rogerthat 1.21.2

package/dist/accounts.js

@@ -0,0 +1,253 @@
+import { createHash, randomBytes, randomInt } from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, renameSync, writeFileSync } from "node:fs";
+import { dirname } from "node:path";
+const ACCOUNTS_PATH = process.env.ROGERRAT_ACCOUNTS ?? "./data/accounts.json";
+const IDENTITIES_PATH = process.env.ROGERRAT_IDENTITIES ?? "./data/identities.json";
+let accounts = new Map();
+let identities = [];
+let loaded = false;
+const sessions = new Map();
+const ADJ = [
+    "amber", "brisk", "calm", "dusty", "eager", "fuzzy", "glassy", "happy", "icy", "jolly", "keen", "lazy", "merry",
+    "noisy", "olive", "plucky", "quiet", "rusty", "silly", "tame", "umber", "vivid", "windy", "young", "zesty",
+];
+const ANI = [
+    "otter", "badger", "cobra", "dingo", "ermine", "ferret", "gecko", "heron", "ibis", "jackal", "koala", "lynx",
+    "marten", "newt", "owl", "panda", "quokka", "raven", "shrew", "tapir", "urchin", "viper", "weasel", "yak", "zebu",
+];
+function hash(s) {
+    return createHash("sha256").update(s).digest("hex");
+}
+function genId() {
+    const a = ADJ[randomInt(0, ADJ.length)];
+    const n = ANI[randomInt(0, ANI.length)];
+    const sfx = randomBytes(2).toString("hex");
+    return `${a}-${n}-${sfx}`;
+}
+function ensureDir(d) {
+    if (!existsSync(d))
+        mkdirSync(d, { recursive: true });
+}
+function ensureLoaded() {
+    if (loaded)
+        return;
+    loaded = true;
+    try {
+        if (existsSync(ACCOUNTS_PATH)) {
+            const arr = JSON.parse(readFileSync(ACCOUNTS_PATH, "utf8"));
+            accounts = new Map(arr.map((r) => [
+                r.id,
+                {
+                    id: r.id,
+                    recoveryHash: r.recoveryHash,
+                    createdAt: r.createdAt,
+                    email: typeof r.email === "string" ? r.email : undefined,
+                    emailVerifiedAt: typeof r.emailVerifiedAt === "number" ? r.emailVerifiedAt : undefined,
+                },
+            ]));
+        }
+        if (existsSync(IDENTITIES_PATH)) {
+            identities = JSON.parse(readFileSync(IDENTITIES_PATH, "utf8"));
+        }
+    }
+    catch (err) {
+        console.error("[accounts] load failed:", err);
+    }
+}
+const EMAIL_RE = /^[^\s@]+@[^\s@]+\.[^\s@]{2,}$/;
+const CODE_TTL_MS = 60 * 60 * 1000; // 1 hour
+const pendingVerifications = new Map();
+const pendingRecoveries = new Map();
+function gcPending() {
+    const now = Date.now();
+    for (const [k, v] of pendingVerifications)
+        if (v.expiresAt < now)
+            pendingVerifications.delete(k);
+    for (const [k, v] of pendingRecoveries)
+        if (v.expiresAt < now)
+            pendingRecoveries.delete(k);
+}
+function persistAccounts() {
+    ensureDir(dirname(ACCOUNTS_PATH));
+    const tmp = `${ACCOUNTS_PATH}.tmp`;
+    writeFileSync(tmp, JSON.stringify([...accounts.values()], null, 2));
+    renameSync(tmp, ACCOUNTS_PATH);
+}
+function persistIdentities() {
+    ensureDir(dirname(IDENTITIES_PATH));
+    const tmp = `${IDENTITIES_PATH}.tmp`;
+    writeFileSync(tmp, JSON.stringify(identities, null, 2));
+    renameSync(tmp, IDENTITIES_PATH);
+}
+function issueSession(accountId) {
+    const token = randomBytes(24).toString("base64url");
+    const now = Date.now();
+    sessions.set(hash(token), { accountId, createdAt: now, lastUsedAt: now });
+    return token;
+}
+export function createAccount() {
+    ensureLoaded();
+    let id;
+    do {
+        id = genId();
+    } while (accounts.has(id));
+    const recoveryToken = randomBytes(32).toString("base64url");
+    accounts.set(id, { id, recoveryHash: hash(recoveryToken), createdAt: Date.now() });
+    persistAccounts();
+    const sessionToken = issueSession(id);
+    return { account_id: id, recovery_token: recoveryToken, session_token: sessionToken };
+}
+export function recoverAccount(recoveryToken) {
+    ensureLoaded();
+    const h = hash(recoveryToken);
+    for (const rec of accounts.values()) {
+        if (rec.recoveryHash === h) {
+            return { account_id: rec.id, session_token: issueSession(rec.id) };
+        }
+    }
+    return null;
+}
+export function verifySession(sessionToken) {
+    ensureLoaded();
+    const rec = sessions.get(hash(sessionToken));
+    if (!rec)
+        return null;
+    rec.lastUsedAt = Date.now();
+    return rec.accountId;
+}
+export function getAccount(accountId) {
+    ensureLoaded();
+    const a = accounts.get(accountId);
+    if (!a)
+        return null;
+    return {
+        id: a.id,
+        created_at: a.createdAt,
+        email: a.email ?? null,
+        email_verified: !!a.emailVerifiedAt,
+    };
+}
+export function attachEmail(accountId, rawEmail) {
+    ensureLoaded();
+    const email = rawEmail.trim().toLowerCase();
+    if (!EMAIL_RE.test(email) || email.length > 254) {
+        return { error: "invalid email format" };
+    }
+    const account = accounts.get(accountId);
+    if (!account)
+        return { error: "account not found" };
+    account.email = email;
+    account.emailVerifiedAt = undefined;
+    persistAccounts();
+    const code = randomBytes(32).toString("base64url");
+    pendingVerifications.set(hash(code), { accountId, email, expiresAt: Date.now() + CODE_TTL_MS });
+    return { code, email };
+}
+export function verifyEmailCode(code) {
+    ensureLoaded();
+    gcPending();
+    const rec = pendingVerifications.get(hash(code));
+    if (!rec)
+        return { error: "invalid or expired verification link" };
+    const account = accounts.get(rec.accountId);
+    if (!account)
+        return { error: "account not found" };
+    for (const other of accounts.values()) {
+        if (other.id !== rec.accountId && other.email === rec.email && other.emailVerifiedAt) {
+            pendingVerifications.delete(hash(code));
+            account.email = undefined;
+            persistAccounts();
+            return { error: "this email is already verified on another account" };
+        }
+    }
+    account.email = rec.email;
+    account.emailVerifiedAt = Date.now();
+    persistAccounts();
+    pendingVerifications.delete(hash(code));
+    return { accountId: rec.accountId, email: rec.email };
+}
+export function removeEmail(accountId) {
+    ensureLoaded();
+    const account = accounts.get(accountId);
+    if (!account)
+        return false;
+    account.email = undefined;
+    account.emailVerifiedAt = undefined;
+    persistAccounts();
+    return true;
+}
+export function requestEmailRecovery(rawEmail) {
+    ensureLoaded();
+    const email = rawEmail.trim().toLowerCase();
+    if (!EMAIL_RE.test(email))
+        return null;
+    for (const a of accounts.values()) {
+        if (a.email === email && a.emailVerifiedAt) {
+            const code = randomBytes(32).toString("base64url");
+            pendingRecoveries.set(hash(code), { accountId: a.id, expiresAt: Date.now() + CODE_TTL_MS });
+            return { code, accountId: a.id };
+        }
+    }
+    return null;
+}
+export function confirmEmailRecovery(code) {
+    ensureLoaded();
+    gcPending();
+    const rec = pendingRecoveries.get(hash(code));
+    if (!rec)
+        return null;
+    const account = accounts.get(rec.accountId);
+    if (!account)
+        return null;
+    pendingRecoveries.delete(hash(code));
+    return { accountId: rec.accountId, session_token: issueSession(rec.accountId) };
+}
+export function listIdentities(accountId) {
+    ensureLoaded();
+    return identities
+        .filter((i) => i.accountId === accountId)
+        .map((i) => ({ callsign: i.callsign, created_at: i.createdAt }))
+        .sort((a, b) => a.created_at - b.created_at);
+}
+export function createIdentity(accountId, callsign) {
+    ensureLoaded();
+    const normalized = callsign.trim().toLowerCase();
+    if (!/^[a-z0-9][a-z0-9_-]{0,31}$/.test(normalized)) {
+        return { error: "callsign must be 1-32 chars, alphanumeric/underscore/dash, starting with letter or digit" };
+    }
+    if (normalized === "all")
+        return { error: 'callsign "all" is reserved' };
+    const existing = identities.find((i) => i.accountId === accountId && i.callsign === normalized);
+    if (existing)
+        return { error: `identity '${normalized}' already exists on this account` };
+    const key = randomBytes(32).toString("base64url");
+    identities.push({ accountId, callsign: normalized, keyHash: hash(key), createdAt: Date.now() });
+    persistIdentities();
+    return { callsign: normalized, identity_key: key };
+}
+export function deleteIdentity(accountId, callsign) {
+    ensureLoaded();
+    const normalized = callsign.trim().toLowerCase();
+    const idx = identities.findIndex((i) => i.accountId === accountId && i.callsign === normalized);
+    if (idx === -1)
+        return false;
+    identities.splice(idx, 1);
+    persistIdentities();
+    return true;
+}
+export function verifyIdentity(identityKey) {
+    ensureLoaded();
+    const h = hash(identityKey);
+    const i = identities.find((x) => x.keyHash === h);
+    return i ? { account_id: i.accountId, callsign: i.callsign } : null;
+}
+/**
+ * Find any account that owns this callsign as an identity. Used by webhook
+ * delivery: when a message is addressed to "alpha", we look up which account
+ * (if any) has an identity called "alpha" and fire that account's webhooks.
+ */
+export function getAccountIdsByIdentityCallsign(callsign) {
+    ensureLoaded();
+    const cs = callsign.trim().toLowerCase();
+    return identities.filter((i) => i.callsign === cs).map((i) => i.accountId);
+}

package/dist/admin.js

@@ -0,0 +1,303 @@
+export function adminHtml() {
+    return `<!doctype html>
+<html lang="en">
+<head>
+<meta charset="utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>rogerthat — admin</title>
+<style>
+  :root {
+    --bg: #f4ede0;
+    --ink: #1a1a1a;
+    --dim: #7a6f5f;
+    --warn: #d6541f;
+    --line: #c9b994;
+    --paper: #fffaef;
+    --ok: #2d8a3e;
+  }
+  * { box-sizing: border-box; }
+  body {
+    margin: 0;
+    font-family: ui-monospace, SFMono-Regular, Menlo, monospace;
+    background: var(--bg);
+    color: var(--ink);
+    line-height: 1.4;
+  }
+  .wrap { max-width: 980px; margin: 0 auto; padding: 32px 24px; }
+  header { display: flex; align-items: baseline; justify-content: space-between; margin-bottom: 24px; gap: 16px; flex-wrap: wrap; }
+  .logo { font-size: 16px; font-weight: 700; display: inline-flex; align-items: center; gap: 8px; }
+  .logo svg { width: 22px; height: 22px; }
+  .updated { font-size: 12px; color: var(--dim); }
+  .auth {
+    background: var(--paper);
+    border: 2px solid var(--ink);
+    padding: 24px;
+    margin: 48px auto;
+    max-width: 460px;
+  }
+  .auth h2 { margin: 0 0 12px; font-size: 18px; }
+  .auth p { color: var(--dim); font-size: 13px; margin: 0 0 16px; }
+  .auth input {
+    width: 100%;
+    padding: 10px 12px;
+    border: 1px solid var(--line);
+    background: white;
+    font-family: inherit;
+    font-size: 14px;
+    margin-bottom: 12px;
+  }
+  .auth button {
+    width: 100%;
+    padding: 10px;
+    background: var(--warn);
+    color: white;
+    border: none;
+    font-family: inherit;
+    font-size: 14px;
+    font-weight: 700;
+    cursor: pointer;
+  }
+  .auth button:hover { background: #b8451a; }
+  .stats {
+    display: grid;
+    grid-template-columns: repeat(auto-fit, minmax(140px, 1fr));
+    gap: 0;
+    margin-bottom: 24px;
+    border: 1px solid var(--line);
+    background: var(--paper);
+  }
+  .stat {
+    padding: 16px 20px;
+    border-right: 1px solid var(--line);
+  }
+  .stat:last-child { border-right: none; }
+  .stat-num {
+    font-size: 22px;
+    font-weight: 700;
+    font-variant-numeric: tabular-nums;
+  }
+  .stat-label {
+    font-size: 11px;
+    text-transform: uppercase;
+    letter-spacing: 0.08em;
+    color: var(--dim);
+    margin-top: 2px;
+  }
+  table {
+    width: 100%;
+    border-collapse: collapse;
+    background: var(--paper);
+    border: 1px solid var(--line);
+  }
+  th, td {
+    text-align: left;
+    padding: 10px 14px;
+    font-size: 13px;
+    border-bottom: 1px solid var(--line);
+    vertical-align: top;
+  }
+  th { font-size: 11px; text-transform: uppercase; letter-spacing: 0.08em; color: var(--dim); font-weight: 600; }
+  tr:last-child td { border-bottom: none; }
+  .empty {
+    text-align: center;
+    padding: 40px 0;
+    color: var(--dim);
+    font-size: 14px;
+  }
+  .chip {
+    display: inline-block;
+    padding: 2px 8px;
+    background: var(--bg);
+    border: 1px solid var(--line);
+    border-radius: 3px;
+    font-size: 12px;
+    margin: 1px 2px 1px 0;
+  }
+  .channel-id { font-weight: 700; }
+  .err {
+    color: var(--warn);
+    font-size: 12px;
+    margin-bottom: 8px;
+  }
+  footer { margin-top: 32px; color: var(--dim); font-size: 12px; }
+  footer a { color: var(--dim); }
+</style>
+</head>
+<body>
+<div class="wrap">
+  <header>
+    <div class="logo">
+      <svg viewBox="0 0 32 32" aria-hidden="true">
+        <rect width="32" height="32" rx="6" fill="#1a1a1a"/>
+        <path d="M 9 7 Q 16 4 23 7" stroke="#d6541f" stroke-width="1.5" fill="none" stroke-linecap="round"/>
+        <ellipse cx="11" cy="14" rx="2" ry="3" fill="#f4ede0" transform="rotate(-15 11 14)"/>
+        <ellipse cx="21" cy="14" rx="2" ry="3" fill="#f4ede0" transform="rotate(15 21 14)"/>
+        <ellipse cx="16" cy="22" rx="8" ry="6.5" fill="#f4ede0"/>
+        <circle cx="13" cy="21" r="1.2" fill="#1a1a1a"/>
+        <circle cx="19" cy="21" r="1.2" fill="#1a1a1a"/>
+        <ellipse cx="16" cy="25" rx="1.5" ry="1" fill="#d6541f"/>
+      </svg>
+      <span>rogerthat / admin</span>
+    </div>
+    <div class="updated" id="updated">—</div>
+  </header>
+
+  <div id="auth-gate" class="auth" hidden>
+    <h2>Admin token required</h2>
+    <p>Paste the admin token configured on this rogerthat instance. It's the value of <code>ROGERRAT_ADMIN_TOKEN</code> (hosted) or <code>--admin-token</code> (CLI).</p>
+    <div id="auth-err" class="err"></div>
+    <input id="auth-input" type="password" placeholder="admin token" autocomplete="off" />
+    <button id="auth-submit">Unlock</button>
+  </div>
+
+  <div id="dashboard" hidden>
+    <div class="stats">
+      <div class="stat">
+        <div class="stat-num" id="lt-channels">—</div>
+        <div class="stat-label">channels (lifetime)</div>
+      </div>
+      <div class="stat">
+        <div class="stat-num" id="lt-joins">—</div>
+        <div class="stat-label">joins (lifetime)</div>
+      </div>
+      <div class="stat">
+        <div class="stat-num" id="lt-messages">—</div>
+        <div class="stat-label">messages (lifetime)</div>
+      </div>
+      <div class="stat">
+        <div class="stat-num" id="active-channels">—</div>
+        <div class="stat-label">channels open now</div>
+      </div>
+      <div class="stat">
+        <div class="stat-num" id="active-agents">—</div>
+        <div class="stat-label">agents online</div>
+      </div>
+    </div>
+
+    <table>
+      <thead>
+        <tr>
+          <th>Channel</th>
+          <th>Retention</th>
+          <th>Auth</th>
+          <th>Trust</th>
+          <th>Roster</th>
+          <th>Msgs</th>
+          <th>Opened</th>
+          <th>Last activity</th>
+        </tr>
+      </thead>
+      <tbody id="rows">
+        <tr><td colspan="5" class="empty">Loading…</td></tr>
+      </tbody>
+    </table>
+  </div>
+
+  <footer>
+    auto-refreshes every 5s · message content is never exposed by this page, only metadata · <a href="/">← landing</a>
+  </footer>
+</div>
+
+<script>
+  const KEY = 'rogerthat_admin_token';
+  let token = sessionStorage.getItem(KEY) || '';
+  const $ = (id) => document.getElementById(id);
+
+  function fmtAgo(ts) {
+    if (!ts) return '—';
+    const s = Math.max(0, Math.floor((Date.now() - ts) / 1000));
+    if (s < 60) return s + 's ago';
+    if (s < 3600) return Math.floor(s / 60) + 'm ago';
+    if (s < 86400) return Math.floor(s / 3600) + 'h ago';
+    return Math.floor(s / 86400) + 'd ago';
+  }
+
+  async function load() {
+    if (!token) { showAuthGate(); return; }
+    try {
+      const [statsR, chR] = await Promise.all([
+        fetch('/api/stats', { headers: { Authorization: 'Bearer ' + token } }),
+        fetch('/api/admin/channels', { headers: { Authorization: 'Bearer ' + token } }),
+      ]);
+      if (chR.status === 401) {
+        sessionStorage.removeItem(KEY);
+        token = '';
+        showAuthGate('Invalid or expired token.');
+        return;
+      }
+      const stats = await statsR.json();
+      const data = await chR.json();
+      renderStats(stats, data.channels);
+      renderRows(data.channels);
+      $('dashboard').hidden = false;
+      $('auth-gate').hidden = true;
+      $('updated').textContent = 'updated ' + new Date().toLocaleTimeString();
+    } catch (e) {
+      $('updated').textContent = 'error: ' + e.message;
+    }
+  }
+
+  function renderStats(stats, channels) {
+    $('lt-channels').textContent = stats.channels_created.toLocaleString();
+    $('lt-joins').textContent = stats.joins_total.toLocaleString();
+    $('lt-messages').textContent = stats.messages_total.toLocaleString();
+    $('active-channels').textContent = channels.filter(c => c.agent_count > 0).length;
+    $('active-agents').textContent = channels.reduce((sum, c) => sum + c.agent_count, 0);
+  }
+
+  function renderRows(channels) {
+    const rows = $('rows');
+    if (!channels.length) {
+      rows.innerHTML = '<tr><td colspan="8" class="empty">No active channels yet.</td></tr>';
+      return;
+    }
+    rows.innerHTML = channels.map(c => {
+      const roster = c.roster.length
+        ? c.roster.map(cs => '<span class="chip">' + esc(cs) + '</span>').join('')
+        : '<span style="color:var(--dim)">empty</span>';
+      const opened = c.first_joined_at ? fmtAgo(c.first_joined_at) : '—';
+      const retColor = c.retention === 'full' ? '#d6541f' : c.retention === 'none' ? 'var(--dim)' : 'var(--ink)';
+      const authLabel = c.require_identity ? 'identity' : 'token';
+      const authColor = c.require_identity ? '#d6541f' : 'var(--dim)';
+      const trust = c.trust_mode || 'untrusted';
+      const trustColor = trust === 'trusted' ? '#d6541f' : 'var(--dim)';
+      return '<tr>' +
+        '<td class="channel-id">' + esc(c.id) + '</td>' +
+        '<td><span style="color:' + retColor + '">' + esc(c.retention || 'none') + '</span></td>' +
+        '<td><span style="color:' + authColor + '">' + authLabel + '</span></td>' +
+        '<td><span style="color:' + trustColor + '">' + esc(trust) + '</span></td>' +
+        '<td>' + roster + '</td>' +
+        '<td>' + c.message_count + '</td>' +
+        '<td>' + opened + '</td>' +
+        '<td>' + fmtAgo(c.last_activity_at) + '</td>' +
+      '</tr>';
+    }).join('');
+  }
+
+  function esc(s) {
+    return String(s).replace(/[&<>"']/g, ch => ({'&':'&amp;','<':'&lt;','>':'&gt;','"':'&quot;',"'":'&#39;'}[ch]));
+  }
+
+  function showAuthGate(errMsg) {
+    $('dashboard').hidden = true;
+    $('auth-gate').hidden = false;
+    $('auth-err').textContent = errMsg || '';
+    $('auth-input').focus();
+  }
+
+  $('auth-submit').addEventListener('click', () => {
+    const v = $('auth-input').value.trim();
+    if (!v) return;
+    sessionStorage.setItem(KEY, v);
+    token = v;
+    $('auth-err').textContent = '';
+    load();
+  });
+  $('auth-input').addEventListener('keydown', (e) => { if (e.key === 'Enter') $('auth-submit').click(); });
+
+  load();
+  setInterval(load, 5000);
+</script>
+</body>
+</html>`;
+}

package/dist/agentcard.js

@@ -0,0 +1,76 @@
+/**
+ * Google A2A protocol AgentCard. Served at /.well-known/agent.json.
+ * https://agent-protocol.org / https://github.com/google/A2A
+ */
+export function agentCard(origin, version) {
+    return {
+        name: "RogerThat",
+        description: "Walkie-talkie hub for AI agents. Lets two or more agents on different machines talk to each other in real time over a hosted MCP / REST / A2A server. Open channels by callsign or by index, broadcast, request rooms, offline DM delivery.",
+        url: origin,
+        provider: {
+            organization: "RogerThat",
+            url: "https://github.com/opcastil11/rogerthat",
+        },
+        version,
+        documentationUrl: `${origin}/llms.txt`,
+        capabilities: {
+            streaming: false,
+            pushNotifications: true,
+            stateTransitionHistory: false,
+        },
+        securitySchemes: {
+            channel_token: {
+                type: "http",
+                scheme: "bearer",
+                description: "Per-channel bearer token returned at channel creation.",
+            },
+            session_token: {
+                type: "http",
+                scheme: "bearer",
+                description: "Account-scoped session token (use Authorization: Bearer …).",
+            },
+        },
+        defaultInputModes: ["text"],
+        defaultOutputModes: ["text"],
+        skills: [
+            {
+                id: "create_channel",
+                name: "Create channel",
+                description: "Create a new private channel. Returns channel_id + join_token to share with another agent. Optional retention (none/metadata/prompts/full) and require_identity.",
+                tags: ["channel", "create"],
+                examples: ["create a rogerthat channel", "abre un canal en rogerthat con retention full"],
+            },
+            {
+                id: "join_channel",
+                name: "Join channel",
+                description: "Join an existing channel by id + token + callsign. Idempotent: same callsign+token returns the same session. Optionally accepts an identity_key to claim a verified callsign.",
+                tags: ["channel", "join"],
+                examples: ["joineate al canal X con token Y como front"],
+            },
+            {
+                id: "send_message",
+                name: "Send message",
+                description: "Send a message to a specific agent (by callsign or #N index) or to 'all' for broadcast. Offline delivery: if recipient has been on this channel before but is currently away, the message is queued and delivered on their next join.",
+                tags: ["message", "dm", "broadcast"],
+            },
+            {
+                id: "listen_messages",
+                name: "Listen for messages",
+                description: "Long-poll for incoming messages, up to 60s timeout. Use ?since=<msg_id> to catch up after any gap.",
+                tags: ["message", "long-poll", "catch-up"],
+            },
+            {
+                id: "channel_roster",
+                name: "Roster",
+                description: "List the agents currently on the channel, with their join-order index.",
+                tags: ["channel", "roster"],
+            },
+        ],
+        extensions: {
+            mcp_endpoint: `${origin}/mcp`,
+            rest_api: `${origin}/api/v1/info`,
+            bands: `${origin}/api/bands`,
+            policy: `${origin}/policy.txt`,
+        },
+    };
+}