daemora 1.0.0

package/src/safety/SecretVault.js

@@ -0,0 +1,250 @@
+import { createCipheriv, createDecipheriv, randomBytes, scryptSync, createHash } from "crypto";
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
+import { join } from "path";
+import { config } from "../config/default.js";
+import eventBus from "../core/EventBus.js";
+
+/**
+ * Secret Vault — encrypted secret storage.
+ *
+ * All API keys, tokens, and credentials are encrypted at rest using
+ * AES-256-GCM with a user-provided master passphrase.
+ *
+ * Security model:
+ * - User provides a master passphrase during setup
+ * - Passphrase → scrypt → 256-bit key (with per-vault salt)
+ * - Each secret encrypted individually with unique IV
+ * - Even if filesystem is compromised, secrets can't be read without passphrase
+ * - Vault file: data/.vault.enc (encrypted JSON)
+ * - No plaintext API keys anywhere on disk
+ *
+ * Usage:
+ *   vault.unlock("user-passphrase")
+ *   vault.set("OPENAI_API_KEY", "sk-...")
+ *   const key = vault.get("OPENAI_API_KEY")
+ *   vault.lock()
+ */
+
+const VAULT_FILE = ".vault.enc";
+const SALT_FILE = ".vault.salt";
+const ALGORITHM = "aes-256-gcm";
+const SCRYPT_N = 16384;
+const SCRYPT_R = 8;
+const SCRYPT_P = 1;
+const KEY_LENGTH = 32;
+
+class SecretVault {
+  constructor() {
+    this.vaultPath = join(config.dataDir, VAULT_FILE);
+    this.saltPath = join(config.dataDir, SALT_FILE);
+    this.encryptionKey = null;
+    this.secrets = null; // decrypted secrets in memory (only while unlocked)
+    this.unlocked = false;
+  }
+
+  /**
+   * Unlock the vault with a master passphrase.
+   * Must be called before get/set operations.
+   */
+  unlock(passphrase) {
+    if (!passphrase || passphrase.length < 8) {
+      throw new Error("Passphrase must be at least 8 characters");
+    }
+
+    // Get or create salt
+    let salt;
+    if (existsSync(this.saltPath)) {
+      salt = readFileSync(this.saltPath);
+    } else {
+      salt = randomBytes(32);
+      mkdirSync(config.dataDir, { recursive: true });
+      writeFileSync(this.saltPath, salt);
+    }
+
+    // Derive key from passphrase
+    this.encryptionKey = scryptSync(passphrase, salt, KEY_LENGTH, {
+      N: SCRYPT_N,
+      r: SCRYPT_R,
+      p: SCRYPT_P,
+    });
+
+    // Load existing vault or create empty
+    if (existsSync(this.vaultPath)) {
+      try {
+        const encrypted = readFileSync(this.vaultPath, "utf-8");
+        const decrypted = this._decrypt(encrypted);
+        this.secrets = JSON.parse(decrypted);
+      } catch (error) {
+        throw new Error(
+          "Failed to unlock vault. Wrong passphrase or corrupted vault file."
+        );
+      }
+    } else {
+      this.secrets = {};
+    }
+
+    this.unlocked = true;
+    return true;
+  }
+
+  /**
+   * Lock the vault — clear decrypted secrets from memory.
+   */
+  lock() {
+    this.secrets = null;
+    this.encryptionKey = null;
+    this.unlocked = false;
+  }
+
+  /**
+   * Store a secret in the vault.
+   */
+  set(key, value) {
+    this._ensureUnlocked();
+    this.secrets[key] = value;
+    this._save();
+    eventBus.emitEvent("vault:secret_stored", { key });
+    return true;
+  }
+
+  /**
+   * Retrieve a secret from the vault.
+   */
+  get(key) {
+    this._ensureUnlocked();
+    return this.secrets[key] || null;
+  }
+
+  /**
+   * Delete a secret from the vault.
+   */
+  delete(key) {
+    this._ensureUnlocked();
+    delete this.secrets[key];
+    this._save();
+    return true;
+  }
+
+  /**
+   * List all secret keys (NOT values).
+   */
+  list() {
+    this._ensureUnlocked();
+    return Object.keys(this.secrets).map((key) => ({
+      key,
+      length: this.secrets[key]?.length || 0,
+      preview: `${this.secrets[key]?.slice(0, 4)}...`,
+    }));
+  }
+
+  /**
+   * Check if vault exists (has been set up).
+   */
+  exists() {
+    return existsSync(this.vaultPath);
+  }
+
+  /**
+   * Check if vault is unlocked.
+   */
+  isUnlocked() {
+    return this.unlocked;
+  }
+
+  /**
+   * Import secrets from .env file into the vault.
+   * After import, the .env values can be removed.
+   */
+  importFromEnv(envPath) {
+    this._ensureUnlocked();
+
+    if (!existsSync(envPath)) {
+      throw new Error(`.env file not found: ${envPath}`);
+    }
+
+    const content = readFileSync(envPath, "utf-8");
+    const lines = content.split("\n");
+    let imported = 0;
+
+    for (const line of lines) {
+      const trimmed = line.trim();
+      if (!trimmed || trimmed.startsWith("#")) continue;
+
+      const eqIdx = trimmed.indexOf("=");
+      if (eqIdx <= 0) continue;
+
+      const key = trimmed.slice(0, eqIdx).trim();
+      let value = trimmed.slice(eqIdx + 1).trim();
+
+      // Remove surrounding quotes
+      if (
+        (value.startsWith('"') && value.endsWith('"')) ||
+        (value.startsWith("'") && value.endsWith("'"))
+      ) {
+        value = value.slice(1, -1);
+      }
+
+      // Only import non-empty secret-looking values
+      if (value && value.length >= 8) {
+        this.secrets[key] = value;
+        imported++;
+      }
+    }
+
+    this._save();
+    return imported;
+  }
+
+  /**
+   * Get all secrets as environment variables (for process.env injection).
+   */
+  getAsEnv() {
+    this._ensureUnlocked();
+    return { ...this.secrets };
+  }
+
+  // ===== Private methods =====
+
+  _ensureUnlocked() {
+    if (!this.unlocked || !this.secrets) {
+      throw new Error(
+        "Vault is locked. Call vault.unlock(passphrase) first."
+      );
+    }
+  }
+
+  _save() {
+    const json = JSON.stringify(this.secrets);
+    const encrypted = this._encrypt(json);
+    writeFileSync(this.vaultPath, encrypted, "utf-8");
+  }
+
+  _encrypt(plaintext) {
+    const iv = randomBytes(16);
+    const cipher = createCipheriv(ALGORITHM, this.encryptionKey, iv);
+    let encrypted = cipher.update(plaintext, "utf-8", "hex");
+    encrypted += cipher.final("hex");
+    const authTag = cipher.getAuthTag().toString("hex");
+    // Format: iv:authTag:ciphertext
+    return `${iv.toString("hex")}:${authTag}:${encrypted}`;
+  }
+
+  _decrypt(encryptedStr) {
+    const parts = encryptedStr.split(":");
+    if (parts.length !== 3) {
+      throw new Error("Invalid vault format");
+    }
+    const [ivHex, authTagHex, ciphertext] = parts;
+    const iv = Buffer.from(ivHex, "hex");
+    const authTag = Buffer.from(authTagHex, "hex");
+
+    const decipher = createDecipheriv(ALGORITHM, this.encryptionKey, iv);
+    decipher.setAuthTag(authTag);
+    let decrypted = decipher.update(ciphertext, "hex", "utf-8");
+    decrypted += decipher.final("utf-8");
+    return decrypted;
+  }
+}
+
+const secretVault = new SecretVault();
+export default secretVault;

package/src/scheduler/Heartbeat.js

@@ -0,0 +1,115 @@
+import { readFileSync, existsSync } from "fs";
+import { join } from "path";
+import { config } from "../config/default.js";
+import taskQueue from "../core/TaskQueue.js";
+import eventBus from "../core/EventBus.js";
+
+/**
+ * Heartbeat — periodic proactive check.
+ *
+ * Reads HEARTBEAT.md for user-defined checks.
+ * Every N minutes, creates a task: "Check status per HEARTBEAT.md"
+ * If nothing notable → "All clear" (no notification).
+ * If something needs attention → sends result to configured channel.
+ */
+
+class Heartbeat {
+  constructor() {
+    this.timer = null;
+    this.running = false;
+    this.heartbeatPath = join(config.rootDir, "HEARTBEAT.md");
+    this.intervalMinutes = config.heartbeatIntervalMinutes;
+    this.lastCheck = null;
+    this.checkCount = 0;
+  }
+
+  /**
+   * Start the heartbeat.
+   */
+  start() {
+    if (!config.daemonMode) {
+      console.log(`[Heartbeat] Skipped — daemon mode not enabled`);
+      return;
+    }
+
+    if (!existsSync(this.heartbeatPath)) {
+      console.log(`[Heartbeat] No HEARTBEAT.md found — heartbeat disabled`);
+      return;
+    }
+
+    this.running = true;
+    this.timer = setInterval(
+      () => this.check(),
+      this.intervalMinutes * 60 * 1000
+    );
+
+    console.log(
+      `[Heartbeat] Started (every ${this.intervalMinutes} minutes)`
+    );
+
+    // Run first check after 1 minute
+    setTimeout(() => this.check(), 60000);
+  }
+
+  /**
+   * Stop the heartbeat.
+   */
+  stop() {
+    this.running = false;
+    if (this.timer) {
+      clearInterval(this.timer);
+      this.timer = null;
+    }
+    console.log(`[Heartbeat] Stopped`);
+  }
+
+  /**
+   * Run a heartbeat check.
+   */
+  async check() {
+    if (!this.running) return;
+
+    try {
+      const instructions = readFileSync(this.heartbeatPath, "utf-8");
+      this.checkCount++;
+      this.lastCheck = new Date().toISOString();
+
+      console.log(`[Heartbeat] Check #${this.checkCount}...`);
+
+      const prompt = `You are running a periodic heartbeat check. Review the following instructions and check each item. If everything looks fine, just respond "All clear." If something needs attention, describe what you found.
+
+Instructions from HEARTBEAT.md:
+${instructions}
+
+Current time: ${new Date().toISOString()}`;
+
+      taskQueue.enqueue({
+        input: prompt,
+        channel: "heartbeat",
+        sessionId: null,
+        priority: 2,
+      });
+
+      eventBus.emitEvent("heartbeat:check", {
+        checkNumber: this.checkCount,
+      });
+    } catch (error) {
+      console.log(`[Heartbeat] Error: ${error.message}`);
+    }
+  }
+
+  /**
+   * Get stats.
+   */
+  stats() {
+    return {
+      running: this.running,
+      intervalMinutes: this.intervalMinutes,
+      lastCheck: this.lastCheck,
+      checkCount: this.checkCount,
+    };
+  }
+}
+
+const heartbeat = new Heartbeat();
+export default heartbeat;

package/src/scheduler/Scheduler.js

@@ -0,0 +1,228 @@
+import cron from "node-cron";
+import { readFileSync, writeFileSync, existsSync } from "fs";
+import { join } from "path";
+import { v4 as uuidv4 } from "uuid";
+import { config } from "../config/default.js";
+import taskQueue from "../core/TaskQueue.js";
+import eventBus from "../core/EventBus.js";
+
+/**
+ * Scheduler — cron-based task scheduling.
+ *
+ * Schedules stored in data/schedules.json.
+ * Each schedule creates a Task when its cron expression triggers.
+ */
+
+class Scheduler {
+  constructor() {
+    this.schedules = new Map();
+    this.cronJobs = new Map();
+    this.schedulesPath = join(config.dataDir, "schedules.json");
+    this.running = false;
+  }
+
+  /**
+   * Start the scheduler — load and activate all schedules.
+   */
+  start() {
+    this.loadSchedules();
+
+    for (const [id, schedule] of this.schedules) {
+      if (schedule.enabled) {
+        this.activateSchedule(id, schedule);
+      }
+    }
+
+    this.running = true;
+    console.log(
+      `[Scheduler] Started — ${this.schedules.size} schedule(s) loaded`
+    );
+  }
+
+  /**
+   * Stop the scheduler — cancel all cron jobs.
+   */
+  stop() {
+    for (const [id, job] of this.cronJobs) {
+      job.stop();
+    }
+    this.cronJobs.clear();
+    this.running = false;
+    console.log(`[Scheduler] Stopped`);
+  }
+
+  /**
+   * Create a new schedule.
+   * @param {object} options
+   * @param {string} options.cronExpression - Cron expression (e.g., "0 9 * * *" = daily at 9 AM)
+   * @param {string} options.taskInput - The task/message to send when triggered
+   * @param {string} [options.channel] - Channel to use (default: "scheduler")
+   * @param {string} [options.model] - Model to use
+   * @param {string} [options.name] - Human-readable name
+   */
+  create({ cronExpression, taskInput, channel, model, name }) {
+    if (!cron.validate(cronExpression)) {
+      throw new Error(`Invalid cron expression: ${cronExpression}`);
+    }
+
+    const id = uuidv4();
+    const schedule = {
+      id,
+      name: name || `Schedule ${id.slice(0, 8)}`,
+      cronExpression,
+      taskInput,
+      channel: channel || "scheduler",
+      model: model || null,
+      enabled: true,
+      createdAt: new Date().toISOString(),
+      lastRun: null,
+      runCount: 0,
+    };
+
+    this.schedules.set(id, schedule);
+    this.saveSchedules();
+    this.activateSchedule(id, schedule);
+
+    eventBus.emitEvent("schedule:created", { id, name: schedule.name });
+    console.log(
+      `[Scheduler] Created: "${schedule.name}" (${cronExpression})`
+    );
+
+    return schedule;
+  }
+
+  /**
+   * Update an existing schedule (patch — only fields provided are changed).
+   * @param {string} id - Schedule ID (full or prefix)
+   * @param {object} patch - Fields to update: cronExpression, taskInput, name, enabled
+   */
+  update(id, patch) {
+    // Support short ID prefix matching
+    const fullId = id.length < 36
+      ? [...this.schedules.keys()].find((k) => k.startsWith(id))
+      : id;
+
+    const schedule = this.schedules.get(fullId);
+    if (!schedule) throw new Error(`Schedule not found: ${id}`);
+
+    // Update cron expression — requires restarting the cron job
+    if (patch.cronExpression && patch.cronExpression !== schedule.cronExpression) {
+      if (!cron.validate(patch.cronExpression)) {
+        throw new Error(`Invalid cron expression: ${patch.cronExpression}`);
+      }
+      const job = this.cronJobs.get(fullId);
+      if (job) { job.stop(); this.cronJobs.delete(fullId); }
+      schedule.cronExpression = patch.cronExpression;
+      if (schedule.enabled) this.activateSchedule(fullId, schedule);
+    }
+
+    if (patch.taskInput !== undefined) schedule.taskInput = patch.taskInput;
+    if (patch.name !== undefined) schedule.name = patch.name;
+
+    // Enable / disable
+    if (patch.enabled === false && schedule.enabled !== false) {
+      const job = this.cronJobs.get(fullId);
+      if (job) { job.stop(); this.cronJobs.delete(fullId); }
+      schedule.enabled = false;
+    } else if (patch.enabled === true && schedule.enabled !== true) {
+      schedule.enabled = true;
+      if (!this.cronJobs.has(fullId)) this.activateSchedule(fullId, schedule);
+    }
+
+    this.saveSchedules();
+    console.log(`[Scheduler] Updated: "${schedule.name}" (${schedule.cronExpression})`);
+    return schedule;
+  }
+
+  /**
+   * Delete a schedule.
+   */
+  delete(id) {
+    const job = this.cronJobs.get(id);
+    if (job) {
+      job.stop();
+      this.cronJobs.delete(id);
+    }
+
+    this.schedules.delete(id);
+    this.saveSchedules();
+    console.log(`[Scheduler] Deleted schedule: ${id}`);
+  }
+
+  /**
+   * List all schedules.
+   */
+  list() {
+    return [...this.schedules.values()];
+  }
+
+  /**
+   * Activate a cron job for a schedule.
+   */
+  activateSchedule(id, schedule) {
+    const job = cron.schedule(schedule.cronExpression, () => {
+      this.triggerSchedule(id);
+    });
+
+    this.cronJobs.set(id, job);
+  }
+
+  /**
+   * Trigger a scheduled task.
+   */
+  triggerSchedule(id) {
+    const schedule = this.schedules.get(id);
+    if (!schedule || !schedule.enabled) return;
+
+    console.log(`[Scheduler] Triggering: "${schedule.name}"`);
+
+    taskQueue.enqueue({
+      input: schedule.taskInput,
+      channel: schedule.channel,
+      model: schedule.model,
+      sessionId: null,
+      priority: 3, // Scheduled tasks get slightly higher priority
+    });
+
+    schedule.lastRun = new Date().toISOString();
+    schedule.runCount++;
+    this.saveSchedules();
+
+    eventBus.emitEvent("schedule:triggered", {
+      id,
+      name: schedule.name,
+      runCount: schedule.runCount,
+    });
+  }
+
+  /**
+   * Load schedules from disk.
+   */
+  loadSchedules() {
+    if (!existsSync(this.schedulesPath)) return;
+
+    try {
+      const data = JSON.parse(readFileSync(this.schedulesPath, "utf-8"));
+      for (const schedule of data) {
+        this.schedules.set(schedule.id, schedule);
+      }
+    } catch (error) {
+      console.log(`[Scheduler] Error loading schedules: ${error.message}`);
+    }
+  }
+
+  /**
+   * Save schedules to disk.
+   */
+  saveSchedules() {
+    try {
+      const data = [...this.schedules.values()];
+      writeFileSync(this.schedulesPath, JSON.stringify(data, null, 2), "utf-8");
+    } catch (error) {
+      console.log(`[Scheduler] Error saving schedules: ${error.message}`);
+    }
+  }
+}
+
+const scheduler = new Scheduler();
+export default scheduler;

package/src/services/models/outputSchema.js

@@ -0,0 +1,15 @@
+import { z } from "zod";
+
+const outputSchema = z.object({
+  type: z.enum(["text", "tool_call"]),
+  text_content: z.string().nullable(),
+  tool_call: z
+    .object({
+      tool_name: z.string(),
+      params: z.array(z.string()),
+    })
+    .nullable(),
+  finalResponse: z.boolean(),
+});
+
+export default outputSchema;

package/src/services/openai.js

@@ -0,0 +1,25 @@
+/**
+ * Backward-compatible wrapper around the new AgentLoop.
+ *
+ * The original runAgent() interface is preserved so existing code
+ * (index.js POST /chat) continues to work without changes.
+ *
+ * New code should import from src/core/AgentLoop.js directly.
+ */
+import { runAgentLoop } from "../core/AgentLoop.js";
+
+export async function runAgent({ messages, systemPrompt, tools, modelId = null }) {
+  const result = await runAgentLoop({
+    messages,
+    systemPrompt,
+    tools,
+    modelId,
+  });
+
+  // Return in the same shape the old code expects
+  return {
+    text: result.text,
+    messages: result.messages,
+    cost: result.cost,
+  };
+}

package/src/services/sessions.js

@@ -0,0 +1,65 @@
+import { v4 as uuidv4 } from "uuid";
+import { writeFileSync, readFileSync, existsSync, mkdirSync } from "fs";
+import { config } from "../config/default.js";
+
+const SESSIONS_DIR = config.sessionsDir;
+
+// Ensure sessions directory exists
+mkdirSync(SESSIONS_DIR, { recursive: true });
+
+const sessions = new Map();
+
+export function createSession(existingId = null) {
+  const sessionId = existingId || uuidv4();
+  const session = {
+    sessionId,
+    createdAt: new Date().toISOString(),
+    messages: [],
+  };
+  sessions.set(sessionId, session);
+  return session;
+}
+
+export function getSession(sessionId) {
+  // check memory first
+  if (sessions.has(sessionId)) {
+    return sessions.get(sessionId);
+  }
+
+  // fallback: try loading from disk
+  const filePath = `${SESSIONS_DIR}/${sessionId}.json`;
+  if (existsSync(filePath)) {
+    try {
+      const data = JSON.parse(readFileSync(filePath, "utf-8"));
+      sessions.set(sessionId, data);
+      console.log(`Session ${sessionId} restored from disk`);
+      return data;
+    } catch (error) {
+      console.log(`Failed to restore session ${sessionId}: ${error.message}`);
+      return null;
+    }
+  }
+
+  return null;
+}
+
+export function appendMessage(sessionId, role, content) {
+  const session = sessions.get(sessionId);
+  if (!session) return null;
+  session.messages.push({ role, content, timestamp: new Date().toISOString() });
+  saveSession(session);
+  return session;
+}
+
+export function setMessages(sessionId, messages) {
+  const session = sessions.get(sessionId);
+  if (!session) return null;
+  session.messages = messages;
+  saveSession(session);
+  return session;
+}
+
+function saveSession(session) {
+  const filePath = `${SESSIONS_DIR}/${session.sessionId}.json`;
+  writeFileSync(filePath, JSON.stringify(session, null, 2));
+}