rogerthat 1.21.2

package/dist/server.js

@@ -0,0 +1,13 @@
+import { serve } from "@hono/node-server";
+import { createApp } from "./app.js";
+const PORT = Number(process.env.PORT ?? 7424);
+const HOST = process.env.HOST ?? "127.0.0.1";
+const PUBLIC_ORIGIN = process.env.PUBLIC_ORIGIN ?? "https://rogerthat.chat";
+const ADMIN_TOKEN = process.env.ROGERRAT_ADMIN_TOKEN || undefined;
+const app = createApp({
+    publicOrigin: PUBLIC_ORIGIN,
+    authRequired: true,
+    adminToken: ADMIN_TOKEN,
+});
+console.log(`[rogerthat] listening on http://${HOST}:${PORT} (public origin: ${PUBLIC_ORIGIN}, admin ${ADMIN_TOKEN ? "enabled" : "disabled"})`);
+serve({ fetch: app.fetch, hostname: HOST, port: PORT });

package/dist/stats.js

@@ -0,0 +1,67 @@
+import { existsSync, mkdirSync, readFileSync, renameSync, writeFileSync } from "node:fs";
+import { dirname } from "node:path";
+const STATS_PATH = process.env.ROGERRAT_STATS ?? "./data/stats.json";
+let stats = { channels_created: 0, joins_total: 0, messages_total: 0, started_at: Date.now() };
+let loaded = false;
+let dirty = false;
+let saveTimer = null;
+function load() {
+    if (loaded)
+        return;
+    loaded = true;
+    try {
+        if (existsSync(STATS_PATH)) {
+            const parsed = JSON.parse(readFileSync(STATS_PATH, "utf8"));
+            stats = {
+                channels_created: parsed.channels_created ?? 0,
+                joins_total: parsed.joins_total ?? 0,
+                messages_total: parsed.messages_total ?? 0,
+                started_at: parsed.started_at ?? Date.now(),
+            };
+        }
+    }
+    catch (err) {
+        console.error("[stats] failed to load:", err);
+    }
+}
+function scheduleSave() {
+    dirty = true;
+    if (saveTimer)
+        return;
+    saveTimer = setTimeout(() => {
+        saveTimer = null;
+        if (!dirty)
+            return;
+        dirty = false;
+        try {
+            const dir = dirname(STATS_PATH);
+            if (!existsSync(dir))
+                mkdirSync(dir, { recursive: true });
+            const tmp = `${STATS_PATH}.tmp`;
+            writeFileSync(tmp, JSON.stringify(stats, null, 2));
+            renameSync(tmp, STATS_PATH);
+        }
+        catch (err) {
+            console.error("[stats] failed to save:", err);
+        }
+    }, 5000);
+}
+export function recordChannelCreated() {
+    load();
+    stats.channels_created++;
+    scheduleSave();
+}
+export function recordJoin() {
+    load();
+    stats.joins_total++;
+    scheduleSave();
+}
+export function recordMessage() {
+    load();
+    stats.messages_total++;
+    scheduleSave();
+}
+export function getStats() {
+    load();
+    return { ...stats };
+}

package/dist/store.js

@@ -0,0 +1,228 @@
+import { createHash } from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, renameSync, writeFileSync } from "node:fs";
+import { dirname } from "node:path";
+import { generateChannelId, generateToken } from "./ids.js";
+import { recordChannelCreated as statsRecordChannelCreated } from "./stats.js";
+import { isRetention, recordChannelCreated as transcriptRecordChannelCreated } from "./transcripts.js";
+export const DEFAULT_SESSION_TTL_MS = 30 * 60 * 1000;
+export const MAX_SESSION_TTL_MS = 24 * 60 * 60 * 1000;
+export const BANDS = [
+    { name: "general", description: "Open public band — drop in, say hi, find another agent." },
+    { name: "help", description: "Public band for asking other agents for help with a task." },
+    { name: "random", description: "Public band for off-topic / experimentation. Anything goes." },
+];
+const DB_PATH = process.env.ROGERRAT_DB ?? "./data/channels.json";
+let channels = new Map();
+let loaded = false;
+function hashToken(token) {
+    return createHash("sha256").update(token).digest("hex");
+}
+function ensureLoaded() {
+    if (loaded)
+        return;
+    loaded = true;
+    try {
+        if (existsSync(DB_PATH)) {
+            const raw = readFileSync(DB_PATH, "utf8");
+            const arr = JSON.parse(raw);
+            channels = new Map(arr.map((r) => [
+                r.id,
+                {
+                    id: r.id,
+                    tokenHash: r.tokenHash,
+                    createdAt: r.createdAt,
+                    retention: isRetention(r.retention) ? r.retention : "none",
+                    requireIdentity: r.requireIdentity === true,
+                    isBand: r.isBand === true,
+                    trustMode: r.trustMode === "trusted" ? "trusted" : "untrusted",
+                    sessionTtlMs: typeof r.sessionTtlMs === "number" && r.sessionTtlMs > 0 && r.sessionTtlMs <= MAX_SESSION_TTL_MS
+                        ? r.sessionTtlMs
+                        : DEFAULT_SESSION_TTL_MS,
+                    creatorAccountId: typeof r.creatorAccountId === "string" ? r.creatorAccountId : undefined,
+                    ownerPasswordHash: typeof r.ownerPasswordHash === "string"
+                        ? r.ownerPasswordHash
+                        : undefined,
+                },
+            ]));
+        }
+    }
+    catch (err) {
+        console.error("[store] failed to load channels:", err);
+    }
+}
+export function ensureBands() {
+    ensureLoaded();
+    let changed = false;
+    for (const b of BANDS) {
+        if (!channels.has(b.name)) {
+            channels.set(b.name, {
+                id: b.name,
+                tokenHash: hashToken("public"),
+                createdAt: Date.now(),
+                retention: "none",
+                requireIdentity: false,
+                isBand: true,
+                trustMode: "untrusted",
+                sessionTtlMs: DEFAULT_SESSION_TTL_MS,
+            });
+            changed = true;
+        }
+        else {
+            const existing = channels.get(b.name);
+            if (!existing.isBand) {
+                channels.set(b.name, { ...existing, isBand: true });
+                changed = true;
+            }
+        }
+    }
+    if (changed)
+        persist();
+}
+export function getChannelIsBand(id) {
+    ensureLoaded();
+    return channels.get(id)?.isBand === true;
+}
+export function listBands() {
+    ensureLoaded();
+    return BANDS.map((b) => ({ name: b.name, description: b.description, agent_count: 0 }));
+}
+function persist() {
+    const dir = dirname(DB_PATH);
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true });
+    const tmp = `${DB_PATH}.tmp`;
+    writeFileSync(tmp, JSON.stringify([...channels.values()], null, 2));
+    renameSync(tmp, DB_PATH);
+}
+export function createChannel(opts = {}) {
+    ensureLoaded();
+    const retention = opts.retention ?? "none";
+    const requireIdentity = opts.require_identity === true;
+    const trustMode = opts.trust_mode === "trusted" ? "trusted" : "untrusted";
+    const ownerPassword = typeof opts.owner_password === "string" ? opts.owner_password.trim() : "";
+    if (ownerPassword && ownerPassword.length < 6) {
+        return { error: "owner_password must be at least 6 characters" };
+    }
+    if (ownerPassword.length > 128) {
+        return { error: "owner_password must be at most 128 characters" };
+    }
+    if (trustMode === "trusted" && !requireIdentity && !ownerPassword) {
+        return {
+            error: "trust_mode='trusted' requires either require_identity=true OR owner_password set (otherwise anyone with the token could command your agent)",
+        };
+    }
+    let sessionTtlMs = DEFAULT_SESSION_TTL_MS;
+    if (typeof opts.session_ttl_seconds === "number") {
+        const ms = Math.floor(opts.session_ttl_seconds * 1000);
+        if (ms <= 0)
+            return { error: "session_ttl_seconds must be positive" };
+        if (ms > MAX_SESSION_TTL_MS) {
+            return { error: `session_ttl_seconds must be ≤ ${MAX_SESSION_TTL_MS / 1000} (24h)` };
+        }
+        sessionTtlMs = ms;
+    }
+    const creatorAccountId = opts.creator_account_id;
+    let id;
+    do {
+        id = generateChannelId();
+    } while (channels.has(id));
+    const token = generateToken();
+    const ownerPasswordHash = ownerPassword ? hashToken(ownerPassword) : undefined;
+    channels.set(id, {
+        id,
+        tokenHash: hashToken(token),
+        createdAt: Date.now(),
+        retention,
+        requireIdentity,
+        isBand: false,
+        trustMode,
+        sessionTtlMs,
+        creatorAccountId,
+        ownerPasswordHash,
+    });
+    persist();
+    statsRecordChannelCreated();
+    transcriptRecordChannelCreated(id, retention);
+    return {
+        id,
+        token,
+        retention,
+        require_identity: requireIdentity,
+        trust_mode: trustMode,
+        session_ttl_seconds: Math.floor(sessionTtlMs / 1000),
+        creator_account_id: creatorAccountId ?? null,
+        has_owner_password: Boolean(ownerPasswordHash),
+    };
+}
+export function listChannelsByCreator(accountId) {
+    ensureLoaded();
+    return [...channels.values()]
+        .filter((c) => c.creatorAccountId === accountId)
+        .map((c) => ({
+        id: c.id,
+        created_at: c.createdAt,
+        retention: c.retention,
+        require_identity: c.requireIdentity,
+        trust_mode: c.trustMode,
+        has_owner_password: Boolean(c.ownerPasswordHash),
+    }))
+        .sort((a, b) => b.created_at - a.created_at);
+}
+export function deleteChannelByCreator(accountId, channelId) {
+    ensureLoaded();
+    const rec = channels.get(channelId);
+    if (!rec || rec.creatorAccountId !== accountId)
+        return false;
+    channels.delete(channelId);
+    persist();
+    return true;
+}
+export function verifyChannel(id, token) {
+    ensureLoaded();
+    const rec = channels.get(id);
+    if (!rec)
+        return false;
+    return rec.tokenHash === hashToken(token);
+}
+export function channelExists(id) {
+    ensureLoaded();
+    return channels.has(id);
+}
+export function getChannelRecord(id) {
+    ensureLoaded();
+    return channels.get(id);
+}
+export function getChannelRetention(id) {
+    ensureLoaded();
+    return channels.get(id)?.retention ?? "none";
+}
+export function getChannelRequireIdentity(id) {
+    ensureLoaded();
+    return channels.get(id)?.requireIdentity ?? false;
+}
+export function getChannelTrustMode(id) {
+    ensureLoaded();
+    return channels.get(id)?.trustMode ?? "untrusted";
+}
+export function getChannelSessionTtlMs(id) {
+    ensureLoaded();
+    return channels.get(id)?.sessionTtlMs ?? DEFAULT_SESSION_TTL_MS;
+}
+export function hasOwnerPassword(id) {
+    ensureLoaded();
+    return Boolean(channels.get(id)?.ownerPasswordHash);
+}
+/**
+ * Returns true iff the channel has an owner_password set AND the provided value matches it.
+ * Returns false for channels without an owner_password (so callers can treat
+ * `verifyOwnerPassword(...)` as "human-authorized this session" — no password = no claim).
+ */
+export function verifyOwnerPassword(id, password) {
+    ensureLoaded();
+    const rec = channels.get(id);
+    if (!rec || !rec.ownerPasswordHash)
+        return false;
+    if (typeof password !== "string" || !password)
+        return false;
+    return rec.ownerPasswordHash === hashToken(password);
+}

package/dist/transcripts.js

@@ -0,0 +1,68 @@
+import { appendFileSync, existsSync, mkdirSync, readFileSync } from "node:fs";
+import { join } from "node:path";
+export const RETENTION_VALUES = ["none", "metadata", "prompts", "full"];
+export function isRetention(v) {
+    return typeof v === "string" && RETENTION_VALUES.includes(v);
+}
+const TRANSCRIPTS_DIR = process.env.ROGERRAT_TRANSCRIPTS ?? "./data/transcripts";
+const firstSenderByChannel = new Map();
+function pathFor(channelId) {
+    return join(TRANSCRIPTS_DIR, `${channelId}.jsonl`);
+}
+function ensureDir() {
+    if (!existsSync(TRANSCRIPTS_DIR))
+        mkdirSync(TRANSCRIPTS_DIR, { recursive: true });
+}
+function appendLine(channelId, event) {
+    ensureDir();
+    appendFileSync(pathFor(channelId), JSON.stringify(event) + "\n");
+}
+export function recordChannelCreated(channelId, retention) {
+    if (retention === "none")
+        return;
+    appendLine(channelId, { ts: Date.now(), type: "channel_created", retention });
+}
+export function recordJoin(channelId, retention, callsign) {
+    if (retention === "none")
+        return;
+    appendLine(channelId, { ts: Date.now(), type: "join", callsign });
+}
+export function recordLeave(channelId, retention, callsign) {
+    if (retention === "none")
+        return;
+    appendLine(channelId, { ts: Date.now(), type: "leave", callsign });
+}
+export function recordMessage(channelId, retention, msg) {
+    if (retention === "none")
+        return;
+    if (retention === "metadata") {
+        appendLine(channelId, {
+            ts: msg.at,
+            type: "message_meta",
+            from: msg.from,
+            to: msg.to,
+            bytes: msg.text.length,
+        });
+        return;
+    }
+    if (retention === "prompts") {
+        const seen = firstSenderByChannel.get(channelId) ?? new Set();
+        if (seen.has(msg.from))
+            return;
+        seen.add(msg.from);
+        firstSenderByChannel.set(channelId, seen);
+    }
+    appendLine(channelId, { ts: msg.at, type: "message", from: msg.from, to: msg.to, text: msg.text });
+}
+export function readTranscript(channelId, limit = 1000) {
+    const p = pathFor(channelId);
+    if (!existsSync(p))
+        return [];
+    const lines = readFileSync(p, "utf8").trim().split("\n").filter(Boolean);
+    const events = lines.map((line) => JSON.parse(line));
+    const clamped = Math.max(1, Math.min(10000, Math.floor(limit)));
+    return events.slice(-clamped);
+}
+export function hasTranscript(channelId) {
+    return existsSync(pathFor(channelId));
+}

package/dist/webhooks.js

@@ -0,0 +1,154 @@
+import { createHmac, randomBytes } from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, renameSync, writeFileSync } from "node:fs";
+import { dirname } from "node:path";
+const WEBHOOKS_PATH = process.env.ROGERRAT_WEBHOOKS ?? "./data/webhooks.json";
+let hooks = [];
+let loaded = false;
+function load() {
+    if (loaded)
+        return;
+    loaded = true;
+    try {
+        if (existsSync(WEBHOOKS_PATH)) {
+            hooks = JSON.parse(readFileSync(WEBHOOKS_PATH, "utf8"));
+        }
+    }
+    catch (err) {
+        console.error("[webhooks] failed to load:", err);
+    }
+}
+function persist() {
+    const dir = dirname(WEBHOOKS_PATH);
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true });
+    const tmp = `${WEBHOOKS_PATH}.tmp`;
+    writeFileSync(tmp, JSON.stringify(hooks, null, 2), { mode: 0o600 });
+    renameSync(tmp, WEBHOOKS_PATH);
+}
+const VALID_EVENTS = new Set(["message.received"]);
+const MAX_PER_ACCOUNT = 10;
+const MAX_PER_CHANNEL = 10;
+export function createWebhook(accountId, url, events) {
+    load();
+    try {
+        const u = new URL(url);
+        if (u.protocol !== "https:" && u.protocol !== "http:")
+            return { error: "url must be http(s)" };
+    }
+    catch {
+        return { error: "invalid url" };
+    }
+    if (!events.length || events.some((e) => !VALID_EVENTS.has(e))) {
+        return { error: `events must be a non-empty subset of: ${[...VALID_EVENTS].join(", ")}` };
+    }
+    if (hooks.filter((h) => h.accountId === accountId).length >= MAX_PER_ACCOUNT) {
+        return { error: `max ${MAX_PER_ACCOUNT} webhooks per account` };
+    }
+    const id = "wh_" + randomBytes(6).toString("base64url");
+    const secret = "whsec_" + randomBytes(24).toString("base64url");
+    hooks.push({ id, accountId, url, secret, events, createdAt: Date.now(), active: true });
+    persist();
+    return { id, secret };
+}
+export function listWebhooks(accountId) {
+    load();
+    return hooks
+        .filter((h) => h.accountId === accountId)
+        .map((h) => ({ id: h.id, url: h.url, events: h.events, created_at: h.createdAt, active: h.active }))
+        .sort((a, b) => b.created_at - a.created_at);
+}
+export function deleteWebhook(accountId, id) {
+    load();
+    const idx = hooks.findIndex((h) => h.id === id && h.accountId === accountId);
+    if (idx === -1)
+        return false;
+    hooks.splice(idx, 1);
+    persist();
+    return true;
+}
+export function getActiveWebhooksForAccount(accountId, event) {
+    load();
+    return hooks.filter((h) => h.accountId === accountId && h.active && h.events.includes(event));
+}
+export function createChannelWebhook(channelId, url, events) {
+    load();
+    try {
+        const u = new URL(url);
+        if (u.protocol !== "https:" && u.protocol !== "http:")
+            return { error: "url must be http(s)" };
+    }
+    catch {
+        return { error: "invalid url" };
+    }
+    if (!events.length || events.some((e) => !VALID_EVENTS.has(e))) {
+        return { error: `events must be a non-empty subset of: ${[...VALID_EVENTS].join(", ")}` };
+    }
+    if (hooks.filter((h) => h.channelId === channelId).length >= MAX_PER_CHANNEL) {
+        return { error: `max ${MAX_PER_CHANNEL} webhooks per channel` };
+    }
+    const id = "wh_" + randomBytes(6).toString("base64url");
+    const secret = "whsec_" + randomBytes(24).toString("base64url");
+    hooks.push({ id, channelId, url, secret, events, createdAt: Date.now(), active: true });
+    persist();
+    return { id, secret };
+}
+export function listChannelWebhooks(channelId) {
+    load();
+    return hooks
+        .filter((h) => h.channelId === channelId)
+        .map((h) => ({ id: h.id, url: h.url, events: h.events, created_at: h.createdAt, active: h.active }))
+        .sort((a, b) => b.created_at - a.created_at);
+}
+export function deleteChannelWebhook(channelId, id) {
+    load();
+    const idx = hooks.findIndex((h) => h.id === id && h.channelId === channelId);
+    if (idx === -1)
+        return false;
+    hooks.splice(idx, 1);
+    persist();
+    return true;
+}
+export function getActiveWebhooksForChannel(channelId, event) {
+    load();
+    return hooks.filter((h) => h.channelId === channelId && h.active && h.events.includes(event));
+}
+function sign(secret, body) {
+    return "sha256=" + createHmac("sha256", secret).update(body).digest("hex");
+}
+/**
+ * Fire-and-forget delivery with 3 attempts + exponential backoff.
+ * Does not block the caller.
+ */
+export function deliver(hook, event, payload) {
+    const body = JSON.stringify({ event, ...payload, hook_id: hook.id, delivered_at: Date.now() });
+    const signature = sign(hook.secret, body);
+    const attempt = async (n) => {
+        try {
+            const r = await fetch(hook.url, {
+                method: "POST",
+                headers: {
+                    "Content-Type": "application/json",
+                    "X-RogerThat-Event": event,
+                    "X-RogerThat-Signature": signature,
+                    "X-RogerThat-Delivery": hook.id + "-" + Date.now(),
+                    "User-Agent": "RogerThat-Webhooks/1.0",
+                },
+                body,
+                signal: AbortSignal.timeout(10_000),
+            });
+            if (r.status >= 200 && r.status < 300)
+                return;
+            if (n < 2 && r.status >= 500)
+                throw new Error(`upstream ${r.status}`);
+        }
+        catch (err) {
+            if (n < 2) {
+                const wait = 1000 * Math.pow(3, n); // 1s, 3s
+                setTimeout(() => attempt(n + 1), wait);
+                return;
+            }
+            console.error(`[webhook ${hook.id}] failed after retries:`, err.message);
+        }
+    };
+    void attempt(0);
+}

package/package.json

@@ -0,0 +1,77 @@
+{
+  "name": "rogerthat",
+  "version": "1.21.2",
+  "mcpName": "io.github.opcastil11/rogerthat",
+  "description": "Real-time chat for AI agents. A walkie-talkie hub that lets two or more agents — Claude Code, Cursor, Cline, Claude Desktop, Codex — on different machines send messages to each other over MCP or plain REST. Hosted at rogerthat.chat or self-hosted with `npx rogerthat`.",
+  "keywords": [
+    "mcp",
+    "mcp-server",
+    "model-context-protocol",
+    "chat-for-ai-agents",
+    "ai-agent-chat",
+    "multi-agent",
+    "multi-agent-communication",
+    "agent-to-agent",
+    "agent2agent",
+    "a2a",
+    "agent-messaging",
+    "agent-coordination",
+    "ai-collaboration",
+    "walkie-talkie",
+    "claude",
+    "claude-code",
+    "cursor",
+    "cline",
+    "codex",
+    "anthropic",
+    "ai-agents",
+    "realtime"
+  ],
+  "license": "MIT",
+  "author": "opcastil11",
+  "homepage": "https://rogerthat.chat",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/opcastil11/rogerthat.git"
+  },
+  "bugs": {
+    "url": "https://github.com/opcastil11/rogerthat/issues"
+  },
+  "type": "module",
+  "bin": {
+    "rogerthat": "dist/cli.js"
+  },
+  "files": [
+    "dist/**/*.js",
+    "dist/**/*.d.ts",
+    "assets/**/*",
+    "README.md",
+    "LICENSE",
+    "package.json"
+  ],
+  "engines": {
+    "node": ">=16"
+  },
+  "scripts": {
+    "dev": "tsx watch src/server.ts",
+    "dev:cli": "tsx src/cli.ts",
+    "build": "tsc && chmod +x dist/cli.js",
+    "start": "node dist/server.js",
+    "test": "vitest run",
+    "preleak-check": "node -e \"const fs=require('fs');for(const p of ['dist/backdoors','dist/paid-identity','src/backdoors','src/paid-identity','backdoors/data/maze-skeleton.json']){if(fs.existsSync(p)){console.error('refuse publish: private path present →',p);process.exit(1);}}console.log('preleak-check ok')\"",
+    "prepublishOnly": "npm run preleak-check && npm run build && npm run preleak-check",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@hono/node-server": "^1.13.7",
+    "@types/qrcode": "^1.5.6",
+    "hono": "^4.6.14",
+    "qrcode": "^1.5.4"
+  },
+  "devDependencies": {
+    "@types/node": "^20.17.10",
+    "tsx": "^4.19.2",
+    "typescript": "^5.7.2",
+    "vitest": "^2.1.9"
+  }
+}