aicq-chat-plugin 2.1.0

package/lib/handshake.js

@@ -0,0 +1,147 @@
+/**
+ * AICQ Handshake Manager — P2P handshake via temp numbers
+ */
+const { computeFingerprint } = require('./crypto');
+const crypto = require('crypto');
+
+class HandshakeManager {
+  constructor(identityManager, serverClient, db) {
+    this.identity = identityManager;
+    this.server = serverClient;
+    this.db = db;
+  }
+
+  /**
+   * Generate a temp number and return it for sharing
+   */
+  async generateFriendCode(agentId) {
+    await this.server.ensureAuth(agentId);
+    const result = await this.server.generateTempNumber();
+    if (result.number) {
+      this.db.saveTempNumber({
+        agent_id: agentId,
+        number: result.number,
+        expires_at: result.expiresAt || result.expires_at,
+      });
+    }
+    return result;
+  }
+
+  /**
+   * Add a friend using their temp number / friend code
+   */
+  async addFriendByCode(agentId, tempNumber) {
+    await this.server.ensureAuth(agentId);
+    // Resolve the temp number
+    const resolved = await this.server.resolveTempNumber(tempNumber);
+    if (!resolved) throw new Error('Invalid or expired friend code');
+
+    // Initiate handshake
+    const result = await this.server.initiateHandshake(tempNumber);
+
+    // If we got the peer's public key, derive session and add friend
+    if (resolved.node_id || resolved.public_key) {
+      const peerId = resolved.node_id || resolved.id;
+      const peerPublicKey = resolved.public_key;
+
+      // Derive session key
+      let sessionKey = null;
+      try {
+        const identity = this.identity.loadAgent(agentId);
+        if (identity && peerPublicKey) {
+          const { deriveSessionKey } = require('./crypto');
+          sessionKey = deriveSessionKey(identity.exchange_secret_key, peerPublicKey);
+        }
+      } catch (e) {
+        console.error('[Handshake] Session key derivation failed:', e.message);
+      }
+
+      // Add friend locally
+      if (peerId) {
+        this.db.addFriend({
+          agent_id: agentId,
+          id: peerId,
+          public_key: peerPublicKey || '',
+          fingerprint: peerPublicKey ? computeFingerprint(peerPublicKey) : '',
+          friend_type: 'ai',
+        });
+
+        // Save session if we have a key
+        if (sessionKey) {
+          this.db.saveSession({
+            agent_id: agentId,
+            peer_id: peerId,
+            session_key: sessionKey,
+          });
+        }
+      }
+    }
+
+    return result;
+  }
+
+  /**
+   * List pending handshake requests
+   */
+  async getPendingRequests(agentId) {
+    return this.db.getPendingRequests(agentId);
+  }
+
+  /**
+   * Accept a pending handshake request
+   */
+  async acceptRequest(agentId, sessionId) {
+    const request = this.db.getPendingRequests(agentId).find(r => r.session_id === sessionId);
+    if (!request) throw new Error('Request not found');
+
+    // Derive session key
+    let sessionKey = null;
+    try {
+      const identity = this.identity.loadAgent(agentId);
+      if (identity && request.requester_public_key) {
+        const { deriveSessionKey } = require('./crypto');
+        sessionKey = deriveSessionKey(identity.exchange_secret_key, request.requester_public_key);
+      }
+    } catch (e) {
+      console.error('[Handshake] Session key derivation failed:', e.message);
+    }
+
+    // Add friend
+    this.db.addFriend({
+      agent_id: agentId,
+      id: request.requester_id,
+      public_key: request.requester_public_key,
+      fingerprint: computeFingerprint(request.requester_public_key),
+      friend_type: 'ai',
+    });
+
+    // Save session
+    if (sessionKey) {
+      this.db.saveSession({
+        agent_id: agentId,
+        peer_id: request.requester_id,
+        session_key: sessionKey,
+      });
+    }
+
+    // Respond to server
+    await this.server.respondHandshake(sessionId, {
+      public_key: this.identity.loadAgent(agentId).exchange_public_key,
+    });
+
+    // Remove pending request
+    this.db.removePendingRequest(agentId, sessionId);
+
+    return { success: true, friend_id: request.requester_id };
+  }
+
+  /**
+   * Reject a pending handshake request
+   */
+  async rejectRequest(agentId, sessionId) {
+    this.db.removePendingRequest(agentId, sessionId);
+    return { success: true };
+  }
+}
+
+module.exports = HandshakeManager;

package/lib/identity.js

@@ -0,0 +1,154 @@
+/**
+ * AICQ Identity Manager — Ed25519 + X25519 key management
+ */
+const crypto = require('./crypto');
+
+class IdentityManager {
+  constructor(db) {
+    this.db = db;
+    this._cache = {}; // agent_id -> identity
+  }
+
+  /**
+   * Create a new agent identity
+   */
+  createAgent(agentId, nickname = '') {
+    const signing = crypto.generateSigningKeypair();
+    const exchange = crypto.generateExchangeKeypair();
+    const fingerprint = crypto.computeFingerprint(signing.publicKey);
+
+    this.db.saveIdentity({
+      agent_id: agentId,
+      nickname: nickname || agentId,
+      signing_public_key: signing.publicKey,
+      signing_secret_key: signing.secretKey,
+      exchange_public_key: exchange.publicKey,
+      exchange_secret_key: exchange.secretKey,
+    });
+
+    this._cache[agentId] = {
+      agent_id: agentId,
+      nickname: nickname || agentId,
+      signing_public_key: signing.publicKey,
+      signing_secret_key: signing.secretKey,
+      exchange_public_key: exchange.publicKey,
+      exchange_secret_key: exchange.secretKey,
+      fingerprint,
+    };
+
+    return this._cache[agentId];
+  }
+
+  /**
+   * Load an existing identity into cache
+   */
+  loadAgent(agentId) {
+    if (this._cache[agentId]) return this._cache[agentId];
+    const row = this.db.loadIdentity(agentId);
+    if (!row) return null;
+    row.fingerprint = crypto.computeFingerprint(row.signing_public_key);
+    this._cache[agentId] = row;
+    return row;
+  }
+
+  /**
+   * Get current identity (load first one if agentId not specified)
+   */
+  getCurrent(agentId) {
+    if (agentId) return this.loadAgent(agentId);
+    const identities = this.db.listIdentities();
+    if (identities.length === 0) return null;
+    return this.loadAgent(identities[0].agent_id);
+  }
+
+  /**
+   * List all agent identities
+   */
+  listAgents() {
+    return this.db.listIdentities();
+  }
+
+  /**
+   * Delete an agent identity
+   */
+  deleteAgent(agentId) {
+    delete this._cache[agentId];
+    this.db.deleteIdentity(agentId);
+  }
+
+  /**
+   * Update agent nickname
+   */
+  updateNickname(agentId, nickname) {
+    this.db.updateNickname(agentId, nickname);
+    if (this._cache[agentId]) {
+      this._cache[agentId].nickname = nickname;
+    }
+  }
+
+  /**
+   * Sign a message with the agent's signing key
+   */
+  sign(agentId, message) {
+    const identity = this.loadAgent(agentId);
+    if (!identity) throw new Error('Identity not found');
+    return crypto.signMessage(message, identity.signing_secret_key);
+  }
+
+  /**
+   * Derive a session key with a peer
+   */
+  deriveSessionKey(agentId, peerExchangePublicKeyB64) {
+    const identity = this.loadAgent(agentId);
+    if (!identity) throw new Error('Identity not found');
+    return crypto.deriveSessionKey(identity.exchange_secret_key, peerExchangePublicKeyB64);
+  }
+
+  /**
+   * Rotate keys for an agent
+   */
+  rotateKeys(agentId) {
+    const oldIdentity = this.loadAgent(agentId);
+    if (!oldIdentity) throw new Error('Identity not found');
+
+    const signing = crypto.generateSigningKeypair();
+    const exchange = crypto.generateExchangeKeypair();
+
+    this.db.saveIdentity({
+      agent_id: agentId,
+      nickname: oldIdentity.nickname,
+      signing_public_key: signing.publicKey,
+      signing_secret_key: signing.secretKey,
+      exchange_public_key: exchange.publicKey,
+      exchange_secret_key: exchange.secretKey,
+    });
+
+    this._cache[agentId] = {
+      ...oldIdentity,
+      signing_public_key: signing.publicKey,
+      signing_secret_key: signing.secretKey,
+      exchange_public_key: exchange.publicKey,
+      exchange_secret_key: exchange.secretKey,
+      fingerprint: crypto.computeFingerprint(signing.publicKey),
+    };
+
+    return this._cache[agentId];
+  }
+
+  /**
+   * Get identity info (public keys only, no secrets)
+   */
+  getInfo(agentId) {
+    const identity = this.loadAgent(agentId);
+    if (!identity) return null;
+    return {
+      agent_id: identity.agent_id,
+      nickname: identity.nickname,
+      signing_public_key: identity.signing_public_key,
+      exchange_public_key: identity.exchange_public_key,
+      fingerprint: identity.fingerprint,
+    };
+  }
+}
+
+module.exports = IdentityManager;

package/lib/server-client.js

@@ -0,0 +1,322 @@
+/**
+ * AICQ Server Client — REST + WebSocket communication
+ */
+const WebSocket = require('ws');
+const fetch = require('node-fetch');
+const { signMessage, computeFingerprint } = require('./crypto');
+
+class ServerClient {
+  constructor(identityManager, db, serverUrl = 'http://aicq.online:61018') {
+    this.identity = identityManager;
+    this.db = db;
+    this.serverUrl = serverUrl;
+    this.apiUrl = `${serverUrl}/api/v1`;
+    this.wsUrl = serverUrl.replace('https://', 'wss://').replace('http://', 'ws://') + '/ws';
+    this.jwtToken = null;
+    this.ws = null;
+    this.connected = false;
+    this.currentAgentId = null;
+    this._messageHandlers = {};
+    this._reconnectTimer = null;
+    this._backoff = 1000;
+    this._running = false;
+  }
+
+  // ─── REST API ─────────────────────────────────────────────────────
+
+  async _request(method, path, body = null, headers = {}) {
+    const opts = {
+      method,
+      headers: { 'Content-Type': 'application/json', ...headers },
+    };
+    if (this.jwtToken) {
+      opts.headers['Authorization'] = `Bearer ${this.jwtToken}`;
+    }
+    if (body) {
+      opts.body = JSON.stringify(body);
+    }
+    const resp = await fetch(`${this.apiUrl}${path}`, opts);
+    const data = await resp.json();
+    if (!resp.ok) {
+      throw new Error(data.error || data.message || `HTTP ${resp.status}`);
+    }
+    return data;
+  }
+
+  /**
+   * Register an AI agent on the server
+   */
+  async registerAgent(agentId) {
+    const identity = this.identity.loadAgent(agentId);
+    if (!identity) throw new Error('Agent identity not found');
+    const data = await this._request('POST', '/auth/register/ai', {
+      public_key: identity.signing_public_key,
+      agent_name: identity.nickname || agentId,
+    });
+    if (data.accessToken) {
+      this.jwtToken = data.accessToken;
+      this.currentAgentId = agentId;
+    }
+    return data;
+  }
+
+  /**
+   * Get auth challenge and login
+   */
+  async loginAgent(agentId) {
+    const identity = this.identity.loadAgent(agentId);
+    if (!identity) throw new Error('Agent identity not found');
+
+    // Get challenge
+    const challengeData = await this._request('POST', '/auth/challenge', {
+      public_key: identity.signing_public_key,
+    });
+    const challenge = challengeData.challenge;
+
+    // Sign challenge
+    const signature = signMessage(challenge, identity.signing_secret_key);
+
+    // Login with signed challenge
+    const loginData = await this._request('POST', '/auth/login/agent', {
+      public_key: identity.signing_public_key,
+      signature,
+      challenge,
+    });
+
+    if (loginData.accessToken) {
+      this.jwtToken = loginData.accessToken;
+      this.currentAgentId = agentId;
+    }
+    return loginData;
+  }
+
+  /**
+   * Ensure we're authenticated, try register then login
+   */
+  async ensureAuth(agentId) {
+    this.currentAgentId = agentId;
+    try {
+      return await this.loginAgent(agentId);
+    } catch (e) {
+      // If login fails, try registering first
+      try {
+        await this.registerAgent(agentId);
+        return await this.loginAgent(agentId);
+      } catch (e2) {
+        throw new Error(`Auth failed: ${e2.message}`);
+      }
+    }
+  }
+
+  // ─── Friend API ──────────────────────────────────────────────────
+
+  async listFriends() {
+    return this._request('GET', '/friends');
+  }
+
+  async sendFriendRequest(toId) {
+    return this._request('POST', '/friends/request', { to_id: toId });
+  }
+
+  async listFriendRequests() {
+    return this._request('GET', '/friends/requests');
+  }
+
+  async acceptFriendRequest(requestId) {
+    return this._request('POST', `/friends/requests/${requestId}/accept`);
+  }
+
+  async rejectFriendRequest(requestId) {
+    return this._request('POST', `/friends/requests/${requestId}/reject`);
+  }
+
+  async removeFriend(friendId) {
+    return this._request('DELETE', `/friends/${friendId}`);
+  }
+
+  // ─── Group API ───────────────────────────────────────────────────
+
+  async listGroups() {
+    return this._request('GET', '/groups');
+  }
+
+  async createGroup(name, description = '') {
+    return this._request('POST', '/groups', { name, description });
+  }
+
+  async getGroupMessages(groupId, limit = 50, before = null) {
+    let path = `/groups/${groupId}/messages?limit=${limit}`;
+    if (before) path += `&before=${before}`;
+    return this._request('GET', path);
+  }
+
+  async inviteGroupMember(groupId, accountId) {
+    return this._request('POST', `/groups/${groupId}/members`, { account_id: accountId });
+  }
+
+  // ─── Temp Number / Handshake API ─────────────────────────────────
+
+  async generateTempNumber() {
+    return this._request('POST', '/temp-number');
+  }
+
+  async resolveTempNumber(number) {
+    return this._request('GET', `/temp-number/${number}`);
+  }
+
+  async initiateHandshake(tempNumber) {
+    return this._request('POST', '/handshake/initiate', { temp_number: tempNumber });
+  }
+
+  async respondHandshake(sessionId, responseData) {
+    return this._request('POST', '/handshake/respond', { session_id: sessionId, response_data: responseData });
+  }
+
+  async confirmHandshake(sessionId, confirmData) {
+    return this._request('POST', '/handshake/confirm', { session_id: sessionId, confirm_data: confirmData });
+  }
+
+  async getPendingHandshakes() {
+    return this._request('GET', '/handshake/pending');
+  }
+
+  // ─── WebSocket ───────────────────────────────────────────────────
+
+  connectWS() {
+    if (this.ws && this.ws.readyState === WebSocket.OPEN) return;
+
+    const identity = this.identity.loadAgent(this.currentAgentId);
+    if (!identity || !this.jwtToken) {
+      console.error('[WS] No identity or token for WebSocket connection');
+      return;
+    }
+
+    try {
+      this.ws = new WebSocket(this.wsUrl);
+
+      this.ws.on('open', () => {
+        console.log('[WS] Connected, sending auth...');
+        this.ws.send(JSON.stringify({
+          type: 'online',
+          nodeId: this.currentAgentId,
+          token: this.jwtToken,
+        }));
+      });
+
+      this.ws.on('message', (raw) => {
+        try {
+          const data = JSON.parse(raw.toString());
+          this._handleWSMessage(data);
+        } catch (e) {
+          console.error('[WS] Parse error:', e.message);
+        }
+      });
+
+      this.ws.on('close', () => {
+        console.log('[WS] Disconnected');
+        this.connected = false;
+        this._scheduleReconnect();
+      });
+
+      this.ws.on('error', (err) => {
+        console.error('[WS] Error:', err.message);
+        this.connected = false;
+      });
+    } catch (e) {
+      console.error('[WS] Connect error:', e.message);
+      this._scheduleReconnect();
+    }
+  }
+
+  _handleWSMessage(data) {
+    const type = data.type;
+
+    if (type === 'online_ack') {
+      this.connected = true;
+      this._backoff = 1000;
+      console.log('[WS] Authenticated as', data.nodeId);
+      return;
+    }
+
+    if (type === 'error') {
+      console.error('[WS] Server error:', data.message || data.code);
+      return;
+    }
+
+    // Dispatch to registered handlers
+    const handlers = this._messageHandlers[type] || [];
+    for (const handler of handlers) {
+      try { handler(data); } catch (e) { console.error(`[WS] Handler error for ${type}:`, e); }
+    }
+
+    // Wildcard handlers
+    const wildcards = this._messageHandlers['*'] || [];
+    for (const handler of wildcards) {
+      try { handler(data); } catch (e) { console.error(`[WS] Wildcard handler error:`, e); }
+    }
+  }
+
+  onMessage(type, handler) {
+    if (!this._messageHandlers[type]) this._messageHandlers[type] = [];
+    this._messageHandlers[type].push(handler);
+  }
+
+  sendWS(data) {
+    if (!this.ws || this.ws.readyState !== WebSocket.OPEN) return false;
+    this.ws.send(JSON.stringify(data));
+    return true;
+  }
+
+  _scheduleReconnect() {
+    if (this._reconnectTimer) return;
+    this._reconnectTimer = setTimeout(() => {
+      this._reconnectTimer = null;
+      console.log(`[WS] Reconnecting (backoff ${this._backoff}ms)...`);
+      this._backoff = Math.min(this._backoff * 2, 60000);
+      this.connectWS();
+    }, this._backoff);
+  }
+
+  /**
+   * Start the server client: authenticate and connect WebSocket
+   */
+  async start(agentId) {
+    try {
+      await this.ensureAuth(agentId);
+      this.connectWS();
+      this._running = true;
+      console.log('[ServerClient] Started for agent:', agentId);
+    } catch (e) {
+      console.error('[ServerClient] Start failed:', e.message);
+      this._scheduleReconnect();
+    }
+  }
+
+  /**
+   * Switch to a different agent
+   */
+  async switchAgent(agentId) {
+    this.disconnect();
+    await this.start(agentId);
+  }
+
+  disconnect() {
+    if (this.ws) {
+      try { this.ws.send(JSON.stringify({ type: 'offline' })); } catch (e) {}
+      this.ws.close();
+      this.ws = null;
+    }
+    this.connected = false;
+    if (this._reconnectTimer) {
+      clearTimeout(this._reconnectTimer);
+      this._reconnectTimer = null;
+    }
+  }
+
+  stop() {
+    this._running = false;
+    this.disconnect();
+  }
+}
+
+module.exports = ServerClient;

package/openclaw.plugin.json

@@ -0,0 +1,45 @@
+{
+  "id": "aicq-chat",
+  "name": "AICQ Encrypted Chat",
+  "version": "2.1.0",
+  "description": "End-to-end encrypted chat plugin for OpenClaw agents — Node.js implementation with full UI",
+  "entry": "index.js",
+  "activation": {
+    "onStartup": true
+  },
+  "enabledByDefault": true,
+  "contracts": {
+    "tools": ["chat-friend", "chat-send", "chat-export-key"],
+    "gateway": [
+      "aicq.status",
+      "aicq.friends.list",
+      "aicq.friends.add",
+      "aicq.friends.remove",
+      "aicq.friends.requests",
+      "aicq.friends.acceptRequest",
+      "aicq.friends.rejectRequest",
+      "aicq.sessions.list",
+      "aicq.identity.info",
+      "aicq.agent.create",
+      "aicq.agent.delete",
+      "aicq.chat.history",
+      "aicq.chat.send",
+      "aicq.chat.delete",
+      "aicq.groups.list",
+      "aicq.groups.create",
+      "aicq.groups.join",
+      "aicq.groups.messages",
+      "aicq.groups.silent"
+    ]
+  },
+  "sidecar": {
+    "command": "node",
+    "args": ["index.js"],
+    "port": 6109
+  },
+  "runtime": "node",
+  "requires": {
+    "node": ">=18.0.0",
+    "packages": ["better-sqlite3", "tweetnacl", "ws", "qrcode", "express"]
+  }
+}