alvin-bot 4.4.1

package/dist/services/sudo.js

@@ -0,0 +1,243 @@
+/**
+ * Sudo / Elevated Access Service
+ *
+ * Manages superadmin privileges for Alvin Bot on the host system.
+ * Password is stored securely in the macOS Keychain (or encrypted file on Linux).
+ *
+ * Features:
+ * - Store/retrieve sudo password securely
+ * - Execute commands with sudo
+ * - Grant/revoke elevated access
+ * - OS dialog handling (Accessibility, Full Disk Access, etc.)
+ * - Status check (is sudo configured? does it work?)
+ */
+import { execSync, spawn } from "child_process";
+import os from "os";
+import fs from "fs";
+import crypto from "crypto";
+import { resolve } from "path";
+import { SUDO_ENC_FILE as ENCRYPTED_PASS_FILE, SUDO_KEY_FILE as ENCRYPTION_KEY_FILE, RUNTIME_DIR } from "../paths.js";
+const PLATFORM = os.platform();
+const KEYCHAIN_SERVICE = "alvin-bot-sudo";
+const KEYCHAIN_ACCOUNT = "alvin-bot";
+// ── Password Storage ────────────────────────────────────
+/**
+ * Store sudo password securely.
+ * macOS: Uses Keychain. Linux: Uses encrypted file.
+ */
+export function storePassword(password) {
+    try {
+        if (PLATFORM === "darwin") {
+            // macOS: Store in Keychain
+            // First try to delete existing entry
+            try {
+                execSync(`security delete-generic-password -a "${KEYCHAIN_ACCOUNT}" -s "${KEYCHAIN_SERVICE}" 2>/dev/null`, { stdio: "pipe" });
+            }
+            catch { /* didn't exist */ }
+            execSync(`security add-generic-password -a "${KEYCHAIN_ACCOUNT}" -s "${KEYCHAIN_SERVICE}" -w "${password.replace(/"/g, '\\"')}" -U`, { stdio: "pipe", timeout: 5000 });
+            return { ok: true, method: "macOS Keychain" };
+        }
+        else {
+            // Linux/other: Encrypted file
+            const key = crypto.randomBytes(32);
+            const iv = crypto.randomBytes(16);
+            const cipher = crypto.createCipheriv("aes-256-gcm", key, iv);
+            let encrypted = cipher.update(password, "utf-8", "hex");
+            encrypted += cipher.final("hex");
+            const authTag = cipher.getAuthTag();
+            if (!fs.existsSync(RUNTIME_DIR))
+                fs.mkdirSync(RUNTIME_DIR, { recursive: true });
+            // Store key separately (basic separation of concerns)
+            fs.writeFileSync(ENCRYPTION_KEY_FILE, Buffer.concat([key, iv]).toString("hex"), { mode: 0o600 });
+            fs.writeFileSync(ENCRYPTED_PASS_FILE, encrypted + ":" + authTag.toString("hex"), { mode: 0o600 });
+            return { ok: true, method: "Encrypted file" };
+        }
+    }
+    catch (err) {
+        return { ok: false, method: "none", error: err instanceof Error ? err.message : String(err) };
+    }
+}
+/**
+ * Retrieve stored sudo password.
+ */
+export function retrievePassword() {
+    try {
+        if (PLATFORM === "darwin") {
+            const pw = execSync(`security find-generic-password -a "${KEYCHAIN_ACCOUNT}" -s "${KEYCHAIN_SERVICE}" -w`, { stdio: "pipe", timeout: 5000 }).toString().trim();
+            return pw || null;
+        }
+        else {
+            if (!fs.existsSync(ENCRYPTED_PASS_FILE) || !fs.existsSync(ENCRYPTION_KEY_FILE))
+                return null;
+            const keyData = Buffer.from(fs.readFileSync(ENCRYPTION_KEY_FILE, "utf-8"), "hex");
+            const key = keyData.subarray(0, 32);
+            const iv = keyData.subarray(32, 48);
+            const [encrypted, authTagHex] = fs.readFileSync(ENCRYPTED_PASS_FILE, "utf-8").split(":");
+            const decipher = crypto.createDecipheriv("aes-256-gcm", key, iv);
+            decipher.setAuthTag(Buffer.from(authTagHex, "hex"));
+            let decrypted = decipher.update(encrypted, "hex", "utf-8");
+            decrypted += decipher.final("utf-8");
+            return decrypted;
+        }
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Delete stored password (revoke sudo access).
+ */
+export function revokePassword() {
+    try {
+        if (PLATFORM === "darwin") {
+            execSync(`security delete-generic-password -a "${KEYCHAIN_ACCOUNT}" -s "${KEYCHAIN_SERVICE}"`, { stdio: "pipe", timeout: 5000 });
+        }
+        else {
+            if (fs.existsSync(ENCRYPTED_PASS_FILE))
+                fs.unlinkSync(ENCRYPTED_PASS_FILE);
+            if (fs.existsSync(ENCRYPTION_KEY_FILE))
+                fs.unlinkSync(ENCRYPTION_KEY_FILE);
+        }
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+// ── Sudo Execution ──────────────────────────────────────
+/**
+ * Execute a command with sudo.
+ * Returns { ok, output, error }.
+ */
+export async function sudoExec(command, timeoutMs = 30000) {
+    const password = retrievePassword();
+    if (!password) {
+        return { ok: false, output: "", error: "No sudo password stored. Please set it up first (/setup sudo or Settings → Sudo)." };
+    }
+    return new Promise((resolve) => {
+        const child = spawn("sudo", ["-S", "bash", "-c", command], {
+            stdio: ["pipe", "pipe", "pipe"],
+            timeout: timeoutMs,
+            env: { ...process.env, PATH: process.env.PATH + ":/opt/homebrew/bin:/usr/local/bin" },
+        });
+        let stdout = "";
+        let stderr = "";
+        child.stdout.on("data", (d) => { stdout += d.toString(); });
+        child.stderr.on("data", (d) => {
+            const text = d.toString();
+            // sudo prompts on stderr — don't include the prompt in error output
+            if (!text.includes("Password:") && !text.includes("password for")) {
+                stderr += text;
+            }
+        });
+        // Send password to sudo's stdin
+        child.stdin.write(password + "\n");
+        child.stdin.end();
+        child.on("close", (code) => {
+            if (code === 0) {
+                resolve({ ok: true, output: stdout.trim() });
+            }
+            else {
+                // Check for wrong password
+                if (stderr.includes("incorrect password") || stderr.includes("Sorry, try again")) {
+                    resolve({ ok: false, output: "", error: "Wrong sudo password! Please reconfigure." });
+                }
+                else {
+                    resolve({ ok: false, output: stdout.trim(), error: stderr.trim() || `Exit code: ${code}` });
+                }
+            }
+        });
+        child.on("error", (err) => {
+            resolve({ ok: false, output: "", error: err.message });
+        });
+    });
+}
+// ── macOS Permission Dialogs ────────────────────────────
+/**
+ * Request admin privileges via macOS dialog (osascript).
+ * Shows the native macOS password prompt.
+ */
+export async function requestAdminViaDialog(reason) {
+    if (PLATFORM !== "darwin") {
+        return { ok: false, error: "Only available on macOS" };
+    }
+    try {
+        execSync(`osascript -e 'do shell script "echo ok" with administrator privileges with prompt "${reason.replace(/"/g, '\\"')}"'`, { stdio: "pipe", timeout: 60000 });
+        return { ok: true };
+    }
+    catch (err) {
+        return { ok: false, error: err instanceof Error ? err.message : String(err) };
+    }
+}
+/**
+ * Open System Settings to a specific pane (macOS).
+ */
+export function openSystemSettings(pane) {
+    if (PLATFORM !== "darwin")
+        return false;
+    try {
+        const paneUrls = {
+            "accessibility": "x-apple.systempreferences:com.apple.preference.security?Privacy_Accessibility",
+            "full-disk-access": "x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles",
+            "automation": "x-apple.systempreferences:com.apple.preference.security?Privacy_Automation",
+            "security": "x-apple.systempreferences:com.apple.preference.security",
+            "privacy": "x-apple.systempreferences:com.apple.preference.security?Privacy",
+        };
+        const url = paneUrls[pane] || `x-apple.systempreferences:${pane}`;
+        execSync(`open "${url}"`, { stdio: "pipe" });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Get comprehensive sudo status.
+ */
+export async function getSudoStatus() {
+    const configured = retrievePassword() !== null;
+    const user = os.userInfo().username;
+    let verified = false;
+    if (configured) {
+        const test = await sudoExec("echo SUDO_OK", 10000);
+        verified = test.ok && test.output.includes("SUDO_OK");
+    }
+    // Check macOS permissions
+    let accessibility = null;
+    let fullDiskAccess = null;
+    if (PLATFORM === "darwin") {
+        try {
+            // Check Accessibility (approximate — try to use cliclick)
+            execSync("cliclick p:.", { stdio: "pipe", timeout: 3000 });
+            accessibility = true;
+        }
+        catch {
+            accessibility = false;
+        }
+        try {
+            // Check Full Disk Access (try to read a protected file)
+            fs.accessSync(resolve(os.homedir(), "Library/Mail"), fs.constants.R_OK);
+            fullDiskAccess = true;
+        }
+        catch {
+            fullDiskAccess = false;
+        }
+    }
+    return {
+        configured,
+        storageMethod: PLATFORM === "darwin" ? "macOS Keychain" : "Encrypted file",
+        verified,
+        platform: PLATFORM,
+        user,
+        permissions: { accessibility, fullDiskAccess },
+    };
+}
+/**
+ * Verify the stored password works.
+ */
+export async function verifyPassword() {
+    const result = await sudoExec("echo VERIFIED", 10000);
+    if (result.ok)
+        return { ok: true };
+    return { ok: false, error: result.error };
+}

package/dist/services/telegram.js

@@ -0,0 +1,113 @@
+import { config } from "../config.js";
+import { sanitizeTelegramMarkdown } from "./markdown.js";
+export class TelegramStreamer {
+    messageId = null;
+    chatId;
+    api;
+    replyTo;
+    lastEditTime = 0;
+    pendingText = null;
+    editTimer = null;
+    lastSentText = "";
+    constructor(chatId, api, replyToMessageId) {
+        this.chatId = chatId;
+        this.api = api;
+        this.replyTo = replyToMessageId;
+    }
+    async update(fullText) {
+        const displayText = sanitizeTelegramMarkdown(this.truncate(fullText) || "...");
+        if (!this.messageId) {
+            const opts = { parse_mode: "Markdown" };
+            if (this.replyTo)
+                opts.reply_to_message_id = this.replyTo;
+            const msg = await this.api.sendMessage(this.chatId, displayText, opts).catch(() => this.api.sendMessage(this.chatId, displayText, this.replyTo ? { reply_to_message_id: this.replyTo } : undefined));
+            this.messageId = msg.message_id;
+            this.lastSentText = displayText;
+            this.lastEditTime = Date.now();
+            return;
+        }
+        if (displayText === this.lastSentText)
+            return;
+        this.pendingText = displayText;
+        if (!this.editTimer) {
+            const elapsed = Date.now() - this.lastEditTime;
+            const delay = Math.max(0, config.streamThrottleMs - elapsed);
+            this.editTimer = setTimeout(() => this.flush(), delay);
+        }
+    }
+    async flush() {
+        this.editTimer = null;
+        if (this.pendingText && this.messageId && this.pendingText !== this.lastSentText) {
+            try {
+                await this.api.editMessageText(this.chatId, this.messageId, this.pendingText, {
+                    parse_mode: "Markdown",
+                }).catch(() => this.api.editMessageText(this.chatId, this.messageId, this.pendingText));
+                this.lastSentText = this.pendingText;
+                this.lastEditTime = Date.now();
+            }
+            catch {
+                // Ignore edit failures (message unchanged, etc.)
+            }
+            this.pendingText = null;
+        }
+    }
+    async finalize(fullText) {
+        if (this.editTimer) {
+            clearTimeout(this.editTimer);
+            this.editTimer = null;
+        }
+        if (!fullText || fullText.trim().length === 0) {
+            if (!this.messageId) {
+                await this.api.sendMessage(this.chatId, "(Keine Antwort)");
+            }
+            return;
+        }
+        // Sanitize final text
+        const safeText = sanitizeTelegramMarkdown(fullText);
+        // If text fits in one message, just update the existing one
+        if (safeText.length <= config.telegramMaxLength && this.messageId) {
+            if (safeText !== this.lastSentText) {
+                await this.api.editMessageText(this.chatId, this.messageId, safeText, {
+                    parse_mode: "Markdown",
+                }).catch(() => this.api.editMessageText(this.chatId, this.messageId, safeText));
+            }
+            return;
+        }
+        // Long text: delete streaming message and send chunked
+        if (this.messageId) {
+            await this.api.deleteMessage(this.chatId, this.messageId).catch(() => { });
+        }
+        const chunks = this.splitText(safeText);
+        for (const chunk of chunks) {
+            await this.api.sendMessage(this.chatId, chunk, {
+                parse_mode: "Markdown",
+            }).catch(() => this.api.sendMessage(this.chatId, chunk));
+        }
+    }
+    truncate(text) {
+        if (text.length <= config.telegramMaxLength)
+            return text;
+        return "...\n" + text.slice(-(config.telegramMaxLength - 10));
+    }
+    splitText(text) {
+        const chunks = [];
+        let remaining = text;
+        const maxLen = config.telegramMaxLength;
+        while (remaining.length > 0) {
+            if (remaining.length <= maxLen) {
+                chunks.push(remaining);
+                break;
+            }
+            let splitAt = remaining.lastIndexOf("\n", maxLen);
+            if (splitAt < maxLen * 0.5) {
+                splitAt = remaining.lastIndexOf(" ", maxLen);
+            }
+            if (splitAt < maxLen * 0.3) {
+                splitAt = maxLen;
+            }
+            chunks.push(remaining.substring(0, splitAt));
+            remaining = remaining.substring(splitAt).trimStart();
+        }
+        return chunks;
+    }
+}

package/dist/services/tool-discovery.js

@@ -0,0 +1,214 @@
+/**
+ * Tool Discovery Service
+ *
+ * Scans the system at startup for available CLI tools, configured plugins,
+ * and custom tools. Injects a summary into the system prompt so the AI
+ * knows exactly what it can use — instead of guessing or saying "I'd need X".
+ *
+ * Philosophy: An agent that doesn't know its own capabilities is useless.
+ */
+import { execSync } from "child_process";
+import fs from "fs";
+import { resolve } from "path";
+import { TOOLS_MD, TOOLS_JSON, PLUGINS_DIR } from "../paths.js";
+// Cache the report — only scan once per process lifetime
+let cachedReport = null;
+/**
+ * CLI tools to probe for. Grouped by category.
+ * Each entry: [binary, description]
+ */
+const TOOL_PROBES = {
+    "📧 Email & Communication": [
+        ["himalaya", "Email CLI (IMAP/SMTP) — list, read, send, search emails"],
+        ["wacli", "WhatsApp CLI — send messages, search history"],
+        ["signal-cli", "Signal messenger CLI"],
+    ],
+    "🌐 Web & Network": [
+        ["curl", "HTTP requests"],
+        ["wget", "File downloads"],
+        ["httpie", "Modern HTTP client"],
+        ["jq", "JSON processor"],
+    ],
+    "📄 Document Processing": [
+        ["pandoc", "Universal document converter (Markdown, HTML, PDF, DOCX, LaTeX)"],
+        ["pdftotext", "Extract text from PDFs"],
+        ["pdfinfo", "PDF metadata"],
+        ["pdftoppm", "PDF to images"],
+        ["gs", "Ghostscript — PDF manipulation (merge, split, compress)"],
+        ["wkhtmltopdf", "HTML to PDF renderer"],
+        ["libreoffice", "Office document conversion"],
+    ],
+    "🎨 Image Processing": [
+        ["sips", "macOS image processing (resize, convert, rotate)"],
+        ["magick", "ImageMagick — advanced image manipulation"],
+        ["convert", "ImageMagick convert (legacy)"],
+        ["ffmpeg", "Audio/Video/Image swiss army knife"],
+    ],
+    "🎬 Audio & Video": [
+        ["ffmpeg", "Audio/Video conversion, extraction, streaming"],
+        ["ffprobe", "Media file analysis (duration, codecs, bitrate)"],
+        ["yt-dlp", "Download videos from YouTube and 1000+ sites"],
+        ["whisper", "OpenAI Whisper — local speech-to-text"],
+    ],
+    "💻 Development": [
+        ["node", "Node.js runtime"],
+        ["npm", "Node package manager"],
+        ["npx", "Node package executor"],
+        ["python3", "Python 3"],
+        ["pip3", "Python package manager"],
+        ["git", "Version control"],
+        ["gh", "GitHub CLI — issues, PRs, repos, actions"],
+        ["docker", "Container runtime"],
+        ["pm2", "Process manager"],
+    ],
+    "🖥️ macOS Automation": [
+        ["osascript", "AppleScript / JXA automation"],
+        ["cliclick", "Mouse/keyboard automation (click, type, key press)"],
+        ["screencapture", "Take screenshots"],
+        ["brightness", "Display brightness control"],
+        ["blueutil", "Bluetooth control"],
+        ["SwitchAudioSource", "Audio device switching"],
+        ["mas", "Mac App Store CLI"],
+        ["pbcopy", "Copy to clipboard"],
+        ["pbpaste", "Paste from clipboard"],
+    ],
+    "📊 Data & Analysis": [
+        ["sqlite3", "SQLite database CLI"],
+        ["psql", "PostgreSQL client"],
+        ["mysql", "MySQL client"],
+        ["csvtool", "CSV processing"],
+        ["mlr", "Miller — CSV/JSON/TSV data processor"],
+    ],
+    "🔧 System": [
+        ["ssh", "Remote shell access"],
+        ["sshpass", "SSH with password (non-interactive)"],
+        ["rsync", "Fast file sync/transfer"],
+        ["trash", "Safe file deletion (recoverable)"],
+        ["htop", "System monitor"],
+        ["lsof", "Open file/port inspector"],
+    ],
+};
+/** Check if a binary exists on the system */
+function whichTool(name) {
+    try {
+        return execSync(`which ${name} 2>/dev/null`, { encoding: "utf-8", timeout: 3000 }).trim() || null;
+    }
+    catch {
+        return null;
+    }
+}
+/** Load custom tool names from TOOLS.md (with legacy tools.json fallback) */
+function loadCustomTools() {
+    // Prefer TOOLS.md — extract tool names from ## headings
+    if (fs.existsSync(TOOLS_MD)) {
+        try {
+            const content = fs.readFileSync(TOOLS_MD, "utf-8");
+            const names = [];
+            for (const match of content.matchAll(/^## (.+)$/gm)) {
+                const name = match[1].trim().replace(/\s+/g, "_").toLowerCase();
+                if (name)
+                    names.push(name);
+            }
+            if (names.length > 0)
+                return names;
+        }
+        catch { /* fall through */ }
+    }
+    // Legacy fallback: docs/tools.json
+    try {
+        const data = JSON.parse(fs.readFileSync(TOOLS_JSON, "utf-8"));
+        const tools = data.tools || data.items || (Array.isArray(data) ? data : []);
+        return tools.map((t) => t.name || t.id || "unknown");
+    }
+    catch {
+        return [];
+    }
+}
+/** Get list of loaded plugins (read plugin directory) */
+function discoverPlugins() {
+    try {
+        return fs.readdirSync(PLUGINS_DIR)
+            .filter(d => fs.statSync(resolve(PLUGINS_DIR, d)).isDirectory())
+            .filter(d => fs.existsSync(resolve(PLUGINS_DIR, d, "index.js")));
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Scan the system for available tools. Cached after first call.
+ */
+export function discoverTools(forceRescan = false) {
+    if (cachedReport && !forceRescan)
+        return cachedReport;
+    const cliTools = [];
+    const seen = new Set();
+    for (const [category, probes] of Object.entries(TOOL_PROBES)) {
+        for (const [name, description] of probes) {
+            if (seen.has(name))
+                continue;
+            seen.add(name);
+            const path = whichTool(name);
+            if (path) {
+                cliTools.push({ name, path, description, category });
+            }
+        }
+    }
+    const customTools = loadCustomTools();
+    const plugins = discoverPlugins();
+    // Build human-readable summary for the system prompt
+    const lines = ["## Available Tools & Capabilities\n"];
+    lines.push("The following tools are installed and ready to use on this system.\n");
+    lines.push("**IMPORTANT:** Use these tools DIRECTLY. Do NOT say 'I would need X' when X is listed here.\n");
+    // Group CLI tools by category
+    const byCategory = new Map();
+    for (const tool of cliTools) {
+        const list = byCategory.get(tool.category) || [];
+        list.push(tool);
+        byCategory.set(tool.category, list);
+    }
+    for (const [category, tools] of byCategory) {
+        lines.push(`### ${category}`);
+        for (const t of tools) {
+            lines.push(`- **${t.name}** — ${t.description}`);
+        }
+        lines.push("");
+    }
+    // Plugins
+    if (plugins.length > 0) {
+        lines.push("### 🔌 Active Plugins");
+        for (const p of plugins) {
+            lines.push(`- **${p}** — Use \`/${p}\` or ask directly about ${p} features`);
+        }
+        lines.push("");
+    }
+    // Custom tools
+    if (customTools.length > 0) {
+        lines.push(`### 🛠️ Custom Tools (${customTools.length} defined in TOOLS.md)`);
+        lines.push(`Available via Web UI or by name. Examples: ${customTools.slice(0, 10).join(", ")}${customTools.length > 10 ? "..." : ""}`);
+        lines.push("");
+    }
+    // Usage guidelines
+    lines.push("### 💡 Usage Guidelines");
+    lines.push("- **Act first, ask later.** If a tool is available → use it directly.");
+    lines.push("- **`which <tool>`** if unsure whether something is installed.");
+    lines.push("- **Combine tools:** e.g. `curl` + `jq` for APIs, `ffmpeg` + `ffprobe` for media.");
+    lines.push("- **Missing tools:** Suggest installation, do NOT give up.");
+    lines.push("");
+    const summary = lines.join("\n");
+    cachedReport = { cliTools, customTools, plugins, summary, scannedAt: Date.now() };
+    console.log(`🔍 Tool discovery: ${cliTools.length} CLI tools, ${plugins.length} plugins, ${customTools.length} custom tools`);
+    return cachedReport;
+}
+/**
+ * Get the tool summary for injection into the system prompt.
+ */
+export function getToolSummary() {
+    return discoverTools().summary;
+}
+/**
+ * Force rescan (e.g., after plugin install).
+ */
+export function rescanTools() {
+    return discoverTools(true);
+}