@2en/clawly-plugins 1.30.0-beta.2 → 1.30.0-beta.4

package/tools/clawly-send-file.ts

@@ -0,0 +1,307 @@
+/**
+ * Agent tool: clawly_send_file — send a file to the user.
+ *
+ * Accepts a URL (https/http) or a local file path (or arrays of either).
+ * URLs are downloaded and cached locally. Injects a FILE:<path>?<filename> assistant
+ * message via chat.inject so the mobile client can render or display the file.
+ *
+ * Restrictions:
+ * - URLs: executable files are rejected (by MIME/extension).
+ * - Local files:
+ *   - Dot files rejected (e.g. ~/.openclaw, .env, .bashrc).
+ *   - Only files under $HOME or /tmp (files outside home are rejected unless in /tmp).
+ *   - State dir ($OPENCLAW_STATE_DIR) blocked, except clawly/, canvas/, memory/ subdirs.
+ *   - Executable files rejected (binaries + script extensions).
+ */
+
+import crypto from 'node:crypto'
+import fsp from 'node:fs/promises'
+import os from 'node:os'
+import path from 'node:path'
+import {fileTypeFromBuffer, fileTypeFromFile} from 'file-type'
+import {injectAssistantMessage, resolveSessionKey} from '../gateway/inject'
+import type {PluginApi} from '../types'
+
+const TOOL_NAME = 'clawly_send_file'
+const MAX_DOWNLOAD_BYTES = 50 * 1024 * 1024 // 50 MB
+
+const parameters: Record<string, unknown> = {
+  type: 'object',
+  required: ['source'],
+  properties: {
+    source: {
+      oneOf: [
+        {type: 'string', description: 'File URL (https://...) or local file path'},
+        {
+          type: 'array',
+          items: {type: 'string'},
+          description: 'Array of file URLs or local file paths',
+        },
+      ],
+    },
+    caption: {type: 'string', description: 'Optional caption text'},
+  },
+}
+
+// ── Executable blocklist ───────────────────────────────────────────────
+
+/** MIME types for binary executables (ELF, Mach-O, PE, etc.) */
+const EXECUTABLE_MIMES = new Set([
+  'application/x-executable',
+  'application/x-elf',
+  'application/x-sharedlib',
+  'application/x-pie-executable',
+  'application/x-mach-binary',
+  'application/x-mach-binary-fat',
+  'application/x-msdownload',
+])
+
+/** Extensions for executables and executable scripts */
+const EXECUTABLE_EXTS = new Set([
+  '.exe',
+  '.com',
+  '.bat',
+  '.cmd',
+  '.sh',
+  '.bash',
+  '.csh',
+  '.zsh',
+  '.ps1',
+  '.psm1',
+])
+
+function isExecutableByMime(mime?: string): boolean {
+  return !!mime && EXECUTABLE_MIMES.has(mime)
+}
+
+function isExecutableByExt(filePath: string): boolean {
+  const ext = path.extname(filePath).toLowerCase()
+  return EXECUTABLE_EXTS.has(ext)
+}
+
+function hasDotFileComponent(filePath: string): boolean {
+  const normalized = path.normalize(filePath)
+  const parts = normalized.split(path.sep)
+  return parts.some((p) => p.startsWith('.') && p.length > 1)
+}
+
+function isUnderAllowedRoot(filePath: string): boolean {
+  const resolved = path.resolve(filePath)
+  const home = os.homedir()
+  return resolved.startsWith(home + path.sep) || resolved === home || resolved.startsWith('/tmp/')
+}
+
+// ── Helpers ──────────────────────────────────────────────────────────
+
+function downloadsDir(api: PluginApi): string {
+  return path.join(api.runtime.state.resolveStateDir(), 'clawly', 'downloads')
+}
+
+function extFromUrl(url: string): string {
+  try {
+    const pathname = new URL(url).pathname
+    const ext = path.extname(pathname).toLowerCase()
+    if (ext) return ext
+  } catch {}
+  return ''
+}
+
+function localPath(source: string, ext: string, api: PluginApi): string {
+  const hash = crypto.createHash('sha256').update(source).digest('hex')
+  return path.join(downloadsDir(api), `${hash}${ext || ''}`)
+}
+
+async function fileExists(p: string): Promise<boolean> {
+  try {
+    await fsp.access(p)
+    return true
+  } catch {
+    return false
+  }
+}
+
+function sourceFilename(source: string): string {
+  try {
+    return path.basename(new URL(source).pathname) || path.basename(source)
+  } catch {
+    return path.basename(source)
+  }
+}
+
+function formatMediaMessage(filePaths: string[], sources: string[], caption?: string): string {
+  const parts: string[] = []
+  if (caption) parts.push(caption)
+  for (let i = 0; i < filePaths.length; i++) {
+    const filename = sourceFilename(sources[i] ?? filePaths[i])
+    const pathBasename = path.basename(filePaths[i])
+    const qs = filename !== pathBasename ? `?filename=${encodeURIComponent(filename)}` : ''
+    parts.push(`FILE:${filePaths[i]}${qs}`)
+  }
+  return parts.join('\n')
+}
+
+// ── Download ─────────────────────────────────────────────────────────
+
+const DOWNLOAD_TIMEOUT_MS = 30_000
+
+async function downloadFile(url: string, api: PluginApi): Promise<string> {
+  const dir = downloadsDir(api)
+  await fsp.mkdir(dir, {recursive: true})
+
+  const controller = new AbortController()
+  const timeout = setTimeout(() => controller.abort(), DOWNLOAD_TIMEOUT_MS)
+  try {
+    const res = await fetch(url, {redirect: 'follow', signal: controller.signal})
+    if (!res.ok) throw new Error(`download failed: HTTP ${res.status}`)
+
+    const contentLength = res.headers.get('content-length')
+    if (contentLength && Number(contentLength) > MAX_DOWNLOAD_BYTES) {
+      throw new Error(`file too large (${contentLength} bytes, max ${MAX_DOWNLOAD_BYTES})`)
+    }
+
+    const chunks: Uint8Array[] = []
+    let totalSize = 0
+    const reader = res.body?.getReader()
+    if (!reader) throw new Error('no response body')
+
+    while (true) {
+      const {done, value} = await reader.read()
+      if (done) break
+      totalSize += value.byteLength
+      if (totalSize > MAX_DOWNLOAD_BYTES) {
+        reader.cancel()
+        throw new Error(`file too large (exceeded ${MAX_DOWNLOAD_BYTES} bytes)`)
+      }
+      chunks.push(value)
+    }
+
+    const buffer = Buffer.concat(chunks)
+    const type = await fileTypeFromBuffer(buffer)
+
+    if (type && isExecutableByMime(type.mime)) {
+      throw new Error('downloaded file is an executable and cannot be sent')
+    }
+    const urlExt = extFromUrl(url)
+    if (urlExt && EXECUTABLE_EXTS.has(urlExt)) {
+      throw new Error('downloaded file has executable extension and cannot be sent')
+    }
+
+    // Use urlExt for cache key so resolveSource cache lookup matches
+    const dest = localPath(url, urlExt, api)
+    await fsp.writeFile(dest, buffer)
+    api.logger.info(`${TOOL_NAME}: downloaded ${url} -> ${dest} (${buffer.length} bytes)`)
+    return dest
+  } finally {
+    clearTimeout(timeout)
+  }
+}
+
+// ── Tool registration ────────────────────────────────────────────────
+
+export function registerSendFileTool(api: PluginApi) {
+  api.registerTool({
+    name: TOOL_NAME,
+    description:
+      'Send one or more files to the user. Accepts a single URL/path or an array of URLs/paths. Supports images, documents, audio, etc. Executable files and dot files are not allowed. Local files must be under $HOME or /tmp.',
+    parameters,
+    async execute(_toolCallId, params) {
+      let sources: string[]
+      if (typeof params.source === 'string') {
+        sources = [params.source.trim()].filter(Boolean)
+      } else if (Array.isArray(params.source)) {
+        sources = params.source
+          .filter((s): s is string => typeof s === 'string')
+          .map((s) => s.trim())
+          .filter(Boolean)
+      } else {
+        sources = []
+      }
+
+      if (sources.length === 0) {
+        return {content: [{type: 'text', text: JSON.stringify({error: 'source is required'})}]}
+      }
+
+      const caption = typeof params.caption === 'string' ? params.caption.trim() : undefined
+
+      const resolveSource = async (source: string): Promise<string> => {
+        if (source.startsWith('https://') || source.startsWith('http://')) {
+          const guessExt = extFromUrl(source)
+          if (guessExt && EXECUTABLE_EXTS.has(guessExt)) {
+            throw new Error(`${source}: URL has executable extension and cannot be sent`)
+          }
+          const cached = localPath(source, guessExt, api)
+          if (await fileExists(cached)) {
+            api.logger.info(`${TOOL_NAME}: serving cached ${cached}`)
+            return cached
+          }
+          return await downloadFile(source, api)
+        }
+
+        // Local file source
+        const resolved = path.resolve(source.replace(/^~/, os.homedir()))
+        if (!(await fileExists(resolved))) {
+          throw new Error(`${source}: file not found`)
+        }
+        if (!isUnderAllowedRoot(resolved)) {
+          throw new Error(
+            `${source}: file must be under $HOME or /tmp (files outside home are not allowed)`,
+          )
+        }
+        // Block state dir files except clawly/, canvas/, memory/ subdirs.
+        // This check runs BEFORE hasDotFileComponent because the state dir
+        // itself may contain a dot component (e.g. ~/.openclaw).
+        const stateDir = api.runtime.state.resolveStateDir()
+        const stateDirPrefix = stateDir + path.sep
+        const isUnderStateDir = resolved.startsWith(stateDirPrefix) || resolved === stateDir
+        if (isUnderStateDir) {
+          const allowedPrefixes = [
+            path.join(stateDir, 'clawly') + path.sep,
+            path.join(stateDir, 'canvas') + path.sep,
+            path.join(stateDir, 'memory') + path.sep,
+          ]
+          if (!allowedPrefixes.some((p) => resolved.startsWith(p))) {
+            throw new Error(`${source}: files under the state directory are not allowed`)
+          }
+        } else if (hasDotFileComponent(resolved)) {
+          throw new Error(`${source}: dot files (e.g. .openclaw, .env) are not allowed`)
+        }
+        if (isExecutableByExt(resolved)) {
+          throw new Error(`${source}: executable files are not allowed`)
+        }
+        const type = await fileTypeFromFile(resolved)
+        if (type && isExecutableByMime(type.mime)) {
+          throw new Error(`${source}: file is an executable and cannot be sent`)
+        }
+
+        const ext = path.extname(resolved) || (type?.ext ? `.${type.ext}` : '')
+        const dest = localPath(resolved, ext, api)
+        if (!(await fileExists(dest))) {
+          const dir = path.dirname(dest)
+          await fsp.mkdir(dir, {recursive: true})
+          await fsp.copyFile(resolved, dest)
+        }
+        return dest
+      }
+
+      try {
+        const resolved = await Promise.all(sources.map(resolveSource))
+        const mediaMessage = formatMediaMessage(resolved, sources, caption)
+        const sessionKey = await resolveSessionKey('clawly', api)
+        await injectAssistantMessage({sessionKey, message: mediaMessage}, api)
+        api.logger.info(`${TOOL_NAME}: injected ${resolved.length} file(s) into session`)
+
+        return {
+          content: [
+            {type: 'text', text: JSON.stringify({sent: true, count: resolved.length, sources})},
+          ],
+        }
+      } catch (err) {
+        const msg = err instanceof Error ? err.message : String(err)
+        api.logger.error(`${TOOL_NAME}: ${msg}`)
+        return {content: [{type: 'text', text: JSON.stringify({error: msg})}]}
+      }
+    },
+  })
+
+  api.logger.info(`tool: registered ${TOOL_NAME} agent tool`)
+}

package/tools/index.ts

@@ -4,7 +4,7 @@ import {registerIsUserOnlineTool} from './clawly-is-user-online'
 import {registerMsgBreakTool} from './clawly-msg-break'
 import {registerDeepSearchTool, registerGrokSearchTool, registerSearchTool} from './clawly-search'
 import {registerSendAppPushTool} from './clawly-send-app-push'
-import {registerSendImageTool} from './clawly-send-image'
+import {registerSendFileTool} from './clawly-send-file'
 import {registerSendMessageTool} from './clawly-send-message'
 
 export function registerTools(api: PluginApi) {
@@ -15,6 +15,6 @@ export function registerTools(api: PluginApi) {
   registerDeepSearchTool(api)
   registerGrokSearchTool(api)
   registerSendAppPushTool(api)
-  registerSendImageTool(api)
+  registerSendFileTool(api)
   registerSendMessageTool(api)
 }

package/types.ts

@@ -22,7 +22,7 @@ export type PluginRuntimeCore = {
   version: string
   config: {
     loadConfig: (...args: unknown[]) => unknown
-    writeConfigFile: (...args: unknown[]) => unknown
+    writeConfigFile: (config: OpenClawConfig) => Promise<unknown>
   }
   system: {
     enqueueSystemEvent: (...args: unknown[]) => void

package/gateway/node-dangerous-allowlist.ts

@@ -1,84 +0,0 @@
-/**
- * Ensures all dangerous node commands are in gateway.nodes.allowCommands
- * so the AI agent can invoke them on connected Clawly nodes.
- *
- * Dangerous commands are defined by OpenClaw's node-command-policy and
- * must be explicitly allowlisted. Safe commands work without allowlisting.
- *
- * Runs on gateway_start. Writes directly to openclaw.json via
- * writeOpenclawConfig (no restart triggered — gateway.* changes are
- * classified as "none" by the config watcher).
- */
-import path from 'node:path'
-
-import type {PluginApi} from '../types'
-import {readOpenclawConfig, writeOpenclawConfig} from '../model-gateway-setup'
-
-const DANGEROUS_COMMANDS = [
-  // Browser commands (Mac nodes)
-  'browser.proxy',
-  'browser.navigate',
-  'browser.click',
-  'browser.type',
-  'browser.screenshot',
-  'browser.read',
-  'browser.tabs',
-  'browser.back',
-  'browser.scroll',
-  'browser.evaluate',
-  // Reminders + calendar (iOS nodes)
-  'reminders.add',
-  'calendar.add',
-  // Device permissions (iOS nodes) — not in OpenClaw's iOS defaults
-  'device.permissions',
-  'device.requestPermission',
-]
-
-export function registerNodeDangerousAllowlist(api: PluginApi) {
-  api.on('gateway_start', async () => {
-    let stateDir: string
-    try {
-      stateDir = api.runtime.state.resolveStateDir()
-    } catch {
-      api.logger.warn('node-dangerous-allowlist: cannot resolve state dir, skipping')
-      return
-    }
-
-    const configPath = path.join(stateDir, 'openclaw.json')
-    let config: Record<string, unknown>
-    try {
-      config = readOpenclawConfig(configPath)
-    } catch {
-      api.logger.warn('node-dangerous-allowlist: failed to read config, skipping')
-      return
-    }
-
-    const gateway = (config.gateway as Record<string, unknown>) ?? {}
-    const nodes = (gateway.nodes as Record<string, unknown>) ?? {}
-    const existing: string[] = Array.isArray(nodes.allowCommands)
-      ? (nodes.allowCommands as string[])
-      : []
-
-    const existingSet = new Set(existing)
-    const toAdd = DANGEROUS_COMMANDS.filter((cmd) => !existingSet.has(cmd))
-
-    if (toAdd.length === 0) {
-      api.logger.info('node-dangerous-allowlist: all commands already allowlisted')
-      return
-    }
-
-    nodes.allowCommands = [...existing, ...toAdd]
-    gateway.nodes = nodes
-    config.gateway = gateway
-
-    try {
-      writeOpenclawConfig(configPath, config)
-    } catch {
-      api.logger.warn('node-dangerous-allowlist: failed to write config')
-      return
-    }
-    api.logger.info(
-      `node-dangerous-allowlist: added ${toAdd.length} commands to allowlist: ${toAdd.join(', ')}`,
-    )
-  })
-}

package/tools/clawly-send-image.ts

@@ -1,228 +0,0 @@
-/**
- * Agent tool: clawly_send_image — send an image to the user.
- *
- * Accepts a URL (https/http) or a local file path (or arrays of either).
- * URLs are downloaded and cached locally. Magic-byte validation ensures
- * only real images are served. Injects a MEDIA:<path> assistant message
- * via chat.inject so the mobile client renders inline images.
- */
-
-import crypto from 'node:crypto'
-import fsp from 'node:fs/promises'
-import path from 'node:path'
-
-import {fileTypeFromBuffer, fileTypeFromFile} from 'file-type'
-
-import {injectAssistantMessage, resolveSessionKey} from '../gateway/inject'
-import type {PluginApi} from '../types'
-
-const TOOL_NAME = 'clawly_send_image'
-const MAX_DOWNLOAD_BYTES = 50 * 1024 * 1024 // 50 MB
-
-const parameters: Record<string, unknown> = {
-  type: 'object',
-  required: ['source'],
-  properties: {
-    source: {
-      oneOf: [
-        {type: 'string', description: 'Image URL (https://...) or local file path'},
-        {
-          type: 'array',
-          items: {type: 'string'},
-          description: 'Array of image URLs or local file paths',
-        },
-      ],
-    },
-    caption: {type: 'string', description: 'Optional caption text'},
-  },
-}
-
-// ── Image MIME allowlist (aligned with expo-image, excluding SVG) ────
-
-const IMAGE_MIMES = new Set([
-  'image/jpeg',
-  'image/png',
-  'image/apng',
-  'image/gif',
-  'image/webp',
-  'image/avif',
-  'image/heic',
-  'image/bmp',
-  'image/x-icon',
-])
-
-// ── Helpers ──────────────────────────────────────────────────────────
-
-function downloadsDir(api: PluginApi): string {
-  return path.join(api.runtime.state.resolveStateDir(), 'clawly', 'downloads')
-}
-
-function extFromUrl(url: string): string {
-  try {
-    const pathname = new URL(url).pathname
-    const ext = path.extname(pathname).toLowerCase()
-    if (
-      ext &&
-      ['.jpg', '.jpeg', '.png', '.gif', '.webp', '.bmp', '.avif', '.heic', '.ico'].includes(ext)
-    )
-      return ext
-  } catch {}
-  return '.jpg'
-}
-
-function localPath(source: string, ext: string, api: PluginApi): string {
-  const hash = crypto.createHash('sha256').update(source).digest('hex')
-  return path.join(downloadsDir(api), `${hash}${ext}`)
-}
-
-async function fileExists(p: string): Promise<boolean> {
-  try {
-    await fsp.access(p)
-    return true
-  } catch {
-    return false
-  }
-}
-
-function formatMediaMessage(filePaths: string[], caption?: string): string {
-  const parts: string[] = []
-  if (caption) parts.push(caption)
-  for (const p of filePaths) parts.push(`MEDIA:${p}`)
-  return parts.join('\n')
-}
-
-// ── Download ─────────────────────────────────────────────────────────
-
-/** Downloads an image, validates it, and saves with the detected extension. Returns the final path or throws. */
-const DOWNLOAD_TIMEOUT_MS = 30_000
-
-async function downloadImage(url: string, api: PluginApi): Promise<string> {
-  const dir = downloadsDir(api)
-  await fsp.mkdir(dir, {recursive: true})
-
-  const controller = new AbortController()
-  const timeout = setTimeout(() => controller.abort(), DOWNLOAD_TIMEOUT_MS)
-  try {
-    const res = await fetch(url, {redirect: 'follow', signal: controller.signal})
-    if (!res.ok) throw new Error(`download failed: HTTP ${res.status}`)
-
-    const contentLength = res.headers.get('content-length')
-    if (contentLength && Number(contentLength) > MAX_DOWNLOAD_BYTES) {
-      throw new Error(`file too large (${contentLength} bytes, max ${MAX_DOWNLOAD_BYTES})`)
-    }
-
-    const chunks: Uint8Array[] = []
-    let totalSize = 0
-    const reader = res.body?.getReader()
-    if (!reader) throw new Error('no response body')
-
-    while (true) {
-      const {done, value} = await reader.read()
-      if (done) break
-      totalSize += value.byteLength
-      if (totalSize > MAX_DOWNLOAD_BYTES) {
-        reader.cancel()
-        throw new Error(`file too large (exceeded ${MAX_DOWNLOAD_BYTES} bytes)`)
-      }
-      chunks.push(value)
-    }
-
-    const buffer = Buffer.concat(chunks)
-
-    const type = await fileTypeFromBuffer(buffer)
-    if (!type || !IMAGE_MIMES.has(type.mime)) {
-      throw new Error('downloaded file is not a recognized image format')
-    }
-
-    const dest = localPath(url, `.${type.ext}`, api)
-    await fsp.writeFile(dest, buffer)
-    api.logger.info(`${TOOL_NAME}: downloaded ${url} -> ${dest} (${buffer.length} bytes)`)
-    return dest
-  } finally {
-    clearTimeout(timeout)
-  }
-}
-
-// ── Tool registration ────────────────────────────────────────────────
-
-export function registerSendImageTool(api: PluginApi) {
-  api.registerTool({
-    name: TOOL_NAME,
-    description:
-      'Send one or more images to the user. Accepts a single URL/path or an array of URLs/paths. Images are displayed inline in the chat.',
-    parameters,
-    async execute(_toolCallId, params) {
-      // Normalize source to string[]
-      let sources: string[]
-      if (typeof params.source === 'string') {
-        sources = [params.source.trim()]
-      } else if (Array.isArray(params.source)) {
-        sources = params.source
-          .filter((s): s is string => typeof s === 'string')
-          .map((s) => s.trim())
-          .filter(Boolean)
-      } else {
-        sources = []
-      }
-
-      if (sources.length === 0) {
-        return {content: [{type: 'text', text: JSON.stringify({error: 'source is required'})}]}
-      }
-
-      const caption = typeof params.caption === 'string' ? params.caption.trim() : undefined
-
-      const resolveSource = async (source: string): Promise<string> => {
-        if (source.startsWith('https://') || source.startsWith('http://')) {
-          // Check cache with URL-derived extension (best guess)
-          const guessExt = extFromUrl(source)
-          const cached = localPath(source, guessExt, api)
-          if (await fileExists(cached)) {
-            api.logger.info(`${TOOL_NAME}: serving cached ${cached}`)
-            return cached
-          }
-
-          return await downloadImage(source, api)
-        }
-
-        // Local file source
-        if (!(await fileExists(source))) {
-          throw new Error(`${source}: file not found`)
-        }
-
-        const type = await fileTypeFromFile(source)
-        if (!type || !IMAGE_MIMES.has(type.mime)) {
-          throw new Error(`${source}: not a recognized image format`)
-        }
-
-        // Copy to downloads dir so the outbound endpoint can serve it
-        const dest = localPath(source, `.${type.ext}`, api)
-        if (!(await fileExists(dest))) {
-          const dir = path.dirname(dest)
-          await fsp.mkdir(dir, {recursive: true})
-          await fsp.copyFile(source, dest)
-        }
-        return dest
-      }
-
-      try {
-        const resolved = await Promise.all(sources.map(resolveSource))
-
-        // Inject MEDIA: lines as an assistant message so they appear in the chat
-        const mediaMessage = formatMediaMessage(resolved, caption)
-        const sessionKey = await resolveSessionKey('clawly', api)
-        await injectAssistantMessage({sessionKey, message: mediaMessage}, api)
-        api.logger.info(`${TOOL_NAME}: injected ${resolved.length} image(s) into session`)
-
-        return {
-          content: [{type: 'text', text: JSON.stringify({sent: true, count: resolved.length})}],
-        }
-      } catch (err) {
-        const msg = err instanceof Error ? err.message : String(err)
-        api.logger.error(`${TOOL_NAME}: ${msg}`)
-        return {content: [{type: 'text', text: JSON.stringify({error: msg})}]}
-      }
-    },
-  })
-
-  api.logger.info(`tool: registered ${TOOL_NAME} agent tool`)
-}