alvin-bot 4.4.1

package/dist/web/setup-api.js

@@ -0,0 +1,1078 @@
+/**
+ * Setup API — Platform & Model configuration endpoints.
+ *
+ * Handles:
+ * - Platform setup (Discord, WhatsApp, Signal tokens + dependency installation)
+ * - Model/Provider management (API keys, custom models, presets)
+ * - Runtime activation/deactivation
+ */
+import fs from "fs";
+import { resolve } from "path";
+import { execSync } from "child_process";
+import { getRegistry } from "../engine.js";
+import { listJobs, createJob, deleteJob, toggleJob, updateJob, runJobNow, formatNextRun, humanReadableSchedule } from "../services/cron.js";
+import { storePassword, revokePassword, getSudoStatus, verifyPassword, sudoExec, requestAdminViaDialog, openSystemSettings } from "../services/sudo.js";
+import { ENV_FILE, CUSTOM_MODELS as CUSTOM_MODELS_FILE, BOT_ROOT, WHATSAPP_AUTH } from "../paths.js";
+// ── Env Helpers ─────────────────────────────────────────
+function readEnv() {
+    if (!fs.existsSync(ENV_FILE))
+        return {};
+    const lines = fs.readFileSync(ENV_FILE, "utf-8").split("\n");
+    const env = {};
+    for (const line of lines) {
+        if (line.startsWith("#") || !line.includes("="))
+            continue;
+        const idx = line.indexOf("=");
+        env[line.slice(0, idx).trim()] = line.slice(idx + 1).trim();
+    }
+    return env;
+}
+function writeEnvVar(key, value) {
+    let content = fs.existsSync(ENV_FILE) ? fs.readFileSync(ENV_FILE, "utf-8") : "";
+    const regex = new RegExp(`^${key}=.*$`, "m");
+    if (regex.test(content)) {
+        content = content.replace(regex, `${key}=${value}`);
+    }
+    else {
+        content = content.trimEnd() + `\n${key}=${value}\n`;
+    }
+    fs.writeFileSync(ENV_FILE, content);
+}
+function removeEnvVar(key) {
+    if (!fs.existsSync(ENV_FILE))
+        return;
+    let content = fs.readFileSync(ENV_FILE, "utf-8");
+    content = content.replace(new RegExp(`^${key}=.*\n?`, "m"), "");
+    fs.writeFileSync(ENV_FILE, content);
+}
+function loadCustomModels() {
+    try {
+        return JSON.parse(fs.readFileSync(CUSTOM_MODELS_FILE, "utf-8"));
+    }
+    catch {
+        return [];
+    }
+}
+function saveCustomModels(models) {
+    fs.writeFileSync(CUSTOM_MODELS_FILE, JSON.stringify(models, null, 2));
+}
+const PLATFORMS = [
+    {
+        id: "telegram",
+        name: "Telegram",
+        icon: "📱",
+        description: "Telegram Bot via BotFather. The default messaging channel.",
+        envVars: [
+            { key: "BOT_TOKEN", label: "Bot Token", placeholder: "123456:ABC-DEF...", secret: true },
+            { key: "ALLOWED_USERS", label: "Allowed User IDs", placeholder: "123456789,987654321" },
+        ],
+        setupUrl: "https://t.me/BotFather",
+        setupSteps: [
+            "Open @BotFather on Telegram",
+            "Send /newbot and follow the instructions",
+            "Copy the bot token here",
+            "For your User ID: Send a message to @userinfobot",
+        ],
+    },
+    {
+        id: "discord",
+        name: "Discord",
+        icon: "🎮",
+        description: "Discord bot for servers and DMs. Requires discord.js.",
+        envVars: [
+            { key: "DISCORD_TOKEN", label: "Bot Token", placeholder: "MTIz...abc", secret: true },
+        ],
+        npmPackages: ["discord.js"],
+        setupUrl: "https://discord.com/developers/applications",
+        setupSteps: [
+            "Create an Application on discord.com/developers",
+            "Go to Bot → Reset Token → Copy token",
+            "Enable Message Content Intent under Bot → Privileged Intents",
+            "Invite the bot to your server: OAuth2 → URL Generator → bot + messages.read + messages.write",
+        ],
+    },
+    {
+        id: "whatsapp",
+        name: "WhatsApp",
+        icon: "💬",
+        description: "WhatsApp Multi-Device connection via Baileys (no Chrome needed). QR code scan on first start.",
+        envVars: [
+            { key: "WHATSAPP_ENABLED", label: "Enable", placeholder: "true", type: "toggle" },
+            { key: "WHATSAPP_SELF_CHAT_ONLY", label: "Self-chat only (recommended)", placeholder: "true", type: "toggle" },
+            { key: "WHATSAPP_ALLOW_GROUPS", label: "Reply in groups (on @mention)", placeholder: "", type: "toggle" },
+            { key: "WHATSAPP_ALLOW_DMS", label: "Reply to private messages", placeholder: "", type: "toggle" },
+        ],
+        npmPackages: ["@whiskeysockets/baileys"],
+        setupSteps: [
+            "Click 'Install Dependencies' (if needed)",
+            "Enable WhatsApp (toggle above) and click 'Save'",
+            "Restart the bot (Maintenance → Restart bot)",
+            "The QR code will appear below — scan it with WhatsApp → Linked Devices → Link a Device",
+            "The connection is persisted (data/whatsapp-auth/)",
+        ],
+    },
+    {
+        id: "slack",
+        name: "Slack",
+        icon: "💼",
+        description: "Slack workspace integration via Socket Mode (no public URL needed). DMs and @mentions in channels.",
+        envVars: [
+            { key: "SLACK_BOT_TOKEN", label: "Bot Token (xoxb-...)", placeholder: "xoxb-...", secret: true },
+            { key: "SLACK_APP_TOKEN", label: "App Token (xapp-...)", placeholder: "xapp-...", secret: true },
+        ],
+        npmPackages: ["@slack/bolt"],
+        setupUrl: "https://api.slack.com/apps",
+        setupSteps: [
+            "Create a new App at api.slack.com/apps (From scratch)",
+            "Enable Socket Mode (Settings → Socket Mode → Enable)",
+            "Generate App-Level Token with 'connections:write' scope → copy as SLACK_APP_TOKEN",
+            "Go to OAuth & Permissions → add Bot Token Scopes: chat:write, channels:history, groups:history, im:history, mpim:history, app_mentions:read, files:write, reactions:write",
+            "Install App to Workspace → copy Bot User OAuth Token as SLACK_BOT_TOKEN",
+            "Subscribe to Events: message.im, message.groups, message.channels, app_mention",
+            "Invite the bot to channels with /invite @botname",
+        ],
+    },
+    {
+        id: "signal",
+        name: "Signal",
+        icon: "🔒",
+        description: "Signal Messenger via signal-cli REST API. Requires a separate signal-cli container.",
+        envVars: [
+            { key: "SIGNAL_API_URL", label: "signal-cli REST API URL", placeholder: "http://localhost:8080" },
+            { key: "SIGNAL_NUMBER", label: "Signal Number", placeholder: "+491234567890" },
+        ],
+        setupUrl: "https://github.com/bbernhard/signal-cli-rest-api",
+        setupSteps: [
+            "Start signal-cli REST API (Docker recommended):",
+            "docker run -p 8080:8080 bbernhard/signal-cli-rest-api",
+            "Register your number via the API",
+            "Enter URL and number above",
+        ],
+    },
+];
+const PROVIDERS = [
+    {
+        id: "claude-sdk",
+        name: "Claude Agent SDK",
+        icon: "🟣",
+        description: "Full tool use via Agent SDK. Requires Claude CLI login (Max plan or API key).",
+        envKey: "",
+        models: [
+            { key: "claude-sdk", name: "Claude (Agent SDK)", model: "claude-opus-4-6" },
+        ],
+        signupUrl: "https://console.anthropic.com",
+        docsUrl: "https://docs.anthropic.com/en/docs/claude-code",
+        setupSteps: [
+            "npm install -g @anthropic-ai/claude-code",
+            "claude login (browser auth or API key)",
+            "Full tool use: read/write files, shell commands, browser",
+        ],
+    },
+    {
+        id: "anthropic",
+        name: "Anthropic API",
+        icon: "🟣",
+        description: "Claude Opus, Sonnet, Haiku directly via API key. OpenAI-compatible.",
+        envKey: "ANTHROPIC_API_KEY",
+        models: [
+            { key: "claude-opus", name: "Claude Opus 4", model: "claude-opus-4-6" },
+            { key: "claude-sonnet", name: "Claude Sonnet 4", model: "claude-sonnet-4-20250514" },
+            { key: "claude-haiku", name: "Claude 3.5 Haiku", model: "claude-3-5-haiku-20241022" },
+        ],
+        signupUrl: "https://console.anthropic.com/settings/keys",
+        docsUrl: "https://docs.anthropic.com/en/api",
+        setupSteps: [
+            "Create account on console.anthropic.com",
+            "Generate API key under Settings → API Keys",
+            "Add credits (pay-as-you-go) or use subscription",
+        ],
+    },
+    {
+        id: "openai",
+        name: "OpenAI",
+        icon: "🟢",
+        description: "GPT-4o, GPT-4.1, o3/o4 and other OpenAI models.",
+        envKey: "OPENAI_API_KEY",
+        models: [
+            { key: "gpt-4o", name: "GPT-4o", model: "gpt-4o" },
+            { key: "gpt-4o-mini", name: "GPT-4o Mini", model: "gpt-4o-mini" },
+            { key: "gpt-4.1", name: "GPT-4.1", model: "gpt-4.1" },
+            { key: "gpt-4.1-mini", name: "GPT-4.1 Mini", model: "gpt-4.1-mini" },
+            { key: "o3-mini", name: "o3 Mini", model: "o3-mini" },
+        ],
+        signupUrl: "https://platform.openai.com/api-keys",
+        docsUrl: "https://platform.openai.com/docs",
+        setupSteps: [
+            "Create account on platform.openai.com",
+            "Generate API key under API Keys",
+            "Add credits (pay-as-you-go)",
+        ],
+    },
+    {
+        id: "google",
+        name: "Google Gemini",
+        icon: "🔵",
+        description: "Gemini 2.5/3 Pro/Flash via Google AI Studio. Free tier available.",
+        envKey: "GOOGLE_API_KEY",
+        models: [
+            { key: "gemini-2.5-pro", name: "Gemini 2.5 Pro", model: "gemini-2.5-pro" },
+            { key: "gemini-2.5-flash", name: "Gemini 2.5 Flash", model: "gemini-2.5-flash" },
+            { key: "gemini-3-pro", name: "Gemini 3 Pro (Preview)", model: "gemini-3-pro-preview" },
+            { key: "gemini-3-flash", name: "Gemini 3 Flash (Preview)", model: "gemini-3-flash-preview" },
+        ],
+        signupUrl: "https://aistudio.google.com/apikey",
+        docsUrl: "https://ai.google.dev/docs",
+        setupSteps: [
+            "Open Google AI Studio (aistudio.google.com)",
+            "Create API key → ready to use immediately",
+            "Free tier: 15 RPM, 1M TPM",
+        ],
+        free: true,
+    },
+    {
+        id: "nvidia",
+        name: "NVIDIA NIM",
+        icon: "🟩",
+        description: "150+ models free (Llama, Kimi, Mistral, etc.) via NVIDIA API.",
+        envKey: "NVIDIA_API_KEY",
+        models: [
+            { key: "nvidia-llama-3.3-70b", name: "Llama 3.3 70B", model: "meta/llama-3.3-70b-instruct" },
+            { key: "nvidia-kimi-k2.5", name: "Kimi K2.5", model: "moonshotai/kimi-k2.5" },
+        ],
+        signupUrl: "https://build.nvidia.com",
+        docsUrl: "https://docs.api.nvidia.com",
+        setupSteps: [
+            "Create account on build.nvidia.com",
+            "Generate free API key",
+            "150+ models available for free (1000 credits/month)",
+        ],
+        free: true,
+    },
+    {
+        id: "groq",
+        name: "Groq",
+        icon: "⚡",
+        description: "Ultra-fast inference. Llama, Mixtral, Gemma — free and lightning fast.",
+        envKey: "GROQ_API_KEY",
+        models: [
+            { key: "groq", name: "Llama 3.3 70B (Groq)", model: "llama-3.3-70b-versatile" },
+            { key: "groq-llama-3.1-8b", name: "Llama 3.1 8B (Groq)", model: "llama-3.1-8b-instant" },
+            { key: "groq-mixtral", name: "Mixtral 8x7B (Groq)", model: "mixtral-8x7b-32768" },
+        ],
+        signupUrl: "https://console.groq.com",
+        docsUrl: "https://console.groq.com/docs",
+        setupSteps: [
+            "Create account on console.groq.com (no credit card needed)",
+            "Generate API key",
+            "Ready to use immediately — free tier with rate limits",
+        ],
+        free: true,
+    },
+    {
+        id: "openrouter",
+        name: "OpenRouter",
+        icon: "🌐",
+        description: "One API key, 200+ models. Claude, GPT, Gemini, Llama — all via one API.",
+        envKey: "OPENROUTER_API_KEY",
+        models: [
+            { key: "openrouter", name: "OpenRouter (Standard)", model: "anthropic/claude-sonnet-4" },
+        ],
+        signupUrl: "https://openrouter.ai/keys",
+        docsUrl: "https://openrouter.ai/docs",
+        setupSteps: [
+            "Create account on openrouter.ai",
+            "Generate API key",
+            "Add credits or use free models",
+        ],
+    },
+    {
+        id: "ollama",
+        name: "Ollama (Local)",
+        icon: "🦙",
+        description: "Local models on your machine. No API key needed, runs offline.",
+        envKey: "",
+        models: [
+            { key: "ollama", name: "Ollama (Local)", model: "llama3.2" },
+        ],
+        signupUrl: "https://ollama.com/download",
+        docsUrl: "https://ollama.com/library",
+        setupSteps: [
+            "Install Ollama: brew install ollama (macOS) or ollama.com/download",
+            "Pull a model: ollama pull llama3.2",
+            "Runs automatically on localhost:11434",
+        ],
+        free: true,
+    },
+];
+// ── API Handler ─────────────────────────────────────────
+export async function handleSetupAPI(req, res, urlPath, body) {
+    res.setHeader("Content-Type", "application/json");
+    // ── Platforms ───────────────────────────────────────
+    // GET /api/platforms/setup — full setup info for all platforms
+    if (urlPath === "/api/platforms/setup") {
+        const env = readEnv();
+        const platforms = PLATFORMS.map(p => ({
+            ...p,
+            configured: (() => {
+                // A platform is "configured" if its primary env var(s) are set
+                // Toggles: the first toggle being true is enough (e.g., WHATSAPP_ENABLED)
+                // Text fields: all non-toggle fields must have a value
+                const required = p.envVars.filter(v => v.type !== "toggle");
+                const toggles = p.envVars.filter(v => v.type === "toggle");
+                if (required.length > 0)
+                    return required.every(v => !!env[v.key]);
+                if (toggles.length > 0)
+                    return toggles[0] && env[toggles[0].key] === "true";
+                return false;
+            })(),
+            values: Object.fromEntries(p.envVars.map(v => [v.key, v.secret && env[v.key] ? maskSecret(env[v.key]) : (env[v.key] || "")])),
+            depsInstalled: p.npmPackages ? checkNpmDeps(p.npmPackages) : true,
+        }));
+        res.end(JSON.stringify({ platforms }));
+        return true;
+    }
+    // POST /api/platforms/configure — save platform env vars
+    if (urlPath === "/api/platforms/configure" && req.method === "POST") {
+        try {
+            const { platformId, values } = JSON.parse(body);
+            const platform = PLATFORMS.find(p => p.id === platformId);
+            if (!platform) {
+                res.statusCode = 400;
+                res.end(JSON.stringify({ error: "Unknown platform" }));
+                return true;
+            }
+            for (const v of platform.envVars) {
+                if (values[v.key] !== undefined && values[v.key] !== "") {
+                    writeEnvVar(v.key, values[v.key]);
+                    process.env[v.key] = values[v.key]; // Hot-apply for toggle changes
+                }
+                else if (values[v.key] === "") {
+                    removeEnvVar(v.key);
+                    delete process.env[v.key]; // Hot-remove
+                }
+            }
+            // WhatsApp toggle-only changes (self-chat, groups, DMs) don't need restart
+            const onlyToggles = platform.envVars.every(v => v.type === "toggle") ||
+                (platformId === "whatsapp" && platform.envVars.filter(v => v.type !== "toggle").every(v => !values[v.key]));
+            const restartNeeded = !onlyToggles;
+            res.end(JSON.stringify({ ok: true, restartNeeded, note: restartNeeded ? "Restart required to apply changes." : "Saved." }));
+        }
+        catch {
+            res.statusCode = 400;
+            res.end(JSON.stringify({ error: "Invalid request" }));
+        }
+        return true;
+    }
+    // POST /api/platforms/install-deps — install npm packages for a platform
+    if (urlPath === "/api/platforms/install-deps" && req.method === "POST") {
+        try {
+            const { platformId } = JSON.parse(body);
+            const platform = PLATFORMS.find(p => p.id === platformId);
+            if (!platform?.npmPackages?.length) {
+                res.end(JSON.stringify({ ok: true, note: "No dependencies needed." }));
+                return true;
+            }
+            const pkgs = platform.npmPackages.join(" ");
+            const output = execSync(`cd "${BOT_ROOT}" && npm install ${pkgs} --save-optional 2>&1`, {
+                timeout: 120000,
+                env: { ...process.env, PATH: process.env.PATH + ":/opt/homebrew/bin:/usr/local/bin" },
+            }).toString();
+            res.end(JSON.stringify({ ok: true, output: output.slice(0, 5000) }));
+        }
+        catch (err) {
+            const error = err instanceof Error ? err.message : String(err);
+            res.end(JSON.stringify({ error }));
+        }
+        return true;
+    }
+    // ── Models / Providers ─────────────────────────────
+    // GET /api/providers/setup — full setup info for all providers
+    if (urlPath === "/api/providers/setup") {
+        const env = readEnv();
+        const registry = getRegistry();
+        const activeKey = registry.getActiveKey();
+        const registeredModels = await registry.listAll();
+        const providers = PROVIDERS.map(p => ({
+            ...p,
+            hasKey: p.envKey ? !!env[p.envKey] : true, // Ollama doesn't need key
+            keyPreview: p.envKey && env[p.envKey] ? maskSecret(env[p.envKey]) : "",
+            modelsActive: p.models.map(m => ({
+                ...m,
+                registered: registeredModels.some(rm => rm.key === m.key),
+                active: activeKey === m.key,
+                status: registeredModels.find(rm => rm.key === m.key)?.status || "not configured",
+            })),
+        }));
+        const customModels = loadCustomModels();
+        res.end(JSON.stringify({ providers, customModels, activeModel: activeKey }));
+        return true;
+    }
+    // POST /api/providers/set-key — save an API key
+    if (urlPath === "/api/providers/set-key" && req.method === "POST") {
+        try {
+            const { providerId, apiKey } = JSON.parse(body);
+            const provider = PROVIDERS.find(p => p.id === providerId);
+            if (!provider?.envKey) {
+                res.statusCode = 400;
+                res.end(JSON.stringify({ error: "Provider does not need an API key" }));
+                return true;
+            }
+            writeEnvVar(provider.envKey, apiKey);
+            res.end(JSON.stringify({ ok: true, note: "Restart required to activate the new key." }));
+        }
+        catch {
+            res.statusCode = 400;
+            res.end(JSON.stringify({ error: "Invalid request" }));
+        }
+        return true;
+    }
+    // POST /api/providers/set-primary — set primary provider
+    if (urlPath === "/api/providers/set-primary" && req.method === "POST") {
+        try {
+            const { key } = JSON.parse(body);
+            writeEnvVar("PRIMARY_PROVIDER", key);
+            // Also switch runtime
+            const registry = getRegistry();
+            registry.switchTo(key);
+            res.end(JSON.stringify({ ok: true }));
+        }
+        catch {
+            res.statusCode = 400;
+            res.end(JSON.stringify({ error: "Invalid request" }));
+        }
+        return true;
+    }
+    // POST /api/providers/set-fallbacks — set fallback chain
+    if (urlPath === "/api/providers/set-fallbacks" && req.method === "POST") {
+        try {
+            const { keys } = JSON.parse(body);
+            writeEnvVar("FALLBACK_PROVIDERS", keys.join(","));
+            res.end(JSON.stringify({ ok: true, note: "Restart required." }));
+        }
+        catch {
+            res.statusCode = 400;
+            res.end(JSON.stringify({ error: "Invalid request" }));
+        }
+        return true;
+    }
+    // GET /api/providers/live-models?id=<providerId> — fetch available models from provider API
+    if (urlPath?.startsWith("/api/providers/live-models") && req.method === "GET") {
+        try {
+            const url = new URL(req.url || "", `http://${req.headers.host}`);
+            const providerId = url.searchParams.get("id") || "";
+            const models = await fetchLiveModels(providerId);
+            res.end(JSON.stringify({ ok: true, providerId, models }));
+        }
+        catch (err) {
+            res.end(JSON.stringify({ ok: false, error: err instanceof Error ? err.message : String(err), models: [] }));
+        }
+        return true;
+    }
+    // POST /api/providers/add-custom — add a custom model
+    if (urlPath === "/api/providers/add-custom" && req.method === "POST") {
+        try {
+            const model = JSON.parse(body);
+            if (!model.key || !model.name || !model.baseUrl || !model.model) {
+                res.statusCode = 400;
+                res.end(JSON.stringify({ error: "key, name, baseUrl and model are required fields" }));
+                return true;
+            }
+            model.type = "openai-compatible";
+            const models = loadCustomModels();
+            // Upsert
+            const idx = models.findIndex(m => m.key === model.key);
+            if (idx >= 0)
+                models[idx] = model;
+            else
+                models.push(model);
+            saveCustomModels(models);
+            // Save API key if provided
+            if (model.apiKeyEnv && model.apiKey) {
+                writeEnvVar(model.apiKeyEnv, model.apiKey);
+            }
+            res.end(JSON.stringify({ ok: true, note: "Restart required to activate the model." }));
+        }
+        catch {
+            res.statusCode = 400;
+            res.end(JSON.stringify({ error: "Invalid request" }));
+        }
+        return true;
+    }
+    // DELETE /api/providers/remove-custom — remove a custom model
+    if (urlPath === "/api/providers/remove-custom" && req.method === "POST") {
+        try {
+            const { key } = JSON.parse(body);
+            const models = loadCustomModels().filter(m => m.key !== key);
+            saveCustomModels(models);
+            res.end(JSON.stringify({ ok: true }));
+        }
+        catch {
+            res.statusCode = 400;
+            res.end(JSON.stringify({ error: "Invalid request" }));
+        }
+        return true;
+    }
+    // POST /api/providers/test-key — quick API key validation
+    if (urlPath === "/api/providers/test-key" && req.method === "POST") {
+        try {
+            const { providerId, apiKey } = JSON.parse(body);
+            const result = await testApiKey(providerId, apiKey);
+            res.end(JSON.stringify(result));
+        }
+        catch (err) {
+            const error = err instanceof Error ? err.message : String(err);
+            res.end(JSON.stringify({ ok: false, error }));
+        }
+        return true;
+    }
+    // ── Sudo / Elevated Access ─────────────────────────
+    // GET /api/sudo/status — check sudo configuration
+    if (urlPath === "/api/sudo/status") {
+        const status = await getSudoStatus();
+        res.end(JSON.stringify(status));
+        return true;
+    }
+    // POST /api/sudo/setup — store sudo password
+    if (urlPath === "/api/sudo/setup" && req.method === "POST") {
+        try {
+            const { password } = JSON.parse(body);
+            if (!password) {
+                res.statusCode = 400;
+                res.end(JSON.stringify({ error: "Password required" }));
+                return true;
+            }
+            const result = storePassword(password);
+            if (result.ok) {
+                // Verify it works
+                const verify = await verifyPassword();
+                if (verify.ok) {
+                    res.end(JSON.stringify({ ok: true, method: result.method, verified: true }));
+                }
+                else {
+                    revokePassword(); // Clean up if wrong password
+                    res.end(JSON.stringify({ ok: false, error: "Password stored but verification failed: " + verify.error }));
+                }
+            }
+            else {
+                res.end(JSON.stringify({ ok: false, error: result.error }));
+            }
+        }
+        catch {
+            res.statusCode = 400;
+            res.end(JSON.stringify({ error: "Invalid request" }));
+        }
+        return true;
+    }
+    // POST /api/sudo/revoke — delete stored password
+    if (urlPath === "/api/sudo/revoke" && req.method === "POST") {
+        const ok = revokePassword();
+        res.end(JSON.stringify({ ok }));
+        return true;
+    }
+    // POST /api/sudo/verify — test if stored password works
+    if (urlPath === "/api/sudo/verify" && req.method === "POST") {
+        const result = await verifyPassword();
+        res.end(JSON.stringify(result));
+        return true;
+    }
+    // POST /api/sudo/exec — execute a command with sudo
+    if (urlPath === "/api/sudo/exec" && req.method === "POST") {
+        try {
+            const { command } = JSON.parse(body);
+            if (!command) {
+                res.statusCode = 400;
+                res.end(JSON.stringify({ error: "No command specified" }));
+                return true;
+            }
+            const result = await sudoExec(command);
+            res.end(JSON.stringify(result));
+        }
+        catch {
+            res.statusCode = 400;
+            res.end(JSON.stringify({ error: "Invalid request" }));
+        }
+        return true;
+    }
+    // POST /api/sudo/admin-dialog — show macOS admin dialog
+    if (urlPath === "/api/sudo/admin-dialog" && req.method === "POST") {
+        try {
+            const { reason } = JSON.parse(body);
+            const result = await requestAdminViaDialog(reason || "Alvin Bot requires administrator privileges");
+            res.end(JSON.stringify(result));
+        }
+        catch {
+            res.statusCode = 400;
+            res.end(JSON.stringify({ error: "Invalid request" }));
+        }
+        return true;
+    }
+    // POST /api/sudo/open-settings — open macOS system settings
+    if (urlPath === "/api/sudo/open-settings" && req.method === "POST") {
+        try {
+            const { pane } = JSON.parse(body);
+            const ok = openSystemSettings(pane || "security");
+            res.end(JSON.stringify({ ok }));
+        }
+        catch {
+            res.statusCode = 400;
+            res.end(JSON.stringify({ error: "Invalid request" }));
+        }
+        return true;
+    }
+    // ── Skills ────────────────────────────────────────────
+    // GET /api/skills — list all loaded skills
+    if (urlPath === "/api/skills") {
+        const { getSkills } = await import("../services/skills.js");
+        const skills = getSkills().map(s => ({
+            id: s.id,
+            name: s.name,
+            description: s.description,
+            triggers: s.triggers,
+            priority: s.priority,
+            category: s.category,
+        }));
+        res.end(JSON.stringify({ skills }));
+        return true;
+    }
+    // ── Cron Jobs ───────────────────────────────────────
+    // GET /api/cron — list all jobs
+    if (urlPath === "/api/cron") {
+        const jobs = listJobs();
+        const enriched = jobs.map(j => ({
+            ...j,
+            nextRunFormatted: formatNextRun(j.nextRunAt),
+            lastRunFormatted: j.lastRunAt ? new Date(j.lastRunAt).toLocaleString("de-DE") : null,
+            scheduleReadable: humanReadableSchedule(j.schedule),
+        }));
+        res.end(JSON.stringify({ jobs: enriched }));
+        return true;
+    }
+    // POST /api/cron/create — create a new job
+    if (urlPath === "/api/cron/create" && req.method === "POST") {
+        try {
+            const data = JSON.parse(body);
+            const job = createJob({
+                name: data.name,
+                type: data.type,
+                schedule: data.schedule,
+                oneShot: data.oneShot || false,
+                payload: data.payload || {},
+                target: data.target || { platform: "web", chatId: "dashboard" },
+                createdBy: "web-ui",
+            });
+            res.end(JSON.stringify({ ok: true, job }));
+        }
+        catch (err) {
+            res.statusCode = 400;
+            const error = err instanceof Error ? err.message : "Invalid request";
+            res.end(JSON.stringify({ error }));
+        }
+        return true;
+    }
+    // POST /api/cron/delete — delete a job
+    if (urlPath === "/api/cron/delete" && req.method === "POST") {
+        try {
+            const { id } = JSON.parse(body);
+            const ok = deleteJob(id);
+            res.end(JSON.stringify({ ok }));
+        }
+        catch {
+            res.statusCode = 400;
+            res.end(JSON.stringify({ error: "Invalid request" }));
+        }
+        return true;
+    }
+    // POST /api/cron/update — update job fields (schedule, name, oneShot)
+    if (urlPath === "/api/cron/update" && req.method === "POST") {
+        try {
+            const { id, ...updates } = JSON.parse(body);
+            if (!id) {
+                res.statusCode = 400;
+                res.end(JSON.stringify({ error: "id required" }));
+                return true;
+            }
+            // Only allow safe fields
+            const allowed = {};
+            if (updates.schedule !== undefined)
+                allowed.schedule = updates.schedule;
+            if (updates.name !== undefined)
+                allowed.name = updates.name;
+            if (updates.oneShot !== undefined)
+                allowed.oneShot = updates.oneShot;
+            const job = updateJob(id, allowed);
+            if (!job) {
+                res.statusCode = 404;
+                res.end(JSON.stringify({ error: "Job not found" }));
+                return true;
+            }
+            res.end(JSON.stringify({ ok: true, job }));
+        }
+        catch (err) {
+            res.statusCode = 400;
+            const error = err instanceof Error ? err.message : "Invalid request";
+            res.end(JSON.stringify({ error }));
+        }
+        return true;
+    }
+    // POST /api/cron/toggle — enable/disable a job
+    if (urlPath === "/api/cron/toggle" && req.method === "POST") {
+        try {
+            const { id } = JSON.parse(body);
+            const job = toggleJob(id);
+            res.end(JSON.stringify({ ok: !!job, job }));
+        }
+        catch {
+            res.statusCode = 400;
+            res.end(JSON.stringify({ error: "Invalid request" }));
+        }
+        return true;
+    }
+    // POST /api/cron/run — run a job immediately
+    if (urlPath === "/api/cron/run" && req.method === "POST") {
+        try {
+            const { id } = JSON.parse(body);
+            const result = await (runJobNow(id) || Promise.resolve({ output: "", error: "Job not found" }));
+            res.end(JSON.stringify(result));
+        }
+        catch (err) {
+            const error = err instanceof Error ? err.message : String(err);
+            res.end(JSON.stringify({ error }));
+        }
+        return true;
+    }
+    // ── Platform Connection Status ─────────────────────────
+    // GET /api/platforms/status — live connection status for all platforms
+    if (urlPath === "/api/platforms/status") {
+        const statuses = {};
+        // Telegram
+        try {
+            const { getTelegramState } = await import("../platforms/telegram.js");
+            statuses.telegram = getTelegramState();
+        }
+        catch {
+            statuses.telegram = { status: !!process.env.BOT_TOKEN ? "unknown" : "not_configured" };
+        }
+        // Discord
+        try {
+            const { getDiscordState } = await import("../platforms/discord.js");
+            statuses.discord = getDiscordState();
+        }
+        catch {
+            statuses.discord = { status: !!process.env.DISCORD_TOKEN ? "unknown" : "not_configured" };
+        }
+        // WhatsApp
+        try {
+            const { getWhatsAppState } = await import("../platforms/whatsapp.js");
+            statuses.whatsapp = getWhatsAppState();
+        }
+        catch {
+            statuses.whatsapp = { status: process.env.WHATSAPP_ENABLED === "true" ? "unknown" : "not_configured" };
+        }
+        // Signal
+        try {
+            const { getSignalState } = await import("../platforms/signal.js");
+            statuses.signal = getSignalState();
+        }
+        catch {
+            statuses.signal = { status: !!process.env.SIGNAL_API_URL ? "unknown" : "not_configured" };
+        }
+        res.end(JSON.stringify(statuses));
+        return true;
+    }
+    // GET /api/whatsapp/status — WhatsApp-specific (QR code needs its own endpoint)
+    if (urlPath === "/api/whatsapp/status") {
+        try {
+            const { getWhatsAppState } = await import("../platforms/whatsapp.js");
+            const state = getWhatsAppState();
+            res.end(JSON.stringify(state));
+        }
+        catch {
+            res.end(JSON.stringify({ status: "disconnected", qrString: null, error: "WhatsApp adapter not loaded" }));
+        }
+        return true;
+    }
+    // POST /api/whatsapp/disconnect — clear auth and disconnect
+    if (urlPath === "/api/whatsapp/disconnect" && req.method === "POST") {
+        try {
+            const authDir = WHATSAPP_AUTH;
+            if (fs.existsSync(authDir)) {
+                fs.rmSync(authDir, { recursive: true });
+            }
+            res.end(JSON.stringify({ ok: true, note: "Auth data cleared. Restart required for new connection." }));
+        }
+        catch (err) {
+            const error = err instanceof Error ? err.message : String(err);
+            res.end(JSON.stringify({ ok: false, error }));
+        }
+        return true;
+    }
+    // POST /api/platforms/test-connection — test a specific platform
+    if (urlPath === "/api/platforms/test-connection" && req.method === "POST") {
+        try {
+            const { platformId } = JSON.parse(body);
+            if (platformId === "telegram") {
+                const token = process.env.BOT_TOKEN;
+                if (!token) {
+                    res.end(JSON.stringify({ ok: false, error: "BOT_TOKEN not set" }));
+                    return true;
+                }
+                const apiRes = await fetch(`https://api.telegram.org/bot${token}/getMe`);
+                const data = await apiRes.json();
+                if (data.ok) {
+                    res.end(JSON.stringify({ ok: true, info: `@${data.result.username} (${data.result.first_name})` }));
+                }
+                else {
+                    res.end(JSON.stringify({ ok: false, error: data.description || "Invalid token" }));
+                }
+                return true;
+            }
+            if (platformId === "discord") {
+                const token = process.env.DISCORD_TOKEN;
+                if (!token) {
+                    res.end(JSON.stringify({ ok: false, error: "DISCORD_TOKEN not set" }));
+                    return true;
+                }
+                const apiRes = await fetch("https://discord.com/api/v10/users/@me", {
+                    headers: { Authorization: `Bot ${token}` },
+                });
+                const data = await apiRes.json();
+                if (data.id) {
+                    res.end(JSON.stringify({ ok: true, info: `${data.username}#${data.discriminator || '0'} (ID: ${data.id})` }));
+                }
+                else {
+                    res.end(JSON.stringify({ ok: false, error: data.message || "Invalid token" }));
+                }
+                return true;
+            }
+            if (platformId === "signal") {
+                const apiUrl = process.env.SIGNAL_API_URL;
+                if (!apiUrl) {
+                    res.end(JSON.stringify({ ok: false, error: "SIGNAL_API_URL not set" }));
+                    return true;
+                }
+                const apiRes = await fetch(`${apiUrl.replace(/\/$/, '')}/v1/about`);
+                if (apiRes.ok) {
+                    const data = await apiRes.json();
+                    res.end(JSON.stringify({ ok: true, info: `signal-cli API v${data.version || '?'} reachable` }));
+                }
+                else {
+                    res.end(JSON.stringify({ ok: false, error: `API responded with ${apiRes.status}` }));
+                }
+                return true;
+            }
+            if (platformId === "whatsapp") {
+                try {
+                    const { getWhatsAppState } = await import("../platforms/whatsapp.js");
+                    const state = getWhatsAppState();
+                    res.end(JSON.stringify({ ok: state.status === "connected", info: `Status: ${state.status}` }));
+                }
+                catch {
+                    res.end(JSON.stringify({ ok: false, error: "WhatsApp adapter not loaded" }));
+                }
+                return true;
+            }
+            res.end(JSON.stringify({ ok: false, error: "Unknown platform" }));
+        }
+        catch (err) {
+            const error = err instanceof Error ? err.message : String(err);
+            res.end(JSON.stringify({ ok: false, error }));
+        }
+        return true;
+    }
+    return false; // Not handled
+}
+// ── Helpers ─────────────────────────────────────────────
+function maskSecret(value) {
+    if (value.length <= 8)
+        return "****";
+    return value.slice(0, 4) + "..." + value.slice(-4);
+}
+function checkNpmDeps(packages) {
+    const nodeModules = resolve(BOT_ROOT, "node_modules");
+    return packages.every(pkg => {
+        try {
+            return fs.existsSync(resolve(nodeModules, pkg.split("/")[0]));
+        }
+        catch {
+            return false;
+        }
+    });
+}
+async function testApiKey(providerId, apiKey) {
+    try {
+        const provider = PROVIDERS.find(p => p.id === providerId);
+        if (!provider)
+            return { ok: false, error: "Unknown provider" };
+        // Use stored key if requested (input was empty but key already configured)
+        // Skip for providers that don't use API keys (e.g. claude-sdk uses CLI auth)
+        if (apiKey === "__USE_STORED__") {
+            if (providerId === "claude-sdk" || providerId === "ollama") {
+                apiKey = ""; // These don't need keys — test will check CLI/service availability
+            }
+            else {
+                const envKey = provider.envKey;
+                const storedKey = envKey ? process.env[envKey] : undefined;
+                if (!storedKey)
+                    return { ok: false, error: "No stored key available" };
+                apiKey = storedKey;
+            }
+        }
+        switch (providerId) {
+            case "openai": {
+                const r = await fetch("https://api.openai.com/v1/models", { headers: { Authorization: `Bearer ${apiKey}` } });
+                if (!r.ok)
+                    return { ok: false, error: `HTTP ${r.status}: ${await r.text()}` };
+                return { ok: true, model: "gpt-4o" };
+            }
+            case "google": {
+                const r = await fetch(`https://generativelanguage.googleapis.com/v1beta/models?key=${apiKey}`);
+                if (!r.ok)
+                    return { ok: false, error: `HTTP ${r.status}: ${await r.text()}` };
+                return { ok: true, model: "gemini-2.5-pro" };
+            }
+            case "nvidia": {
+                const r = await fetch("https://integrate.api.nvidia.com/v1/models", { headers: { Authorization: `Bearer ${apiKey}` } });
+                if (!r.ok)
+                    return { ok: false, error: `HTTP ${r.status}: ${await r.text()}` };
+                return { ok: true, model: "meta/llama-3.3-70b-instruct" };
+            }
+            case "openrouter": {
+                const r = await fetch("https://openrouter.ai/api/v1/models", { headers: { Authorization: `Bearer ${apiKey}` } });
+                if (!r.ok)
+                    return { ok: false, error: `HTTP ${r.status}: ${await r.text()}` };
+                return { ok: true, model: "anthropic/claude-sonnet-4" };
+            }
+            case "groq": {
+                const r = await fetch("https://api.groq.com/openai/v1/models", { headers: { Authorization: `Bearer ${apiKey}` } });
+                if (!r.ok)
+                    return { ok: false, error: `HTTP ${r.status}: ${await r.text()}` };
+                return { ok: true, model: "llama-3.3-70b-versatile" };
+            }
+            case "claude-sdk": {
+                // Claude SDK uses CLI auth, not an API key — check if CLI is available
+                const { execSync } = await import("child_process");
+                try {
+                    execSync("claude --version", { timeout: 5000, stdio: "pipe" });
+                    return { ok: true, model: "claude-opus-4-6" };
+                }
+                catch {
+                    return { ok: false, error: "Claude CLI not installed or not logged in" };
+                }
+            }
+            case "anthropic": {
+                // Anthropic API via OpenAI-compatible endpoint
+                const r = await fetch("https://api.anthropic.com/v1/models", {
+                    headers: { "x-api-key": apiKey, "anthropic-version": "2023-06-01" },
+                });
+                if (!r.ok)
+                    return { ok: false, error: `HTTP ${r.status}: ${(await r.text()).substring(0, 200)}` };
+                return { ok: true, model: "claude-sonnet-4" };
+            }
+            default:
+                return { ok: false, error: "Key test not available for this provider" };
+        }
+    }
+    catch (err) {
+        return { ok: false, error: err instanceof Error ? err.message : String(err) };
+    }
+}
+async function fetchLiveModels(providerId) {
+    const env = process.env;
+    switch (providerId) {
+        case "anthropic": {
+            const key = env.ANTHROPIC_API_KEY;
+            if (!key)
+                return [];
+            const r = await fetch("https://api.anthropic.com/v1/models", {
+                headers: { "x-api-key": key, "anthropic-version": "2023-06-01" },
+            });
+            if (!r.ok)
+                return [];
+            const data = await r.json();
+            return (data.data || [])
+                .filter((m) => m.id && !m.id.includes("pdfs"))
+                .map((m) => ({ id: m.id, name: m.display_name || m.id, owned_by: "anthropic" }))
+                .sort((a, b) => a.id.localeCompare(b.id));
+        }
+        case "openai": {
+            const key = env.OPENAI_API_KEY;
+            if (!key)
+                return [];
+            const r = await fetch("https://api.openai.com/v1/models", {
+                headers: { Authorization: `Bearer ${key}` },
+            });
+            if (!r.ok)
+                return [];
+            const data = await r.json();
+            // Filter to chat-relevant models only
+            const chatPrefixes = ["gpt-4", "gpt-3.5", "o1", "o3", "o4", "chatgpt"];
+            return (data.data || [])
+                .filter((m) => chatPrefixes.some(p => m.id.startsWith(p)))
+                .map((m) => ({ id: m.id, name: m.id, owned_by: m.owned_by || "openai" }))
+                .sort((a, b) => a.id.localeCompare(b.id));
+        }
+        case "google": {
+            const key = env.GOOGLE_API_KEY;
+            if (!key)
+                return [];
+            const r = await fetch(`https://generativelanguage.googleapis.com/v1beta/models?key=${key}`);
+            if (!r.ok)
+                return [];
+            const data = await r.json();
+            return (data.models || [])
+                .filter((m) => m.name && m.supportedGenerationMethods?.includes("generateContent"))
+                .map((m) => ({
+                id: m.name.replace("models/", ""),
+                name: m.displayName || m.name.replace("models/", ""),
+                owned_by: "google",
+            }))
+                .sort((a, b) => a.id.localeCompare(b.id));
+        }
+        case "groq": {
+            const key = env.GROQ_API_KEY;
+            if (!key)
+                return [];
+            const r = await fetch("https://api.groq.com/openai/v1/models", {
+                headers: { Authorization: `Bearer ${key}` },
+            });
+            if (!r.ok)
+                return [];
+            const data = await r.json();
+            return (data.data || [])
+                .filter((m) => m.id && m.active !== false)
+                .map((m) => ({ id: m.id, name: m.id, owned_by: m.owned_by || "groq" }))
+                .sort((a, b) => a.id.localeCompare(b.id));
+        }
+        case "nvidia": {
+            const key = env.NVIDIA_API_KEY;
+            if (!key)
+                return [];
+            const r = await fetch("https://integrate.api.nvidia.com/v1/models", {
+                headers: { Authorization: `Bearer ${key}` },
+            });
+            if (!r.ok)
+                return [];
+            const data = await r.json();
+            return (data.data || [])
+                .map((m) => ({ id: m.id, name: m.id, owned_by: m.owned_by || "nvidia" }))
+                .sort((a, b) => a.id.localeCompare(b.id));
+        }
+        case "openrouter": {
+            const key = env.OPENROUTER_API_KEY;
+            if (!key)
+                return [];
+            const r = await fetch("https://openrouter.ai/api/v1/models", {
+                headers: { Authorization: `Bearer ${key}` },
+            });
+            if (!r.ok)
+                return [];
+            const data = await r.json();
+            return (data.data || [])
+                .slice(0, 100) // OpenRouter has 200+ models, limit display
+                .map((m) => ({ id: m.id, name: m.name || m.id, owned_by: "openrouter" }))
+                .sort((a, b) => a.id.localeCompare(b.id));
+        }
+        default:
+            return [];
+    }
+}