alvin-bot 4.4.1

package/dist/services/plugins.js

@@ -0,0 +1,171 @@
+/**
+ * Plugin System — Drop-in extensible capabilities.
+ *
+ * Plugins are loaded from the `plugins/` directory.
+ * Each plugin is a directory with an `index.js` (or `index.ts` compiled) file
+ * that exports a PluginDefinition.
+ *
+ * Plugin structure:
+ *   plugins/
+ *     weather/
+ *       index.js          — Plugin entry (exports PluginDefinition)
+ *       package.json      — Optional: dependencies
+ *     finance/
+ *       index.js
+ *
+ * Plugin API:
+ *   - name: unique identifier
+ *   - description: what the plugin does
+ *   - version: semver
+ *   - commands: Telegram commands the plugin registers
+ *   - tools: Functions the AI can call
+ *   - onMessage: Optional hook for every message
+ *   - onInit/onDestroy: Lifecycle hooks
+ */
+import fs from "fs";
+import { resolve } from "path";
+import { PLUGINS_DIR } from "../paths.js";
+// ── Plugin Registry ─────────────────────────────────────
+const loadedPlugins = new Map();
+/**
+ * Load all plugins from the plugins/ directory.
+ */
+export async function loadPlugins() {
+    const loaded = [];
+    const errors = [];
+    if (!fs.existsSync(PLUGINS_DIR)) {
+        fs.mkdirSync(PLUGINS_DIR, { recursive: true });
+        return { loaded, errors };
+    }
+    const entries = fs.readdirSync(PLUGINS_DIR, { withFileTypes: true });
+    for (const entry of entries) {
+        if (!entry.isDirectory())
+            continue;
+        if (entry.name.startsWith(".") || entry.name.startsWith("_"))
+            continue;
+        const pluginDir = resolve(PLUGINS_DIR, entry.name);
+        const indexFile = resolve(pluginDir, "index.js");
+        if (!fs.existsSync(indexFile)) {
+            errors.push({ name: entry.name, error: "Missing index.js" });
+            continue;
+        }
+        try {
+            // Dynamic import
+            const module = await import(`file://${indexFile}`);
+            const definition = module.default || module;
+            if (!definition.name) {
+                errors.push({ name: entry.name, error: "Plugin has no name" });
+                continue;
+            }
+            // Run init hook
+            if (definition.onInit) {
+                await definition.onInit();
+            }
+            loadedPlugins.set(definition.name, definition);
+            loaded.push(definition.name);
+            console.log(`✅ Plugin loaded: ${definition.name} v${definition.version}`);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            errors.push({ name: entry.name, error: msg });
+            console.error(`❌ Plugin failed: ${entry.name} — ${msg}`);
+        }
+    }
+    return { loaded, errors };
+}
+/**
+ * Register all plugin commands with the bot.
+ */
+export function registerPluginCommands(bot) {
+    for (const [, plugin] of loadedPlugins) {
+        if (!plugin.commands)
+            continue;
+        for (const cmd of plugin.commands) {
+            bot.command(cmd.command, async (ctx) => {
+                const args = ctx.match?.toString().trim() || "";
+                await cmd.handler(ctx, args);
+            });
+        }
+    }
+}
+/**
+ * Run plugin message hooks.
+ * Returns true if any plugin handled the message (stops propagation).
+ */
+export async function runPluginMessageHooks(ctx, text) {
+    for (const [, plugin] of loadedPlugins) {
+        if (plugin.onMessage) {
+            try {
+                const handled = await plugin.onMessage(ctx, text);
+                if (handled === true)
+                    return true;
+            }
+            catch (err) {
+                console.error(`Plugin ${plugin.name} onMessage error:`, err);
+            }
+        }
+    }
+    return false;
+}
+/**
+ * Get all registered plugin tools (for AI function calling).
+ */
+export function getPluginTools() {
+    const tools = [];
+    for (const [, plugin] of loadedPlugins) {
+        if (plugin.tools) {
+            tools.push(...plugin.tools);
+        }
+    }
+    return tools;
+}
+/**
+ * Execute a plugin tool by name.
+ */
+export async function executePluginTool(name, params) {
+    for (const [, plugin] of loadedPlugins) {
+        const tool = plugin.tools?.find(t => t.name === name);
+        if (tool) {
+            return tool.execute(params);
+        }
+    }
+    throw new Error(`Plugin tool "${name}" not found`);
+}
+/**
+ * Get loaded plugin info for /plugins command.
+ */
+export function getLoadedPlugins() {
+    const result = [];
+    for (const [, plugin] of loadedPlugins) {
+        result.push({
+            name: plugin.name,
+            description: plugin.description,
+            version: plugin.version,
+            commands: plugin.commands?.map(c => `/${c.command}`) || [],
+            tools: plugin.tools?.map(t => t.name) || [],
+        });
+    }
+    return result;
+}
+/**
+ * Unload all plugins (for graceful shutdown).
+ */
+export async function unloadPlugins() {
+    for (const [name, plugin] of loadedPlugins) {
+        try {
+            if (plugin.onDestroy)
+                await plugin.onDestroy();
+            console.log(`Plugin unloaded: ${name}`);
+        }
+        catch (err) {
+            console.error(`Plugin ${name} destroy error:`, err);
+        }
+    }
+    loadedPlugins.clear();
+}
+/**
+ * Get the plugins directory path (for documentation).
+ */
+export function getPluginsDir() {
+    return PLUGINS_DIR;
+}

package/dist/services/reminders.js

@@ -0,0 +1,97 @@
+/**
+ * Reminder Service — Simple in-memory reminder system.
+ *
+ * /remind 30m Call mom
+ * /remind 2h Check deployment
+ * /remind 1d Send invoice
+ */
+let nextId = 1;
+const reminders = new Map();
+/**
+ * Parse a duration string like "30m", "2h", "1d", "90s" into milliseconds.
+ */
+export function parseDuration(input) {
+    const match = input.match(/^(\d+(?:\.\d+)?)\s*(s|sec|m|min|h|hr|d|day)s?$/i);
+    if (!match)
+        return null;
+    const value = parseFloat(match[1]);
+    const unit = match[2].toLowerCase();
+    const multipliers = {
+        s: 1000, sec: 1000,
+        m: 60_000, min: 60_000,
+        h: 3_600_000, hr: 3_600_000,
+        d: 86_400_000, day: 86_400_000,
+    };
+    return value * (multipliers[unit] || 60_000);
+}
+/**
+ * Format milliseconds into a human-readable string.
+ */
+function formatDuration(ms) {
+    if (ms < 60_000)
+        return `${Math.round(ms / 1000)}s`;
+    if (ms < 3_600_000)
+        return `${Math.round(ms / 60_000)} Min`;
+    if (ms < 86_400_000)
+        return `${(ms / 3_600_000).toFixed(1)}h`;
+    return `${(ms / 86_400_000).toFixed(1)} Tage`;
+}
+/**
+ * Create a reminder that fires after a delay.
+ */
+export function createReminder(chatId, userId, text, delayMs, api) {
+    const id = nextId++;
+    const now = Date.now();
+    const timer = setTimeout(async () => {
+        try {
+            await api.sendMessage(chatId, `⏰ *Erinnerung:* ${text}`, { parse_mode: "Markdown" });
+        }
+        catch (err) {
+            console.error(`Failed to send reminder ${id}:`, err);
+        }
+        reminders.delete(id);
+    }, delayMs);
+    const reminder = {
+        id,
+        chatId,
+        userId,
+        text,
+        createdAt: now,
+        triggerAt: now + delayMs,
+        timer,
+    };
+    reminders.set(id, reminder);
+    return reminder;
+}
+/**
+ * List all pending reminders for a user.
+ */
+export function listReminders(userId) {
+    const now = Date.now();
+    return Array.from(reminders.values())
+        .filter(r => r.userId === userId && r.triggerAt > now)
+        .sort((a, b) => a.triggerAt - b.triggerAt)
+        .map(r => ({
+        id: r.id,
+        text: r.text,
+        triggerAt: r.triggerAt,
+        remaining: formatDuration(r.triggerAt - now),
+    }));
+}
+/**
+ * Cancel a reminder by ID.
+ */
+export function cancelReminder(id, userId) {
+    const r = reminders.get(id);
+    if (!r || r.userId !== userId)
+        return false;
+    clearTimeout(r.timer);
+    reminders.delete(id);
+    return true;
+}
+/**
+ * Get count of pending reminders for a user.
+ */
+export function reminderCount(userId) {
+    return Array.from(reminders.values()).filter(r => r.userId === userId).length;
+}

package/dist/services/restart.js

@@ -0,0 +1,48 @@
+/**
+ * Graceful Self-Restart — Ensures Grammy acknowledges Telegram updates before exit.
+ *
+ * Problem: When the AI calls `pm2 restart alvin-bot`, PM2 kills the process
+ * externally (SIGTERM → SIGKILL) before Grammy can commit the update offset.
+ * This causes a restart loop where the same "restart" message is re-processed.
+ *
+ * Solution: Instead of `pm2 restart`, we exit gracefully from inside the process.
+ * Grammy's bot.stop() commits the offset, then process.exit(0) triggers PM2 auto-restart.
+ */
+let _shutdownFn = null;
+let _restartScheduled = false;
+/**
+ * Register the graceful shutdown function (called once from index.ts).
+ */
+export function registerShutdownHandler(fn) {
+    _shutdownFn = fn;
+}
+/**
+ * Schedule a graceful restart. Waits for the given delay (ms) to allow
+ * the AI to finish its response, then shuts down cleanly.
+ * PM2's autorestart brings the bot back.
+ *
+ * Returns true if restart was scheduled, false if already pending.
+ */
+export function scheduleGracefulRestart(delayMs = 1500) {
+    if (_restartScheduled)
+        return false;
+    _restartScheduled = true;
+    setTimeout(async () => {
+        console.log("Graceful self-restart initiated...");
+        if (_shutdownFn) {
+            await _shutdownFn();
+        }
+        else {
+            process.exit(0);
+        }
+    }, delayMs);
+    return true;
+}
+/**
+ * Check if a shell command is a self-restart command.
+ */
+export function isSelfRestartCommand(command) {
+    const normalized = command.trim().toLowerCase();
+    // Match: pm2 restart alvin-bot, pm2 restart 0, pm2 reload alvin-bot
+    return /pm2\s+(restart|reload)\s+(alvin-bot|0)\b/.test(normalized);
+}

package/dist/services/security-audit.js

@@ -0,0 +1,66 @@
+import fs from "fs";
+import { execSync } from "child_process";
+import { resolve } from "path";
+import { DATA_DIR } from "../paths.js";
+export function runAudit() {
+    const checks = [];
+    // 1. .env file permissions
+    const envFile = resolve(DATA_DIR, ".env");
+    if (fs.existsSync(envFile)) {
+        const stat = fs.statSync(envFile);
+        const mode = (stat.mode & 0o777).toString(8);
+        checks.push(mode === "600"
+            ? { name: ".env permissions", status: "PASS", message: `Mode ${mode} (secure)` }
+            : { name: ".env permissions", status: "WARN", message: `Mode ${mode} — should be 600. Run: chmod 600 ${envFile}` });
+    }
+    else {
+        checks.push({ name: ".env file", status: "WARN", message: "No .env file found" });
+    }
+    // 2. Check for secrets in git
+    try {
+        const gitOutput = execSync("git diff HEAD --cached --diff-filter=ACM -- . | grep -iE '(api.key|token|password|secret)\\s*=' || true", { cwd: DATA_DIR, stdio: "pipe" }).toString();
+        checks.push(gitOutput.trim()
+            ? { name: "Secrets in git", status: "FAIL", message: `Possible secrets in staged files:\n${gitOutput.trim()}` }
+            : { name: "Secrets in git", status: "PASS", message: "No secrets detected in staged files" });
+    }
+    catch {
+        checks.push({ name: "Secrets in git", status: "PASS", message: "Not a git repo or no staged changes" });
+    }
+    // 3. ALLOWED_USERS set
+    const allowedUsers = process.env.ALLOWED_USERS || "";
+    checks.push(allowedUsers
+        ? { name: "ALLOWED_USERS", status: "PASS", message: `${allowedUsers.split(",").length} user(s) configured` }
+        : { name: "ALLOWED_USERS", status: "WARN", message: "Not set — anyone can message the bot" });
+    // 4. WEB_PASSWORD
+    const webPassword = process.env.WEB_PASSWORD || "";
+    checks.push(webPassword
+        ? { name: "WEB_PASSWORD", status: "PASS", message: "Set" }
+        : { name: "WEB_PASSWORD", status: "WARN", message: "Not set — Web UI is unprotected" });
+    // 5. WEBHOOK_TOKEN
+    if (process.env.WEBHOOK_ENABLED === "true") {
+        checks.push(process.env.WEBHOOK_TOKEN
+            ? { name: "WEBHOOK_TOKEN", status: "PASS", message: "Set" }
+            : { name: "WEBHOOK_TOKEN", status: "FAIL", message: "Webhooks enabled but no token set — anyone can trigger!" });
+    }
+    // 6. Data dir permissions
+    if (fs.existsSync(DATA_DIR)) {
+        const stat = fs.statSync(DATA_DIR);
+        const mode = (stat.mode & 0o777).toString(8);
+        checks.push(parseInt(mode, 8) <= 0o755
+            ? { name: "Data dir permissions", status: "PASS", message: `${DATA_DIR} mode ${mode}` }
+            : { name: "Data dir permissions", status: "WARN", message: `${DATA_DIR} mode ${mode} — consider restricting` });
+    }
+    return checks;
+}
+export function formatAuditReport(checks) {
+    const icons = { PASS: "✅", WARN: "⚠️", FAIL: "❌" };
+    let report = "Security Audit Report\n" + "=".repeat(40) + "\n\n";
+    for (const c of checks) {
+        report += `${icons[c.status]} ${c.name}: ${c.message}\n`;
+    }
+    const fails = checks.filter(c => c.status === "FAIL").length;
+    const warns = checks.filter(c => c.status === "WARN").length;
+    report += `\n${"=".repeat(40)}\n`;
+    report += `${checks.length} checks: ${checks.length - fails - warns} passed, ${warns} warnings, ${fails} failures\n`;
+    return report;
+}

package/dist/services/self-search.js

@@ -0,0 +1,129 @@
+/**
+ * Self-Search — Unified search across all of Alvin-Bot's knowledge.
+ *
+ * Combines three search strategies:
+ * 1. Semantic (embeddings) — finds memories AND assets by meaning
+ * 2. Capability (skills) — finds matching skills by keyword triggers
+ * 3. Keyword fallback — finds assets by filename/category match
+ *
+ * Used by:
+ * - CLI: `alvin-bot search "query"` (for SDK agents to call via Bash)
+ * - Internal: personality.ts for prompt enrichment
+ */
+import { searchMemory } from "./embeddings.js";
+import { matchSkills } from "./skills.js";
+import { loadAssetIndex } from "./asset-index.js";
+// ── Search Strategies ───────────────────────────────────
+/**
+ * Semantic search via embeddings (memories + assets).
+ * Results from asset sources get type "asset", others get "memory".
+ */
+async function searchSemantic(query, topK, minScore) {
+    try {
+        const results = await searchMemory(query, topK, minScore);
+        const index = loadAssetIndex();
+        // Build a lookup map for absolute paths
+        const assetPathMap = new Map();
+        for (const a of index.assets) {
+            assetPathMap.set(`assets/${a.path}`, a.absolutePath);
+        }
+        return results.map(r => {
+            const isAsset = r.source.startsWith("assets/");
+            return {
+                type: isAsset ? "asset" : "memory",
+                text: r.text.length > 200 ? r.text.slice(0, 200) + "..." : r.text,
+                source: r.source,
+                score: r.score,
+                absolutePath: isAsset ? assetPathMap.get(r.source) : undefined,
+            };
+        });
+    }
+    catch {
+        // Embeddings unavailable — return empty (keyword fallback will catch)
+        return [];
+    }
+}
+/**
+ * Capability search — match skills by their trigger keywords.
+ */
+function searchCapabilities(query) {
+    const matched = matchSkills(query, 3);
+    return matched.map(s => ({
+        type: "capability",
+        text: `Skill: ${s.name} — ${s.description}`,
+        source: `skills/${s.id}`,
+        score: 0.5,
+    }));
+}
+/**
+ * Keyword fallback — match assets by filename, category, or description.
+ * Used when embeddings are unavailable or as a supplement.
+ */
+function searchKeyword(query) {
+    const index = loadAssetIndex();
+    if (index.assets.length === 0)
+        return [];
+    const keywords = query.toLowerCase().split(/\s+/).filter(w => w.length >= 3);
+    if (keywords.length === 0)
+        return [];
+    return index.assets
+        .filter(a => keywords.some(k => a.filename.toLowerCase().includes(k) ||
+        a.category.toLowerCase().includes(k) ||
+        a.description.toLowerCase().includes(k)))
+        .map(a => {
+        // Score based on match quality: filename hits rank higher than category-only
+        const filenameLower = a.filename.toLowerCase();
+        const matchCount = keywords.filter(k => filenameLower.includes(k)).length;
+        const score = matchCount >= 2 ? 0.75 : matchCount === 1 ? 0.65 : 0.5;
+        return {
+            type: "asset",
+            text: a.description,
+            source: `assets/${a.path}`,
+            score,
+            absolutePath: a.absolutePath,
+        };
+    });
+}
+// ── Public API ──────────────────────────────────────────
+/**
+ * Search across all knowledge sources: memories, assets, capabilities.
+ * Merges results, deduplicates by source, sorts by score.
+ */
+export async function searchSelf(query, topK = 5, minScore = 0.3) {
+    // Run all searches (semantic is async, others are sync)
+    const [semantic, capabilities, keyword] = await Promise.all([
+        searchSemantic(query, topK, minScore),
+        Promise.resolve(searchCapabilities(query)),
+        Promise.resolve(searchKeyword(query)),
+    ]);
+    // Merge all results
+    const all = [...semantic, ...capabilities, ...keyword];
+    // Deduplicate by source (keep highest score)
+    const deduped = new Map();
+    for (const r of all) {
+        const existing = deduped.get(r.source);
+        if (!existing || r.score > existing.score) {
+            deduped.set(r.source, r);
+        }
+    }
+    // Sort by score descending, take topK
+    return [...deduped.values()]
+        .sort((a, b) => b.score - a.score)
+        .slice(0, topK);
+}
+/**
+ * Format search results for CLI output.
+ */
+export function formatSearchResults(results) {
+    if (results.length === 0)
+        return "No results found.";
+    return results.map(r => {
+        const score = `[${r.score.toFixed(2)}]`;
+        const type = r.type.padEnd(10);
+        const source = r.source;
+        const detail = r.absolutePath
+            ? `\n${"".padEnd(16)}${r.absolutePath}`
+            : `\n${"".padEnd(16)}"${r.text.slice(0, 80)}${r.text.length > 80 ? "..." : ""}"`;
+        return `${score} ${type} ${source}${detail}`;
+    }).join("\n");
+}

package/dist/services/session.js

@@ -0,0 +1,93 @@
+import { config } from "../config.js";
+/** Max history entries to keep (to avoid token overflow) */
+const MAX_HISTORY = 100;
+const sessions = new Map();
+export function buildSessionKey(platform, channelId, userId) {
+    switch (config.sessionMode) {
+        case "per-channel":
+            return `${platform}:${channelId}`;
+        case "per-channel-peer":
+            return `${platform}:${channelId}:${userId}`;
+        case "per-user":
+        default:
+            return String(userId);
+    }
+}
+export function getSession(key) {
+    const k = String(key);
+    let session = sessions.get(k);
+    if (!session) {
+        session = {
+            sessionId: null,
+            workingDir: config.defaultWorkingDir,
+            isProcessing: false,
+            abortController: null,
+            lastActivity: Date.now(),
+            startedAt: Date.now(),
+            totalCost: 0,
+            costByProvider: {},
+            queriesByProvider: {},
+            effort: "high",
+            voiceReply: false,
+            messageCount: 0,
+            toolUseCount: 0,
+            totalInputTokens: 0,
+            totalOutputTokens: 0,
+            history: [],
+            language: "en",
+            messageQueue: [],
+        };
+        sessions.set(k, session);
+    }
+    return session;
+}
+export function resetSession(key) {
+    const session = getSession(key);
+    session.sessionId = null;
+    session.totalCost = 0;
+    session.costByProvider = {};
+    session.queriesByProvider = {};
+    session.messageCount = 0;
+    session.toolUseCount = 0;
+    session.totalInputTokens = 0;
+    session.totalOutputTokens = 0;
+    session.history = [];
+    session.startedAt = Date.now();
+}
+/** Track cost, query count, and tokens for a provider. */
+export function trackProviderUsage(key, providerKey, cost, inputTokens, outputTokens) {
+    const session = getSession(key);
+    session.costByProvider[providerKey] = (session.costByProvider[providerKey] || 0) + cost;
+    session.queriesByProvider[providerKey] = (session.queriesByProvider[providerKey] || 0) + 1;
+    if (inputTokens)
+        session.totalInputTokens += inputTokens;
+    if (outputTokens)
+        session.totalOutputTokens += outputTokens;
+}
+/** Add a message to conversation history (for non-SDK providers). */
+export function addToHistory(key, message) {
+    const session = getSession(key);
+    session.history.push(message);
+    // Trim oldest messages if history gets too long
+    if (session.history.length > MAX_HISTORY) {
+        session.history = session.history.slice(-MAX_HISTORY);
+    }
+}
+/** Get all active sessions (for web UI session browser). */
+export function getAllSessions() {
+    return sessions;
+}
+/** Kill a user session completely — abort running query, clear history, remove from map. */
+export function killSession(key) {
+    const k = String(key);
+    const session = sessions.get(k);
+    if (!session)
+        return { aborted: false, hadSession: false };
+    let aborted = false;
+    if (session.abortController) {
+        session.abortController.abort();
+        aborted = true;
+    }
+    sessions.delete(k);
+    return { aborted, hadSession: true };
+}