openclaw-overlay-plugin 0.7.22

package/src/scripts/x-verification/commands.ts

@@ -0,0 +1,256 @@
+/**
+ * X (Twitter) verification commands.
+ */
+
+import fs from 'node:fs';
+import { OVERLAY_URL, PROTOCOL_ID, TOPICS, LOOKUP_SERVICES, OVERLAY_STATE_DIR, PATHS } from '../config.js';
+import { ok, fail } from '../output.js';
+import { loadIdentity, signRelayMessage } from '../wallet/identity.js';
+import { loadXVerifications, saveXVerifications, readJsonl, appendToJsonl, loadServices, ensureStateDir } from '../utils/storage.js';
+import { buildRealOverlayTransaction, lookupOverlay } from '../overlay/transaction.js';
+import { verifyAndAcceptPayment } from '../messaging/handlers.js';
+import { fetchWithTimeout } from '../utils/woc.js';
+
+// Dynamic import for @bsv/sdk
+let _sdk: any = null;
+
+async function getSdk(): Promise<any> {
+  if (_sdk) return _sdk;
+
+  try {
+    _sdk = await import('@bsv/sdk');
+    return _sdk;
+  } catch {
+    const { fileURLToPath } = await import('node:url');
+    const path = await import('node:path');
+    const os = await import('node:os');
+
+    const __dirname = path.dirname(fileURLToPath(import.meta.url));
+    const candidates = [
+      path.resolve(__dirname, '..', '..', '..', 'node_modules', '@bsv', 'sdk', 'dist', 'esm', 'mod.js'),
+      path.resolve(__dirname, '..', '..', '..', '..', '..', 'a2a-bsv', 'packages', 'core', 'node_modules', '@bsv', 'sdk', 'dist', 'esm', 'mod.js'),
+      path.resolve(os.homedir(), 'a2a-bsv', 'packages', 'core', 'node_modules', '@bsv', 'sdk', 'dist', 'esm', 'mod.js'),
+    ];
+
+    for (const p of candidates) {
+      try {
+        _sdk = await import(p);
+        return _sdk;
+      } catch {
+        // Try next
+      }
+    }
+    throw new Error('Cannot find @bsv/sdk. Run setup.sh first.');
+  }
+}
+
+/**
+ * Start X verification: generate a tweet with identity key and signature.
+ */
+export async function cmdXVerifyStart(handleArg: string | undefined): Promise<never> {
+  if (!handleArg) {
+    return fail('Usage: x-verify-start <@handle>');
+  }
+
+  const sdk = await getSdk();
+  const handle = handleArg.startsWith('@') ? handleArg : `@${handleArg}`;
+  const { identityKey, privKey } = await loadIdentity();
+
+  // Sign the verification message
+  const message = `Verify ${identityKey}`;
+  const msgHash = sdk.Hash.sha256(Array.from(new TextEncoder().encode(message)));
+  const sig = privKey.sign(msgHash);
+  const signatureHex = (Array.from(sig.toDER()) as number[]).map((b) => b.toString(16).padStart(2, '0')).join('');
+
+  // Save pending verification
+  const pending = {
+    identityKey,
+    handle,
+    signature: signatureHex,
+    message,
+    createdAt: new Date().toISOString(),
+  };
+
+  ensureStateDir();
+  fs.writeFileSync(PATHS.pendingXVerification, JSON.stringify(pending, null, 2));
+
+  // Build tweet text (under 280 chars)
+  // Use shortened signature (first 40 chars) to fit in tweet
+  const tweetText = `BSV Agent Verify: ${identityKey.slice(0, 10)}...${identityKey.slice(-10)} sig:${signatureHex.slice(0, 40)}`;
+
+  return ok({
+    tweetText,
+    handle,
+    identityKey,
+    signature: signatureHex,
+    note: `Post the tweet above from ${handle}, then run: x-verify-complete <tweet_url>`,
+  });
+}
+
+/**
+ * Complete X verification by checking the posted tweet.
+ */
+export async function cmdXVerifyComplete(tweetUrl: string | undefined): Promise<never> {
+  if (!tweetUrl) return fail('Usage: x-verify-complete <tweet-url>');
+
+  // Load pending verification
+  if (!fs.existsSync(PATHS.pendingXVerification)) {
+    return fail('No pending X verification. Run x-verify-start first.');
+  }
+
+  const pending = JSON.parse(fs.readFileSync(PATHS.pendingXVerification, 'utf-8'));
+
+  // Extract tweet ID from URL
+  const tweetIdMatch = tweetUrl.match(/status\/(\d+)/);
+  if (!tweetIdMatch) return fail('Invalid tweet URL. Expected format: https://x.com/user/status/123456789');
+  const tweetId = tweetIdMatch[1];
+
+  // Fetch the tweet using bird CLI
+  let tweetData: any;
+  try {
+    const { execSync } = await import('child_process');
+    const birdOutput = execSync(`bird read ${tweetUrl} --json 2>/dev/null`, {
+      encoding: 'utf-8',
+      timeout: 30000,
+    });
+    tweetData = JSON.parse(birdOutput);
+  } catch (err: any) {
+    return fail(`Failed to fetch tweet: ${err.message}. Make sure bird CLI is configured.`);
+  }
+
+  // Verify the tweet contains our identity key and partial signature
+  const tweetText = tweetData.text || tweetData.full_text || '';
+  if (!tweetText.includes(pending.identityKey.slice(0, 10))) {
+    return fail('Tweet does not contain the expected identity key.');
+  }
+  // Check for partial signature (first 40 chars)
+  if (!tweetText.includes(pending.signature.slice(0, 40))) {
+    return fail('Tweet does not contain the expected verification signature prefix.');
+  }
+
+  // Get the X user info from the tweet
+  const xUserId = tweetData.user?.id_str || tweetData.authorId || tweetData.author?.id || tweetData.user_id;
+  const xHandle = tweetData.user?.screen_name || tweetData.author?.username || tweetData.author?.name || pending.handle.replace('@', '');
+
+  if (!xUserId) {
+    return fail('Could not extract X user ID from tweet data.');
+  }
+
+  // Build on-chain verification record
+  const verificationPayload = {
+    protocol: PROTOCOL_ID,
+    type: 'x-verification',
+    identityKey: pending.identityKey,
+    xHandle: `@${xHandle}`,
+    xUserId,
+    tweetId,
+    tweetUrl,
+    signature: pending.signature,
+    verifiedAt: new Date().toISOString(),
+  };
+
+  // Submit to overlay (may fail if topic manager not deployed yet)
+  let result = { txid: null as string | null, funded: 'pending-server-support' };
+  let onChainStored = false;
+  try {
+    result = await buildRealOverlayTransaction(verificationPayload, TOPICS.X_VERIFICATION);
+    onChainStored = true;
+  } catch (err: any) {
+    console.error(`[x-verify] On-chain storage failed: ${err.message}`);
+    console.error('[x-verify] Storing verification locally.');
+  }
+
+  // Save verification locally
+  const verifications = loadXVerifications();
+  verifications.push({
+    ...verificationPayload,
+    txid: result.txid,
+  });
+  saveXVerifications(verifications);
+
+  // Clean up pending
+  fs.unlinkSync(PATHS.pendingXVerification);
+
+  return ok({
+    verified: true,
+    identityKey: pending.identityKey,
+    xHandle: `@${xHandle}`,
+    xUserId,
+    tweetId,
+    txid: result.txid,
+    funded: result.funded,
+    onChainStored,
+    note: onChainStored ? undefined : 'Stored locally. On-chain anchoring pending server topic manager deployment.',
+  });
+}
+
+/**
+ * List verified X accounts (local cache).
+ */
+export async function cmdXVerifications(): Promise<never> {
+  const verifications = loadXVerifications();
+  return ok({ verifications, count: verifications.length });
+}
+
+/**
+ * Lookup X verifications from the overlay network.
+ */
+export async function cmdXLookup(query: string | undefined): Promise<never> {
+  try {
+    const lookupQuery = query
+      ? (query.startsWith('@') ? { xHandle: query } : { identityKey: query })
+      : { type: 'list' };
+
+    const response = await lookupOverlay(LOOKUP_SERVICES.X_VERIFICATIONS, lookupQuery);
+    return ok({ verifications: response.outputs || response || [], query: lookupQuery });
+  } catch {
+    return ok({ verifications: [], query, note: 'X verification lookup service may not be deployed yet.' });
+  }
+}
+
+/**
+ * List pending X engagement requests.
+ */
+export async function cmdXEngagementQueue(): Promise<never> {
+  if (!fs.existsSync(PATHS.xEngagementQueue)) {
+    return ok({ queue: [], count: 0 });
+  }
+
+  const queue = readJsonl<any>(PATHS.xEngagementQueue).filter(e => e.status === 'pending');
+
+  return ok({ queue, count: queue.length });
+}
+
+/**
+ * Mark an X engagement request as fulfilled.
+ */
+export async function cmdXEngagementFulfill(
+  requestId: string | undefined,
+  proofUrl?: string
+): Promise<never> {
+  if (!requestId) return fail('Usage: x-engagement-fulfill <requestId> [proofUrl]');
+
+  if (!fs.existsSync(PATHS.xEngagementQueue)) {
+    return fail('No engagement queue found.');
+  }
+
+  const queue = readJsonl<any>(PATHS.xEngagementQueue);
+  const entryIndex = queue.findIndex(e => e.requestId === requestId);
+  if (entryIndex === -1) {
+    return fail(`Request ${requestId} not found in queue.`);
+  }
+
+  // Mark as fulfilled
+  queue[entryIndex].status = 'fulfilled';
+  queue[entryIndex].fulfilledAt = new Date().toISOString();
+  queue[entryIndex].proofUrl = proofUrl || null;
+
+  // Rewrite queue file
+  fs.writeFileSync(PATHS.xEngagementQueue, queue.map(e => JSON.stringify(e)).join('\n') + '\n');
+
+  return ok({
+    fulfilled: true,
+    requestId,
+    entry: queue[entryIndex],
+  });
+}

package/src/scripts/x-verification/index.ts

@@ -0,0 +1,5 @@
+/**
+ * X verification module exports.
+ */
+
+export * from './commands.js';

package/src/services/built-in/api-proxy/index.ts

@@ -0,0 +1,26 @@
+/**
+ * API Proxy service definition.
+ */
+
+import { ServiceDefinition, ServiceCategory } from '../../types.js';
+
+const apiProxyService: ServiceDefinition = {
+  id: 'api-proxy',
+  name: 'API Proxy',
+  description: 'Proxy HTTP requests to external APIs. Input: {url, method, headers, body}.',
+  defaultPrice: 15,
+  category: ServiceCategory.UTILITY,
+  inputSchema: {
+    type: 'object',
+    properties: {
+      url: { type: 'string', description: 'Target API URL' },
+      method: { type: 'string', enum: ['GET', 'POST', 'PUT', 'DELETE'], description: 'HTTP method' },
+      headers: { type: 'object', description: 'Request headers' },
+      body: { description: 'Request body' },
+      timeout: { type: 'number', description: 'Request timeout in ms' }
+    },
+    required: ['url']
+  }
+};
+
+export default apiProxyService;

package/src/services/built-in/api-proxy/prompt.md

@@ -0,0 +1,26 @@
+# API Proxy Service
+
+You are processing a request for the "api-proxy" service. You help users make HTTP requests to external APIs safely.
+
+## Input
+```json
+{{input}}
+```
+
+## Instructions
+1. Make the HTTP request to the specified URL with the given parameters
+2. Handle errors gracefully
+3. Return the API response along with metadata
+
+## Response Format
+```json
+{
+  "success": true,
+  "data": "API response data",
+  "metadata": {
+    "statusCode": 200,
+    "responseTime": "123ms",
+    "headers": {"content-type": "application/json"}
+  }
+}
+```

package/src/services/built-in/code-develop/index.ts

@@ -0,0 +1,26 @@
+/**
+ * Code Development service definition.
+ */
+
+import { ServiceDefinition, ServiceCategory } from '../../types.js';
+
+const codeDevelopService: ServiceDefinition = {
+  id: 'code-develop',
+  name: 'Code Development',
+  description: 'Generate code from requirements. Specify language, task description, and constraints.',
+  defaultPrice: 100,
+  category: ServiceCategory.DEVELOPMENT,
+  inputSchema: {
+    type: 'object',
+    properties: {
+      requirements: { type: 'string', description: 'Detailed description of what code to generate' },
+      language: { type: 'string', description: 'Programming language (e.g., JavaScript, Python, Java)' },
+      constraints: { type: 'string', description: 'Any specific constraints or requirements' },
+      style: { type: 'string', description: 'Code style preferences' },
+      includeTests: { type: 'boolean', description: 'Whether to include unit tests' }
+    },
+    required: ['requirements', 'language']
+  }
+};
+
+export default codeDevelopService;

package/src/services/built-in/code-develop/prompt.md

@@ -0,0 +1,35 @@
+# Code Development Service
+
+You are processing a request for the "code-develop" service. You generate high-quality code based on user requirements.
+
+## Input
+```json
+{{input}}
+```
+
+## Instructions
+1. Analyze the requirements thoroughly
+2. Choose appropriate patterns and libraries for the target language
+3. Write clean, well-documented code
+4. Follow language-specific best practices
+5. Include error handling and edge cases
+6. Generate unit tests if requested
+
+## Development Guidelines
+- **Code Quality**: Write production-ready code with proper error handling
+- **Documentation**: Include clear comments and docstrings
+- **Security**: Follow secure coding practices
+- **Performance**: Consider performance implications
+- **Maintainability**: Use clear variable names and modular structure
+
+## Response Format
+```json
+{
+  "success": true,
+  "language": "JavaScript",
+  "code": "// Your generated code here\nfunction example() {\n  return 'Hello World';\n}",
+  "tests": "// Unit tests if requested\ntest('example function', () => {\n  expect(example()).toBe('Hello World');\n});",
+  "explanation": "Brief explanation of the code structure and approach",
+  "dependencies": ["package1", "package2"]
+}
+```

package/src/services/built-in/code-review/index.ts

@@ -0,0 +1,54 @@
+/**
+ * Code Review service definition.
+ *
+ * Provides thorough code review covering bugs, security issues, style,
+ * performance, and improvement suggestions. This is an agent-mode service
+ * that leverages the LLM's capabilities.
+ */
+
+import { ServiceDefinition, ServiceCategory } from '../../types.js';
+
+const codeReviewService: ServiceDefinition = {
+  id: 'code-review',
+  name: 'Code Review',
+  description: 'Thorough code review covering bugs, security issues, style, performance, and improvement suggestions.',
+  defaultPrice: 50,
+  category: ServiceCategory.DEVELOPMENT,
+  inputSchema: {
+    type: 'object',
+    properties: {
+      code: {
+        type: 'string',
+        description: 'Code to review'
+      },
+      language: {
+        type: 'string',
+        description: 'Programming language (auto-detected if not provided)'
+      },
+      prUrl: {
+        type: 'string',
+        description: 'GitHub/GitLab PR URL to review instead of direct code'
+      },
+      focusAreas: {
+        type: 'array',
+        items: {
+          type: 'string',
+          enum: ['security', 'performance', 'style', 'bugs', 'maintainability', 'testing']
+        },
+        description: 'Specific areas to focus the review on'
+      },
+      severity: {
+        type: 'string',
+        enum: ['basic', 'detailed', 'comprehensive'],
+        description: 'Depth of review (default: detailed)'
+      }
+    },
+    anyOf: [
+      { required: ['code'] },
+      { required: ['prUrl'] }
+    ]
+  }
+  // No handler - this service uses agent mode for full LLM capabilities
+};
+
+export default codeReviewService;

package/src/services/built-in/code-review/prompt.md

@@ -0,0 +1,105 @@
+# Code Review Service
+
+You are processing a request for the "code-review" service. You are an expert code reviewer with deep knowledge across multiple programming languages.
+
+## Service Description
+Provide thorough code review covering bugs, security issues, style, performance, and improvement suggestions.
+
+## Input
+The user has provided the following input:
+```json
+{{input}}
+```
+
+## Instructions
+
+### If code is provided directly:
+1. **Identify the language** (if not specified)
+2. **Analyze the code** for:
+   - **Bugs**: Logic errors, edge cases, potential crashes
+   - **Security**: Vulnerabilities, input validation, data exposure
+   - **Performance**: Efficiency issues, bottlenecks, optimizations
+   - **Style**: Code organization, naming, best practices
+   - **Maintainability**: Code clarity, documentation, refactoring needs
+   - **Testing**: Missing tests, test coverage suggestions
+
+### If a PR URL is provided:
+1. Fetch the PR content if possible
+2. Review the changes in context
+3. Consider the diff and impact on the codebase
+
+### Focus Areas
+If the user specified `focusAreas`, prioritize those aspects while still providing a comprehensive review.
+
+### Severity Levels
+- **Basic**: High-level overview with major issues only
+- **Detailed**: Thorough analysis with specific recommendations (default)
+- **Comprehensive**: Deep dive with extensive examples and alternatives
+
+## Response Format
+Provide your response in this structured format:
+
+```json
+{
+  "summary": {
+    "language": "detected/provided language",
+    "linesOfCode": "approximate count",
+    "overallScore": "1-10 rating",
+    "criticalIssues": "number of critical issues found"
+  },
+  "issues": [
+    {
+      "severity": "critical|high|medium|low",
+      "category": "bug|security|performance|style|maintainability|testing",
+      "title": "Brief issue description",
+      "description": "Detailed explanation",
+      "location": "line numbers or function names",
+      "suggestion": "How to fix it",
+      "example": "Code example if helpful"
+    }
+  ],
+  "recommendations": {
+    "security": ["Security improvements"],
+    "performance": ["Performance optimizations"],
+    "style": ["Style improvements"],
+    "testing": ["Testing suggestions"],
+    "general": ["General recommendations"]
+  },
+  "positives": [
+    "Things the code does well"
+  ],
+  "refactoringOpportunities": [
+    "Areas that could benefit from refactoring"
+  ]
+}
+```
+
+## Example Response
+For code with a potential SQL injection:
+
+```json
+{
+  "summary": {
+    "language": "JavaScript",
+    "linesOfCode": 45,
+    "overallScore": 6,
+    "criticalIssues": 1
+  },
+  "issues": [
+    {
+      "severity": "critical",
+      "category": "security",
+      "title": "SQL Injection Vulnerability",
+      "description": "User input is directly concatenated into SQL query without sanitization",
+      "location": "line 23-25",
+      "suggestion": "Use parameterized queries or prepared statements",
+      "example": "const query = 'SELECT * FROM users WHERE id = ?'; db.query(query, [userId])"
+    }
+  ],
+  "recommendations": {
+    "security": ["Implement input validation", "Use parameterized queries"],
+    "testing": ["Add unit tests for edge cases"],
+    "general": ["Add error handling for database operations"]
+  }
+}
+```

package/src/services/built-in/image-analysis/index.ts

@@ -0,0 +1,36 @@
+/**
+ * Image Analysis service definition.
+ */
+
+import { ServiceDefinition, ServiceCategory } from '../../types.js';
+
+const imageAnalysisService: ServiceDefinition = {
+  id: 'image-analysis',
+  name: 'Image Analysis',
+  description: 'Analyze and describe images. Identify objects, text, scenes, and more.',
+  defaultPrice: 30,
+  category: ServiceCategory.AI,
+  inputSchema: {
+    type: 'object',
+    properties: {
+      imageUrl: { type: 'string', description: 'URL of the image to analyze' },
+      imageData: { type: 'string', description: 'Base64 encoded image data' },
+      analysisType: {
+        type: 'string',
+        enum: ['general', 'objects', 'text', 'faces', 'scenes'],
+        description: 'Type of analysis to perform'
+      },
+      detailLevel: {
+        type: 'string',
+        enum: ['brief', 'detailed', 'comprehensive'],
+        description: 'Level of detail in analysis'
+      }
+    },
+    oneOf: [
+      { required: ['imageUrl'] },
+      { required: ['imageData'] }
+    ]
+  }
+};
+
+export default imageAnalysisService;

package/src/services/built-in/image-analysis/prompt.md

@@ -0,0 +1,42 @@
+# Image Analysis Service
+
+You are processing a request for the "image-analysis" service. You analyze images and provide detailed descriptions of their contents.
+
+## Input
+```json
+{{input}}
+```
+
+## Instructions
+1. Load and examine the provided image (via URL or base64 data)
+2. Perform the requested type of analysis
+3. Provide detailed, accurate descriptions
+4. Include confidence levels where appropriate
+5. Structure the response according to the analysis type
+
+## Analysis Types
+- **General**: Overall description of the image content
+- **Objects**: Identify and locate specific objects in the image
+- **Text**: Extract and transcribe any visible text (OCR)
+- **Faces**: Detect and describe faces (no identification, just descriptions)
+- **Scenes**: Analyze the setting, mood, and context of the scene
+
+## Response Format
+```json
+{
+  "success": true,
+  "analysisType": "general",
+  "description": "A detailed description of the image contents",
+  "objects": [
+    {"name": "car", "confidence": 0.95, "location": "center-left"},
+    {"name": "tree", "confidence": 0.87, "location": "background"}
+  ],
+  "text": "Any extracted text from the image",
+  "colors": ["red", "blue", "green"],
+  "mood": "cheerful",
+  "metadata": {
+    "resolution": "1920x1080",
+    "format": "JPEG"
+  }
+}
+```

package/src/services/built-in/memory-store/index.ts

@@ -0,0 +1,25 @@
+/**
+ * Memory Store service definition.
+ */
+
+import { ServiceDefinition, ServiceCategory } from '../../types.js';
+
+const memoryStoreService: ServiceDefinition = {
+  id: 'memory-store',
+  name: 'Memory Store',
+  description: 'Persistent key-value storage for agents. Operations: set, get, delete, list.',
+  defaultPrice: 10,
+  category: ServiceCategory.UTILITY,
+  inputSchema: {
+    type: 'object',
+    properties: {
+      operation: { type: 'string', enum: ['set', 'get', 'delete', 'list'], description: 'Storage operation' },
+      key: { type: 'string', description: 'Storage key (required for set, get, delete)' },
+      value: { description: 'Value to store (required for set operation)' },
+      namespace: { type: 'string', description: 'Optional namespace for keys' }
+    },
+    required: ['operation']
+  }
+};
+
+export default memoryStoreService;

package/src/services/built-in/memory-store/prompt.md

@@ -0,0 +1,45 @@
+# Memory Store Service
+
+You are processing a request for the "memory-store" service. You provide persistent key-value storage for AI agents.
+
+## Input
+```json
+{{input}}
+```
+
+## Instructions
+Based on the operation type:
+
+### SET Operation
+- Store the provided value under the given key
+- Create namespace directory if needed
+- Return confirmation of storage
+
+### GET Operation
+- Retrieve the value for the given key
+- Return null if key doesn't exist
+- Include metadata like creation time if available
+
+### DELETE Operation
+- Remove the key-value pair
+- Return confirmation of deletion
+- Handle case where key doesn't exist gracefully
+
+### LIST Operation
+- Return all keys in the namespace
+- Include basic metadata for each key
+- Support pagination if many keys exist
+
+## Response Format
+```json
+{
+  "success": true,
+  "operation": "get",
+  "key": "example-key",
+  "value": "stored value or null",
+  "metadata": {
+    "created": "2024-01-01T12:00:00Z",
+    "namespace": "default"
+  }
+}
+```