@moltflow/skills 1.2.0 → 1.4.0

package/SKILL.md

@@ -1,12 +1,12 @@
 ---
 name: "WhatsApp Automation & A2A"
-description: "MoltFlow — complete WhatsApp automation platform: sessions, messaging, groups, labels, webhooks, AI (voice transcription, RAG, style profiles, reply generation), agent-to-agent protocol (JSON-RPC, encryption), review collection (14+ language sentiment analysis), auth, API keys, and Stripe billing."
-metadata: {"openclaw":{"emoji":"📱","homepage":"https://moltflow.com","requires":{"env":["MOLTFLOW_API_KEY"]},"primaryEnv":"MOLTFLOW_API_KEY"}}
+description: "MoltFlow — complete WhatsApp automation platform: sessions, messaging, groups, labels, AI-powered replies, anti-spam rules, content safeguards, auto-feedback collection, intention detection, lead management, agent-to-agent protocol (JSON-RPC, encryption), and configurable policies."
+metadata: {"openclaw":{"emoji":"📱","homepage":"https://waiflow.app","requires":{"env":["MOLTFLOW_API_KEY"]},"primaryEnv":"MOLTFLOW_API_KEY"}}
 ---
 
 # WhatsApp Automation & A2A
 
-MoltFlow provides a complete WhatsApp automation API with managed sessions, group monitoring, AI-powered replies, agent-to-agent communication, review collection, and Stripe billing.
+MoltFlow provides a complete WhatsApp automation API with managed sessions, messaging, group monitoring, labels, anti-spam rules, content safeguards, AI-powered replies, auto-feedback collection, lead management, and agent-to-agent communication.
 
 ## When to use
 
@@ -15,25 +15,51 @@ Use this skill when you need to:
 - Send text messages, list chats, read message history
 - Monitor groups for leads or keywords
 - Manage contact labels (WhatsApp Business sync)
-- Configure webhooks for real-time events
-- Transcribe voice messages (Whisper AI)
-- Manage RAG knowledge base (upload docs, semantic search)
+- Configure anti-spam rules (rate limits, duplicate blocking, pattern filters)
+- Set up content safeguards (block secrets, PII, prompt injection)
 - Train style profiles and generate AI replies
+- Collect feedback via sentiment analysis (14+ languages)
+- Export testimonials (JSON/HTML)
 - Discover and message other AI agents (A2A JSON-RPC 2.0)
 - Manage encryption keys (X25519-AES256GCM)
-- Collect reviews via sentiment analysis (14+ languages)
-- Export testimonials (JSON/HTML)
 - Manage API keys, usage tracking, billing (Stripe)
 
+## Use cases
+
+**Personal automation:**
+- Auto-reply to WhatsApp messages while you're busy (AI learns your tone)
+- Forward important group mentions to a private chat
+- Schedule follow-up messages to contacts after meetings
+- Collect and organize customer testimonials from group conversations
+
+**Business & lead management:**
+- Monitor industry groups for purchase-intent keywords ("looking for", "need help with")
+- Auto-label new leads as VIP/Hot/Cold based on message sentiment
+- Route group-detected leads to your sales team via labels
+- Run feedback collectors across all chats — auto-approve positive reviews for your website
+
+**Agent-to-Agent (A2A):**
+- Build a support agent that escalates complex tickets to a human agent over A2A
+- Connect your booking agent with a payment agent — encrypted end-to-end
+- Create a multi-agent pipeline: lead detection → qualification → outreach → follow-up
+- Let two businesses' agents negotiate and exchange data securely (X25519-AES256GCM)
+- Resolve any WhatsApp number to check if they run a MoltFlow agent, then message directly
+
+**Safety & compliance:**
+- Block outgoing messages containing API keys, credit cards, or SSNs automatically
+- Set rate limits to prevent accidental spam (typing indicators + random delays built-in)
+- Create custom regex rules to flag sensitive content before it leaves your account
+- Test any message against your full policy stack before sending
+
 ## Setup
 
 Env vars:
-- `MOLTFLOW_API_KEY` (required) — API key from moltflow.com dashboard
-- `MOLTFLOW_API_URL` (optional) — defaults to `https://api.moltflow.com`
+- `MOLTFLOW_API_KEY` (required) — API key from waiflow.app dashboard
+- `MOLTFLOW_API_URL` (optional) — defaults to `https://apiv2.waiflow.app`
 
 Authentication: `X-API-Key: $MOLTFLOW_API_KEY` header or `Authorization: Bearer $TOKEN` (JWT from login).
 
-Base URL: `https://api.moltflow.com/api/v2`
+Base URL: `https://apiv2.waiflow.app/api/v2`
 
 ---
 
@@ -42,21 +68,21 @@ Base URL: `https://api.moltflow.com/api/v2`
 ```bash
 # List all sessions
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/sessions
+  https://apiv2.waiflow.app/api/v2/sessions
 
 # Create new session
 curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
   -H "Content-Type: application/json" \
   -d '{"name": "Main Line"}' \
-  https://api.moltflow.com/api/v2/sessions
+  https://apiv2.waiflow.app/api/v2/sessions
 
 # Get session details
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/sessions/{session_id}
+  https://apiv2.waiflow.app/api/v2/sessions/{session_id}
 
 # Delete session
 curl -X DELETE -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/sessions/{session_id}
+  https://apiv2.waiflow.app/api/v2/sessions/{session_id}
 ```
 
 | Endpoint | Method | Description |
@@ -73,15 +99,15 @@ curl -X DELETE -H "X-API-Key: $MOLTFLOW_API_KEY" \
 curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
   -H "Content-Type: application/json" \
   -d '{"session_id": "uuid", "chat_id": "1234567890@c.us", "message": "Hello!"}' \
-  https://api.moltflow.com/api/v2/messages/send
+  https://apiv2.waiflow.app/api/v2/messages/send
 
 # List chats for a session
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/messages/chats/{session_id}
+  https://apiv2.waiflow.app/api/v2/messages/chats/{session_id}
 
 # Get chat messages
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/messages/chat/{session_id}/{chat_id}
+  https://apiv2.waiflow.app/api/v2/messages/chat/{session_id}/{chat_id}
 ```
 
 | Endpoint | Method | Description |
@@ -96,23 +122,23 @@ curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
 ```bash
 # List monitored groups
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/groups
+  https://apiv2.waiflow.app/api/v2/groups
 
 # List available WhatsApp groups
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/groups/available/{session_id}
+  https://apiv2.waiflow.app/api/v2/groups/available/{session_id}
 
 # Add group to monitor
 curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
   -H "Content-Type: application/json" \
   -d '{"session_id": "uuid", "wa_group_id": "123456@g.us", "monitor_mode": "first_message"}' \
-  https://api.moltflow.com/api/v2/groups
+  https://apiv2.waiflow.app/api/v2/groups
 
 # Update monitoring settings
 curl -X PATCH -H "X-API-Key: $MOLTFLOW_API_KEY" \
   -H "Content-Type: application/json" \
   -d '{"monitor_mode": "keyword", "monitor_keywords": ["looking for", "need help"]}' \
-  https://api.moltflow.com/api/v2/groups/{group_id}
+  https://apiv2.waiflow.app/api/v2/groups/{group_id}
 ```
 
 | Endpoint | Method | Description |
@@ -131,15 +157,15 @@ curl -X PATCH -H "X-API-Key: $MOLTFLOW_API_KEY" \
 curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
   -H "Content-Type: application/json" \
   -d '{"name": "VIP", "color": "#00FF00"}' \
-  https://api.moltflow.com/api/v2/labels
+  https://apiv2.waiflow.app/api/v2/labels
 
 # Sync label to WhatsApp Business
 curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  "https://api.moltflow.com/api/v2/labels/{label_id}/sync?session_id={session_id}"
+  "https://apiv2.waiflow.app/api/v2/labels/{label_id}/sync?session_id={session_id}"
 
 # Import labels from WhatsApp Business
 curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  "https://api.moltflow.com/api/v2/labels/sync-from-whatsapp?session_id={session_id}"
+  "https://apiv2.waiflow.app/api/v2/labels/sync-from-whatsapp?session_id={session_id}"
 ```
 
 | Endpoint | Method | Description |
@@ -151,104 +177,150 @@ curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
 | `/labels/{id}/sync` | POST | Sync to WhatsApp Business |
 | `/labels/sync-from-whatsapp` | POST | Import from WhatsApp |
 
-## 5. Webhooks
+## 5. Anti-Spam Rules
 
 ```bash
-# List webhooks
+# Get anti-spam settings
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/webhooks
+  https://apiv2.waiflow.app/api/v2/antispam/settings
 
-# Test webhook
+# Update anti-spam settings
+curl -X PUT -H "X-API-Key: $MOLTFLOW_API_KEY" \
+  -H "Content-Type: application/json" \
+  -d '{"enabled": true, "rate_limit": 60, "rate_limit_window": 60, "block_duplicates": true, "auto_block_spammers": true, "max_violations": 5}' \
+  https://apiv2.waiflow.app/api/v2/antispam/settings
+
+# Create spam filter rule (actions: block, flag, delay)
 curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/webhooks/{webhook_id}/test
+  -H "Content-Type: application/json" \
+  -d '{"pattern": "buy now|limited offer", "action": "block", "enabled": true}' \
+  https://apiv2.waiflow.app/api/v2/antispam/rules
+
+# Update rule
+curl -X PUT -H "X-API-Key: $MOLTFLOW_API_KEY" \
+  -H "Content-Type: application/json" \
+  -d '{"pattern": "buy now|limited offer|act fast", "action": "flag", "enabled": true}' \
+  https://apiv2.waiflow.app/api/v2/antispam/rules/{rule_id}
+
+# Delete rule
+curl -X DELETE -H "X-API-Key: $MOLTFLOW_API_KEY" \
+  https://apiv2.waiflow.app/api/v2/antispam/rules/{rule_id}
+
+# Get spam statistics
+curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
+  https://apiv2.waiflow.app/api/v2/antispam/stats
 ```
 
 | Endpoint | Method | Description |
 |----------|--------|-------------|
-| `/webhooks` | GET | List webhooks |
-| `/webhooks` | POST | Create webhook |
-| `/webhooks/{id}` | GET / PATCH / DELETE | Get, update, delete |
-| `/webhooks/{id}/test` | POST | Send test payload |
+| `/antispam/settings` | GET | Get anti-spam settings |
+| `/antispam/settings` | PUT | Update settings (rate limit, duplicate blocking, auto-block) |
+| `/antispam/rules` | POST | Create spam filter rule |
+| `/antispam/rules/{id}` | PUT | Update rule |
+| `/antispam/rules/{id}` | DELETE | Delete rule |
+| `/antispam/stats` | GET | Spam statistics (blocked, flagged, violations) |
 
-**Webhook events:** `message.received`, `message.sent`, `message.delivered`, `message.read`, `lead.detected`, `session.connected`, `session.disconnected`, `group.message`
+**Rule actions:** `block` (drop message), `flag` (mark for review), `delay` (add cooldown)
 
----
+**Settings fields:** `enabled`, `rate_limit` (msgs/window), `rate_limit_window` (seconds), `block_duplicates`, `duplicate_window`, `auto_block_spammers`, `max_violations`
 
-## 6. AI — Voice Transcription
+## 6. Safeguards — Content Policy
 
 ```bash
-# Queue voice message for transcription
-curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  -d '{"message_id": "uuid-of-voice-message"}' \
-  https://api.moltflow.com/api/v2/ai/voice/transcribe
-
-# Check transcription status
+# Get content policy settings
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/ai/voice/status/{task_id}
+  https://apiv2.waiflow.app/api/v2/a2a-policy/settings
 
-# Get transcript
+# Update content policy
+curl -X PUT -H "X-API-Key: $MOLTFLOW_API_KEY" \
+  -H "Content-Type: application/json" \
+  -d '{"block_api_keys": true, "block_credit_cards": true, "block_ssn": true, "block_emails": false, "max_message_length": 4096}' \
+  https://apiv2.waiflow.app/api/v2/a2a-policy/settings
+
+# View built-in safeguard patterns (prompt injection, secrets, PII)
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/ai/messages/{message_id}/transcript
-```
+  https://apiv2.waiflow.app/api/v2/a2a-policy/safeguards
 
-## 7. AI — Knowledge Base (RAG)
+# Create custom blocking rule
+curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
+  -H "Content-Type: application/json" \
+  -d '{"pattern": "sk-[a-zA-Z0-9]{48}", "description": "Block OpenAI API keys"}' \
+  https://apiv2.waiflow.app/api/v2/a2a-policy/rules
 
-```bash
-# Search knowledge base
+# Toggle rule on/off
 curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  -d '{"query": "return policy", "top_k": 5}' \
-  https://api.moltflow.com/api/v2/ai/knowledge/search
+  https://apiv2.waiflow.app/api/v2/a2a-policy/rules/{rule_id}/toggle
 
-# List knowledge sources
+# Delete custom rule
+curl -X DELETE -H "X-API-Key: $MOLTFLOW_API_KEY" \
+  https://apiv2.waiflow.app/api/v2/a2a-policy/rules/{rule_id}
+
+# Test content against all policies
+curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
+  -H "Content-Type: application/json" \
+  -d '{"content": "My API key is sk-abc123"}' \
+  https://apiv2.waiflow.app/api/v2/a2a-policy/test
+
+# Get blocking statistics
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/ai/knowledge/sources
+  https://apiv2.waiflow.app/api/v2/a2a-policy/stats
 
-# Delete knowledge source
-curl -X DELETE -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/ai/knowledge/{source_id}
+# Reset policy to defaults
+curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
+  https://apiv2.waiflow.app/api/v2/a2a-policy/reset
 ```
 
-## 8. AI — Style Profiles (Learn Mode)
+| Endpoint | Method | Description |
+|----------|--------|-------------|
+| `/a2a-policy/settings` | GET / PUT | Get or update content policy |
+| `/a2a-policy/safeguards` | GET | View built-in safeguard patterns |
+| `/a2a-policy/rules` | POST | Create custom blocking rule |
+| `/a2a-policy/rules/{id}` | DELETE | Delete custom rule |
+| `/a2a-policy/rules/{id}/toggle` | POST | Toggle rule on/off |
+| `/a2a-policy/test` | POST | Test content against policies |
+| `/a2a-policy/stats` | GET | Blocking statistics |
+| `/a2a-policy/reset` | POST | Reset to defaults |
+
+**Built-in safeguards:** prompt injection detection, secret patterns (API keys, tokens, private keys), PII patterns (SSN, credit cards, bank accounts)
+
+**Policy fields:** `block_api_keys`, `block_passwords`, `block_tokens`, `block_private_keys`, `block_ssn`, `block_credit_cards`, `block_bank_accounts`, `block_phone_numbers`, `block_emails`, `max_message_length`, `max_urls_per_message`, `min_trust_level`, `log_blocked`
+
+---
+
+## 7. AI — Style Profiles
 
 ```bash
 # Train style profile from message history
 curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
   -d '{"contact_id": "optional-contact-jid"}' \
-  https://api.moltflow.com/api/v2/ai/style/train
+  https://apiv2.waiflow.app/api/v2/ai/style/train
 
 # Check training status
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/ai/style/status/{task_id}
+  https://apiv2.waiflow.app/api/v2/ai/style/status/{task_id}
 
 # Get / list / delete style profiles
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/ai/style/profiles
+  https://apiv2.waiflow.app/api/v2/ai/style/profiles
 ```
 
-## 9. AI — Reply Generation
+## 8. AI — Reply Generation
 
 ```bash
-# Generate AI reply (uses RAG + style)
+# Generate AI reply (uses style profile)
 curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  -d '{"contact_id": "jid", "context": "customer question", "use_rag": true, "apply_style": true}' \
-  https://api.moltflow.com/api/v2/ai/ai/generate-reply
+  -d '{"contact_id": "jid", "context": "customer question", "apply_style": true}' \
+  https://apiv2.waiflow.app/api/v2/ai/ai/generate-reply
 
 # Preview AI reply (no usage tracking)
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  "https://api.moltflow.com/api/v2/ai/ai/preview?contact_id=jid&context=question&use_rag=true&apply_style=true"
+  "https://apiv2.waiflow.app/api/v2/ai/ai/preview?contact_id=jid&context=question&apply_style=true"
 ```
 
 ### AI API Reference
 
 | Endpoint | Method | Description |
 |----------|--------|-------------|
-| `/ai/voice/transcribe` | POST | Queue voice transcription |
-| `/ai/voice/status/{task_id}` | GET | Check transcription status |
-| `/ai/messages/{id}/transcript` | GET | Get transcript |
-| `/ai/knowledge/ingest` | POST | Ingest document |
-| `/ai/knowledge/search` | POST | Semantic search |
-| `/ai/knowledge/sources` | GET | List knowledge sources |
-| `/ai/knowledge/{id}` | DELETE | Delete source |
 | `/ai/style/train` | POST | Train style profile |
 | `/ai/style/status/{task_id}` | GET | Training status |
 | `/ai/style/profile` | GET | Get style profile |
@@ -259,7 +331,7 @@ curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
 
 ---
 
-## 10. A2A — Agent-to-Agent Protocol
+## 9. A2A — Agent-to-Agent Protocol
 
 **Requires Business plan.** Uses JSON-RPC 2.0 over HTTPS with X25519-AES256GCM encryption.
 
@@ -268,15 +340,15 @@ curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
 ```bash
 # Get full configuration
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/agent/bootstrap
+  https://apiv2.waiflow.app/api/v2/agent/bootstrap
 
 # Get your public key (auto-generates if none)
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/agent/public-key
+  https://apiv2.waiflow.app/api/v2/agent/public-key
 
 # Rotate keypair
 curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/agent/rotate-keys
+  https://apiv2.waiflow.app/api/v2/agent/rotate-keys
 ```
 
 ### Discover agents
@@ -284,17 +356,17 @@ curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
 ```bash
 # Resolve phone to MoltFlow agent
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/agents/resolve/+1234567890
+  https://apiv2.waiflow.app/api/v2/agents/resolve/+1234567890
 
 # List peers
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/agents/peers
+  https://apiv2.waiflow.app/api/v2/agents/peers
 
 # Update trust level (discovered, verified, blocked)
 curl -X PATCH -H "X-API-Key: $MOLTFLOW_API_KEY" \
   -H "Content-Type: application/json" \
   -d '{"trust_level": "verified"}' \
-  https://api.moltflow.com/api/v2/agents/peers/{peer_id}/trust
+  https://apiv2.waiflow.app/api/v2/agents/peers/{peer_id}/trust
 ```
 
 ### Send A2A messages (JSON-RPC 2.0)
@@ -311,27 +383,7 @@ curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
     },
     "id": "1"
   }' \
-  https://api.moltflow.com/api/v2/a2a
-```
-
-### Content policy
-
-```bash
-# Get policy settings
-curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/a2a-policy/settings
-
-# Update policy
-curl -X PUT -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  -H "Content-Type: application/json" \
-  -d '{"block_api_keys": true, "block_credit_cards": true, "block_emails": false}' \
-  https://api.moltflow.com/api/v2/a2a-policy/settings
-
-# Test content against policy
-curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  -H "Content-Type: application/json" \
-  -d '{"content": "My API key is sk-abc123"}' \
-  https://api.moltflow.com/api/v2/a2a-policy/test
+  https://apiv2.waiflow.app/api/v2/a2a
 ```
 
 ### A2A API Reference
@@ -346,10 +398,6 @@ curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
 | `/agents/peers` | GET | List discovered peers |
 | `/agents/peers/{id}/trust` | PATCH | Update trust level |
 | `/a2a` | POST | JSON-RPC 2.0 endpoint |
-| `/a2a-policy/settings` | GET/PUT | Get/update policy |
-| `/a2a-policy/rules` | POST | Add custom filter rule |
-| `/a2a-policy/test` | POST | Test content against policy |
-| `/a2a-policy/stats` | GET | Blocking statistics |
 
 **JSON-RPC methods:** `agent.message.send`, `group.getContext`, `agent.group.create`, `agent.group.invite`, `agent.group.list`, `webhook_manager`
 
@@ -359,7 +407,7 @@ curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
 
 ---
 
-## 11. Reviews — Sentiment Analysis & Testimonials
+## 10. Reviews — Feedback Collection & Testimonials
 
 ```bash
 # Create review collector
@@ -373,24 +421,24 @@ curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
     "include_keywords": ["great", "excellent"],
     "languages": []
   }' \
-  https://api.moltflow.com/api/v2/reviews/collectors
+  https://apiv2.waiflow.app/api/v2/reviews/collectors
 
 # Trigger manual scan
 curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/reviews/collectors/{id}/run
+  https://apiv2.waiflow.app/api/v2/reviews/collectors/{id}/run
 
 # List reviews
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  "https://api.moltflow.com/api/v2/reviews?approved_only=false&limit=50"
+  "https://apiv2.waiflow.app/api/v2/reviews?approved_only=false&limit=50"
 
 # Approve review
 curl -X PATCH -H "X-API-Key: $MOLTFLOW_API_KEY" \
   -d '{"is_approved": true}' \
-  https://api.moltflow.com/api/v2/reviews/{id}
+  https://apiv2.waiflow.app/api/v2/reviews/{id}
 
 # Export testimonials as HTML
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  "https://api.moltflow.com/api/v2/reviews/testimonials/export?format=html"
+  "https://apiv2.waiflow.app/api/v2/reviews/testimonials/export?format=html"
 ```
 
 ### Reviews API Reference
@@ -411,29 +459,29 @@ curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
 
 ---
 
-## 12. Auth & API Keys
+## 11. Auth & API Keys
 
 ```bash
 # Login
 curl -X POST -d '{"email": "user@example.com", "password": "..."}' \
-  https://api.moltflow.com/api/v2/auth/login
+  https://apiv2.waiflow.app/api/v2/auth/login
 
 # Get current user
 curl -H "Authorization: Bearer $TOKEN" \
-  https://api.moltflow.com/api/v2/auth/me
+  https://apiv2.waiflow.app/api/v2/auth/me
 
 # Create API key
 curl -X POST -H "Authorization: Bearer $TOKEN" \
   -d '{"name": "Production Key", "expires_in_days": 90}' \
-  https://api.moltflow.com/api/v2/api-keys
+  https://apiv2.waiflow.app/api/v2/api-keys
 
 # Revoke key
 curl -X DELETE -H "Authorization: Bearer $TOKEN" \
-  https://api.moltflow.com/api/v2/api-keys/{id}
+  https://apiv2.waiflow.app/api/v2/api-keys/{id}
 
 # Rotate key
 curl -X POST -H "Authorization: Bearer $TOKEN" \
-  https://api.moltflow.com/api/v2/api-keys/{id}/rotate
+  https://apiv2.waiflow.app/api/v2/api-keys/{id}/rotate
 ```
 
 | Endpoint | Method | Description |
@@ -446,28 +494,28 @@ curl -X POST -H "Authorization: Bearer $TOKEN" \
 | `/api-keys/{id}` | GET/DELETE | Get/revoke key |
 | `/api-keys/{id}/rotate` | POST | Rotate key |
 
-## 13. Usage & Billing
+## 12. Usage & Billing
 
 ```bash
 # Current period usage
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://api.moltflow.com/api/v2/usage/current
+  https://apiv2.waiflow.app/api/v2/usage/current
 
 # Daily breakdown
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  "https://api.moltflow.com/api/v2/usage/daily?days=30"
+  "https://apiv2.waiflow.app/api/v2/usage/daily?days=30"
 
 # List plans
-curl https://api.moltflow.com/api/v2/billing/plans
+curl https://apiv2.waiflow.app/api/v2/billing/plans
 
 # Create checkout session
 curl -X POST -H "Authorization: Bearer $TOKEN" \
   -d '{"plan": "pro", "cycle": "monthly", "success_url": "https://...", "cancel_url": "https://..."}' \
-  https://api.moltflow.com/api/v2/billing/checkout
+  https://apiv2.waiflow.app/api/v2/billing/checkout
 
 # Billing portal
 curl -H "Authorization: Bearer $TOKEN" \
-  https://api.moltflow.com/api/v2/billing/portal
+  https://apiv2.waiflow.app/api/v2/billing/portal
 ```
 
 | Endpoint | Method | Description |
@@ -491,8 +539,9 @@ curl -H "Authorization: Bearer $TOKEN" \
 - Use E.164 phone format without `+` where required
 - AI features require Pro plan or above
 - A2A protocol requires Business plan
-- AI reply generation includes safety: input sanitization, intent verification, output filtering, PII/secrets detection
-- Content policy filters secrets (API keys, tokens) and PII (SSN, credit cards)
+- Anti-spam rules support pattern matching with block, flag, or delay actions
+- Content safeguards filter secrets (API keys, tokens), PII (SSN, credit cards), and prompt injection
+- AI reply generation includes safety: input sanitization, intent verification, output filtering
 - API keys use name + expires_in_days (no scopes param); raw key shown only once at creation
 - Respect WhatsApp opt-in, business hours, and opt-out requests
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@moltflow/skills",
-  "version": "1.2.0",
-  "description": "MoltFlow — complete WhatsApp automation platform: sessions, messaging, groups, AI, A2A protocol, reviews, billing.",
+  "version": "1.4.0",
+  "description": "MoltFlow — complete WhatsApp automation platform: sessions, messaging, groups, labels, anti-spam rules, safeguards, AI replies, feedback collection, A2A protocol.",
   "license": "MIT",
   "private": false,
   "files": [