kernelbot 1.0.36 → 1.0.38

package/src/security/auth.js

@@ -1,9 +1,50 @@
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+import { getLogger } from '../utils/logger.js';
+
 export function isAllowedUser(userId, config) {
   const allowed = config.telegram.allowed_users;
-  if (!allowed || allowed.length === 0) return false;
+
+  // Auto-register the first user as owner when no allowed users exist
+  if (!allowed || allowed.length === 0) {
+    config.telegram.allowed_users = [userId];
+    _persistOwner(userId);
+    const logger = getLogger();
+    logger.info(`[Auth] Auto-registered first user ${userId} as owner`);
+    return true;
+  }
+
   return allowed.includes(userId);
 }
 
+/**
+ * Persist the auto-registered owner ID to ~/.kernelbot/.env
+ */
+function _persistOwner(userId) {
+  try {
+    const configDir = join(homedir(), '.kernelbot');
+    mkdirSync(configDir, { recursive: true });
+    const envPath = join(configDir, '.env');
+
+    let content = '';
+    if (existsSync(envPath)) {
+      content = readFileSync(envPath, 'utf-8').trimEnd() + '\n';
+    }
+
+    const regex = /^OWNER_TELEGRAM_ID=.*$/m;
+    const line = `OWNER_TELEGRAM_ID=${userId}`;
+    if (regex.test(content)) {
+      content = content.replace(regex, line);
+    } else {
+      content += line + '\n';
+    }
+    writeFileSync(envPath, content);
+  } catch {
+    // Non-fatal — owner is still in memory for this session
+  }
+}
+
 export function getUnauthorizedMessage() {
   return 'Access denied. You are not authorized to use this bot.';
 }

package/src/self.js

@@ -56,9 +56,10 @@ Just getting started.
 };
 
 export class SelfManager {
-  constructor() {
+  constructor(basePath = null) {
+    this._dir = basePath || SELF_DIR;
     this._cache = new Map();
-    mkdirSync(SELF_DIR, { recursive: true });
+    mkdirSync(this._dir, { recursive: true });
     this._ensureDefaults();
   }
 
@@ -67,7 +68,7 @@ export class SelfManager {
     const logger = getLogger();
 
     for (const [name, def] of Object.entries(SELF_FILES)) {
-      const filePath = join(SELF_DIR, def.filename);
+      const filePath = join(this._dir, def.filename);
       if (!existsSync(filePath)) {
         writeFileSync(filePath, def.default, 'utf-8');
         logger.info(`Created default self-file: ${def.filename}`);
@@ -75,6 +76,17 @@ export class SelfManager {
     }
   }
 
+  /** Create self-files with custom defaults (for character initialization). */
+  initWithDefaults(defaults) {
+    for (const [name, content] of Object.entries(defaults)) {
+      const def = SELF_FILES[name];
+      if (!def) continue;
+      const filePath = join(this._dir, def.filename);
+      writeFileSync(filePath, content, 'utf-8');
+      this._cache.set(name, content);
+    }
+  }
+
   /** Load a single self-file by name (goals, journey, life, hobbies). Returns markdown string. */
   load(name) {
     const logger = getLogger();
@@ -83,7 +95,7 @@ export class SelfManager {
 
     if (this._cache.has(name)) return this._cache.get(name);
 
-    const filePath = join(SELF_DIR, def.filename);
+    const filePath = join(this._dir, def.filename);
     let content;
 
     if (existsSync(filePath)) {
@@ -105,7 +117,7 @@ export class SelfManager {
     const def = SELF_FILES[name];
     if (!def) throw new Error(`Unknown self-file: ${name}`);
 
-    const filePath = join(SELF_DIR, def.filename);
+    const filePath = join(this._dir, def.filename);
     writeFileSync(filePath, content, 'utf-8');
     this._cache.set(name, content);
     logger.info(`Updated self-file: ${name}`);

package/src/services/linkedin-api.js

@@ -0,0 +1,190 @@
+import axios from 'axios';
+import { getLogger } from '../utils/logger.js';
+
+/**
+ * LinkedIn REST API v2 client.
+ * Wraps common endpoints for posts, comments, likes, and profile.
+ */
+export class LinkedInAPI {
+  constructor(accessToken) {
+    this.client = axios.create({
+      baseURL: 'https://api.linkedin.com',
+      headers: {
+        'Authorization': `Bearer ${accessToken}`,
+        'LinkedIn-Version': '202601',
+        'X-Restli-Protocol-Version': '2.0.0',
+        'Content-Type': 'application/json',
+      },
+      timeout: 30000,
+    });
+
+    // Retry with backoff on 429
+    this.client.interceptors.response.use(null, async (error) => {
+      const config = error.config;
+      if (error.response?.status === 429 && !config._retried) {
+        config._retried = true;
+        const retryAfter = parseInt(error.response.headers['retry-after'] || '5', 10);
+        getLogger().warn(`[LinkedIn API] Rate limited, retrying after ${retryAfter}s`);
+        await new Promise(r => setTimeout(r, retryAfter * 1000));
+        return this.client(config);
+      }
+      return Promise.reject(error);
+    });
+  }
+
+  /**
+   * Get the authenticated user's profile via OpenID Connect.
+   * Requires "Sign in with LinkedIn" product (openid + profile scopes).
+   * Returns null if scopes are insufficient (403).
+   */
+  async getProfile() {
+    try {
+      const { data } = await this.client.get('/v2/userinfo');
+      return data;
+    } catch (err) {
+      if (err.response?.status === 403) {
+        return null; // No profile scopes — only w_member_social
+      }
+      throw err;
+    }
+  }
+
+  /**
+   * Create a text-only post.
+   * @param {string} authorUrn - e.g. "urn:li:person:XXXXX"
+   * @param {string} text - Post content
+   * @param {string} visibility - "PUBLIC" or "CONNECTIONS"
+   */
+  async createTextPost(authorUrn, text, visibility = 'PUBLIC') {
+    const body = {
+      author: authorUrn,
+      commentary: text,
+      visibility,
+      distribution: {
+        feedDistribution: 'MAIN_FEED',
+        targetEntities: [],
+        thirdPartyDistributionChannels: [],
+      },
+      lifecycleState: 'PUBLISHED',
+    };
+
+    const { data } = await this.client.post('/rest/posts', body);
+    return data;
+  }
+
+  /**
+   * Create a post with an article link.
+   * @param {string} authorUrn
+   * @param {string} text - Commentary text
+   * @param {string} articleUrl - URL to share
+   * @param {string} title - Article title
+   */
+  async createArticlePost(authorUrn, text, articleUrl, title = '') {
+    const body = {
+      author: authorUrn,
+      commentary: text,
+      visibility: 'PUBLIC',
+      distribution: {
+        feedDistribution: 'MAIN_FEED',
+        targetEntities: [],
+        thirdPartyDistributionChannels: [],
+      },
+      content: {
+        article: {
+          source: articleUrl,
+          title: title || articleUrl,
+        },
+      },
+      lifecycleState: 'PUBLISHED',
+    };
+
+    const { data } = await this.client.post('/rest/posts', body);
+    return data;
+  }
+
+  /**
+   * Get the user's recent posts.
+   * Requires r_member_social permission (restricted — approved apps only).
+   * @param {string} authorUrn
+   * @param {number} count
+   */
+  async getMyPosts(authorUrn, count = 10) {
+    const { data } = await this.client.get('/rest/posts', {
+      params: {
+        q: 'author',
+        author: encodeURIComponent(authorUrn),
+        count,
+        sortBy: 'LAST_MODIFIED',
+      },
+      headers: {
+        'X-RestLi-Method': 'FINDER',
+      },
+    });
+    return data.elements || [];
+  }
+
+  /**
+   * Get a specific post by URN.
+   * @param {string} postUrn
+   */
+  async getPost(postUrn) {
+    const encoded = encodeURIComponent(postUrn);
+    const { data } = await this.client.get(`/rest/posts/${encoded}`);
+    return data;
+  }
+
+  /**
+   * Delete a post.
+   * @param {string} postUrn
+   */
+  async deletePost(postUrn) {
+    const encoded = encodeURIComponent(postUrn);
+    await this.client.delete(`/rest/posts/${encoded}`);
+    return { success: true };
+  }
+
+  /**
+   * Add a comment to a post.
+   * @param {string} postUrn
+   * @param {string} text
+   * @param {string} actorUrn
+   */
+  async addComment(postUrn, text, actorUrn) {
+    const encoded = encodeURIComponent(postUrn);
+    const { data } = await this.client.post(`/rest/socialActions/${encoded}/comments`, {
+      actor: actorUrn,
+      message: { text },
+    });
+    return data;
+  }
+
+  /**
+   * Get comments on a post.
+   * Requires r_member_social permission (restricted — approved apps only).
+   * @param {string} postUrn
+   * @param {number} count
+   */
+  async getComments(postUrn, count = 10) {
+    const encoded = encodeURIComponent(postUrn);
+    const { data } = await this.client.get(`/rest/socialActions/${encoded}/comments`, {
+      params: { count },
+      headers: {
+        'X-RestLi-Method': 'FINDER',
+      },
+    });
+    return data.elements || [];
+  }
+
+  /**
+   * Like a post.
+   * @param {string} postUrn
+   * @param {string} actorUrn
+   */
+  async likePost(postUrn, actorUrn) {
+    const encoded = encodeURIComponent(postUrn);
+    const { data } = await this.client.post(`/rest/socialActions/${encoded}/likes`, {
+      actor: actorUrn,
+    });
+    return data;
+  }
+}

package/src/services/stt.js

@@ -67,7 +67,10 @@ export class STTService {
         const result = await this._transcribeElevenLabs(filePath);
         if (result) return result;
       } catch (err) {
-        this.logger.warn(`[STT] ElevenLabs failed, trying fallback: ${err.message}`);
+        const detail = err.response
+          ? `API ${err.response.status}: ${JSON.stringify(err.response.data).slice(0, 200)}`
+          : err.message;
+        this.logger.warn(`[STT] ElevenLabs failed, trying fallback: ${detail}`);
       }
     }
 
@@ -76,7 +79,10 @@ export class STTService {
       try {
         return await this._transcribeWhisper(filePath);
       } catch (err) {
-        this.logger.error(`[STT] Whisper fallback also failed: ${err.message}`);
+        const detail = err.response
+          ? `API ${err.response.status}: ${JSON.stringify(err.response.data).slice(0, 200)}`
+          : err.message;
+        this.logger.error(`[STT] Whisper fallback also failed: ${detail}`);
       }
     }
 

package/src/services/tts.js

@@ -1,6 +1,6 @@
 import axios from 'axios';
 import { createHash } from 'crypto';
-import { existsSync, mkdirSync, readFileSync, writeFileSync, readdirSync, unlinkSync } from 'fs';
+import { existsSync, mkdirSync, readFileSync, writeFileSync, readdirSync, unlinkSync, statSync } from 'fs';
 import { join } from 'path';
 import { homedir } from 'os';
 import { getLogger } from '../utils/logger.js';
@@ -8,6 +8,7 @@ import { getLogger } from '../utils/logger.js';
 const CACHE_DIR = join(homedir(), '.kernelbot', 'tts-cache');
 const DEFAULT_VOICE_ID = 'JBFqnCBsd6RMkjVDRZzb'; // ElevenLabs "George" voice
 const MAX_TEXT_LENGTH = 5000; // ElevenLabs limit
+const MAX_CACHE_FILES = 100;  // Evict oldest entries when cache exceeds this count
 
 /**
  * Text-to-Speech service using ElevenLabs API.
@@ -90,6 +91,9 @@ export class TTSService {
       writeFileSync(cachedPath, audioBuffer);
       this.logger.info(`[TTS] Synthesized and cached: ${cachedPath} (${audioBuffer.length} bytes)`);
 
+      // Evict oldest cache entries if over the limit
+      this._evictCache();
+
       return cachedPath;
     } catch (err) {
       if (err.response) {
@@ -109,7 +113,33 @@ export class TTSService {
     return createHash('sha256').update(`${voiceId}:${text}`).digest('hex').slice(0, 16);
   }
 
-  /** Clear the TTS cache. */
+  /** Evict oldest cache entries when the cache exceeds MAX_CACHE_FILES. */
+  _evictCache() {
+    try {
+      const files = readdirSync(CACHE_DIR);
+      if (files.length <= MAX_CACHE_FILES) return;
+
+      // Sort by modification time (oldest first)
+      const sorted = files
+        .map((f) => {
+          const fullPath = join(CACHE_DIR, f);
+          try { return { name: f, mtime: statSync(fullPath).mtimeMs }; }
+          catch { return null; }
+        })
+        .filter(Boolean)
+        .sort((a, b) => a.mtime - b.mtime);
+
+      const toRemove = sorted.length - MAX_CACHE_FILES;
+      for (let i = 0; i < toRemove; i++) {
+        try { unlinkSync(join(CACHE_DIR, sorted[i].name)); } catch {}
+      }
+      this.logger.info(`[TTS] Cache eviction: removed ${toRemove} oldest file(s), ${MAX_CACHE_FILES} remain`);
+    } catch {
+      // Cache dir may not exist yet
+    }
+  }
+
+  /** Clear the entire TTS cache. */
   clearCache() {
     try {
       const files = readdirSync(CACHE_DIR);

package/src/services/x-api.js

@@ -0,0 +1,141 @@
+import axios from 'axios';
+import OAuth from 'oauth-1.0a';
+import crypto from 'crypto';
+import { getLogger } from '../utils/logger.js';
+
+/**
+ * X (Twitter) API v2 client with OAuth 1.0a request signing.
+ */
+export class XApi {
+  constructor({ consumerKey, consumerSecret, accessToken, accessTokenSecret }) {
+    this._userId = null;
+
+    this.oauth = OAuth({
+      consumer: { key: consumerKey, secret: consumerSecret },
+      signature_method: 'HMAC-SHA1',
+      hash_function(baseString, key) {
+        return crypto.createHmac('sha1', key).update(baseString).digest('base64');
+      },
+    });
+
+    this.token = { key: accessToken, secret: accessTokenSecret };
+
+    this.client = axios.create({
+      baseURL: 'https://api.twitter.com',
+      timeout: 30000,
+    });
+
+    // Sign every request with OAuth 1.0a
+    this.client.interceptors.request.use((config) => {
+      const url = `${config.baseURL}${config.url}`;
+      const authHeader = this.oauth.toHeader(
+        this.oauth.authorize({ url, method: config.method.toUpperCase() }, this.token),
+      );
+      config.headers = { ...config.headers, ...authHeader, 'Content-Type': 'application/json' };
+      return config;
+    });
+
+    // Retry with backoff on 429
+    this.client.interceptors.response.use(null, async (error) => {
+      const config = error.config;
+      if (error.response?.status === 429 && !config._retried) {
+        config._retried = true;
+        const retryAfter = parseInt(error.response.headers['retry-after'] || '5', 10);
+        getLogger().warn(`[X API] Rate limited, retrying after ${retryAfter}s`);
+        await new Promise((r) => setTimeout(r, retryAfter * 1000));
+        return this.client(config);
+      }
+      return Promise.reject(error);
+    });
+  }
+
+  /** Resolve and cache the authenticated user's ID. */
+  async _getUserId() {
+    if (this._userId) return this._userId;
+    const me = await this.getMe();
+    this._userId = me.id;
+    return this._userId;
+  }
+
+  /** GET /2/users/me */
+  async getMe() {
+    const { data } = await this.client.get('/2/users/me', {
+      params: { 'user.fields': 'id,name,username,description,public_metrics' },
+    });
+    if (data.data) {
+      this._userId = data.data.id;
+    }
+    return data.data;
+  }
+
+  /** POST /2/tweets — create a new tweet */
+  async postTweet(text) {
+    const { data } = await this.client.post('/2/tweets', { text });
+    return data.data;
+  }
+
+  /** POST /2/tweets — reply to an existing tweet */
+  async replyToTweet(text, replyToId) {
+    const { data } = await this.client.post('/2/tweets', {
+      text,
+      reply: { in_reply_to_tweet_id: replyToId },
+    });
+    return data.data;
+  }
+
+  /** GET /2/tweets/:id */
+  async getTweet(tweetId) {
+    const { data } = await this.client.get(`/2/tweets/${tweetId}`, {
+      params: { 'tweet.fields': 'id,text,author_id,created_at,public_metrics,conversation_id' },
+    });
+    return data.data;
+  }
+
+  /** GET /2/users/:id/tweets */
+  async getMyTweets(count = 10) {
+    const userId = await this._getUserId();
+    const { data } = await this.client.get(`/2/users/${userId}/tweets`, {
+      params: {
+        max_results: Math.min(Math.max(count, 5), 100),
+        'tweet.fields': 'id,text,created_at,public_metrics',
+      },
+    });
+    return data.data || [];
+  }
+
+  /** GET /2/tweets/search/recent */
+  async searchRecentTweets(query, count = 10) {
+    const { data } = await this.client.get('/2/tweets/search/recent', {
+      params: {
+        query,
+        max_results: Math.min(Math.max(count, 10), 100),
+        'tweet.fields': 'id,text,author_id,created_at,public_metrics',
+      },
+    });
+    return data.data || [];
+  }
+
+  /** DELETE /2/tweets/:id */
+  async deleteTweet(tweetId) {
+    const { data } = await this.client.delete(`/2/tweets/${tweetId}`);
+    return data.data;
+  }
+
+  /** POST /2/users/:id/likes */
+  async likeTweet(tweetId) {
+    const userId = await this._getUserId();
+    const { data } = await this.client.post(`/2/users/${userId}/likes`, {
+      tweet_id: tweetId,
+    });
+    return data.data;
+  }
+
+  /** POST /2/users/:id/retweets */
+  async retweet(tweetId) {
+    const userId = await this._getUserId();
+    const { data } = await this.client.post(`/2/users/${userId}/retweets`, {
+      tweet_id: tweetId,
+    });
+    return data.data;
+  }
+}

package/src/swarm/worker-registry.js

@@ -40,6 +40,13 @@ export const WORKER_TYPES = {
     description: 'Deep web research and analysis',
     timeout: 600,    // 10 minutes
   },
+  social: {
+    label: 'Social Worker',
+    emoji: '📱',
+    categories: ['linkedin', 'x'],
+    description: 'LinkedIn and X (Twitter) posting, engagement, feed reading',
+    timeout: 120,    // 2 minutes
+  },
 };
 
 /**

package/src/tools/categories.js

@@ -13,6 +13,8 @@ export const TOOL_CATEGORIES = {
   network: ['check_port', 'curl_url', 'nginx_reload'],
   browser: ['web_search', 'browse_website', 'screenshot_website', 'extract_content', 'send_image', 'interact_with_page'],
   jira: ['jira_get_ticket', 'jira_search_tickets', 'jira_list_my_tickets', 'jira_get_project_tickets'],
+  linkedin: ['linkedin_create_post', 'linkedin_get_my_posts', 'linkedin_get_post', 'linkedin_comment_on_post', 'linkedin_get_comments', 'linkedin_like_post', 'linkedin_get_profile', 'linkedin_delete_post'],
+  x: ['x_post_tweet', 'x_reply_to_tweet', 'x_get_my_tweets', 'x_get_tweet', 'x_search_tweets', 'x_like_tweet', 'x_retweet', 'x_delete_tweet', 'x_get_profile'],
 };
 
 const CATEGORY_KEYWORDS = {
@@ -25,6 +27,8 @@ const CATEGORY_KEYWORDS = {
   network: ['port', 'curl', 'http', 'nginx', 'network', 'api', 'endpoint', 'request', 'url', 'fetch'],
   browser: ['search', 'find', 'look up', 'browse', 'screenshot', 'scrape', 'website', 'web page', 'webpage', 'extract content', 'html', 'css selector'],
   jira: ['jira', 'ticket', 'issue', 'sprint', 'backlog', 'story', 'epic'],
+  linkedin: ['linkedin', 'post on linkedin', 'linkedin post', 'linkedin comment', 'share on linkedin'],
+  x: ['twitter', 'tweet', 'x post', 'x.com', 'retweet', 'post on x', 'post on twitter'],
 };
 
 // Categories that imply other categories

package/src/tools/index.js

@@ -8,6 +8,8 @@ import { definitions as githubDefinitions, handlers as githubHandlers } from './
 import { definitions as codingDefinitions, handlers as codingHandlers } from './coding.js';
 import { definitions as browserDefinitions, handlers as browserHandlers } from './browser.js';
 import { definitions as jiraDefinitions, handlers as jiraHandlers } from './jira.js';
+import { definitions as linkedinDefinitions, handlers as linkedinHandlers } from './linkedin.js';
+import { definitions as xDefinitions, handlers as xHandlers } from './x.js';
 import { definitions as personaDefinitions, handlers as personaHandlers } from './persona.js';
 import { logToolCall } from '../security/audit.js';
 import { requiresConfirmation } from '../security/confirm.js';
@@ -23,6 +25,8 @@ export const toolDefinitions = [
   ...codingDefinitions,
   ...browserDefinitions,
   ...jiraDefinitions,
+  ...linkedinDefinitions,
+  ...xDefinitions,
   ...personaDefinitions,
 ];
 
@@ -37,6 +41,8 @@ const handlerMap = {
   ...codingHandlers,
   ...browserHandlers,
   ...jiraHandlers,
+  ...linkedinHandlers,
+  ...xHandlers,
   ...personaHandlers,
 };