sanook-cli 0.5.1 → 0.5.5

package/dist/gateway/signal.js

@@ -0,0 +1,351 @@
+import { BRAND } from '../brand.js';
+import { redactKey } from '../providers/keys.js';
+import { runGatewayAgent } from './session.js';
+const SIGNAL_TEXT_LIMIT = 8000;
+const SIGNAL_DEFAULT_HTTP_URL = 'http://127.0.0.1:8080';
+const runningTargets = new Set();
+const recentSentTimestamps = new Set();
+export function normalizeSignalId(raw) {
+    const trimmed = raw?.trim();
+    if (!trimmed)
+        return undefined;
+    if (trimmed.toLowerCase().startsWith('group:')) {
+        const groupId = trimmed.slice(trimmed.indexOf(':') + 1).trim();
+        return groupId ? `group:${groupId}` : undefined;
+    }
+    if (/^\+?[\d\s().-]+$/.test(trimmed))
+        return trimmed.replace(/[\s().-]+/g, '');
+    return trimmed;
+}
+export function redactSignalId(raw) {
+    const normalized = normalizeSignalId(raw);
+    if (!normalized)
+        return '(not set)';
+    if (normalized === '*')
+        return '*';
+    const prefix = normalized.startsWith('group:') ? 'group:' : '';
+    const value = prefix ? normalized.slice(prefix.length) : normalized;
+    if (value.length <= 6)
+        return `${prefix}<redacted>`;
+    if (value.startsWith('+') && value.length >= 8)
+        return `${value.slice(0, 4)}…${value.slice(-4)}`;
+    return `${prefix}${value.slice(0, 4)}…${value.slice(-4)}`;
+}
+export function signalHttpUrl(httpUrl) {
+    return (httpUrl?.trim() || SIGNAL_DEFAULT_HTTP_URL).replace(/\/+$/, '');
+}
+export function signalRpcUrl(httpUrl) {
+    return `${signalHttpUrl(httpUrl)}/api/v1/rpc`;
+}
+export function signalEventsUrl(httpUrl, account) {
+    return `${signalHttpUrl(httpUrl)}/api/v1/events?account=${encodeURIComponent(account)}`;
+}
+export function signalCheckUrl(httpUrl) {
+    return `${signalHttpUrl(httpUrl)}/api/v1/check`;
+}
+export function splitSignalText(raw, limit = SIGNAL_TEXT_LIMIT) {
+    let remaining = raw.trim() || '(ไม่มีผลลัพธ์)';
+    const chunks = [];
+    while (remaining.length > limit) {
+        const window = remaining.slice(0, limit + 1);
+        let cut = window.lastIndexOf('\n');
+        if (cut < Math.floor(limit * 0.4))
+            cut = window.lastIndexOf(' ');
+        if (cut < Math.floor(limit * 0.4))
+            cut = limit;
+        chunks.push(remaining.slice(0, cut).trim());
+        remaining = remaining.slice(cut).trimStart();
+    }
+    if (remaining)
+        chunks.push(remaining);
+    return chunks.length ? chunks : ['(ไม่มีผลลัพธ์)'];
+}
+function rememberSentTimestamp(timestamp) {
+    if (timestamp == null)
+        return;
+    const key = String(timestamp);
+    recentSentTimestamps.add(key);
+    setTimeout(() => recentSentTimestamps.delete(key), 5 * 60_000).unref?.();
+}
+export async function signalRpc(config, method, params, rpcId = `${Date.now()}-${Math.random().toString(16).slice(2)}`) {
+    const account = config.account?.trim();
+    const body = {
+        jsonrpc: '2.0',
+        method,
+        params: account && params.account == null ? { account, ...params } : params,
+        id: rpcId,
+    };
+    const r = await fetch(signalRpcUrl(config.httpUrl), {
+        method: 'POST',
+        headers: { 'content-type': 'application/json' },
+        body: JSON.stringify(body),
+    });
+    if (!r.ok) {
+        const detail = await r.text().catch(() => '');
+        throw new Error(`Signal JSON-RPC ${r.status}${detail ? `: ${redactKey(detail).slice(0, 200)}` : ''}`);
+    }
+    const parsed = (await r.json().catch(() => ({})));
+    if (parsed.error) {
+        const message = typeof parsed.error === 'string' ? parsed.error : parsed.error.message ?? JSON.stringify(parsed.error);
+        throw new Error(`Signal JSON-RPC error: ${redactKey(message)}`);
+    }
+    return parsed.result;
+}
+export async function sendSignalMessage(config, target, text) {
+    const account = normalizeSignalId(config.account);
+    const to = normalizeSignalId(target);
+    if (!config.httpUrl || !account)
+        throw new Error('Signal config ต้องมี httpUrl และ account');
+    if (!to)
+        throw new Error('Signal recipient ว่าง');
+    const chunks = splitSignalText(text);
+    const messageIds = [];
+    for (const chunk of chunks) {
+        const params = to.startsWith('group:')
+            ? { account, groupId: to.slice('group:'.length), message: chunk }
+            : { account, recipient: [to], message: chunk };
+        const result = (await signalRpc({ httpUrl: config.httpUrl, account }, 'send', params));
+        const timestamp = typeof result === 'object' && result ? result.timestamp : result;
+        if (timestamp != null) {
+            const id = String(timestamp);
+            messageIds.push(id);
+            rememberSentTimestamp(id);
+        }
+    }
+    return { to, messageCount: chunks.length, messageIds };
+}
+export function parseSignalSseLine(line) {
+    const trimmed = line.trimEnd();
+    if (!trimmed || trimmed.startsWith(':') || !trimmed.startsWith('data:'))
+        return null;
+    const data = trimmed.slice('data:'.length).trimStart();
+    if (!data)
+        return null;
+    return JSON.parse(data);
+}
+function objectRecord(value) {
+    return value && typeof value === 'object' ? value : undefined;
+}
+function stringField(record, ...keys) {
+    for (const key of keys) {
+        const value = record?.[key];
+        if (typeof value === 'string' && value.trim())
+            return value.trim();
+    }
+    return undefined;
+}
+function numberOrStringField(record, ...keys) {
+    for (const key of keys) {
+        const value = record?.[key];
+        if (typeof value === 'number' || (typeof value === 'string' && value.trim()))
+            return value;
+    }
+    return undefined;
+}
+export function signalEnvelopeMessage(raw, account) {
+    const outer = objectRecord(raw);
+    const envelope = objectRecord(outer?.envelope) ?? outer;
+    if (!envelope)
+        return null;
+    if (objectRecord(envelope.storyMessage))
+        return null;
+    const sync = objectRecord(objectRecord(envelope.syncMessage)?.sentMessage);
+    if (sync) {
+        const data = objectRecord(sync.dataMessage) ?? sync;
+        const groupId = stringField(objectRecord(data.groupInfo), 'groupId');
+        const destination = normalizeSignalId(stringField(sync, 'destination', 'destinationNumber', 'recipient'));
+        const self = normalizeSignalId(account);
+        const text = stringField(data, 'message');
+        if (!text)
+            return null;
+        if (!groupId && (!self || destination !== self))
+            return null;
+        const target = groupId ? `group:${groupId}` : self;
+        if (!target)
+            return null;
+        return {
+            target,
+            sender: self,
+            text,
+            groupId,
+            timestamp: numberOrStringField(sync, 'timestamp') ?? numberOrStringField(envelope, 'timestamp'),
+            noteToSelf: !groupId,
+        };
+    }
+    const dataMessage = objectRecord(envelope.dataMessage) ?? objectRecord(objectRecord(envelope.editMessage)?.dataMessage);
+    if (!dataMessage)
+        return null;
+    const text = stringField(dataMessage, 'message');
+    if (!text)
+        return null;
+    const groupId = stringField(objectRecord(dataMessage.groupInfo), 'groupId');
+    const sender = normalizeSignalId(stringField(envelope, 'sourceNumber', 'sourceUuid', 'source'));
+    const target = groupId ? `group:${groupId}` : sender;
+    if (!target)
+        return null;
+    return {
+        target,
+        sender,
+        text,
+        groupId,
+        timestamp: numberOrStringField(envelope, 'timestamp') ?? numberOrStringField(dataMessage, 'timestamp'),
+    };
+}
+export function isAllowedSignalSource(config, event) {
+    if (event.groupId) {
+        const allowed = config.groupAllowedUsers.map((id) => normalizeSignalId(id) ?? id.trim()).filter(Boolean);
+        return allowed.includes('*') || allowed.includes(event.groupId) || allowed.includes(`group:${event.groupId}`);
+    }
+    const sender = normalizeSignalId(event.sender ?? event.target);
+    if (!sender)
+        return false;
+    if (config.allowAllUsers)
+        return true;
+    if (sender === normalizeSignalId(config.homeChannel))
+        return true;
+    return config.allowedUsers.map(normalizeSignalId).includes(sender);
+}
+function signalPrompt(event) {
+    if (event.groupId) {
+        const sender = event.sender ? ` from ${redactSignalId(event.sender)}` : '';
+        return [`Signal group ${redactSignalId(event.target)}${sender}:`, event.text.trim()].join('\n');
+    }
+    return [`Signal from ${redactSignalId(event.sender ?? event.target)}:`, event.text.trim()].join('\n');
+}
+function signalMentioned(config, event) {
+    if (!event.groupId || !config.requireMention)
+        return true;
+    const account = normalizeSignalId(config.account);
+    return Boolean(account && event.text.includes(account));
+}
+export async function handleSignalEvent(opts) {
+    const event = opts.event;
+    const text = event.text.trim();
+    if (!text)
+        return { handled: false, reason: 'empty' };
+    if (event.timestamp != null && recentSentTimestamps.has(String(event.timestamp)))
+        return { handled: false, reason: 'self_message' };
+    const account = normalizeSignalId(opts.config.account);
+    if (account && normalizeSignalId(event.sender) === account && !event.noteToSelf)
+        return { handled: false, reason: 'self_message' };
+    if (!isAllowedSignalSource(opts.config, event)) {
+        opts.onLog?.(`Signal: ปฏิเสธ target ${redactSignalId(event.target)} (ไม่อยู่ใน allowlist)`);
+        return { handled: false, reason: 'not_allowed' };
+    }
+    if (!signalMentioned(opts.config, event))
+        return { handled: false, reason: 'not_mentioned' };
+    const running = opts.runningTargets ?? runningTargets;
+    if (running.has(event.target))
+        return { handled: false, reason: 'busy' };
+    running.add(event.target);
+    try {
+        const result = await runGatewayAgent({
+            platform: 'signal',
+            target: event.target,
+            model: opts.model,
+            prompt: signalPrompt(event),
+            userText: text,
+            budgetUsd: opts.budgetUsd,
+            permissionMode: opts.permissionMode ?? 'ask',
+        });
+        if (!result.suppressDelivery)
+            await sendSignalMessage(opts.config, event.target, result.text || '(ไม่มีผลลัพธ์)');
+        return { handled: true };
+    }
+    catch (e) {
+        opts.onLog?.(`Signal run error (${redactSignalId(event.target)}): ${redactKey(e.message)}`);
+        await sendSignalMessage(opts.config, event.target, 'เกิดข้อผิดพลาดภายใน').catch(() => { });
+        return { handled: false, reason: 'error' };
+    }
+    finally {
+        running.delete(event.target);
+    }
+}
+async function delay(ms, signal) {
+    if (signal.aborted)
+        return;
+    await new Promise((resolve) => {
+        const timer = setTimeout(resolve, ms);
+        signal.addEventListener('abort', () => {
+            clearTimeout(timer);
+            resolve();
+        }, { once: true });
+    });
+}
+async function readSignalStream(response, opts, signal) {
+    if (!response.body)
+        throw new Error('Signal stream ไม่มี response body');
+    const reader = response.body.getReader();
+    const decoder = new TextDecoder();
+    let pending = '';
+    let dataLines = [];
+    const flush = async () => {
+        if (!dataLines.length || signal.aborted)
+            return;
+        const raw = dataLines.join('\n');
+        dataLines = [];
+        const parsed = JSON.parse(raw);
+        const event = signalEnvelopeMessage(parsed, opts.config.account);
+        if (event)
+            await handleSignalEvent({ ...opts, event, runningTargets });
+    };
+    for (;;) {
+        const { done, value } = await reader.read();
+        pending += decoder.decode(value, { stream: !done });
+        const lines = pending.split(/\r?\n/);
+        pending = lines.pop() ?? '';
+        for (const line of lines) {
+            if (signal.aborted)
+                return;
+            if (!line.trim()) {
+                await flush();
+            }
+            else if (line.startsWith('data:')) {
+                dataLines.push(line.slice('data:'.length).trimStart());
+            }
+        }
+        if (done)
+            break;
+    }
+    if (pending.startsWith('data:'))
+        dataLines.push(pending.slice('data:'.length).trimStart());
+    await flush();
+}
+export function startSignal(opts) {
+    const account = normalizeSignalId(opts.config.account);
+    if (!account) {
+        opts.onLog?.('Signal ไม่เริ่ม: ต้องตั้ง SIGNAL_ACCOUNT หรือ gateway setup signal --account <+E.164>');
+        return () => { };
+    }
+    if (!opts.config.allowAllUsers && !opts.config.homeChannel && !opts.config.allowedUsers.length && !opts.config.groupAllowedUsers.length) {
+        opts.onLog?.('Signal ไม่เริ่ม: ต้องตั้ง home channel หรือ allowlist เพื่อ fail-closed');
+        return () => { };
+    }
+    const controller = new AbortController();
+    const reconnectMs = opts.reconnectMs ?? 5000;
+    const loop = async () => {
+        opts.onLog?.(`Signal: subscribe ${signalEventsUrl(opts.config.httpUrl, account)}`);
+        while (!controller.signal.aborted) {
+            try {
+                const health = await fetch(signalCheckUrl(opts.config.httpUrl), { signal: controller.signal });
+                if (!health.ok)
+                    throw new Error(`Signal health ${health.status}`);
+                const r = await fetch(signalEventsUrl(opts.config.httpUrl, account), {
+                    method: 'GET',
+                    headers: { accept: 'text/event-stream' },
+                    signal: controller.signal,
+                });
+                if (!r.ok)
+                    throw new Error(`Signal events ${r.status}`);
+                await readSignalStream(r, opts, controller.signal);
+            }
+            catch (e) {
+                if (!controller.signal.aborted)
+                    opts.onLog?.(`Signal stream error: ${redactKey(e.message)}; reconnecting`);
+            }
+            await delay(reconnectMs, controller.signal);
+        }
+    };
+    void loop();
+    return () => controller.abort();
+}

package/dist/gateway/slack.js

@@ -0,0 +1,124 @@
+import { redactKey } from '../providers/keys.js';
+import { runGatewayAgent } from './session.js';
+export async function sendSlackMessage(botToken, channelId, text, threadTs) {
+    const r = await fetch('https://slack.com/api/chat.postMessage', {
+        method: 'POST',
+        headers: {
+            authorization: `Bearer ${botToken}`,
+            'content-type': 'application/json; charset=utf-8',
+        },
+        body: JSON.stringify({
+            channel: channelId,
+            text: text.slice(0, 40_000),
+            ...(threadTs ? { thread_ts: threadTs } : {}),
+        }),
+    });
+    if (!r.ok)
+        throw new Error(`Slack chat.postMessage ${r.status}`);
+    const body = (await r.json().catch(() => ({})));
+    if (body.ok !== true)
+        throw new Error(`Slack chat.postMessage error: ${body.error ?? 'unknown'}`);
+    return { channelId: body.channel ?? channelId, messageTs: body.ts };
+}
+async function openSocketUrl(appToken) {
+    const r = await fetch('https://slack.com/api/apps.connections.open', {
+        method: 'POST',
+        headers: { authorization: `Bearer ${appToken}` },
+    });
+    if (!r.ok)
+        throw new Error(`Slack apps.connections.open ${r.status}`);
+    const body = (await r.json().catch(() => ({})));
+    if (body.ok !== true || !body.url)
+        throw new Error(`Slack apps.connections.open error: ${body.error ?? 'missing_url'}`);
+    return body.url;
+}
+function defaultWebSocketFactory(url) {
+    const WS = globalThis.WebSocket;
+    if (!WS)
+        throw new Error('WebSocket runtime ไม่พร้อมใช้งานใน Node นี้');
+    return new WS(url);
+}
+function allowed(channelId, allowedChannelIds, defaultChannelId) {
+    const allow = allowedChannelIds?.length ? allowedChannelIds : defaultChannelId ? [defaultChannelId] : [];
+    return allow.includes(channelId);
+}
+export async function startSlack(opts) {
+    const allowedChannelIds = opts.allowedChannelIds?.filter(Boolean) ?? [];
+    if (!allowedChannelIds.length && !opts.defaultChannelId) {
+        opts.onLog?.('⛔ Slack ไม่เริ่ม: ต้องตั้ง default channel หรือ allowed channels เพื่อ fail-closed');
+        return () => { };
+    }
+    const url = await openSocketUrl(opts.appToken);
+    const ws = (opts.webSocketFactory ?? defaultWebSocketFactory)(url);
+    const running = new Set();
+    let stopped = false;
+    ws.addEventListener('open', () => {
+        opts.onLog?.(`Slack: Socket Mode connected (allowlist ${allowedChannelIds.length || 1} channel)`);
+    });
+    ws.addEventListener('message', (event) => {
+        let envelope;
+        try {
+            envelope = JSON.parse(String(event.data));
+        }
+        catch {
+            return;
+        }
+        if (envelope.envelope_id)
+            ws.send(JSON.stringify({ envelope_id: envelope.envelope_id }));
+        if (envelope.type !== 'events_api')
+            return;
+        const ev = envelope.payload?.event;
+        if (!ev || (ev.type !== 'message' && ev.type !== 'app_mention'))
+            return;
+        if (ev.subtype || ev.bot_id)
+            return;
+        const channelId = ev.channel;
+        const text = ev.text?.trim();
+        if (!channelId || !text)
+            return;
+        if (!allowed(channelId, allowedChannelIds, opts.defaultChannelId)) {
+            opts.onLog?.(`Slack: ปฏิเสธ channel ${channelId} (ไม่อยู่ใน allowlist)`);
+            return;
+        }
+        const threadTs = ev.thread_ts ?? ev.ts;
+        const sessionTarget = `${channelId}:${ev.user ?? 'unknown'}`;
+        const userText = text.replace(/<@[A-Z0-9]+>/g, '').trim() || text;
+        if (running.has(sessionTarget)) {
+            void sendSlackMessage(opts.botToken, channelId, 'กำลังทำงานก่อนหน้าอยู่ รอสักครู่', threadTs).catch(() => { });
+            return;
+        }
+        running.add(sessionTarget);
+        void (async () => {
+            try {
+                await sendSlackMessage(opts.botToken, channelId, 'กำลังคิด...', threadTs);
+                const out = await runGatewayAgent({
+                    platform: 'slack',
+                    target: sessionTarget,
+                    model: opts.model,
+                    prompt: userText,
+                    userText,
+                    budgetUsd: opts.budgetUsd,
+                    permissionMode: opts.allowWrite === true ? 'auto' : 'ask',
+                });
+                if (!out.suppressDelivery && out.text.trim())
+                    await sendSlackMessage(opts.botToken, channelId, out.text, threadTs);
+            }
+            catch (e) {
+                opts.onLog?.(`Slack run error (${channelId}): ${redactKey(e.message)}`);
+                await sendSlackMessage(opts.botToken, channelId, 'เกิดข้อผิดพลาดภายใน', threadTs).catch(() => { });
+            }
+            finally {
+                running.delete(sessionTarget);
+            }
+        })();
+    });
+    ws.addEventListener('close', () => {
+        if (!stopped)
+            opts.onLog?.('Slack: Socket Mode closed');
+    });
+    ws.addEventListener('error', () => opts.onLog?.('Slack: Socket Mode error'));
+    return () => {
+        stopped = true;
+        ws.close();
+    };
+}

package/dist/gateway/sms.js

@@ -0,0 +1,169 @@
+import { createHmac, timingSafeEqual } from 'node:crypto';
+import { redactKey } from '../providers/keys.js';
+import { runGatewayAgent } from './session.js';
+const SMS_TEXT_LIMIT = 1600;
+const TWILIO_API_BASE = 'https://api.twilio.com/2010-04-01';
+const runningTargets = new Set();
+export function normalizeSmsPhone(raw) {
+    const trimmed = raw?.trim();
+    if (!trimmed)
+        return undefined;
+    return trimmed.replace(/[\s().-]+/g, '');
+}
+export function smsPlainText(raw) {
+    return raw
+        .replace(/\r\n/g, '\n')
+        .replace(/```[a-zA-Z0-9_-]*\n?/g, '')
+        .replace(/```/g, '')
+        .replace(/\[([^\]]+)]\(([^)]+)\)/g, '$1 ($2)')
+        .replace(/^#{1,6}\s+/gm, '')
+        .replace(/[*_`~]/g, '')
+        .trim();
+}
+export function splitSmsText(raw, limit = SMS_TEXT_LIMIT) {
+    let remaining = smsPlainText(raw) || '(ไม่มีผลลัพธ์)';
+    const chunks = [];
+    while (remaining.length > limit) {
+        const window = remaining.slice(0, limit + 1);
+        let cut = window.lastIndexOf('\n');
+        if (cut < Math.floor(limit * 0.4))
+            cut = window.lastIndexOf(' ');
+        if (cut < Math.floor(limit * 0.4))
+            cut = limit;
+        chunks.push(remaining.slice(0, cut).trim());
+        remaining = remaining.slice(cut).trimStart();
+    }
+    if (remaining)
+        chunks.push(remaining);
+    return chunks.length ? chunks : ['(ไม่มีผลลัพธ์)'];
+}
+export async function sendSmsMessage(config, to, text) {
+    const accountSid = config.accountSid?.trim();
+    const authToken = config.authToken?.trim();
+    const from = normalizeSmsPhone(config.phoneNumber);
+    const recipient = normalizeSmsPhone(to);
+    if (!accountSid || !authToken || !from)
+        throw new Error('Twilio SMS config ต้องมี accountSid, authToken และ phoneNumber');
+    if (!recipient)
+        throw new Error('SMS recipient ว่าง');
+    const url = `${TWILIO_API_BASE}/Accounts/${encodeURIComponent(accountSid)}/Messages.json`;
+    const auth = Buffer.from(`${accountSid}:${authToken}`, 'utf8').toString('base64');
+    const chunks = splitSmsText(text);
+    const messageIds = [];
+    for (const bodyText of chunks) {
+        const body = new URLSearchParams({ From: from, To: recipient, Body: bodyText });
+        const r = await fetch(url, {
+            method: 'POST',
+            headers: {
+                authorization: `Basic ${auth}`,
+                'content-type': 'application/x-www-form-urlencoded',
+            },
+            body,
+        });
+        if (!r.ok) {
+            const detail = await r.text().catch(() => '');
+            throw new Error(`Twilio SMS ${r.status}${detail ? `: ${redactKey(detail).slice(0, 200)}` : ''}`);
+        }
+        const parsed = (await r.json().catch(() => ({})));
+        if (parsed.sid)
+            messageIds.push(parsed.sid);
+    }
+    return { to: recipient, messageCount: messageIds.length || chunks.length, messageIds };
+}
+export function parseTwilioForm(rawBody) {
+    return new URLSearchParams(rawBody);
+}
+export function verifyTwilioSignature(authToken, webhookUrl, params, signature) {
+    if (!authToken || !webhookUrl || !signature)
+        return false;
+    const grouped = new Map();
+    for (const [key, value] of params) {
+        const list = grouped.get(key) ?? [];
+        list.push(value);
+        grouped.set(key, list);
+    }
+    let payload = webhookUrl;
+    for (const key of [...grouped.keys()].sort()) {
+        for (const value of (grouped.get(key) ?? []).sort())
+            payload += `${key}${value}`;
+    }
+    const expected = createHmac('sha1', authToken).update(payload).digest('base64');
+    const a = Buffer.from(signature.trim());
+    const b = Buffer.from(expected);
+    return a.length === b.length && timingSafeEqual(a, b);
+}
+export function isAllowedSmsSender(config, from) {
+    if (config.allowAllUsers)
+        return true;
+    const sender = normalizeSmsPhone(from);
+    if (!sender)
+        return false;
+    if (sender === normalizeSmsPhone(config.homeChannel))
+        return true;
+    return config.allowedUsers.map(normalizeSmsPhone).includes(sender);
+}
+function escapeXml(text) {
+    return text.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&apos;');
+}
+export function smsTwiml(messages = []) {
+    const body = messages
+        .flatMap((message) => splitSmsText(message))
+        .map((message) => `<Message>${escapeXml(message)}</Message>`)
+        .join('');
+    return `<?xml version="1.0" encoding="UTF-8"?><Response>${body}</Response>`;
+}
+function smsPrompt(params, from, to) {
+    return [`SMS from ${from} to ${to}:`, params.get('Body')?.trim() || '(empty)'].join('\n');
+}
+function xml(status, messages = []) {
+    return { status, body: smsTwiml(messages), contentType: 'application/xml; charset=utf-8' };
+}
+export async function handleSmsWebhook(opts) {
+    const cfg = opts.config;
+    if (!cfg.accountSid || !cfg.authToken || !cfg.phoneNumber)
+        return xml(503);
+    if (!cfg.insecureNoSignature && !cfg.webhookUrl)
+        return xml(503);
+    const params = parseTwilioForm(opts.rawBody);
+    if (!cfg.insecureNoSignature && !verifyTwilioSignature(cfg.authToken, cfg.webhookUrl, params, opts.signature)) {
+        return xml(401);
+    }
+    const from = normalizeSmsPhone(params.get('From') ?? undefined);
+    const to = normalizeSmsPhone(params.get('To') ?? undefined);
+    const body = params.get('Body')?.trim();
+    const messageSid = params.get('MessageSid')?.trim();
+    if (!from || !to || !body)
+        return xml(200);
+    if (from === normalizeSmsPhone(cfg.phoneNumber)) {
+        opts.onLog?.(`SMS: ข้ามข้อความจากเบอร์ Twilio เอง ${from}`);
+        return xml(200);
+    }
+    if (!isAllowedSmsSender(cfg, from)) {
+        opts.onLog?.(`SMS: ปฏิเสธ sender ${from} (ไม่อยู่ใน allowlist)`);
+        return xml(200, ['ไม่ได้รับอนุญาตให้ใช้ bot นี้']);
+    }
+    if (runningTargets.has(from))
+        return xml(200, ['กำลังทำงานก่อนหน้าอยู่ รอสักครู่']);
+    runningTargets.add(from);
+    try {
+        const result = await runGatewayAgent({
+            platform: 'sms',
+            target: from,
+            model: opts.model,
+            prompt: smsPrompt(params, from, to),
+            userText: body,
+            budgetUsd: opts.budgetUsd,
+            permissionMode: opts.permissionMode ?? 'ask',
+        });
+        if (result.suppressDelivery)
+            return xml(200);
+        return xml(200, [result.text || '(ไม่มีผลลัพธ์)']);
+    }
+    catch (e) {
+        opts.onLog?.(`SMS run error (${messageSid || from}): ${redactKey(e.message)}`);
+        return xml(200, ['เกิดข้อผิดพลาดภายใน']);
+    }
+    finally {
+        runningTargets.delete(from);
+    }
+}