npm - verybot - Versions diffs - 0.1.3 - Mend

verybot 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of verybot might be problematic. Click here for more details.

Files changed (244) hide show

package/dist/brain/agent-registry.d.ts +75 -0
package/dist/brain/agent-registry.js +124 -0
package/dist/brain/agent.d.ts +146 -0
package/dist/brain/agent.js +680 -0
package/dist/brain/channel-store.d.ts +27 -0
package/dist/brain/channel-store.js +78 -0
package/dist/brain/compaction.d.ts +37 -0
package/dist/brain/compaction.js +214 -0
package/dist/brain/context.d.ts +33 -0
package/dist/brain/context.js +77 -0
package/dist/brain/delegation-store.d.ts +33 -0
package/dist/brain/delegation-store.js +106 -0
package/dist/brain/loop.d.ts +21 -0
package/dist/brain/loop.js +161 -0
package/dist/brain/mcp-adapter.d.ts +39 -0
package/dist/brain/mcp-adapter.js +227 -0
package/dist/brain/memory-extractor.d.ts +26 -0
package/dist/brain/memory-extractor.js +82 -0
package/dist/brain/providers.d.ts +10 -0
package/dist/brain/providers.js +69 -0
package/dist/brain/queue.d.ts +18 -0
package/dist/brain/queue.js +84 -0
package/dist/brain/run-tools.d.ts +47 -0
package/dist/brain/run-tools.js +84 -0
package/dist/brain/session-key.d.ts +23 -0
package/dist/brain/session-key.js +41 -0
package/dist/brain/session-state.d.ts +36 -0
package/dist/brain/session-state.js +51 -0
package/dist/brain/session-store.d.ts +50 -0
package/dist/brain/session-store.js +207 -0
package/dist/brain/session.d.ts +32 -0
package/dist/brain/session.js +75 -0
package/dist/brain/utils.d.ts +4 -0
package/dist/brain/utils.js +26 -0
package/dist/brain/worker-coordinator.d.ts +25 -0
package/dist/brain/worker-coordinator.js +83 -0
package/dist/channels/commands.d.ts +35 -0
package/dist/channels/commands.js +65 -0
package/dist/channels/discord/channel.d.ts +18 -0
package/dist/channels/discord/channel.js +154 -0
package/dist/channels/discord/markdown.d.ts +19 -0
package/dist/channels/discord/markdown.js +62 -0
package/dist/channels/manager.d.ts +29 -0
package/dist/channels/manager.js +100 -0
package/dist/channels/slack/channel.d.ts +26 -0
package/dist/channels/slack/channel.js +207 -0
package/dist/channels/slack/markdown.d.ts +19 -0
package/dist/channels/slack/markdown.js +62 -0
package/dist/channels/specs.d.ts +21 -0
package/dist/channels/specs.js +96 -0
package/dist/channels/telegram/channel.d.ts +18 -0
package/dist/channels/telegram/channel.js +156 -0
package/dist/channels/telegram/markdown.d.ts +17 -0
package/dist/channels/telegram/markdown.js +66 -0
package/dist/channels/types.d.ts +26 -0
package/dist/channels/types.js +1 -0
package/dist/channels/whatsapp/channel.d.ts +23 -0
package/dist/channels/whatsapp/channel.js +242 -0
package/dist/channels/whatsapp/markdown.d.ts +20 -0
package/dist/channels/whatsapp/markdown.js +51 -0
package/dist/cli/config.d.ts +5 -0
package/dist/cli/config.js +78 -0
package/dist/cli/index.d.ts +5 -0
package/dist/cli/index.js +13 -0
package/dist/computer/browser/actions.d.ts +31 -0
package/dist/computer/browser/actions.js +148 -0
package/dist/computer/browser/manager.d.ts +55 -0
package/dist/computer/browser/manager.js +496 -0
package/dist/computer/browser/profile-badge.d.ts +13 -0
package/dist/computer/browser/profile-badge.js +67 -0
package/dist/computer/browser/screenshot.d.ts +5 -0
package/dist/computer/browser/screenshot.js +21 -0
package/dist/computer/browser/snapshot.d.ts +30 -0
package/dist/computer/browser/snapshot.js +242 -0
package/dist/computer/browser/tools.d.ts +5 -0
package/dist/computer/browser/tools.js +167 -0
package/dist/computer/desktop/adapter.d.ts +25 -0
package/dist/computer/desktop/adapter.js +11 -0
package/dist/computer/desktop/macos.d.ts +24 -0
package/dist/computer/desktop/macos.js +223 -0
package/dist/computer/desktop/tools.d.ts +25 -0
package/dist/computer/desktop/tools.js +114 -0
package/dist/config/agent-config.d.ts +41 -0
package/dist/config/agent-config.js +14 -0
package/dist/config/model-catalog.d.ts +22 -0
package/dist/config/model-catalog.js +99 -0
package/dist/config/store.d.ts +25 -0
package/dist/config/store.js +143 -0
package/dist/config.d.ts +103 -0
package/dist/config.js +224 -0
package/dist/control-ui/assets/index-BANXNUyt.js +143 -0
package/dist/control-ui/assets/index-BSUFrP9R.css +1 -0
package/dist/control-ui/assets/noto-sans-cyrillic-ext-wght-normal-DSNfmdVt.woff2 +0 -0
package/dist/control-ui/assets/noto-sans-cyrillic-wght-normal-B2hlT84T.woff2 +0 -0
package/dist/control-ui/assets/noto-sans-devanagari-wght-normal-Cv-Vwajv.woff2 +0 -0
package/dist/control-ui/assets/noto-sans-greek-ext-wght-normal-12T8GTDR.woff2 +0 -0
package/dist/control-ui/assets/noto-sans-greek-wght-normal-Ymb6dZNd.woff2 +0 -0
package/dist/control-ui/assets/noto-sans-latin-ext-wght-normal-W1qJv59z.woff2 +0 -0
package/dist/control-ui/assets/noto-sans-latin-wght-normal-BYSzYMf3.woff2 +0 -0
package/dist/control-ui/assets/noto-sans-vietnamese-wght-normal-DLTJy58D.woff2 +0 -0
package/dist/control-ui/index.html +14 -0
package/dist/control-ui/vite.svg +1 -0
package/dist/events.d.ts +2 -0
package/dist/events.js +11 -0
package/dist/gateway/broadcast.d.ts +5 -0
package/dist/gateway/broadcast.js +33 -0
package/dist/gateway/methods/chat.d.ts +24 -0
package/dist/gateway/methods/chat.js +19 -0
package/dist/gateway/methods/config.d.ts +13 -0
package/dist/gateway/methods/config.js +14 -0
package/dist/gateway/methods/models.d.ts +10 -0
package/dist/gateway/methods/models.js +14 -0
package/dist/gateway/methods/prompt-templates.d.ts +23 -0
package/dist/gateway/methods/prompt-templates.js +82 -0
package/dist/gateway/methods/scheduler.d.ts +62 -0
package/dist/gateway/methods/scheduler.js +129 -0
package/dist/gateway/methods/sessions.d.ts +26 -0
package/dist/gateway/methods/sessions.js +54 -0
package/dist/gateway/methods/skills.d.ts +35 -0
package/dist/gateway/methods/skills.js +202 -0
package/dist/gateway/methods/system.d.ts +12 -0
package/dist/gateway/methods/system.js +39 -0
package/dist/gateway/methods/tasks.d.ts +21 -0
package/dist/gateway/methods/tasks.js +46 -0
package/dist/gateway/methods/teams.d.ts +70 -0
package/dist/gateway/methods/teams.js +374 -0
package/dist/gateway/methods/tools.d.ts +6 -0
package/dist/gateway/methods/tools.js +7 -0
package/dist/gateway/methods/whatsapp.d.ts +19 -0
package/dist/gateway/methods/whatsapp.js +35 -0
package/dist/gateway/rpc.d.ts +38 -0
package/dist/gateway/rpc.js +75 -0
package/dist/gateway/server.d.ts +4 -0
package/dist/gateway/server.js +133 -0
package/dist/index.d.ts +1 -0
package/dist/index.js +212 -0
package/dist/integrations/github.d.ts +7 -0
package/dist/integrations/github.js +133 -0
package/dist/integrations/mcp.d.ts +7 -0
package/dist/integrations/mcp.js +106 -0
package/dist/integrations/registry.d.ts +43 -0
package/dist/integrations/registry.js +258 -0
package/dist/integrations/scanner.d.ts +10 -0
package/dist/integrations/scanner.js +122 -0
package/dist/integrations/twitter.d.ts +10 -0
package/dist/integrations/twitter.js +120 -0
package/dist/integrations/types.d.ts +72 -0
package/dist/integrations/types.js +1 -0
package/dist/logger.d.ts +16 -0
package/dist/logger.js +104 -0
package/dist/markdown/chunk.d.ts +9 -0
package/dist/markdown/chunk.js +52 -0
package/dist/markdown/ir.d.ts +37 -0
package/dist/markdown/ir.js +529 -0
package/dist/markdown/render.d.ts +22 -0
package/dist/markdown/render.js +148 -0
package/dist/markdown/table-render.d.ts +43 -0
package/dist/markdown/table-render.js +219 -0
package/dist/markdown/tables.d.ts +17 -0
package/dist/markdown/tables.js +27 -0
package/dist/memory/embedding.d.ts +16 -0
package/dist/memory/embedding.js +66 -0
package/dist/memory/extractor.d.ts +6 -0
package/dist/memory/extractor.js +72 -0
package/dist/memory/search.d.ts +15 -0
package/dist/memory/search.js +57 -0
package/dist/memory/store.d.ts +34 -0
package/dist/memory/store.js +328 -0
package/dist/memory/types.d.ts +9 -0
package/dist/memory/types.js +2 -0
package/dist/paths.d.ts +20 -0
package/dist/paths.js +29 -0
package/dist/prompt-templates/builtins.d.ts +2 -0
package/dist/prompt-templates/builtins.js +72 -0
package/dist/prompt-templates/store.d.ts +39 -0
package/dist/prompt-templates/store.js +174 -0
package/dist/prompt-templates/types.d.ts +10 -0
package/dist/prompt-templates/types.js +1 -0
package/dist/scheduler/connected-channels.d.ts +24 -0
package/dist/scheduler/connected-channels.js +57 -0
package/dist/scheduler/scheduler.d.ts +22 -0
package/dist/scheduler/scheduler.js +132 -0
package/dist/scheduler/store.d.ts +27 -0
package/dist/scheduler/store.js +205 -0
package/dist/scheduler/types.d.ts +29 -0
package/dist/scheduler/types.js +1 -0
package/dist/security/command-validator.d.ts +22 -0
package/dist/security/command-validator.js +160 -0
package/dist/security/docker-sandbox.d.ts +48 -0
package/dist/security/docker-sandbox.js +218 -0
package/dist/security/env-filter.d.ts +8 -0
package/dist/security/env-filter.js +41 -0
package/dist/skills/loader.d.ts +33 -0
package/dist/skills/loader.js +132 -0
package/dist/skills/prompt.d.ts +6 -0
package/dist/skills/prompt.js +17 -0
package/dist/skills/read-tool.d.ts +7 -0
package/dist/skills/read-tool.js +24 -0
package/dist/skills/scanner.d.ts +6 -0
package/dist/skills/scanner.js +73 -0
package/dist/skills/types.d.ts +15 -0
package/dist/skills/types.js +1 -0
package/dist/tasks/store.d.ts +47 -0
package/dist/tasks/store.js +193 -0
package/dist/tasks/types.d.ts +75 -0
package/dist/tasks/types.js +32 -0
package/dist/teams/store.d.ts +78 -0
package/dist/teams/store.js +420 -0
package/dist/teams/types.d.ts +23 -0
package/dist/teams/types.js +1 -0
package/dist/tools/bash.d.ts +16 -0
package/dist/tools/bash.js +62 -0
package/dist/tools/channel-history.d.ts +10 -0
package/dist/tools/channel-history.js +43 -0
package/dist/tools/delegate.d.ts +16 -0
package/dist/tools/delegate.js +216 -0
package/dist/tools/fs.d.ts +4 -0
package/dist/tools/fs.js +335 -0
package/dist/tools/integration-toggle.d.ts +14 -0
package/dist/tools/integration-toggle.js +47 -0
package/dist/tools/memory.d.ts +13 -0
package/dist/tools/memory.js +65 -0
package/dist/tools/registry.d.ts +6 -0
package/dist/tools/registry.js +9 -0
package/dist/tools/schedule.d.ts +8 -0
package/dist/tools/schedule.js +219 -0
package/dist/tools/speak.d.ts +10 -0
package/dist/tools/speak.js +56 -0
package/dist/tools/tasks.d.ts +29 -0
package/dist/tools/tasks.js +92 -0
package/dist/tools/teams.d.ts +7 -0
package/dist/tools/teams.js +180 -0
package/dist/tools/web-fetch.d.ts +3 -0
package/dist/tools/web-fetch.js +22 -0
package/dist/tts/edge.d.ts +10 -0
package/dist/tts/edge.js +60 -0
package/dist/tts/speak.d.ts +12 -0
package/dist/tts/speak.js +81 -0
package/dist/tts/transcribe.d.ts +5 -0
package/dist/tts/transcribe.js +40 -0
package/dist/utils.d.ts +5 -0
package/dist/utils.js +22 -0
package/package.json +90 -0
package/verybot.js +2 -0

package/dist/config/store.js ADDED Viewed

@@ -0,0 +1,143 @@
+import { existsSync, mkdirSync, readFileSync, renameSync, statSync, writeFileSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { tmpdir } from "node:os";
+import { randomUUID } from "node:crypto";
+import { logger } from "../logger.js";
+/** Patterns that identify sensitive config keys by name. */
+const SENSITIVE_PATTERNS = [/token/i, /password/i, /secret/i, /api.?key/i];
+/** Check whether a config key name looks sensitive. */
+function isSensitiveKey(key) {
+    return SENSITIVE_PATTERNS.some((p) => p.test(key));
+}
+/** Minimum chars to show prefix/suffix in redaction. */
+const REDACT_MIN_LENGTH = 10;
+const REDACT_PREFIX = 6;
+const REDACT_SUFFIX = 4;
+const REDACT_MARKER = "...";
+/**
+ * Manages a single `config.json` file on disk.
+ * Handles reading, writing, patching, and redaction of secret values.
+ */
+export class ConfigStore {
+    filePath;
+    constructor(baseDir) {
+        this.filePath = join(baseDir, "config.json");
+    }
+    /** Read config from disk. Returns empty object if file doesn't exist. */
+    load() {
+        try {
+            if (!existsSync(this.filePath))
+                return {};
+            const raw = readFileSync(this.filePath, "utf-8");
+            return JSON.parse(raw);
+        }
+        catch (err) {
+            logger.warn(`Failed to read config.json: ${err instanceof Error ? err.message : err}`);
+            return {};
+        }
+    }
+    /** Write full config to disk atomically (temp file → rename). */
+    save(data) {
+        const dir = dirname(this.filePath);
+        if (!existsSync(dir))
+            mkdirSync(dir, { recursive: true });
+        const tmp = join(tmpdir(), `config-${randomUUID()}.json`);
+        writeFileSync(tmp, JSON.stringify(data, null, 2) + "\n", "utf-8");
+        renameSync(tmp, this.filePath);
+        logger.info(`Config saved to ${this.filePath}`);
+    }
+    /** Deep-merge a partial update into the existing config and save. */
+    patch(partial) {
+        const existing = this.load();
+        const merged = deepMerge(existing, partial);
+        this.save(merged);
+        return merged;
+    }
+    /** Return config with secret values redacted. */
+    getRedacted() {
+        const data = this.load();
+        return redactSecrets(data);
+    }
+    /**
+     * Given an incoming config (possibly with redacted values from the UI),
+     * restore redacted secrets from the existing disk values before saving.
+     */
+    patchFromUI(incoming) {
+        const existing = this.load();
+        const restored = restoreRedacted(incoming, existing);
+        return this.patch(restored);
+    }
+    /** Return file mtime in ms, or null if file doesn't exist. */
+    mtime() {
+        try {
+            return statSync(this.filePath).mtimeMs;
+        }
+        catch {
+            return null;
+        }
+    }
+    getFilePath() {
+        return this.filePath;
+    }
+}
+/** Redact secret values in a config object. */
+function redactSecrets(data) {
+    const result = { ...data };
+    for (const key of Object.keys(result)) {
+        if (isSensitiveKey(key) && typeof result[key] === "string") {
+            result[key] = redactValue(result[key]);
+        }
+    }
+    return result;
+}
+/** Mask a secret string: show prefix...suffix for long values, **** for short ones. */
+function redactValue(value) {
+    if (!value)
+        return "";
+    if (value.length < REDACT_MIN_LENGTH)
+        return "****";
+    return (value.slice(0, REDACT_PREFIX) + REDACT_MARKER + value.slice(-REDACT_SUFFIX));
+}
+/**
+ * If a value in `incoming` looks like it's still redacted (matches the pattern
+ * from `redactValue`), replace it with the original from `existing`.
+ */
+function restoreRedacted(incoming, existing) {
+    const result = { ...incoming };
+    for (const key of Object.keys(result)) {
+        if (!isSensitiveKey(key))
+            continue;
+        const inVal = result[key];
+        const exVal = existing[key];
+        if (typeof inVal !== "string" || typeof exVal !== "string")
+            continue;
+        // If the incoming value matches the redacted form of the existing value, keep existing
+        if (inVal === redactValue(exVal)) {
+            result[key] = exVal;
+        }
+    }
+    return result;
+}
+/** Keys that should be replaced wholesale instead of deep-merged. */
+const REPLACE_KEYS = new Set(["mcpServers"]);
+/** Simple deep merge: objects are merged recursively, primitives/arrays are overwritten. */
+function deepMerge(target, source) {
+    const result = { ...target };
+    for (const [key, val] of Object.entries(source)) {
+        if (REPLACE_KEYS.has(key)) {
+            result[key] = val;
+        }
+        else if (val !== null &&
+            typeof val === "object" &&
+            !Array.isArray(val) &&
+            typeof result[key] === "object" &&
+            result[key] !== null &&
+            !Array.isArray(result[key])) {
+            result[key] = deepMerge(result[key], val);
+        }
+        else {
+            result[key] = val;
+        }
+    }
+    return result;
+}

package/dist/config.d.ts ADDED Viewed

@@ -0,0 +1,103 @@
+import type { ConfigStore } from "./config/store.js";
+import type { MarkdownTableMode } from "./markdown/ir.js";
+export type BashSecurityMode = "deny" | "allowlist" | "full";
+export interface BashConfig {
+    security: BashSecurityMode;
+    safeBins: string[];
+    allowlist: string[];
+}
+interface SandboxConfig {
+    enabled: boolean;
+    image: string;
+    memoryLimit: string;
+    pidsLimit: number;
+    idleTimeoutMs: number;
+}
+interface DesktopConfig {
+    enabled: boolean;
+}
+export interface McpServerConfig {
+    /** Command to spawn (stdio transport — inferred when present). */
+    command?: string;
+    /** Arguments for the command (stdio only). */
+    args?: string[];
+    /** Extra environment variables for the subprocess (stdio only). */
+    env?: Record<string, string>;
+    /** Server URL (SSE transport — inferred when present). */
+    url?: string;
+}
+export interface Config {
+    gateway: {
+        port: number;
+        token: string;
+    };
+    model: {
+        provider: string;
+        id: string;
+        maxSteps: number;
+        contextWindow: number;
+    };
+    browserHeadless: boolean;
+    browserUserAgent: string;
+    language: string;
+    identity: string;
+    bash: BashConfig;
+    sandbox: SandboxConfig;
+    desktop: DesktopConfig;
+    memory: {
+        enabled: boolean;
+        maxResults: number;
+    };
+    channels: {
+        telegram?: {
+            token: string;
+            markdown?: {
+                tables?: MarkdownTableMode;
+            };
+        };
+        discord?: {
+            token: string;
+            markdown?: {
+                tables?: MarkdownTableMode;
+            };
+        };
+        slack?: {
+            botToken: string;
+            appToken: string;
+            markdown?: {
+                tables?: MarkdownTableMode;
+            };
+        };
+        whatsapp?: {
+            phoneId: string;
+            selfOnly?: boolean;
+            markdown?: {
+                tables?: MarkdownTableMode;
+            };
+        };
+    };
+    mcpServers: Record<string, McpServerConfig>;
+    tts: {
+        enabled: boolean;
+        voice: string;
+        replyMode: "text" | "voice" | "inbound";
+    };
+}
+/**
+ * Inject API keys from config.json into process.env so AI SDK providers work.
+ * Only sets values that are non-empty and not already set in the environment.
+ */
+export declare function injectSecretsIntoEnv(store: ConfigStore): void;
+/** Generate a cryptographically random gateway token (URL-safe base64, 32 bytes). */
+export declare function generateGatewayToken(): string;
+/**
+ * Create initial config.json with all configurable keys and defaults.
+ * Only runs when config.json doesn't exist yet.
+ */
+export declare function seedConfigStore(store: ConfigStore): void;
+/**
+ * Load config exclusively from config.json (via ConfigStore).
+ * No .env fallbacks — config.json is the sole source of truth.
+ */
+export declare function loadConfig(store: ConfigStore): Config;
+export {};

package/dist/config.js ADDED Viewed

@@ -0,0 +1,224 @@
+import { randomBytes } from "node:crypto";
+import { logger } from "./logger.js";
+function parseModel(raw) {
+    const [provider, ...rest] = raw.split(":");
+    return { provider, id: rest.join(":") };
+}
+function parseMcpServers(raw) {
+    if (!raw)
+        return {};
+    if (typeof raw === "object" && !Array.isArray(raw))
+        return raw;
+    if (typeof raw === "string") {
+        try {
+            const parsed = JSON.parse(raw);
+            if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+                return parsed;
+            }
+            return {};
+        }
+        catch {
+            return {};
+        }
+    }
+    return {};
+}
+/** Safely read a nested value with a fallback. */
+function get(val, fallback) {
+    return val !== undefined && val !== null ? val : fallback;
+}
+/**
+ * Secrets in config.json that must be injected into process.env
+ * so AI SDKs can find them. Key = config field, value = env var name.
+ */
+const ENV_SECRET_MAP = {
+    ANTHROPIC_API_KEY: "ANTHROPIC_API_KEY",
+    OPENAI_API_KEY: "OPENAI_API_KEY",
+    GOOGLE_GENERATIVE_AI_API_KEY: "GOOGLE_GENERATIVE_AI_API_KEY",
+    XAI_API_KEY: "XAI_API_KEY",
+    MISTRAL_API_KEY: "MISTRAL_API_KEY",
+    GROQ_API_KEY: "GROQ_API_KEY",
+    TOGETHER_AI_API_KEY: "TOGETHER_AI_API_KEY",
+    DEEPSEEK_API_KEY: "DEEPSEEK_API_KEY",
+    OPENROUTER_API_KEY: "OPENROUTER_API_KEY",
+    OLLAMA_BASE_URL: "OLLAMA_BASE_URL",
+};
+/**
+ * Inject API keys from config.json into process.env so AI SDK providers work.
+ * Only sets values that are non-empty and not already set in the environment.
+ */
+export function injectSecretsIntoEnv(store) {
+    const data = store.load();
+    for (const [configKey, envKey] of Object.entries(ENV_SECRET_MAP)) {
+        const val = data[configKey];
+        if (typeof val === "string" && val) {
+            process.env[envKey] = val;
+        }
+    }
+}
+const GATEWAY_TOKEN_BYTES = 32;
+/** Generate a cryptographically random gateway token (URL-safe base64, 32 bytes). */
+export function generateGatewayToken() {
+    return randomBytes(GATEWAY_TOKEN_BYTES).toString("base64url");
+}
+/**
+ * Create initial config.json with all configurable keys and defaults.
+ * Only runs when config.json doesn't exist yet.
+ */
+export function seedConfigStore(store) {
+    const existing = store.load();
+    if (Object.keys(existing).length > 0)
+        return;
+    const seed = {
+        // Model
+        model: "anthropic:claude-sonnet-4-5-20250929",
+        maxSteps: 20,
+        browserHeadless: true,
+        browserUserAgent: "",
+        // Agent
+        language: "auto",
+        identity: "You are a helpful personal assistant.",
+        // Gateway
+        gateway: { port: 28789 },
+        // Bash
+        bash: { security: "full", safeBins: [], allowlist: [] },
+        // Sandbox
+        sandbox: {
+            enabled: false,
+            image: "ubuntu:24.04",
+            memoryLimit: "256m",
+            pidsLimit: 64,
+            idleTimeoutMs: 300_000,
+        },
+        // Desktop
+        desktop: { enabled: false },
+        // Memory
+        memory: { enabled: true, maxResults: 5 },
+        // TTS
+        tts: { enabled: true, voice: "en-US-AriaNeural", replyMode: "inbound" },
+        // MCP servers
+        mcpServers: {},
+        // Secrets (empty — set via web UI)
+        ANTHROPIC_API_KEY: "",
+        OPENAI_API_KEY: "",
+        GOOGLE_GENERATIVE_AI_API_KEY: "",
+        XAI_API_KEY: "",
+        MISTRAL_API_KEY: "",
+        GROQ_API_KEY: "",
+        TOGETHER_AI_API_KEY: "",
+        DEEPSEEK_API_KEY: "",
+        OPENROUTER_API_KEY: "",
+        OLLAMA_BASE_URL: "",
+        GATEWAY_TOKEN: generateGatewayToken(),
+        TELEGRAM_BOT_TOKEN: "",
+        DISCORD_BOT_TOKEN: "",
+        SLACK_BOT_TOKEN: "",
+        SLACK_APP_TOKEN: "",
+        WHATSAPP_PHONE_ID: "",
+        TWITTER_BEARER_TOKEN: "",
+        TWITTER_API_KEY: "",
+        TWITTER_API_SECRET: "",
+        TWITTER_ACCESS_TOKEN: "",
+        TWITTER_ACCESS_SECRET: "",
+        GITHUB_TOKEN: "",
+        GITHUB_DEFAULT_OWNER: "",
+    };
+    store.save(seed);
+}
+/**
+ * Load config exclusively from config.json (via ConfigStore).
+ * No .env fallbacks — config.json is the sole source of truth.
+ */
+export function loadConfig(store) {
+    const s = store.load();
+    const modelRaw = get(s.model, "anthropic:claude-sonnet-4-5-20250929");
+    const gateway = (s.gateway ?? {});
+    const bash = (s.bash ?? {});
+    const sandbox = (s.sandbox ?? {});
+    const memory = (s.memory ?? {});
+    const tts = (s.tts ?? {});
+    const legacyMcp = s.mcp ?? {};
+    const identityStr = get(s.identity, "You are a helpful personal assistant.");
+    const telegramToken = get(s.TELEGRAM_BOT_TOKEN, "");
+    const discordToken = get(s.DISCORD_BOT_TOKEN, "");
+    const slackBotToken = get(s.SLACK_BOT_TOKEN, "");
+    const slackAppToken = get(s.SLACK_APP_TOKEN, "");
+    const whatsappPhoneId = get(s.WHATSAPP_PHONE_ID, "");
+    const channelsCfg = (s.channels ?? {});
+    // Auto-generate a gateway token if missing or empty
+    let gatewayToken = s.GATEWAY_TOKEN || "";
+    if (!gatewayToken) {
+        gatewayToken = generateGatewayToken();
+        store.patch({ GATEWAY_TOKEN: gatewayToken });
+        logger.info(`Generated new \x1b[36mGATEWAY_TOKEN\x1b[0m: \x1b[1m\x1b[33m${gatewayToken}\x1b[0m`);
+    }
+    logger.info(`\x1b[36mGATEWAY_TOKEN\x1b[0m: \x1b[1m\x1b[33m${gatewayToken}\x1b[0m`);
+    return {
+        gateway: {
+            port: Number(get(gateway.port, 28789)),
+            token: gatewayToken,
+        },
+        model: {
+            ...parseModel(modelRaw),
+            maxSteps: Number(get(s.maxSteps, 20)),
+            contextWindow: Number(get(s.contextWindow, 0)),
+        },
+        browserHeadless: get(s.browserHeadless, true),
+        browserUserAgent: get(s.browserUserAgent, ""),
+        language: get(s.language, "auto"),
+        identity: identityStr,
+        bash: {
+            security: get(bash.security, "full"),
+            safeBins: get(bash.safeBins, []),
+            allowlist: get(bash.allowlist, []),
+        },
+        sandbox: {
+            enabled: get(sandbox.enabled, false),
+            image: get(sandbox.image, "ubuntu:24.04"),
+            memoryLimit: get(sandbox.memoryLimit, "256m"),
+            pidsLimit: Number(get(sandbox.pidsLimit, 64)),
+            idleTimeoutMs: Number(get(sandbox.idleTimeoutMs, 300_000)),
+        },
+        desktop: {
+            enabled: get(s.desktop?.enabled, false),
+        },
+        memory: {
+            enabled: get(memory.enabled, true),
+            maxResults: Number(get(memory.maxResults, 5)),
+        },
+        channels: {
+            telegram: telegramToken
+                ? {
+                    token: telegramToken,
+                    markdown: channelsCfg.telegram?.markdown ?? undefined,
+                }
+                : undefined,
+            discord: discordToken
+                ? {
+                    token: discordToken,
+                    markdown: channelsCfg.discord?.markdown ?? undefined,
+                }
+                : undefined,
+            slack: slackBotToken && slackAppToken
+                ? {
+                    botToken: slackBotToken,
+                    appToken: slackAppToken,
+                    markdown: channelsCfg.slack?.markdown ?? undefined,
+                }
+                : undefined,
+            whatsapp: whatsappPhoneId
+                ? {
+                    phoneId: whatsappPhoneId,
+                    selfOnly: get(channelsCfg.whatsapp?.selfOnly, false),
+                    markdown: channelsCfg.whatsapp?.markdown ?? undefined,
+                }
+                : undefined,
+        },
+        mcpServers: parseMcpServers(s.mcpServers ?? legacyMcp.servers),
+        tts: {
+            enabled: get(tts.enabled, true),
+            voice: get(tts.voice, "en-US-AriaNeural"),
+            replyMode: get(tts.replyMode, "inbound"),
+        },
+    };
+}