apteva 0.4.57 → 0.7.1

package/src/channels/telegram.ts

@@ -1,311 +0,0 @@
-import { Bot } from "grammy";
-import { AgentDB, ChannelDB } from "../db";
-import { decryptObject } from "../crypto";
-import { agentFetch } from "../routes/api/agent-utils";
-
-interface TelegramConfig {
-  botToken: string;
-  allowList?: string[]; // Telegram user IDs allowed to chat
-}
-
-// In-memory map of running bot instances
-const activeBots = new Map<string, Bot>();
-
-export function isChannelActive(channelId: string): boolean {
-  return activeBots.has(channelId);
-}
-
-export async function startTelegramChannel(channelId: string): Promise<{ success: boolean; error?: string }> {
-  // Stop existing if running
-  if (activeBots.has(channelId)) {
-    await stopTelegramChannel(channelId);
-  }
-
-  const channel = ChannelDB.findById(channelId);
-  if (!channel) return { success: false, error: "Channel not found" };
-
-  let config: TelegramConfig;
-  try {
-    config = decryptObject(channel.config) as unknown as TelegramConfig;
-  } catch {
-    ChannelDB.setStatus(channelId, "error", "Failed to decrypt config");
-    return { success: false, error: "Failed to decrypt config" };
-  }
-
-  if (!config.botToken) {
-    ChannelDB.setStatus(channelId, "error", "Missing bot token");
-    return { success: false, error: "Missing bot token" };
-  }
-
-  const agent = AgentDB.findById(channel.agent_id);
-  if (!agent) {
-    ChannelDB.setStatus(channelId, "error", "Agent not found");
-    return { success: false, error: "Agent not found" };
-  }
-
-  try {
-    const bot = new Bot(config.botToken);
-
-    // /start command
-    bot.command("start", async (ctx) => {
-      await ctx.reply(`Connected to agent: ${agent.name}`);
-    });
-
-    // Handle text messages
-    bot.on("message:text", async (ctx) => {
-      // Access control
-      if (config.allowList?.length) {
-        const senderId = String(ctx.from.id);
-        if (!config.allowList.includes(senderId)) return;
-      }
-
-      // Check agent is running
-      const currentAgent = AgentDB.findById(channel.agent_id);
-      if (!currentAgent || currentAgent.status !== "running" || !currentAgent.port) {
-        await ctx.reply("Agent is not running.");
-        return;
-      }
-
-      // Send typing indicator
-      await ctx.replyWithChatAction("typing");
-
-      try {
-        // Map telegram chat → agent thread
-        const threadId = `telegram-${ctx.chat.id}`;
-
-        // Proxy to agent via agentFetch (same path as web UI chat)
-        const res = await agentFetch(currentAgent.id, currentAgent.port, "/chat", {
-          method: "POST",
-          headers: { "Content-Type": "application/json" },
-          body: JSON.stringify({
-            message: ctx.message.text,
-            thread_id: threadId,
-          }),
-        });
-
-        if (!res.ok) {
-          await ctx.reply("Error: agent returned an error.");
-          return;
-        }
-
-        // Stream response and send messages progressively as segments complete
-        await streamAndSend(res, ctx);
-      } catch (err) {
-        console.error(`[telegram:${channelId}] Message handling error:`, err);
-        await ctx.reply("Error processing your message.");
-      }
-    });
-
-    // Error handler
-    bot.catch((err) => {
-      console.error(`[telegram:${channelId}] Bot error:`, err);
-    });
-
-    // Start long-polling (non-blocking)
-    bot.start({
-      onStart: () => {
-        console.log(`[telegram:${channelId}] Bot started for agent ${agent.name}`);
-      },
-    });
-
-    activeBots.set(channelId, bot);
-    ChannelDB.setStatus(channelId, "running");
-    return { success: true };
-  } catch (err: any) {
-    const errorMsg = err.message || String(err);
-    console.error(`[telegram:${channelId}] Failed to start:`, errorMsg);
-    ChannelDB.setStatus(channelId, "error", errorMsg);
-    return { success: false, error: errorMsg };
-  }
-}
-
-export async function stopTelegramChannel(channelId: string): Promise<void> {
-  const bot = activeBots.get(channelId);
-  if (bot) {
-    try {
-      await bot.stop();
-    } catch {
-      // Ignore stop errors
-    }
-    activeBots.delete(channelId);
-  }
-  ChannelDB.setStatus(channelId, "stopped");
-  console.log(`[telegram:${channelId}] Bot stopped`);
-}
-
-/**
- * Stream SSE response from agent and send Telegram messages progressively.
- * Mirrors the chunk types from apteva-kit's chat component:
- *   content/token → accumulate text, send when a boundary is hit
- *   tool_call → flush pending text, send tool indicator immediately
- *   tool_use, tool_input_delta, tool_result, tool_stream → skipped
- *
- * Messages are sent as soon as each segment completes (tool boundary or end of stream),
- * so the user sees them appear progressively in real-time.
- */
-async function streamAndSend(
-  res: Response,
-  ctx: { reply: (text: string, opts?: any) => Promise<any>; replyWithChatAction: (action: string) => Promise<any> },
-  onActivity?: () => void,
-): Promise<void> {
-  if (!res.body) {
-    await ctx.reply("(No response from agent)");
-    return;
-  }
-
-  const reader = res.body.getReader();
-  const decoder = new TextDecoder();
-  let textBuffer = "";
-  let buffer = "";
-  let messagesSent = 0;
-
-  async function flushText() {
-    const trimmed = textBuffer.trim();
-    if (trimmed) {
-      const chunks = splitMessage(trimmed, 4096);
-      for (const chunk of chunks) {
-        try {
-          await ctx.reply(chunk, { parse_mode: "Markdown" });
-        } catch {
-          await ctx.reply(chunk);
-        }
-        messagesSent++;
-      }
-    }
-    textBuffer = "";
-  }
-
-  // Periodically send typing indicator while streaming
-  const typingInterval = setInterval(() => {
-    ctx.replyWithChatAction("typing").catch(() => {});
-  }, 4000);
-
-  try {
-    while (true) {
-      const { done, value } = await reader.read();
-      if (done) break;
-
-      buffer += decoder.decode(value, { stream: true });
-
-      const lines = buffer.split("\n");
-      buffer = lines.pop() || "";
-
-      for (const line of lines) {
-        if (!line.startsWith("data: ")) continue;
-        const data = line.slice(6).trim();
-        if (data === "[DONE]") continue;
-
-        try {
-          const chunk = JSON.parse(data);
-
-          switch (chunk.type) {
-            // Text content — accumulate
-            case "content":
-            case "token":
-              if (chunk.content) textBuffer += chunk.content;
-              else if (chunk.text) textBuffer += chunk.text;
-              break;
-
-            // Tool starting — flush text immediately, then send tool indicator
-            case "tool_call": {
-              await flushText();
-              const name = chunk.tool_display_name || chunk.tool_name || "tool";
-              try {
-                await ctx.reply(`🔧 _${escapeMarkdown(name)}_`, { parse_mode: "Markdown" });
-              } catch {
-                await ctx.reply(`🔧 ${name}`);
-              }
-              messagesSent++;
-              break;
-            }
-
-            // Thinking — strip, never send to channel
-            case "thinking":
-            case "thinking_delta":
-              break;
-
-            // Intermediate tool events — skip, but signal activity
-            case "tool_input_delta":
-            case "tool_use":
-            case "tool_stream":
-            case "tool_result":
-              onActivity?.();
-              break;
-
-            // Fallback: older SSE formats
-            case "message_delta":
-              if (chunk.delta?.text) textBuffer += chunk.delta.text;
-              break;
-            case "content_block_delta":
-              if (chunk.delta?.text) textBuffer += chunk.delta.text;
-              break;
-
-            default:
-              if (chunk.content && typeof chunk.content === "string") {
-                textBuffer += chunk.content;
-              } else if (typeof chunk.text === "string") {
-                textBuffer += chunk.text;
-              }
-              break;
-          }
-        } catch {
-          if (data && data !== "[DONE]") {
-            textBuffer += data;
-          }
-        }
-      }
-    }
-  } catch {
-    // Stream read error — flush what we have
-  } finally {
-    clearInterval(typingInterval);
-  }
-
-  // Flush remaining text
-  await flushText();
-
-  if (messagesSent === 0) {
-    await ctx.reply("(No response from agent)");
-  }
-}
-
-/**
- * Escape special Markdown characters for Telegram Markdown parse mode.
- */
-function escapeMarkdown(text: string): string {
-  return text.replace(/([_*\[\]()~`>#+\-=|{}.!\\])/g, "\\$1");
-}
-
-/**
- * Split a message into chunks respecting the max length.
- * Tries to split at newlines when possible.
- */
-function splitMessage(text: string, maxLength: number): string[] {
-  if (text.length <= maxLength) return [text];
-
-  const chunks: string[] = [];
-  let remaining = text;
-
-  while (remaining.length > 0) {
-    if (remaining.length <= maxLength) {
-      chunks.push(remaining);
-      break;
-    }
-
-    // Try to find a newline near the limit
-    let splitAt = remaining.lastIndexOf("\n", maxLength);
-    if (splitAt < maxLength * 0.5) {
-      // No good newline found — split at space
-      splitAt = remaining.lastIndexOf(" ", maxLength);
-    }
-    if (splitAt < maxLength * 0.3) {
-      // No good split point — hard split
-      splitAt = maxLength;
-    }
-
-    chunks.push(remaining.slice(0, splitAt));
-    remaining = remaining.slice(splitAt).trimStart();
-  }
-
-  return chunks;
-}

package/src/crypto.ts

@@ -1,301 +0,0 @@
-import { createCipheriv, createDecipheriv, randomBytes, scryptSync, createHash } from "crypto";
-import { hostname, userInfo } from "os";
-import { join } from "path";
-import { existsSync, readFileSync, writeFileSync, mkdirSync } from "fs";
-import { homedir } from "os";
-
-const ALGORITHM = "aes-256-gcm";
-const IV_LENGTH = 16;
-const SALT_LENGTH = 32;
-const TAG_LENGTH = 16;
-const KEY_LENGTH = 32;
-
-// Cache the encryption secret to avoid repeated file reads
-let cachedSecret: string | null = null;
-
-// Get the path for storing the encryption secret
-function getSecretPath(): string {
-  const dataDir = process.env.DATA_DIR || join(homedir(), ".apteva");
-  return join(dataDir, ".encryption-key");
-}
-
-// Get or create a persistent encryption secret
-// This ensures keys can be decrypted after container/app restarts
-function getOrCreateSecret(): string {
-  if (cachedSecret) return cachedSecret;
-
-  const secretPath = getSecretPath();
-
-  // Try to read existing secret
-  if (existsSync(secretPath)) {
-    try {
-      cachedSecret = readFileSync(secretPath, "utf8").trim();
-      if (cachedSecret && cachedSecret.length >= 32) {
-        return cachedSecret;
-      }
-    } catch {
-      // Fall through to create new
-    }
-  }
-
-  // Create new secret and persist it
-  cachedSecret = randomBytes(32).toString("hex");
-  try {
-    const dir = process.env.DATA_DIR || join(homedir(), ".apteva");
-    if (!existsSync(dir)) {
-      mkdirSync(dir, { recursive: true });
-    }
-    writeFileSync(secretPath, cachedSecret, { mode: 0o600 });
-  } catch (err) {
-    console.error("[crypto] Warning: Could not persist encryption key:", err);
-    // Continue with in-memory key - will work for this session but not across restarts
-  }
-
-  return cachedSecret;
-}
-
-// Get a machine-specific identifier for key derivation
-// Now uses a persistent secret instead of volatile machine factors
-function getMachineId(): string {
-  return getOrCreateSecret();
-}
-
-// Derive encryption key from machine ID and salt
-function deriveKey(salt: Buffer): Buffer {
-  const machineId = getMachineId();
-  return scryptSync(machineId, salt, KEY_LENGTH);
-}
-
-// Create a hash hint of the last 4 characters of a key
-export function createKeyHint(key: string): string {
-  if (key.length < 4) return "****";
-  return "..." + key.slice(-4);
-}
-
-/**
- * Encrypt a string value
- * Returns: base64 encoded string containing salt + iv + encrypted + authTag
- */
-export function encrypt(plaintext: string): string {
-  const salt = randomBytes(SALT_LENGTH);
-  const key = deriveKey(salt);
-  const iv = randomBytes(IV_LENGTH);
-
-  const cipher = createCipheriv(ALGORITHM, key, iv);
-  const encrypted = Buffer.concat([
-    cipher.update(plaintext, "utf8"),
-    cipher.final(),
-  ]);
-  const authTag = cipher.getAuthTag();
-
-  // Combine: salt (32) + iv (16) + authTag (16) + encrypted (variable)
-  const combined = Buffer.concat([salt, iv, authTag, encrypted]);
-  return combined.toString("base64");
-}
-
-/**
- * Decrypt a previously encrypted value
- * Input: base64 encoded string from encrypt()
- */
-export function decrypt(encryptedBase64: string): string {
-  const combined = Buffer.from(encryptedBase64, "base64");
-
-  // Extract components
-  const salt = combined.subarray(0, SALT_LENGTH);
-  const iv = combined.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);
-  const authTag = combined.subarray(SALT_LENGTH + IV_LENGTH, SALT_LENGTH + IV_LENGTH + TAG_LENGTH);
-  const encrypted = combined.subarray(SALT_LENGTH + IV_LENGTH + TAG_LENGTH);
-
-  const key = deriveKey(salt);
-
-  const decipher = createDecipheriv(ALGORITHM, key, iv);
-  decipher.setAuthTag(authTag);
-
-  const decrypted = Buffer.concat([
-    decipher.update(encrypted),
-    decipher.final(),
-  ]);
-
-  return decrypted.toString("utf8");
-}
-
-/**
- * Hash a value (one-way, for checking if key changed)
- */
-export function hash(value: string): string {
-  return createHash("sha256").update(value).digest("hex");
-}
-
-/**
- * Validate that a string looks like an API key for a given provider
- */
-export function validateKeyFormat(provider: string, key: string): { valid: boolean; error?: string } {
-  const trimmed = key.trim();
-
-  if (!trimmed) {
-    return { valid: false, error: "API key cannot be empty" };
-  }
-
-  // Local providers use URLs instead of API keys
-  const urlProviders: Record<string, string> = {
-    ollama: "http://localhost:11434",
-    cdp: "ws://localhost:9222",
-    speaches: "http://localhost:8000",
-    whisper_cpp: "http://localhost:8080",
-    kokoro: "http://localhost:8880",
-    piper: "http://localhost:5000",
-    fish_speech: "http://localhost:8180",
-  };
-  if (provider in urlProviders) {
-    if (trimmed.startsWith("http://") || trimmed.startsWith("https://") || trimmed.startsWith("ws://") || trimmed.startsWith("wss://")) {
-      return { valid: true };
-    }
-    return { valid: false, error: `${provider} requires a valid URL (e.g., ${urlProviders[provider]})` };
-  }
-
-  // Multi-field providers store JSON objects — validate the inner api_key
-  if (provider === "browserbase") {
-    try {
-      const parsed = JSON.parse(trimmed);
-      if (parsed.api_key && typeof parsed.api_key === "string") {
-        return { valid: true };
-      }
-    } catch {
-      // Not JSON — treat as plain API key (backwards compat)
-    }
-  }
-
-  // Provider-specific format validation
-  const patterns: Record<string, { pattern: RegExp; example: string }> = {
-    anthropic: {
-      pattern: /^sk-ant-[a-zA-Z0-9_-]+$/,
-      example: "sk-ant-...",
-    },
-    openai: {
-      pattern: /^sk-[a-zA-Z0-9_-]+$/,
-      example: "sk-...",
-    },
-    groq: {
-      pattern: /^gsk_[a-zA-Z0-9_-]+$/,
-      example: "gsk_...",
-    },
-    gemini: {
-      pattern: /^[a-zA-Z0-9_-]+$/,
-      example: "AIza...",
-    },
-    fireworks: {
-      pattern: /^fw_[a-zA-Z0-9_-]+$|^[a-zA-Z0-9_-]+$/,
-      example: "fw_...",
-    },
-    xai: {
-      pattern: /^xai-[a-zA-Z0-9_-]+$|^[a-zA-Z0-9_-]+$/,
-      example: "xai-...",
-    },
-    moonshot: {
-      pattern: /^sk-[a-zA-Z0-9_-]+$|^[a-zA-Z0-9_-]+$/,
-      example: "sk-...",
-    },
-    together: {
-      pattern: /^[a-zA-Z0-9_-]+$/,
-      example: "...",
-    },
-    venice: {
-      pattern: /^[a-zA-Z0-9_-]+$/,
-      example: "...",
-    },
-    cerebras: {
-      pattern: /^csk-[a-zA-Z0-9_-]+$|^[a-zA-Z0-9_-]+$/,
-      example: "csk-...",
-    },
-    // MCP Integrations
-    composio: {
-      pattern: /^[a-zA-Z0-9_-]+$/,
-      example: "...",
-    },
-    smithery: {
-      pattern: /^[a-zA-Z0-9_-]+$/,
-      example: "...",
-    },
-    agentdojo: {
-      pattern: /^(key_)?[a-zA-Z0-9_-]+$/,
-      example: "key_...",
-    },
-    // Voice providers
-    elevenlabs: {
-      pattern: /^[a-zA-Z0-9_-]+$/,
-      example: "sk_...",
-    },
-    deepgram: {
-      pattern: /^[a-zA-Z0-9_-]+$/,
-      example: "...",
-    },
-    // Browser providers
-    browserbase: {
-      pattern: /^bb_[a-zA-Z0-9_-]+$|^[a-zA-Z0-9_-]+$/,
-      example: "bb_live_...",
-    },
-    steel: {
-      pattern: /^steel_[a-zA-Z0-9_-]+$|^[a-zA-Z0-9_-]+$/,
-      example: "steel_...",
-    },
-  };
-
-  const providerPattern = patterns[provider];
-  if (providerPattern && !providerPattern.pattern.test(trimmed)) {
-    return {
-      valid: false,
-      error: `Invalid key format for ${provider}. Expected format: ${providerPattern.example}`,
-    };
-  }
-
-  // Minimum length check
-  if (trimmed.length < 10) {
-    return { valid: false, error: "API key seems too short" };
-  }
-
-  return { valid: true };
-}
-
-/**
- * Encrypt an object (for env vars / credentials)
- * Returns encrypted JSON string
- */
-export function encryptObject(obj: Record<string, string>): string {
-  if (!obj || Object.keys(obj).length === 0) {
-    return "";
-  }
-  return encrypt(JSON.stringify(obj));
-}
-
-/**
- * Decrypt an object (for env vars / credentials)
- * Handles both encrypted and legacy unencrypted JSON
- */
-export function decryptObject(data: string): Record<string, string> {
-  if (!data || data === "{}") {
-    return {};
-  }
-
-  // Check if it looks like encrypted data (base64) or plain JSON
-  if (data.startsWith("{")) {
-    // Plain JSON (legacy unencrypted)
-    try {
-      return JSON.parse(data);
-    } catch {
-      return {};
-    }
-  }
-
-  // Try to decrypt
-  try {
-    const decrypted = decrypt(data);
-    return JSON.parse(decrypted);
-  } catch {
-    // Decryption failed, try parsing as JSON (migration case)
-    try {
-      return JSON.parse(data);
-    } catch {
-      return {};
-    }
-  }
-}