botschat 0.1.6 → 0.1.8

package/packages/web/dist/index.html

@@ -28,8 +28,8 @@
     <link href="https://fonts.googleapis.com/css2?family=Lato:wght@400;700&family=Noto+Sans+SC:wght@400;700&display=swap" rel="stylesheet" />
 
     <title>BotsChat</title>
-    <script type="module" crossorigin src="/assets/index-Da18EnTa.js"></script>
-    <link rel="stylesheet" crossorigin href="/assets/index-BST9bfvT.css">
+    <script type="module" crossorigin src="/assets/index-C-FpELeN.js"></script>
+    <link rel="stylesheet" crossorigin href="/assets/index-B1sFqYiM.css">
   </head>
   <body>
     <div id="root"></div>

package/packages/web/package.json

@@ -11,6 +11,7 @@
   "dependencies": {
     "@tailwindcss/typography": "^0.5.19",
     "firebase": "^12.9.0",
+    "e2e-crypto": "*",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "react-markdown": "^10.1.0",

package/packages/web/src/App.tsx

@@ -20,6 +20,7 @@ import { JobList } from "./components/JobList";
 import { LoginPage } from "./components/LoginPage";
 import { OnboardingPage } from "./components/OnboardingPage";
 import { ConnectionSettings } from "./components/ConnectionSettings";
+import { E2ESettings } from "./components/E2ESettings";
 import { DebugLogPanel } from "./components/DebugLogPanel";
 import { CronSidebar } from "./components/CronSidebar";
 import { CronDetail } from "./components/CronDetail";
@@ -27,6 +28,8 @@ import { ResizeHandle } from "./components/ResizeHandle";
 import { useIsMobile } from "./hooks/useIsMobile";
 import { MobileLayout } from "./components/MobileLayout";
 import { dlog } from "./debug-log";
+import { E2eService } from "./e2e";
+import { gtagPageView } from "./analytics";
 
 export default function App() {
   const [state, dispatch] = useReducer(appReducer, initialState, (init): AppState => {
@@ -44,11 +47,17 @@ export default function App() {
   const creatingGeneralRef = useRef(false);
 
   const [showSettings, setShowSettings] = useState(false);
-  const [settingsTab, setSettingsTab] = useState<"general" | "connection">("general");
+  const [settingsTab, setSettingsTab] = useState<"general" | "connection" | "security">("general");
 
   // Track whether the initial channels fetch has completed (prevents onboarding flash)
   const [channelsLoadedOnce, setChannelsLoadedOnce] = useState(false);
 
+  // Track E2E key readiness — when key becomes available, re-decrypt messages
+  const [e2eReady, setE2eReady] = useState(E2eService.hasKey());
+  useEffect(() => {
+    return E2eService.subscribe(() => setE2eReady(E2eService.hasKey()));
+  }, []);
+
   // Responsive layout hooks (must be called unconditionally)
   const isMobile = useIsMobile();
   const mainLayout = useDefaultLayout({ id: "botschat-main" });
@@ -85,6 +94,11 @@ export default function App() {
     localStorage.setItem("botschat_active_view", state.activeView);
   }, [state.activeView]);
 
+  // Google Analytics: track virtual page views for SPA tabs
+  useEffect(() => {
+    gtagPageView(state.activeView);
+  }, [state.activeView]);
+
   // Persist selected cron task for automations view
   useEffect(() => {
     if (state.selectedCronTaskId) {
@@ -116,9 +130,7 @@ export default function App() {
         .then((user) => {
           dlog.info("Auth", `Logged in as ${user.email} (${user.id})`);
           dispatch({ type: "SET_USER", user });
-          if (user.settings?.defaultModel) {
-            dispatch({ type: "SET_DEFAULT_MODEL", model: user.settings.defaultModel });
-          }
+          // defaultModel comes from plugin via connection.status, not from user.settings
         })
         .catch((err) => {
           dlog.warn("Auth", `Auto-login failed: ${err}`);
@@ -361,18 +373,35 @@ export default function App() {
     let stale = false;
     messagesApi
       .list(state.user.id, state.selectedSessionKey)
-      .then(({ messages, replyCounts }) => {
+      .then(async ({ messages, replyCounts }) => {
         // Guard against stale responses when the user rapidly switches channels:
         // the cleanup function sets `stale = true` before the new effect runs.
-        if (!stale) {
-          dispatch({ type: "SET_MESSAGES", messages, replyCounts });
-        }
+        if (stale) return;
+
+        // Decrypt history if possible
+        const decryptedMessages = await Promise.all(messages.map(async (m) => {
+            if (m.encrypted && E2eService.hasKey()) {
+                try {
+                    // Use message ID as context ID (nonce source)
+                     const plaintext = await E2eService.decrypt(m.text, m.id);
+                     return { ...m, text: plaintext, isEncryptedLocked: false };
+                } catch (err) {
+                    console.warn(`Failed to decrypt message ${m.id}`, err);
+                    return { ...m, isEncryptedLocked: true };
+                }
+            } else if (m.encrypted) {
+                return { ...m, isEncryptedLocked: true };
+            }
+            return m;
+        }));
+
+        dispatch({ type: "SET_MESSAGES", messages: decryptedMessages as ChatMessage[], replyCounts });
       })
       .catch((err) => {
         console.error("Failed to load message history:", err);
       });
     return () => { stale = true; };
-  }, [state.user, state.selectedSessionKey]);
+  }, [state.user, state.selectedSessionKey, e2eReady]);
 
   // Keep a ref to state for use in WS handler (avoids stale closures)
   const stateRef = useRef(state);
@@ -940,6 +969,17 @@ export default function App() {
                 >
                   Connection
                 </button>
+                <button
+                  className="pb-2 text-caption font-bold transition-colors"
+                  style={{
+                    color: settingsTab === "security" ? "var(--text-primary)" : "var(--text-muted)",
+                    borderBottom: settingsTab === "security" ? "2px solid var(--bg-active)" : "2px solid transparent",
+                    marginBottom: "-1px",
+                  }}
+                  onClick={() => setSettingsTab("security")}
+                >
+                  Security
+                </button>
               </div>
 
               {/* Tab content — scrollable */}
@@ -987,6 +1027,10 @@ export default function App() {
                 {settingsTab === "connection" && (
                   <ConnectionSettings />
                 )}
+
+                {settingsTab === "security" && (
+                  <E2ESettings />
+                )}
               </div>
 
               <div

package/packages/web/src/analytics.ts

@@ -0,0 +1,57 @@
+/**
+ * Google Analytics (GA4). Only loads when VITE_GA_MEASUREMENT_ID is set (e.g. in .env.production).
+ * Set VITE_GA_MEASUREMENT_ID to your GA4 Measurement ID (e.g. G-XXXXXXXXXX) to enable.
+ */
+
+declare global {
+  interface Window {
+    dataLayer: unknown[];
+    gtag?: (...args: unknown[]) => void;
+  }
+}
+
+const MEASUREMENT_ID = import.meta.env.VITE_GA_MEASUREMENT_ID as string | undefined;
+
+function loadGtag(): boolean {
+  if (!MEASUREMENT_ID || typeof window === "undefined") return false;
+  if (window.gtag) return true;
+
+  window.dataLayer = window.dataLayer || [];
+  window.gtag = function gtag() {
+    window.dataLayer.push(arguments);
+  };
+  window.gtag("js", new Date());
+  window.gtag("config", MEASUREMENT_ID);
+
+  const script = document.createElement("script");
+  script.async = true;
+  script.src = `https://www.googletagmanager.com/gtag/js?id=${MEASUREMENT_ID}`;
+  document.head.appendChild(script);
+  return true;
+}
+
+let initialized = false;
+
+export function initAnalytics(): void {
+  if (initialized) return;
+  initialized = loadGtag();
+}
+
+export function isAnalyticsEnabled(): boolean {
+  return initialized && !!window.gtag;
+}
+
+/**
+ * Send a page_view or custom event to GA4. Use after route/view changes in the SPA.
+ */
+export function gtagEvent(name: string, params?: Record<string, string>): void {
+  if (!MEASUREMENT_ID || !window.gtag) return;
+  window.gtag("event", name, params);
+}
+
+/**
+ * Track a virtual page view (e.g. "Messages" / "Automations" tab).
+ */
+export function gtagPageView(page: string): void {
+  gtagEvent("page_view", { page_path: `/${page}`, page_title: page });
+}

package/packages/web/src/api.ts

@@ -227,6 +227,8 @@ export type TaskScanEntry = {
   instructions: string;
   model: string;
   enabled: boolean;
+  encrypted?: boolean;
+  iv?: string;
 };
 
 export const tasksApi = {
@@ -258,6 +260,7 @@ export type Job = {
   durationMs: number | null;
   summary: string;
   time: string;
+  encrypted?: boolean;
 };
 
 export const jobsApi = {
@@ -276,6 +279,7 @@ export type MessageRecord = {
   mediaUrl?: string;
   a2ui?: string;
   threadId?: string;
+  encrypted?: boolean;
 };
 
 export const messagesApi = {

package/packages/web/src/components/ConnectionSettings.tsx

@@ -2,6 +2,7 @@ import React, { useState, useEffect, useCallback } from "react";
 import { pairingApi, setupApi, type PairingToken } from "../api";
 import { useAppState } from "../store";
 import { dlog } from "../debug-log";
+import { E2eService } from "../e2e";
 
 /** Clipboard copy button with feedback */
 function CopyButton({ text }: { text: string }) {
@@ -168,10 +169,11 @@ export function ConnectionSettings() {
   // We never display full token values from the GET list (security: they are masked).
   const commandToken = freshToken?.token ?? null;
 
+  const e2ePwd = E2eService.getPassword();
   const setupCommand = commandToken
     ? `openclaw plugins install @botschat/botschat && \\
 openclaw config set channels.botschat.cloudUrl ${cloudUrl} && \\
-openclaw config set channels.botschat.pairingToken ${commandToken} && \\
+openclaw config set channels.botschat.pairingToken ${commandToken} && \\${e2ePwd ? `\nopenclaw config set channels.botschat.e2ePassword "${e2ePwd}" && \\` : ""}
 openclaw config set channels.botschat.enabled true && \\
 openclaw gateway restart`
     : null;

package/packages/web/src/components/E2ESettings.tsx

@@ -0,0 +1,146 @@
+import React, { useEffect, useState } from "react";
+import { E2eService } from "../e2e";
+import { AppStateContext } from "../store";
+
+export function E2ESettings() {
+  const { user } = React.useContext(AppStateContext);
+  const [hasKey, setHasKey] = useState(E2eService.hasKey());
+  const [password, setPassword] = useState("");
+  const [remember, setRemember] = useState(false);
+  const [busy, setBusy] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+  const [showPassword, setShowPassword] = useState(false);
+
+  // Subscribe to E2eService changes
+  useEffect(() => {
+    return E2eService.subscribe(() => {
+      setHasKey(E2eService.hasKey());
+    });
+  }, []);
+
+  const handleUnlock = async () => {
+    if (!password || !user) return;
+    setBusy(true);
+    setError(null);
+    try {
+      await E2eService.setPassword(password, user.id, remember);
+      setPassword(""); // Clear input on success
+    } catch (err) {
+      setError("Failed to set password. check logs.");
+    } finally {
+      setBusy(false);
+    }
+  };
+
+  const handleLock = () => {
+    E2eService.clear();
+  };
+
+  return (
+    <div className="space-y-6">
+      <div>
+        <h3 className="text-h3 font-bold mb-2" style={{ color: "var(--text-primary)" }}>
+          End-to-End Encryption
+        </h3>
+        <p className="text-body" style={{ color: "var(--text-muted)" }}>
+          Your messages and tasks are encrypted before leaving your device.
+          Only your device (with this password) can decrypt them.
+        </p>
+      </div>
+
+      <div className="p-4 rounded-md border" style={{ borderColor: "var(--border)", background: hasKey ? "rgba(0, 255, 0, 0.05)" : "rgba(255, 0, 0, 0.05)" }}>
+        <div className="flex items-center justify-between mb-4">
+          <span className="font-bold flex items-center gap-2" style={{ color: hasKey ? "var(--success)" : "var(--error)" }}>
+             {hasKey ? (
+                 <>
+                   <svg className="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor"><path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z" /></svg>
+                   Active (Unlocked)
+                 </>
+             ) : (
+                 <>
+                   <svg className="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor"><path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M8 11V7a4 4 0 118 0m-4 8v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2z" /></svg>
+                   Inactive (Locked)
+                 </>
+             )}
+          </span>
+          {hasKey && (
+              <button onClick={handleLock} className="text-caption font-bold hover:underline" style={{ color: "var(--accent-red, #e53e3e)" }}>
+                  Lock / Clear Key
+              </button>
+          )}
+        </div>
+
+        {!hasKey && (
+            <div className="space-y-4">
+                <div>
+                    <label className="block text-caption font-bold mb-1" style={{ color: "var(--text-secondary)" }}>E2E Password</label>
+                    <div className="relative">
+                        <input 
+                            type={showPassword ? "text" : "password"}
+                            value={password}
+                            onChange={e => setPassword(e.target.value)}
+                            className="w-full px-3 py-2 pr-10 rounded border"
+                            style={{ background: "var(--bg-input)", borderColor: "var(--border)", color: "var(--text-primary)" }}
+                            placeholder="Enter your encryption password"
+                        />
+                        <button
+                            type="button"
+                            onClick={() => setShowPassword(!showPassword)}
+                            className="absolute right-2 top-1/2 -translate-y-1/2 p-1"
+                            style={{ color: "var(--text-muted)" }}
+                            tabIndex={-1}
+                        >
+                            {showPassword ? (
+                                <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round">
+                                    <path d="M17.94 17.94A10.07 10.07 0 0 1 12 20c-7 0-11-8-11-8a18.45 18.45 0 0 1 5.06-5.94"/>
+                                    <path d="M9.9 4.24A9.12 9.12 0 0 1 12 4c7 0 11 8 11 8a18.5 18.5 0 0 1-2.16 3.19"/>
+                                    <path d="M14.12 14.12a3 3 0 1 1-4.24-4.24"/>
+                                    <line x1="1" y1="1" x2="23" y2="23"/>
+                                </svg>
+                            ) : (
+                                <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round">
+                                    <path d="M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z"/>
+                                    <circle cx="12" cy="12" r="3"/>
+                                </svg>
+                            )}
+                        </button>
+                    </div>
+                </div>
+                
+                <div className="flex items-center gap-2">
+                    <input 
+                        type="checkbox" 
+                        id="remember-e2e"
+                        checked={remember}
+                        onChange={e => setRemember(e.target.checked)}
+                    />
+                    <label htmlFor="remember-e2e" className="text-caption" style={{ color: "var(--text-secondary)" }}>
+                        Remember on this device
+                    </label>
+                </div>
+
+                {error && <p className="text-caption text-red-500">{error}</p>}
+
+                <button 
+                    onClick={handleUnlock}
+                    disabled={!password || busy}
+                    className="px-4 py-2 rounded font-bold w-full"
+                    style={{ background: "var(--bg-active, #6366f1)", color: "#fff", opacity: (!password || busy) ? 0.5 : 1 }}
+                >
+                    {busy ? "Deriving Key..." : "Unlock / Set Password"}
+                </button>
+            </div>
+        )}
+      </div>
+
+      <div className="text-caption" style={{ color: "var(--text-muted)" }}>
+          <p className="font-bold text-red-400 mb-1">Warning:</p>
+          <ul className="list-disc ml-5 space-y-1">
+              <li>If you lose this password, your encrypted history is lost forever.</li>
+              <li>We do not store this password on our servers.</li>
+              <li>You must use the same password on all devices to access your history.</li>
+          </ul>
+      </div>
+    </div>
+  );
+}

package/packages/web/src/components/IconRail.tsx

@@ -40,22 +40,11 @@ export function IconRail({ onToggleTheme, onOpenSettings, theme }: IconRailProps
         className="w-8 h-8 rounded-lg flex items-center justify-center overflow-hidden hover:rounded-xl transition-all"
         title="BotsChat"
       >
-        <img src="/botschat-logo.png" alt="BotsChat" className="w-8 h-8" />
+        <img src="/botschat-logo.png" alt="BotsChat" className={`w-8 h-8 ${theme === "dark" ? "invert" : ""}`} />
       </button>
 
       <div className="w-7 border-t my-1" style={{ borderColor: "var(--sidebar-divider)" }} />
 
-      {/* Home */}
-      <RailIcon
-        label="Home"
-        active={false}
-        icon={
-          <svg className="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor" strokeWidth={1.5}>
-            <path strokeLinecap="round" strokeLinejoin="round" d="M2.25 12l8.954-8.955a1.126 1.126 0 011.591 0L21.75 12M4.5 9.75v10.125c0 .621.504 1.125 1.125 1.125H9.75v-4.875c0-.621.504-1.125 1.125-1.125h2.25c.621 0 1.125.504 1.125 1.125V21h4.125c.621 0 1.125-.504 1.125-1.125V9.75M8.25 21h8.25" />
-          </svg>
-        }
-      />
-
       {/* Messages */}
       <RailIcon
         label="Messages"

package/packages/web/src/components/LoginPage.tsx

@@ -49,6 +49,8 @@ export function LoginPage() {
   }, [firebaseEnabled]);
 
   const emailEnabled = authConfig?.emailEnabled ?? true;
+  const configLoaded = authConfig !== null;
+  const hasAnyLoginMethod = configLoaded && (firebaseEnabled || emailEnabled);
 
   const handleAuthSuccess = (res: { id: string; email: string; displayName?: string; token: string; refreshToken?: string }) => {
     setToken(res.token);
@@ -148,8 +150,22 @@ export function LoginPage() {
               : "Sign in"}
           </h2>
 
+          {/* Loading: avoid showing empty card on first paint before config is loaded */}
+          {!configLoaded && (
+            <div className="py-8 text-center" style={{ color: "var(--text-muted)" }}>
+              <span className="text-body">Loading sign-in options…</span>
+            </div>
+          )}
+
+          {/* No methods available (e.g. misconfiguration) */}
+          {configLoaded && !hasAnyLoginMethod && (
+            <div className="py-4 text-caption" style={{ color: "var(--text-secondary)" }}>
+              Sign-in is not configured. Please contact support.
+            </div>
+          )}
+
           {/* OAuth buttons */}
-          {firebaseEnabled && (
+          {configLoaded && firebaseEnabled && (
             <>
               <div className="space-y-3">
                 {/* Google */}
@@ -198,7 +214,7 @@ export function LoginPage() {
               </div>
 
               {/* Divider — only show if email login is also available */}
-              {emailEnabled && (
+              {configLoaded && emailEnabled && (
                 <div className="flex items-center gap-3 my-5">
                   <div className="flex-1 h-px" style={{ background: "var(--border)" }} />
                   <span className="text-caption" style={{ color: "var(--text-muted)" }}>
@@ -221,7 +237,7 @@ export function LoginPage() {
           )}
 
           {/* Email/password form — only in local/dev mode */}
-          {emailEnabled && (
+          {configLoaded && emailEnabled && (
             <>
               <form onSubmit={handleSubmit} className="space-y-4">
                 {isRegister && (