neoagent 1.2.0 → 1.4.0

package/.env.example

@@ -1,9 +1,9 @@
-PORT=3060
+PORT=3333
 NODE_ENV=development
 SESSION_SECRET=change-this-to-a-random-secret-in-production
 
 # Comma-separated list of allowed CORS origins (leave empty to block all cross-origin requests)
-# Example: ALLOWED_ORIGINS=http://localhost:3060,https://yourdomain.com
+# Example: ALLOWED_ORIGINS=http://localhost:3333,https://yourdomain.com
 ALLOWED_ORIGINS=
 
 # xAI API key — used for:

package/docs/configuration.md

@@ -8,7 +8,7 @@ All settings live in `.env` at the project root. Run `neoagent setup` to regener
 
 | Variable | Default | Description |
 |---|---|---|
-| `PORT` | `3060` | HTTP port |
+| `PORT` | `3333` | HTTP port |
 | `SESSION_SECRET` | *(required)* | Random string for session signing — generate with `openssl rand -hex 32` |
 | `NODE_ENV` | `production` | Set to `development` to enable verbose logs |
 | `SECURE_COOKIES` | `false` | Set `true` when behind a TLS-terminating proxy |
@@ -39,7 +39,7 @@ Telegram, Discord, and WhatsApp tokens are stored in the database via the web UI
 ## Minimal `.env` example
 
 ```dotenv
-PORT=3060
+PORT=3333
 SESSION_SECRET=change-me-to-something-random
 ANTHROPIC_API_KEY=sk-ant-...
 ```

package/lib/manager.js

@@ -58,15 +58,67 @@ function loadEnvPort() {
   try {
     const env = fs.readFileSync(ENV_FILE, 'utf8');
     const line = env.split('\n').find((entry) => entry.startsWith('PORT='));
-    if (!line) return 3060;
+    if (!line) return 3333;
     const raw = line.split('=')[1]?.trim();
     const num = Number(raw);
-    return Number.isFinite(num) && num > 0 ? num : 3060;
+    return Number.isFinite(num) && num > 0 ? num : 3333;
   } catch {
-    return 3060;
+    return 3333;
   }
 }
 
+function readEnvFileRaw() {
+  if (!fs.existsSync(ENV_FILE)) return '';
+  return fs.readFileSync(ENV_FILE, 'utf8');
+}
+
+function parseEnv(raw) {
+  const lines = raw.split('\n');
+  const map = new Map();
+  for (const line of lines) {
+    if (!line || line.startsWith('#') || !line.includes('=')) continue;
+    const idx = line.indexOf('=');
+    const key = line.slice(0, idx).trim();
+    const value = line.slice(idx + 1);
+    if (key) map.set(key, value);
+  }
+  return map;
+}
+
+function upsertEnvValue(key, value) {
+  const raw = readEnvFileRaw();
+  const lines = raw ? raw.split('\n') : [];
+  let replaced = false;
+
+  for (let i = 0; i < lines.length; i++) {
+    if (lines[i].startsWith(`${key}=`)) {
+      lines[i] = `${key}=${value}`;
+      replaced = true;
+      break;
+    }
+  }
+
+  if (!replaced) lines.push(`${key}=${value}`);
+  const output = lines.filter((_, idx, arr) => idx !== arr.length - 1 || arr[idx] !== '').join('\n') + '\n';
+  fs.writeFileSync(ENV_FILE, output, { mode: 0o600 });
+}
+
+function removeEnvValue(key) {
+  const raw = readEnvFileRaw();
+  if (!raw) return false;
+  const lines = raw.split('\n').filter((line) => !line.startsWith(`${key}=`));
+  const output = lines.filter((_, idx, arr) => idx !== arr.length - 1 || arr[idx] !== '').join('\n') + '\n';
+  fs.writeFileSync(ENV_FILE, output, { mode: 0o600 });
+  return true;
+}
+
+function maskEnvValue(key, value) {
+  if (!/(KEY|TOKEN|SECRET|PASSWORD)/i.test(key)) return value;
+  const text = String(value || '');
+  if (text.length <= 8) return '********';
+  return `${text.slice(0, 4)}...${text.slice(-4)}`;
+}
+
 function runOrThrow(cmd, args, options = {}) {
   const res = spawnSync(cmd, args, { stdio: 'inherit', cwd: APP_DIR, ...options });
   if (res.status !== 0) {
@@ -159,7 +211,7 @@ async function cmdSetup() {
     }
   }
 
-  const port = await ask('Server port', current.PORT || '3060');
+  const port = await ask('Server port', current.PORT || '3333');
   const sessionSecret = await ask('Session secret', current.SESSION_SECRET || randomSecret());
   const anthropic = await ask('Anthropic API key', current.ANTHROPIC_API_KEY || '');
   const openai = await ask('OpenAI API key', current.OPENAI_API_KEY || '');
@@ -419,10 +471,61 @@ function cmdUpdate() {
   cmdRestart();
 }
 
+async function cmdEnv(args = []) {
+  heading('Environment Variables');
+  let action = args[0];
+
+  if (!action) {
+    const picked = await ask('Action (list/get/set/unset)', 'list');
+    action = (picked || 'list').trim().toLowerCase();
+  }
+
+  if (action === 'list') {
+    const env = parseEnv(readEnvFileRaw());
+    if (env.size === 0) {
+      logWarn(`No .env found at ${ENV_FILE}`);
+      return;
+    }
+    for (const [k, v] of [...env.entries()].sort((a, b) => a[0].localeCompare(b[0]))) {
+      console.log(`${k}=${maskEnvValue(k, v)}`);
+    }
+    return;
+  }
+
+  if (action === 'get') {
+    const key = args[1] || await ask('Key', 'PORT');
+    if (!key) throw new Error('Usage: neoagent env get <KEY>');
+    const env = parseEnv(readEnvFileRaw());
+    if (!env.has(key)) throw new Error(`Key not found: ${key}`);
+    console.log(env.get(key));
+    return;
+  }
+
+  if (action === 'set') {
+    const key = args[1] || await ask('Key', 'PORT');
+    const value = args.slice(2).join(' ') || await ask('Value', key === 'PORT' ? '3333' : '');
+    if (!key || !value) throw new Error('Usage: neoagent env set <KEY> <VALUE>');
+    upsertEnvValue(key, value);
+    logOk(`Set ${key} in ${ENV_FILE}`);
+    return;
+  }
+
+  if (action === 'unset') {
+    const key = args[1] || await ask('Key', 'PORT');
+    if (!key) throw new Error('Usage: neoagent env unset <KEY>');
+    removeEnvValue(key);
+    logOk(`Removed ${key} from ${ENV_FILE}`);
+    return;
+  }
+
+  throw new Error('Usage: neoagent env [list|get|set|unset] ...');
+}
+
 function printHelp() {
   console.log(`${APP_NAME} manager`);
   console.log('Usage: neoagent <command>');
-  console.log('Commands: install | setup | update | restart | start | stop | status | logs | uninstall');
+  console.log('Commands: install | setup | env | update | restart | start | stop | status | logs | uninstall');
+  console.log('Env usage: neoagent env list | neoagent env get PORT | neoagent env set PORT 3333 | neoagent env unset PORT');
 }
 
 async function runCLI(argv) {
@@ -435,6 +538,9 @@ async function runCLI(argv) {
     case 'setup':
       await cmdSetup();
       break;
+    case 'env':
+      await cmdEnv(argv.slice(1));
+      break;
     case 'update':
       cmdUpdate();
       break;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "neoagent",
-  "version": "1.2.0",
+  "version": "1.4.0",
   "description": "Proactive personal AI agent with no limits",
   "license": "MIT",
   "main": "server/index.js",

package/server/index.js

@@ -34,7 +34,7 @@ if (!process.env.SESSION_SECRET) {
   console.warn('WARNING: SESSION_SECRET not set — using insecure default. Set it in .env before exposing this server.');
 }
 
-const PORT = process.env.PORT || 3060;
+const PORT = process.env.PORT || 3333;
 const DATA_DIR = path.join(__dirname, '../data');
 if (!fs.existsSync(DATA_DIR)) fs.mkdirSync(DATA_DIR, { recursive: true });
 

package/server/routes/store.js

@@ -1047,6 +1047,67 @@ ruby <file>.rb             # Ruby
   },
 
   // ── MAKER ────────────────────────────────────────────────────────────────────
+  {
+    id: 'psa-car-controller',
+    name: 'PSA Car Controller',
+    description: 'Control and query a local psa_car_controller instance for vehicle status, charging, climate, locks, lights and trips.',
+    category: 'maker',
+    icon: '🚗',
+    content: `---
+name: psa-car-controller
+description: Control and query a local psa_car_controller instance for vehicle status, charging, climate, locks, lights and trips
+trigger: When the user asks about a Peugeot, Citroen, Opel, Vauxhall or DS vehicle connected through psa_car_controller, including status, charging, preconditioning, locks, horn, lights, trips, charging sessions, battery SOH or settings
+category: maker
+icon: 🚗
+enabled: true
+---
+
+# PSA Car Controller
+
+Use the local [flobz/psa_car_controller](https://github.com/flobz/psa_car_controller) HTTP API. Default base URL: \`http://localhost:5005\`. Only use another host if the user explicitly gives one.
+
+## Request rules
+
+- Use \`http_request\` when available; otherwise use \`curl\`.
+- Default to JSON output and show the exact endpoint you called.
+- If the user does not provide a VIN, call \`GET /settings\` first and infer it from the configured vehicle when possible. If there are multiple vehicles or no VIN is present, ask for the VIN.
+- For read-only status requests, prefer cache when freshness is not important: \`GET /get_vehicleinfo/<VIN>?from_cache=1\`.
+- For live status, use \`GET /get_vehicleinfo/<VIN>\`. If the user wants a refresh from the car first, call \`GET /wakeup/<VIN>\`, wait briefly, then fetch status.
+- For state-changing actions that could be safety-sensitive (unlock, horn, lights, climate, charge stop/start), make sure the user intent is explicit before calling them.
+- If changing settings via \`/settings/<section>\`, mention that the app needs a restart afterward.
+
+## Supported endpoints
+
+- Vehicle state: \`GET /get_vehicleinfo/<VIN>\`
+- Cached vehicle state: \`GET /get_vehicleinfo/<VIN>?from_cache=1\`
+- Wake up / refresh state: \`GET /wakeup/<VIN>\`
+- Start or stop preconditioning: \`GET /preconditioning/<VIN>/1\` or \`/0\`
+- Start or stop charge immediately: \`GET /charge_now/<VIN>/1\` or \`/0\`
+- Set charge stop hour: \`GET /charge_control?vin=<VIN>&hour=<H>&minute=<M>\`
+- Set charge threshold percentage: \`GET /charge_control?vin=<VIN>&percentage=<PERCENT>\`
+- Set scheduled charge hour: \`GET /charge_hour?vin=<VIN>&hour=<H>&minute=<M>\`
+- Honk horn: \`GET /horn/<VIN>/<COUNT>\`
+- Flash lights: \`GET /lights/<VIN>/<DURATION>\`
+- Lock or unlock doors: \`GET /lock_door/<VIN>/1\` or \`/0\`
+- Battery SOH: \`GET /battery/soh/<VIN>\`
+- Charging sessions: \`GET /vehicles/chargings\`
+- Trips: \`GET /vehicles/trips\`
+- Dashboard / root UI: \`GET /\`
+- Read settings: \`GET /settings\`
+- Update settings: \`GET /settings/<section>?key=value\`
+
+## Response format
+
+Reply with:
+- action performed
+- endpoint used
+- status/result
+- key fields from the JSON response
+- any follow-up note, such as restart needed for settings changes
+
+If the API returns an error, include the response body and suggest the next useful check, usually \`/settings\` or a VIN validation.`
+  },
+
   {
     id: 'bambu-studio-cli',
     name: 'BambuStudio CLI',

package/server/services/manager.js

@@ -124,28 +124,35 @@ async function startServices(app, io) {
             if (msg.platform !== 'discord' && msg.platform !== 'telegram') {
                 const whitelistRow = db.prepare('SELECT value FROM user_settings WHERE user_id = ? AND key = ?')
                     .get(userId, `platform_whitelist_${msg.platform}`);
+                const normalize = msg.platform === 'whatsapp'
+                    ? normalizeWhatsAppId
+                    : (id) => String(id || '').replace(/[^0-9+]/g, '');
+
+                let whitelist = [];
                 if (whitelistRow) {
                     try {
-                        const whitelist = JSON.parse(whitelistRow.value);
-                        if (Array.isArray(whitelist) && whitelist.length > 0) {
-                            const normalize = msg.platform === 'whatsapp'
-                                ? normalizeWhatsAppId
-                                : (id) => String(id || '').replace(/[^0-9+]/g, '');
-                            const senderNorm = normalize(msg.sender || msg.chatId);
-                            const allowed = whitelist.some((n) => normalize(n) === senderNorm);
-                            if (!allowed) {
-                                console.log(`[Messaging] Blocked ${msg.platform} message from ${msg.sender} (not in whitelist)`);
-                                io.to(`user:${userId}`).emit('messaging:blocked_sender', {
-                                    platform: msg.platform,
-                                    sender: msg.sender,
-                                    chatId: msg.chatId,
-                                    senderName: msg.senderName || null
-                                });
-                                return;
-                            }
-                        }
+                        const parsed = JSON.parse(whitelistRow.value);
+                        if (Array.isArray(parsed)) whitelist = parsed;
                     } catch { }
                 }
+
+                const enforceEmptyWhitelist = msg.platform === 'whatsapp';
+                const shouldCheckWhitelist = whitelist.length > 0 || enforceEmptyWhitelist;
+
+                if (shouldCheckWhitelist) {
+                    const senderNorm = normalize(msg.sender || msg.chatId);
+                    const allowed = whitelist.some((n) => normalize(n) === senderNorm);
+                    if (!allowed) {
+                        console.log(`[Messaging] Blocked ${msg.platform} message from ${msg.sender} (not in whitelist)`);
+                        io.to(`user:${userId}`).emit('messaging:blocked_sender', {
+                            platform: msg.platform,
+                            sender: msg.sender,
+                            chatId: msg.chatId,
+                            senderName: msg.senderName || null
+                        });
+                        return;
+                    }
+                }
             }
 
             const upsertSetting = db.prepare('INSERT OR REPLACE INTO user_settings (user_id, key, value) VALUES (?, ?, ?)');