neoagent 1.6.0 → 2.0.0

package/README.md

@@ -6,12 +6,11 @@
 
 [![Node.js](https://img.shields.io/badge/Node.js-18+-5fa04e?style=flat-square&logo=node.js&logoColor=white)](https://nodejs.org)
 [![SQLite](https://img.shields.io/badge/SQLite-WAL-003b57?style=flat-square&logo=sqlite&logoColor=white)](https://sqlite.org)
-[![Multi-platform](https://img.shields.io/badge/macOS%20%2F%20Linux-supported-6366f1?style=flat-square&logo=apple&logoColor=white)](#)
+[![Flutter](https://img.shields.io/badge/Flutter-web%20%2B%20android-02569B?style=flat-square&logo=flutter&logoColor=white)](https://flutter.dev)
 [![License](https://img.shields.io/badge/License-MIT-a855f7?style=flat-square)](LICENSE)
-[![Android APK](https://img.shields.io/badge/Android-Download%20APK-3ddc84?style=flat-square&logo=android&logoColor=white)](https://github.com/NeoLabs-Systems/NeoAgent/releases/latest/download/app-debug.apk)
 
-A self-hosted, proactive AI agent with a web UI — no cloud dependency, no limits.  
-Connects to Anthropic, OpenAI, xAI, Google and local Ollama models.  
+A self-hosted, proactive AI agent with a Flutter client for web and Android.  
+Connects to OpenAI, xAI, Google, and local Ollama with `qwen3.5:4b`.  
 Runs tasks on a schedule, controls a browser, manages files, and talks to you over Telegram, Discord, or WhatsApp.
 
 ```bash
@@ -31,6 +30,21 @@ neoagent update
 neoagent logs
 ```
 
+Build the Flutter web client:
+```bash
+npm run flutter:build:web
+```
+
+The installer and npm package ship the bundled web client from `server/public`, so Flutter is only needed when you want to rebuild the frontend locally.
+
+Local development helpers live in `dev/`:
+```bash
+./dev/backend.sh
+./dev/web.sh
+./dev/stack.sh
+./dev/test.sh
+```
+
 ---
 
 [⚙️ Configuration](docs/configuration.md) · [🧰 Skills](docs/skills.md) · [🐛 Issues](https://github.com/NeoLabs-Systems/NeoAgent/issues)

package/docs/configuration.md

@@ -17,7 +17,7 @@ You can override the runtime root with `NEOAGENT_HOME`.
 
 ### AI Providers
 
-At least one API key is required. The active provider and model are configured in the web UI.
+At least one API key is required. The active provider and model are configured in the Flutter app.
 
 | Variable | Provider |
 |---|---|
@@ -34,7 +34,7 @@ At least one API key is required. The active provider and model are configured i
 |---|---|
 | `TELNYX_WEBHOOK_TOKEN` | Telnyx webhook signature verification |
 
-Telegram, Discord, and WhatsApp tokens are stored in the database via the web UI Settings page — not in `.env`.
+Telegram, Discord, and WhatsApp tokens are stored in the database via the Flutter app settings page — not in `.env`.
 
 ## Runtime data paths
 

package/docs/skills.md

@@ -46,4 +46,4 @@ The agent reads all `.md` files in the skills directory on each conversation tur
 
 ## MCP tools
 
-External tools are connected via the [Model Context Protocol](https://modelcontextprotocol.io). Configure MCP servers in the web UI under **Settings → MCP**. Connected tools appear alongside built-in skills automatically.
+External tools are connected via the [Model Context Protocol](https://modelcontextprotocol.io). Configure MCP servers in the Flutter app under **Models / Settings → MCP**. Connected tools appear alongside built-in skills automatically.

package/lib/manager.js

@@ -21,6 +21,8 @@ const SERVICE_LABEL = 'com.neoagent';
 const PLIST_SRC = path.join(APP_DIR, 'com.neoagent.plist');
 const PLIST_DST = path.join(os.homedir(), 'Library', 'LaunchAgents', 'com.neoagent.plist');
 const SYSTEMD_UNIT = path.join(os.homedir(), '.config', 'systemd', 'user', 'neoagent.service');
+const FLUTTER_APP_DIR = path.join(APP_DIR, 'flutter_app');
+const WEB_CLIENT_DIR = path.join(APP_DIR, 'server', 'public');
 
 const COLORS = process.stdout.isTTY
   ? {
@@ -137,6 +139,14 @@ function runQuiet(cmd, args, options = {}) {
   return spawnSync(cmd, args, { stdio: ['ignore', 'pipe', 'pipe'], encoding: 'utf8', cwd: APP_DIR, ...options });
 }
 
+function withInstallEnv(extraEnv = {}) {
+  return {
+    ...process.env,
+    PUPPETEER_SKIP_DOWNLOAD: process.env.PUPPETEER_SKIP_DOWNLOAD || 'true',
+    ...extraEnv
+  };
+}
+
 function commandExists(cmd) {
   const res = runQuiet('bash', ['-lc', `command -v ${cmd}`]);
   return res.status === 0;
@@ -259,10 +269,53 @@ async function cmdSetup() {
 
 function installDependencies() {
   heading('Dependencies');
-  runOrThrow('npm', ['install', '--omit=dev', '--no-audit', '--no-fund']);
+  runOrThrow('npm', ['install', '--omit=dev', '--no-audit', '--no-fund'], {
+    env: withInstallEnv()
+  });
   logOk('Dependencies installed');
 }
 
+function hasBundledWebClient() {
+  return fs.existsSync(path.join(WEB_CLIENT_DIR, 'index.html'));
+}
+
+function buildBundledWebClientIfPossible({ required = false } = {}) {
+  heading('Web Client');
+
+  if (!fs.existsSync(FLUTTER_APP_DIR)) {
+    if (hasBundledWebClient()) {
+      logOk('Using bundled Flutter web client');
+      return false;
+    }
+    if (required) {
+      throw new Error(`Missing Flutter app sources at ${FLUTTER_APP_DIR}`);
+    }
+    logWarn('Flutter app sources not found; keeping existing bundled web client');
+    return false;
+  }
+
+  if (!commandExists('flutter')) {
+    if (hasBundledWebClient()) {
+      logWarn('Flutter SDK not found; using bundled web client');
+      return false;
+    }
+    throw new Error('Flutter SDK is required to build the web client because no bundled client was found.');
+  }
+
+  runOrThrow('flutter', [
+    'build',
+    'web',
+    '--output',
+    '../server/public',
+    `--dart-define=NEOAGENT_BACKEND_URL=${process.env.NEOAGENT_BACKEND_URL || ''}`
+  ], {
+    cwd: FLUTTER_APP_DIR,
+    env: process.env
+  });
+  logOk('Bundled Flutter web client updated');
+  return true;
+}
+
 function installMacService() {
   ensureLogDir();
   fs.mkdirSync(path.dirname(PLIST_DST), { recursive: true });
@@ -325,6 +378,7 @@ async function cmdInstall() {
   }
 
   installDependencies();
+  buildBundledWebClientIfPossible({ required: true });
 
   const platform = detectPlatform();
   if (platform === 'macos' && commandExists('launchctl')) {
@@ -481,15 +535,19 @@ function cmdUpdate() {
     if (current.status === 0 && next.status === 0 && current.stdout.trim() !== next.stdout.trim()) {
       logOk(`Updated ${current.stdout.trim()} -> ${next.stdout.trim()}`);
       installDependencies();
+      buildBundledWebClientIfPossible();
     } else {
       logOk('Already up to date');
+      buildBundledWebClientIfPossible();
     }
   } else {
     logWarn('No git repo detected; attempting npm global update.');
     if (commandExists('npm')) {
       try {
         backupRuntimeData();
-        runOrThrow('npm', ['install', '-g', 'neoagent@latest']);
+        runOrThrow('npm', ['install', '-g', 'neoagent@latest'], {
+          env: withInstallEnv()
+        });
         logOk('npm global update completed');
       } catch {
         logWarn('npm global update failed. Run: npm install -g neoagent@latest');
@@ -499,6 +557,10 @@ function cmdUpdate() {
     }
   }
 
+  if (!hasBundledWebClient()) {
+    throw new Error('No bundled Flutter web client found after update.');
+  }
+
   cmdRestart();
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "neoagent",
-  "version": "1.6.0",
+  "version": "2.0.0",
   "description": "Proactive personal AI agent with no limits",
   "license": "MIT",
   "main": "server/index.js",
@@ -21,6 +21,13 @@
   "scripts": {
     "start": "node server/index.js",
     "dev": "node --watch server/index.js",
+    "dev:backend": "./dev/backend.sh",
+    "dev:web": "./dev/web.sh",
+    "dev:stack": "./dev/stack.sh",
+    "dev:build": "./dev/build.sh",
+    "dev:test": "./dev/test.sh",
+    "flutter:run:web": "cd flutter_app && flutter run -d chrome",
+    "flutter:build:web": "cd flutter_app && flutter build web --output ../server/public --dart-define=NEOAGENT_BACKEND_URL=${NEOAGENT_BACKEND_URL:-}",
     "manage": "node bin/neoagent.js",
     "test": "node --test",
     "benchmark:tokens": "node scripts/benchmark-token-cost.js",
@@ -54,7 +61,7 @@
     "node-pty": "^1.0.0",
     "node-telegram-bot-api": "^0.67.0",
     "openai": "^4.85.4",
-    "puppeteer": "^24.4.0",
+    "puppeteer-core": "^24.40.0",
     "puppeteer-extra": "^3.3.6",
     "puppeteer-extra-plugin-stealth": "^2.11.2",
     "socket.io": "^4.8.1",

package/server/config/origins.js

@@ -0,0 +1,34 @@
+'use strict';
+
+const configuredOrigins = (process.env.ALLOWED_ORIGINS || '')
+  .split(',')
+  .map((origin) => origin.trim())
+  .filter(Boolean);
+
+function isLoopbackOrigin(origin) {
+  try {
+    const parsed = new URL(origin);
+    return ['localhost', '127.0.0.1', '[::1]'].includes(parsed.hostname);
+  } catch {
+    return false;
+  }
+}
+
+function isAllowedOrigin(origin) {
+  if (!origin) return true;
+  if (configuredOrigins.includes(origin)) return true;
+  if (isLoopbackOrigin(origin)) return true;
+  return false;
+}
+
+function validateOrigin(origin, callback) {
+  if (isAllowedOrigin(origin)) return callback(null, true);
+  return callback(new Error(`Origin not allowed: ${origin || 'unknown'}`));
+}
+
+module.exports = {
+  configuredOrigins,
+  isAllowedOrigin,
+  isLoopbackOrigin,
+  validateOrigin
+};

package/server/db/database.js

@@ -214,19 +214,6 @@ db.exec(`
 
   CREATE INDEX IF NOT EXISTS idx_memories_user ON memories(user_id, archived, updated_at DESC);
   CREATE INDEX IF NOT EXISTS idx_memories_category ON memories(user_id, category, archived);
-  CREATE TABLE IF NOT EXISTS protocols (
-    id INTEGER PRIMARY KEY AUTOINCREMENT,
-    user_id INTEGER NOT NULL,
-    name TEXT UNIQUE NOT NULL,
-    description TEXT,
-    content TEXT NOT NULL,
-    created_at TEXT DEFAULT (datetime('now')),
-    updated_at TEXT DEFAULT (datetime('now')),
-    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
-  );
-
-  CREATE INDEX IF NOT EXISTS idx_protocols_user ON protocols(user_id);
-
   CREATE INDEX IF NOT EXISTS idx_core_memory_user ON core_memory(user_id, key);
 
   CREATE TABLE IF NOT EXISTS health_sync_runs (

package/server/http/errors.js

@@ -0,0 +1,17 @@
+'use strict';
+
+const { sanitizeError } = require('../utils/security');
+
+function registerErrorHandler(app) {
+  app.use((err, req, res, next) => {
+    console.error('[Unhandled error]', err);
+    const status = err.status || err.statusCode || 500;
+    const message = sanitizeError(err);
+    if (req.path.startsWith('/api/')) {
+      return res.status(status).json({ error: message });
+    }
+    return res.status(status).send('Something went wrong.');
+  });
+}
+
+module.exports = { registerErrorHandler };

package/server/http/middleware.js

@@ -0,0 +1,81 @@
+'use strict';
+
+const session = require('express-session');
+const SQLiteStore = require('connect-sqlite3')(session);
+const helmet = require('helmet');
+const cors = require('cors');
+const { DATA_DIR } = require('../../runtime/paths');
+
+function buildHelmetOptions({ secureCookies }) {
+  const wsConnectSrc = secureCookies ? ['wss:'] : ['ws:', 'wss:'];
+
+  return {
+    strictTransportSecurity: false,
+    crossOriginOpenerPolicy: false,
+    originAgentCluster: false,
+    contentSecurityPolicy: {
+      directives: {
+        defaultSrc: ["'self'"],
+        scriptSrc: [
+          "'self'",
+          "'unsafe-inline'",
+          "'unsafe-eval'",
+          'blob:',
+          'https://cdn.jsdelivr.net'
+        ],
+        scriptSrcAttr: ["'unsafe-inline'"],
+        styleSrc: ["'self'", "'unsafe-inline'", 'https://fonts.googleapis.com'],
+        imgSrc: ["'self'", 'data:', 'blob:', 'https://api.qrserver.com'],
+        connectSrc: [
+          "'self'",
+          'https://fonts.googleapis.com',
+          'https://fonts.gstatic.com',
+          ...wsConnectSrc
+        ],
+        fontSrc: ["'self'", 'data:', 'https://fonts.gstatic.com'],
+        workerSrc: ["'self'", 'blob:'],
+        formAction: ["'self'"],
+        frameAncestors: ["'self'"],
+        upgradeInsecureRequests: null
+      }
+    }
+  };
+}
+
+function createSessionMiddleware({ secureCookies }) {
+  return session({
+    store: new SQLiteStore({ db: 'sessions.db', dir: DATA_DIR }),
+    secret: process.env.SESSION_SECRET || 'neoagent-dev-secret-change-me',
+    name: 'neoagent.sid',
+    resave: false,
+    saveUninitialized: false,
+    cookie: {
+      maxAge: 7 * 24 * 60 * 60 * 1000,
+      httpOnly: true,
+      sameSite: 'lax',
+      secure: secureCookies
+    }
+  });
+}
+
+function applyHttpMiddleware(app, { secureCookies, sessionMiddleware, validateOrigin }) {
+  if (secureCookies) {
+    app.set('trust proxy', 1);
+  }
+
+  app.use(helmet(buildHelmetOptions({ secureCookies })));
+  app.use(
+    cors({
+      origin: validateOrigin,
+      credentials: true
+    })
+  );
+  app.use(require('express').json({ limit: '10mb' }));
+  app.use(require('express').urlencoded({ extended: true }));
+  app.use(sessionMiddleware);
+}
+
+module.exports = {
+  applyHttpMiddleware,
+  createSessionMiddleware
+};

package/server/http/routes.js

@@ -0,0 +1,45 @@
+'use strict';
+
+const { requireAuth } = require('../middleware/auth');
+const { setupTelnyxWebhook } = require('../routes/telnyx');
+const { getVersionInfo } = require('../utils/version');
+
+const routeRegistry = [
+  { basePath: null, modulePath: '../routes/auth' },
+  { basePath: '/api/settings', modulePath: '../routes/settings' },
+  { basePath: '/api/agents', modulePath: '../routes/agents' },
+  { basePath: '/api/messaging', modulePath: '../routes/messaging' },
+  { basePath: '/api/mcp', modulePath: '../routes/mcp' },
+  { basePath: '/api/skills', modulePath: '../routes/skills' },
+  { basePath: '/api/store', modulePath: '../routes/store' },
+  { basePath: '/api/memory', modulePath: '../routes/memory' },
+  { basePath: '/api/scheduler', modulePath: '../routes/scheduler' },
+  { basePath: '/api/browser', modulePath: '../routes/browser' },
+  { basePath: '/api/mobile/health', modulePath: '../routes/mobile-health' }
+];
+
+function registerApiRoutes(app) {
+  for (const route of routeRegistry) {
+    const handler = require(route.modulePath);
+    if (route.basePath) {
+      app.use(route.basePath, handler);
+    } else {
+      app.use(handler);
+    }
+  }
+
+  setupTelnyxWebhook(app);
+
+  app.get('/api/health', requireAuth, (req, res) => {
+    res.json({ status: 'ok', timestamp: new Date().toISOString() });
+  });
+
+  app.get('/api/version', requireAuth, (req, res) => {
+    res.json(getVersionInfo());
+  });
+}
+
+module.exports = {
+  registerApiRoutes,
+  routeRegistry
+};

package/server/http/socket.js

@@ -0,0 +1,23 @@
+'use strict';
+
+const { Server: SocketIO } = require('socket.io');
+
+function createSocketServer(httpServer, { validateOrigin }) {
+  return new SocketIO(httpServer, {
+    cors: {
+      origin: validateOrigin,
+      credentials: true
+    }
+  });
+}
+
+function bindSocketSessions(io, sessionMiddleware) {
+  io.use((socket, next) => {
+    sessionMiddleware(socket.request, {}, next);
+  });
+}
+
+module.exports = {
+  bindSocketSessions,
+  createSocketServer
+};

package/server/http/static.js

@@ -0,0 +1,50 @@
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const express = require('express');
+const { DATA_DIR } = require('../../runtime/paths');
+const { requireAuth } = require('../middleware/auth');
+
+const FLUTTER_WEB_DIR = path.join(__dirname, '..', 'public');
+
+function registerStaticRoutes(app) {
+  app.use(
+    '/telnyx-audio',
+    express.static(path.join(DATA_DIR, 'telnyx-audio'), {
+      index: false,
+      setHeaders: (res, filePath) => {
+        if (!filePath.match(/\.(mp3|wav|ogg|aac|m4a)$/i)) {
+          res.status(403).end();
+        }
+      }
+    })
+  );
+
+  app.use(
+    '/screenshots',
+    requireAuth,
+    express.static(path.join(DATA_DIR, 'screenshots'))
+  );
+
+  app.use(express.static(FLUTTER_WEB_DIR, { index: false }));
+  app.get(/^\/(?!api|screenshots|telnyx-audio).*/, serveFlutterApp);
+}
+
+function serveFlutterApp(req, res) {
+  const entry = path.join(FLUTTER_WEB_DIR, 'index.html');
+  if (!fs.existsSync(entry)) {
+    return res
+      .status(503)
+      .send(
+        'Flutter web build not found. Run "npm run flutter:build:web" to generate the bundled client.'
+      );
+  }
+  return res.sendFile(entry);
+}
+
+module.exports = {
+  FLUTTER_WEB_DIR,
+  registerStaticRoutes,
+  serveFlutterApp
+};