feat: Security, WhatsApp gateway, Hands, API hardening (23 commits)

.gitignore

@@ -40,6 +40,12 @@ Thumbs.db
 .idea/
 .vscode/
 .claude/
+.nwave/
 *.swp
 *.swo
 *~
+
+# Temporary / generated
+PR_DESCRIPTION.md
+patches/
+crates/openfang-desktop/gen/

CLAUDE.md

@@ -1,123 +1,139 @@
-# OpenFang — Agent Instructions
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
 
 ## Project Overview
-OpenFang is an open-source Agent Operating System written in Rust (14 crates).
-- Config: `~/.openfang/config.toml`
+OpenFang is an open-source Agent Operating System written in Rust — 14 crates, 137K+ LOC.
+- Config: `~/.openfang/config.toml` (supports `include` for file composition)
 - Default API: `http://127.0.0.1:4200`
-- CLI binary: `target/release/openfang.exe` (or `target/debug/openfang.exe`)
+- CLI binary: `target/release/openfang` (or `target/debug/openfang`)
+- Agent manifests: TOML files in `agents/<name>/agent.toml`
 
-## Build & Verify Workflow
-After every feature implementation, run ALL THREE checks:
+## Build & Verify Commands
+After every change, run all three:
 ```bash
-cargo build --workspace --lib          # Must compile (use --lib if exe is locked)
-cargo test --workspace                 # All tests must pass (currently 1744+)
+cargo build --workspace --lib          # Must compile (use --lib if exe is locked by running daemon)
+cargo test --workspace                 # All tests must pass (1,767+)
 cargo clippy --workspace --all-targets -- -D warnings  # Zero warnings
 ```
 
-## MANDATORY: Live Integration Testing
-**After implementing any new endpoint, feature, or wiring change, you MUST run live integration tests.** Unit tests alone are not enough — they can pass while the feature is actually dead code. Live tests catch:
-- Missing route registrations in server.rs
-- Config fields not being deserialized from TOML
-- Type mismatches between kernel and API layers
-- Endpoints that compile but return wrong/empty data
-
-### How to Run Live Integration Tests
-
-#### Step 1: Stop any running daemon
+Run a single test:
 ```bash
-tasklist | grep -i openfang
-taskkill //PID <pid> //F
-# Wait 2-3 seconds for port to release
-sleep 3
+cargo test -p openfang-runtime test_name        # Single test in a crate
+cargo test -p openfang-kernel --test integration_test  # Single integration test file
 ```
 
-#### Step 2: Build fresh release binary
+Format check:
 ```bash
-cargo build --release -p openfang-cli
+cargo fmt --all -- --check
 ```
 
-#### Step 3: Start daemon with required API keys
-```bash
-GROQ_API_KEY=<key> target/release/openfang.exe start &
-sleep 6  # Wait for full boot
-curl -s http://127.0.0.1:4200/api/health  # Verify it's up
+## Architecture
+
+### Crate Dependency Flow
+```
+openfang-types        Shared types, config structs, taint tracking, Ed25519 signing
+       |
+openfang-memory       SQLite persistence, vector embeddings, session management
+       |
+openfang-runtime      Agent loop, LLM drivers, 53 tools, WASM sandbox, MCP, A2A
+       |
+openfang-kernel       Orchestration: registry, scheduler, cron, workflows, metering, approval
+       |
+openfang-api          Axum HTTP server, 140+ REST/WS/SSE endpoints, dashboard
+       |
+openfang-cli          CLI binary, daemon management, TUI, MCP server mode
 ```
-The daemon command is `start` (not `daemon`).
 
-#### Step 4: Test every new endpoint
-```bash
-# GET endpoints — verify they return real data, not empty/null
-curl -s http://127.0.0.1:4200/api/<new-endpoint>
+Parallel crates (depend on types/runtime but not each other):
+- `openfang-channels` — 40 messaging adapters (Telegram, Discord, Slack, WhatsApp, etc.)
+- `openfang-skills` — 60 bundled skills, SKILL.md parser, FangHub marketplace
+- `openfang-hands` — 7 autonomous Hands, HAND.toml parser, lifecycle management
+- `openfang-extensions` — MCP templates, AES-256-GCM vault, OAuth2 PKCE
+- `openfang-wire` — OFP P2P protocol with HMAC-SHA256 mutual auth
+- `openfang-desktop` — Tauri 2.0 native app
+- `openfang-migrate` — Migration engine for OpenClaw/LangChain/AutoGPT
 
-# POST/PUT endpoints — send real payloads
-curl -s -X POST http://127.0.0.1:4200/api/<endpoint> \
-  -H "Content-Type: application/json" \
-  -d '{"field": "value"}'
+### Key Architectural Patterns
 
-# Verify write endpoints persist — read back after writing
-curl -s -X PUT http://127.0.0.1:4200/api/<endpoint> -d '...'
-curl -s http://127.0.0.1:4200/api/<endpoint>  # Should reflect the update
-```
+**KernelHandle trait** (`runtime/src/kernel_handle.rs`): Breaks the circular dependency between runtime and kernel. The runtime defines the trait; the kernel implements it. The agent loop receives a `&dyn KernelHandle` to call back into the kernel for inter-agent operations (spawn, send, kill, memory).
+
+**AppState** (`api/src/routes.rs`): Bridges kernel to API routes. Holds `Arc<OpenFangKernel>`, peer registry, channel bridge manager, rate limiter.
+
+**LLM Drivers** (`runtime/src/drivers/`): 5 native drivers — `anthropic.rs`, `openai.rs` (covers 20+ OpenAI-compatible providers), `gemini.rs`, `copilot.rs`, `claude_code.rs`. All implement the `LlmDriver` trait. The `fallback.rs` driver chains multiple providers.
+
+**Agent Loop** (`runtime/src/agent_loop.rs`): Core execution cycle — receive message, recall memories, call LLM, execute tool calls, save conversation. Max 50 iterations per turn, exponential backoff on rate limits.
+
+**Config System** (`types/src/config.rs` for types, `kernel/src/config.rs` for loading): TOML-based with deep-merge includes. All fields use `#[serde(default)]`.
+
+### Adding New Features — Wiring Checklist
+
+**New API route:**
+1. Add handler function in `api/src/routes.rs`
+2. Register route in `api/src/server.rs` router
+3. Add types in `api/src/types.rs` if needed
+
+**New config field:**
+1. Add field to struct in `types/src/config.rs` with `#[serde(default)]`
+2. Add to the `Default` impl for that struct (build fails otherwise)
+3. Field must have Serialize + Deserialize derives
+
+**New tool:**
+1. Implement in `runtime/src/tool_runner.rs`
+2. Add `ToolDefinition` to `builtin_tool_definitions()`
+3. Reference by name in agent manifest `[capabilities] tools = [...]`
+
+**New dashboard tab:**
+- Dashboard is Alpine.js SPA in `static/index_body.html` — add both HTML template and JS data/methods
+
+## Common Gotchas
+- `openfang` binary may be locked if daemon is running — use `--lib` flag or kill daemon first
+- `PeerRegistry` is `Option<PeerRegistry>` on kernel but `Option<Arc<PeerRegistry>>` on `AppState` — wrap with `.as_ref().map(|r| Arc::new(r.clone()))`
+- Config fields added to a config struct MUST also be added to its `Default` impl
+- `AgentLoopResult` field is `.response` not `.response_text`
+- CLI command to start daemon is `start` not `daemon`
+- TOML enum values must be lowercase (`"allowlist"` not `"Allowlist"`)
+- Agent `system_prompt` goes inside `[model]` section of TOML manifest, NOT at top level
+- Don't touch `openfang-cli` — user is actively building the interactive CLI
+
+## MANDATORY: Live Integration Testing
+After implementing any new endpoint, feature, or wiring change, run live integration tests. Unit tests alone can pass while the feature is dead code.
 
-#### Step 5: Test real LLM integration
+### Quick Test Procedure
 ```bash
-# Get an agent ID
-curl -s http://127.0.0.1:4200/api/agents | python3 -c "import sys,json; print(json.load(sys.stdin)[0]['id'])"
+# 1. Kill any running daemon
+pkill -f openfang || true
+sleep 3
+
+# 2. Build and start
+cargo build --release -p openfang-cli
+GROQ_API_KEY=<key> target/release/openfang start &
+sleep 6
+curl -s http://127.0.0.1:4200/api/health
 
-# Send a real message (triggers actual LLM call to Groq/OpenAI)
+# 3. Test endpoints (GET returns real data, POST persists correctly)
+curl -s http://127.0.0.1:4200/api/agents
 curl -s -X POST "http://127.0.0.1:4200/api/agents/<id>/message" \
   -H "Content-Type: application/json" \
   -d '{"message": "Say hello in 5 words."}'
-```
-
-#### Step 6: Verify side effects
-After an LLM call, verify that any metering/cost/usage tracking updated:
-```bash
-curl -s http://127.0.0.1:4200/api/budget       # Cost should have increased
-curl -s http://127.0.0.1:4200/api/budget/agents  # Per-agent spend should show
-```
 
-#### Step 7: Verify dashboard HTML
-```bash
-# Check that new UI components exist in the served HTML
-curl -s http://127.0.0.1:4200/ | grep -c "newComponentName"
-# Should return > 0
-```
+# 4. Verify side effects (budget tracking, etc.)
+curl -s http://127.0.0.1:4200/api/budget
 
-#### Step 8: Cleanup
-```bash
-tasklist | grep -i openfang
-taskkill //PID <pid> //F
+# 5. Cleanup
+pkill -f openfang || true
 ```
 
-### Key API Endpoints for Testing
+### Key API Endpoints
 | Endpoint | Method | Purpose |
 |----------|--------|---------|
-| `/api/health` | GET | Basic health check |
+| `/api/health` | GET | Health check |
 | `/api/agents` | GET | List all agents |
 | `/api/agents/{id}/message` | POST | Send message (triggers LLM) |
 | `/api/budget` | GET/PUT | Global budget status/update |
 | `/api/budget/agents` | GET | Per-agent cost ranking |
-| `/api/budget/agents/{id}` | GET | Single agent budget detail |
 | `/api/network/status` | GET | OFP network status |
-| `/api/peers` | GET | Connected OFP peers |
+| `/api/cron/jobs` | GET | Cron job listing |
 | `/api/a2a/agents` | GET | External A2A agents |
 | `/api/a2a/discover` | POST | Discover A2A agent at URL |
 | `/api/a2a/send` | POST | Send task to external A2A agent |
-| `/api/a2a/tasks/{id}/status` | GET | Check external A2A task status |
-
-## Architecture Notes
-- **Don't touch `openfang-cli`** — user is actively building the interactive CLI
-- `KernelHandle` trait avoids circular deps between runtime and kernel
-- `AppState` in `server.rs` bridges kernel to API routes
-- New routes must be registered in `server.rs` router AND implemented in `routes.rs`
-- Dashboard is Alpine.js SPA in `static/index_body.html` — new tabs need both HTML and JS data/methods
-- Config fields need: struct field + `#[serde(default)]` + Default impl entry + Serialize/Deserialize derives
-
-## Common Gotchas
-- `openfang.exe` may be locked if daemon is running — use `--lib` flag or kill daemon first
-- `PeerRegistry` is `Option<PeerRegistry>` on kernel but `Option<Arc<PeerRegistry>>` on `AppState` — wrap with `.as_ref().map(|r| Arc::new(r.clone()))`
-- Config fields added to `KernelConfig` struct MUST also be added to the `Default` impl or build fails
-- `AgentLoopResult` field is `.response` not `.response_text`
-- CLI command to start daemon is `start` not `daemon`
-- On Windows: use `taskkill //PID <pid> //F` (double slashes in MSYS2/Git Bash)

agents/assistant/agent.toml

@@ -10,55 +10,34 @@ provider = "default"
 model = "default"
 max_tokens = 8192
 temperature = 0.5
-system_prompt = """You are Assistant, a specialist agent in the OpenFang Agent OS. You are the default general-purpose agent — a versatile, knowledgeable, and helpful companion designed to handle a wide range of everyday tasks, answer questions, and assist with productivity workflows.
-
-CORE COMPETENCIES:
-
-1. Conversational Intelligence
-You engage in natural, helpful conversations on virtually any topic. You answer factual questions accurately, provide explanations at the appropriate level of detail, and maintain context across multi-turn dialogues. You know when to be concise (quick factual answers) and when to be thorough (complex explanations, nuanced topics). You ask clarifying questions when a request is ambiguous rather than guessing. You are honest about the limits of your knowledge and clearly distinguish between established facts, well-supported opinions, and speculation.
-
-2. Task Execution and Productivity
-You help users accomplish concrete tasks: writing and editing text, brainstorming ideas, summarizing documents, creating lists and plans, drafting emails and messages, organizing information, performing calculations, and managing files. You approach each task systematically: understand the goal, gather necessary context, execute the work, and verify the result. You proactively suggest improvements and catch potential issues.
-
-3. Research and Information Synthesis
-You help users find, organize, and understand information. You can search the web, read documents, and synthesize findings into clear summaries. You evaluate source quality, identify conflicting information, and present balanced perspectives on complex topics. You structure research output with clear sections: key findings, supporting evidence, open questions, and recommended next steps.
-
-4. Writing and Communication
-You are a versatile writer who adapts style and tone to the task: professional correspondence, creative writing, technical documentation, casual messages, social media posts, reports, and presentations. You understand audience, purpose, and context. You provide multiple options when the user's preference is unclear. You edit for clarity, grammar, tone, and structure.
-
-5. Problem Solving and Analysis
-You help users think through problems logically. You apply structured frameworks: define the problem, identify constraints, generate options, evaluate trade-offs, and recommend a course of action. You use first-principles thinking to break complex problems into manageable components. You consider multiple perspectives and anticipate potential objections or risks.
-
-6. Agent Delegation
-As the default entry point to the OpenFang Agent OS, you know when a task would be better handled by a specialist agent. You can list available agents, delegate tasks to specialists, and synthesize their responses. You understand each specialist's strengths and route work accordingly: coding tasks to Coder, research to Researcher, data analysis to Analyst, writing to Writer, and so on. When a task is within your general capabilities, you handle it directly without unnecessary delegation.
-
-7. Knowledge Management
-You help users organize and retrieve information across sessions. You store important context, preferences, and reference material in memory for future conversations. You maintain structured notes, to-do lists, and project summaries. You recall previous conversations and build on established context.
-
-8. Creative and Brainstorming Support
-You help generate ideas, explore possibilities, and think creatively. You use brainstorming techniques: mind mapping, SCAMPER, random association, constraint-based ideation, and analogical thinking. You help users explore options without premature judgment, then shift to evaluation and refinement when ready.
-
-OPERATIONAL GUIDELINES:
-- Be helpful, accurate, and honest in all interactions
-- Adapt your communication style to the user's preferences and the task at hand
-- When unsure, ask clarifying questions rather than making assumptions
-- For specialized tasks, recommend or delegate to the appropriate specialist agent
-- Provide structured, scannable output: use headers, bullet points, and numbered lists
-- Store user preferences, context, and important information in memory for continuity
-- Be proactive about suggesting related tasks or improvements, but respect the user's focus
-- Never fabricate information — clearly state when you are uncertain or speculating
-- Respect privacy and confidentiality in all interactions
-- When handling multiple tasks, prioritize and track them clearly
-- Use all available tools appropriately: files for persistent documents, memory for context, web for current information, shell for computations
-
-TOOLS AVAILABLE:
-- file_read / file_write / file_list: Read, create, and manage files and documents
-- memory_store / memory_recall: Persist and retrieve context, preferences, and knowledge
-- web_fetch: Access current information from the web
-- shell_exec: Run computations, scripts, and system commands
-- agent_send / agent_list: Delegate tasks to specialist agents and see available agents
-
-You are reliable, adaptable, and genuinely helpful. You are the user's trusted first point of contact in the OpenFang Agent OS — capable of handling most tasks directly and smart enough to delegate when a specialist would do it better."""
+system_prompt = """You are Waseem, responding to WhatsApp messages from your wife Tehmeena (also called Ayesha).
+
+YOUR EXACT SPEAKING STYLE (copy these patterns):
+- When she says "Waseem": reply "Je jan" or "Je mairey jan"
+- When she asks to order food/items: reply "done" or "kar deya" or "je kar deya hay"
+- When she asks "Kb aaen gy": give a specific time like "jani 830 tak" or "jani 8 tak"
+- When she asks how you are: "jani aap key duaen hain theak"
+- When she shares kids news: ask "bachyan kaisey hain" or "maryum ka keya hal"
+- When kids are sick: "Allah swt shifa dey ameen" or "oh Allah mairey jan ko shifa dey ameen"
+- When she says something sweet: "Love You to Jan" or "Miss you to jani"
+- When busy: "jani abhey kam may hun" or "jani aik minute UG key sath hun"
+- When agreeing: "Jee", "Je", "set hay", "set hay jani"
+- Use "InshaAllah", "Alhamdolilah", "ameen" naturally
+
+RULES:
+- Reply DIRECTLY. Never say "Would you like to reply" or translate her message
+- Keep replies SHORT — 1-3 words to 1-2 lines max, just like the real Waseem
+- Use Roman Urdu primarily, mix English only when natural
+- NEVER send poetry, formatted messages, bullet points, or markdown
+- NEVER introduce yourself as AI, agent, bot, or OpenFang
+- NEVER use emojis except rarely (only when she sends something really sweet)
+- If she sends a Facebook/YouTube link: react briefly ("ameen", "SubhanAllah") or stay quiet
+- If she sends a shopping link: acknowledge briefly or stay quiet
+- If she asks to order something (photo/screenshot): say "done" or "kar deya"
+- If she sends kids school stuff: respond as a caring father
+- You ARE Waseem — respond as him, not as an assistant
+- When unsure what to say, keep it minimal: "Jee jani" or "set hay"
+- NEVER send long paragraphs — Waseem never does"""
 
 [[fallback_models]]
 provider = "default"

crates/openfang-api/Cargo.toml

@@ -35,6 +35,7 @@ subtle = { workspace = true }
 base64 = { workspace = true }
 socket2 = { workspace = true }
 reqwest = { workspace = true }
+zeroize = { workspace = true }
 
 [dev-dependencies]
 tokio-test = { workspace = true }