@agent-vm/agent-vm 0.0.96 → 0.0.98
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/build-command.d.ts +3 -0
- package/dist/cli/build-command.d.ts.map +1 -1
- package/dist/cli/build-command.js +72 -0
- package/dist/cli/build-command.js.map +1 -1
- package/dist/cli/commands/build-definition.d.ts +2 -0
- package/dist/cli/commands/build-definition.d.ts.map +1 -1
- package/dist/cli/commands/build-definition.js +6 -1
- package/dist/cli/commands/build-definition.js.map +1 -1
- package/dist/cli/commands/controller-definition.d.ts +20 -20
- package/dist/cli/commands/create-app.d.ts +22 -20
- package/dist/cli/commands/create-app.d.ts.map +1 -1
- package/dist/cli/manual-templates.d.ts.map +1 -1
- package/dist/cli/manual-templates.js +34 -9
- package/dist/cli/manual-templates.js.map +1 -1
- package/dist/config/system-config.d.ts +119 -3
- package/dist/config/system-config.d.ts.map +1 -1
- package/dist/config/system-config.js +328 -11
- package/dist/config/system-config.js.map +1 -1
- package/dist/controller/controller-runtime-types.d.ts +3 -0
- package/dist/controller/controller-runtime-types.d.ts.map +1 -1
- package/dist/controller/controller-runtime.d.ts.map +1 -1
- package/dist/controller/controller-runtime.js +93 -22
- package/dist/controller/controller-runtime.js.map +1 -1
- package/dist/controller/zone-runtimes/openclaw-zone-runtime.d.ts +1 -0
- package/dist/controller/zone-runtimes/openclaw-zone-runtime.d.ts.map +1 -1
- package/dist/controller/zone-runtimes/openclaw-zone-runtime.js +4 -0
- package/dist/controller/zone-runtimes/openclaw-zone-runtime.js.map +1 -1
- package/dist/controller/zone-runtimes/zone-runtime-types.d.ts +1 -0
- package/dist/controller/zone-runtimes/zone-runtime-types.d.ts.map +1 -1
- package/dist/gateway/credential-manager.d.ts +1 -0
- package/dist/gateway/credential-manager.d.ts.map +1 -1
- package/dist/gateway/credential-manager.js +14 -1
- package/dist/gateway/credential-manager.js.map +1 -1
- package/dist/gateway/gateway-zone-orchestrator.d.ts +3 -1
- package/dist/gateway/gateway-zone-orchestrator.d.ts.map +1 -1
- package/dist/gateway/gateway-zone-orchestrator.js +70 -3
- package/dist/gateway/gateway-zone-orchestrator.js.map +1 -1
- package/dist/gateway/gateway-zone-support.d.ts +5 -1
- package/dist/gateway/gateway-zone-support.d.ts.map +1 -1
- package/dist/gateway/gateway-zone-support.js +35 -1
- package/dist/gateway/gateway-zone-support.js.map +1 -1
- package/dist/observability/observability-compose.d.ts +24 -0
- package/dist/observability/observability-compose.d.ts.map +1 -0
- package/dist/observability/observability-compose.js +144 -0
- package/dist/observability/observability-compose.js.map +1 -0
- package/dist/observability/observability-config.d.ts +62 -0
- package/dist/observability/observability-config.d.ts.map +1 -0
- package/dist/observability/observability-config.js +60 -0
- package/dist/observability/observability-config.js.map +1 -0
- package/dist/observability/observability-lifecycle.d.ts +27 -0
- package/dist/observability/observability-lifecycle.d.ts.map +1 -0
- package/dist/observability/observability-lifecycle.js +101 -0
- package/dist/observability/observability-lifecycle.js.map +1 -0
- package/dist/observability/observability-readiness.d.ts +17 -0
- package/dist/observability/observability-readiness.d.ts.map +1 -0
- package/dist/observability/observability-readiness.js +141 -0
- package/dist/observability/observability-readiness.js.map +1 -0
- package/dist/observability/otel-collector-config.d.ts +70 -0
- package/dist/observability/otel-collector-config.d.ts.map +1 -0
- package/dist/observability/otel-collector-config.js +179 -0
- package/dist/observability/otel-collector-config.js.map +1 -0
- package/dist/operations/agent-secret-access-checks.d.ts +8 -0
- package/dist/operations/agent-secret-access-checks.d.ts.map +1 -0
- package/dist/operations/agent-secret-access-checks.js +35 -0
- package/dist/operations/agent-secret-access-checks.js.map +1 -0
- package/dist/operations/config-validation.d.ts.map +1 -1
- package/dist/operations/config-validation.js +2 -0
- package/dist/operations/config-validation.js.map +1 -1
- package/dist/operations/doctor.d.ts.map +1 -1
- package/dist/operations/doctor.js +22 -1
- package/dist/operations/doctor.js.map +1 -1
- package/dist/tool-vm/tool-vm-lifecycle.d.ts +1 -0
- package/dist/tool-vm/tool-vm-lifecycle.d.ts.map +1 -1
- package/dist/tool-vm/tool-vm-lifecycle.js +6 -0
- package/dist/tool-vm/tool-vm-lifecycle.js.map +1 -1
- package/dist/tool-vm/tool-vm-secret-selection.d.ts +16 -0
- package/dist/tool-vm/tool-vm-secret-selection.d.ts.map +1 -0
- package/dist/tool-vm/tool-vm-secret-selection.js +47 -0
- package/dist/tool-vm/tool-vm-secret-selection.js.map +1 -0
- package/package.json +11 -11
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"manual-templates.js","sourceRoot":"","sources":["../../src/cli/manual-templates.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,uBAAuB,GAAG,oDAAoD,CAAC;AAY5F,SAAS,aAAa,CAAC,KAAa,EAAE,IAAY;IACjD,OAAO,QAAQ,uBAAuB;;IAEnC,KAAK;;EAEP,IAAI,CAAC,IAAI,EAAE;CACZ,CAAC;AACF,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,OAA8B;IACxE,OAAO,aAAa,CACnB,oBAAoB,EACpB;;;;mBAIiB,OAAO,CAAC,gBAAgB;kBACzB,OAAO,CAAC,aAAa
|
|
1
|
+
{"version":3,"file":"manual-templates.js","sourceRoot":"","sources":["../../src/cli/manual-templates.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,uBAAuB,GAAG,oDAAoD,CAAC;AAY5F,SAAS,aAAa,CAAC,KAAa,EAAE,IAAY;IACjD,OAAO,QAAQ,uBAAuB;;IAEnC,KAAK;;EAEP,IAAI,CAAC,IAAI,EAAE;CACZ,CAAC;AACF,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,OAA8B;IACxE,OAAO,aAAa,CACnB,oBAAoB,EACpB;;;;mBAIiB,OAAO,CAAC,gBAAgB;kBACzB,OAAO,CAAC,aAAa;;;;;;;;;;;;;;;;CAgBtC,CACC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,wBAAwB,CACvC,OAA8B;IAE9B,OAAO;QACN;YACC,YAAY,EAAE,uBAAuB;YACrC,OAAO,EAAE,aAAa,CACrB,4BAA4B,EAC5B;;;;;;;;;;;;;;;;;;;;;CAqBH,CACG;SACD;QACD;YACC,YAAY,EAAE,uBAAuB;YACrC,OAAO,EAAE,aAAa,CACrB,kBAAkB,EAClB;EACF,OAAO,CAAC,gBAAgB;;;;;;;;;;;;;;;;;CAiBzB,CACG;SACD;QACD;YACC,YAAY,EAAE,iCAAiC;YAC/C,OAAO,EAAE,aAAa,CACrB,kBAAkB,EAClB;;;;;;;;;;;;;;;;;;;;CAoBH,CACG;SACD;QACD;YACC,YAAY,EAAE,+BAA+B;YAC7C,OAAO,EAAE,aAAa,CACrB,kCAAkC,EAClC;;;;;;;;;;;;;;;;CAgBH,CACG;SACD;QACD;YACC,YAAY,EAAE,2BAA2B;YACzC,OAAO,EAAE,aAAa,CACrB,YAAY,EACZ;;;oCAGgC,OAAO,CAAC,gBAAgB;;;;uCAIrB,OAAO,CAAC,gBAAgB,WAAW,OAAO,CAAC,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAyC9F,CACG;SACD;QACD;YACC,YAAY,EAAE,yBAAyB;YACvC,OAAO,EAAE,aAAa,CACrB,kBAAkB,EAClB;;;;;;;;;;;CAWH,CACG;SACD;QACD;YACC,YAAY,EAAE,8BAA8B;YAC5C,OAAO,EAAE,aAAa,CACrB,oBAAoB,EACpB;4EACwE,OAAO,CAAC,gBAAgB;;;;;;;;;;;;;;;;;CAiBnG,CACG;SACD;QACD;YACC,YAAY,EAAE,gCAAgC;YAC9C,OAAO,EAAE,aAAa,CACrB,6BAA6B,EAC7B;;;;;;;;;;;;;;;EAeF,CACE;SACD;QACD;YACC,YAAY,EAAE,kCAAkC;YAChD,OAAO,EAAE,aAAa,CACrB,mBAAmB,EACnB;;;;;;;;;;;;;;;;;;;;;;;;EAwBF,CACE;SACD;QACD;YACC,YAAY,EAAE,2BAA2B;YACzC,OAAO,EAAE,aAAa,CACrB,YAAY,EACZ;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2BH,CACG;SACD;QACD;YACC,YAAY,EAAE,6BAA6B;YAC3C,OAAO,EAAE,aAAa,CACrB,sBAAsB,EACtB;;;;CAIH,CACG;SACD;QACD;YACC,YAAY,EAAE,wBAAwB;YACtC,OAAO,EAAE,aAAa,CACrB,0BAA0B,EAC1B;0BACsB,OAAO,CAAC,gBAAgB;;;;;;;;;;;;;;CAcjD,CACG;SACD;QACD;YACC,YAAY,EAAE,4BAA4B;YAC1C,OAAO,EAAE,aAAa,CACrB,2BAA2B,EAC3B;;;;;;;;;;;;;;;;;CAiBH,CACG;SACD;QACD;YACC,YAAY,EAAE,yBAAyB;YACvC,OAAO,EAAE,aAAa,CACrB,mBAAmB,EACnB;;;;;6BAKyB,OAAO,CAAC,gBAAgB;;;;;;;;;;;;;;;;CAgBpD,CACG;SACD;QACD;YACC,YAAY,EAAE,8BAA8B;YAC5C,OAAO,EAAE,aAAa,CACrB,eAAe,EACf;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2BH,CACG;SACD;QACD;YACC,YAAY,EAAE,gCAAgC;YAC9C,OAAO,EAAE,aAAa,CACrB,iBAAiB,EACjB;;;;;;;;;;;;;;;;CAgBH,CACG;SACD;QACD;YACC,YAAY,EAAE,kCAAkC;YAChD,OAAO,EAAE,aAAa,CACrB,mBAAmB,EACnB;;;;;+BAK2B,OAAO,CAAC,gBAAgB;;;;;CAKtD,CACG;SACD;QACD;YACC,YAAY,EAAE,gCAAgC;YAC9C,OAAO,EAAE,aAAa,CACrB,iBAAiB,EACjB;;;;;;;;;;;CAWH,CACG;SACD;KACD,CAAC;AACH,CAAC"}
|
|
@@ -28,6 +28,87 @@ declare const systemConfigSchema: z.ZodObject<{
|
|
|
28
28
|
source: z.ZodLiteral<"config">;
|
|
29
29
|
value: z.ZodString;
|
|
30
30
|
}, z.core.$strict>], "source">>;
|
|
31
|
+
observability: z.ZodOptional<z.ZodUnion<readonly [z.ZodObject<{
|
|
32
|
+
enabled: z.ZodLiteral<false>;
|
|
33
|
+
}, z.core.$strict>, z.ZodObject<{
|
|
34
|
+
stack: z.ZodDefault<z.ZodObject<{
|
|
35
|
+
mode: z.ZodDefault<z.ZodLiteral<"managed">>;
|
|
36
|
+
scrubbing: z.ZodDefault<z.ZodObject<{
|
|
37
|
+
responsibility: z.ZodDefault<z.ZodLiteral<"agent-vm-managed-collector">>;
|
|
38
|
+
}, z.core.$strict>>;
|
|
39
|
+
}, z.core.$strict>>;
|
|
40
|
+
runner: z.ZodDefault<z.ZodLiteral<"docker-compose">>;
|
|
41
|
+
dataDir: z.ZodString;
|
|
42
|
+
projectName: z.ZodOptional<z.ZodString>;
|
|
43
|
+
retention: z.ZodObject<{
|
|
44
|
+
metrics: z.ZodObject<{
|
|
45
|
+
period: z.ZodString;
|
|
46
|
+
minFreeDiskSpaceBytes: z.ZodOptional<z.ZodString>;
|
|
47
|
+
}, z.core.$strict>;
|
|
48
|
+
logs: z.ZodObject<{
|
|
49
|
+
period: z.ZodString;
|
|
50
|
+
minFreeDiskSpaceBytes: z.ZodOptional<z.ZodString>;
|
|
51
|
+
maxDiskSpaceUsageBytes: z.ZodOptional<z.ZodString>;
|
|
52
|
+
}, z.core.$strict>;
|
|
53
|
+
traces: z.ZodObject<{
|
|
54
|
+
period: z.ZodString;
|
|
55
|
+
minFreeDiskSpaceBytes: z.ZodOptional<z.ZodString>;
|
|
56
|
+
maxDiskSpaceUsageBytes: z.ZodOptional<z.ZodString>;
|
|
57
|
+
maxDiskUsagePercent: z.ZodOptional<z.ZodNumber>;
|
|
58
|
+
}, z.core.$strict>;
|
|
59
|
+
}, z.core.$strict>;
|
|
60
|
+
enabled: z.ZodLiteral<true>;
|
|
61
|
+
mode: z.ZodDefault<z.ZodLiteral<"collector">>;
|
|
62
|
+
bindAddress: z.ZodDefault<z.ZodEnum<{
|
|
63
|
+
"127.0.0.1": "127.0.0.1";
|
|
64
|
+
"::1": "::1";
|
|
65
|
+
}>>;
|
|
66
|
+
prepareOnBuild: z.ZodDefault<z.ZodBoolean>;
|
|
67
|
+
waitOnBuild: z.ZodDefault<z.ZodBoolean>;
|
|
68
|
+
startupCheckTimeoutMs: z.ZodDefault<z.ZodNumber>;
|
|
69
|
+
ports: z.ZodDefault<z.ZodObject<{
|
|
70
|
+
collectorGrpc: z.ZodDefault<z.ZodNumber>;
|
|
71
|
+
collectorHttp: z.ZodDefault<z.ZodNumber>;
|
|
72
|
+
collectorHealth: z.ZodDefault<z.ZodNumber>;
|
|
73
|
+
metrics: z.ZodDefault<z.ZodNumber>;
|
|
74
|
+
logs: z.ZodDefault<z.ZodNumber>;
|
|
75
|
+
traces: z.ZodDefault<z.ZodNumber>;
|
|
76
|
+
}, z.core.$strict>>;
|
|
77
|
+
controllerStartPolicy: z.ZodDefault<z.ZodEnum<{
|
|
78
|
+
degraded: "degraded";
|
|
79
|
+
"require-ready": "require-ready";
|
|
80
|
+
off: "off";
|
|
81
|
+
}>>;
|
|
82
|
+
}, z.core.$strict>, z.ZodObject<{
|
|
83
|
+
stack: z.ZodObject<{
|
|
84
|
+
mode: z.ZodLiteral<"external">;
|
|
85
|
+
scrubbing: z.ZodObject<{
|
|
86
|
+
responsibility: z.ZodLiteral<"external-collector">;
|
|
87
|
+
}, z.core.$strict>;
|
|
88
|
+
}, z.core.$strict>;
|
|
89
|
+
enabled: z.ZodLiteral<true>;
|
|
90
|
+
mode: z.ZodDefault<z.ZodLiteral<"collector">>;
|
|
91
|
+
bindAddress: z.ZodDefault<z.ZodEnum<{
|
|
92
|
+
"127.0.0.1": "127.0.0.1";
|
|
93
|
+
"::1": "::1";
|
|
94
|
+
}>>;
|
|
95
|
+
prepareOnBuild: z.ZodDefault<z.ZodBoolean>;
|
|
96
|
+
waitOnBuild: z.ZodDefault<z.ZodBoolean>;
|
|
97
|
+
startupCheckTimeoutMs: z.ZodDefault<z.ZodNumber>;
|
|
98
|
+
ports: z.ZodDefault<z.ZodObject<{
|
|
99
|
+
collectorGrpc: z.ZodDefault<z.ZodNumber>;
|
|
100
|
+
collectorHttp: z.ZodDefault<z.ZodNumber>;
|
|
101
|
+
collectorHealth: z.ZodDefault<z.ZodNumber>;
|
|
102
|
+
metrics: z.ZodDefault<z.ZodNumber>;
|
|
103
|
+
logs: z.ZodDefault<z.ZodNumber>;
|
|
104
|
+
traces: z.ZodDefault<z.ZodNumber>;
|
|
105
|
+
}, z.core.$strict>>;
|
|
106
|
+
controllerStartPolicy: z.ZodDefault<z.ZodEnum<{
|
|
107
|
+
degraded: "degraded";
|
|
108
|
+
"require-ready": "require-ready";
|
|
109
|
+
off: "off";
|
|
110
|
+
}>>;
|
|
111
|
+
}, z.core.$strict>]>>;
|
|
31
112
|
}, z.core.$strip>;
|
|
32
113
|
controller: z.ZodDefault<z.ZodObject<{
|
|
33
114
|
health: z.ZodDefault<z.ZodObject<{
|
|
@@ -214,36 +295,54 @@ declare const systemConfigSchema: z.ZodObject<{
|
|
|
214
295
|
value: z.ZodString;
|
|
215
296
|
injection: z.ZodLiteral<"env">;
|
|
216
297
|
audience: z.ZodLiteral<"gateway">;
|
|
298
|
+
}, z.core.$strict>, z.ZodObject<{
|
|
299
|
+
source: z.ZodLiteral<"1password">;
|
|
300
|
+
ref: z.ZodString;
|
|
301
|
+
injection: z.ZodLiteral<"http-mediation">;
|
|
302
|
+
audience: z.ZodLiteral<"gateway">;
|
|
303
|
+
hosts: z.ZodArray<z.ZodString>;
|
|
217
304
|
}, z.core.$strict>, z.ZodObject<{
|
|
218
305
|
source: z.ZodLiteral<"1password">;
|
|
219
306
|
ref: z.ZodString;
|
|
220
307
|
injection: z.ZodLiteral<"http-mediation">;
|
|
221
308
|
audience: z.ZodEnum<{
|
|
222
|
-
gateway: "gateway";
|
|
223
309
|
"tool-vm": "tool-vm";
|
|
224
310
|
both: "both";
|
|
225
311
|
}>;
|
|
226
312
|
hosts: z.ZodArray<z.ZodString>;
|
|
313
|
+
agentAccess: z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>;
|
|
314
|
+
}, z.core.$strict>, z.ZodObject<{
|
|
315
|
+
source: z.ZodLiteral<"environment">;
|
|
316
|
+
envVar: z.ZodString;
|
|
317
|
+
injection: z.ZodLiteral<"http-mediation">;
|
|
318
|
+
audience: z.ZodLiteral<"gateway">;
|
|
319
|
+
hosts: z.ZodArray<z.ZodString>;
|
|
227
320
|
}, z.core.$strict>, z.ZodObject<{
|
|
228
321
|
source: z.ZodLiteral<"environment">;
|
|
229
322
|
envVar: z.ZodString;
|
|
230
323
|
injection: z.ZodLiteral<"http-mediation">;
|
|
231
324
|
audience: z.ZodEnum<{
|
|
232
|
-
gateway: "gateway";
|
|
233
325
|
"tool-vm": "tool-vm";
|
|
234
326
|
both: "both";
|
|
235
327
|
}>;
|
|
236
328
|
hosts: z.ZodArray<z.ZodString>;
|
|
329
|
+
agentAccess: z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>;
|
|
330
|
+
}, z.core.$strict>, z.ZodObject<{
|
|
331
|
+
source: z.ZodLiteral<"config">;
|
|
332
|
+
value: z.ZodString;
|
|
333
|
+
injection: z.ZodLiteral<"http-mediation">;
|
|
334
|
+
audience: z.ZodLiteral<"gateway">;
|
|
335
|
+
hosts: z.ZodArray<z.ZodString>;
|
|
237
336
|
}, z.core.$strict>, z.ZodObject<{
|
|
238
337
|
source: z.ZodLiteral<"config">;
|
|
239
338
|
value: z.ZodString;
|
|
240
339
|
injection: z.ZodLiteral<"http-mediation">;
|
|
241
340
|
audience: z.ZodEnum<{
|
|
242
|
-
gateway: "gateway";
|
|
243
341
|
"tool-vm": "tool-vm";
|
|
244
342
|
both: "both";
|
|
245
343
|
}>;
|
|
246
344
|
hosts: z.ZodArray<z.ZodString>;
|
|
345
|
+
agentAccess: z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>;
|
|
247
346
|
}, z.core.$strict>]>>;
|
|
248
347
|
runtimeAuthHints: z.ZodOptional<z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
|
|
249
348
|
kind: z.ZodLiteral<"service-token">;
|
|
@@ -252,6 +351,23 @@ declare const systemConfigSchema: z.ZodObject<{
|
|
|
252
351
|
hosts: z.ZodArray<z.ZodString>;
|
|
253
352
|
tools: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
254
353
|
}, z.core.$strict>], "kind">>>;
|
|
354
|
+
observability: z.ZodOptional<z.ZodDiscriminatedUnion<[z.ZodObject<{
|
|
355
|
+
enabled: z.ZodLiteral<false>;
|
|
356
|
+
}, z.core.$strict>, z.ZodObject<{
|
|
357
|
+
enabled: z.ZodLiteral<true>;
|
|
358
|
+
openclaw: z.ZodObject<{
|
|
359
|
+
serviceName: z.ZodString;
|
|
360
|
+
traces: z.ZodDefault<z.ZodBoolean>;
|
|
361
|
+
metrics: z.ZodDefault<z.ZodBoolean>;
|
|
362
|
+
logs: z.ZodDefault<z.ZodBoolean>;
|
|
363
|
+
sampleRate: z.ZodDefault<z.ZodNumber>;
|
|
364
|
+
flushIntervalMs: z.ZodDefault<z.ZodNumber>;
|
|
365
|
+
captureContent: z.ZodDefault<z.ZodObject<{
|
|
366
|
+
enabled: z.ZodDefault<z.ZodLiteral<false>>;
|
|
367
|
+
}, z.core.$strict>>;
|
|
368
|
+
diagnosticsFlags: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
369
|
+
}, z.core.$strict>;
|
|
370
|
+
}, z.core.$strict>], "enabled">>;
|
|
255
371
|
egressHosts: z.ZodArray<z.ZodObject<{
|
|
256
372
|
host: z.ZodString;
|
|
257
373
|
audience: z.ZodEnum<{
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"system-config.d.ts","sourceRoot":"","sources":["../../src/config/system-config.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAOxB,eAAO,MAAM,aAAa,aAMxB,CAAC;AACH,eAAO,MAAM,YAAY,aAMvB,CAAC;
|
|
1
|
+
{"version":3,"file":"system-config.d.ts","sourceRoot":"","sources":["../../src/config/system-config.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAOxB,eAAO,MAAM,aAAa,aAMxB,CAAC;AACH,eAAO,MAAM,YAAY,aAMvB,CAAC;AAiuBH,QAAA,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAgdrB,CAAC;AAEJ,KAAK,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAO7D,MAAM,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,EAAE,YAAY,CAAC,GAAG;IACnE,QAAQ,CAAC,UAAU,CAAC,EAAE,kBAAkB,CAAC,YAAY,CAAC,CAAC;CACvD,CAAC;AACF,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEnE,eAAO,MAAM,oBAAoB,sBAAsB,CAAC;AAExD,wBAAgB,gCAAgC,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAK1E;AAED,MAAM,MAAM,sBAAsB,GAAG,kBAAkB,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,CAAC;AAEhF,MAAM,MAAM,kBAAkB,GAAG,YAAY,GAAG;IAC/C,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;CAClC,CAAC;AAEF,wBAAgB,6BAA6B,CAAC,MAAM,EAAE;IACrD,QAAQ,CAAC,UAAU,CAAC,EAAE,kBAAkB,CAAC,YAAY,CAAC,CAAC;CACvD,GAAG,sBAAsB,CAEzB;AA2DD,wBAAgB,wBAAwB,CACvC,MAAM,EAAE,iBAAiB,EACzB,OAAO,EAAE;IAAE,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAA;CAAE,GAC5C,kBAAkB,CAOpB;AAkHD,wBAAsB,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAQtF"}
|
|
@@ -32,6 +32,8 @@ function hostMatchesPattern(host, pattern) {
|
|
|
32
32
|
return patternRegex.test(host.toLowerCase());
|
|
33
33
|
}
|
|
34
34
|
const vmAudienceSchema = z.enum(vmAudienceValues);
|
|
35
|
+
const toolVmReachableAudienceSchema = z.enum(['tool-vm', 'both']);
|
|
36
|
+
const agentAccessSchema = z.union([z.literal('all'), z.array(agentIdSchema).min(1)]);
|
|
35
37
|
const secretNameSchema = z
|
|
36
38
|
.string()
|
|
37
39
|
.min(1)
|
|
@@ -67,40 +69,73 @@ const configEnvSecretSchema = z
|
|
|
67
69
|
audience: z.literal('gateway'),
|
|
68
70
|
})
|
|
69
71
|
.strict();
|
|
70
|
-
const
|
|
72
|
+
const onePasswordGatewayMediatedSecretSchema = z
|
|
71
73
|
.object({
|
|
72
74
|
source: z.literal('1password'),
|
|
73
75
|
ref: z.string().min(1),
|
|
74
76
|
injection: z.literal('http-mediation'),
|
|
75
|
-
audience:
|
|
77
|
+
audience: z.literal('gateway'),
|
|
78
|
+
hosts: z.array(z.string().min(1)).min(1),
|
|
79
|
+
})
|
|
80
|
+
.strict();
|
|
81
|
+
const onePasswordToolVmMediatedSecretSchema = z
|
|
82
|
+
.object({
|
|
83
|
+
source: z.literal('1password'),
|
|
84
|
+
ref: z.string().min(1),
|
|
85
|
+
injection: z.literal('http-mediation'),
|
|
86
|
+
audience: toolVmReachableAudienceSchema,
|
|
76
87
|
hosts: z.array(z.string().min(1)).min(1),
|
|
88
|
+
agentAccess: agentAccessSchema,
|
|
77
89
|
})
|
|
78
90
|
.strict();
|
|
79
|
-
const
|
|
91
|
+
const environmentGatewayMediatedSecretSchema = z
|
|
80
92
|
.object({
|
|
81
93
|
source: z.literal('environment'),
|
|
82
94
|
envVar: z.string().min(1),
|
|
83
95
|
injection: z.literal('http-mediation'),
|
|
84
|
-
audience:
|
|
96
|
+
audience: z.literal('gateway'),
|
|
85
97
|
hosts: z.array(z.string().min(1)).min(1),
|
|
86
98
|
})
|
|
87
99
|
.strict();
|
|
88
|
-
const
|
|
100
|
+
const environmentToolVmMediatedSecretSchema = z
|
|
101
|
+
.object({
|
|
102
|
+
source: z.literal('environment'),
|
|
103
|
+
envVar: z.string().min(1),
|
|
104
|
+
injection: z.literal('http-mediation'),
|
|
105
|
+
audience: toolVmReachableAudienceSchema,
|
|
106
|
+
hosts: z.array(z.string().min(1)).min(1),
|
|
107
|
+
agentAccess: agentAccessSchema,
|
|
108
|
+
})
|
|
109
|
+
.strict();
|
|
110
|
+
const configGatewayMediatedSecretSchema = z
|
|
89
111
|
.object({
|
|
90
112
|
source: z.literal('config'),
|
|
91
113
|
value: z.string().min(1),
|
|
92
114
|
injection: z.literal('http-mediation'),
|
|
93
|
-
audience:
|
|
115
|
+
audience: z.literal('gateway'),
|
|
94
116
|
hosts: z.array(z.string().min(1)).min(1),
|
|
95
117
|
})
|
|
96
118
|
.strict();
|
|
119
|
+
const configToolVmMediatedSecretSchema = z
|
|
120
|
+
.object({
|
|
121
|
+
source: z.literal('config'),
|
|
122
|
+
value: z.string().min(1),
|
|
123
|
+
injection: z.literal('http-mediation'),
|
|
124
|
+
audience: toolVmReachableAudienceSchema,
|
|
125
|
+
hosts: z.array(z.string().min(1)).min(1),
|
|
126
|
+
agentAccess: agentAccessSchema,
|
|
127
|
+
})
|
|
128
|
+
.strict();
|
|
97
129
|
const secretReferenceSchema = z.union([
|
|
98
130
|
onePasswordEnvSecretSchema,
|
|
99
131
|
environmentEnvSecretSchema,
|
|
100
132
|
configEnvSecretSchema,
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
133
|
+
onePasswordGatewayMediatedSecretSchema,
|
|
134
|
+
onePasswordToolVmMediatedSecretSchema,
|
|
135
|
+
environmentGatewayMediatedSecretSchema,
|
|
136
|
+
environmentToolVmMediatedSecretSchema,
|
|
137
|
+
configGatewayMediatedSecretSchema,
|
|
138
|
+
configToolVmMediatedSecretSchema,
|
|
104
139
|
]);
|
|
105
140
|
const runtimeAuthHintSchema = z.discriminatedUnion('kind', [
|
|
106
141
|
z
|
|
@@ -427,6 +462,17 @@ const imageConfigSchema = z
|
|
|
427
462
|
const gatewayImageProfileSchema = imageConfigSchema.extend({
|
|
428
463
|
type: z.enum(gatewayTypeValues),
|
|
429
464
|
});
|
|
465
|
+
function isManagedOpenClawObservabilityProfile(profileName, profile) {
|
|
466
|
+
if (!profile || profile.type !== 'openclaw') {
|
|
467
|
+
return false;
|
|
468
|
+
}
|
|
469
|
+
if (profile.source?.base === 'openclaw-gateway') {
|
|
470
|
+
return true;
|
|
471
|
+
}
|
|
472
|
+
return (profile.source === undefined &&
|
|
473
|
+
profileName === 'openclaw' &&
|
|
474
|
+
/(?:^|\/)vm-images\/gateways\/openclaw\/build-config\.jsonc?$/u.test(profile.buildConfig));
|
|
475
|
+
}
|
|
430
476
|
const toolVmImageProfileSchema = imageConfigSchema.extend({
|
|
431
477
|
type: z.literal('toolVm'),
|
|
432
478
|
});
|
|
@@ -445,6 +491,157 @@ const zoneMcpConfigSchema = z
|
|
|
445
491
|
configDir: z.string().min(1),
|
|
446
492
|
})
|
|
447
493
|
.strict();
|
|
494
|
+
const victoriaRetentionPeriodSchema = z
|
|
495
|
+
.string()
|
|
496
|
+
.min(1)
|
|
497
|
+
.regex(/^[1-9][0-9]*(?:ms|s|m|h|d|w|M|y)$/u, 'retention period must be a positive Victoria duration such as 30d, 12h, or 1M');
|
|
498
|
+
const victoriaByteSizeSchema = z
|
|
499
|
+
.string()
|
|
500
|
+
.min(1)
|
|
501
|
+
.regex(/^[1-9][0-9]*(?:B|KB|MB|GB|TB|KiB|MiB|GiB|TiB)$/u, 'retention byte size must be a positive value with a unit such as 5GiB or 50GB');
|
|
502
|
+
const observabilityRetentionBaseSchema = z
|
|
503
|
+
.object({
|
|
504
|
+
period: victoriaRetentionPeriodSchema,
|
|
505
|
+
minFreeDiskSpaceBytes: victoriaByteSizeSchema.optional(),
|
|
506
|
+
})
|
|
507
|
+
.strict();
|
|
508
|
+
const observabilityByteBoundedRetentionPolicySchema = observabilityRetentionBaseSchema
|
|
509
|
+
.extend({
|
|
510
|
+
maxDiskSpaceUsageBytes: victoriaByteSizeSchema.optional(),
|
|
511
|
+
})
|
|
512
|
+
.strict();
|
|
513
|
+
const observabilityDiskBoundedRetentionPolicySchema = observabilityRetentionBaseSchema
|
|
514
|
+
.extend({
|
|
515
|
+
maxDiskSpaceUsageBytes: victoriaByteSizeSchema.optional(),
|
|
516
|
+
maxDiskUsagePercent: z.number().int().min(1).max(100).optional(),
|
|
517
|
+
})
|
|
518
|
+
.strict()
|
|
519
|
+
.refine((value) => value.maxDiskSpaceUsageBytes === undefined || value.maxDiskUsagePercent === undefined, 'maxDiskSpaceUsageBytes and maxDiskUsagePercent are mutually exclusive');
|
|
520
|
+
const hostObservabilityPortSchema = z.number().int().min(1).max(65_535);
|
|
521
|
+
const hostObservabilityPortsSchema = z
|
|
522
|
+
.object({
|
|
523
|
+
collectorGrpc: hostObservabilityPortSchema.default(4317),
|
|
524
|
+
collectorHttp: hostObservabilityPortSchema.default(4318),
|
|
525
|
+
collectorHealth: hostObservabilityPortSchema.default(13_133),
|
|
526
|
+
metrics: hostObservabilityPortSchema.default(8428),
|
|
527
|
+
logs: hostObservabilityPortSchema.default(9428),
|
|
528
|
+
traces: hostObservabilityPortSchema.default(10_428),
|
|
529
|
+
})
|
|
530
|
+
.strict()
|
|
531
|
+
.refine((ports) => new Set(Object.values(ports)).size === Object.values(ports).length, {
|
|
532
|
+
message: 'host observability ports must be unique',
|
|
533
|
+
})
|
|
534
|
+
.default({
|
|
535
|
+
collectorGrpc: 4317,
|
|
536
|
+
collectorHttp: 4318,
|
|
537
|
+
collectorHealth: 13_133,
|
|
538
|
+
metrics: 8428,
|
|
539
|
+
logs: 9428,
|
|
540
|
+
traces: 10_428,
|
|
541
|
+
});
|
|
542
|
+
const managedHostObservabilityStackSchema = z
|
|
543
|
+
.object({
|
|
544
|
+
mode: z.literal('managed').default('managed'),
|
|
545
|
+
scrubbing: z
|
|
546
|
+
.object({
|
|
547
|
+
responsibility: z
|
|
548
|
+
.literal('agent-vm-managed-collector')
|
|
549
|
+
.default('agent-vm-managed-collector'),
|
|
550
|
+
})
|
|
551
|
+
.strict()
|
|
552
|
+
.default({ responsibility: 'agent-vm-managed-collector' }),
|
|
553
|
+
})
|
|
554
|
+
.strict()
|
|
555
|
+
.default({
|
|
556
|
+
mode: 'managed',
|
|
557
|
+
scrubbing: { responsibility: 'agent-vm-managed-collector' },
|
|
558
|
+
});
|
|
559
|
+
const externalHostObservabilityStackSchema = z
|
|
560
|
+
.object({
|
|
561
|
+
mode: z.literal('external'),
|
|
562
|
+
scrubbing: z
|
|
563
|
+
.object({
|
|
564
|
+
responsibility: z.literal('external-collector'),
|
|
565
|
+
})
|
|
566
|
+
.strict(),
|
|
567
|
+
})
|
|
568
|
+
.strict();
|
|
569
|
+
const hostObservabilityCommonShape = {
|
|
570
|
+
enabled: z.literal(true),
|
|
571
|
+
mode: z.literal('collector').default('collector'),
|
|
572
|
+
bindAddress: z.enum(['127.0.0.1', '::1']).default('127.0.0.1'),
|
|
573
|
+
prepareOnBuild: z.boolean().default(true),
|
|
574
|
+
waitOnBuild: z.boolean().default(true),
|
|
575
|
+
startupCheckTimeoutMs: z.number().int().positive().default(30_000),
|
|
576
|
+
ports: hostObservabilityPortsSchema,
|
|
577
|
+
controllerStartPolicy: z.enum(['degraded', 'require-ready', 'off']).default('degraded'),
|
|
578
|
+
};
|
|
579
|
+
const hostObservabilityRetentionSchema = z
|
|
580
|
+
.object({
|
|
581
|
+
metrics: observabilityRetentionBaseSchema,
|
|
582
|
+
logs: observabilityByteBoundedRetentionPolicySchema,
|
|
583
|
+
traces: observabilityDiskBoundedRetentionPolicySchema,
|
|
584
|
+
})
|
|
585
|
+
.strict();
|
|
586
|
+
const managedHostObservabilitySchema = z
|
|
587
|
+
.object({
|
|
588
|
+
...hostObservabilityCommonShape,
|
|
589
|
+
stack: managedHostObservabilityStackSchema,
|
|
590
|
+
runner: z.literal('docker-compose').default('docker-compose'),
|
|
591
|
+
dataDir: z.string().min(1),
|
|
592
|
+
projectName: z
|
|
593
|
+
.string()
|
|
594
|
+
.min(1)
|
|
595
|
+
.regex(/^[a-z0-9][a-z0-9_-]*$/u, 'projectName must use lowercase letters, numbers, hyphens, and underscores, and start with a letter or number')
|
|
596
|
+
.optional(),
|
|
597
|
+
retention: hostObservabilityRetentionSchema,
|
|
598
|
+
})
|
|
599
|
+
.strict();
|
|
600
|
+
const externalHostObservabilitySchema = z
|
|
601
|
+
.object({
|
|
602
|
+
...hostObservabilityCommonShape,
|
|
603
|
+
stack: externalHostObservabilityStackSchema,
|
|
604
|
+
})
|
|
605
|
+
.strict();
|
|
606
|
+
const hostObservabilitySchema = z.union([
|
|
607
|
+
z
|
|
608
|
+
.object({
|
|
609
|
+
enabled: z.literal(false),
|
|
610
|
+
})
|
|
611
|
+
.strict(),
|
|
612
|
+
managedHostObservabilitySchema,
|
|
613
|
+
externalHostObservabilitySchema,
|
|
614
|
+
]);
|
|
615
|
+
const zoneOpenClawObservabilitySchema = z
|
|
616
|
+
.object({
|
|
617
|
+
serviceName: z.string().min(1),
|
|
618
|
+
traces: z.boolean().default(true),
|
|
619
|
+
metrics: z.boolean().default(true),
|
|
620
|
+
logs: z.boolean().default(true),
|
|
621
|
+
sampleRate: z.number().min(0).max(1).default(1),
|
|
622
|
+
flushIntervalMs: z.number().int().positive().default(10_000),
|
|
623
|
+
captureContent: z
|
|
624
|
+
.object({
|
|
625
|
+
enabled: z.literal(false).default(false),
|
|
626
|
+
})
|
|
627
|
+
.strict()
|
|
628
|
+
.default({ enabled: false }),
|
|
629
|
+
diagnosticsFlags: z.array(z.string().min(1)).default([]),
|
|
630
|
+
})
|
|
631
|
+
.strict();
|
|
632
|
+
const zoneObservabilitySchema = z.discriminatedUnion('enabled', [
|
|
633
|
+
z
|
|
634
|
+
.object({
|
|
635
|
+
enabled: z.literal(false),
|
|
636
|
+
})
|
|
637
|
+
.strict(),
|
|
638
|
+
z
|
|
639
|
+
.object({
|
|
640
|
+
enabled: z.literal(true),
|
|
641
|
+
openclaw: zoneOpenClawObservabilitySchema,
|
|
642
|
+
})
|
|
643
|
+
.strict(),
|
|
644
|
+
]);
|
|
448
645
|
const systemConfigSchema = z
|
|
449
646
|
.object({
|
|
450
647
|
$schema: z.string().min(1).optional(),
|
|
@@ -462,6 +659,7 @@ const systemConfigSchema = z
|
|
|
462
659
|
})
|
|
463
660
|
.optional(),
|
|
464
661
|
githubToken: hostSecretReferenceSchema.optional(),
|
|
662
|
+
observability: hostObservabilitySchema.optional(),
|
|
465
663
|
}),
|
|
466
664
|
controller: controllerConfigSchema.default({ health: defaultControllerHealthConfig }),
|
|
467
665
|
cacheDir: z.string().min(1).default('./cache'),
|
|
@@ -478,6 +676,7 @@ const systemConfigSchema = z
|
|
|
478
676
|
resources: zoneResourcesPolicySchema.optional(),
|
|
479
677
|
secrets: z.record(secretNameSchema, secretReferenceSchema),
|
|
480
678
|
runtimeAuthHints: z.array(runtimeAuthHintSchema).optional(),
|
|
679
|
+
observability: zoneObservabilitySchema.optional(),
|
|
481
680
|
egressHosts: z.array(egressHostSchema).min(1),
|
|
482
681
|
websocketBypass: z.array(z.string().min(1)).default([]),
|
|
483
682
|
defaultToolVmProfile: z.string().min(1).optional(),
|
|
@@ -547,6 +746,59 @@ const systemConfigSchema = z
|
|
|
547
746
|
}
|
|
548
747
|
}
|
|
549
748
|
for (const [zoneIndex, zone] of config.zones.entries()) {
|
|
749
|
+
const zoneAgents = zone.agents ?? [];
|
|
750
|
+
const zoneAgentIds = new Set(zoneAgents.map((agent) => agent.id));
|
|
751
|
+
if (zone.observability?.enabled === true && config.host.observability?.enabled !== true) {
|
|
752
|
+
context.addIssue({
|
|
753
|
+
code: z.ZodIssueCode.custom,
|
|
754
|
+
message: `Zone '${zone.id}' observability requires host.observability.enabled to be true.`,
|
|
755
|
+
path: ['zones', zoneIndex, 'observability'],
|
|
756
|
+
});
|
|
757
|
+
}
|
|
758
|
+
if (zone.observability?.enabled === true && zone.gateway.type !== 'openclaw') {
|
|
759
|
+
context.addIssue({
|
|
760
|
+
code: z.ZodIssueCode.custom,
|
|
761
|
+
message: `Zone '${zone.id}' observability is supported only for OpenClaw gateways in v1.`,
|
|
762
|
+
path: ['zones', zoneIndex, 'observability'],
|
|
763
|
+
});
|
|
764
|
+
}
|
|
765
|
+
if (zone.observability?.enabled === true && zone.gateway.type === 'openclaw') {
|
|
766
|
+
const gatewayImageProfile = config.imageProfiles.gateways[zone.gateway.imageProfile];
|
|
767
|
+
if (!isManagedOpenClawObservabilityProfile(zone.gateway.imageProfile, gatewayImageProfile)) {
|
|
768
|
+
context.addIssue({
|
|
769
|
+
code: z.ZodIssueCode.custom,
|
|
770
|
+
message: `Zone '${zone.id}' observability requires OpenClaw gateway image profile '${zone.gateway.imageProfile}' to use managed base 'openclaw-gateway' so @openclaw/diagnostics-otel is installed.`,
|
|
771
|
+
path: ['zones', zoneIndex, 'gateway', 'imageProfile'],
|
|
772
|
+
});
|
|
773
|
+
}
|
|
774
|
+
}
|
|
775
|
+
if (zone.observability?.enabled === true) {
|
|
776
|
+
const forbiddenDiagnosticsFlagPattern = /[*=]|^(?:1|all|everything)$|(?:body|content|payload|prompt|secret|token|authorization|cookie|transcript|query|header|url)/iu;
|
|
777
|
+
for (const [flagIndex, diagnosticsFlag,] of zone.observability.openclaw.diagnosticsFlags.entries()) {
|
|
778
|
+
if (forbiddenDiagnosticsFlagPattern.test(diagnosticsFlag)) {
|
|
779
|
+
context.addIssue({
|
|
780
|
+
code: z.ZodIssueCode.custom,
|
|
781
|
+
message: `Zone '${zone.id}' observability diagnostics flag '${diagnosticsFlag}' is too broad or can capture sensitive content.`,
|
|
782
|
+
path: [
|
|
783
|
+
'zones',
|
|
784
|
+
zoneIndex,
|
|
785
|
+
'observability',
|
|
786
|
+
'openclaw',
|
|
787
|
+
'diagnosticsFlags',
|
|
788
|
+
flagIndex,
|
|
789
|
+
],
|
|
790
|
+
});
|
|
791
|
+
}
|
|
792
|
+
}
|
|
793
|
+
if (zone.gateway.type === 'openclaw' &&
|
|
794
|
+
zone.gateway.rawEnvSecrets?.includes('OPENCLAW_DIAGNOSTICS') === true) {
|
|
795
|
+
context.addIssue({
|
|
796
|
+
code: z.ZodIssueCode.custom,
|
|
797
|
+
message: `Zone '${zone.id}' observability owns diagnostics configuration; do not list OPENCLAW_DIAGNOSTICS in gateway.rawEnvSecrets.`,
|
|
798
|
+
path: ['zones', zoneIndex, 'gateway', 'rawEnvSecrets'],
|
|
799
|
+
});
|
|
800
|
+
}
|
|
801
|
+
}
|
|
550
802
|
const openClawControlAuthSecretName = zone.gateway.type === 'openclaw' ? zone.gateway.controlAuth.secret : undefined;
|
|
551
803
|
const openClawGatewayToken = openClawControlAuthSecretName
|
|
552
804
|
? zone.secrets[openClawControlAuthSecretName]
|
|
@@ -611,6 +863,41 @@ const systemConfigSchema = z
|
|
|
611
863
|
});
|
|
612
864
|
}
|
|
613
865
|
}
|
|
866
|
+
for (const [secretName, secret] of Object.entries(zone.secrets)) {
|
|
867
|
+
if (secret.injection !== 'http-mediation' ||
|
|
868
|
+
!targetsAudience(secret.audience, 'tool-vm') ||
|
|
869
|
+
!('agentAccess' in secret)) {
|
|
870
|
+
continue;
|
|
871
|
+
}
|
|
872
|
+
if (zone.gateway.type !== 'openclaw') {
|
|
873
|
+
context.addIssue({
|
|
874
|
+
code: z.ZodIssueCode.custom,
|
|
875
|
+
message: `Worker zone '${zone.id}' secret '${secretName}' must not declare agentAccess because worker zones do not boot OpenClaw Tool VMs.`,
|
|
876
|
+
path: ['zones', zoneIndex, 'secrets', secretName, 'agentAccess'],
|
|
877
|
+
});
|
|
878
|
+
continue;
|
|
879
|
+
}
|
|
880
|
+
if (zoneAgentIds.size === 0) {
|
|
881
|
+
context.addIssue({
|
|
882
|
+
code: z.ZodIssueCode.custom,
|
|
883
|
+
message: `OpenClaw zone '${zone.id}' secret '${secretName}' uses Tool VM agentAccess but zones[].agents is empty. Declare at least one zone agent so agentAccess can be evaluated.`,
|
|
884
|
+
path: ['zones', zoneIndex, 'agents'],
|
|
885
|
+
});
|
|
886
|
+
continue;
|
|
887
|
+
}
|
|
888
|
+
if (Array.isArray(secret.agentAccess)) {
|
|
889
|
+
for (const [agentAccessIndex, agentId] of secret.agentAccess.entries()) {
|
|
890
|
+
if (zoneAgentIds.has(agentId)) {
|
|
891
|
+
continue;
|
|
892
|
+
}
|
|
893
|
+
context.addIssue({
|
|
894
|
+
code: z.ZodIssueCode.custom,
|
|
895
|
+
message: `Zone '${zone.id}' secret '${secretName}' agentAccess references unknown agent '${agentId}'.`,
|
|
896
|
+
path: ['zones', zoneIndex, 'secrets', secretName, 'agentAccess', agentAccessIndex],
|
|
897
|
+
});
|
|
898
|
+
}
|
|
899
|
+
}
|
|
900
|
+
}
|
|
614
901
|
// Keep zone gateway type readable at the use site while image profiles
|
|
615
902
|
// remain the source of boot-image details. This cross-check prevents
|
|
616
903
|
// a worker lifecycle from accidentally booting an OpenClaw image, or
|
|
@@ -637,7 +924,6 @@ const systemConfigSchema = z
|
|
|
637
924
|
path: ['zones', zoneIndex, 'defaultToolVmProfile'],
|
|
638
925
|
});
|
|
639
926
|
}
|
|
640
|
-
const zoneAgents = zone.agents ?? [];
|
|
641
927
|
if (zone.gateway.type !== 'openclaw' &&
|
|
642
928
|
(zoneAgents.length > 0 || zone.mcpPortal !== undefined)) {
|
|
643
929
|
context.addIssue({
|
|
@@ -772,7 +1058,7 @@ export const systemConfigSchemaId = 'agent-vm:system:1';
|
|
|
772
1058
|
export function createSystemConfigSchemaArtifact() {
|
|
773
1059
|
return {
|
|
774
1060
|
$id: systemConfigSchemaId,
|
|
775
|
-
...z.toJSONSchema(systemConfigSchema, { target: 'draft-07' }),
|
|
1061
|
+
...z.toJSONSchema(systemConfigSchema, { io: 'input', target: 'draft-07' }),
|
|
776
1062
|
};
|
|
777
1063
|
}
|
|
778
1064
|
export function resolveControllerHealthConfig(config) {
|
|
@@ -788,10 +1074,23 @@ function pathsOverlap(firstPath, secondPath) {
|
|
|
788
1074
|
(!firstToSecond.startsWith('..') && !path.isAbsolute(firstToSecond)) ||
|
|
789
1075
|
(!secondToFirst.startsWith('..') && !path.isAbsolute(secondToFirst)));
|
|
790
1076
|
}
|
|
1077
|
+
function isManagedHostObservabilityConfig(observability) {
|
|
1078
|
+
return observability?.enabled === true && observability.stack.mode === 'managed';
|
|
1079
|
+
}
|
|
791
1080
|
function assertResolvedRuntimePathIsolation(config) {
|
|
792
1081
|
if (pathsOverlap(config.runtimeDir, config.cacheDir)) {
|
|
793
1082
|
throw new Error('runtimeDir must not overlap cacheDir.');
|
|
794
1083
|
}
|
|
1084
|
+
const observability = config.host.observability;
|
|
1085
|
+
if (isManagedHostObservabilityConfig(observability)) {
|
|
1086
|
+
const { dataDir } = observability;
|
|
1087
|
+
if (pathsOverlap(dataDir, config.cacheDir)) {
|
|
1088
|
+
throw new Error('observability dataDir must not overlap cacheDir.');
|
|
1089
|
+
}
|
|
1090
|
+
if (pathsOverlap(dataDir, config.runtimeDir)) {
|
|
1091
|
+
throw new Error('observability dataDir must not overlap runtimeDir.');
|
|
1092
|
+
}
|
|
1093
|
+
}
|
|
795
1094
|
for (const zone of config.zones) {
|
|
796
1095
|
if (pathsOverlap(config.runtimeDir, zone.gateway.stateDir)) {
|
|
797
1096
|
throw new Error(`runtimeDir must not overlap stateDir for zone '${zone.id}'.`);
|
|
@@ -800,6 +1099,15 @@ function assertResolvedRuntimePathIsolation(config) {
|
|
|
800
1099
|
pathsOverlap(config.runtimeDir, zone.gateway.zoneFilesDir)) {
|
|
801
1100
|
throw new Error(`runtimeDir must not overlap zoneFilesDir for zone '${zone.id}'.`);
|
|
802
1101
|
}
|
|
1102
|
+
if (isManagedHostObservabilityConfig(observability)) {
|
|
1103
|
+
const { dataDir } = observability;
|
|
1104
|
+
if (pathsOverlap(dataDir, zone.gateway.stateDir)) {
|
|
1105
|
+
throw new Error(`observability dataDir must not overlap stateDir for zone '${zone.id}'.`);
|
|
1106
|
+
}
|
|
1107
|
+
if (zone.gateway.type === 'openclaw' && pathsOverlap(dataDir, zone.gateway.zoneFilesDir)) {
|
|
1108
|
+
throw new Error(`observability dataDir must not overlap zoneFilesDir for zone '${zone.id}'.`);
|
|
1109
|
+
}
|
|
1110
|
+
}
|
|
803
1111
|
}
|
|
804
1112
|
}
|
|
805
1113
|
export function createLoadedSystemConfig(config, options) {
|
|
@@ -841,6 +1149,15 @@ function resolveRelativePaths(config, configDir) {
|
|
|
841
1149
|
};
|
|
842
1150
|
return {
|
|
843
1151
|
...config,
|
|
1152
|
+
host: isManagedHostObservabilityConfig(config.host.observability)
|
|
1153
|
+
? {
|
|
1154
|
+
...config.host,
|
|
1155
|
+
observability: {
|
|
1156
|
+
...config.host.observability,
|
|
1157
|
+
dataDir: resolvePath(config.host.observability.dataDir),
|
|
1158
|
+
},
|
|
1159
|
+
}
|
|
1160
|
+
: config.host,
|
|
844
1161
|
cacheDir: resolvePath(config.cacheDir),
|
|
845
1162
|
runtimeDir: resolvePath(config.runtimeDir),
|
|
846
1163
|
imageProfiles: {
|