@elizaos/autonomous 2.0.0-alpha.10

package/src/services/signal-pairing.ts

@@ -0,0 +1,189 @@
+/**
+ * Signal pairing service — manages device linking via QR code.
+ *
+ * Mirrors whatsapp-pairing.ts but uses @elizaos/signal-native instead of
+ * Baileys. Signal linking produces a single provisioning URL (not a refresh
+ * loop) — if it times out, restart the session.
+ */
+
+import fs from "node:fs";
+import path from "node:path";
+
+const LOG_PREFIX = "[signal-pairing]";
+const SIGNAL_NATIVE_MODULE_ID = "@elizaos/signal-native";
+
+/** Validate accountId to prevent path traversal. */
+export function sanitizeAccountId(raw: string): string {
+  const cleaned = raw.replace(/[^a-zA-Z0-9_-]/g, "");
+  if (!cleaned || cleaned !== raw) {
+    throw new Error(
+      `Invalid accountId: must only contain alphanumeric characters, dashes, and underscores`,
+    );
+  }
+  return cleaned;
+}
+
+export type SignalPairingStatus =
+  | "idle"
+  | "initializing"
+  | "waiting_for_qr"
+  | "connected"
+  | "disconnected"
+  | "timeout"
+  | "error";
+
+export interface SignalPairingEvent {
+  type: "signal-qr" | "signal-status";
+  accountId: string;
+  qrDataUrl?: string;
+  status?: SignalPairingStatus;
+  uuid?: string;
+  phoneNumber?: string;
+  error?: string;
+}
+
+export interface SignalPairingOptions {
+  authDir: string;
+  accountId: string;
+  onEvent: (event: SignalPairingEvent) => void;
+}
+
+interface QrCodeModule {
+  toDataURL: (
+    text: string,
+    options?: Record<string, unknown>,
+  ) => Promise<string>;
+}
+
+export class SignalPairingSession {
+  private status: SignalPairingStatus = "idle";
+  private options: SignalPairingOptions;
+  private aborted = false;
+
+  constructor(options: SignalPairingOptions) {
+    this.options = options;
+  }
+
+  async start(): Promise<void> {
+    this.aborted = false;
+    this.setStatus("initializing");
+
+    let native: typeof import("@elizaos/signal-native");
+    let qrCode: QrCodeModule;
+    try {
+      native = await import(/* @vite-ignore */ SIGNAL_NATIVE_MODULE_ID);
+      const importedQrCode = await import("qrcode");
+      qrCode = (importedQrCode.default ?? importedQrCode) as QrCodeModule;
+    } catch (err) {
+      this.setStatus("error");
+      this.options.onEvent({
+        type: "signal-status",
+        accountId: this.options.accountId,
+        status: "error",
+        error: `Failed to load dependencies: ${err instanceof Error ? err.message : String(err)}`,
+      });
+      return;
+    }
+
+    fs.mkdirSync(this.options.authDir, { recursive: true });
+
+    try {
+      console.info(`${LOG_PREFIX} Starting device linking...`);
+      const provisioningUrl = await native.linkDevice(
+        this.options.authDir,
+        "Milady AI",
+      );
+
+      if (this.aborted) return;
+
+      const qrDataUrl = await qrCode.toDataURL(provisioningUrl, {
+        width: 256,
+        margin: 2,
+        color: { dark: "#000000", light: "#ffffff" },
+      });
+
+      this.setStatus("waiting_for_qr");
+      this.options.onEvent({
+        type: "signal-qr",
+        accountId: this.options.accountId,
+        qrDataUrl,
+      });
+
+      console.info(
+        `${LOG_PREFIX} QR code generated, waiting for user to scan...`,
+      );
+
+      await native.finishLink(this.options.authDir);
+      if (this.aborted) return;
+
+      let uuid = "";
+      let phoneNumber = "";
+      try {
+        const profile = await native.getProfile(this.options.authDir);
+        uuid = profile.uuid;
+        phoneNumber = profile.phoneNumber ?? "";
+      } catch {
+        // Profile fetch is non-critical.
+      }
+
+      this.setStatus("connected");
+      this.options.onEvent({
+        type: "signal-status",
+        accountId: this.options.accountId,
+        status: "connected",
+        uuid,
+        phoneNumber,
+      });
+
+      console.info(
+        `${LOG_PREFIX} Device linked successfully${phoneNumber ? ` (${phoneNumber})` : ""}`,
+      );
+    } catch (err) {
+      if (this.aborted) return;
+
+      const errMsg = err instanceof Error ? err.message : String(err);
+      console.error(`${LOG_PREFIX} Linking failed:`, errMsg);
+
+      this.setStatus("error");
+      this.options.onEvent({
+        type: "signal-status",
+        accountId: this.options.accountId,
+        status: "error",
+        error: errMsg,
+      });
+    }
+  }
+
+  stop(): void {
+    this.aborted = true;
+  }
+
+  getStatus(): SignalPairingStatus {
+    return this.status;
+  }
+
+  private setStatus(status: SignalPairingStatus): void {
+    this.status = status;
+    this.options.onEvent({
+      type: "signal-status",
+      accountId: this.options.accountId,
+      status,
+    });
+  }
+}
+
+export function signalAuthExists(
+  workspaceDir: string,
+  accountId = "default",
+): boolean {
+  const authDir = path.join(workspaceDir, "signal-auth", accountId);
+  return fs.existsSync(authDir);
+}
+
+export function signalLogout(
+  workspaceDir: string,
+  accountId = "default",
+): void {
+  const authDir = path.join(workspaceDir, "signal-auth", accountId);
+  fs.rmSync(authDir, { recursive: true, force: true });
+}

package/src/services/signing-policy.ts

@@ -0,0 +1,230 @@
+/**
+ * Transaction signing policy engine.
+ * Evaluates requests against chain/contract/value/rate/method/replay rules.
+ */
+
+export interface SigningPolicy {
+  allowedChainIds: number[]; // empty = allow all
+  allowedContracts: string[]; // lowercase; empty = allow all
+  deniedContracts: string[]; // checked before allowlist
+  maxTransactionValueWei: string; // string for BigInt compat
+  maxTransactionsPerHour: number;
+  maxTransactionsPerDay: number;
+  allowedMethodSelectors: string[]; // 4-byte hex; empty = allow all
+  humanConfirmationThresholdWei: string;
+  requireHumanConfirmation: boolean;
+}
+
+export interface SigningRequest {
+  requestId: string;
+  chainId: number;
+  to: string;
+  value: string;
+  data: string;
+  nonce?: number;
+  gasLimit?: string;
+  createdAt: number;
+}
+
+export type PolicyDecision = {
+  allowed: boolean;
+  reason: string;
+  requiresHumanConfirmation: boolean;
+  matchedRule: string;
+};
+
+export function createDefaultPolicy(): SigningPolicy {
+  return {
+    allowedChainIds: [],
+    allowedContracts: [],
+    deniedContracts: [],
+    maxTransactionValueWei: "100000000000000000", // 0.1 ETH
+    maxTransactionsPerHour: 10,
+    maxTransactionsPerDay: 50,
+    allowedMethodSelectors: [],
+    humanConfirmationThresholdWei: "10000000000000000", // 0.01 ETH
+    requireHumanConfirmation: false,
+  };
+}
+
+export class SigningPolicyEvaluator {
+  private policy: SigningPolicy;
+  private requestLog: Array<{ requestId: string; timestamp: number }> = [];
+  private processedRequestIds = new Set<string>();
+
+  constructor(policy?: SigningPolicy) {
+    this.policy = policy ?? createDefaultPolicy();
+  }
+
+  updatePolicy(policy: SigningPolicy): void {
+    this.policy = policy;
+  }
+
+  getPolicy(): SigningPolicy {
+    return { ...this.policy };
+  }
+
+  evaluate(request: SigningRequest): PolicyDecision {
+    // ── Replay protection ────────────────────────────────────────────
+    if (this.processedRequestIds.has(request.requestId)) {
+      return {
+        allowed: false,
+        reason: `Replay detected: request ${request.requestId} already processed`,
+        requiresHumanConfirmation: false,
+        matchedRule: "replay_protection",
+      };
+    }
+
+    // ── Chain ID ─────────────────────────────────────────────────────
+    if (
+      this.policy.allowedChainIds.length > 0 &&
+      !this.policy.allowedChainIds.includes(request.chainId)
+    ) {
+      return {
+        allowed: false,
+        reason: `Chain ${request.chainId} not in allowlist`,
+        requiresHumanConfirmation: false,
+        matchedRule: "chain_id_allowlist",
+      };
+    }
+
+    // ── Contract denylist ────────────────────────────────────────────
+    const normalizedTo = request.to.toLowerCase();
+    if (
+      this.policy.deniedContracts.some((c) => c.toLowerCase() === normalizedTo)
+    ) {
+      return {
+        allowed: false,
+        reason: `Contract ${request.to} is denylisted`,
+        requiresHumanConfirmation: false,
+        matchedRule: "contract_denylist",
+      };
+    }
+
+    // ── Contract allowlist ───────────────────────────────────────────
+    if (
+      this.policy.allowedContracts.length > 0 &&
+      !this.policy.allowedContracts.some(
+        (c) => c.toLowerCase() === normalizedTo,
+      )
+    ) {
+      return {
+        allowed: false,
+        reason: `Contract ${request.to} not in allowlist`,
+        requiresHumanConfirmation: false,
+        matchedRule: "contract_allowlist",
+      };
+    }
+
+    // ── Value cap ────────────────────────────────────────────────────
+    try {
+      const txValue = BigInt(request.value || "0");
+      const maxValue = BigInt(this.policy.maxTransactionValueWei);
+      if (txValue > maxValue) {
+        return {
+          allowed: false,
+          reason: `Value ${request.value} exceeds max ${this.policy.maxTransactionValueWei}`,
+          requiresHumanConfirmation: false,
+          matchedRule: "value_cap",
+        };
+      }
+    } catch {
+      return {
+        allowed: false,
+        reason: "Invalid transaction value format",
+        requiresHumanConfirmation: false,
+        matchedRule: "value_parse_error",
+      };
+    }
+
+    // ── Method selector ──────────────────────────────────────────────
+    if (
+      this.policy.allowedMethodSelectors.length > 0 &&
+      request.data &&
+      request.data.length >= 10
+    ) {
+      const selector = request.data.substring(0, 10).toLowerCase();
+      if (
+        !this.policy.allowedMethodSelectors.some(
+          (s) => s.toLowerCase() === selector,
+        )
+      ) {
+        return {
+          allowed: false,
+          reason: `Method selector ${selector} not in allowlist`,
+          requiresHumanConfirmation: false,
+          matchedRule: "method_selector_allowlist",
+        };
+      }
+    }
+
+    // ── Rate limiting ────────────────────────────────────────────────
+    const now = Date.now();
+    const oneHourAgo = now - 60 * 60 * 1000;
+    const oneDayAgo = now - 24 * 60 * 60 * 1000;
+
+    // Prune old entries
+    this.requestLog = this.requestLog.filter((r) => r.timestamp > oneDayAgo);
+
+    const hourCount = this.requestLog.filter(
+      (r) => r.timestamp > oneHourAgo,
+    ).length;
+    if (hourCount >= this.policy.maxTransactionsPerHour) {
+      return {
+        allowed: false,
+        reason: `Rate limit: ${hourCount}/${this.policy.maxTransactionsPerHour} per hour`,
+        requiresHumanConfirmation: false,
+        matchedRule: "rate_limit_hourly",
+      };
+    }
+
+    const dayCount = this.requestLog.filter(
+      (r) => r.timestamp > oneDayAgo,
+    ).length;
+    if (dayCount >= this.policy.maxTransactionsPerDay) {
+      return {
+        allowed: false,
+        reason: `Rate limit: ${dayCount}/${this.policy.maxTransactionsPerDay} per day`,
+        requiresHumanConfirmation: false,
+        matchedRule: "rate_limit_daily",
+      };
+    }
+
+    // ── Human confirmation ───────────────────────────────────────────
+    let needsHumanConfirmation = this.policy.requireHumanConfirmation;
+    if (!needsHumanConfirmation) {
+      try {
+        const txValue = BigInt(request.value || "0");
+        const threshold = BigInt(this.policy.humanConfirmationThresholdWei);
+        if (txValue > threshold) {
+          needsHumanConfirmation = true;
+        }
+      } catch {
+        // If value parsing fails for confirmation check, require confirmation
+        needsHumanConfirmation = true;
+      }
+    }
+
+    // ── Allowed ──────────────────────────────────────────────────────
+    return {
+      allowed: true,
+      reason: "All policy checks passed",
+      requiresHumanConfirmation: needsHumanConfirmation,
+      matchedRule: "allowed",
+    };
+  }
+
+  /** Record after signing completes (for replay + rate tracking). */
+  recordRequest(requestId: string): void {
+    this.processedRequestIds.add(requestId);
+    this.requestLog.push({ requestId, timestamp: Date.now() });
+
+    // Bound replay cache
+    if (this.processedRequestIds.size > 10000) {
+      const oldest = [...this.processedRequestIds].slice(0, 5000);
+      for (const id of oldest) {
+        this.processedRequestIds.delete(id);
+      }
+    }
+  }
+}

package/src/services/skill-catalog-client.ts

@@ -0,0 +1,195 @@
+/**
+ * Skill Catalog Client for Milady.
+ *
+ * Provides a cached skill catalog (memory -> file) sourced from the
+ * local skills/.cache/catalog.json. Supports search and browse.
+ *
+ * @module services/skill-catalog-client
+ */
+
+import fs from "node:fs/promises";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { logger } from "@elizaos/core";
+
+export interface CatalogSkillStats {
+  comments: number;
+  downloads: number;
+  installsAllTime: number;
+  installsCurrent: number;
+  stars: number;
+  versions: number;
+}
+
+export interface CatalogSkillVersion {
+  version: string;
+  createdAt: number;
+  changelog: string;
+}
+
+export interface CatalogSkill {
+  slug: string;
+  displayName: string;
+  summary: string | null;
+  tags: Record<string, string>;
+  stats: CatalogSkillStats;
+  createdAt: number;
+  updatedAt: number;
+  latestVersion: CatalogSkillVersion | null;
+}
+
+export interface CatalogSearchResult {
+  slug: string;
+  displayName: string;
+  summary: string | null;
+  score: number;
+  latestVersion: string | null;
+  downloads: number;
+  stars: number;
+  installs: number;
+}
+
+let memoryCache: {
+  skills: CatalogSkill[];
+  loadedAt: number;
+} | null = null;
+
+const MEMORY_TTL_MS = 600_000;
+
+function findCatalogPaths(): string[] {
+  const paths: string[] = [];
+
+  const envPath = process.env.MILADY_SKILLS_CATALOG?.trim();
+  if (envPath) return [envPath];
+
+  let dir = import.meta.dirname ?? path.dirname(fileURLToPath(import.meta.url));
+  for (let i = 0; i < 5; i++) {
+    paths.push(path.join(dir, "skills", ".cache", "catalog.json"));
+    const parent = path.dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+
+  const home = process.env.HOME ?? process.env.USERPROFILE ?? "";
+  if (home) {
+    paths.push(path.join(home, ".milady", "skills", "catalog.json"));
+  }
+
+  return paths;
+}
+
+async function readCatalogFile(): Promise<CatalogSkill[] | null> {
+  for (const catalogPath of findCatalogPaths()) {
+    try {
+      const raw = await fs.readFile(catalogPath, "utf-8");
+      const parsed = JSON.parse(raw) as {
+        data?: CatalogSkill[];
+        cachedAt?: number;
+      };
+      if (Array.isArray(parsed.data) && parsed.data.length > 0) {
+        logger.debug(
+          `[skill-catalog] Loaded ${parsed.data.length} skills from ${catalogPath}`,
+        );
+        return parsed.data;
+      }
+    } catch {
+      // Try next path.
+    }
+  }
+  return null;
+}
+
+export async function getCatalogSkills(): Promise<CatalogSkill[]> {
+  if (memoryCache && Date.now() - memoryCache.loadedAt < MEMORY_TTL_MS) {
+    return memoryCache.skills;
+  }
+
+  const skills = await readCatalogFile();
+  if (!skills) {
+    logger.warn("[skill-catalog] No catalog file found");
+    return [];
+  }
+
+  memoryCache = { skills, loadedAt: Date.now() };
+  return skills;
+}
+
+export async function refreshCatalog(): Promise<CatalogSkill[]> {
+  memoryCache = null;
+  return getCatalogSkills();
+}
+
+export async function getCatalogSkill(
+  slug: string,
+): Promise<CatalogSkill | null> {
+  const skills = await getCatalogSkills();
+  return skills.find((s) => s.slug === slug) ?? null;
+}
+
+export async function searchCatalogSkills(
+  query: string,
+  limit = 30,
+): Promise<CatalogSearchResult[]> {
+  const skills = await getCatalogSkills();
+  const lq = query.toLowerCase();
+  const terms = lq.split(/\s+/).filter((t) => t.length > 1);
+
+  const scored: Array<{ s: CatalogSkill; score: number }> = [];
+
+  for (const skill of skills) {
+    const slug = skill.slug.toLowerCase();
+    const name = (skill.displayName ?? "").toLowerCase();
+    const summary = (skill.summary ?? "").toLowerCase();
+    let score = 0;
+
+    if (slug === lq || name === lq) score += 100;
+    else if (slug.includes(lq)) score += 50;
+    else if (name.includes(lq)) score += 45;
+
+    if (summary.includes(lq)) score += 30;
+
+    for (const tag of Object.keys(skill.tags)) {
+      if (tag.toLowerCase().includes(lq)) score += 20;
+    }
+
+    for (const term of terms) {
+      if (slug.includes(term)) score += 15;
+      if (name.includes(term)) score += 12;
+      if (summary.includes(term)) score += 8;
+    }
+
+    if (score > 0) {
+      if (skill.stats.downloads > 50) score += 3;
+      if (skill.stats.downloads > 200) score += 3;
+      if (skill.stats.stars > 0) score += 2;
+      if (skill.stats.installsCurrent > 0) score += 2;
+      scored.push({ s: skill, score });
+    }
+  }
+
+  scored.sort(
+    (a, b) => b.score - a.score || b.s.stats.downloads - a.s.stats.downloads,
+  );
+  const max = scored[0]?.score || 1;
+
+  return scored.slice(0, limit).map(({ s, score }) => ({
+    slug: s.slug,
+    displayName: s.displayName,
+    summary: s.summary,
+    score: score / max,
+    latestVersion: s.latestVersion?.version ?? null,
+    downloads: s.stats.downloads,
+    stars: s.stats.stars,
+    installs: s.stats.installsAllTime,
+  }));
+}
+
+export async function getTrendingSkills(limit = 30): Promise<CatalogSkill[]> {
+  const skills = await getCatalogSkills();
+  return [...skills]
+    .sort(
+      (a, b) =>
+        b.stats.downloads - a.stats.downloads || b.updatedAt - a.updatedAt,
+    )
+    .slice(0, limit);
+}