@agenshield/daemon 0.4.2 → 0.4.4

package/index.js

@@ -4986,7 +4986,7 @@ async function agencoRoutes(app) {
 // libs/shield-daemon/src/routes/skills.ts
 import * as fs13 from "node:fs";
 import * as path12 from "node:path";
-import { execSync as execSync7 } from "node:child_process";
+import { execSync as execSync8 } from "node:child_process";
 import { parseSkillMd } from "@agenshield/sandbox";
 
 // libs/shield-daemon/src/services/skill-analyzer.ts
@@ -5269,6 +5269,7 @@ function removeSkillPolicy(name) {
 // libs/shield-daemon/src/services/openclaw-config.ts
 import * as fs11 from "node:fs";
 import * as path10 from "node:path";
+import { execSync as execSync7 } from "node:child_process";
 function getOpenClawConfigPath() {
   const agentHome = process.env["AGENSHIELD_AGENT_HOME"] || "/Users/ash_default_agent";
   return path10.join(agentHome, ".openclaw", "openclaw.json");
@@ -5286,7 +5287,16 @@ function readConfig() {
 }
 function writeConfig(config) {
   const configPath = getOpenClawConfigPath();
+  fs11.mkdirSync(path10.dirname(configPath), { recursive: true });
   fs11.writeFileSync(configPath, JSON.stringify(config, null, 2), "utf-8");
+  const agentHome = process.env["AGENSHIELD_AGENT_HOME"] || "/Users/ash_default_agent";
+  const brokerUser = path10.basename(agentHome) + "_broker";
+  const socketGroup = process.env["AGENSHIELD_SOCKET_GROUP"] || "clawshield";
+  try {
+    execSync7(`chown ${brokerUser}:${socketGroup} "${configPath}"`, { stdio: "pipe" });
+    execSync7(`chmod 664 "${configPath}"`, { stdio: "pipe" });
+  } catch {
+  }
 }
 function addSkillEntry(slug, env) {
   const config = readConfig();
@@ -5740,23 +5750,45 @@ async function getCachedAnalysis2(skillName, publisher) {
 }
 
 // libs/shield-daemon/src/routes/skills.ts
+function readSkillDescription(skillDir) {
+  try {
+    const skillMdPath = path12.join(skillDir, "SKILL.md");
+    if (!fs13.existsSync(skillMdPath)) return void 0;
+    const content = fs13.readFileSync(skillMdPath, "utf-8");
+    const parsed = parseSkillMd(content);
+    return parsed?.metadata?.description ?? void 0;
+  } catch {
+    return void 0;
+  }
+}
 async function skillsRoutes(app) {
   app.get("/skills", async (_request, reply) => {
     const approved = listApproved();
     const quarantined = listQuarantined();
     const downloaded = listDownloadedSkills();
+    const skillsDir2 = getSkillsDir();
     const approvedNames = new Set(approved.map((a) => a.name));
     const availableDownloads = downloaded.filter((d) => !approvedNames.has(d.slug));
-    const skillsDir2 = getSkillsDir();
+    const quarantinedNames = new Set(quarantined.map((q) => q.name));
+    let onDiskNames = [];
+    if (skillsDir2) {
+      try {
+        onDiskNames = fs13.readdirSync(skillsDir2, { withFileTypes: true }).filter((d) => d.isDirectory()).map((d) => d.name);
+      } catch {
+      }
+    }
+    const workspaceNames = onDiskNames.filter(
+      (n) => !approvedNames.has(n) && !quarantinedNames.has(n)
+    );
     const data = [
-      // Approved → active
+      // Approved → active (with descriptions from SKILL.md)
       ...approved.map((a) => ({
         name: a.name,
         source: "user",
         status: "active",
         path: path12.join(skillsDir2 ?? "", a.name),
         publisher: a.publisher,
-        description: void 0
+        description: skillsDir2 ? readSkillDescription(path12.join(skillsDir2, a.name)) : void 0
       })),
       // Quarantined
       ...quarantined.map((q) => ({
@@ -5766,6 +5798,14 @@ async function skillsRoutes(app) {
         path: q.originalPath,
         description: void 0
       })),
+      // Workspace: on disk but not approved or quarantined
+      ...workspaceNames.map((name) => ({
+        name,
+        source: "workspace",
+        status: "workspace",
+        path: path12.join(skillsDir2 ?? "", name),
+        description: skillsDir2 ? readSkillDescription(path12.join(skillsDir2, name)) : void 0
+      })),
       // Downloaded (not installed) → available
       ...availableDownloads.map((d) => ({
         name: d.slug,
@@ -5916,8 +5956,8 @@ async function skillsRoutes(app) {
             fs13.writeFileSync(filePath, file.content, "utf-8");
           }
           try {
-            execSync7(`chown -R root:${socketGroup} "${skillDir}"`, { stdio: "pipe" });
-            execSync7(`chmod -R a+rX,go-w "${skillDir}"`, { stdio: "pipe" });
+            execSync8(`chown -R root:${socketGroup} "${skillDir}"`, { stdio: "pipe" });
+            execSync8(`chmod -R a+rX,go-w "${skillDir}"`, { stdio: "pipe" });
           } catch {
           }
           createSkillWrapper(name, binDir);
@@ -5978,8 +6018,8 @@ async function skillsRoutes(app) {
           fs13.writeFileSync(filePath, file.content, "utf-8");
         }
         try {
-          execSync7(`chown -R root:${socketGroup} "${skillDir}"`, { stdio: "pipe" });
-          execSync7(`chmod -R a+rX,go-w "${skillDir}"`, { stdio: "pipe" });
+          execSync8(`chown -R root:${socketGroup} "${skillDir}"`, { stdio: "pipe" });
+          execSync8(`chmod -R a+rX,go-w "${skillDir}"`, { stdio: "pipe" });
         } catch {
         }
         createSkillWrapper(name, binDir);
@@ -7015,8 +7055,6 @@ async function marketplaceRoutes(app) {
         if (brokerResult.wrapperPath) {
           logs.push(`Wrapper created: ${brokerResult.wrapperPath}`);
         }
-        addSkillEntry(slug);
-        logs.push("Config entry added");
         addSkillPolicy(slug);
         logs.push("Policy rule added");
         emitSkillInstallProgress(slug, "local_analysis", "Running local analysis");
@@ -7091,6 +7129,120 @@ async function fsRoutes(app) {
   });
 }
 
+// libs/shield-daemon/src/services/activity-log.ts
+import * as fs17 from "node:fs";
+import * as path16 from "node:path";
+var ACTIVITY_FILE = "activity.jsonl";
+var MAX_SIZE_BYTES = 100 * 1024 * 1024;
+var MAX_AGE_MS = 24 * 60 * 60 * 1e3;
+var PRUNE_INTERVAL = 1e3;
+var instance = null;
+function getActivityLog() {
+  if (!instance) {
+    instance = new ActivityLog();
+  }
+  return instance;
+}
+var ActivityLog = class {
+  filePath;
+  writeCount = 0;
+  unsubscribe;
+  constructor() {
+    this.filePath = path16.join(getConfigDir(), ACTIVITY_FILE);
+  }
+  /** Read historical events from the JSONL file, newest first */
+  getHistory(limit = 500) {
+    if (!fs17.existsSync(this.filePath)) return [];
+    const content = fs17.readFileSync(this.filePath, "utf-8");
+    const lines = content.split("\n").filter(Boolean);
+    const events = [];
+    for (const line of lines) {
+      try {
+        const evt = JSON.parse(line);
+        if (evt.type === "heartbeat") continue;
+        events.push(evt);
+      } catch {
+      }
+    }
+    events.reverse();
+    return events.slice(0, limit);
+  }
+  start() {
+    this.pruneOldEntries();
+    this.unsubscribe = daemonEvents.subscribe((event) => {
+      this.append(event);
+    });
+  }
+  stop() {
+    this.unsubscribe?.();
+  }
+  append(event) {
+    const line = JSON.stringify(event) + "\n";
+    fs17.appendFileSync(this.filePath, line, "utf-8");
+    this.writeCount++;
+    if (this.writeCount % PRUNE_INTERVAL === 0) {
+      this.rotate();
+    }
+  }
+  rotate() {
+    try {
+      const stat = fs17.statSync(this.filePath);
+      if (stat.size > MAX_SIZE_BYTES) {
+        this.truncateBySize();
+      }
+    } catch {
+    }
+    this.pruneOldEntries();
+  }
+  /** Keep newest half of lines when file exceeds size limit */
+  truncateBySize() {
+    const content = fs17.readFileSync(this.filePath, "utf-8");
+    const lines = content.split("\n").filter(Boolean);
+    const keep = lines.slice(Math.floor(lines.length / 2));
+    fs17.writeFileSync(this.filePath, keep.join("\n") + "\n", "utf-8");
+  }
+  /** Remove entries older than 24 hours */
+  pruneOldEntries() {
+    if (!fs17.existsSync(this.filePath)) return;
+    const content = fs17.readFileSync(this.filePath, "utf-8");
+    const lines = content.split("\n").filter(Boolean);
+    const cutoff = Date.now() - MAX_AGE_MS;
+    const kept = lines.filter((line) => {
+      try {
+        const evt = JSON.parse(line);
+        return new Date(evt.timestamp).getTime() >= cutoff;
+      } catch {
+        return false;
+      }
+    });
+    if (kept.length < lines.length) {
+      fs17.writeFileSync(this.filePath, kept.join("\n") + "\n", "utf-8");
+    }
+  }
+};
+
+// libs/shield-daemon/src/routes/activity.ts
+async function activityRoutes(app) {
+  app.get(
+    "/activity",
+    async (request) => {
+      const authenticated = isAuthenticated(request);
+      const raw = Number(request.query.limit) || 500;
+      const limit = Math.min(Math.max(raw, 1), 1e4);
+      const events = getActivityLog().getHistory(limit);
+      if (authenticated) {
+        return { data: events };
+      }
+      const stripped = events.map((e) => ({
+        type: e.type,
+        timestamp: e.timestamp,
+        data: {}
+      }));
+      return { data: stripped };
+    }
+  );
+}
+
 // libs/shield-daemon/src/routes/rpc.ts
 function globToRegex(pattern) {
   const regexPattern = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*\*/g, "{{GLOBSTAR}}").replace(/\*/g, "[^/]*").replace(/\?/g, ".").replace(/{{GLOBSTAR}}/g, ".*");
@@ -7289,7 +7441,7 @@ async function registerRoutes(app) {
   });
   app.addHook("onResponse", (request, reply, done) => {
     if (!request.url.startsWith("/sse") && !request.url.startsWith("/rpc") && !request.url.includes(".") && !request.url.endsWith("/health")) {
-      if (request.method === "GET" && request.url.startsWith("/api/status") && reply.statusCode === 200) {
+      if (request.method === "GET" && (request.url.startsWith("/api/status") || request.url.startsWith("/api/activity")) && reply.statusCode === 200) {
         done();
         return;
       }
@@ -7342,28 +7494,29 @@ async function registerRoutes(app) {
       await api.register(secretsRoutes);
       await api.register(marketplaceRoutes);
       await api.register(fsRoutes);
+      await api.register(activityRoutes);
     },
     { prefix: API_PREFIX }
   );
 }
 
 // libs/shield-daemon/src/static.ts
-import * as fs17 from "node:fs";
-import * as path16 from "node:path";
+import * as fs18 from "node:fs";
+import * as path17 from "node:path";
 import { fileURLToPath as fileURLToPath2 } from "node:url";
 var __filename = fileURLToPath2(import.meta.url);
-var __dirname = path16.dirname(__filename);
+var __dirname = path17.dirname(__filename);
 function getUiAssetsPath() {
-  const pkgRootPath = path16.join(__dirname, "..", "ui-assets");
-  if (fs17.existsSync(pkgRootPath)) {
+  const pkgRootPath = path17.join(__dirname, "..", "ui-assets");
+  if (fs18.existsSync(pkgRootPath)) {
     return pkgRootPath;
   }
-  const bundledPath = path16.join(__dirname, "ui-assets");
-  if (fs17.existsSync(bundledPath)) {
+  const bundledPath = path17.join(__dirname, "ui-assets");
+  if (fs18.existsSync(bundledPath)) {
     return bundledPath;
   }
-  const devPath = path16.join(__dirname, "..", "..", "..", "dist", "apps", "shield-ui");
-  if (fs17.existsSync(devPath)) {
+  const devPath = path17.join(__dirname, "..", "..", "..", "dist", "apps", "shield-ui");
+  if (fs18.existsSync(devPath)) {
     return devPath;
   }
   return null;
@@ -7422,74 +7575,6 @@ function stopSecurityWatcher() {
   }
 }
 
-// libs/shield-daemon/src/services/activity-log.ts
-import * as fs18 from "node:fs";
-import * as path17 from "node:path";
-var ACTIVITY_FILE = "activity.jsonl";
-var MAX_SIZE_BYTES = 100 * 1024 * 1024;
-var MAX_AGE_MS = 24 * 60 * 60 * 1e3;
-var PRUNE_INTERVAL = 1e3;
-var ActivityLog = class {
-  filePath;
-  writeCount = 0;
-  unsubscribe;
-  constructor() {
-    this.filePath = path17.join(getConfigDir(), ACTIVITY_FILE);
-  }
-  start() {
-    this.pruneOldEntries();
-    this.unsubscribe = daemonEvents.subscribe((event) => {
-      this.append(event);
-    });
-  }
-  stop() {
-    this.unsubscribe?.();
-  }
-  append(event) {
-    const line = JSON.stringify(event) + "\n";
-    fs18.appendFileSync(this.filePath, line, "utf-8");
-    this.writeCount++;
-    if (this.writeCount % PRUNE_INTERVAL === 0) {
-      this.rotate();
-    }
-  }
-  rotate() {
-    try {
-      const stat = fs18.statSync(this.filePath);
-      if (stat.size > MAX_SIZE_BYTES) {
-        this.truncateBySize();
-      }
-    } catch {
-    }
-    this.pruneOldEntries();
-  }
-  /** Keep newest half of lines when file exceeds size limit */
-  truncateBySize() {
-    const content = fs18.readFileSync(this.filePath, "utf-8");
-    const lines = content.split("\n").filter(Boolean);
-    const keep = lines.slice(Math.floor(lines.length / 2));
-    fs18.writeFileSync(this.filePath, keep.join("\n") + "\n", "utf-8");
-  }
-  /** Remove entries older than 24 hours */
-  pruneOldEntries() {
-    if (!fs18.existsSync(this.filePath)) return;
-    const content = fs18.readFileSync(this.filePath, "utf-8");
-    const lines = content.split("\n").filter(Boolean);
-    const cutoff = Date.now() - MAX_AGE_MS;
-    const kept = lines.filter((line) => {
-      try {
-        const evt = JSON.parse(line);
-        return new Date(evt.timestamp).getTime() >= cutoff;
-      } catch {
-        return false;
-      }
-    });
-    if (kept.length < lines.length) {
-      fs18.writeFileSync(this.filePath, kept.join("\n") + "\n", "utf-8");
-    }
-  }
-};
-
 // libs/shield-daemon/src/server.ts
 async function createServer(config) {
   const app = Fastify({
@@ -7528,7 +7613,7 @@ async function startServer(config) {
     onQuarantined: (info) => emitSkillQuarantined(info.name, info.reason),
     onApproved: (name) => emitSkillApproved(name)
   }, 3e4);
-  const activityLog = new ActivityLog();
+  const activityLog = getActivityLog();
   activityLog.start();
   try {
     const vault = getVault();