samarthya-bot 2.2.0 → 2.3.0

package/backend/public/index.html

@@ -1,18 +1,188 @@
 <!DOCTYPE html>
 <html lang="en">
-  <head>
-    <meta charset="UTF-8" />
-    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="description" content="SamarthyaBot - Privacy-first Personal AI Operator built for Indian workflows. Hindi, Hinglish & English support." />
-    <meta name="theme-color" content="#0f0f23" />
-    <link rel="manifest" href="/manifest.json" />
-    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700;800&family=Noto+Sans+Devanagari:wght@400;500;600;700&display=swap" rel="stylesheet">
-    <title>SamarthyaBot - समर्थ्य बोट | Personal AI Operator</title>
-    <script type="module" crossorigin src="/assets/index-BFRAq8Y1.js"></script>
-    <link rel="stylesheet" crossorigin href="/assets/index-J7XSVHCz.css">
-  </head>
-  <body>
-    <div id="root"></div>
-  </body>
-</html>
+
+<head>
+  <meta charset="UTF-8" />
+  <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+
+  <!-- Primary SEO Meta Tags -->
+  <title>SamarthyaBot — Privacy-First AI Agent OS | Self-Hosted AI Operating System | Made in India</title>
+  <meta name="description"
+    content="SamarthyaBot is a privacy-first, self-hosted AI operating system. Multi-agent RPA engine with Telegram, Discord, browser automation, SSH deployment, encrypted memory, and Indian workflow support (GST, UPI, IRCTC). Supports Gemini, Claude, GPT, Ollama. Free and open-source." />
+  <meta name="keywords"
+    content="SamarthyaBot, AI agent, AI operating system, self-hosted AI, privacy AI, local AI, chatbot, Telegram bot, Discord bot, RPA, robotic process automation, browser automation, Puppeteer, SSH deployment, encrypted memory, Gemini, Claude, GPT, Ollama, DeepSeek, OpenRouter, Indian AI, Hindi AI, GST calculator, UPI, IRCTC, Node.js, React, MongoDB, open source, Made in India" />
+  <meta name="author" content="Bishnu Prasad Sahu" />
+  <meta name="robots" content="index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1" />
+  <link rel="canonical" href="https://github.com/mebishnusahu0595/SamarthyaBot" />
+  <meta name="theme-color" content="#0f0f23" />
+
+  <!-- Open Graph / Facebook -->
+  <meta property="og:type" content="website" />
+  <meta property="og:url" content="https://github.com/mebishnusahu0595/SamarthyaBot" />
+  <meta property="og:title" content="SamarthyaBot — Privacy-First AI Agent OS | Made in India" />
+  <meta property="og:description"
+    content="Self-hosted multi-agent AI operating system with Telegram, Discord, browser automation, SSH deployment, and Indian workflow support. Supports 9 AI providers including Gemini, Claude, GPT, Ollama (offline). Free and open-source." />
+  <meta property="og:image"
+    content="https://raw.githubusercontent.com/mebishnusahu0595/SamarthyaBot/main/backend/public/logo.png" />
+  <meta property="og:site_name" content="SamarthyaBot" />
+  <meta property="og:locale" content="en_IN" />
+
+  <!-- Twitter Card -->
+  <meta name="twitter:card" content="summary_large_image" />
+  <meta name="twitter:url" content="https://github.com/mebishnusahu0595/SamarthyaBot" />
+  <meta name="twitter:title" content="SamarthyaBot — Privacy-First AI Agent OS" />
+  <meta name="twitter:description"
+    content="Self-hosted AI operating system with Telegram, Discord, browser automation, SSH, encrypted memory. 9 AI providers. Free, open-source, Made in India." />
+  <meta name="twitter:image"
+    content="https://raw.githubusercontent.com/mebishnusahu0595/SamarthyaBot/main/backend/public/logo.png" />
+
+  <!-- JSON-LD Structured Data for AI Search Engines (GEO) -->
+  <script type="application/ld+json">
+    {
+      "@context": "https://schema.org",
+      "@type": "SoftwareApplication",
+      "name": "SamarthyaBot",
+      "alternateName": ["समर्थ्य बोट", "Samarthya Bot", "SamarthyaBot AI"],
+      "description": "SamarthyaBot is a privacy-first, self-hosted AI operating system built for Indian developers. It features multi-agent RPA automation, browser control via Puppeteer, SSH deployment, encrypted memory, voice transcription, and supports 9 AI providers including Gemini, Claude, GPT, and Ollama (offline).",
+      "url": "https://github.com/mebishnusahu0595/SamarthyaBot",
+      "downloadUrl": "https://www.npmjs.com/package/samarthya-bot",
+      "installUrl": "https://www.npmjs.com/package/samarthya-bot",
+      "applicationCategory": "DeveloperApplication",
+      "applicationSubCategory": "AI Agent, RPA, Automation, Chatbot",
+      "operatingSystem": "Linux, macOS, Windows",
+      "softwareVersion": "2.2.0",
+      "softwareRequirements": "Node.js >= 20.0.0, MongoDB",
+      "programmingLanguage": ["JavaScript", "Go", "React"],
+      "isAccessibleForFree": true,
+      "license": "https://opensource.org/licenses/MIT",
+      "inLanguage": ["en", "hi"],
+      "offers": {
+        "@type": "Offer",
+        "price": "0",
+        "priceCurrency": "USD",
+        "availability": "https://schema.org/InStock"
+      },
+      "author": {
+        "@type": "Person",
+        "name": "Bishnu Prasad Sahu",
+        "url": "https://github.com/mebishnusahu0595",
+        "nationality": {
+          "@type": "Country",
+          "name": "India"
+        }
+      },
+      "publisher": {
+        "@type": "Person",
+        "name": "Bishnu Prasad Sahu"
+      },
+      "datePublished": "2026-02-25",
+      "dateModified": "2026-03-05",
+      "codeRepository": "https://github.com/mebishnusahu0595/SamarthyaBot",
+      "keywords": "AI agent, AI operating system, self-hosted AI, privacy-first AI, local AI, RPA, chatbot, Telegram bot, Discord bot, Puppeteer, SSH deployment, encrypted memory, Gemini, Claude, GPT, Ollama, DeepSeek, Indian AI, Hindi, GST, UPI, Node.js, React, MongoDB, open source, Made in India, samarthya, samarthyabot",
+      "featureList": [
+        "Multi-agent RPA engine — writes code, commits to GitHub, deploys autonomously",
+        "9 AI providers — Gemini, Claude, GPT, Ollama, DeepSeek, Qwen, OpenRouter, Groq, Mistral",
+        "Real browser automation via Puppeteer — scrape, click, navigate",
+        "SSH deployment to remote servers with password or PEM key",
+        "AES-256-CBC encrypted memory in MongoDB",
+        "Telegram and Discord bot integrations",
+        "Voice transcription via Groq/Whisper",
+        "Indian workflow automation — GST, UPI, IRCTC, Hindi/Hinglish",
+        "Drop-in JavaScript plugin system",
+        "Go micro-worker for live terminal streaming",
+        "Workspace security sandbox",
+        "Heartbeat periodic autonomous tasks",
+        "Beautiful React web dashboard with dark theme"
+      ]
+    }
+    </script>
+
+  <!-- FAQ Structured Data for Google & AI Search -->
+  <script type="application/ld+json">
+    {
+      "@context": "https://schema.org",
+      "@type": "FAQPage",
+      "mainEntity": [
+        {
+          "@type": "Question",
+          "name": "What is SamarthyaBot?",
+          "acceptedAnswer": {
+            "@type": "Answer",
+            "text": "SamarthyaBot is a privacy-first, self-hosted AI operating system that runs locally on your machine. It combines chatbot capabilities with full RPA (Robotic Process Automation) — meaning it can write code, deploy servers, control browsers, send emails, and automate Indian workflows like GST and UPI."
+          }
+        },
+        {
+          "@type": "Question",
+          "name": "How do I install SamarthyaBot?",
+          "acceptedAnswer": {
+            "@type": "Answer",
+            "text": "Install SamarthyaBot with a single NPM command: npm install -g samarthya-bot. Then run 'samarthya onboard' for guided setup. Requires Node.js 20+ and MongoDB."
+          }
+        },
+        {
+          "@type": "Question",
+          "name": "Is SamarthyaBot free?",
+          "acceptedAnswer": {
+            "@type": "Answer",
+            "text": "Yes, SamarthyaBot is 100% free and open-source under the MIT license. It supports free AI providers like Google Gemini and Ollama (fully offline)."
+          }
+        },
+        {
+          "@type": "Question",
+          "name": "Does SamarthyaBot work offline?",
+          "acceptedAnswer": {
+            "@type": "Answer",
+            "text": "Yes! Using Ollama as the AI provider, SamarthyaBot runs 100% offline with zero data leakage. No internet connection required after initial setup."
+          }
+        },
+        {
+          "@type": "Question",
+          "name": "What AI models does SamarthyaBot support?",
+          "acceptedAnswer": {
+            "@type": "Answer",
+            "text": "SamarthyaBot supports 9 AI providers with 20+ models: Google Gemini, Ollama (local), Anthropic Claude, OpenAI GPT, DeepSeek, Qwen, OpenRouter (100+ models), Groq, and Mistral."
+          }
+        },
+        {
+          "@type": "Question",
+          "name": "Does SamarthyaBot support Hindi?",
+          "acceptedAnswer": {
+            "@type": "Answer",
+            "text": "Yes! SamarthyaBot has first-class support for Hindi, Hinglish, and English. It's built specifically for Indian developers with Indian workflow support including GST, UPI, and IRCTC."
+          }
+        },
+        {
+          "@type": "Question",
+          "name": "Is my data safe with SamarthyaBot?",
+          "acceptedAnswer": {
+            "@type": "Answer",
+            "text": "Absolutely. SamarthyaBot runs entirely on your local machine. All memories are encrypted with AES-256-CBC. Dangerous commands are blocked by regex blacklists. Your data never leaves your device."
+          }
+        },
+        {
+          "@type": "Question",
+          "name": "How is SamarthyaBot different from ChatGPT?",
+          "acceptedAnswer": {
+            "@type": "Answer",
+            "text": "Unlike ChatGPT, SamarthyaBot runs locally on your machine, can execute real actions (deploy code, send emails, control browsers), supports Indian workflows (GST, UPI), works offline via Ollama, and your data never leaves your device."
+          }
+        }
+      ]
+    }
+    </script>
+
+  <!-- Fonts & PWA -->
+  <link rel="manifest" href="/manifest.json" />
+  <link
+    href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700;800&family=Noto+Sans+Devanagari:wght@400;500;600;700&display=swap"
+    rel="stylesheet">
+  <script type="module" crossorigin src="/assets/index-Dn5WYZTH.js"></script>
+  <link rel="stylesheet" crossorigin href="/assets/index-DiMx9ERJ.css">
+</head>
+
+<body>
+  <div id="root"></div>
+</body>
+
+</html>

package/backend/public/robots.txt

@@ -0,0 +1,32 @@
+# SamarthyaBot Robots.txt
+# Privacy-First AI Agent OS - https://github.com/mebishnusahu0595/SamarthyaBot
+
+User-agent: *
+Allow: /
+
+# Allow all major search engines and AI crawlers
+User-agent: Googlebot
+Allow: /
+
+User-agent: Bingbot
+Allow: /
+
+User-agent: GPTBot
+Allow: /
+
+User-agent: ChatGPT-User
+Allow: /
+
+User-agent: Google-Extended
+Allow: /
+
+User-agent: PerplexityBot
+Allow: /
+
+User-agent: ClaudeBot
+Allow: /
+
+User-agent: Applebot-Extended
+Allow: /
+
+Sitemap: https://github.com/mebishnusahu0595/SamarthyaBot

package/backend/public/sitemap.xml

@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
+  <url>
+    <loc>https://github.com/mebishnusahu0595/SamarthyaBot</loc>
+    <lastmod>2026-03-05</lastmod>
+    <changefreq>weekly</changefreq>
+    <priority>1.0</priority>
+  </url>
+  <url>
+    <loc>https://www.npmjs.com/package/samarthya-bot</loc>
+    <lastmod>2026-03-05</lastmod>
+    <changefreq>weekly</changefreq>
+    <priority>0.9</priority>
+  </url>
+  <url>
+    <loc>https://github.com/mebishnusahu0595/SamarthyaBot/blob/main/README.md</loc>
+    <lastmod>2026-03-05</lastmod>
+    <changefreq>weekly</changefreq>
+    <priority>0.8</priority>
+  </url>
+  <url>
+    <loc>https://github.com/mebishnusahu0595/SamarthyaBot/blob/main/CONTRIBUTING.md</loc>
+    <lastmod>2026-03-05</lastmod>
+    <changefreq>monthly</changefreq>
+    <priority>0.6</priority>
+  </url>
+  <url>
+    <loc>https://github.com/mebishnusahu0595/SamarthyaBot/blob/main/SECURITY.md</loc>
+    <lastmod>2026-03-05</lastmod>
+    <changefreq>monthly</changefreq>
+    <priority>0.6</priority>
+  </url>
+  <url>
+    <loc>https://github.com/mebishnusahu0595/SamarthyaBot/blob/main/CHANGELOG.md</loc>
+    <lastmod>2026-03-05</lastmod>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+</urlset>

package/backend/services/agent/commandService.js

@@ -0,0 +1,168 @@
+/**
+ * Chat Slash-Command Handler  (OpenClaw-style control commands)
+ * ------------------------------------------------------------------
+ * Lets users control the agent directly from any channel (Web / Telegram
+ * / Discord) using `/command` syntax — without spending an LLM call.
+ *
+ * Supported:
+ *   /help                 Show this help
+ *   /status               Agent status: provider, model, pack, host OS
+ *   /tools  | /skills     List the tools available in the current pack
+ *   /pack [name]          Show or switch the active tool pack
+ *   /model                Show the active AI provider + model
+ *   /whoami               Show the current user + permissions
+ *   /clear | /reset | /new  Start a fresh conversation
+ *   /memory               Show how many memories are stored
+ *   /version              Show SamarthyaBot version
+ */
+
+const path = require('path');
+const toolRegistry = require('../tools/toolRegistry');
+const platform = require('../system/platform');
+const { TOOL_PACKS } = require('../../config/constants');
+
+let VERSION = '0.0.0';
+try {
+    VERSION = require(path.join(__dirname, '../../../package.json')).version;
+} catch (_) { /* ignore */ }
+
+function isCommand(message) {
+    return typeof message === 'string' && message.trim().startsWith('/');
+}
+
+/**
+ * Handle a slash command.
+ * @returns {{ handled: boolean, response?: string, action?: string }}
+ *   `action` is an optional signal the caller can act on (e.g. 'new_conversation').
+ */
+async function handleCommand(message, user = {}) {
+    const raw = message.trim();
+    const [cmdToken, ...rest] = raw.slice(1).split(/\s+/);
+    const cmd = (cmdToken || '').toLowerCase();
+    const arg = rest.join(' ').trim();
+    const activePack = user.activePack || 'personal';
+
+    switch (cmd) {
+        case 'help':
+        case 'commands':
+        case 'h':
+            return {
+                handled: true,
+                response:
+                    `🤖 **SamarthyaBot Commands**\n\n` +
+                    `\`/status\` — agent status (provider, model, OS)\n` +
+                    `\`/tools\` — list available skills in your pack\n` +
+                    `\`/pack [name]\` — show/switch tool pack (student, business, developer, personal)\n` +
+                    `\`/model\` — show active AI model\n` +
+                    `\`/whoami\` — your profile & permissions\n` +
+                    `\`/memory\` — stored memory count\n` +
+                    `\`/new\` (or \`/clear\`, \`/reset\`) — start a fresh chat\n` +
+                    `\`/version\` — SamarthyaBot version\n\n` +
+                    `_Type any normal message to talk to the AI agent._`
+            };
+
+        case 'status':
+        case 'stat': {
+            const provider = (process.env.ACTIVE_PROVIDER || 'gemini').toUpperCase();
+            const model = process.env.ACTIVE_MODEL || process.env.OLLAMA_MODEL || 'gemini-2.5-flash';
+            const offline = process.env.USE_OLLAMA === 'true';
+            const toolCount = toolRegistry.getToolsForPack(activePack).length;
+            return {
+                handled: true,
+                response:
+                    `🟢 **SamarthyaBot is ONLINE**\n\n` +
+                    `🧠 Provider: **${provider}**${offline ? ' (offline)' : ''}\n` +
+                    `🤖 Model: **${model}**\n` +
+                    `🎒 Active Pack: **${activePack}** (${toolCount} skills)\n` +
+                    `💻 Host: **${platform.describe()}**\n` +
+                    `📦 Version: **v${VERSION}**`
+            };
+        }
+
+        case 'tools':
+        case 'skills': {
+            const tools = toolRegistry.getToolsForPack(activePack);
+            const list = tools
+                .map(t => `• \`${t.name}\` — ${t.description?.split('.')[0] || ''}`)
+                .join('\n');
+            return {
+                handled: true,
+                response: `🛠️ **${tools.length} skills available** (pack: ${activePack})\n\n${list}`
+            };
+        }
+
+        case 'pack': {
+            if (!arg) {
+                const names = Object.keys(TOOL_PACKS).map(k => `• **${k}** — ${TOOL_PACKS[k].description}`).join('\n');
+                return {
+                    handled: true,
+                    response: `🎒 Active pack: **${activePack}**\n\nAvailable packs:\n${names}\n\n_Switch with_ \`/pack <name>\``
+                };
+            }
+            const target = arg.toLowerCase();
+            if (!TOOL_PACKS[target]) {
+                return { handled: true, response: `❌ Unknown pack "${target}". Options: ${Object.keys(TOOL_PACKS).join(', ')}` };
+            }
+            // Persist the switch when the user object is a saveable model.
+            try {
+                user.activePack = target;
+                if (typeof user.save === 'function') await user.save();
+            } catch (_) { /* best effort */ }
+            return {
+                handled: true,
+                action: 'switch_pack',
+                actionValue: target,
+                response: `✅ Switched to **${target}** pack (${TOOL_PACKS[target].tools.length} skills).`
+            };
+        }
+
+        case 'model': {
+            const provider = (process.env.ACTIVE_PROVIDER || 'gemini').toUpperCase();
+            const model = process.env.ACTIVE_MODEL || process.env.OLLAMA_MODEL || 'gemini-2.5-flash';
+            return {
+                handled: true,
+                response: `🤖 Active model: **${model}** via **${provider}**\n\n_Change it from the CLI:_ \`samarthya model\``
+            };
+        }
+
+        case 'whoami': {
+            const name = user.name || user.username || 'User';
+            const perms = user.permissions ? JSON.stringify(user.permissions) : 'defaults';
+            return {
+                handled: true,
+                response: `👤 **${name}**\n🎒 Pack: ${activePack}\n🗣️ Language: ${user.language || 'auto'}\n🔐 Permissions: ${perms}`
+            };
+        }
+
+        case 'memory':
+        case 'mem': {
+            let count = 'unknown';
+            try {
+                const Memory = require('../../models/Memory');
+                count = await Memory.countDocuments({ userId: user._id || user.id });
+            } catch (_) { /* ignore */ }
+            return { handled: true, response: `🧠 You have **${count}** stored memories.` };
+        }
+
+        case 'new':
+        case 'clear':
+        case 'reset':
+            return {
+                handled: true,
+                action: 'new_conversation',
+                response: `🆕 Started a fresh conversation. Previous context cleared.`
+            };
+
+        case 'version':
+        case 'v':
+            return { handled: true, response: `📦 SamarthyaBot **v${VERSION}** — Made in India 🇮🇳` };
+
+        default:
+            return {
+                handled: true,
+                response: `❓ Unknown command \`/${cmd}\`. Type \`/help\` to see all commands.`
+            };
+    }
+}
+
+module.exports = { isCommand, handleCommand };

package/backend/services/llm/llmService.js

@@ -1,4 +1,5 @@
 const { GoogleGenAI } = require("@google/genai");
+const platform = require("../system/platform");
 
 class LLMService {
     constructor() {
@@ -60,6 +61,13 @@ You are intelligent, helpful, and respectful. You understand Indian culture, fes
 
 CURRENT DATE & TIME (IST): ${currentDateTime}
 
+HOST ENVIRONMENT: ${platform.describe()}
+OS COMMAND RULE: This machine runs **${platform.OS.toUpperCase()}**. When using run_command / devops_execute_stream, ALWAYS use shell commands valid for ${platform.OS}.
+${platform.isWindows
+            ? '  • Windows: use `dir`, `type`, `copy`, `del`, `move`, `where`, PowerShell cmdlets. Do NOT use ls/cat/rm/grep.'
+            : '  • Unix (' + platform.OS + '): use `ls`, `cat`, `cp`, `mv`, `grep`, `find`. Do NOT use Windows-only commands.'}
+  • To open a URL/file/app, prefer the \`open_path\` tool (it auto-picks start/open/xdg-open).
+
 USER PROFILE:
 - Name: ${user.name || 'User'}
 - Language: ${user.language || 'hinglish'}

package/backend/services/planner/plannerService.js

@@ -2,6 +2,7 @@ const llmService = require('../llm/llmService');
 const toolRegistry = require('../tools/toolRegistry');
 const securityService = require('../security/securityService');
 const memoryService = require('../memory/memoryService');
+const commandService = require('../agent/commandService');
 const AuditLog = require('../../models/AuditLog');
 
 class PlannerService {
@@ -27,6 +28,22 @@ class PlannerService {
             language: llmService.detectLanguage(userMessage)
         };
 
+        // Step 0: Intercept slash-commands (instant, no LLM call) — works on
+        // every channel (Web / Telegram / Discord) since they all route here.
+        if (commandService.isCommand(userMessage)) {
+            try {
+                const cmd = await commandService.handleCommand(userMessage, user);
+                if (cmd.handled) {
+                    result.response = cmd.response;
+                    result.command = { action: cmd.action || null, value: cmd.actionValue || null };
+                    return result;
+                }
+            } catch (e) {
+                result.response = `⚠️ Command error: ${e.message}`;
+                return result;
+            }
+        }
+
         // Step 1: Security scan on user input
         const inputScan = securityService.scanForSensitiveData(userMessage);
         if (inputScan.length > 0) {

package/backend/services/security/sandboxService.js

@@ -42,14 +42,21 @@ class SandboxService {
         if (!this.enabled) return { allowed: true, reason: 'Sandbox disabled' };
 
         const resolvedPath = path.resolve(filePath);
-        const resolvedWorkspace = path.resolve(this.workspace);
 
-        if (resolvedPath.startsWith(resolvedWorkspace)) {
+        // True containment check: the path must equal the directory or sit
+        // inside it (boundary-aware), so siblings like
+        // `.../SamarthyaBot_Files_evil` do NOT pass a naive startsWith().
+        const isInside = (child, parent) => {
+            const rel = path.relative(parent, child);
+            return rel === '' || (!rel.startsWith('..') && !path.isAbsolute(rel));
+        };
+
+        if (isInside(resolvedPath, path.resolve(this.workspace))) {
             return { allowed: true, reason: 'Path is within workspace' };
         }
 
-        // Allow /tmp for scratch files
-        if (resolvedPath.startsWith('/tmp') || resolvedPath.startsWith(os.tmpdir())) {
+        // Allow the OS temp directory for scratch files
+        if (isInside(resolvedPath, os.tmpdir())) {
             return { allowed: true, reason: 'Path is in temp directory' };
         }