aiden-runtime 4.0.2 → 4.1.0

package/dist/core/channels/twilio.js

@@ -19,6 +19,7 @@ exports.TwilioAdapter = void 0;
 //   TWILIO_ALLOWED_NUMBERS — optional comma-separated inbound allowlist
 //   WEBHOOK_URL           — base URL for inbound webhook registration
 const gateway_1 = require("../gateway");
+const logger_1 = require("../v4/logger");
 // SMS max segment length per GSM spec
 const SMS_CHUNK_SIZE = 160;
 /** Split a message into ≤160-character segments */
@@ -34,6 +35,8 @@ function chunkSms(text) {
 class TwilioAdapter {
     constructor(app) {
         this.name = 'sms';
+        // Phase v4.1-1.3a — diagnostics route through scope logger.
+        this.log = (0, logger_1.noopLogger)();
         this.twilioClient = null;
         this.healthy = false;
         this.app = null;
@@ -45,10 +48,11 @@ class TwilioAdapter {
         this.webhookUrl = process.env.WEBHOOK_URL ?? '';
         this.app = app ?? null;
     }
+    attachLogger(logger) { this.log = logger; }
     // ── Lifecycle ──────────────────────────────────────────────
     async start() {
         if (!this.accountSid || !this.authToken || !this.fromNumber) {
-            console.log('[SMS] Disabled — set TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN, TWILIO_PHONE_NUMBER to enable');
+            this.log.info('Disabled — set TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN, TWILIO_PHONE_NUMBER to enable');
             return;
         }
         let twilio;
@@ -56,7 +60,7 @@ class TwilioAdapter {
             twilio = require('twilio');
         }
         catch (e) {
-            console.log('[SMS] Disabled — twilio package not available:', e.message);
+            this.log.info(`Disabled — twilio package not available:${e.message}`);
             return;
         }
         this.twilioClient = twilio(this.accountSid, this.authToken);
@@ -87,10 +91,10 @@ class TwilioAdapter {
             });
         }
         if (!this.webhookUrl) {
-            console.log('[SMS] Outbound ready — inbound SMS requires public webhook URL (set WEBHOOK_URL env or use ngrok)');
+            this.log.info('Outbound ready — inbound SMS requires public webhook URL (set WEBHOOK_URL env or use ngrok)');
         }
         else {
-            console.log(`[SMS] Ready — inbound webhook: ${this.webhookUrl}/api/channels/sms/inbound`);
+            this.log.info('Ready — inbound webhook: ${this.webhookUrl}/api/channels/sms/inbound');
         }
         this.healthy = true;
     }
@@ -98,7 +102,7 @@ class TwilioAdapter {
         this.healthy = false;
         gateway_1.gateway.unregisterChannel('sms');
         this.twilioClient = null;
-        console.log('[SMS] Disconnected');
+        this.log.info('Disconnected');
     }
     async send(target, message) {
         if (!this.twilioClient || !this.healthy)
@@ -113,7 +117,7 @@ class TwilioAdapter {
                 });
             }
             catch (e) {
-                console.error('[SMS] send error:', e.message);
+                this.log.error(`send error:${e.message}`);
                 break;
             }
         }
@@ -136,7 +140,7 @@ class TwilioAdapter {
             });
         }
         catch (e) {
-            console.error('[SMS] routeMessage error:', e.message);
+            this.log.error(`routeMessage error:${e.message}`);
             return 'Something went wrong. Try again.';
         }
     }

package/dist/core/channels/webhook.js

@@ -62,9 +62,12 @@ exports.WebhookAdapter = void 0;
 // No external SDK — uses Node.js built-in crypto only.
 const crypto = __importStar(require("crypto"));
 const gateway_1 = require("../gateway");
+const logger_1 = require("../v4/logger");
 class WebhookAdapter {
     constructor(app) {
         this.name = 'webhook';
+        // Phase v4.1-1.3a — diagnostics route through scope logger.
+        this.log = (0, logger_1.noopLogger)();
         this.healthy = false;
         this.secret = process.env.WEBHOOK_SECRET ?? '';
         const rawOrigins = process.env.WEBHOOK_ALLOWED_ORIGINS ?? '';
@@ -73,14 +76,15 @@ class WebhookAdapter {
             : [];
         this.app = app ?? null;
     }
+    attachLogger(logger) { this.log = logger; }
     // ── Lifecycle ──────────────────────────────────────────────
     async start() {
         if (!this.app) {
-            console.warn('[Webhook] No Express app provided — endpoint not registered');
+            this.log.warn('No Express app provided — endpoint not registered');
             return;
         }
         if (!this.secret) {
-            console.log('[Webhook] Disabled — set WEBHOOK_SECRET to enable');
+            this.log.info('Disabled — set WEBHOOK_SECRET to enable');
             // Register the route but return 503 so callers get a clear error
             this.app.post('/api/webhook', (_req, res) => {
                 res.status(503).json({ error: 'Webhook disabled — set WEBHOOK_SECRET to enable' });
@@ -134,12 +138,12 @@ class WebhookAdapter {
             }
         });
         this.healthy = true;
-        console.log('[Webhook] Enabled — POST /api/webhook (HMAC-SHA256 required)');
+        this.log.info('Enabled — POST /api/webhook (HMAC-SHA256 required)');
     }
     async stop() {
         this.healthy = false;
         // Express routes cannot be unregistered at runtime; we simply mark unhealthy
-        console.log('[Webhook] Stopped');
+        this.log.info('Stopped');
     }
     /** Not applicable — webhook is request-response, not push-based */
     async send(_target, _message) { }
@@ -179,7 +183,7 @@ class WebhookAdapter {
             });
         }
         catch (e) {
-            console.error('[Webhook] Async callback failed:', e.message);
+            this.log.error(`Async callback failed:${e.message}`);
         }
     }
 }

package/dist/core/channels/whatsapp.js

@@ -63,9 +63,12 @@ exports.WhatsAppAdapter = void 0;
 //                                instead of web automation
 const path_1 = __importDefault(require("path"));
 const gateway_1 = require("../gateway");
+const logger_1 = require("../v4/logger");
 class WhatsAppAdapter {
     constructor() {
         this.name = 'whatsapp';
+        // Phase v4.1-1.3a — diagnostics route through scope logger.
+        this.log = (0, logger_1.noopLogger)();
         this.client = null;
         this.healthy = false;
         this.sessionPath = process.env.WHATSAPP_SESSION_PATH ?? path_1.default.join(process.cwd(), 'workspace', '.whatsapp_session');
@@ -73,6 +76,7 @@ class WhatsAppAdapter {
         this.allowedNumbers = raw ? new Set(raw.split(',').map(s => s.trim()).filter(Boolean)) : new Set();
         this.businessApiKey = process.env.WHATSAPP_BUSINESS_API_KEY ?? '';
     }
+    attachLogger(logger) { this.log = logger; }
     // ── Lifecycle ──────────────────────────────────────────────
     async start() {
         // Opt-in guard — silent unless WHATSAPP_ENABLED=true
@@ -87,7 +91,7 @@ class WhatsAppAdapter {
             LocalAuth = wwebjs.LocalAuth;
         }
         catch (e) {
-            console.log('[WhatsApp] Disabled — whatsapp-web.js not available:', e.message);
+            this.log.info(`Disabled — whatsapp-web.js not available:${e.message}`);
             return;
         }
         this.client = new Client({
@@ -99,21 +103,21 @@ class WhatsAppAdapter {
         });
         // QR code for first-time auth
         this.client.on('qr', (qr) => {
-            console.log('[WhatsApp] Scan this QR code with your WhatsApp mobile app:');
+            this.log.info('Scan this QR code with your WhatsApp mobile app:');
             try {
                 const qrcode = require('qrcode-terminal');
                 qrcode.generate(qr, { small: true });
             }
             catch {
-                console.log('[WhatsApp] QR (raw):', qr);
+                this.log.info(`QR (raw):${qr}`);
             }
         });
         this.client.on('authenticated', () => {
-            console.log('[WhatsApp] Session authenticated — session persisted at', this.sessionPath);
+            this.log.info(`Session authenticated — session persisted at${this.sessionPath}`);
         });
         this.client.on('ready', () => {
             this.healthy = true;
-            console.log('[WhatsApp] Client ready');
+            this.log.info('Client ready');
             gateway_1.gateway.registerChannel('whatsapp', async (msg) => {
                 await this.send(msg.channelId, msg.text);
                 return true;
@@ -121,7 +125,7 @@ class WhatsAppAdapter {
         });
         this.client.on('disconnected', (reason) => {
             this.healthy = false;
-            console.log('[WhatsApp] Disconnected:', reason);
+            this.log.info(`Disconnected:${reason}`);
         });
         this.client.on('message', async (msg) => {
             // Skip non-text messages and group messages (from field ends with @g.us)
@@ -133,13 +137,13 @@ class WhatsAppAdapter {
             if (!this.isAllowed(senderNumber))
                 return;
             const response = await this.processMessage(msg.from, senderNumber, msg.body);
-            await msg.reply(response).catch((e) => console.error('[WhatsApp] reply error:', e.message));
+            await msg.reply(response).catch((e) => this.log.error(`reply error:${e.message}`));
         });
         try {
             await this.client.initialize();
         }
         catch (e) {
-            console.log('[WhatsApp] Disabled — check WHATSAPP_SESSION_PATH:', e.message);
+            this.log.info(`Disabled — check WHATSAPP_SESSION_PATH:${e.message}`);
             this.healthy = false;
         }
     }
@@ -150,14 +154,14 @@ class WhatsAppAdapter {
             await this.client.destroy().catch(() => { });
             this.client = null;
         }
-        console.log('[WhatsApp] Disconnected');
+        this.log.info('Disconnected');
     }
     async send(target, message) {
         if (!this.client || !this.healthy)
             return;
         // Ensure target has @c.us suffix
         const chatId = target.includes('@') ? target : `${target.replace('+', '')}@c.us`;
-        await this.client.sendMessage(chatId, message).catch((e) => console.error('[WhatsApp] send error:', e.message));
+        await this.client.sendMessage(chatId, message).catch((e) => this.log.error(`send error:${e.message}`));
     }
     isHealthy() { return this.healthy; }
     // ── Helpers ────────────────────────────────────────────────
@@ -177,7 +181,7 @@ class WhatsAppAdapter {
             });
         }
         catch (e) {
-            console.error('[WhatsApp] routeMessage error:', e.message);
+            this.log.error(`routeMessage error:${e.message}`);
             return '❌ Something went wrong. Try again.';
         }
     }

package/dist/core/channels/whisper-transcribe.js

@@ -0,0 +1,163 @@
+"use strict";
+// ============================================================
+// DevOS — Autonomous AI Execution System
+// Copyright (c) 2026 Shiva Deore. All rights reserved.
+// ============================================================
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MAX_VOICE_BYTES = void 0;
+exports.transcribeForChannel = transcribeForChannel;
+exports.isHallucinatedTranscript = isHallucinatedTranscript;
+// core/channels/whisper-transcribe.ts — Phase v4.1-3.
+//
+// Channel-side Whisper adapter. Wraps the canonical
+// `core/voice/stt.ts` chain with three Telegram-specific concerns:
+//
+//   1. 25 MB pre-upload size cap. Telegram voice/audio messages can
+//      claim arbitrary `file_size`; if a malicious caller manages to
+//      pass through a 200 MB blob we want to refuse before burning a
+//      Whisper API quota. The cap matches both the Telegram Bot API
+//      attachment ceiling and the OpenAI Whisper request limit.
+//   2. Whisper hallucination guard. Both Groq and OpenAI Whisper
+//      sometimes return a known set of "noise transcripts" on near-
+//      silent input — "Thank you for watching", "Subtitles by …",
+//      etc. We catch the common shapes and convert them to an
+//      `isHallucination` failure so the caller can render a helpful
+//      "I couldn't make out your voice — please type instead"
+//      annotation rather than ferrying the noise to the agent.
+//   3. Result-shape contract that matches the channel adapter's
+//      expectations:
+//        TranscriptionResult = {
+//          success, text?, avgLogprob?, error?, isHallucination?,
+//          provider?, durationMs?
+//        }
+//      `avgLogprob` is the average of segment-level Whisper
+//      `avg_logprob` — values are negative; closer to 0 = more
+//      confident. The Telegram adapter uses this against the
+//      `TELEGRAM_VOICE_CONFIDENCE_THRESHOLD` env var (default -0.5)
+//      to decide whether to echo the transcript to the user before
+//      handing it to the agent.
+//
+// No console.* — every diagnostic uses the injected `Logger` from
+// `core/v4/logger`, defaulting to noop when none is wired.
+const node_fs_1 = require("node:fs");
+const stt_1 = require("../voice/stt");
+const logger_1 = require("../v4/logger");
+// 25 MiB. Telegram Bot API hard cap for attachments downloadable via
+// getFile() is 20 MB (the *upload* limit is 50 MB), and OpenAI's
+// Whisper request limit is 25 MB. Use the higher of the two we're
+// sending TO so a fortunate-edge-case 22 MB OGG doesn't fail late.
+exports.MAX_VOICE_BYTES = 25 * 1024 * 1024;
+/**
+ * Whisper hallucination patterns. Case-insensitive, anchored loosely
+ * so common variants (capitalisation, surrounding punctuation, the
+ * "by Amara.org" credit appearing on its own line) all match. Order
+ * is irrelevant — we OR them.
+ *
+ * Sources observed on near-silent or short noise inputs from both the
+ * Groq `whisper-large-v3` model and the OpenAI `whisper-1` model.
+ */
+const HALLUCINATION_PATTERNS = [
+    /thank\s+you\s+for\s+watching/i,
+    /thanks\s+for\s+watching/i,
+    /subtitles?\s+by/i,
+    /amara\.org/i,
+    /¡subt[íi]tulos\s+por/i,
+    /sous-titrage/i,
+];
+/**
+ * Transcribe an audio file via the existing Aiden Whisper chain,
+ * applying channel-side guards (size cap, hallucination filter,
+ * confidence surfacing).
+ *
+ * Never throws — failures land on `result.success = false` with a
+ * human-readable `error`. Callers should treat any of these as a
+ * "transcription failed" signal:
+ *
+ *   - `success === false`            (size cap, network, no provider)
+ *   - `isHallucination === true`     (transcript matched noise pattern)
+ *
+ * Confident vs. low-confidence is the caller's call. Use:
+ *
+ *     const confident = (result.avgLogprob ?? 0) >= -0.5
+ *
+ * (default threshold; configurable via `TELEGRAM_VOICE_CONFIDENCE_THRESHOLD`).
+ */
+async function transcribeForChannel(opts) {
+    const log = opts.logger ?? (0, logger_1.noopLogger)();
+    const cap = opts.maxBytesOverride ?? exports.MAX_VOICE_BYTES;
+    // ── 1. Size precheck ────────────────────────────────────────────
+    // Stat the file directly rather than trusting whatever size hint
+    // came down the wire — by the time this runs the file is on local
+    // disk, so the on-disk size is the truth. Refusing here avoids
+    // burning a Whisper API call on a payload it would reject anyway.
+    let sizeBytes;
+    try {
+        const st = await node_fs_1.promises.stat(opts.filePath);
+        sizeBytes = st.size;
+    }
+    catch (e) {
+        log.warn('voice file not readable', { path: opts.filePath, error: e?.message });
+        return {
+            success: false,
+            error: `audio file not readable: ${e?.message ?? 'unknown error'}`,
+        };
+    }
+    if (sizeBytes > cap) {
+        log.warn('voice file too large', { sizeBytes, cap });
+        return {
+            success: false,
+            error: `File too large: ${(sizeBytes / (1024 * 1024)).toFixed(1)} MB ` +
+                `(cap is ${(cap / (1024 * 1024)).toFixed(0)} MB).`,
+        };
+    }
+    // ── 2. Hand off to the canonical chain ──────────────────────────
+    const sttOpts = {
+        audioFilePath: opts.filePath,
+        logger: log,
+    };
+    if (opts.language)
+        sttOpts.language = opts.language;
+    const result = await (0, stt_1.transcribe)(sttOpts);
+    if (result.error || !result.text) {
+        return {
+            success: false,
+            error: result.error ?? 'empty transcript',
+            provider: result.provider,
+            durationMs: result.durationMs,
+        };
+    }
+    // ── 3. Hallucination guard ──────────────────────────────────────
+    if (isHallucinatedTranscript(result.text)) {
+        log.info('hallucinated transcript discarded', { snippet: result.text.slice(0, 60) });
+        return {
+            success: false,
+            isHallucination: true,
+            text: result.text,
+            error: 'Whisper returned a known noise pattern',
+            provider: result.provider,
+            durationMs: result.durationMs,
+        };
+    }
+    return {
+        success: true,
+        text: result.text,
+        provider: result.provider,
+        durationMs: result.durationMs,
+        ...(typeof result.confidence === 'number' ? { avgLogprob: result.confidence } : {}),
+    };
+}
+/**
+ * True when `text` matches one of the well-known Whisper noise
+ * outputs. Empty / whitespace-only strings also count — both Whisper
+ * variants emit them on dead silence and the channel layer wants
+ * them treated identically to noise.
+ */
+function isHallucinatedTranscript(text) {
+    if (!text || !text.trim())
+        return true;
+    for (const re of HALLUCINATION_PATTERNS) {
+        if (re.test(text))
+            return true;
+    }
+    return false;
+}