@inetafrica/open-claudia 2.0.5 → 2.1.1

package/core/loopback.js

@@ -18,6 +18,15 @@ const { CONFIG_DIR } = require("./config");
 const jobsStore = require("./jobs");
 const tasksStore = require("./tasks");
 const scheduler = require("./scheduler");
+const peopleStore = require("./people");
+const intros = require("./intros");
+const introFlow = require("./intro-flow");
+const relay = require("./relay");
+const audit = require("./audit");
+const access = require("./access");
+const fs2 = require("fs");
+const path2 = require("path");
+const { TRANSCRIPTS_DIR } = require("./config");
 
 const INFO_DIR = path.join(CONFIG_DIR, "loopback");
 const INFO_FILE = path.join(INFO_DIR, `${process.pid}.json`);
@@ -65,8 +74,20 @@ const SEND_KINDS = new Set(["send-file", "send-voice", "send-photo"]);
 const JSON_KINDS = new Set([
   "schedule-wakeup", "cron-add", "cron-remove", "job-list",
   "task-add", "task-plan", "task-update", "task-remove", "task-list", "task-tree", "task-clear-completed",
+  "people-list", "people-show", "people-add", "people-note", "people-link", "people-unlink",
+  "people-remove", "people-set-primary",
+  "intros-list", "intros-approve", "intros-reject",
+  "relay-send", "recent-fetch", "audit-tail",
+  "auth-list", "auth-revoke",
 ]);
 
+function callerIsOwner(payload) {
+  const caller = payload?.canonicalUserId;
+  if (!caller) return false;
+  const person = peopleStore.findByCanonicalUserId(caller);
+  return !!(person && person.isOwner);
+}
+
 function readBodyAsString(req, max = 64 * 1024) {
   return new Promise((resolve, reject) => {
     let buf = "";
@@ -226,9 +247,247 @@ async function handleJson(req, res, url, kind) {
     return reply(res, 200, { ok: true, tasks: remaining });
   }
 
+  if (kind === "people-list") {
+    return reply(res, 200, { ok: true, people: peopleStore.roster() });
+  }
+
+  if (kind === "people-show") {
+    const ref = payload.id || payload.name || null;
+    if (!ref) return reply(res, 400, { error: "missing id or name" });
+    const person = peopleStore.findById(ref) || peopleStore.findByName(ref);
+    if (!person) return reply(res, 404, { error: "not found" });
+    return reply(res, 200, { ok: true, person });
+  }
+
+  if (kind === "people-add") {
+    if (!callerIsOwner(payload)) return reply(res, 403, { error: "owner only" });
+    if (!payload.name) return reply(res, 400, { error: "missing name" });
+    try {
+      const p = peopleStore.add({ name: payload.name, bio: payload.bio || null, isOwner: !!payload.isOwner });
+      audit.log("people.add", { by: payload.canonicalUserId, personId: p.id, name: p.name });
+      return reply(res, 200, { ok: true, person: p });
+    } catch (e) { return reply(res, 400, { error: e.message }); }
+  }
+
+  if (kind === "people-note") {
+    const ref = payload.id || payload.name;
+    if (!ref || !payload.text) return reply(res, 400, { error: "missing id/name or text" });
+    const person = peopleStore.findById(ref) || peopleStore.findByName(ref);
+    if (!person) return reply(res, 404, { error: "not found" });
+    const entry = peopleStore.note(person.id, payload.text, { by: payload.canonicalUserId || null });
+    audit.log("people.note", { by: payload.canonicalUserId, personId: person.id });
+    return reply(res, 200, { ok: true, note: entry });
+  }
+
+  if (kind === "people-link") {
+    if (!callerIsOwner(payload)) return reply(res, 403, { error: "owner only" });
+    const ref = payload.id || payload.name;
+    if (!ref) return reply(res, 400, { error: "missing id or name" });
+    if (!payload.linkAdapter || !payload.linkChannelId) return reply(res, 400, { error: "missing linkAdapter/linkChannelId" });
+    const person = peopleStore.findById(ref) || peopleStore.findByName(ref);
+    if (!person) return reply(res, 404, { error: "not found" });
+    try {
+      const updated = peopleStore.linkHandle(person.id, {
+        adapter: payload.linkAdapter,
+        channelId: payload.linkChannelId,
+        displayName: payload.displayName || null,
+        approvedBy: payload.canonicalUserId || null,
+      });
+      audit.log("people.link", { by: payload.canonicalUserId, personId: person.id, adapter: payload.linkAdapter, channelId: payload.linkChannelId });
+      return reply(res, 200, { ok: true, person: updated });
+    } catch (e) { return reply(res, 400, { error: e.message }); }
+  }
+
+  if (kind === "people-unlink") {
+    if (!callerIsOwner(payload)) return reply(res, 403, { error: "owner only" });
+    const ref = payload.id || payload.name;
+    if (!ref) return reply(res, 400, { error: "missing id or name" });
+    if (!payload.linkAdapter || !payload.linkChannelId) return reply(res, 400, { error: "missing linkAdapter/linkChannelId" });
+    const person = peopleStore.findById(ref) || peopleStore.findByName(ref);
+    if (!person) return reply(res, 404, { error: "not found" });
+    const updated = peopleStore.unlinkHandle(person.id, { adapter: payload.linkAdapter, channelId: payload.linkChannelId });
+    if (!updated) return reply(res, 404, { error: "handle not found on person" });
+    let revoked = null;
+    if (!person.isOwner) {
+      revoked = access.revokeChat(payload.linkChannelId);
+    }
+    audit.log("people.unlink", { by: payload.canonicalUserId, personId: person.id, adapter: payload.linkAdapter, channelId: payload.linkChannelId, authRevoked: revoked });
+    return reply(res, 200, { ok: true, person: updated, authRevoked: !!(revoked && revoked.ok) });
+  }
+
+  if (kind === "people-set-primary") {
+    if (!callerIsOwner(payload)) return reply(res, 403, { error: "owner only" });
+    const ref = payload.id || payload.name;
+    if (!ref || !payload.linkAdapter || !payload.linkChannelId) return reply(res, 400, { error: "missing fields" });
+    const person = peopleStore.findById(ref) || peopleStore.findByName(ref);
+    if (!person) return reply(res, 404, { error: "not found" });
+    try {
+      const updated = peopleStore.setPrimary(person.id, { adapter: payload.linkAdapter, channelId: payload.linkChannelId });
+      audit.log("people.set-primary", { by: payload.canonicalUserId, personId: person.id });
+      return reply(res, 200, { ok: true, person: updated });
+    } catch (e) { return reply(res, 400, { error: e.message }); }
+  }
+
+  if (kind === "people-remove") {
+    if (!callerIsOwner(payload)) return reply(res, 403, { error: "owner only" });
+    const ref = payload.id || payload.name;
+    if (!ref) return reply(res, 400, { error: "missing id or name" });
+    const person = peopleStore.findById(ref) || peopleStore.findByName(ref);
+    if (!person) return reply(res, 404, { error: "not found" });
+    if (person.isOwner) return reply(res, 400, { error: "refusing to delete owner record" });
+    const handles = (person.handles || []).slice();
+    peopleStore.remove(person.id);
+    let revokedCount = 0;
+    for (const h of handles) {
+      const r = access.revokeChat(h.channelId);
+      if (r && r.ok) revokedCount += 1;
+    }
+    audit.log("people.remove", { by: payload.canonicalUserId, personId: person.id, name: person.name, revokedCount, handles });
+    return reply(res, 200, { ok: true, removed: person, revokedCount });
+  }
+
+  if (kind === "auth-list") {
+    if (!callerIsOwner(payload)) return reply(res, 403, { error: "owner only" });
+    const raw = access.listAuthorizedRaw();
+    const enriched = raw.authorized.map((a) => {
+      const person = peopleStore.findByHandle("telegram", a.chatId) || peopleStore.findByHandle("kazee", a.chatId);
+      return { ...a, personId: person?.id || null, personName: person?.name || null };
+    });
+    return reply(res, 200, { ok: true, authorized: enriched, pending: raw.pending });
+  }
+
+  if (kind === "auth-revoke") {
+    if (!callerIsOwner(payload)) return reply(res, 403, { error: "owner only" });
+    const chatId = payload.chatId;
+    if (!chatId) return reply(res, 400, { error: "missing chatId" });
+    const person = peopleStore.findByHandle("telegram", chatId) || peopleStore.findByHandle("kazee", chatId);
+    if (person && person.isOwner) return reply(res, 400, { error: "refusing to revoke owner chat" });
+    if (person) {
+      const detected = (person.handles || []).find((h) => String(h.channelId) === String(chatId));
+      if (detected) {
+        peopleStore.unlinkHandle(person.id, { adapter: detected.adapter, channelId: detected.channelId });
+      }
+    }
+    const result = access.revokeChat(chatId);
+    audit.log("auth.revoke", { by: payload.canonicalUserId, chatId, personId: person?.id || null, result });
+    return reply(res, result.ok ? 200 : 404, { ...result, personId: person?.id || null });
+  }
+
+  if (kind === "intros-list") {
+    intros.sweep();
+    return reply(res, 200, { ok: true, intros: intros.listPending() });
+  }
+
+  if (kind === "intros-approve") {
+    if (!callerIsOwner(payload)) return reply(res, 403, { error: "owner only" });
+    if (!payload.id) return reply(res, 400, { error: "missing id" });
+    const intro = intros.byId(payload.id);
+    if (!intro) return reply(res, 404, { error: "intro not found" });
+    try {
+      const result = await introFlow.applyApproval(intro, payload.canonicalUserId || "owner");
+      await introFlow.notifyIntroUser(intro, `You're in. Welcome${result.person ? ", " + result.person.name : ""}.`);
+      return reply(res, 200, { ok: true, person: result.person });
+    } catch (e) { return reply(res, 400, { error: e.message }); }
+  }
+
+  if (kind === "intros-reject") {
+    if (!callerIsOwner(payload)) return reply(res, 403, { error: "owner only" });
+    if (!payload.id) return reply(res, 400, { error: "missing id" });
+    const intro = intros.byId(payload.id);
+    if (!intro) return reply(res, 404, { error: "intro not found" });
+    intros.reject(intro.id, payload.canonicalUserId || "owner", payload.reason || null);
+    await introFlow.notifyIntroUser(intro, "Your access request was denied.");
+    audit.log("intro.rejected", { introId: intro.id, by: payload.canonicalUserId });
+    return reply(res, 200, { ok: true });
+  }
+
+  if (kind === "relay-send") {
+    if (!payload.text) return reply(res, 400, { error: "missing text" });
+    try {
+      const result = await relay.send({
+        text: payload.text,
+        from: payload.canonicalUserId || null,
+        target: {
+          personId: payload.targetPersonId || null,
+          personName: payload.targetPersonName || null,
+          canonicalUserId: payload.targetCanonicalUserId || null,
+          adapter: payload.targetAdapter || null,
+          channelId: payload.targetChannelId || null,
+        },
+        kind: "relay",
+      });
+      return reply(res, 200, { ok: true, ...result, to: { adapter: result.to.adapter, channelId: result.to.channelId, person: result.to.person ? { id: result.to.person.id, name: result.to.person.name } : null } });
+    } catch (e) { return reply(res, 400, { error: e.message }); }
+  }
+
+  if (kind === "recent-fetch") {
+    const limit = Math.max(1, Math.min(parseInt(payload.limit || 20, 10) || 20, 200));
+    try {
+      let targetAdapter = payload.adapter;
+      let targetChannel = payload.channelId;
+      if (payload.personName || payload.personId) {
+        const person = peopleStore.findById(payload.personId || "") || peopleStore.findByName(payload.personName || "");
+        if (!person) return reply(res, 404, { error: "person not found" });
+        const handle = person.primaryChannel
+          ? (person.handles || []).find((h) => h.adapter === person.primaryChannel.adapter && String(h.channelId) === String(person.primaryChannel.channelId))
+          : (person.handles || [])[0];
+        if (!handle) return reply(res, 404, { error: "person has no handles" });
+        targetAdapter = handle.adapter;
+        targetChannel = handle.channelId;
+      }
+      if (!targetAdapter || !targetChannel) return reply(res, 400, { error: "need adapter+channelId or person" });
+      const entries = readRecentTranscript(targetAdapter, targetChannel, limit);
+      return reply(res, 200, { ok: true, adapter: targetAdapter, channelId: targetChannel, entries });
+    } catch (e) { return reply(res, 400, { error: e.message }); }
+  }
+
+  if (kind === "audit-tail") {
+    if (!callerIsOwner(payload)) return reply(res, 403, { error: "owner only" });
+    const n = Math.max(1, Math.min(parseInt(payload.limit || 50, 10) || 50, 500));
+    return reply(res, 200, { ok: true, entries: audit.tail(n) });
+  }
+
   return reply(res, 404, { error: "not found" });
 }
 
+function readRecentTranscript(adapter, channelId, limit) {
+  if (!TRANSCRIPTS_DIR) return [];
+  try {
+    if (!fs2.existsSync(TRANSCRIPTS_DIR)) return [];
+    const candidates = fs2.readdirSync(TRANSCRIPTS_DIR)
+      .filter((f) => f.endsWith(".jsonl"))
+      .map((f) => path2.join(TRANSCRIPTS_DIR, f))
+      .map((p) => ({ p, mtime: fs2.statSync(p).mtimeMs }))
+      .sort((a, b) => b.mtime - a.mtime);
+    const out = [];
+    const adapterPrefix = String(adapter).toLowerCase();
+    const channelStr = String(channelId);
+    for (const { p } of candidates) {
+      if (out.length >= limit) break;
+      const raw = fs2.readFileSync(p, "utf-8").trim();
+      if (!raw) continue;
+      const lines = raw.split("\n").slice(-1000);
+      for (const line of lines) {
+        try {
+          const obj = JSON.parse(line);
+          const objAdapter = (obj.adapter || obj.adapterType || "").toLowerCase();
+          const objChannel = String(obj.channelId || "");
+          if (objAdapter && objAdapter !== adapterPrefix) continue;
+          if (objChannel && objChannel !== channelStr) continue;
+          out.push({
+            at: obj.at || obj.timestamp || null,
+            role: obj.role || obj.author || null,
+            text: typeof obj.text === "string" ? obj.text.slice(0, 600) : null,
+            kind: obj.kind || null,
+          });
+          if (out.length >= limit) break;
+        } catch (e) {}
+      }
+    }
+    return out.slice(-limit);
+  } catch (e) { return []; }
+}
+
 async function handle(req, res) {
   try {
     if (req.method !== "POST") return reply(res, 405, { error: "method not allowed" });

package/core/people.js

@@ -0,0 +1,247 @@
+// People store: the roster of human team members the bot knows about.
+// A person aggregates one or more "handles" (adapter + channelId pairs),
+// optional notes, and a primary channel for outbound messages. Auth
+// (can-this-chat-talk-to-me) stays in core/access.js; this layer adds
+// identity, notes, and cross-channel grouping on top.
+//
+// Owner is just a person with isOwner=true. The owner is auto-seeded
+// on first read from the existing auth.json (the bootstrap owner) and
+// any KAZEE_OWNER_USER_ID in env.
+
+const fs = require("fs");
+const { PEOPLE_FILE, AUTH_FILE, config } = require("./config");
+const { channelKey, setIdentityMapping, canonicalForChannel } = require("./identity");
+
+function nowIso() { return new Date().toISOString(); }
+
+function nextId() {
+  return `person_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 8)}`;
+}
+
+function load() {
+  try {
+    const raw = JSON.parse(fs.readFileSync(PEOPLE_FILE, "utf-8"));
+    if (!Array.isArray(raw)) return [];
+    return raw;
+  } catch (e) { return []; }
+}
+
+function save(list) {
+  const tmp = `${PEOPLE_FILE}.tmp`;
+  fs.writeFileSync(tmp, JSON.stringify(list, null, 2));
+  fs.renameSync(tmp, PEOPLE_FILE);
+}
+
+function findById(id) {
+  return load().find((p) => p.id === id) || null;
+}
+
+function findByName(name) {
+  const needle = String(name || "").trim().toLowerCase();
+  if (!needle) return null;
+  return load().find((p) => (p.name || "").toLowerCase() === needle) || null;
+}
+
+function findByCanonicalUserId(canonicalUserId) {
+  const id = String(canonicalUserId || "").toLowerCase();
+  if (!id) return null;
+  return load().find((p) => (p.handles || []).some((h) => h.canonicalUserId === id)) || null;
+}
+
+function findByHandle(adapter, channelId) {
+  const a = String(adapter || "").toLowerCase();
+  const c = String(channelId || "");
+  return load().find((p) => (p.handles || []).some((h) => h.adapter === a && String(h.channelId) === c)) || null;
+}
+
+function list() { return load(); }
+
+function add({ name, isOwner = false, bio = null }) {
+  const all = load();
+  const p = {
+    id: nextId(),
+    name: String(name || "").trim(),
+    isOwner: !!isOwner,
+    bio: bio ? String(bio) : null,
+    handles: [],
+    notes: [],
+    primaryChannel: null,
+    createdAt: nowIso(),
+    updatedAt: nowIso(),
+  };
+  if (!p.name) throw new Error("person name is required");
+  all.push(p);
+  save(all);
+  return p;
+}
+
+function update(id, patch) {
+  const all = load();
+  const idx = all.findIndex((p) => p.id === id);
+  if (idx < 0) return null;
+  all[idx] = { ...all[idx], ...patch, updatedAt: nowIso() };
+  save(all);
+  return all[idx];
+}
+
+function remove(id) {
+  const all = load();
+  const idx = all.findIndex((p) => p.id === id);
+  if (idx < 0) return null;
+  const [removed] = all.splice(idx, 1);
+  save(all);
+  return removed;
+}
+
+// Attach a channel handle to a person. Also writes the channel→canonical
+// link in identities.json so the rest of the bot resolves the chat to
+// the same canonical user id as any other handle on this person.
+function linkHandle(personId, { adapter, channelId, displayName = null, approvedBy = null }) {
+  const all = load();
+  const p = all.find((x) => x.id === personId);
+  if (!p) throw new Error(`person not found: ${personId}`);
+  const a = String(adapter || "").toLowerCase();
+  const c = String(channelId || "");
+  if (!a || !c) throw new Error("adapter and channelId are required");
+
+  if (!Array.isArray(p.handles)) p.handles = [];
+  const conflict = all.find((other) =>
+    other.id !== p.id &&
+    (other.handles || []).some((h) => h.adapter === a && String(h.channelId) === c));
+  if (conflict) throw new Error(`handle ${a}:${c} already linked to ${conflict.name} (${conflict.id})`);
+
+  const canonical = canonicalForChannel(a, c);
+  const existing = p.handles.find((h) => h.adapter === a && String(h.channelId) === c);
+  if (!existing) {
+    p.handles.push({
+      adapter: a,
+      channelId: c,
+      canonicalUserId: canonical,
+      displayName,
+      approvedBy,
+      addedAt: nowIso(),
+    });
+  } else {
+    existing.canonicalUserId = canonical;
+    existing.displayName = displayName || existing.displayName;
+  }
+
+  if (!p.primaryChannel) p.primaryChannel = { adapter: a, channelId: c };
+  p.updatedAt = nowIso();
+  save(all);
+
+  // Mirror into identities.json so canonicalForChannel resolves cross-handle.
+  if (p.handles.length > 1) {
+    const primary = p.handles[0];
+    const primaryCanonical = primary.canonicalUserId || canonicalForChannel(primary.adapter, primary.channelId);
+    try { setIdentityMapping(a, c, primaryCanonical); } catch (e) {}
+  }
+
+  return p;
+}
+
+function unlinkHandle(personId, { adapter, channelId }) {
+  const all = load();
+  const p = all.find((x) => x.id === personId);
+  if (!p) return null;
+  const a = String(adapter || "").toLowerCase();
+  const c = String(channelId || "");
+  const before = (p.handles || []).length;
+  p.handles = (p.handles || []).filter((h) => !(h.adapter === a && String(h.channelId) === c));
+  if (p.primaryChannel && p.primaryChannel.adapter === a && String(p.primaryChannel.channelId) === c) {
+    p.primaryChannel = p.handles[0] ? { adapter: p.handles[0].adapter, channelId: p.handles[0].channelId } : null;
+  }
+  if (p.handles.length === before) return null;
+  p.updatedAt = nowIso();
+  save(all);
+  return p;
+}
+
+function setPrimary(personId, { adapter, channelId }) {
+  const all = load();
+  const p = all.find((x) => x.id === personId);
+  if (!p) return null;
+  const a = String(adapter || "").toLowerCase();
+  const c = String(channelId || "");
+  const has = (p.handles || []).some((h) => h.adapter === a && String(h.channelId) === c);
+  if (!has) throw new Error(`person ${p.id} has no handle ${a}:${c}`);
+  p.primaryChannel = { adapter: a, channelId: c };
+  p.updatedAt = nowIso();
+  save(all);
+  return p;
+}
+
+function note(personId, text, { by = null } = {}) {
+  const all = load();
+  const p = all.find((x) => x.id === personId);
+  if (!p) return null;
+  if (!Array.isArray(p.notes)) p.notes = [];
+  const entry = { at: nowIso(), by, text: String(text || "").trim() };
+  if (!entry.text) throw new Error("note text is required");
+  p.notes.push(entry);
+  p.updatedAt = nowIso();
+  save(all);
+  return entry;
+}
+
+function removeNote(personId, index) {
+  const all = load();
+  const p = all.find((x) => x.id === personId);
+  if (!p || !Array.isArray(p.notes)) return null;
+  if (index < 0 || index >= p.notes.length) return null;
+  const [removed] = p.notes.splice(index, 1);
+  p.updatedAt = nowIso();
+  save(all);
+  return removed;
+}
+
+function owners() { return load().filter((p) => p.isOwner); }
+
+function hasOwnerRecord() { return owners().length > 0; }
+
+// First-boot seeding: if people.json is empty but auth.json has an
+// owner entry (the legacy bootstrap), promote that owner into a person
+// record so the new system has a baseline before any intros happen.
+function seedOwnerFromLegacy() {
+  if (hasOwnerRecord()) return null;
+  let legacyOwner = null;
+  try {
+    const auth = JSON.parse(fs.readFileSync(AUTH_FILE, "utf-8"));
+    legacyOwner = (auth.authorized || []).find((a) => a.isOwner === true) || null;
+  } catch (e) {}
+  if (!legacyOwner) return null;
+
+  const adapter = "telegram";
+  const channelId = String(legacyOwner.chatId);
+  const name = legacyOwner.name || legacyOwner.username || "Owner";
+
+  const person = add({ name, isOwner: true, bio: "Seeded from legacy auth.json" });
+  try { linkHandle(person.id, { adapter, channelId, displayName: legacyOwner.username || null, approvedBy: "bootstrap" }); } catch (e) {}
+
+  const kazeeOwnerUserId = (config && config.KAZEE_OWNER_USER_ID) || "";
+  if (kazeeOwnerUserId) {
+    try { linkHandle(person.id, { adapter: "kazee", channelId: kazeeOwnerUserId, approvedBy: "bootstrap" }); } catch (e) {}
+  }
+  return person;
+}
+
+function roster() {
+  return load().map((p) => ({
+    id: p.id,
+    name: p.name,
+    isOwner: !!p.isOwner,
+    bio: p.bio || null,
+    handles: (p.handles || []).map((h) => ({ adapter: h.adapter, channelId: h.channelId })),
+    primaryChannel: p.primaryChannel || null,
+    notes: (p.notes || []).slice(-5),
+  }));
+}
+
+module.exports = {
+  load, save, list, roster,
+  add, update, remove,
+  findById, findByName, findByCanonicalUserId, findByHandle,
+  linkHandle, unlinkHandle, setPrimary,
+  note, removeNote,
+  owners, hasOwnerRecord, seedOwnerFromLegacy,
+};

package/core/relay.js

@@ -0,0 +1,61 @@
+// Cross-channel relay: lets the agent (or any authorized caller) send
+// a message to another person on any of their handles, without being
+// inside that chat's async-local context. Resolves person → handle →
+// adapter → send. Every send is audited.
+
+const people = require("./people");
+const registry = require("./adapter-registry");
+const audit = require("./audit");
+
+function resolveTarget({ personId, personName, canonicalUserId, adapter, channelId }) {
+  if (adapter && channelId) {
+    return { adapter: String(adapter).toLowerCase(), channelId: String(channelId), person: people.findByHandle(adapter, channelId) };
+  }
+  let person = null;
+  if (personId) person = people.findById(personId);
+  if (!person && personName) person = people.findByName(personName);
+  if (!person && canonicalUserId) person = people.findByCanonicalUserId(canonicalUserId);
+  if (!person) throw new Error("target person not found");
+  const handles = person.handles || [];
+  if (handles.length === 0) throw new Error(`person ${person.name} has no handles`);
+  const primary = person.primaryChannel
+    ? handles.find((h) => h.adapter === person.primaryChannel.adapter && String(h.channelId) === String(person.primaryChannel.channelId))
+    : null;
+  const handle = primary || handles[0];
+  return { adapter: handle.adapter, channelId: handle.channelId, person };
+}
+
+async function send({ text, target, from = null, kind = "relay" }) {
+  if (!text || !String(text).trim()) throw new Error("text is required");
+  const resolved = resolveTarget(target);
+  const adapter = registry.findAdapter(resolved.adapter) || registry.getAdapters().find((a) => a.type === resolved.adapter);
+  if (!adapter) throw new Error(`no live adapter for ${resolved.adapter}`);
+
+  let ok = false;
+  let messageId = null;
+  let errorMsg = null;
+  try {
+    const result = await adapter.send(resolved.channelId, String(text));
+    if (typeof result === "object" && result && "messageId" in result) { messageId = result.messageId; ok = !!messageId; }
+    else { messageId = result; ok = !!result; }
+  } catch (e) { errorMsg = e.message; }
+
+  audit.log(kind, {
+    from,
+    to: {
+      personId: resolved.person?.id || null,
+      personName: resolved.person?.name || null,
+      adapter: resolved.adapter,
+      channelId: resolved.channelId,
+    },
+    ok,
+    messageId,
+    textPreview: String(text).slice(0, 200),
+    error: errorMsg,
+  });
+
+  if (!ok) throw new Error(errorMsg || "send failed");
+  return { ok, messageId, to: { adapter: resolved.adapter, channelId: resolved.channelId, person: resolved.person } };
+}
+
+module.exports = { send, resolveTarget };

package/core/router.js

@@ -8,6 +8,7 @@ const { runInChat } = require("./context");
 const { dispatch } = require("./commands");
 const { handleAction } = require("./actions");
 const { isChatAuthorized } = require("./access");
+const introFlow = require("./intro-flow");
 const { send, deleteMessage } = require("./io");
 const { currentState } = require("./state");
 const { runClaude } = require("./runner");
@@ -78,7 +79,13 @@ async function onMessage(envelope) {
         return;
       }
 
-      if (!isChatAuthorized(envelope.channelId)) return;
+      if (!isChatAuthorized(envelope.channelId)) {
+        if (envelope.type === "text") {
+          if (isDuplicate(envelope)) return;
+          await introFlow.handleInbound(envelope, (text) => send(text));
+        }
+        return;
+      }
 
       if (envelope.type === "voice") return handleVoice(envelope);
       if (envelope.type === "audio") return handleAudio(envelope);