teleton 0.1.0

package/README.md

@@ -0,0 +1,395 @@
+# Teleton Agent
+
+**Autonomous AI Agent for Telegram with TON Blockchain Integration**
+
+![Now in Public Beta](https://img.shields.io/badge/Now_in_Public_Beta-0088cc?style=for-the-badge&logoColor=white)
+
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Node.js](https://img.shields.io/badge/node-%3E%3D20.0.0-brightgreen)](https://nodejs.org/)
+[![TypeScript](https://img.shields.io/badge/TypeScript-5.7-blue)](https://www.typescriptlang.org/)
+
+---
+
+## Overview
+
+Teleton is a production-grade autonomous AI agent that operates as a real Telegram user account (not a bot), powered by multi-provider LLM support. It provides full access to the Telegram API with deep TON blockchain integration for cryptocurrency trading, NFT marketplace operations, and decentralized finance.
+
+### Key Highlights
+
+- **True Autonomy** - Operates as a Telegram userbot with access to full API (not limited like bots)
+- **Multi-Provider LLM** - Anthropic, OpenAI, Google Gemini, xAI Grok, Groq, OpenRouter
+- **TON Native** - Built-in W5R1 wallet, jetton swaps, DNS, and DeFi integrations
+- **Deals System** - Secure gift/TON trading with strategy enforcement and inline bot confirmations
+- **Advanced Memory** - RAG system with hybrid FTS5 + vector search, auto-compaction, daily logs
+- **121 Tools** - Telegram operations, blockchain transactions, market analysis, deals, and more
+- **Production Ready** - SQLite storage, sandboxed workspace, multi-layer security
+
+---
+
+## Features
+
+### Tool Categories
+
+| Category | Tools | Description |
+|----------|-------|-------------|
+| Telegram | 59 | Full API: messaging, media, groups, polls, stickers, gifts, stories, contacts |
+| TON Blockchain | 17 | W5R1 wallet, send/receive TON, transaction history, price tracking |
+| Jettons (Tokens) | 11 | Balances, swaps, prices, holders, trending tokens, liquidity pools |
+| DeFi | 5 | STON.fi and DeDust DEX integration, smart routing for best swap rates |
+| Deals | 5 | Secure gift/TON trading with inline bot, strategy enforcement, verification |
+| TON DNS | 7 | Domain availability, auctions, bidding, resolution |
+| Gift Marketplace | 4 | Floor prices, search, price history for Telegram collectible gifts |
+| Business Journal | 3 | Track trades/gifts/operations with reasoning and P&L analysis |
+| Memory | 2 | Persistent memory management, RAG-powered context retrieval |
+| Workspace | 6 | Sandboxed file operations with security validation |
+
+### Advanced Capabilities
+
+| Capability | Description |
+|-----------|-------------|
+| **Multi-Provider LLM** | Switch between Anthropic, OpenAI, Google, xAI, Groq, OpenRouter with one config change |
+| **RAG Search** | Hybrid keyword (FTS5) + semantic (vector) search for context-aware responses |
+| **Auto-Compaction** | AI-summarized context management prevents overflow, preserves key information |
+| **Observation Masking** | Compresses old tool results to save ~90% context window |
+| **Casino System** | Provably fair slot machine and dice games with TON payments, jackpot, and leaderboard |
+| **Deals System** | Secure gift/TON trading with code-enforced strategy rules and inline bot confirmations |
+| **Vision Analysis** | Image understanding via multimodal LLM |
+| **Voice Synthesis** | Text-to-speech for voice messages |
+| **Scheduled Tasks** | Time-based task execution with dependency resolution |
+| **Message Debouncing** | Intelligent batching of rapid group messages |
+| **Daily Logs** | Automatic session summaries preserved across resets |
+| **Multi-Policy Access** | Configurable DM/group policies (open, allowlist, pairing, disabled) |
+| **Sandboxed Workspace** | Secure file system with path traversal protection and immutable config files |
+
+---
+
+## Prerequisites
+
+- **Node.js 20.0.0+** - [Download](https://nodejs.org/)
+- **LLM API Key** - One of: [Anthropic](https://console.anthropic.com/) (recommended), [OpenAI](https://platform.openai.com/), [Google](https://aistudio.google.com/), [xAI](https://console.x.ai/), [Groq](https://console.groq.com/), [OpenRouter](https://openrouter.ai/)
+- **Telegram Account** - Dedicated account recommended for security
+- **Telegram API Credentials** - From [my.telegram.org/apps](https://my.telegram.org/apps)
+- **Your Telegram User ID** - Message [@userinfobot](https://t.me/userinfobot)
+- **Bot Token** *(optional, for deals)* - From [@BotFather](https://t.me/BotFather)
+
+> **Security Warning**: The agent will have full control over the Telegram account. Use a dedicated account, not your main one.
+
+---
+
+## Quick Start
+
+### 1. Installation
+
+**One-liner (recommended):**
+```bash
+curl -fsSL https://raw.githubusercontent.com/TONresistor/teleton-agent-dev/main/install.sh | bash
+```
+
+**npm:**
+```bash
+npm install -g teleton
+```
+
+**Docker:**
+```bash
+docker run -it -v ~/.teleton:/data ghcr.io/tonresistor/teleton-agent-dev:latest setup
+```
+
+**From source (development):**
+```bash
+git clone https://github.com/TONresistor/teleton-agent-dev.git
+cd teleton-agent-dev
+npm install && npm run build
+```
+
+### 2. Setup
+
+```bash
+teleton setup
+```
+
+The wizard will configure:
+- LLM provider selection (Anthropic, OpenAI, Google, xAI, Groq, OpenRouter)
+- Telegram authentication (API credentials, phone, login code)
+- Access policies (DM/group response rules)
+- Admin user ID
+- TON wallet generation (W5R1 with 24-word mnemonic)
+- Workspace initialization (SOUL.md, STRATEGY.md, SECURITY.md, MEMORY.md)
+
+Configuration files created:
+- `~/.teleton/config.yaml` - Main configuration
+- `~/.teleton/wallet.json` - TON wallet (backup mnemonic securely)
+- `~/.teleton/memory.db` - SQLite database
+- `~/.teleton/workspace/` - Sandboxed file storage
+
+### 3. Start
+
+```bash
+teleton start
+```
+
+### 4. Verify
+
+Send a message to your agent on Telegram:
+
+```
+You: /ping
+Agent: Pong! I'm alive.
+
+You: /status
+Agent: [Displays uptime, model, tool count, wallet balance]
+```
+
+---
+
+## Configuration
+
+Edit `~/.teleton/config.yaml`:
+
+```yaml
+agent:
+  provider: "anthropic"              # anthropic | openai | google | xai | groq | openrouter
+  api_key: "sk-ant-api03-..."
+  model: "claude-opus-4-5-20251101"
+  utility_model: "claude-3-5-haiku-20241022"  # optional, for summarization
+  max_agentic_iterations: 5
+
+telegram:
+  dm_policy: "open"         # open | allowlist | pairing | disabled
+  group_policy: "open"      # open | allowlist | disabled
+  require_mention: true
+  admin_ids: [123456789]
+  owner_name: "Your Name"
+  owner_username: "your_username"
+
+  # Optional: inline bot for deals system
+  bot_token: "123456:ABC-DEF..."
+  bot_username: "your_deals_bot"
+
+  session_reset_policy:
+    daily_reset_enabled: true
+    daily_reset_hour: 4
+```
+
+### Environment Variables
+
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `TELETON_HOME` | Data directory (config, DB, session) | `~/.teleton` |
+| `TELETON_API_KEY` | LLM API key (overrides config) | - |
+| `TELETON_TG_API_ID` | Telegram API ID (overrides config) | - |
+| `TELETON_TG_API_HASH` | Telegram API Hash (overrides config) | - |
+| `TELETON_TG_PHONE` | Phone number (overrides config) | - |
+
+### Workspace Files
+
+The agent's personality and rules are configured via markdown files in `~/.teleton/workspace/`:
+
+| File | Purpose | Mutable by Agent |
+|------|---------|-----------------|
+| `SOUL.md` | Personality, behavior guidelines | No |
+| `STRATEGY.md` | Trading rules, pricing thresholds | No |
+| `SECURITY.md` | Security principles, threat recognition | No |
+| `MEMORY.md` | Persistent memory (facts, contacts, decisions) | Yes |
+
+### Admin Commands
+
+| Command | Description |
+|---------|-------------|
+| `/task <description>` | Assign a task to the agent |
+| `/status` | View agent status |
+| `/clear [chat_id]` | Clear conversation history |
+| `/ping` | Check responsiveness |
+| `/help` | Show all commands |
+
+---
+
+## Architecture
+
+### Tech Stack
+
+| Layer | Technology |
+|-------|------------|
+| LLM | Multi-provider via [pi-ai](https://github.com/mariozechner/pi-ai) (Anthropic, OpenAI, Google, xAI, Groq, OpenRouter) |
+| Telegram Userbot | [GramJS](https://gram.js.org/) (MTProto) |
+| Inline Bot | [Grammy](https://grammy.dev/) (Bot API, for deal confirmations) |
+| Blockchain | [TON SDK](https://github.com/ton-org/ton) (W5R1 wallet) |
+| DeFi | STON.fi SDK, DeDust SDK |
+| Database | [better-sqlite3](https://github.com/WiseLibs/better-sqlite3) with WAL mode |
+| Vector Search | [sqlite-vec](https://github.com/asg017/sqlite-vec) (optional) |
+| Token Counting | [js-tiktoken](https://github.com/dqbd/tiktoken) |
+| Language | TypeScript 5.7, Node.js 20+ |
+
+### Project Structure
+
+```
+tonnet-ai/
+├── src/
+│   ├── index.ts               # Main app, tool registry
+│   ├── agent/                  # Core agent runtime
+│   │   ├── runtime.ts          # Agentic loop orchestration
+│   │   ├── client.ts           # Multi-provider LLM client
+│   │   └── tools/              # 121 tool implementations
+│   │       ├── telegram/       # Telegram tools (59)
+│   │       ├── ton/            # TON blockchain (17)
+│   │       ├── jetton/         # Token operations (11)
+│   │       ├── deals/          # Deal management (5)
+│   │       ├── dns/            # TON DNS (7)
+│   │       ├── dedust/         # DeDust DEX (3)
+│   │       ├── dex/            # Smart router (2)
+│   │       ├── journal/        # Business journal (3)
+│   │       └── workspace/      # File operations (6)
+│   ├── telegram/               # Telegram integration
+│   │   ├── bridge.ts           # GramJS wrapper
+│   │   ├── handlers.ts         # Message processing
+│   │   ├── admin.ts            # Admin commands
+│   │   └── callbacks/          # Inline button routing
+│   ├── bot/                    # Grammy inline bot (deals)
+│   │   ├── index.ts            # DealBot class
+│   │   └── services/           # Message builder, verification poller
+│   ├── deals/                  # Deal engine
+│   │   ├── strategy-checker.ts # STRATEGY.md enforcement
+│   │   ├── executor.ts         # TON/gift transfers
+│   │   └── gift-detector.ts    # Gift receipt verification
+│   ├── memory/                 # Storage and knowledge
+│   │   ├── schema.ts           # Database schema + migrations
+│   │   ├── search/             # RAG system (FTS5 + vector)
+│   │   └── compaction.ts       # Context auto-compaction
+│   ├── ton/                    # TON blockchain
+│   │   ├── wallet-service.ts   # W5R1 wallet
+│   │   └── transfer.ts         # TON send operations
+│   ├── soul/                   # System prompt assembly
+│   │   └── loader.ts           # SOUL + STRATEGY + SECURITY + MEMORY
+│   ├── workspace/              # Sandboxed file system
+│   │   ├── validator.ts        # Path traversal protection
+│   │   └── paths.ts            # Workspace constants
+│   ├── config/                 # Configuration
+│   │   ├── schema.ts           # Zod validation
+│   │   └── providers.ts        # LLM provider registry
+│   └── cli/                    # CLI commands
+│       └── commands/           # setup, doctor
+└── README.md
+```
+
+---
+
+## Security
+
+### Multi-Layer Defense
+
+| Layer | Protection |
+|-------|-----------|
+| **SECURITY.md** | Identity-based security principles injected into every system prompt |
+| **Strategy enforcement** | Trading rules (buy/sell thresholds) enforced in code, not prompts |
+| **Immutable config** | SOUL.md, STRATEGY.md, SECURITY.md cannot be modified by the agent |
+| **Memory protection** | Memory writes blocked in group chats to prevent poisoning |
+| **Workspace sandbox** | Agent can only access `~/.teleton/workspace/`, path traversal blocked |
+| **Deal verification** | Gift transfers require a verified deal with blockchain-confirmed payment |
+| **Replay protection** | Used transactions table prevents double-spending |
+
+### Reporting Vulnerabilities
+
+Do not open public issues for security vulnerabilities. Contact maintainers (t.me/zkproof) directly or use GitHub's private security advisory feature.
+
+### Best Practices
+
+1. Use a dedicated Telegram account
+2. Backup your 24-word mnemonic securely offline
+3. Start with restrictive policies (`allowlist`)
+4. Set file permissions: `chmod 600 ~/.teleton/wallet.json`
+5. Never commit `config.yaml` to version control
+6. Configure `STRATEGY.md` with conservative trading thresholds
+7. Review `SECURITY.md` and customize for your use case
+
+---
+
+## Development
+
+### Setup
+
+```bash
+git clone https://github.com/TONresistor/teleton-agent-dev.git
+cd teleton-agent-dev
+npm install
+npm run setup
+npm run dev  # Watch mode with auto-restart
+```
+
+### Commands
+
+```bash
+npm run build       # Compile TypeScript to dist/
+npm run start       # Start agent (compiled)
+npm run dev         # Development mode (watch, tsx)
+npm run setup       # Run setup wizard
+npm run doctor      # Health checks
+npm run typecheck   # Type checking
+npm run lint        # ESLint
+npm run format      # Prettier
+```
+
+### Adding Custom Tools
+
+```typescript
+// src/agent/tools/custom/my-tool.ts
+import { Type } from "@sinclair/typebox";
+import type { Tool, ToolExecutor, ToolResult } from "../types.js";
+
+export const myTool: Tool = {
+  name: "my_custom_tool",
+  description: "Does something useful",
+  parameters: Type.Object({
+    input: Type.String({ description: "Input parameter" }),
+  }),
+};
+
+export const myToolExecutor: ToolExecutor<{ input: string }> = async (
+  params,
+  context
+): Promise<ToolResult> => {
+  return { success: true, data: { result: "..." } };
+};
+
+// Register in src/index.ts:
+// this.toolRegistry.register(myTool, myToolExecutor);
+```
+
+---
+
+## Contributing
+
+Contributions are welcome.
+
+1. Fork the repository
+2. Create a feature branch
+3. Make your changes
+4. Test thoroughly (`npm run dev`)
+5. Commit with clear messages
+6. Open a Pull Request
+
+---
+
+## License
+
+MIT License - See [LICENSE](LICENSE) for details.
+
+---
+
+## Credits
+
+### Built With
+
+- [pi-ai](https://github.com/mariozechner/pi-ai) - Multi-provider LLM SDK
+- [GramJS](https://gram.js.org/) - Telegram MTProto library
+- [Grammy](https://grammy.dev/) - Telegram Bot API framework
+- [TON SDK](https://github.com/ton-org/ton) - TON blockchain client
+- [STON.fi SDK](https://www.npmjs.com/package/@ston-fi/sdk) - DEX integration
+- [DeDust SDK](https://www.npmjs.com/package/@dedust/sdk) - DEX integration
+
+---
+
+## Support
+
+- **Issues**: [GitHub Issues](https://github.com/TONresistor/teleton-agent-dev/issues)
+- **Channel**: [@ResistanceTools](https://t.me/ResistanceTools)
+- **Contact**: [@zkproof](https://t.me/zkproof)

package/bin/teleton.js

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+await import("../dist/cli/index.js");

package/dist/chunk-7NJ46ZIX.js

@@ -0,0 +1,74 @@
+// src/workspace/paths.ts
+import { join } from "path";
+import { homedir } from "os";
+var TELETON_ROOT = process.env.TELETON_HOME || join(homedir(), ".teleton");
+var WORKSPACE_ROOT = join(TELETON_ROOT, "workspace");
+var WORKSPACE_PATHS = {
+  // Root files
+  SOUL: join(WORKSPACE_ROOT, "SOUL.md"),
+  MEMORY: join(WORKSPACE_ROOT, "MEMORY.md"),
+  BOOTSTRAP: join(WORKSPACE_ROOT, "BOOTSTRAP.md"),
+  IDENTITY: join(WORKSPACE_ROOT, "IDENTITY.md"),
+  USER: join(WORKSPACE_ROOT, "USER.md"),
+  STRATEGY: join(WORKSPACE_ROOT, "STRATEGY.md"),
+  SECURITY: join(WORKSPACE_ROOT, "SECURITY.md"),
+  // Directories
+  MEMORY_DIR: join(WORKSPACE_ROOT, "memory"),
+  DOWNLOADS_DIR: join(WORKSPACE_ROOT, "downloads"),
+  UPLOADS_DIR: join(WORKSPACE_ROOT, "uploads"),
+  TEMP_DIR: join(WORKSPACE_ROOT, "temp"),
+  MEMES_DIR: join(WORKSPACE_ROOT, "memes")
+};
+var ALLOWED_EXTENSIONS = {
+  // Images
+  images: [".jpg", ".jpeg", ".png", ".webp", ".gif", ".bmp"],
+  // Audio
+  audio: [".mp3", ".ogg", ".wav", ".m4a", ".opus"],
+  // Video
+  video: [".mp4", ".mov", ".avi", ".webm", ".mkv"],
+  // Documents
+  documents: [".md", ".txt", ".json", ".csv", ".pdf", ".yaml", ".yml"],
+  // Code (for workspace files)
+  code: [".ts", ".js", ".py", ".sh", ".sql"],
+  // Stickers
+  stickers: [".webp", ".tgs"],
+  // All media
+  media: [
+    ".jpg",
+    ".jpeg",
+    ".png",
+    ".webp",
+    ".gif",
+    ".bmp",
+    ".mp3",
+    ".ogg",
+    ".wav",
+    ".m4a",
+    ".opus",
+    ".mp4",
+    ".mov",
+    ".avi",
+    ".webm",
+    ".mkv"
+  ]
+};
+var MAX_FILE_SIZES = {
+  image: 10 * 1024 * 1024,
+  // 10 MB
+  audio: 50 * 1024 * 1024,
+  // 50 MB
+  video: 100 * 1024 * 1024,
+  // 100 MB
+  document: 50 * 1024 * 1024,
+  // 50 MB
+  total_workspace: 500 * 1024 * 1024
+  // 500 MB total
+};
+
+export {
+  TELETON_ROOT,
+  WORKSPACE_ROOT,
+  WORKSPACE_PATHS,
+  ALLOWED_EXTENSIONS,
+  MAX_FILE_SIZES
+};