leedab 0.1.0

package/dist/gateway.js

@@ -0,0 +1,213 @@
+import { spawn, execFile } from "node:child_process";
+import { createWriteStream } from "node:fs";
+import { resolve, dirname, join } from "node:path";
+import { readFile, writeFile, readdir, copyFile, mkdir, access } from "node:fs/promises";
+import { fileURLToPath } from "node:url";
+import { promisify } from "node:util";
+import { resolveOpenClawBin, openclawEnv } from "./openclaw.js";
+const execFileAsync = promisify(execFile);
+let gatewayProcess = null;
+/**
+ * Start the LeedAB agent gateway.
+ */
+export async function startGateway(config) {
+    const bin = resolveOpenClawBin();
+    const stateDir = resolve(".leedab");
+    const env = openclawEnv(stateDir);
+    // Seed workspace templates (skip files that already exist)
+    await seedWorkspace();
+    // Auto-approve all tool executions (enterprise local deployment)
+    await ensureAutoApprove(bin, env);
+    // Register channels before starting gateway
+    await registerChannels(bin, stateDir, config);
+    // Start gateway, pipe output to log file instead of terminal
+    const logDir = resolve(stateDir, "logs");
+    await mkdir(logDir, { recursive: true });
+    const today = new Date().toISOString().slice(0, 10);
+    const logPath = resolve(logDir, `gateway-${today}.log`);
+    const logStream = createWriteStream(logPath, { flags: "a" });
+    gatewayProcess = spawn(bin, ["gateway", "run", "--force"], {
+        env,
+        stdio: ["inherit", "pipe", "pipe"],
+    });
+    if (gatewayProcess.stdout)
+        gatewayProcess.stdout.pipe(logStream);
+    if (gatewayProcess.stderr)
+        gatewayProcess.stderr.pipe(logStream);
+    // Expose log path so callers can display it
+    startGateway.logPath = logPath;
+    gatewayProcess.on("error", (err) => {
+        console.error("Gateway process error:", err.message);
+        process.exit(1);
+    });
+    // Clean shutdown on SIGTERM/SIGINT
+    const cleanup = () => {
+        if (gatewayProcess) {
+            gatewayProcess.kill("SIGTERM");
+            gatewayProcess = null;
+        }
+        process.exit(0);
+    };
+    process.on("SIGTERM", cleanup);
+    process.on("SIGINT", cleanup);
+    await waitForGateway(config.gateway.port);
+    // Push approvals to running gateway (local set happens before start,
+    // but the gateway may load its own copy on boot)
+    await ensureAutoApprove(bin, env, true);
+    return { logPath };
+}
+export async function stopGateway() {
+    const bin = resolveOpenClawBin();
+    const stateDir = resolve(".leedab");
+    try {
+        await execFileAsync(bin, ["gateway", "stop"], {
+            env: openclawEnv(stateDir),
+        });
+    }
+    catch {
+        if (gatewayProcess) {
+            gatewayProcess.kill("SIGTERM");
+        }
+    }
+    gatewayProcess = null;
+}
+async function registerChannels(bin, stateDir, config) {
+    let secrets = {};
+    try {
+        const raw = await readFile(resolve(stateDir, "secrets.json"), "utf-8");
+        secrets = JSON.parse(raw);
+    }
+    catch {
+        // No secrets file yet
+    }
+    const env = openclawEnv(stateDir);
+    if (config.channels.whatsapp?.enabled && secrets.whatsapp) {
+        try {
+            await execFileAsync(bin, ["channels", "add", "--channel", "whatsapp"], { env });
+        }
+        catch {
+            // Already exists — fine
+        }
+    }
+    if (config.channels.telegram?.enabled && secrets.telegram?.token) {
+        try {
+            await execFileAsync(bin, ["channels", "add", "--channel", "telegram", "--token", secrets.telegram.token], { env });
+        }
+        catch {
+            // Already exists — fine
+        }
+        // Apply allowlist if present
+        const allowlist = secrets.telegram?.allowlist ?? [];
+        if (allowlist.length > 0) {
+            try {
+                const configPath = resolve(stateDir, "openclaw.json");
+                const ocConfig = JSON.parse(await readFile(configPath, "utf-8"));
+                if (ocConfig.channels?.telegram) {
+                    ocConfig.channels.telegram.allowFrom = allowlist;
+                    ocConfig.channels.telegram.dmPolicy = "allowlist";
+                    await writeFile(configPath, JSON.stringify(ocConfig, null, 2) + "\n");
+                }
+            }
+            catch {
+                // Config not ready yet
+            }
+        }
+    }
+    if (config.channels.teams?.enabled && secrets.teams?.appSecret) {
+        try {
+            await execFileAsync(bin, ["channels", "add", "--channel", "teams"], { env });
+        }
+        catch {
+            // Already exists — fine
+        }
+    }
+}
+/**
+ * Set up exec-approvals so the agent can run tools without prompting.
+ * Safe for local enterprise deployments where the admin controls the box.
+ */
+async function ensureAutoApprove(bin, env, gateway = false) {
+    try {
+        // security: "full" skips all approval prompts (equivalent to elevated mode).
+        // ask: "off" disables interactive prompts entirely.
+        // askFallback: "full" auto-allows if no UI is reachable.
+        const approvals = JSON.stringify({
+            version: 1,
+            defaults: {
+                security: "full",
+                ask: "off",
+                askFallback: "full",
+            },
+            agents: {
+                "*": {
+                    security: "full",
+                    ask: "off",
+                    askFallback: "full",
+                },
+                main: {
+                    security: "full",
+                    ask: "off",
+                    askFallback: "full",
+                },
+            },
+        });
+        const args = ["approvals", "set", "--stdin"];
+        if (gateway)
+            args.push("--gateway");
+        const proc = spawn(bin, args, { env, stdio: ["pipe", "pipe", "pipe"] });
+        proc.stdin.write(approvals);
+        proc.stdin.end();
+        await new Promise((resolve, reject) => {
+            proc.on("close", (code) => (code === 0 ? resolve() : reject(new Error(`exit ${code}`))));
+            proc.on("error", reject);
+        });
+    }
+    catch (err) {
+        console.warn("[leedab] auto-approve setup failed:", err);
+    }
+}
+/**
+ * Copy default workspace files (AGENTS.md, SOUL.md, etc.) into workspace/
+ * on first run. Existing files are never overwritten.
+ */
+async function seedWorkspace() {
+    const srcDir = join(dirname(fileURLToPath(import.meta.url)), "templates", "workspace");
+    const destDir = resolve("workspace");
+    await mkdir(destDir, { recursive: true });
+    try {
+        const files = await readdir(srcDir);
+        for (const file of files) {
+            const dest = join(destDir, file);
+            try {
+                await access(dest);
+                // Already exists — don't overwrite
+            }
+            catch {
+                await copyFile(join(srcDir, file), dest);
+            }
+        }
+    }
+    catch (err) {
+        console.warn("[leedab] workspace seed failed:", err);
+    }
+}
+async function waitForGateway(port, timeoutMs = 20000) {
+    const bin = resolveOpenClawBin();
+    const stateDir = resolve(".leedab");
+    const start = Date.now();
+    while (Date.now() - start < timeoutMs) {
+        try {
+            // Use openclaw's own health check which knows the WS protocol
+            await execFileAsync(bin, ["gateway", "health"], {
+                env: openclawEnv(stateDir),
+                timeout: 5000,
+            });
+            return;
+        }
+        catch {
+            // Not ready yet
+        }
+        await new Promise((r) => setTimeout(r, 1000));
+    }
+    throw new Error(`Gateway did not start within ${timeoutMs}ms`);
+}

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+export { startGateway, stopGateway } from "./gateway.js";
+export { loadConfig, initConfig } from "./config/index.js";
+export { setupChannels } from "./channels/index.js";
+export { runOnboard } from "./onboard/index.js";
+export { startDashboard } from "./dashboard/server.js";
+export type { LeedABConfig } from "./config/schema.js";

package/dist/index.js

@@ -0,0 +1,5 @@
+export { startGateway, stopGateway } from "./gateway.js";
+export { loadConfig, initConfig } from "./config/index.js";
+export { setupChannels } from "./channels/index.js";
+export { runOnboard } from "./onboard/index.js";
+export { startDashboard } from "./dashboard/server.js";

package/dist/license.d.ts

@@ -0,0 +1,27 @@
+export interface LicenseInfo {
+    key: string;
+    valid: boolean;
+    tier: string;
+    status: string;
+    seatsUsed: number;
+    maxSeats: number;
+    validatedAt: string;
+}
+/**
+ * Validate a license key against the API.
+ */
+export declare function validateLicenseKey(key: string): Promise<LicenseInfo>;
+/**
+ * Save license info to disk.
+ */
+export declare function saveLicense(license: LicenseInfo): Promise<void>;
+/**
+ * Load cached license from disk. Returns null if not found.
+ */
+export declare function loadLicense(): Promise<LicenseInfo | null>;
+/**
+ * Ensure we have a valid license. Returns the license if valid.
+ * Revalidates if the cached license is stale.
+ * Returns null if no license or license is invalid.
+ */
+export declare function ensureLicense(): Promise<LicenseInfo | null>;

package/dist/license.js

@@ -0,0 +1,92 @@
+import { readFile, writeFile, mkdir } from "node:fs/promises";
+import { resolve } from "node:path";
+const LICENSE_PATH = resolve(".leedab", "license.json");
+const VERIFY_URL = "https://api.leedab.com/api/v1/licensing/verify";
+const REVALIDATE_DAYS = 7;
+/**
+ * Validate a license key against the API.
+ */
+export async function validateLicenseKey(key) {
+    const res = await fetch(VERIFY_URL, {
+        method: "POST",
+        headers: {
+            Authorization: `Bearer ${key}`,
+            "Content-Type": "application/json",
+        },
+    });
+    if (!res.ok) {
+        return {
+            key,
+            valid: false,
+            tier: "none",
+            status: "invalid",
+            seatsUsed: 0,
+            maxSeats: 0,
+            validatedAt: new Date().toISOString(),
+        };
+    }
+    const data = await res.json();
+    return {
+        key,
+        valid: data.valid === true,
+        tier: data.tier ?? "starter",
+        status: data.status ?? "unknown",
+        seatsUsed: data.seats_used ?? 0,
+        maxSeats: data.max_seats ?? 1,
+        validatedAt: new Date().toISOString(),
+    };
+}
+/**
+ * Save license info to disk.
+ */
+export async function saveLicense(license) {
+    await mkdir(resolve(".leedab"), { recursive: true });
+    await writeFile(LICENSE_PATH, JSON.stringify(license, null, 2) + "\n");
+}
+/**
+ * Load cached license from disk. Returns null if not found.
+ */
+export async function loadLicense() {
+    try {
+        const raw = await readFile(LICENSE_PATH, "utf-8");
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Check if the cached license needs revalidation (older than REVALIDATE_DAYS).
+ */
+function isStale(license) {
+    const validated = new Date(license.validatedAt).getTime();
+    const now = Date.now();
+    const daysSince = (now - validated) / (1000 * 60 * 60 * 24);
+    return daysSince > REVALIDATE_DAYS;
+}
+/**
+ * Ensure we have a valid license. Returns the license if valid.
+ * Revalidates if the cached license is stale.
+ * Returns null if no license or license is invalid.
+ */
+export async function ensureLicense() {
+    const cached = await loadLicense();
+    if (!cached)
+        return null;
+    // If cached and fresh, trust it
+    if (cached.valid && !isStale(cached)) {
+        return cached;
+    }
+    // Revalidate
+    try {
+        const fresh = await validateLicenseKey(cached.key);
+        await saveLicense(fresh);
+        return fresh.valid ? fresh : null;
+    }
+    catch {
+        // Offline — trust cache if it was valid (grace period)
+        if (cached.valid)
+            return cached;
+        return null;
+    }
+}

package/dist/memory/index.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Initialize the memory directory with default templates.
+ * The agent's built-in memory system will use these files.
+ */
+export declare function initMemory(memoryDir: string): Promise<void>;
+/**
+ * Ensure today's daily note exists.
+ */
+export declare function ensureDailyNote(memoryDir: string): Promise<string>;

package/dist/memory/index.js

@@ -0,0 +1,41 @@
+import { mkdir, writeFile, access } from "node:fs/promises";
+import { resolve } from "node:path";
+const MEMORY_TEMPLATE = `# Memory
+
+Long-term memory for this LeedAB deployment. Durable facts, preferences, and decisions are stored here.
+`;
+const DAILY_TEMPLATE = `# Daily Notes — {{date}}
+
+Running context and observations for today.
+`;
+/**
+ * Initialize the memory directory with default templates.
+ * The agent's built-in memory system will use these files.
+ */
+export async function initMemory(memoryDir) {
+    const dir = resolve(memoryDir);
+    await mkdir(dir, { recursive: true });
+    const memoryPath = resolve(dir, "Memory.md");
+    try {
+        await access(memoryPath);
+    }
+    catch {
+        await writeFile(memoryPath, MEMORY_TEMPLATE);
+    }
+}
+/**
+ * Ensure today's daily note exists.
+ */
+export async function ensureDailyNote(memoryDir) {
+    const dir = resolve(memoryDir);
+    const today = new Date().toISOString().split("T")[0];
+    const dailyPath = resolve(dir, `${today}.md`);
+    try {
+        await access(dailyPath);
+    }
+    catch {
+        const content = DAILY_TEMPLATE.replace("{{date}}", today);
+        await writeFile(dailyPath, content);
+    }
+    return dailyPath;
+}

package/dist/onboard/index.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Run the full onboarding wizard. Writes leedab.config.json and .leedab/ secrets.
+ */
+export declare function runOnboard(): Promise<void>;

package/dist/onboard/index.js

@@ -0,0 +1,263 @@
+import { writeFile, readFile, mkdir, readdir, copyFile } from "node:fs/promises";
+import { resolve, join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+import chalk from "chalk";
+import inquirer from "inquirer";
+import { printWelcome } from "./steps/welcome.js";
+import { onboardProvider } from "./steps/provider.js";
+import { onboardWhatsApp } from "./steps/whatsapp.js";
+import { onboardTelegram } from "./steps/telegram.js";
+import { onboardTeams } from "./steps/teams.js";
+import { DEFAULT_CONFIG } from "../config/schema.js";
+import { initMemory } from "../memory/index.js";
+import { addEntry, listEntries } from "../vault.js";
+import { validateLicenseKey, saveLicense, loadLicense } from "../license.js";
+/**
+ * Run the full onboarding wizard. Writes leedab.config.json and .leedab/ secrets.
+ */
+export async function runOnboard() {
+    printWelcome();
+    // --- License key (required) ---
+    const existingLicense = await loadLicense();
+    if (existingLicense?.valid) {
+        console.log(chalk.green(`  License: ${existingLicense.tier} plan (${existingLicense.key.slice(0, 12)}...)\n`));
+    }
+    else {
+        console.log(chalk.bold("  License Key\n"));
+        console.log(chalk.dim("  Get your key at ") + chalk.cyan("https://leedab.com") + "\n");
+        let licensed = false;
+        while (!licensed) {
+            const { licenseKey } = await inquirer.prompt([
+                {
+                    type: "password",
+                    name: "licenseKey",
+                    message: "License key:",
+                    mask: "*",
+                    validate: (v) => v.trim().startsWith("am_live_") || "Key should start with am_live_",
+                },
+            ]);
+            process.stdout.write(chalk.dim("  Validating..."));
+            const result = await validateLicenseKey(licenseKey.trim());
+            if (result.valid) {
+                await saveLicense(result);
+                console.log(chalk.green(` valid (${result.tier} plan)`));
+                licensed = true;
+            }
+            else {
+                console.log(chalk.red(" invalid key."));
+                const { retry } = await inquirer.prompt([
+                    { type: "confirm", name: "retry", message: "Try again?", default: true },
+                ]);
+                if (!retry) {
+                    console.log(chalk.red("\n  A valid license key is required to use LeedAB."));
+                    console.log(chalk.dim("  Get one at ") + chalk.cyan("https://leedab.com\n"));
+                    process.exit(1);
+                }
+            }
+        }
+    }
+    // Agent name
+    const { agentName } = await inquirer.prompt([
+        {
+            type: "input",
+            name: "agentName",
+            message: "Agent display name:",
+            default: "LeedAB",
+        },
+    ]);
+    // Vertical selection
+    const { vertical } = await inquirer.prompt([
+        {
+            type: "list",
+            name: "vertical",
+            message: "What type of operations?",
+            choices: [
+                { name: "General purpose", value: "general" },
+                { name: "Supply chain & logistics", value: "supply-chain" },
+            ],
+        },
+    ]);
+    const config = {
+        ...DEFAULT_CONFIG,
+        agent: { ...DEFAULT_CONFIG.agent, name: agentName, vertical },
+    };
+    // Secrets go to .leedab/secrets.json (gitignored)
+    const secrets = {};
+    // --- Seed vertical templates ---
+    if (vertical !== "general") {
+        await seedVerticalTemplates(vertical);
+        await seedVerticalVault(vertical);
+        console.log(chalk.green(`\n  Loaded ${vertical} templates and vault entries.`));
+    }
+    // --- LLM Provider ---
+    const provider = await onboardProvider();
+    if (provider) {
+        config.agent.model = provider.model;
+    }
+    // --- Telegram (recommended) ---
+    const telegram = await onboardTelegram();
+    if (telegram) {
+        config.channels.telegram = telegram.config;
+        secrets.telegram = { token: telegram.token, allowlist: telegram.allowlist };
+    }
+    // --- WhatsApp ---
+    const whatsapp = await onboardWhatsApp();
+    if (whatsapp) {
+        const { _businessAccountId, _accessToken, ...channelConfig } = whatsapp;
+        config.channels.whatsapp = channelConfig;
+        secrets.whatsapp = {
+            businessAccountId: _businessAccountId,
+            accessToken: _accessToken,
+        };
+    }
+    // --- Teams ---
+    const teams = await onboardTeams();
+    if (teams) {
+        config.channels.teams = teams.config;
+        secrets.teams = { appSecret: teams.appSecret };
+    }
+    // --- Credential Vault ---
+    console.log(chalk.bold("\n  Credential Vault\n"));
+    console.log(chalk.dim("  The agent uses stored credentials to access services via browser."));
+    console.log(chalk.dim("  (Gmail, Google Drive, CRM, carrier portals, etc.)\n"));
+    const { addCreds } = await inquirer.prompt([
+        {
+            type: "confirm",
+            name: "addCreds",
+            message: "Store credentials for services the agent should access?",
+            default: true,
+        },
+    ]);
+    if (addCreds) {
+        let more = true;
+        while (more) {
+            const cred = await inquirer.prompt([
+                {
+                    type: "input",
+                    name: "service",
+                    message: "Service name (e.g. gmail, salesforce):",
+                    validate: (v) => v.trim().length > 0 || "Required",
+                },
+                {
+                    type: "input",
+                    name: "url",
+                    message: "Login URL:",
+                },
+                {
+                    type: "input",
+                    name: "username",
+                    message: "Username / email:",
+                },
+                {
+                    type: "password",
+                    name: "password",
+                    message: "Password:",
+                    mask: "*",
+                },
+                {
+                    type: "input",
+                    name: "notes",
+                    message: "Notes for agent (optional):",
+                },
+            ]);
+            await addEntry(cred.service.trim(), {
+                url: cred.url || undefined,
+                username: cred.username || undefined,
+                password: cred.password || undefined,
+                notes: cred.notes || undefined,
+            });
+            console.log(chalk.green(`  Added ${cred.service.trim()} to vault.`));
+            const { another } = await inquirer.prompt([
+                {
+                    type: "confirm",
+                    name: "another",
+                    message: "Add another service?",
+                    default: false,
+                },
+            ]);
+            more = another;
+        }
+    }
+    else {
+        console.log(chalk.dim("  Add later with ") +
+            chalk.cyan("leedab vault add <service>"));
+    }
+    // --- Write everything ---
+    const configDir = resolve(".leedab");
+    await mkdir(configDir, { recursive: true });
+    // Write config (no secrets)
+    await writeFile(resolve("leedab.config.json"), JSON.stringify(config, null, 2) + "\n");
+    // Write secrets separately
+    if (Object.keys(secrets).length > 0) {
+        await writeFile(resolve(configDir, "secrets.json"), JSON.stringify(secrets, null, 2) + "\n");
+    }
+    // Init memory directory
+    await initMemory(config.memory.dir);
+    // Summary
+    console.log(chalk.bold("\n  Setup complete!\n"));
+    const channels = [];
+    if (whatsapp)
+        channels.push("WhatsApp");
+    if (telegram)
+        channels.push("Telegram");
+    if (teams)
+        channels.push("Teams");
+    if (channels.length > 0) {
+        console.log(chalk.green(`  Channels: ${channels.join(", ")}`));
+    }
+    else {
+        console.log(chalk.yellow("  No channels connected. Run " +
+            chalk.cyan("leedab onboard") +
+            " anytime to add them."));
+    }
+    const vaultEntries = await listEntries();
+    if (vaultEntries.length > 0) {
+        console.log(chalk.green(`  Vault: ${vaultEntries.length} service(s) stored`));
+    }
+    console.log(chalk.dim(`\n  Config:  ./leedab.config.json`));
+    console.log(chalk.dim(`  Secrets: ./.leedab/secrets.json`));
+    console.log(chalk.dim(`  Vault:   ./.leedab/vault.json`));
+    console.log(chalk.dim(`  Memory:  ./${config.memory.dir}/`));
+    console.log(chalk.bold(`\n  Start your agent: ${chalk.cyan("leedab start")}\n`));
+}
+/**
+ * Copy vertical-specific workspace templates (SOUL.md, HEARTBEAT.md, etc.)
+ * into workspace/, overwriting defaults.
+ */
+async function seedVerticalTemplates(vertical) {
+    const srcDir = join(dirname(fileURLToPath(import.meta.url)), "..", "templates", "verticals", vertical);
+    const destDir = resolve("workspace");
+    await mkdir(destDir, { recursive: true });
+    try {
+        const files = await readdir(srcDir);
+        for (const file of files) {
+            if (file.endsWith(".json"))
+                continue; // Skip vault-template.json
+            await copyFile(join(srcDir, file), join(destDir, file));
+        }
+    }
+    catch {
+        // Templates directory may not exist for this vertical
+    }
+}
+/**
+ * Pre-populate vault with entries from the vertical's vault-template.json.
+ * Only adds entries that don't already exist (won't overwrite user credentials).
+ */
+async function seedVerticalVault(vertical) {
+    const templatePath = join(dirname(fileURLToPath(import.meta.url)), "..", "templates", "verticals", vertical, "vault-template.json");
+    try {
+        const raw = await readFile(templatePath, "utf-8");
+        const template = JSON.parse(raw);
+        for (const [service, entry] of Object.entries(template)) {
+            // Only add if service doesn't already exist in vault
+            const existing = await listEntries();
+            if (!existing.some((e) => e.service === service)) {
+                await addEntry(service, entry);
+            }
+        }
+    }
+    catch {
+        // No vault template for this vertical
+    }
+}

package/dist/onboard/oauth-server.d.ts

@@ -0,0 +1,13 @@
+export interface OAuthResult {
+    code: string;
+    state?: string;
+}
+/**
+ * Spin up a temporary local HTTP server to receive OAuth callbacks.
+ * Returns a promise that resolves with the authorization code.
+ */
+export declare function createOAuthCallbackServer(port?: number): {
+    url: string;
+    waitForCallback: () => Promise<OAuthResult>;
+    close: () => void;
+};