aiden-runtime 3.16.0

package/dist/core/channels/webhook.js

@@ -0,0 +1,186 @@
+"use strict";
+// ============================================================
+// DevOS — Autonomous AI Execution System
+// Copyright (c) 2026 Shiva Deore. All rights reserved.
+// ============================================================
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WebhookAdapter = void 0;
+// core/channels/webhook.ts — Generic HMAC-signed HTTP webhook adapter.
+//
+// Config (env vars):
+//   WEBHOOK_SECRET           — required; HMAC-SHA256 signing key
+//   WEBHOOK_ALLOWED_ORIGINS  — optional comma-separated IP prefixes/addresses
+//
+// Registers endpoint:  POST /api/webhook
+//
+// Request format:
+//   Headers:  X-Aiden-Signature: sha256=<HMAC-SHA256 of raw body using WEBHOOK_SECRET>
+//   Body:     { "message": "string", "context": {...}, "callbackUrl": "https://..." }
+//
+// Response modes:
+//   Sync  (no callbackUrl):  waits for agent response, returns { response: "..." }
+//   Async (callbackUrl set): responds { status: "queued" } then POSTs result to callbackUrl
+//
+// Security:
+//   - HMAC-SHA256 signature required on every request (timing-safe compare)
+//   - Optional origin IP allowlist (WEBHOOK_ALLOWED_ORIGINS)
+//   - No WEBHOOK_SECRET → 503 "Webhook disabled"
+//
+// No external SDK — uses Node.js built-in crypto only.
+const crypto = __importStar(require("crypto"));
+const gateway_1 = require("../gateway");
+class WebhookAdapter {
+    constructor(app) {
+        this.name = 'webhook';
+        this.healthy = false;
+        this.secret = process.env.WEBHOOK_SECRET ?? '';
+        const rawOrigins = process.env.WEBHOOK_ALLOWED_ORIGINS ?? '';
+        this.allowedOrigins = rawOrigins
+            ? rawOrigins.split(',').map(s => s.trim()).filter(Boolean)
+            : [];
+        this.app = app ?? null;
+    }
+    // ── Lifecycle ──────────────────────────────────────────────
+    async start() {
+        if (!this.app) {
+            console.warn('[Webhook] No Express app provided — endpoint not registered');
+            return;
+        }
+        if (!this.secret) {
+            console.log('[Webhook] Disabled — set WEBHOOK_SECRET to enable');
+            // Register the route but return 503 so callers get a clear error
+            this.app.post('/api/webhook', (_req, res) => {
+                res.status(503).json({ error: 'Webhook disabled — set WEBHOOK_SECRET to enable' });
+            });
+            return;
+        }
+        // ── POST /api/webhook ──────────────────────────────────
+        this.app.post('/api/webhook', async (req, res) => {
+            // 1. Origin check
+            if (this.allowedOrigins.length > 0) {
+                const forwarded = req.headers['x-forwarded-for'];
+                const remote = Array.isArray(forwarded) ? forwarded[0] : (forwarded ?? req.socket.remoteAddress ?? '');
+                if (!this.isAllowedOrigin(remote)) {
+                    return res.status(403).json({ error: 'Origin not in WEBHOOK_ALLOWED_ORIGINS' });
+                }
+            }
+            // 2. Signature verification
+            const signature = req.headers['x-aiden-signature'];
+            if (!this.verifySignature(req.body, signature)) {
+                return res.status(401).json({ error: 'Invalid or missing X-Aiden-Signature' });
+            }
+            // 3. Parse body
+            const { message, context, callbackUrl } = (req.body ?? {});
+            if (!message || typeof message !== 'string') {
+                return res.status(400).json({ error: '"message" field is required and must be a string' });
+            }
+            const contextNote = context
+                ? `\nContext: ${JSON.stringify(context)}`
+                : '';
+            const fullMessage = message + contextNote;
+            if (callbackUrl) {
+                // ── Async mode ─────────────────────────────────────
+                res.json({ status: 'queued' });
+                this.runAndCallback(fullMessage, callbackUrl, context).catch(() => { });
+            }
+            else {
+                // ── Sync mode ──────────────────────────────────────
+                try {
+                    const response = await gateway_1.gateway.routeMessage({
+                        channel: 'api',
+                        channelId: 'webhook',
+                        userId: 'webhook',
+                        text: fullMessage,
+                        timestamp: Date.now(),
+                    });
+                    res.json({ response });
+                }
+                catch (e) {
+                    res.status(500).json({ error: e.message ?? 'Internal error' });
+                }
+            }
+        });
+        this.healthy = true;
+        console.log('[Webhook] Enabled — POST /api/webhook (HMAC-SHA256 required)');
+    }
+    async stop() {
+        this.healthy = false;
+        // Express routes cannot be unregistered at runtime; we simply mark unhealthy
+        console.log('[Webhook] Stopped');
+    }
+    /** Not applicable — webhook is request-response, not push-based */
+    async send(_target, _message) { }
+    isHealthy() { return this.healthy; }
+    // ── Helpers ────────────────────────────────────────────────
+    verifySignature(body, signature) {
+        if (!signature)
+            return false;
+        const payload = typeof body === 'string' ? body : JSON.stringify(body);
+        const expected = 'sha256=' + crypto.createHmac('sha256', this.secret).update(payload).digest('hex');
+        try {
+            // timing-safe comparison — both buffers must be same length
+            if (signature.length !== expected.length)
+                return false;
+            return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
+        }
+        catch {
+            return false;
+        }
+    }
+    isAllowedOrigin(origin) {
+        return this.allowedOrigins.some(allowed => origin === allowed || origin.startsWith(allowed));
+    }
+    async runAndCallback(message, callbackUrl, context) {
+        try {
+            const response = await gateway_1.gateway.routeMessage({
+                channel: 'api',
+                channelId: 'webhook',
+                userId: 'webhook',
+                text: message,
+                timestamp: Date.now(),
+            });
+            await fetch(callbackUrl, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({ response, context }),
+            });
+        }
+        catch (e) {
+            console.error('[Webhook] Async callback failed:', e.message);
+        }
+    }
+}
+exports.WebhookAdapter = WebhookAdapter;

package/dist/core/channels/whatsapp.js

@@ -0,0 +1,185 @@
+"use strict";
+// ============================================================
+// DevOS — Autonomous AI Execution System
+// Copyright (c) 2026 Shiva Deore. All rights reserved.
+// ============================================================
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WhatsAppAdapter = void 0;
+// core/channels/whatsapp.ts — WhatsApp channel adapter.
+//
+// Uses whatsapp-web.js (WebSocket-based, no business API required).
+// On first run, a QR code is printed to the terminal — scan it with
+// the WhatsApp mobile app. The session is then persisted so subsequent
+// launches connect automatically.
+//
+// ⚠️  TERMS OF SERVICE NOTE:
+//     WhatsApp web automation is for personal use only.
+//     For production or commercial scale, use WhatsApp Business API
+//     (set WHATSAPP_BUSINESS_API_KEY) which is fully compliant with
+//     WhatsApp's terms. Web scraping at scale violates their ToS.
+//
+// Config (env vars):
+//   WHATSAPP_SESSION_PATH      — path to persist session data
+//                                (default: workspace/.whatsapp_session)
+//   WHATSAPP_ALLOWED_NUMBERS   — optional comma-separated allowlist
+//                                (+919812345678 format)
+//   WHATSAPP_BUSINESS_API_KEY  — optional; if set, use official Business API
+//                                instead of web automation
+const path_1 = __importDefault(require("path"));
+const gateway_1 = require("../gateway");
+class WhatsAppAdapter {
+    constructor() {
+        this.name = 'whatsapp';
+        this.client = null;
+        this.healthy = false;
+        this.sessionPath = process.env.WHATSAPP_SESSION_PATH ?? path_1.default.join(process.cwd(), 'workspace', '.whatsapp_session');
+        const raw = process.env.WHATSAPP_ALLOWED_NUMBERS ?? '';
+        this.allowedNumbers = raw ? new Set(raw.split(',').map(s => s.trim()).filter(Boolean)) : new Set();
+        this.businessApiKey = process.env.WHATSAPP_BUSINESS_API_KEY ?? '';
+    }
+    // ── Lifecycle ──────────────────────────────────────────────
+    async start() {
+        // Opt-in guard — silent unless WHATSAPP_ENABLED=true
+        if (!process.env.WHATSAPP_ENABLED || process.env.WHATSAPP_ENABLED.toLowerCase() !== 'true') {
+            return;
+        }
+        // Attempt dynamic import — graceful degradation if module not available
+        let Client, LocalAuth;
+        try {
+            const wwebjs = await Promise.resolve().then(() => __importStar(require('whatsapp-web.js')));
+            Client = wwebjs.Client;
+            LocalAuth = wwebjs.LocalAuth;
+        }
+        catch (e) {
+            console.log('[WhatsApp] Disabled — whatsapp-web.js not available:', e.message);
+            return;
+        }
+        this.client = new Client({
+            authStrategy: new LocalAuth({ dataPath: this.sessionPath }),
+            puppeteer: {
+                headless: true,
+                args: ['--no-sandbox', '--disable-setuid-sandbox'],
+            },
+        });
+        // QR code for first-time auth
+        this.client.on('qr', (qr) => {
+            console.log('[WhatsApp] Scan this QR code with your WhatsApp mobile app:');
+            try {
+                const qrcode = require('qrcode-terminal');
+                qrcode.generate(qr, { small: true });
+            }
+            catch {
+                console.log('[WhatsApp] QR (raw):', qr);
+            }
+        });
+        this.client.on('authenticated', () => {
+            console.log('[WhatsApp] Session authenticated — session persisted at', this.sessionPath);
+        });
+        this.client.on('ready', () => {
+            this.healthy = true;
+            console.log('[WhatsApp] Client ready');
+            gateway_1.gateway.registerChannel('whatsapp', async (msg) => {
+                await this.send(msg.channelId, msg.text);
+                return true;
+            });
+        });
+        this.client.on('disconnected', (reason) => {
+            this.healthy = false;
+            console.log('[WhatsApp] Disconnected:', reason);
+        });
+        this.client.on('message', async (msg) => {
+            // Skip non-text messages and group messages (from field ends with @g.us)
+            if (msg.from.endsWith('@g.us'))
+                return;
+            if (msg.type !== 'chat')
+                return;
+            const senderNumber = msg.from.replace('@c.us', '').replace(/^0/, '+');
+            if (!this.isAllowed(senderNumber))
+                return;
+            const response = await this.processMessage(msg.from, senderNumber, msg.body);
+            await msg.reply(response).catch((e) => console.error('[WhatsApp] reply error:', e.message));
+        });
+        try {
+            await this.client.initialize();
+        }
+        catch (e) {
+            console.log('[WhatsApp] Disabled — check WHATSAPP_SESSION_PATH:', e.message);
+            this.healthy = false;
+        }
+    }
+    async stop() {
+        this.healthy = false;
+        if (this.client) {
+            gateway_1.gateway.unregisterChannel('whatsapp');
+            await this.client.destroy().catch(() => { });
+            this.client = null;
+        }
+        console.log('[WhatsApp] Disconnected');
+    }
+    async send(target, message) {
+        if (!this.client || !this.healthy)
+            return;
+        // Ensure target has @c.us suffix
+        const chatId = target.includes('@') ? target : `${target.replace('+', '')}@c.us`;
+        await this.client.sendMessage(chatId, message).catch((e) => console.error('[WhatsApp] send error:', e.message));
+    }
+    isHealthy() { return this.healthy; }
+    // ── Helpers ────────────────────────────────────────────────
+    isAllowed(number) {
+        if (this.allowedNumbers.size === 0)
+            return true;
+        return this.allowedNumbers.has(number);
+    }
+    async processMessage(chatId, userId, text) {
+        try {
+            return await gateway_1.gateway.routeMessage({
+                channel: 'whatsapp',
+                channelId: chatId,
+                userId,
+                text,
+                timestamp: Date.now(),
+            });
+        }
+        catch (e) {
+            console.error('[WhatsApp] routeMessage error:', e.message);
+            return '❌ Something went wrong. Try again.';
+        }
+    }
+}
+exports.WhatsAppAdapter = WhatsAppAdapter;

package/dist/core/clarifyBus.js

@@ -0,0 +1,75 @@
+"use strict";
+// ============================================================
+// DevOS — Autonomous AI Execution System
+// Copyright (c) 2026 Shiva Deore. All rights reserved.
+// ============================================================
+//
+// core/clarifyBus.ts — Global event bus for mid-task clarification questions.
+//
+// When the `clarify` tool fires:
+//   1. It posts a ClarifyRequest to this bus.
+//   2. The CLI (or any registered handler) picks it up, shows the question,
+//      collects an answer, and resolves the pending promise.
+//   3. If no handler is registered, the bus auto-resolves with the first option
+//      (or free-text fallback) after a short timeout so headless runs never hang.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerClarifyHandler = registerClarifyHandler;
+exports.answer = answer;
+exports.ask = ask;
+const events_1 = require("events");
+const bus = new events_1.EventEmitter();
+bus.setMaxListeners(20);
+// Pending requests keyed by id
+const pending = new Map();
+let handlerRegistered = false;
+/**
+ * Called by the CLI (or any TUI layer) to claim clarify questions.
+ * The handler receives a ClarifyRequest and must call `answer(id, text)`
+ * when the user responds.
+ */
+function registerClarifyHandler(handler) {
+    bus.on('request', handler);
+    handlerRegistered = true;
+}
+/**
+ * Provide the user's answer to a pending clarify request.
+ * Called by the CLI handler after the user types their response.
+ */
+function answer(id, text) {
+    const resolve = pending.get(id);
+    if (resolve) {
+        pending.delete(id);
+        resolve(text);
+    }
+}
+let seq = 1;
+/**
+ * Ask a clarification question and wait for the answer.
+ * Resolves immediately with the first option (or empty string) if no
+ * TUI handler is registered (headless / API mode).
+ */
+async function ask(question, options, allowFreeText = true) {
+    const id = `clarify_${seq++}`;
+    const promise = new Promise(resolve => {
+        pending.set(id, resolve);
+        if (!handlerRegistered) {
+            // Headless fallback: use first option, or acknowledge text
+            const fallback = options?.[0] ?? 'yes';
+            pending.delete(id);
+            resolve(fallback);
+            return;
+        }
+        // Emit to registered TUI handler
+        bus.emit('request', { id, question, options, allowFreeText });
+        // Safety timeout — never hang the agent for more than 5 minutes
+        const timer = setTimeout(() => {
+            if (pending.has(id)) {
+                pending.delete(id);
+                resolve(options?.[0] ?? '');
+            }
+        }, 5 * 60 * 1000);
+        if (typeof timer.unref === 'function')
+            timer.unref();
+    });
+    return promise;
+}

package/dist/core/codeInterpreter.js

@@ -0,0 +1,82 @@
+"use strict";
+// ============================================================
+// DevOS — Autonomous AI Execution System
+// Copyright (c) 2026 Shiva Deore. All rights reserved.
+// ============================================================
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runInSandbox = runInSandbox;
+// core/codeInterpreter.ts — Isolated code execution sandbox.
+// Runs Python or Node.js scripts in per-session subdirectories under
+// workspace/sandbox/interpreter/. Each session gets a clean directory;
+// generated files are reported back and the directory is cleaned up
+// automatically after 5 minutes.
+const child_process_1 = require("child_process");
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const SANDBOX_DIR = path_1.default.join(process.cwd(), 'workspace', 'sandbox', 'interpreter');
+async function runInSandbox(code, language, packages) {
+    const start = Date.now();
+    fs_1.default.mkdirSync(SANDBOX_DIR, { recursive: true });
+    const sessionId = `session_${Date.now()}`;
+    const sessionDir = path_1.default.join(SANDBOX_DIR, sessionId);
+    fs_1.default.mkdirSync(sessionDir, { recursive: true });
+    // Schedule cleanup after 5 minutes regardless of outcome
+    const scheduleCleanup = () => {
+        setTimeout(() => {
+            try {
+                fs_1.default.rmSync(sessionDir, { recursive: true, force: true });
+            }
+            catch { }
+        }, 5 * 60 * 1000);
+    };
+    try {
+        if (language === 'python') {
+            // Install packages if requested
+            if (packages && packages.length > 0) {
+                try {
+                    (0, child_process_1.execSync)(`pip install ${packages.join(' ')} --quiet --break-system-packages 2>&1`, { timeout: 30000 });
+                }
+                catch { }
+            }
+            const scriptPath = path_1.default.join(sessionDir, 'script.py');
+            fs_1.default.writeFileSync(scriptPath, code);
+            return new Promise((resolve) => {
+                (0, child_process_1.exec)(`python "${scriptPath}"`, { timeout: 30000, cwd: sessionDir }, (error, stdout, stderr) => {
+                    scheduleCleanup();
+                    const files = fs_1.default.readdirSync(sessionDir).filter(f => f !== 'script.py');
+                    const duration = Date.now() - start;
+                    if (error && !stdout) {
+                        resolve({ success: false, output: stderr || error.message, error: stderr || error.message, files, duration });
+                    }
+                    else {
+                        resolve({ success: true, output: stdout || '(no output)', files, duration });
+                    }
+                });
+            });
+        }
+        else {
+            const scriptPath = path_1.default.join(sessionDir, 'script.js');
+            fs_1.default.writeFileSync(scriptPath, code);
+            return new Promise((resolve) => {
+                (0, child_process_1.exec)(`node "${scriptPath}"`, { timeout: 30000, cwd: sessionDir }, (error, stdout, stderr) => {
+                    scheduleCleanup();
+                    const files = fs_1.default.readdirSync(sessionDir).filter(f => f !== 'script.js');
+                    const duration = Date.now() - start;
+                    if (error && !stdout) {
+                        resolve({ success: false, output: stderr || error.message, error: stderr || error.message, files, duration });
+                    }
+                    else {
+                        resolve({ success: true, output: stdout || '(no output)', files, duration });
+                    }
+                });
+            });
+        }
+    }
+    catch (e) {
+        scheduleCleanup();
+        return { success: false, output: e.message, error: e.message, duration: Date.now() - start };
+    }
+}