claude-sonnet-4-20250514';
-
-let _cachedPassword = null;
-
-function getOpenClawPassword() {
-  if (_cachedPassword) return _cachedPassword;
-  try {
-    const config = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf-8'));
-    _cachedPassword = config?.gateway?.auth?.password || '';
-    return _cachedPassword;
-  } catch {
-    return '';
-  }
-}
-
-function log(msg, data) {
-  const ts = new Date().toISOString();
-  if (data) console.log(`[${ts}] [AI] ${msg}`, JSON.stringify(data));
-  else console.log(`[${ts}] [AI] ${msg}`);
-}
-
-function sleep(ms) { return new Promise(r => setTimeout(r, ms)); }
-
-/**
- * Call Sonnet via the OpenClaw proxy with retry and backoff.
- * @param {Object} options
- * @param {Array<{role: string, content: string}>} options.messages - Chat messages
- * @param {Array<Object>} [options.tools] - Tool definitions for function calling
- * @param {string} [options.model] - Model override (default: latest Sonnet)
- * @param {number} [options.maxTokens=1000] - Max tokens
- * @param {number} [options.temperature=0.7] - Temperature
- * @param {number} [options.timeoutMs=60000] - Request timeout
- * @returns {Promise<{content: string|null, toolCalls: Array|null, usage: Object|null}>}
- */
-async function callSonnet({ messages, tools, model, maxTokens = 1000, temperature = 0.7, timeoutMs = 60000 }) {
-  const password = getOpenClawPassword();
-  if (!password) {
-    log('No OpenClaw password found');
-    return { content: null, toolCalls: null, usage: null };
-  }
-
-  const body = {
-    model: model || DEFAULT_MODEL,
-    max_tokens: maxTokens,
-    temperature,
-    messages,
-  };
-  if (tools && tools.length > 0) {
-    body.tools = tools;
-  }
-
-  // Retry with exponential backoff
-  const delays = [0, 5000, 15000, 30000, 60000];
-  for (let attempt = 0; attempt < delays.length; attempt++) {
-    if (attempt > 0) {
-      log(`Retry ${attempt}/${delays.length - 1}, waiting ${delays[attempt] / 1000}s`);
-      await sleep(delays[attempt]);
-    }
-
-    try {
-      const resp = await fetch(PROXY_URL, {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-          'Authorization': `Bearer ${password}`,
-        },
-        body: JSON.stringify(body),
-        signal: AbortSignal.timeout(timeoutMs),
-      });
-
-      if (!resp.ok) {
-        const errText = await resp.text().catch(() => 'unknown');
-        log('Proxy HTTP error', { status: resp.status, body: errText.substring(0, 200), attempt });
-        continue;
-      }
-
-      const data = await resp.json();
-      const choice = data.choices?.[0];
-      if (!choice) {
-        log('No choices in response', { attempt });
-        continue;
-      }
-
-      const message = choice.message;
-      const content = message?.content?.trim() || null;
-      const toolCalls = message?.tool_calls || null;
-
-      return {
-        content,
-        toolCalls,
-        usage: data.usage || null,
-      };
-    } catch (e) {
-      log('Proxy request error', { error: e.message, attempt });
-      continue;
-    }
-  }
-
-  log('All retries exhausted');
-  return { content: null, toolCalls: null, usage: null };
-}
-
-/**
- * Simple text-in/text-out AI call.
- * @param {string} systemPrompt - System prompt
- * @param {string} userMessage - User message
- * @param {Object} [opts] - Additional options (model, maxTokens, temperature)
- * @returns {Promise<string|null>} Response text or null on failure
- */
-async function callAI(systemPrompt, userMessage, opts = {}) {
-  const result = await callSonnet({
-    messages: [
-      { role: 'system', content: systemPrompt },
-      { role: 'user', content: userMessage },
-    ],
-    ...opts,
-  });
-  return result.content;
-}
-
-module.exports = { callSonnet, callAI, DEFAULT_MODEL };

package/router-v2/utils/phone.js

@@ -1,52 +0,0 @@
-// ── Phone Number Normalization Utilities ──────────────────
-'use strict';
-
-/**
- * Normalize a phone number to E.164 format.
- * Strips all non-digit characters (except leading +), ensures +1 prefix for US numbers.
- * @param {string} raw - Raw phone number input
- * @returns {string} E.164 normalized phone number (e.g. +15551234567)
- */
-function normalizePhone(raw) {
-  if (!raw) return '';
-  let cleaned = String(raw).replace(/[^\d+]/g, '');
-  // Remove leading + to work with digits only
-  const hasPlus = cleaned.startsWith('+');
-  cleaned = cleaned.replace(/^\+/, '');
-  // Remove leading 1 if 11 digits (US format)
-  if (cleaned.length === 11 && cleaned.startsWith('1')) {
-    return '+' + cleaned;
-  }
-  // 10 digits - assume US, add +1
-  if (cleaned.length === 10) {
-    return '+1' + cleaned;
-  }
-  // Already has country code or international
-  if (hasPlus || cleaned.length > 10) {
-    return '+' + cleaned;
-  }
-  // Fallback - return what we have with +
-  return '+' + cleaned;
-}
-
-/**
- * Check if a phone number is valid (basic check - has enough digits).
- * @param {string} phone - Phone number (should be E.164)
- * @returns {boolean}
- */
-function isValidPhone(phone) {
-  if (!phone) return false;
-  const digits = phone.replace(/\D/g, '');
-  return digits.length >= 10 && digits.length <= 15;
-}
-
-/**
- * Strip +1 prefix for display purposes.
- * @param {string} phone - E.164 phone number
- * @returns {string} Phone without country code
- */
-function stripCountryCode(phone) {
-  return (phone || '').replace(/^\+1/, '');
-}
-
-module.exports = { normalizePhone, isValidPhone, stripCountryCode };

package/router-v2/utils/response-validator.js

@@ -1,98 +0,0 @@
-// ── Response Validator - Haiku post-validation layer ──
-// Checks if Sonnet's response overpromises capabilities the contact doesn't have.
-'use strict';
-
-const fs = require('fs');
-const path = require('path');
-
-const PROXY_URL = 'http://127.0.0.1:18789/v1/chat/completions';
-const MODEL = 'claude-haiku-4-20250514';
-const CONFIG_PATH = path.join(process.env.HOME || '/Users/brandonburgan', '.openclaw', 'openclaw.json');
-
-let _cachedPassword = null;
-function getPassword() {
-  if (_cachedPassword) return _cachedPassword;
-  try {
-    const config = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf-8'));
-    _cachedPassword = config?.gateway?.auth?.password || '';
-    return _cachedPassword;
-  } catch { return ''; }
-}
-
-/**
- * Validate a Sonnet response against actual contact permissions.
- * Uses Haiku via the OpenClaw proxy to check if the response overpromises.
- * Fails open (returns valid) on any error.
- *
- * @param {string} responseText - Sonnet's generated response
- * @param {Object} permissions - What the contact CAN do
- * @param {boolean} permissions.canSchedule
- * @param {boolean} permissions.canCreateTask
- * @param {boolean} permissions.canCreateReminder
- * @param {boolean} permissions.canSendFile
- * @param {boolean} permissions.canSendMessage
- * @returns {Promise<{valid: boolean, reason: string|null}>}
- */
-async function validateResponse(responseText, permissions) {
-  try {
-    // Build list of denied capabilities
-    const denied = [];
-    if (!permissions.canSchedule) denied.push('scheduling/booking appointments/checking calendar availability');
-    if (!permissions.canCreateTask) denied.push('creating tasks');
-    if (!permissions.canCreateReminder) denied.push('setting reminders');
-    if (!permissions.canSendFile) denied.push('sending files');
-    if (!permissions.canSendMessage) denied.push('sending messages to others');
-
-    // If everything is allowed, no need to validate
-    if (denied.length === 0) return { valid: true, reason: null };
-
-    const prompt = `You are a strict compliance validator. The assistant has these PROHIBITED capabilities: ${denied.join(', ')}.
-
-The assistant MUST NOT:
-- Promise, imply, or suggest it will do any prohibited action
-- Say it will "pass along", "let someone know", "check on that", "get back to you", or relay any request related to a prohibited capability
-- Mention Brandon or any human by name in relation to a prohibited capability
-- Acknowledge the request in any way that implies it will be handled
-
-If the response does ANY of the above, it is overpromising.
-
-Response to validate: "${responseText}"
-
-JSON only: {"overpromises": true/false, "capability": "which one or null"}`;
-
-    const password = getPassword();
-    const resp = await fetch(PROXY_URL, {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${password}` },
-      body: JSON.stringify({
-        model: MODEL,
-        messages: [{ role: 'user', content: prompt }],
-        max_tokens: 100,
-        temperature: 0,
-      }),
-      signal: AbortSignal.timeout(10000),
-    });
-
-    if (!resp.ok) {
-      console.log(`[${new Date().toISOString()}] [VALIDATOR] Proxy error ${resp.status} (fail-open)`);
-      return { valid: true, reason: null };
-    }
-
-    const data = await resp.json();
-    const text = data.choices?.[0]?.message?.content || '';
-    const match = text.match(/\{[^}]+\}/);
-    if (!match) return { valid: true, reason: null };
-
-    const parsed = JSON.parse(match[0]);
-    if (parsed.overpromises) {
-      return { valid: false, reason: parsed.capability || 'unknown' };
-    }
-    return { valid: true, reason: null };
-  } catch (err) {
-    // Fail open
-    console.log(`[${new Date().toISOString()}] [VALIDATOR] Error (fail-open): ${err.message}`);
-    return { valid: true, reason: null };
-  }
-}
-
-module.exports = { validateResponse };

package/router-v2/utils/sanitize.js

@@ -1,222 +0,0 @@
-// ── Outbound Message Sanitization ─────────────────────────
-// Ported from v1 router.js - every regex, every block pattern.
-// This is the last line of defense before a message reaches a contact.
-'use strict';
-
-// ── Block patterns - messages matching 2+ of these (or 1 strong) are blocked ──
-const OUTBOUND_BLOCK_PATTERNS = [
-  // Command/tool output
-  /gog\s+calendar/i,
-  /GOG_KEYRING_PASSWORD/i,
-  /openclaw\s+(cron|gateway|message|session)/i,
-  /imsg\s+send/i,
-  /execSync|exec\(|spawn\(/i,
-  /curl\s+/i,
-  /POST\s+\/api\//i,
-  /GET\s+\/api\//i,
-  /localhost:\d+/i,
-  /127\.0\.0\.1/i,
-  /\$ \w+/, // shell prompts
-  // Error output
-  /Error:|ERR!|ECONNREFUSED|ETIMEDOUT|ENOENT|stack trace/i,
-  /at\s+\w+\s+\(.*:\d+:\d+\)/, // stack trace lines
-  /Command failed|exit code|stderr/i,
-  // Internal reasoning / chain-of-thought
-  /<thinking>[\s\S]*?<\/thinking>/i,
-  /\[ROUTER[\-:]|ROUTER-ALERT/i,
-  /\[Actionable:|CALENDAR_REQUEST|REMINDER_REQUEST|TASK_REQUEST/,
-  /escalat(?:ion|e|ing)\s+(?:to|code|request)/i,
-  /pending.action|pending_items|pending_request/i,
-  /system\s*prompt|chain.of.thought/i,
-  /HEARTBEAT_OK|HEARTBEAT\.md/i,
-  /AGENTS\.md|IDENTITY\.md|MEMORY\.md|TOOLS\.md/i,
-  /sub-?agent|subagent|spawned.*agent/i,
-  /webhook.*openclaw|openclaw.*webhook/i,
-  /callback.*url|callbackUrl/i,
-  // Schedule/calendar internals (not human-facing)
-  /available\s+slots?\s*:/i,
-  /Brandon'?s\s+(?:full\s+)?schedule/i,
-  // API keys and tokens
-  /sk-ant-|Bearer\s+\w{20,}|eyJ[A-Za-z0-9_-]{20,}/i,
-  /x-aiva-internal/i,
-  // JSON blobs (likely internal data)
-  /\{"(?:status|error|requestId|phone|pending|action)":/,
-];
-
-// Strong patterns - a single match is enough to block
-const STRONG_BLOCK_PATTERNS = [
-  /GOG_KEYRING_PASSWORD/i,
-  /sk-ant-|Bearer\s+\w{20,}/i,
-  /<thinking>[\s\S]*?<\/thinking>/i,
-  /x-aiva-internal/i,
-  /HEARTBEAT_OK|HEARTBEAT\.md/i,
-  /AGENTS\.md|IDENTITY\.md|TOOLS\.md/i,
-  /at\s+\w+\s+\(.*:\d+:\d+\)/,
-  /\{"(?:status|error|requestId|phone|pending|action)":/,
-  /openclaw/i,
-];
-
-// Error message patterns
-const ERROR_PATTERNS = [
-  /no response from openclaw/i,
-  /openclaw.*error/i,
-  /internal server error/i,
-  /ECONNREFUSED/i,
-  /agent.*timeout/i,
-  /session.*failed/i,
-  /tool.*error/i,
-];
-
-// Chain-of-thought patterns to strip from responses
-const COT_PATTERNS = [
-  /(?:Wait,?\s+(?:I need to|let me|I should|actually))[^\n]*/gi,
-  /(?:Let me (?:re-?read|reconsider|re-?think|re-?evaluate|look at))[^\n]*/gi,
-  /(?:Actually,?\s+(?:I think|let me|I should|on second thought))[^\n]*/gi,
-  /(?:Hmm,?\s+(?:I think|let me|I should|looking at))[^\n]*/gi,
-  /(?:On second thought)[^\n]*/gi,
-  /(?:I need to (?:reconsider|re-?think|re-?evaluate|check|be careful))[^\n]*/gi,
-  /(?:I'm responding as (?:Brandon's|an?) (?:assistant|AI))[^\n]*/gi,
-];
-
-// Internal directive patterns to strip
-const INTERNAL_PATTERNS = [
-  /(?:I should\s)[^\n]*/gi,
-  /(?:I need to\s)[^\n]*/gi,
-  /(?:Looking at the conversation)[^\n]*/gi,
-  /(?:Analyzing (?:the |this ))[^\n]*/gi,
-  /(?:Based on (?:the |my )(?:instructions|rules|system prompt|context))[^\n]*/gi,
-  /(?:The (?:user|contact|sender) (?:is asking|wants|seems))[^\n]*/gi,
-  /(?:My (?:task|job|role|goal) (?:is|here is))[^\n]*/gi,
-];
-
-// Sensitive line patterns for stripping from multi-part responses
-const SENSITIVE_LINE_PATTERNS = [
-  /api[_-]?key/i, /password/i, /token/i, /secret/i, /openclaw/i,
-  /localhost/i, /127\.0\.0\.1/i, /\.openclaw\//i, /curl\s/i,
-  /sk-ant-/i, /sk-or-/i, /ghp_/i, /xai-/i, /r8_/i,
-  /supabase/i, /cloudflare/i, /twilio/i, /replicate/i,
-  /SID:/i, /Base64:/i, /\.json/i, /PM2/i, /ngrok/i,
-  /sessions_send/i, /sessions_spawn/i, /heartbeat/i,
-  /AGENTS\.md/i, /HEARTBEAT\.md/i, /MEMORY\.md/i, /TOOLS\.md/i,
-  /task.*board/i, /cron.*job/i, /gateway/i,
-];
-
-/**
- * Check if a message contains internal content that should NEVER reach a contact.
- * @param {string} text - Message text to check
- * @returns {boolean} True if the message contains internal content
- */
-function isInternalContent(text) {
-  if (!text) return false;
-  const matchCount = OUTBOUND_BLOCK_PATTERNS.reduce((count, p) => count + (p.test(text) ? 1 : 0), 0);
-  const strongMatch = STRONG_BLOCK_PATTERNS.some(p => p.test(text));
-  return strongMatch || matchCount >= 2;
-}
-
-/**
- * Check if a message is an error message from internal systems.
- * @param {string} text - Message text to check
- * @returns {boolean}
- */
-function isErrorMessage(text) {
-  if (!text) return false;
-  return ERROR_PATTERNS.some(p => p.test(text));
-}
-
-/**
- * Sanitize a response before sending to a contact.
- * Strips chain-of-thought, internal directives, em dashes, and other artifacts.
- * Returns null if the message should be suppressed entirely.
- * @param {string} text - Raw response text
- * @returns {string|null} Sanitized text, or null if message should be suppressed
- */
-function sanitizeResponse(text) {
-  if (!text) return null;
-  let result = text;
-
-  // 1. Strip thinking blocks
-  result = result.replace(/<thinking>[\s\S]*?<\/thinking>/gi, '');
-
-  // 2. NO_REPLY anywhere in text - suppress entire message
-  if (/NO_REPLY/i.test(result)) return null;
-
-  // 3. Strip chain-of-thought patterns
-  for (const pat of COT_PATTERNS) {
-    result = result.replace(pat, '');
-  }
-
-  // 4. Strip internal directive lines
-  for (const pat of INTERNAL_PATTERNS) {
-    result = result.replace(pat, '');
-  }
-
-  // 5. Handle multiple draft concatenation - take last clean block
-  const draftSplitters = /(?:Wait|Actually|Let me re|Hmm|On second thought)[^\n]*\n/i;
-  if (draftSplitters.test(result)) {
-    const parts = result.split(draftSplitters).map(p => p.trim()).filter(Boolean);
-    if (parts.length > 1) {
-      result = parts[parts.length - 1];
-    }
-  }
-
-  // 6. Replace em dashes, en dashes, and horizontal bars with commas (AI artifact, looks unnatural in texts)
-  result = result.replace(/[\u2013\u2014\u2015]/g, ',').replace(/ , /g, ', ');
-
-  // 7. Final cleanup
-  result = result.replace(/\n{3,}/g, '\n\n').trim();
-  if (!result || result.length === 0) return null;
-
-  return result;
-}
-
-/**
- * Strip sensitive lines from multi-part text (e.g. conversation history assembly).
- * @param {string} text - Text that may contain sensitive lines
- * @returns {string} Text with sensitive lines removed
- */
-function stripSensitiveLines(text) {
-  if (!text) return '';
-  const lines = text.split('\n');
-  return lines.filter(line => !SENSITIVE_LINE_PATTERNS.some(p => p.test(line))).join('\n');
-}
-
-/**
- * Full sanitization pipeline for outbound messages.
- * Combines sanitizeResponse + isInternalContent + isErrorMessage checks.
- * @param {string} text - Raw outbound message
- * @param {boolean} isMaster - Whether sending to the master phone (less restrictive)
- * @returns {{ text: string|null, blocked: boolean, reason: string }}
- */
-function sanitizeOutbound(text, isMaster = false) {
-  if (!text) return { text: null, blocked: true, reason: 'empty' };
-
-  // Sanitize first
-  let sanitized = sanitizeResponse(text);
-  if (!sanitized) return { text: null, blocked: true, reason: 'sanitizer_null' };
-
-  // For non-master phones, check for internal content and errors
-  if (!isMaster) {
-    if (isInternalContent(sanitized)) {
-      return { text: null, blocked: true, reason: 'internal_content' };
-    }
-    if (isErrorMessage(sanitized)) {
-      return { text: null, blocked: true, reason: 'error_message' };
-    }
-  }
-
-  // Clean up escape sequences and extra whitespace for text messages
-  sanitized = sanitized.replace(/\\n/g, '\n').replace(/\\t/g, ' ');
-  sanitized = sanitized.replace(/\n{3,}/g, '\n\n').trim();
-
-  return { text: sanitized, blocked: false, reason: null };
-}
-
-module.exports = {
-  isInternalContent,
-  isErrorMessage,
-  sanitizeResponse,
-  stripSensitiveLines,
-  sanitizeOutbound,
-  OUTBOUND_BLOCK_PATTERNS,
-  STRONG_BLOCK_PATTERNS,
-};