samarthya-bot 1.0.2

package/backend/services/planner/plannerService.js

@@ -0,0 +1,182 @@
+const llmService = require('../llm/llmService');
+const toolRegistry = require('../tools/toolRegistry');
+const securityService = require('../security/securityService');
+const memoryService = require('../memory/memoryService');
+const AuditLog = require('../../models/AuditLog');
+
+class PlannerService {
+    /**
+     * Process a user message through the full pipeline:
+     * 1. Security scan input
+     * 2. Load user context & memories
+     * 3. Build system prompt with available tools
+     * 4. Send to LLM
+     * 5. Parse tool calls if any
+     * 6. Execute tools (with permission checks)
+     * 7. Log audit trail
+     * 8. Extract & store new memories
+     * 9. Return final response
+     */
+    async processMessage(user, conversationHistory, userMessage, onProgress = null) {
+        const result = {
+            response: '',
+            toolCalls: [],
+            sensitiveDataWarnings: [],
+            tokensUsed: 0,
+            model: '',
+            language: llmService.detectLanguage(userMessage)
+        };
+
+        // Step 1: Security scan on user input
+        const inputScan = securityService.scanForSensitiveData(userMessage);
+        if (inputScan.length > 0) {
+            result.sensitiveDataWarnings = inputScan;
+        }
+
+        // Step 2: Load memories
+        const memories = await memoryService.getUserContext(user._id || user.id);
+
+        // Step 3: Get tools for user's active pack
+        const tools = toolRegistry.getToolsForPack(user.activePack || 'personal');
+
+        // Step 4: Build system prompt and call LLM
+        const systemPrompt = llmService.buildSystemPrompt(user, tools, memories);
+
+        const messages = [
+            ...conversationHistory.map(m => ({ role: m.role, content: m.content })),
+            { role: 'user', content: userMessage }
+        ];
+
+        const llmResponse = await llmService.chat(messages, systemPrompt, user);
+        result.response = llmResponse.content;
+        result.tokensUsed = llmResponse.tokensUsed;
+        result.model = llmResponse.model;
+
+        // Step 5: Execute Agentic Loop (up to 20 steps for massive multi-tasking)
+        let loopCount = 0;
+        const maxLoops = 20;
+        let currentMessages = [...messages, { role: 'assistant', content: llmResponse.content }];
+        let currentResponse = llmResponse.content;
+
+        while (loopCount < maxLoops) {
+            loopCount++;
+
+            // Extract planning / thought process and stream it to the user
+            const thoughtProcess = currentResponse.replace(/```(?:tool_call|json)?\s*[\s\S]*?```/g, '').trim();
+            if (thoughtProcess && onProgress) {
+                // Send only if there's substantial text, maybe filtering short OKs
+                if (thoughtProcess.length > 10) {
+                    await onProgress(`\n${thoughtProcess}\n`);
+                }
+            }
+
+            const toolCalls = llmService.parseToolCalls(currentResponse);
+            if (toolCalls.length === 0) {
+                // Done! No more tools to call
+                result.response = currentResponse;
+                break;
+            }
+
+            const stepToolResults = [];
+            for (const tc of toolCalls) {
+                const toolResult = {
+                    toolName: tc.tool,
+                    arguments: tc.args,
+                    status: 'pending',
+                    riskLevel: securityService.assessRisk(tc.tool),
+                    result: null
+                };
+
+                const permCheck = securityService.requiresPermission(tc.tool, user.permissions);
+                if (permCheck === 'blocked') {
+                    toolResult.status = 'blocked';
+                    toolResult.result = `🚫 Tool "${tc.tool}" blocked by your permission settings.`;
+                } else {
+                    try {
+                        toolResult.status = 'running';
+                        console.log(`🔧 Executing tool: ${tc.tool}`, JSON.stringify(tc.args));
+                        const execResult = await toolRegistry.executeTool(tc.tool, tc.args, user);
+                        toolResult.result = execResult.result;
+                        if (execResult.notificationParams) toolResult.notificationParams = execResult.notificationParams;
+                        toolResult.status = execResult.success ? 'completed' : 'failed';
+                        console.log(`✅ Tool ${tc.tool}: ${toolResult.status}`);
+                    } catch (error) {
+                        toolResult.status = 'failed';
+                        toolResult.result = `Error: ${error.message}`;
+                        console.error(`❌ Tool ${tc.tool} error:`, error.message);
+                    }
+                }
+
+                stepToolResults.push(toolResult);
+
+                // Audit log
+                try {
+                    await AuditLog.create({
+                        userId: user._id || user.id,
+                        action: `Tool: ${tc.tool}`,
+                        category: toolRegistry.getTool(tc.tool)?.category || 'tool',
+                        details: {
+                            toolName: tc.tool,
+                            input: tc.args,
+                            output: toolResult.result,
+                            riskLevel: toolResult.riskLevel,
+                            permissionGranted: toolResult.status !== 'blocked'
+                        },
+                        status: toolResult.status === 'completed' ? 'success' :
+                            toolResult.status === 'blocked' ? 'blocked' : 'failed'
+                    });
+                } catch (e) { console.error('Audit log error:', e); }
+            }
+
+            result.toolCalls.push(...stepToolResults);
+
+            if (stepToolResults.some(tc => tc.status === 'completed' || tc.status === 'failed')) {
+                const toolResultsText = stepToolResults
+                    .map(tc => {
+                        let text = `Tool "${tc.toolName}" result:\n${tc.result}`;
+                        if (tc.status === 'failed') {
+                            text += `\n\nFAILURE DETECTED. Please analyze the error, auto-correct your parameters, and retry.`;
+                        }
+                        return text;
+                    })
+                    .join('\n\n');
+
+                currentMessages.push({
+                    role: 'user',
+                    content: `[System Temporary Memory] Tool Execution Results:\n${toolResultsText}\n\nReview the results. If failed, apply FAILURE RECOVERY by retrying with different parameters. If all tasks are completed, output the final completion message.`
+                });
+
+                const followUp = await llmService.chat(currentMessages, systemPrompt, user);
+                currentResponse = followUp.content;
+                currentMessages.push({ role: 'assistant', content: currentResponse });
+                if (followUp.tokensUsed) result.tokensUsed += followUp.tokensUsed;
+            } else {
+                // Tools were blocked or something weird happened - exit loop early
+                result.response = currentResponse;
+                break;
+            }
+        }
+
+        if (loopCount >= maxLoops) {
+            result.response = currentResponse + '\n\n*(Note: Task reached maximum automated steps limit and was paused for your review.)*';
+        }
+
+        // Step 8: Scan output for sensitive data
+        const outputScan = securityService.scanForSensitiveData(result.response);
+        if (outputScan.length > 0) {
+            result.sensitiveDataWarnings = [...result.sensitiveDataWarnings, ...outputScan];
+            result.response = securityService.maskSensitiveData(result.response);
+        }
+
+        // Step 9: Extract memories from conversation
+        try {
+            await memoryService.extractFromMessage(user._id || user.id, userMessage);
+        } catch (e) {
+            // Non-critical
+        }
+
+        return result;
+    }
+}
+
+module.exports = new PlannerService();

package/backend/services/security/securityService.js

@@ -0,0 +1,166 @@
+const { SENSITIVE_PATTERNS } = require('../../config/constants');
+
+class SecurityService {
+    /**
+     * Scan text for sensitive Indian data patterns (PAN, Aadhaar, Phone, etc.)
+     */
+    scanForSensitiveData(text) {
+        const findings = [];
+
+        if (!text || typeof text !== 'string') return findings;
+
+        // PAN Card
+        const panMatches = text.match(SENSITIVE_PATTERNS.PAN);
+        if (panMatches) {
+            findings.push({
+                type: 'PAN Card',
+                typeHi: 'पैन कार्ड',
+                count: panMatches.length,
+                risk: 'high',
+                icon: '🔴',
+                message: `${panMatches.length} PAN number(s) detected`,
+                messageHi: `${panMatches.length} पैन नंबर मिला`
+            });
+        }
+
+        // Aadhaar
+        const aadhaarMatches = text.match(SENSITIVE_PATTERNS.AADHAAR);
+        if (aadhaarMatches) {
+            findings.push({
+                type: 'Aadhaar Number',
+                typeHi: 'आधार नंबर',
+                count: aadhaarMatches.length,
+                risk: 'critical',
+                icon: '🔴',
+                message: `${aadhaarMatches.length} Aadhaar number(s) detected`,
+                messageHi: `${aadhaarMatches.length} आधार नंबर मिला`
+            });
+        }
+
+        // Phone Numbers
+        const phoneMatches = text.match(SENSITIVE_PATTERNS.PHONE);
+        if (phoneMatches) {
+            findings.push({
+                type: 'Phone Number',
+                typeHi: 'फ़ोन नंबर',
+                count: phoneMatches.length,
+                risk: 'medium',
+                icon: '🟡',
+                message: `${phoneMatches.length} phone number(s) detected`,
+                messageHi: `${phoneMatches.length} फ़ोन नंबर मिला`
+            });
+        }
+
+        // Email
+        const emailMatches = text.match(SENSITIVE_PATTERNS.EMAIL);
+        if (emailMatches) {
+            findings.push({
+                type: 'Email Address',
+                typeHi: 'ईमेल',
+                count: emailMatches.length,
+                risk: 'low',
+                icon: '🟢',
+                message: `${emailMatches.length} email address(es) detected`,
+                messageHi: `${emailMatches.length} ईमेल मिला`
+            });
+        }
+
+        // IFSC Code
+        const ifscMatches = text.match(SENSITIVE_PATTERNS.IFSC);
+        if (ifscMatches) {
+            findings.push({
+                type: 'IFSC Code',
+                typeHi: 'IFSC कोड',
+                count: ifscMatches.length,
+                risk: 'high',
+                icon: '🔴',
+                message: `${ifscMatches.length} IFSC code(s) detected`,
+                messageHi: `${ifscMatches.length} IFSC कोड मिला`
+            });
+        }
+
+        return findings;
+    }
+
+    /**
+     * Mask sensitive data in text
+     * Preserves UPI IDs and UPI links (phone numbers inside UPI should NOT be masked)
+     */
+    maskSensitiveData(text) {
+        if (!text) return text;
+        let masked = text;
+
+        // Step 1: Temporarily protect UPI links and UPI IDs from masking
+        const upiPlaceholders = [];
+        // Protect full UPI deep links: upi://pay?pa=...
+        masked = masked.replace(/upi:\/\/pay\?[^\s\n`"')]+/gi, (match) => {
+            const idx = upiPlaceholders.length;
+            upiPlaceholders.push(match);
+            return `__UPI_LINK_${idx}__`;
+        });
+        // Protect UPI IDs: something@upihandle (e.g. 9301105706@yespop)
+        masked = masked.replace(/[\w.\-+]+@[a-zA-Z]{2,}/g, (match) => {
+            // Only protect if it looks like a UPI ID (ends with known UPI handles or short handle)
+            const upiHandles = ['ybl', 'okhdfcbank', 'okicici', 'okaxis', 'oksbi', 'paytm',
+                'apl', 'yespop', 'upi', 'ibl', 'sbi', 'axisbank', 'icici', 'hdfcbank',
+                'kotak', 'pnb', 'boi', 'cnrb', 'unionbank', 'indianbank', 'federal'];
+            const handle = match.split('@')[1]?.toLowerCase();
+            if (handle && (upiHandles.includes(handle) || handle.length <= 6)) {
+                const idx = upiPlaceholders.length;
+                upiPlaceholders.push(match);
+                return `__UPI_LINK_${idx}__`;
+            }
+            return match; // Not a UPI ID, leave for email detection
+        });
+
+        // Step 2: Apply masking
+        masked = masked.replace(SENSITIVE_PATTERNS.PAN, (match) => match.substring(0, 2) + '***' + match.substring(match.length - 2));
+        masked = masked.replace(SENSITIVE_PATTERNS.AADHAAR, (match) => 'XXXX XXXX ' + match.trim().slice(-4));
+        masked = masked.replace(SENSITIVE_PATTERNS.PHONE, (match) => match.substring(0, 4) + '****' + match.substring(match.length - 2));
+
+        // Step 3: Restore protected UPI content
+        for (let i = 0; i < upiPlaceholders.length; i++) {
+            masked = masked.replace(`__UPI_LINK_${i}__`, upiPlaceholders[i]);
+        }
+
+        return masked;
+    }
+
+    /**
+     * Assess risk level of a tool action
+     */
+    assessRisk(toolName, args) {
+        const highRiskTools = ['file_delete', 'send_email', 'browser_automation'];
+        const mediumRiskTools = ['file_write', 'calendar_schedule'];
+        const lowRiskTools = ['web_search', 'calculate', 'weather_info', 'summarize_text', 'note_take'];
+
+        if (highRiskTools.includes(toolName)) return 'high';
+        if (mediumRiskTools.includes(toolName)) return 'medium';
+        if (lowRiskTools.includes(toolName)) return 'low';
+        return 'medium';
+    }
+
+    /**
+     * Check if action requires user permission
+     */
+    requiresPermission(toolName, userPermissions) {
+        const toolPermissionMap = {
+            'file_read': 'fileAccess',
+            'file_write': 'fileAccess',
+            'file_delete': 'fileAccess',
+            'send_email': 'emailAccess',
+            'browser_automation': 'browserAccess',
+            'calendar_schedule': 'calendarAccess'
+        };
+
+        const permKey = toolPermissionMap[toolName];
+        if (!permKey) return false;
+
+        const perm = userPermissions?.[permKey] || 'ask';
+        if (perm === 'allow_always') return false;
+        if (perm === 'never') return 'blocked';
+        return true;
+    }
+}
+
+module.exports = new SecurityService();

package/backend/services/telegram/telegramService.js

@@ -0,0 +1,49 @@
+class TelegramService {
+    constructor() {
+        this.botToken = process.env.TELEGRAM_BOT_TOKEN;
+        this.apiUrl = `https://api.telegram.org/bot${this.botToken}`;
+    }
+
+    async sendMessage(chatId, text) {
+        if (!this.botToken) {
+            console.error('Telegram Bot Token not configured!');
+            return;
+        }
+
+        try {
+            const response = await fetch(`${this.apiUrl}/sendMessage`, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({
+                    chat_id: chatId,
+                    text: text,
+                    parse_mode: 'Markdown'
+                })
+            });
+
+            if (!response.ok) {
+                const error = await response.text();
+                console.error('Telegram send error:', error);
+                return { success: false, error };
+            }
+
+            return { success: true };
+        } catch (error) {
+            console.error('Telegram Service Error:', error);
+            return { success: false, error: error.message };
+        }
+    }
+
+    async setWebhook(url) {
+        try {
+            const response = await fetch(`${this.apiUrl}/setWebhook?url=${url}`);
+            const data = await response.json();
+            console.log('Telegram Webhook Setup:', data);
+            return data;
+        } catch (error) {
+            console.error('Telegram webhook setup error:', error);
+        }
+    }
+}
+
+module.exports = new TelegramService();