@agent-vm/openclaw-gateway 0.0.49 → 0.0.51
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +5 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -21
- package/dist/index.js.map +1 -1
- package/package.json +3 -3
package/dist/index.d.ts
CHANGED
|
@@ -111,6 +111,10 @@ interface EnvironmentGatewayAuthProfilesRef extends GatewayAuthProfilesRef {
|
|
|
111
111
|
readonly source: 'environment';
|
|
112
112
|
readonly envVar: string;
|
|
113
113
|
}
|
|
114
|
+
type GatewaySshSecretEnvMode = 'always' | 'explicit' | 'never';
|
|
115
|
+
interface GatewaySshConfig {
|
|
116
|
+
readonly secretEnv: GatewaySshSecretEnvMode;
|
|
117
|
+
}
|
|
114
118
|
interface GatewayZoneBaseGatewayConfig {
|
|
115
119
|
readonly type: GatewayType;
|
|
116
120
|
readonly memory: string;
|
|
@@ -118,6 +122,7 @@ interface GatewayZoneBaseGatewayConfig {
|
|
|
118
122
|
readonly port: number;
|
|
119
123
|
readonly config: string;
|
|
120
124
|
readonly stateDir: string;
|
|
125
|
+
readonly ssh: GatewaySshConfig;
|
|
121
126
|
readonly authProfilesRef?: OnePasswordGatewayAuthProfilesRef | EnvironmentGatewayAuthProfilesRef | undefined;
|
|
122
127
|
}
|
|
123
128
|
interface OpenClawGatewayZoneGatewayConfig extends GatewayZoneBaseGatewayConfig {
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","names":["gatewayTypeValues","GatewayType","buildGatewaySessionLabel","buildToolSessionLabel","PinnedRealFsRoot","SecretSpec","SecretRef","SecretResolver","Promise","Record","VfsMountSpec","GatewayHealthCheck","GatewayProcessSpec","GatewayVmSpec","GatewayAuthConfig","GatewayAuthProfilesRef","OnePasswordGatewayAuthProfilesRef","EnvironmentGatewayAuthProfilesRef","GatewayZoneBaseGatewayConfig","OpenClawGatewayZoneGatewayConfig","Readonly","WorkerGatewayZoneGatewayConfig","GatewayZoneGatewayConfig","GatewayZoneConfig","BuildGatewayVmSpecOptions","GatewayLifecycle","SplitResolvedGatewaySecretsResult","splitResolvedGatewaySecrets"],"sources":["../../gateway-interface/dist/index.d.ts","../src/openclaw-lifecycle.ts"],"sourcesContent":["//#region src/gateway-runtime-contract.d.ts\ndeclare const gatewayTypeValues: readonly [\"openclaw\", \"worker\"];\ntype GatewayType = (typeof gatewayTypeValues)[number];\ndeclare function buildGatewaySessionLabel(projectNamespace: string, zoneId: string): string;\ndeclare function buildToolSessionLabel(projectNamespace: string, zoneId: string, tcpSlot: number): string;\n//#endregion\n//#region ../gondolin-adapter/dist/index.d.ts\n\n//#endregion\n//#region src/pinned-realfs.d.ts\ninterface PinnedRealFsRoot {\n readonly hostPath: string;\n readonly realPath: string;\n readonly fd: number;\n readonly device: number;\n readonly inode: number;\n}\n//#endregion\n//#region src/types.d.ts\ninterface SecretSpec {\n readonly hosts: readonly string[];\n readonly value: string;\n}\ntype SecretRef = {\n readonly source: '1password';\n readonly ref: string;\n} | {\n readonly source: 'environment';\n readonly ref: string;\n};\n//#endregion\n//#region src/secret-resolver.d.ts\n\ninterface SecretResolver {\n resolve(ref: SecretRef): Promise<string>;\n resolveAll(refs: Record<string, SecretRef>): Promise<Record<string, string>>;\n}\ninterface VfsMountSpec {\n readonly kind: 'realfs' | 'realfs-readonly' | 'memory' | 'shadow';\n readonly hostPath?: string;\n readonly pinnedHostRoot?: PinnedRealFsRoot;\n readonly shadowConfig?: {\n readonly deny: readonly string[];\n readonly tmpfs: readonly string[];\n };\n}\n//#endregion\n//#region src/gateway-process-spec.d.ts\ntype GatewayHealthCheck = {\n readonly type: 'http';\n readonly port: number;\n readonly path: string;\n} | {\n readonly type: 'command';\n readonly command: string;\n};\n/**\n * Everything about the process running inside the VM.\n * Retained by the running gateway handle for logs, health, restart.\n */\ninterface GatewayProcessSpec {\n readonly bootstrapCommand: string;\n readonly startCommand: string;\n readonly healthCheck: GatewayHealthCheck;\n readonly guestListenPort: number;\n readonly logPath: string;\n}\n//#endregion\n//#region src/gateway-vm-spec.d.ts\n/**\n * Everything the controller needs to create the Gondolin VM.\n * Lifecycle implementations own the full Gondolin-facing contract.\n */\ninterface GatewayVmSpec {\n readonly environment: Record<string, string>;\n readonly vfsMounts: Record<string, VfsMountSpec>;\n readonly mediatedSecrets: Record<string, SecretSpec>;\n readonly tcpHosts: Record<string, string>;\n readonly allowedHosts: readonly string[];\n readonly rootfsMode: 'readonly' | 'memory' | 'cow';\n readonly sessionLabel: string;\n}\n//#endregion\n//#region src/gateway-lifecycle.d.ts\n/**\n * Describes how to run interactive auth for a gateway type.\n * Static property — available without a running VM.\n */\ninterface GatewayAuthConfig {\n /**\n * Shell command to list available auth providers inside the VM.\n * Should output one provider name per line to stdout.\n */\n readonly listProvidersCommand: string;\n /**\n * Build the shell command for interactive auth login.\n * The CLI passes this as the SSH remote command with -t (TTY).\n */\n readonly buildLoginCommand: (provider: string, options?: {\n readonly deviceCode?: boolean;\n readonly setDefault?: boolean;\n }) => string;\n}\ninterface GatewayAuthProfilesRef {\n readonly source: '1password' | 'environment';\n}\ninterface OnePasswordGatewayAuthProfilesRef extends GatewayAuthProfilesRef {\n readonly source: '1password';\n readonly ref: string;\n}\ninterface EnvironmentGatewayAuthProfilesRef extends GatewayAuthProfilesRef {\n readonly source: 'environment';\n readonly envVar: string;\n}\ninterface GatewayZoneBaseGatewayConfig {\n readonly type: GatewayType;\n readonly memory: string;\n readonly cpus: number;\n readonly port: number;\n readonly config: string;\n readonly stateDir: string;\n readonly authProfilesRef?: OnePasswordGatewayAuthProfilesRef | EnvironmentGatewayAuthProfilesRef | undefined;\n}\ninterface OpenClawGatewayZoneGatewayConfig extends GatewayZoneBaseGatewayConfig {\n readonly type: 'openclaw';\n readonly zoneFilesDir: string;\n readonly authProfilesByAgent?: Readonly<Record<string, OnePasswordGatewayAuthProfilesRef | EnvironmentGatewayAuthProfilesRef>>;\n}\ninterface WorkerGatewayZoneGatewayConfig extends GatewayZoneBaseGatewayConfig {\n readonly type: 'worker';\n}\ntype GatewayZoneGatewayConfig = OpenClawGatewayZoneGatewayConfig | WorkerGatewayZoneGatewayConfig;\n/**\n * Zone config as the lifecycle sees it.\n * Decoupled from SystemConfig — the controller maps into this shape.\n */\ninterface GatewayZoneConfig {\n readonly id: string;\n readonly gateway: GatewayZoneGatewayConfig;\n readonly secrets: Record<string, {\n readonly source: '1password';\n readonly ref: string;\n readonly injection: 'env' | 'http-mediation';\n readonly hosts?: readonly string[] | undefined;\n } | {\n readonly source: 'environment';\n readonly envVar: string;\n readonly injection: 'env' | 'http-mediation';\n readonly hosts?: readonly string[] | undefined;\n }>;\n readonly allowedHosts: readonly string[];\n readonly websocketBypass: readonly string[];\n readonly defaultToolVmProfile?: string;\n}\ninterface BuildGatewayVmSpecOptions {\n readonly controllerPort: number;\n readonly gatewayCacheDir: string;\n readonly projectNamespace: string;\n readonly resolvedSecrets: Record<string, string>;\n readonly tcpPool: {\n readonly basePort: number;\n readonly size: number;\n };\n readonly zone: GatewayZoneConfig;\n}\ninterface GatewayLifecycle {\n /**\n * How to run interactive auth for this gateway type.\n * Absent means the gateway type does not support interactive auth.\n */\n readonly authConfig?: GatewayAuthConfig | undefined;\n /**\n * Build the full VM spec — everything Gondolin needs to create the VM.\n * Pure data assembly — no side effects.\n */\n buildVmSpec(options: BuildGatewayVmSpecOptions): GatewayVmSpec;\n /**\n * Build the process spec — everything about startup, health, and logging.\n * Pure data assembly — no side effects.\n */\n buildProcessSpec(zone: GatewayZoneConfig, resolvedSecrets: Record<string, string>): GatewayProcessSpec;\n /**\n * Optional hook to prepare host-side state before the VM boots.\n * Example: writing auth-profiles.json from 1Password.\n */\n prepareHostState?(zone: GatewayZoneConfig, secretResolver: SecretResolver): Promise<void>;\n}\n//#endregion\n//#region src/split-resolved-gateway-secrets.d.ts\ninterface SplitResolvedGatewaySecretsResult {\n readonly environmentSecrets: Record<string, string>;\n readonly mediatedSecrets: Record<string, SecretSpec>;\n}\ndeclare function splitResolvedGatewaySecrets(zone: GatewayZoneConfig, resolvedSecrets: Record<string, string>): SplitResolvedGatewaySecretsResult;\n//#endregion\nexport { type BuildGatewayVmSpecOptions, type GatewayAuthConfig, type GatewayHealthCheck, type GatewayLifecycle, type GatewayProcessSpec, type GatewayType, type GatewayVmSpec, type GatewayZoneConfig, type SplitResolvedGatewaySecretsResult, buildGatewaySessionLabel, buildToolSessionLabel, gatewayTypeValues, splitResolvedGatewaySecrets };\n//# sourceMappingURL=index.d.ts.map"],"mappings":";;cACcA,iBAAkD,EAAA,SAAA,CAAA,UAAA,EAAA,QAAA,CAAA;AAAA,KAC3DC,WAAAA,GAAW,CAAA,OAAWD,iBAAAA,CAAAA,CAAAA,MAAiB,CAAA;AAiBxB;AAIN;;;;UAbJI,gBAAAA,CAyBSK;EAAoCA,SAAAA,QAAAA,EAAAA,MAAAA;EAARD,SAAAA,QAAAA,EAAAA,MAAAA;EAAO,SAAA,EAAA,EAAA,MAAA;EAAA,SAE5CE,MAAAA,EAAY,MAAA;EAGsB,SAQvCC,KAAAA,EAAAA,MAAAA;AAAkB;AAemB;;UA5ChCN,UAAAA,CAwD2BK;EAAfD,SAAAA,KAAAA,EAAAA,SAAAA,MAAAA,EAAAA;EACqBJ,SAAAA,KAAAA,EAAAA,MAAAA;;KArDtCC,SAAAA,GAsDgBG;EAAM,SAAA,MAAA,EAAA,WAAA;EAAA,SAWjBK,GAAAA,EAAAA,MAAAA;AAAiB,CAAA,GAejBC;EAAsB,SAGtBC,MAAAA,EAAAA,aAAAA;EAAgE,SAIhEC,GAAAA,EAAAA,MAAAA;AAAgE,CAAA;;;;UA7EhEV,cAAAA,CAwFwF;EAAA,OAExFY,CAAAA,GAAAA,EAzFKb,SAyFLa,CAAAA,EAzFiBX,OAyFjBW,CAAAA,MAAgC,CAAA;EAGeH,UAAAA,CAAAA,IAAAA,EA3FtCP,MA2FsCO,CAAAA,MAAAA,EA3FvBV,SA2FuBU,CAAAA,CAAAA,EA3FVR,OA2FUQ,CA3FFP,MA2FEO,CAAAA,MAAAA,EAAAA,MAAAA,CAAAA,CAAAA;;UAzF/CN,YAAAA,CAyFgCD;EAATW,SAAAA,IAAAA,EAAAA,QAAAA,GAAAA,iBAAAA,GAAAA,QAAAA,GAAAA,QAAAA;EAHkBF,SAAAA,QAAAA,CAAAA,EAAAA,MAAAA;EAA4B,SAAA,cAAA,CAAA,EAnFnDd,gBAmFmD;EAAA,SAKrEiB,YAAAA,CAAAA,EAAAA;IAGLC,SAAAA,IAAAA,EAAAA,SAAAA,MAAwB,EAAA;IAKnBC,SAAAA,KAAAA,EAAAA,SAAiB,MAAA,EAEPD;EACM,CAAA;AAwBQ;;;KAnH7BX,kBAAAA,GA+H8CE;EAK1BU,SAAAA,IAAAA,EAAAA,MAAAA;EAAoCd,SAAAA,IAAAA,EAAAA,MAAAA;EAAyBG,SAAAA,IAAAA,EAAAA,MAAAA;CAK5DW,GAAAA;EAAmChB,SAAAA,IAAAA,EAAAA,SAAAA;EAAiBC,SAAAA,OAAAA,EAAAA,MAAAA;CAAO;;;;ACsIrF;UDnQUI,kBAAAA;;;wBAGcD;;;;;;;;;;UAUdE,aAAAA;wBACcJ;sBACFA,eAAeC;4BACTD,eAAeJ;qBACtBI;;;;;;;;;;;UAWXK,iBAAAA;;;;;;;;;;;;;;;UAeAC,sBAAAA;;;UAGAC,iCAAAA,SAA0CD;;;;UAI1CE,iCAAAA,SAA0CF;;;;UAI1CG,4BAAAA;iBACOjB;;;;;;6BAMYe,oCAAoCC;;UAEvDE,gCAAAA,SAAyCD;;;iCAGlBE,SAASX,eAAeO,oCAAoCC;;UAEnFI,8BAAAA,SAAuCH;;;KAG5CI,wBAAAA,GAA2BH,mCAAmCE;;;;;UAKzDE,iBAAAA;;oBAEUD;oBACAb;;;;;;;;;;;;;;;UAeVe,yBAAAA;;;;4BAIkBf;;;;;iBAKXc;;UAEPE,gBAAAA;;;;;wBAKcX;;;;;uBAKDU,4BAA4BX;;;;;yBAK1BU,oCAAoCd,yBAAyBG;;;;;0BAK5DW,mCAAmChB,iBAAiBC;;;;;;AAxLhER,cC8TD,iBD9TmD,EC8ThC,gBD9TgC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","names":["gatewayTypeValues","GatewayType","buildGatewaySessionLabel","buildToolSessionLabel","PinnedRealFsRoot","SecretSpec","SecretRef","SecretResolver","Promise","Record","VfsMountSpec","GatewayHealthCheck","GatewayProcessSpec","GatewayVmSpec","GatewayAuthConfig","GatewayAuthProfilesRef","OnePasswordGatewayAuthProfilesRef","EnvironmentGatewayAuthProfilesRef","GatewaySshSecretEnvMode","GatewaySshConfig","GatewayZoneBaseGatewayConfig","OpenClawGatewayZoneGatewayConfig","Readonly","WorkerGatewayZoneGatewayConfig","GatewayZoneGatewayConfig","GatewayZoneConfig","BuildGatewayVmSpecOptions","GatewayLifecycle","SplitResolvedGatewaySecretsResult","splitResolvedGatewaySecrets"],"sources":["../../gateway-interface/dist/index.d.ts","../src/openclaw-lifecycle.ts"],"sourcesContent":["//#region src/gateway-runtime-contract.d.ts\ndeclare const gatewayTypeValues: readonly [\"openclaw\", \"worker\"];\ntype GatewayType = (typeof gatewayTypeValues)[number];\ndeclare function buildGatewaySessionLabel(projectNamespace: string, zoneId: string): string;\ndeclare function buildToolSessionLabel(projectNamespace: string, zoneId: string, tcpSlot: number): string;\n//#endregion\n//#region ../gondolin-adapter/dist/index.d.ts\n\n//#endregion\n//#region src/pinned-realfs.d.ts\ninterface PinnedRealFsRoot {\n readonly hostPath: string;\n readonly realPath: string;\n readonly fd: number;\n readonly device: number;\n readonly inode: number;\n}\n//#endregion\n//#region src/types.d.ts\ninterface SecretSpec {\n readonly hosts: readonly string[];\n readonly value: string;\n}\ntype SecretRef = {\n readonly source: '1password';\n readonly ref: string;\n} | {\n readonly source: 'environment';\n readonly ref: string;\n};\n//#endregion\n//#region src/secret-resolver.d.ts\n\ninterface SecretResolver {\n resolve(ref: SecretRef): Promise<string>;\n resolveAll(refs: Record<string, SecretRef>): Promise<Record<string, string>>;\n}\ninterface VfsMountSpec {\n readonly kind: 'realfs' | 'realfs-readonly' | 'memory' | 'shadow';\n readonly hostPath?: string;\n readonly pinnedHostRoot?: PinnedRealFsRoot;\n readonly shadowConfig?: {\n readonly deny: readonly string[];\n readonly tmpfs: readonly string[];\n };\n}\n//#endregion\n//#region src/gateway-process-spec.d.ts\ntype GatewayHealthCheck = {\n readonly type: 'http';\n readonly port: number;\n readonly path: string;\n} | {\n readonly type: 'command';\n readonly command: string;\n};\n/**\n * Everything about the process running inside the VM.\n * Retained by the running gateway handle for logs, health, restart.\n */\ninterface GatewayProcessSpec {\n readonly bootstrapCommand: string;\n readonly startCommand: string;\n readonly healthCheck: GatewayHealthCheck;\n readonly guestListenPort: number;\n readonly logPath: string;\n}\n//#endregion\n//#region src/gateway-vm-spec.d.ts\n/**\n * Everything the controller needs to create the Gondolin VM.\n * Lifecycle implementations own the full Gondolin-facing contract.\n */\ninterface GatewayVmSpec {\n readonly environment: Record<string, string>;\n readonly vfsMounts: Record<string, VfsMountSpec>;\n readonly mediatedSecrets: Record<string, SecretSpec>;\n readonly tcpHosts: Record<string, string>;\n readonly allowedHosts: readonly string[];\n readonly rootfsMode: 'readonly' | 'memory' | 'cow';\n readonly sessionLabel: string;\n}\n//#endregion\n//#region src/gateway-lifecycle.d.ts\n/**\n * Describes how to run interactive auth for a gateway type.\n * Static property — available without a running VM.\n */\ninterface GatewayAuthConfig {\n /**\n * Shell command to list available auth providers inside the VM.\n * Should output one provider name per line to stdout.\n */\n readonly listProvidersCommand: string;\n /**\n * Build the shell command for interactive auth login.\n * The CLI passes this as the SSH remote command with -t (TTY).\n */\n readonly buildLoginCommand: (provider: string, options?: {\n readonly deviceCode?: boolean;\n readonly setDefault?: boolean;\n }) => string;\n}\ninterface GatewayAuthProfilesRef {\n readonly source: '1password' | 'environment';\n}\ninterface OnePasswordGatewayAuthProfilesRef extends GatewayAuthProfilesRef {\n readonly source: '1password';\n readonly ref: string;\n}\ninterface EnvironmentGatewayAuthProfilesRef extends GatewayAuthProfilesRef {\n readonly source: 'environment';\n readonly envVar: string;\n}\ntype GatewaySshSecretEnvMode = 'always' | 'explicit' | 'never';\ninterface GatewaySshConfig {\n readonly secretEnv: GatewaySshSecretEnvMode;\n}\ninterface GatewayZoneBaseGatewayConfig {\n readonly type: GatewayType;\n readonly memory: string;\n readonly cpus: number;\n readonly port: number;\n readonly config: string;\n readonly stateDir: string;\n readonly ssh: GatewaySshConfig;\n readonly authProfilesRef?: OnePasswordGatewayAuthProfilesRef | EnvironmentGatewayAuthProfilesRef | undefined;\n}\ninterface OpenClawGatewayZoneGatewayConfig extends GatewayZoneBaseGatewayConfig {\n readonly type: 'openclaw';\n readonly zoneFilesDir: string;\n readonly authProfilesByAgent?: Readonly<Record<string, OnePasswordGatewayAuthProfilesRef | EnvironmentGatewayAuthProfilesRef>>;\n}\ninterface WorkerGatewayZoneGatewayConfig extends GatewayZoneBaseGatewayConfig {\n readonly type: 'worker';\n}\ntype GatewayZoneGatewayConfig = OpenClawGatewayZoneGatewayConfig | WorkerGatewayZoneGatewayConfig;\n/**\n * Zone config as the lifecycle sees it.\n * Decoupled from SystemConfig — the controller maps into this shape.\n */\ninterface GatewayZoneConfig {\n readonly id: string;\n readonly gateway: GatewayZoneGatewayConfig;\n readonly secrets: Record<string, {\n readonly source: '1password';\n readonly ref: string;\n readonly injection: 'env' | 'http-mediation';\n readonly hosts?: readonly string[] | undefined;\n } | {\n readonly source: 'environment';\n readonly envVar: string;\n readonly injection: 'env' | 'http-mediation';\n readonly hosts?: readonly string[] | undefined;\n }>;\n readonly allowedHosts: readonly string[];\n readonly websocketBypass: readonly string[];\n readonly defaultToolVmProfile?: string;\n}\ninterface BuildGatewayVmSpecOptions {\n readonly controllerPort: number;\n readonly gatewayCacheDir: string;\n readonly projectNamespace: string;\n readonly resolvedSecrets: Record<string, string>;\n readonly tcpPool: {\n readonly basePort: number;\n readonly size: number;\n };\n readonly zone: GatewayZoneConfig;\n}\ninterface GatewayLifecycle {\n /**\n * How to run interactive auth for this gateway type.\n * Absent means the gateway type does not support interactive auth.\n */\n readonly authConfig?: GatewayAuthConfig | undefined;\n /**\n * Build the full VM spec — everything Gondolin needs to create the VM.\n * Pure data assembly — no side effects.\n */\n buildVmSpec(options: BuildGatewayVmSpecOptions): GatewayVmSpec;\n /**\n * Build the process spec — everything about startup, health, and logging.\n * Pure data assembly — no side effects.\n */\n buildProcessSpec(zone: GatewayZoneConfig, resolvedSecrets: Record<string, string>): GatewayProcessSpec;\n /**\n * Optional hook to prepare host-side state before the VM boots.\n * Example: writing auth-profiles.json from 1Password.\n */\n prepareHostState?(zone: GatewayZoneConfig, secretResolver: SecretResolver): Promise<void>;\n}\n//#endregion\n//#region src/split-resolved-gateway-secrets.d.ts\ninterface SplitResolvedGatewaySecretsResult {\n readonly environmentSecrets: Record<string, string>;\n readonly mediatedSecrets: Record<string, SecretSpec>;\n}\ndeclare function splitResolvedGatewaySecrets(zone: GatewayZoneConfig, resolvedSecrets: Record<string, string>): SplitResolvedGatewaySecretsResult;\n//#endregion\nexport { type BuildGatewayVmSpecOptions, type GatewayAuthConfig, type GatewayHealthCheck, type GatewayLifecycle, type GatewayProcessSpec, type GatewayType, type GatewayVmSpec, type GatewayZoneConfig, type SplitResolvedGatewaySecretsResult, buildGatewaySessionLabel, buildToolSessionLabel, gatewayTypeValues, splitResolvedGatewaySecrets };\n//# sourceMappingURL=index.d.ts.map"],"mappings":";;cACcA,iBAAkD,EAAA,SAAA,CAAA,UAAA,EAAA,QAAA,CAAA;AAAA,KAC3DC,WAAAA,GAAW,CAAA,OAAWD,iBAAAA,CAAAA,CAAAA,MAAiB,CAAA;AAiBxB;AAIN;;;;UAbJI,gBAAAA,CAyBSK;EAAoCA,SAAAA,QAAAA,EAAAA,MAAAA;EAARD,SAAAA,QAAAA,EAAAA,MAAAA;EAAO,SAAA,EAAA,EAAA,MAAA;EAAA,SAE5CE,MAAAA,EAAY,MAAA;EAGsB,SAQvCC,KAAAA,EAAAA,MAAAA;AAAkB;AAemB;;UA5ChCN,UAAAA,CAwD2BK;EAAfD,SAAAA,KAAAA,EAAAA,SAAAA,MAAAA,EAAAA;EACqBJ,SAAAA,KAAAA,EAAAA,MAAAA;;KArDtCC,SAAAA,GAsDgBG;EAAM,SAAA,MAAA,EAAA,WAAA;EAAA,SAWjBK,GAAAA,EAAAA,MAAAA;AAAiB,CAAA,GAejBC;EAAsB,SAGtBC,MAAAA,EAAAA,aAAAA;EAAgE,SAIhEC,GAAAA,EAAAA,MAAAA;AAAgE,CAAA;AAI9C;AAEiB;;UAnFnCV,cAAAA,CA4FMY;EACaH,OAAAA,CAAAA,GAAAA,EA5FdV,SA4FcU,CAAAA,EA5FFR,OA4FEQ,CAAAA,MAAAA,CAAAA;EAAoCC,UAAAA,CAAAA,IAAAA,EA3F9CR,MA2F8CQ,CAAAA,MAAAA,EA3F/BX,SA2F+BW,CAAAA,CAAAA,EA3FlBT,OA2FkBS,CA3FVR,MA2FUQ,CAAAA,MAAAA,EAAAA,MAAAA,CAAAA,CAAAA;;AAAiC,UAzFxFP,YAAAA,CA2FAW;EAG+CL,SAAAA,IAAAA,EAAAA,QAAAA,GAAAA,iBAAAA,GAAAA,QAAAA,GAAAA,QAAAA;EAAoCC,SAAAA,QAAAA,CAAAA,EAAAA,MAAAA;EAAnDR,SAAAA,cAAAA,CAAAA,EA3FdL,gBA2FcK;EAATa,SAAAA,YAAAA,CAAAA,EAAAA;IAHkBF,SAAAA,IAAAA,EAAAA,SAAAA,MAAAA,EAAAA;IAA4B,SAAA,KAAA,EAAA,SAAA,MAAA,EAAA;EAAA,CAAA;AAKF;AAGoB;AAQvE;AAwBQ,KAxH7BT,kBAAAA,GA0HqB;EAKFG,SAAAA,IAAAA,EAAAA,MAAAA;EAKDY,SAAAA,IAAAA,EAAAA,MAAAA;EAA4Bb,SAAAA,IAAAA,EAAAA,MAAAA;CAK1BY,GAAAA;EAAoChB,SAAAA,IAAAA,EAAAA,SAAAA;EAAyBG,SAAAA,OAAAA,EAAAA,MAAAA;CAK5Da;;;;;UAlIhBb,kBAAAA;;ECyOV,SAAa,YAAA,EAgGZ,MAAA;wBDtUuBD;;;;;;;;;;UAUdE,aAAAA;wBACcJ;sBACFA,eAAeC;4BACTD,eAAeJ;qBACtBI;;;;;;;;;;;UAWXK,iBAAAA;;;;;;;;;;;;;;;UAeAC,sBAAAA;;;UAGAC,iCAAAA,SAA0CD;;;;UAI1CE,iCAAAA,SAA0CF;;;;KAI/CG,uBAAAA;UACKC,gBAAAA;sBACYD;;UAEZE,4BAAAA;iBACOnB;;;;;;gBAMDkB;6BACaH,oCAAoCC;;UAEvDI,gCAAAA,SAAyCD;;;iCAGlBE,SAASb,eAAeO,oCAAoCC;;UAEnFM,8BAAAA,SAAuCH;;;KAG5CI,wBAAAA,GAA2BH,mCAAmCE;;;;;UAKzDE,iBAAAA;;oBAEUD;oBACAf;;;;;;;;;;;;;;;UAeViB,yBAAAA;;;;4BAIkBjB;;;;;iBAKXgB;;UAEPE,gBAAAA;;;;;wBAKcb;;;;;uBAKDY,4BAA4Bb;;;;;yBAK1BY,oCAAoChB,yBAAyBG;;;;;0BAK5Da,mCAAmClB,iBAAiBC;;;;;;AA7LhER,cCoSD,iBDpSmD,ECoShC,gBDpSgC"}
|
package/dist/index.js
CHANGED
|
@@ -10,12 +10,9 @@ const openClawStateDirVmPath = "/home/openclaw/.openclaw/state";
|
|
|
10
10
|
const openClawCacheDirVmPath = "/home/openclaw/.openclaw/cache";
|
|
11
11
|
const openClawZoneFilesDirVmPath = "/zone";
|
|
12
12
|
const openClawShellEnvFilePath = "/etc/profile.d/openclaw-env.sh";
|
|
13
|
-
const openClawAdminShellEnvFilePath = "/etc/profile.d/openclaw-admin.sh";
|
|
14
13
|
const openClawRuntimeSecretsEnvFilePath = "/run/openclaw/secrets.env";
|
|
15
|
-
const openClawGatewayAuthEnvFilePath = "/run/openclaw/gateway-auth.env";
|
|
16
|
-
const openClawGatewayTokenEnvVar = "OPENCLAW_GATEWAY_TOKEN";
|
|
17
14
|
const openClawGatewayTokenSecretRef = {
|
|
18
|
-
id:
|
|
15
|
+
id: "OPENCLAW_GATEWAY_TOKEN",
|
|
19
16
|
provider: "default",
|
|
20
17
|
source: "env"
|
|
21
18
|
};
|
|
@@ -46,27 +43,11 @@ function buildOpenClawBootstrapCommand(zone, resolvedSecrets) {
|
|
|
46
43
|
"export NODE_EXTRA_CA_CERTS=/run/gondolin/ca-certificates.crt"
|
|
47
44
|
];
|
|
48
45
|
const secretEnvironmentLines = Object.entries(environmentSecrets).map(([secretName, secretValue]) => `export ${secretName}=${shellQuote(secretValue)}`);
|
|
49
|
-
const gatewayToken = resolvedSecrets[openClawGatewayTokenEnvVar];
|
|
50
|
-
const gatewayAuthLines = typeof gatewayToken === "string" ? [`export ${openClawGatewayTokenEnvVar}=${shellQuote(gatewayToken)}`] : [];
|
|
51
|
-
const adminShellLines = [
|
|
52
|
-
"if [ \"$(id -u)\" = \"0\" ]; then",
|
|
53
|
-
" openclaw() (",
|
|
54
|
-
" set -a",
|
|
55
|
-
`\t\t[ -r ${openClawGatewayAuthEnvFilePath} ] && . ${openClawGatewayAuthEnvFilePath}`,
|
|
56
|
-
" set +a",
|
|
57
|
-
" command openclaw \"$@\"",
|
|
58
|
-
" )",
|
|
59
|
-
"fi"
|
|
60
|
-
];
|
|
61
46
|
return `mkdir -p /root /etc/profile.d /run/openclaw /work/tmp /work/cache/npm /work/cache/pnpm/store /work/cache/pip /work/cache/uv && chown -R openclaw:openclaw /work && cat > ${openClawShellEnvFilePath} << 'ENVEOF'\n` + environmentLines.join("\n") + `
|
|
62
47
|
ENVEOF
|
|
63
48
|
chmod 644 ${openClawShellEnvFilePath} && cat > ${openClawRuntimeSecretsEnvFilePath} << 'ENVEOF'\n` + secretEnvironmentLines.join("\n") + `
|
|
64
49
|
ENVEOF
|
|
65
|
-
chmod 600 ${openClawRuntimeSecretsEnvFilePath} &&
|
|
66
|
-
ENVEOF
|
|
67
|
-
chmod 600 ${openClawGatewayAuthEnvFilePath} && cat > ${openClawAdminShellEnvFilePath} << 'ENVEOF'\n` + adminShellLines.join("\n") + `
|
|
68
|
-
ENVEOF
|
|
69
|
-
chmod 644 ${openClawAdminShellEnvFilePath} && touch /root/.bashrc && grep -qxF 'source ${openClawShellEnvFilePath}' /root/.bashrc || echo 'source ${openClawShellEnvFilePath}' >> /root/.bashrc && grep -qxF 'source ${openClawAdminShellEnvFilePath}' /root/.bashrc || echo 'source ${openClawAdminShellEnvFilePath}' >> /root/.bashrc && touch /root/.bash_profile && grep -qxF 'source /root/.bashrc' /root/.bash_profile || echo 'source /root/.bashrc' >> /root/.bash_profile`;
|
|
50
|
+
chmod 600 ${openClawRuntimeSecretsEnvFilePath} && touch /root/.bashrc && grep -qxF 'source ${openClawShellEnvFilePath}' /root/.bashrc || echo 'source ${openClawShellEnvFilePath}' >> /root/.bashrc && touch /root/.bash_profile && grep -qxF 'source /root/.bashrc' /root/.bash_profile || echo 'source /root/.bashrc' >> /root/.bash_profile`;
|
|
70
51
|
}
|
|
71
52
|
function getEffectiveOpenClawConfigHostPath(zone) {
|
|
72
53
|
return path.join(zone.gateway.stateDir, effectiveOpenClawConfigFileName);
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","names":["openClawGatewayTokenSecretRef: OpenClawSecretRef","tcpHosts: Record<string, string>","parsedBaseConfig: unknown","openclawLifecycle: GatewayLifecycle","buildGatewaySessionLabelValue"],"sources":["../src/openclaw-lifecycle.ts"],"sourcesContent":["import { chmod, mkdir, readFile } from 'node:fs/promises';\nimport path from 'node:path';\n\nimport type {\n\tBuildGatewayVmSpecOptions,\n\tGatewayLifecycle,\n\tGatewayProcessSpec,\n\tGatewayZoneConfig,\n\tGatewayVmSpec,\n} from '@agent-vm/gateway-interface';\nimport {\n\tbuildGatewaySessionLabel as buildGatewaySessionLabelValue,\n\tsplitResolvedGatewaySecrets,\n} from '@agent-vm/gateway-interface';\nimport {\n\ttype SecretRef,\n\ttype SecretResolver,\n\twriteFileAtomically,\n} from '@agent-vm/gondolin-adapter';\n\nconst effectiveOpenClawConfigFileName = 'effective-openclaw.json';\nconst effectiveOpenClawConfigVmPath = `/home/openclaw/.openclaw/state/${effectiveOpenClawConfigFileName}`;\nconst openClawStateDirVmPath = '/home/openclaw/.openclaw/state';\nconst openClawCacheDirVmPath = '/home/openclaw/.openclaw/cache';\nconst openClawZoneFilesDirVmPath = '/zone';\nconst openClawShellEnvFilePath = '/etc/profile.d/openclaw-env.sh';\nconst openClawAdminShellEnvFilePath = '/etc/profile.d/openclaw-admin.sh';\nconst openClawRuntimeSecretsEnvFilePath = '/run/openclaw/secrets.env';\nconst openClawGatewayAuthEnvFilePath = '/run/openclaw/gateway-auth.env';\nconst openClawGatewayTokenEnvVar = 'OPENCLAW_GATEWAY_TOKEN';\n\ninterface OpenClawSecretRef {\n\treadonly id: string;\n\treadonly provider: string;\n\treadonly source: 'env';\n}\n\nconst openClawGatewayTokenSecretRef: OpenClawSecretRef = {\n\tid: openClawGatewayTokenEnvVar,\n\tprovider: 'default',\n\tsource: 'env',\n};\n\nfunction isObjectRecord(value: unknown): value is Record<string, unknown> {\n\treturn typeof value === 'object' && value !== null && !Array.isArray(value);\n}\n\nfunction buildGatewayTcpHosts(\n\tzone: GatewayZoneConfig,\n\tcontrollerPort: number,\n\ttcpPool: { readonly basePort: number; readonly size: number },\n): Record<string, string> {\n\tconst tcpHosts: Record<string, string> = {\n\t\t'controller.vm.host:18800': `127.0.0.1:${controllerPort}`,\n\t};\n\n\tfor (let slot = 0; slot < tcpPool.size; slot += 1) {\n\t\ttcpHosts[`tool-${slot}.vm.host:22`] = `127.0.0.1:${tcpPool.basePort + slot}`;\n\t}\n\n\tfor (const websocketHost of zone.websocketBypass) {\n\t\ttcpHosts[websocketHost] = websocketHost;\n\t}\n\n\treturn tcpHosts;\n}\n\nfunction buildOpenClawBootstrapCommand(\n\tzone: GatewayZoneConfig,\n\tresolvedSecrets: Record<string, string>,\n): string {\n\tconst { environmentSecrets } = splitResolvedGatewaySecrets(zone, resolvedSecrets);\n\tconst environmentLines = [\n\t\t'export OPENCLAW_HOME=/home/openclaw',\n\t\t`export OPENCLAW_CONFIG_PATH=${effectiveOpenClawConfigVmPath}`,\n\t\t`export OPENCLAW_STATE_DIR=${openClawStateDirVmPath}`,\n\t\t'export PNPM_HOME=/pnpm',\n\t\t'export PATH=/pnpm:$PATH',\n\t\t'export TMPDIR=/work/tmp',\n\t\t'export TMP=/work/tmp',\n\t\t'export TEMP=/work/tmp',\n\t\t'export npm_config_cache=/work/cache/npm',\n\t\t'export pnpm_config_store_dir=/work/cache/pnpm/store',\n\t\t'export PIP_CACHE_DIR=/work/cache/pip',\n\t\t'export UV_CACHE_DIR=/work/cache/uv',\n\t\t'export NODE_EXTRA_CA_CERTS=/run/gondolin/ca-certificates.crt',\n\t];\n\tconst secretEnvironmentLines = Object.entries(environmentSecrets).map(\n\t\t([secretName, secretValue]) => `export ${secretName}=${shellQuote(secretValue)}`,\n\t);\n\tconst gatewayToken = resolvedSecrets[openClawGatewayTokenEnvVar];\n\tconst gatewayAuthLines =\n\t\ttypeof gatewayToken === 'string'\n\t\t\t? [`export ${openClawGatewayTokenEnvVar}=${shellQuote(gatewayToken)}`]\n\t\t\t: [];\n\tconst adminShellLines = [\n\t\t'if [ \"$(id -u)\" = \"0\" ]; then',\n\t\t'\\topenclaw() (',\n\t\t'\\t\\tset -a',\n\t\t`\\t\\t[ -r ${openClawGatewayAuthEnvFilePath} ] && . ${openClawGatewayAuthEnvFilePath}`,\n\t\t'\\t\\tset +a',\n\t\t'\\t\\tcommand openclaw \"$@\"',\n\t\t'\\t)',\n\t\t'fi',\n\t];\n\n\treturn (\n\t\t`mkdir -p /root /etc/profile.d /run/openclaw /work/tmp /work/cache/npm /work/cache/pnpm/store /work/cache/pip /work/cache/uv && chown -R openclaw:openclaw /work && cat > ${openClawShellEnvFilePath} << 'ENVEOF'\\n` +\n\t\tenvironmentLines.join('\\n') +\n\t\t'\\nENVEOF\\n' +\n\t\t`chmod 644 ${openClawShellEnvFilePath} && ` +\n\t\t`cat > ${openClawRuntimeSecretsEnvFilePath} << 'ENVEOF'\\n` +\n\t\tsecretEnvironmentLines.join('\\n') +\n\t\t'\\nENVEOF\\n' +\n\t\t`chmod 600 ${openClawRuntimeSecretsEnvFilePath} && ` +\n\t\t`cat > ${openClawGatewayAuthEnvFilePath} << 'ENVEOF'\\n` +\n\t\tgatewayAuthLines.join('\\n') +\n\t\t'\\nENVEOF\\n' +\n\t\t`chmod 600 ${openClawGatewayAuthEnvFilePath} && ` +\n\t\t`cat > ${openClawAdminShellEnvFilePath} << 'ENVEOF'\\n` +\n\t\tadminShellLines.join('\\n') +\n\t\t'\\nENVEOF\\n' +\n\t\t`chmod 644 ${openClawAdminShellEnvFilePath} && ` +\n\t\t'touch /root/.bashrc && ' +\n\t\t`grep -qxF 'source ${openClawShellEnvFilePath}' /root/.bashrc || echo 'source ${openClawShellEnvFilePath}' >> /root/.bashrc && ` +\n\t\t`grep -qxF 'source ${openClawAdminShellEnvFilePath}' /root/.bashrc || echo 'source ${openClawAdminShellEnvFilePath}' >> /root/.bashrc && ` +\n\t\t'touch /root/.bash_profile && ' +\n\t\t\"grep -qxF 'source /root/.bashrc' /root/.bash_profile || echo 'source /root/.bashrc' >> /root/.bash_profile\"\n\t);\n}\n\nfunction getEffectiveOpenClawConfigHostPath(zone: GatewayZoneConfig): string {\n\treturn path.join(zone.gateway.stateDir, effectiveOpenClawConfigFileName);\n}\n\nfunction shellQuote(value: string): string {\n\treturn `'${value.replace(/'/gu, `'\\\\''`)}'`;\n}\n\ntype SourceAwareSecretReference =\n\t| {\n\t\t\treadonly source: 'environment';\n\t\t\treadonly envVar: string;\n\t }\n\t| {\n\t\t\treadonly source: '1password';\n\t\t\treadonly ref: string;\n\t };\n\nfunction isSourceAwareSecretReference(value: unknown): value is SourceAwareSecretReference {\n\tif (typeof value !== 'object' || value === null) {\n\t\treturn false;\n\t}\n\n\tif (!('source' in value) || typeof value.source !== 'string') {\n\t\treturn false;\n\t}\n\n\tif (value.source === 'environment') {\n\t\treturn 'envVar' in value && typeof value.envVar === 'string';\n\t}\n\n\tif (value.source === '1password') {\n\t\treturn 'ref' in value && typeof value.ref === 'string';\n\t}\n\n\treturn false;\n}\n\nfunction toSecretRef(secret: SourceAwareSecretReference): SecretRef {\n\treturn secret.source === 'environment'\n\t\t? {\n\t\t\t\tsource: 'environment',\n\t\t\t\tref: secret.envVar,\n\t\t\t}\n\t\t: {\n\t\t\t\tsource: '1password',\n\t\t\t\tref: secret.ref,\n\t\t\t};\n}\n\nfunction describeSecretReference(secret: SourceAwareSecretReference): string {\n\treturn secret.source === 'environment' ? secret.envVar : secret.ref;\n}\n\nfunction buildEffectiveSecretsConfig(\n\tparsedBaseConfig: Record<string, unknown>,\n): Record<string, unknown> {\n\tconst existingSecretsConfig = isObjectRecord(parsedBaseConfig.secrets)\n\t\t? parsedBaseConfig.secrets\n\t\t: {};\n\tconst existingProvidersConfig = isObjectRecord(existingSecretsConfig.providers)\n\t\t? existingSecretsConfig.providers\n\t\t: {};\n\n\treturn {\n\t\t...existingSecretsConfig,\n\t\tproviders: {\n\t\t\t...existingProvidersConfig,\n\t\t\tdefault: {\n\t\t\t\tsource: 'env',\n\t\t\t},\n\t\t},\n\t};\n}\n\nasync function writeAuthProfilesIfConfigured(\n\tzone: GatewayZoneConfig,\n\tsecretResolver: SecretResolver,\n): Promise<void> {\n\tconst authProfilesByAgent = {\n\t\t...(zone.gateway.authProfilesRef ? { main: zone.gateway.authProfilesRef } : {}),\n\t\t...(zone.gateway.type === 'openclaw' ? (zone.gateway.authProfilesByAgent ?? {}) : {}),\n\t};\n\n\tconst writeResults = await Promise.allSettled(\n\t\tObject.entries(authProfilesByAgent).map(async ([agentId, authProfilesSecretCandidate]) => {\n\t\t\tif (!isSourceAwareSecretReference(authProfilesSecretCandidate)) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Zone '${zone.id}' has an invalid auth profile shape for agent '${agentId}'.`,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst authProfilesSecret = authProfilesSecretCandidate;\n\n\t\t\ttry {\n\t\t\t\tconst authProfilesDirectory = path.join(zone.gateway.stateDir, 'agents', agentId, 'agent');\n\t\t\t\tawait mkdir(authProfilesDirectory, { recursive: true, mode: 0o700 });\n\t\t\t\tawait chmod(authProfilesDirectory, 0o700);\n\t\t\t\tconst authProfiles = await secretResolver.resolve(toSecretRef(authProfilesSecret));\n\t\t\t\tawait writeFileAtomically(\n\t\t\t\t\tpath.join(authProfilesDirectory, 'auth-profiles.json'),\n\t\t\t\t\tauthProfiles,\n\t\t\t\t\t{ mode: 0o600 },\n\t\t\t\t);\n\t\t\t} catch (error) {\n\t\t\t\tconst message = error instanceof Error ? error.message : String(error);\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Failed to write OpenClaw auth profiles for zone '${zone.id}' agent '${agentId}' from '${describeSecretReference(authProfilesSecret)}': ${message}`,\n\t\t\t\t\t{ cause: error },\n\t\t\t\t);\n\t\t\t}\n\t\t}),\n\t);\n\tconst writeErrors = writeResults\n\t\t.filter((result): result is PromiseRejectedResult => result.status === 'rejected')\n\t\t.map((result) =>\n\t\t\tresult.reason instanceof Error ? result.reason : new Error(String(result.reason)),\n\t\t);\n\tif (writeErrors.length > 0) {\n\t\tthrow new AggregateError(\n\t\t\twriteErrors,\n\t\t\t`Failed to write ${String(writeErrors.length)} OpenClaw auth profile file(s) for zone '${zone.id}'.`,\n\t\t);\n\t}\n}\n\nasync function writeEffectiveOpenClawConfig(zone: GatewayZoneConfig): Promise<void> {\n\tconst gatewayTokenSecret = zone.secrets.OPENCLAW_GATEWAY_TOKEN;\n\tif (!gatewayTokenSecret) {\n\t\tthrow new Error(\n\t\t\t`Zone '${zone.id}' secret 'OPENCLAW_GATEWAY_TOKEN' is missing. Add an explicit 1Password or environment reference such as 'op://agent-vm/${zone.id}-gateway-auth/password'.`,\n\t\t);\n\t}\n\tif (!isSourceAwareSecretReference(gatewayTokenSecret)) {\n\t\tthrow new Error(`Zone '${zone.id}' secret 'OPENCLAW_GATEWAY_TOKEN' has an invalid shape.`);\n\t}\n\n\ttry {\n\t\tif (gatewayTokenSecret.source === '1password' && !gatewayTokenSecret.ref) {\n\t\t\tthrow new Error(\n\t\t\t\t`Zone '${zone.id}' secret 'OPENCLAW_GATEWAY_TOKEN' is missing 'ref'. Add an explicit 1Password reference such as 'op://agent-vm/${zone.id}-gateway-auth/password'.`,\n\t\t\t);\n\t\t}\n\t\tif (gatewayTokenSecret.source === 'environment' && !gatewayTokenSecret.envVar) {\n\t\t\tthrow new Error(\n\t\t\t\t`Zone '${zone.id}' secret 'OPENCLAW_GATEWAY_TOKEN' is missing 'envVar'. Add an explicit environment variable name.`,\n\t\t\t);\n\t\t}\n\t\tconst rawBaseConfig = await readFile(zone.gateway.config, 'utf8');\n\t\tconst parsedBaseConfig: unknown = JSON.parse(rawBaseConfig);\n\t\tif (!isObjectRecord(parsedBaseConfig)) {\n\t\t\tthrow new Error(`OpenClaw config at '${zone.gateway.config}' must be a JSON object.`);\n\t\t}\n\t\tconst config = isObjectRecord(parsedBaseConfig.gateway) ? parsedBaseConfig.gateway : {};\n\t\tconst existingAuthConfig = isObjectRecord(config.auth) ? config.auth : {};\n\t\tconst effectiveConfig = {\n\t\t\t...parsedBaseConfig,\n\t\t\tgateway: {\n\t\t\t\t...config,\n\t\t\t\tauth: {\n\t\t\t\t\t...existingAuthConfig,\n\t\t\t\t\tmode: 'token',\n\t\t\t\t\ttoken: openClawGatewayTokenSecretRef,\n\t\t\t\t},\n\t\t\t},\n\t\t\tmeta: {\n\t\t\t\t...(isObjectRecord(parsedBaseConfig.meta) ? parsedBaseConfig.meta : {}),\n\t\t\t\tlastTouchedAt: new Date().toISOString(),\n\t\t\t\tlastTouchedVersion: 'agent-vm',\n\t\t\t},\n\t\t\tsecrets: buildEffectiveSecretsConfig(parsedBaseConfig),\n\t\t};\n\t\tconst effectiveConfigPath = getEffectiveOpenClawConfigHostPath(zone);\n\t\tawait mkdir(zone.gateway.stateDir, { recursive: true, mode: 0o700 });\n\t\tawait chmod(zone.gateway.stateDir, 0o700);\n\t\tawait writeFileAtomically(\n\t\t\teffectiveConfigPath,\n\t\t\t`${JSON.stringify(effectiveConfig, null, 2)}\\n`,\n\t\t\t{ mode: 0o600 },\n\t\t);\n\t} catch (error) {\n\t\tconst message = error instanceof Error ? error.message : String(error);\n\t\tthrow new Error(\n\t\t\t`Failed to write effective OpenClaw config for zone '${zone.id}' from '${zone.gateway.config}' using secret '${describeSecretReference(gatewayTokenSecret)}': ${message}`,\n\t\t\t{ cause: error },\n\t\t);\n\t}\n}\n\nexport const openclawLifecycle: GatewayLifecycle = {\n\tauthConfig: {\n\t\tlistProvidersCommand: 'openclaw models auth list --format plain 2>/dev/null || echo \"\"',\n\t\tbuildLoginCommand: (\n\t\t\tprovider: string,\n\t\t\toptions: { readonly deviceCode?: boolean; readonly setDefault?: boolean } = {},\n\t\t): string =>\n\t\t\t[\n\t\t\t\t`openclaw models auth login --provider ${shellQuote(provider)}`,\n\t\t\t\t...(options.deviceCode === true ? ['--device-code'] : []),\n\t\t\t\t...(options.setDefault === true ? ['--set-default'] : []),\n\t\t\t].join(' '),\n\t},\n\n\tbuildVmSpec({\n\t\tcontrollerPort,\n\t\tgatewayCacheDir,\n\t\tprojectNamespace,\n\t\tresolvedSecrets,\n\t\ttcpPool,\n\t\tzone,\n\t}: BuildGatewayVmSpecOptions): GatewayVmSpec {\n\t\tif (zone.gateway.type !== 'openclaw') {\n\t\t\tthrow new Error(`OpenClaw lifecycle cannot build gateway type '${zone.gateway.type}'.`);\n\t\t}\n\t\tconst configDirectory = path.dirname(path.resolve(zone.gateway.config));\n\t\tconst { environmentSecrets, mediatedSecrets } = splitResolvedGatewaySecrets(\n\t\t\tzone,\n\t\t\tresolvedSecrets,\n\t\t);\n\n\t\treturn {\n\t\t\tallowedHosts: [...zone.allowedHosts],\n\t\t\tenvironment: {\n\t\t\t\tHOME: '/home/openclaw',\n\t\t\t\tNODE_EXTRA_CA_CERTS: '/run/gondolin/ca-certificates.crt',\n\t\t\t\tOPENCLAW_CONFIG_PATH: effectiveOpenClawConfigVmPath,\n\t\t\t\tOPENCLAW_HOME: '/home/openclaw',\n\t\t\t\tOPENCLAW_STATE_DIR: openClawStateDirVmPath,\n\t\t\t\tPATH: `/pnpm:${process.env.PATH ?? ''}`,\n\t\t\t\tPIP_CACHE_DIR: '/work/cache/pip',\n\t\t\t\tPNPM_HOME: '/pnpm',\n\t\t\t\tTEMP: '/work/tmp',\n\t\t\t\tTMP: '/work/tmp',\n\t\t\t\tTMPDIR: '/work/tmp',\n\t\t\t\tUV_CACHE_DIR: '/work/cache/uv',\n\t\t\t\tnpm_config_cache: '/work/cache/npm',\n\t\t\t\tpnpm_config_store_dir: '/work/cache/pnpm/store',\n\t\t\t\t...environmentSecrets,\n\t\t\t},\n\t\t\tmediatedSecrets,\n\t\t\trootfsMode: 'cow',\n\t\t\tsessionLabel: buildGatewaySessionLabelValue(projectNamespace, zone.id),\n\t\t\ttcpHosts: buildGatewayTcpHosts(zone, controllerPort, tcpPool),\n\t\t\tvfsMounts: {\n\t\t\t\t'/home/openclaw/.openclaw/config': {\n\t\t\t\t\thostPath: configDirectory,\n\t\t\t\t\tkind: 'realfs',\n\t\t\t\t},\n\t\t\t\t[openClawCacheDirVmPath]: {\n\t\t\t\t\thostPath: gatewayCacheDir,\n\t\t\t\t\tkind: 'realfs',\n\t\t\t\t},\n\t\t\t\t'/home/openclaw/.openclaw/state': {\n\t\t\t\t\thostPath: zone.gateway.stateDir,\n\t\t\t\t\tkind: 'realfs',\n\t\t\t\t},\n\t\t\t\t[openClawZoneFilesDirVmPath]: {\n\t\t\t\t\thostPath: zone.gateway.zoneFilesDir,\n\t\t\t\t\tkind: 'realfs',\n\t\t\t\t},\n\t\t\t},\n\t\t};\n\t},\n\n\tbuildProcessSpec(\n\t\tzone: GatewayZoneConfig,\n\t\tresolvedSecrets: Record<string, string>,\n\t): GatewayProcessSpec {\n\t\treturn {\n\t\t\tbootstrapCommand: buildOpenClawBootstrapCommand(zone, resolvedSecrets),\n\t\t\tstartCommand: `set -a && . ${openClawRuntimeSecretsEnvFilePath} && set +a && cd /home/openclaw && nohup openclaw gateway --port 18789 > /tmp/openclaw.log 2>&1 &`,\n\t\t\thealthCheck: {\n\t\t\t\ttype: 'http',\n\t\t\t\tport: 18789,\n\t\t\t\tpath: '/readyz',\n\t\t\t},\n\t\t\tguestListenPort: 18789,\n\t\t\tlogPath: '/tmp/openclaw.log',\n\t\t};\n\t},\n\n\tasync prepareHostState(zone: GatewayZoneConfig, secretResolver: SecretResolver): Promise<void> {\n\t\tawait writeEffectiveOpenClawConfig(zone);\n\t\tawait writeAuthProfilesIfConfigured(zone, secretResolver);\n\t},\n};\n"],"mappings":";;;;;;AAoBA,MAAM,kCAAkC;AACxC,MAAM,gCAAgC,kCAAkC;AACxE,MAAM,yBAAyB;AAC/B,MAAM,yBAAyB;AAC/B,MAAM,6BAA6B;AACnC,MAAM,2BAA2B;AACjC,MAAM,gCAAgC;AACtC,MAAM,oCAAoC;AAC1C,MAAM,iCAAiC;AACvC,MAAM,6BAA6B;AAQnC,MAAMA,gCAAmD;CACxD,IAAI;CACJ,UAAU;CACV,QAAQ;CACR;AAED,SAAS,eAAe,OAAkD;AACzE,QAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,MAAM;;AAG5E,SAAS,qBACR,MACA,gBACA,SACyB;CACzB,MAAMC,WAAmC,EACxC,4BAA4B,aAAa,kBACzC;AAED,MAAK,IAAI,OAAO,GAAG,OAAO,QAAQ,MAAM,QAAQ,EAC/C,UAAS,QAAQ,KAAK,gBAAgB,aAAa,QAAQ,WAAW;AAGvE,MAAK,MAAM,iBAAiB,KAAK,gBAChC,UAAS,iBAAiB;AAG3B,QAAO;;AAGR,SAAS,8BACR,MACA,iBACS;CACT,MAAM,EAAE,uBAAuB,4BAA4B,MAAM,gBAAgB;CACjF,MAAM,mBAAmB;EACxB;EACA,+BAA+B;EAC/B,6BAA6B;EAC7B;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;CACD,MAAM,yBAAyB,OAAO,QAAQ,mBAAmB,CAAC,KAChE,CAAC,YAAY,iBAAiB,UAAU,WAAW,GAAG,WAAW,YAAY,GAC9E;CACD,MAAM,eAAe,gBAAgB;CACrC,MAAM,mBACL,OAAO,iBAAiB,WACrB,CAAC,UAAU,2BAA2B,GAAG,WAAW,aAAa,GAAG,GACpE,EAAE;CACN,MAAM,kBAAkB;EACvB;EACA;EACA;EACA,YAAY,+BAA+B,UAAU;EACrD;EACA;EACA;EACA;EACA;AAED,QACC,4KAA4K,yBAAyB,kBACrM,iBAAiB,KAAK,KAAK,GAC3B;;YACa,yBAAyB,YAC7B,kCAAkC,kBAC3C,uBAAuB,KAAK,KAAK,GACjC;;YACa,kCAAkC,YACtC,+BAA+B,kBACxC,iBAAiB,KAAK,KAAK,GAC3B;;YACa,+BAA+B,YACnC,8BAA8B,kBACvC,gBAAgB,KAAK,KAAK,GAC1B;;YACa,8BAA8B,+CAEtB,yBAAyB,kCAAkC,yBAAyB,0CACpF,8BAA8B,kCAAkC,8BAA8B;;AAMrH,SAAS,mCAAmC,MAAiC;AAC5E,QAAO,KAAK,KAAK,KAAK,QAAQ,UAAU,gCAAgC;;AAGzE,SAAS,WAAW,OAAuB;AAC1C,QAAO,IAAI,MAAM,QAAQ,OAAO,QAAQ,CAAC;;AAa1C,SAAS,6BAA6B,OAAqD;AAC1F,KAAI,OAAO,UAAU,YAAY,UAAU,KAC1C,QAAO;AAGR,KAAI,EAAE,YAAY,UAAU,OAAO,MAAM,WAAW,SACnD,QAAO;AAGR,KAAI,MAAM,WAAW,cACpB,QAAO,YAAY,SAAS,OAAO,MAAM,WAAW;AAGrD,KAAI,MAAM,WAAW,YACpB,QAAO,SAAS,SAAS,OAAO,MAAM,QAAQ;AAG/C,QAAO;;AAGR,SAAS,YAAY,QAA+C;AACnE,QAAO,OAAO,WAAW,gBACtB;EACA,QAAQ;EACR,KAAK,OAAO;EACZ,GACA;EACA,QAAQ;EACR,KAAK,OAAO;EACZ;;AAGJ,SAAS,wBAAwB,QAA4C;AAC5E,QAAO,OAAO,WAAW,gBAAgB,OAAO,SAAS,OAAO;;AAGjE,SAAS,4BACR,kBAC0B;CAC1B,MAAM,wBAAwB,eAAe,iBAAiB,QAAQ,GACnE,iBAAiB,UACjB,EAAE;CACL,MAAM,0BAA0B,eAAe,sBAAsB,UAAU,GAC5E,sBAAsB,YACtB,EAAE;AAEL,QAAO;EACN,GAAG;EACH,WAAW;GACV,GAAG;GACH,SAAS,EACR,QAAQ,OACR;GACD;EACD;;AAGF,eAAe,8BACd,MACA,gBACgB;CAChB,MAAM,sBAAsB;EAC3B,GAAI,KAAK,QAAQ,kBAAkB,EAAE,MAAM,KAAK,QAAQ,iBAAiB,GAAG,EAAE;EAC9E,GAAI,KAAK,QAAQ,SAAS,aAAc,KAAK,QAAQ,uBAAuB,EAAE,GAAI,EAAE;EACpF;CA8BD,MAAM,eA5Be,MAAM,QAAQ,WAClC,OAAO,QAAQ,oBAAoB,CAAC,IAAI,OAAO,CAAC,SAAS,iCAAiC;AACzF,MAAI,CAAC,6BAA6B,4BAA4B,CAC7D,OAAM,IAAI,MACT,SAAS,KAAK,GAAG,iDAAiD,QAAQ,IAC1E;EAEF,MAAM,qBAAqB;AAE3B,MAAI;GACH,MAAM,wBAAwB,KAAK,KAAK,KAAK,QAAQ,UAAU,UAAU,SAAS,QAAQ;AAC1F,SAAM,MAAM,uBAAuB;IAAE,WAAW;IAAM,MAAM;IAAO,CAAC;AACpE,SAAM,MAAM,uBAAuB,IAAM;GACzC,MAAM,eAAe,MAAM,eAAe,QAAQ,YAAY,mBAAmB,CAAC;AAClF,SAAM,oBACL,KAAK,KAAK,uBAAuB,qBAAqB,EACtD,cACA,EAAE,MAAM,KAAO,CACf;WACO,OAAO;GACf,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;AACtE,SAAM,IAAI,MACT,oDAAoD,KAAK,GAAG,WAAW,QAAQ,UAAU,wBAAwB,mBAAmB,CAAC,KAAK,WAC1I,EAAE,OAAO,OAAO,CAChB;;GAED,CACF,EAEC,QAAQ,WAA4C,OAAO,WAAW,WAAW,CACjF,KAAK,WACL,OAAO,kBAAkB,QAAQ,OAAO,SAAS,IAAI,MAAM,OAAO,OAAO,OAAO,CAAC,CACjF;AACF,KAAI,YAAY,SAAS,EACxB,OAAM,IAAI,eACT,aACA,mBAAmB,OAAO,YAAY,OAAO,CAAC,2CAA2C,KAAK,GAAG,IACjG;;AAIH,eAAe,6BAA6B,MAAwC;CACnF,MAAM,qBAAqB,KAAK,QAAQ;AACxC,KAAI,CAAC,mBACJ,OAAM,IAAI,MACT,SAAS,KAAK,GAAG,0HAA0H,KAAK,GAAG,0BACnJ;AAEF,KAAI,CAAC,6BAA6B,mBAAmB,CACpD,OAAM,IAAI,MAAM,SAAS,KAAK,GAAG,yDAAyD;AAG3F,KAAI;AACH,MAAI,mBAAmB,WAAW,eAAe,CAAC,mBAAmB,IACpE,OAAM,IAAI,MACT,SAAS,KAAK,GAAG,iHAAiH,KAAK,GAAG,0BAC1I;AAEF,MAAI,mBAAmB,WAAW,iBAAiB,CAAC,mBAAmB,OACtE,OAAM,IAAI,MACT,SAAS,KAAK,GAAG,mGACjB;EAEF,MAAM,gBAAgB,MAAM,SAAS,KAAK,QAAQ,QAAQ,OAAO;EACjE,MAAMC,mBAA4B,KAAK,MAAM,cAAc;AAC3D,MAAI,CAAC,eAAe,iBAAiB,CACpC,OAAM,IAAI,MAAM,uBAAuB,KAAK,QAAQ,OAAO,0BAA0B;EAEtF,MAAM,SAAS,eAAe,iBAAiB,QAAQ,GAAG,iBAAiB,UAAU,EAAE;EACvF,MAAM,qBAAqB,eAAe,OAAO,KAAK,GAAG,OAAO,OAAO,EAAE;EACzE,MAAM,kBAAkB;GACvB,GAAG;GACH,SAAS;IACR,GAAG;IACH,MAAM;KACL,GAAG;KACH,MAAM;KACN,OAAO;KACP;IACD;GACD,MAAM;IACL,GAAI,eAAe,iBAAiB,KAAK,GAAG,iBAAiB,OAAO,EAAE;IACtE,gCAAe,IAAI,MAAM,EAAC,aAAa;IACvC,oBAAoB;IACpB;GACD,SAAS,4BAA4B,iBAAiB;GACtD;EACD,MAAM,sBAAsB,mCAAmC,KAAK;AACpE,QAAM,MAAM,KAAK,QAAQ,UAAU;GAAE,WAAW;GAAM,MAAM;GAAO,CAAC;AACpE,QAAM,MAAM,KAAK,QAAQ,UAAU,IAAM;AACzC,QAAM,oBACL,qBACA,GAAG,KAAK,UAAU,iBAAiB,MAAM,EAAE,CAAC,KAC5C,EAAE,MAAM,KAAO,CACf;UACO,OAAO;EACf,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;AACtE,QAAM,IAAI,MACT,uDAAuD,KAAK,GAAG,UAAU,KAAK,QAAQ,OAAO,kBAAkB,wBAAwB,mBAAmB,CAAC,KAAK,WAChK,EAAE,OAAO,OAAO,CAChB;;;AAIH,MAAaC,oBAAsC;CAClD,YAAY;EACX,sBAAsB;EACtB,oBACC,UACA,UAA4E,EAAE,KAE9E;GACC,yCAAyC,WAAW,SAAS;GAC7D,GAAI,QAAQ,eAAe,OAAO,CAAC,gBAAgB,GAAG,EAAE;GACxD,GAAI,QAAQ,eAAe,OAAO,CAAC,gBAAgB,GAAG,EAAE;GACxD,CAAC,KAAK,IAAI;EACZ;CAED,YAAY,EACX,gBACA,iBACA,kBACA,iBACA,SACA,QAC4C;AAC5C,MAAI,KAAK,QAAQ,SAAS,WACzB,OAAM,IAAI,MAAM,iDAAiD,KAAK,QAAQ,KAAK,IAAI;EAExF,MAAM,kBAAkB,KAAK,QAAQ,KAAK,QAAQ,KAAK,QAAQ,OAAO,CAAC;EACvE,MAAM,EAAE,oBAAoB,oBAAoB,4BAC/C,MACA,gBACA;AAED,SAAO;GACN,cAAc,CAAC,GAAG,KAAK,aAAa;GACpC,aAAa;IACZ,MAAM;IACN,qBAAqB;IACrB,sBAAsB;IACtB,eAAe;IACf,oBAAoB;IACpB,MAAM,SAAS,QAAQ,IAAI,QAAQ;IACnC,eAAe;IACf,WAAW;IACX,MAAM;IACN,KAAK;IACL,QAAQ;IACR,cAAc;IACd,kBAAkB;IAClB,uBAAuB;IACvB,GAAG;IACH;GACD;GACA,YAAY;GACZ,cAAcC,yBAA8B,kBAAkB,KAAK,GAAG;GACtE,UAAU,qBAAqB,MAAM,gBAAgB,QAAQ;GAC7D,WAAW;IACV,mCAAmC;KAClC,UAAU;KACV,MAAM;KACN;KACA,yBAAyB;KACzB,UAAU;KACV,MAAM;KACN;IACD,kCAAkC;KACjC,UAAU,KAAK,QAAQ;KACvB,MAAM;KACN;KACA,6BAA6B;KAC7B,UAAU,KAAK,QAAQ;KACvB,MAAM;KACN;IACD;GACD;;CAGF,iBACC,MACA,iBACqB;AACrB,SAAO;GACN,kBAAkB,8BAA8B,MAAM,gBAAgB;GACtE,cAAc,eAAe,kCAAkC;GAC/D,aAAa;IACZ,MAAM;IACN,MAAM;IACN,MAAM;IACN;GACD,iBAAiB;GACjB,SAAS;GACT;;CAGF,MAAM,iBAAiB,MAAyB,gBAA+C;AAC9F,QAAM,6BAA6B,KAAK;AACxC,QAAM,8BAA8B,MAAM,eAAe;;CAE1D"}
|
|
1
|
+
{"version":3,"file":"index.js","names":["openClawGatewayTokenSecretRef: OpenClawSecretRef","tcpHosts: Record<string, string>","parsedBaseConfig: unknown","openclawLifecycle: GatewayLifecycle","buildGatewaySessionLabelValue"],"sources":["../src/openclaw-lifecycle.ts"],"sourcesContent":["import { chmod, mkdir, readFile } from 'node:fs/promises';\nimport path from 'node:path';\n\nimport type {\n\tBuildGatewayVmSpecOptions,\n\tGatewayLifecycle,\n\tGatewayProcessSpec,\n\tGatewayZoneConfig,\n\tGatewayVmSpec,\n} from '@agent-vm/gateway-interface';\nimport {\n\tbuildGatewaySessionLabel as buildGatewaySessionLabelValue,\n\tsplitResolvedGatewaySecrets,\n} from '@agent-vm/gateway-interface';\nimport {\n\ttype SecretRef,\n\ttype SecretResolver,\n\twriteFileAtomically,\n} from '@agent-vm/gondolin-adapter';\n\nconst effectiveOpenClawConfigFileName = 'effective-openclaw.json';\nconst effectiveOpenClawConfigVmPath = `/home/openclaw/.openclaw/state/${effectiveOpenClawConfigFileName}`;\nconst openClawStateDirVmPath = '/home/openclaw/.openclaw/state';\nconst openClawCacheDirVmPath = '/home/openclaw/.openclaw/cache';\nconst openClawZoneFilesDirVmPath = '/zone';\nconst openClawShellEnvFilePath = '/etc/profile.d/openclaw-env.sh';\nconst openClawRuntimeSecretsEnvFilePath = '/run/openclaw/secrets.env';\nconst openClawGatewayTokenEnvVar = 'OPENCLAW_GATEWAY_TOKEN';\n\ninterface OpenClawSecretRef {\n\treadonly id: string;\n\treadonly provider: string;\n\treadonly source: 'env';\n}\n\nconst openClawGatewayTokenSecretRef: OpenClawSecretRef = {\n\tid: openClawGatewayTokenEnvVar,\n\tprovider: 'default',\n\tsource: 'env',\n};\n\nfunction isObjectRecord(value: unknown): value is Record<string, unknown> {\n\treturn typeof value === 'object' && value !== null && !Array.isArray(value);\n}\n\nfunction buildGatewayTcpHosts(\n\tzone: GatewayZoneConfig,\n\tcontrollerPort: number,\n\ttcpPool: { readonly basePort: number; readonly size: number },\n): Record<string, string> {\n\tconst tcpHosts: Record<string, string> = {\n\t\t'controller.vm.host:18800': `127.0.0.1:${controllerPort}`,\n\t};\n\n\tfor (let slot = 0; slot < tcpPool.size; slot += 1) {\n\t\ttcpHosts[`tool-${slot}.vm.host:22`] = `127.0.0.1:${tcpPool.basePort + slot}`;\n\t}\n\n\tfor (const websocketHost of zone.websocketBypass) {\n\t\ttcpHosts[websocketHost] = websocketHost;\n\t}\n\n\treturn tcpHosts;\n}\n\nfunction buildOpenClawBootstrapCommand(\n\tzone: GatewayZoneConfig,\n\tresolvedSecrets: Record<string, string>,\n): string {\n\tconst { environmentSecrets } = splitResolvedGatewaySecrets(zone, resolvedSecrets);\n\tconst environmentLines = [\n\t\t'export OPENCLAW_HOME=/home/openclaw',\n\t\t`export OPENCLAW_CONFIG_PATH=${effectiveOpenClawConfigVmPath}`,\n\t\t`export OPENCLAW_STATE_DIR=${openClawStateDirVmPath}`,\n\t\t'export PNPM_HOME=/pnpm',\n\t\t'export PATH=/pnpm:$PATH',\n\t\t'export TMPDIR=/work/tmp',\n\t\t'export TMP=/work/tmp',\n\t\t'export TEMP=/work/tmp',\n\t\t'export npm_config_cache=/work/cache/npm',\n\t\t'export pnpm_config_store_dir=/work/cache/pnpm/store',\n\t\t'export PIP_CACHE_DIR=/work/cache/pip',\n\t\t'export UV_CACHE_DIR=/work/cache/uv',\n\t\t'export NODE_EXTRA_CA_CERTS=/run/gondolin/ca-certificates.crt',\n\t];\n\tconst secretEnvironmentLines = Object.entries(environmentSecrets).map(\n\t\t([secretName, secretValue]) => `export ${secretName}=${shellQuote(secretValue)}`,\n\t);\n\n\treturn (\n\t\t`mkdir -p /root /etc/profile.d /run/openclaw /work/tmp /work/cache/npm /work/cache/pnpm/store /work/cache/pip /work/cache/uv && chown -R openclaw:openclaw /work && cat > ${openClawShellEnvFilePath} << 'ENVEOF'\\n` +\n\t\tenvironmentLines.join('\\n') +\n\t\t'\\nENVEOF\\n' +\n\t\t`chmod 644 ${openClawShellEnvFilePath} && ` +\n\t\t`cat > ${openClawRuntimeSecretsEnvFilePath} << 'ENVEOF'\\n` +\n\t\tsecretEnvironmentLines.join('\\n') +\n\t\t'\\nENVEOF\\n' +\n\t\t`chmod 600 ${openClawRuntimeSecretsEnvFilePath} && ` +\n\t\t'touch /root/.bashrc && ' +\n\t\t`grep -qxF 'source ${openClawShellEnvFilePath}' /root/.bashrc || echo 'source ${openClawShellEnvFilePath}' >> /root/.bashrc && ` +\n\t\t'touch /root/.bash_profile && ' +\n\t\t\"grep -qxF 'source /root/.bashrc' /root/.bash_profile || echo 'source /root/.bashrc' >> /root/.bash_profile\"\n\t);\n}\n\nfunction getEffectiveOpenClawConfigHostPath(zone: GatewayZoneConfig): string {\n\treturn path.join(zone.gateway.stateDir, effectiveOpenClawConfigFileName);\n}\n\nfunction shellQuote(value: string): string {\n\treturn `'${value.replace(/'/gu, `'\\\\''`)}'`;\n}\n\ntype SourceAwareSecretReference =\n\t| {\n\t\t\treadonly source: 'environment';\n\t\t\treadonly envVar: string;\n\t }\n\t| {\n\t\t\treadonly source: '1password';\n\t\t\treadonly ref: string;\n\t };\n\nfunction isSourceAwareSecretReference(value: unknown): value is SourceAwareSecretReference {\n\tif (typeof value !== 'object' || value === null) {\n\t\treturn false;\n\t}\n\n\tif (!('source' in value) || typeof value.source !== 'string') {\n\t\treturn false;\n\t}\n\n\tif (value.source === 'environment') {\n\t\treturn 'envVar' in value && typeof value.envVar === 'string';\n\t}\n\n\tif (value.source === '1password') {\n\t\treturn 'ref' in value && typeof value.ref === 'string';\n\t}\n\n\treturn false;\n}\n\nfunction toSecretRef(secret: SourceAwareSecretReference): SecretRef {\n\treturn secret.source === 'environment'\n\t\t? {\n\t\t\t\tsource: 'environment',\n\t\t\t\tref: secret.envVar,\n\t\t\t}\n\t\t: {\n\t\t\t\tsource: '1password',\n\t\t\t\tref: secret.ref,\n\t\t\t};\n}\n\nfunction describeSecretReference(secret: SourceAwareSecretReference): string {\n\treturn secret.source === 'environment' ? secret.envVar : secret.ref;\n}\n\nfunction buildEffectiveSecretsConfig(\n\tparsedBaseConfig: Record<string, unknown>,\n): Record<string, unknown> {\n\tconst existingSecretsConfig = isObjectRecord(parsedBaseConfig.secrets)\n\t\t? parsedBaseConfig.secrets\n\t\t: {};\n\tconst existingProvidersConfig = isObjectRecord(existingSecretsConfig.providers)\n\t\t? existingSecretsConfig.providers\n\t\t: {};\n\n\treturn {\n\t\t...existingSecretsConfig,\n\t\tproviders: {\n\t\t\t...existingProvidersConfig,\n\t\t\tdefault: {\n\t\t\t\tsource: 'env',\n\t\t\t},\n\t\t},\n\t};\n}\n\nasync function writeAuthProfilesIfConfigured(\n\tzone: GatewayZoneConfig,\n\tsecretResolver: SecretResolver,\n): Promise<void> {\n\tconst authProfilesByAgent = {\n\t\t...(zone.gateway.authProfilesRef ? { main: zone.gateway.authProfilesRef } : {}),\n\t\t...(zone.gateway.type === 'openclaw' ? (zone.gateway.authProfilesByAgent ?? {}) : {}),\n\t};\n\n\tconst writeResults = await Promise.allSettled(\n\t\tObject.entries(authProfilesByAgent).map(async ([agentId, authProfilesSecretCandidate]) => {\n\t\t\tif (!isSourceAwareSecretReference(authProfilesSecretCandidate)) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Zone '${zone.id}' has an invalid auth profile shape for agent '${agentId}'.`,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst authProfilesSecret = authProfilesSecretCandidate;\n\n\t\t\ttry {\n\t\t\t\tconst authProfilesDirectory = path.join(zone.gateway.stateDir, 'agents', agentId, 'agent');\n\t\t\t\tawait mkdir(authProfilesDirectory, { recursive: true, mode: 0o700 });\n\t\t\t\tawait chmod(authProfilesDirectory, 0o700);\n\t\t\t\tconst authProfiles = await secretResolver.resolve(toSecretRef(authProfilesSecret));\n\t\t\t\tawait writeFileAtomically(\n\t\t\t\t\tpath.join(authProfilesDirectory, 'auth-profiles.json'),\n\t\t\t\t\tauthProfiles,\n\t\t\t\t\t{ mode: 0o600 },\n\t\t\t\t);\n\t\t\t} catch (error) {\n\t\t\t\tconst message = error instanceof Error ? error.message : String(error);\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Failed to write OpenClaw auth profiles for zone '${zone.id}' agent '${agentId}' from '${describeSecretReference(authProfilesSecret)}': ${message}`,\n\t\t\t\t\t{ cause: error },\n\t\t\t\t);\n\t\t\t}\n\t\t}),\n\t);\n\tconst writeErrors = writeResults\n\t\t.filter((result): result is PromiseRejectedResult => result.status === 'rejected')\n\t\t.map((result) =>\n\t\t\tresult.reason instanceof Error ? result.reason : new Error(String(result.reason)),\n\t\t);\n\tif (writeErrors.length > 0) {\n\t\tthrow new AggregateError(\n\t\t\twriteErrors,\n\t\t\t`Failed to write ${String(writeErrors.length)} OpenClaw auth profile file(s) for zone '${zone.id}'.`,\n\t\t);\n\t}\n}\n\nasync function writeEffectiveOpenClawConfig(zone: GatewayZoneConfig): Promise<void> {\n\tconst gatewayTokenSecret = zone.secrets.OPENCLAW_GATEWAY_TOKEN;\n\tif (!gatewayTokenSecret) {\n\t\tthrow new Error(\n\t\t\t`Zone '${zone.id}' secret 'OPENCLAW_GATEWAY_TOKEN' is missing. Add an explicit 1Password or environment reference such as 'op://agent-vm/${zone.id}-gateway-auth/password'.`,\n\t\t);\n\t}\n\tif (!isSourceAwareSecretReference(gatewayTokenSecret)) {\n\t\tthrow new Error(`Zone '${zone.id}' secret 'OPENCLAW_GATEWAY_TOKEN' has an invalid shape.`);\n\t}\n\n\ttry {\n\t\tif (gatewayTokenSecret.source === '1password' && !gatewayTokenSecret.ref) {\n\t\t\tthrow new Error(\n\t\t\t\t`Zone '${zone.id}' secret 'OPENCLAW_GATEWAY_TOKEN' is missing 'ref'. Add an explicit 1Password reference such as 'op://agent-vm/${zone.id}-gateway-auth/password'.`,\n\t\t\t);\n\t\t}\n\t\tif (gatewayTokenSecret.source === 'environment' && !gatewayTokenSecret.envVar) {\n\t\t\tthrow new Error(\n\t\t\t\t`Zone '${zone.id}' secret 'OPENCLAW_GATEWAY_TOKEN' is missing 'envVar'. Add an explicit environment variable name.`,\n\t\t\t);\n\t\t}\n\t\tconst rawBaseConfig = await readFile(zone.gateway.config, 'utf8');\n\t\tconst parsedBaseConfig: unknown = JSON.parse(rawBaseConfig);\n\t\tif (!isObjectRecord(parsedBaseConfig)) {\n\t\t\tthrow new Error(`OpenClaw config at '${zone.gateway.config}' must be a JSON object.`);\n\t\t}\n\t\tconst config = isObjectRecord(parsedBaseConfig.gateway) ? parsedBaseConfig.gateway : {};\n\t\tconst existingAuthConfig = isObjectRecord(config.auth) ? config.auth : {};\n\t\tconst effectiveConfig = {\n\t\t\t...parsedBaseConfig,\n\t\t\tgateway: {\n\t\t\t\t...config,\n\t\t\t\tauth: {\n\t\t\t\t\t...existingAuthConfig,\n\t\t\t\t\tmode: 'token',\n\t\t\t\t\ttoken: openClawGatewayTokenSecretRef,\n\t\t\t\t},\n\t\t\t},\n\t\t\tmeta: {\n\t\t\t\t...(isObjectRecord(parsedBaseConfig.meta) ? parsedBaseConfig.meta : {}),\n\t\t\t\tlastTouchedAt: new Date().toISOString(),\n\t\t\t\tlastTouchedVersion: 'agent-vm',\n\t\t\t},\n\t\t\tsecrets: buildEffectiveSecretsConfig(parsedBaseConfig),\n\t\t};\n\t\tconst effectiveConfigPath = getEffectiveOpenClawConfigHostPath(zone);\n\t\tawait mkdir(zone.gateway.stateDir, { recursive: true, mode: 0o700 });\n\t\tawait chmod(zone.gateway.stateDir, 0o700);\n\t\tawait writeFileAtomically(\n\t\t\teffectiveConfigPath,\n\t\t\t`${JSON.stringify(effectiveConfig, null, 2)}\\n`,\n\t\t\t{ mode: 0o600 },\n\t\t);\n\t} catch (error) {\n\t\tconst message = error instanceof Error ? error.message : String(error);\n\t\tthrow new Error(\n\t\t\t`Failed to write effective OpenClaw config for zone '${zone.id}' from '${zone.gateway.config}' using secret '${describeSecretReference(gatewayTokenSecret)}': ${message}`,\n\t\t\t{ cause: error },\n\t\t);\n\t}\n}\n\nexport const openclawLifecycle: GatewayLifecycle = {\n\tauthConfig: {\n\t\tlistProvidersCommand: 'openclaw models auth list --format plain 2>/dev/null || echo \"\"',\n\t\tbuildLoginCommand: (\n\t\t\tprovider: string,\n\t\t\toptions: { readonly deviceCode?: boolean; readonly setDefault?: boolean } = {},\n\t\t): string =>\n\t\t\t[\n\t\t\t\t`openclaw models auth login --provider ${shellQuote(provider)}`,\n\t\t\t\t...(options.deviceCode === true ? ['--device-code'] : []),\n\t\t\t\t...(options.setDefault === true ? ['--set-default'] : []),\n\t\t\t].join(' '),\n\t},\n\n\tbuildVmSpec({\n\t\tcontrollerPort,\n\t\tgatewayCacheDir,\n\t\tprojectNamespace,\n\t\tresolvedSecrets,\n\t\ttcpPool,\n\t\tzone,\n\t}: BuildGatewayVmSpecOptions): GatewayVmSpec {\n\t\tif (zone.gateway.type !== 'openclaw') {\n\t\t\tthrow new Error(`OpenClaw lifecycle cannot build gateway type '${zone.gateway.type}'.`);\n\t\t}\n\t\tconst configDirectory = path.dirname(path.resolve(zone.gateway.config));\n\t\tconst { environmentSecrets, mediatedSecrets } = splitResolvedGatewaySecrets(\n\t\t\tzone,\n\t\t\tresolvedSecrets,\n\t\t);\n\n\t\treturn {\n\t\t\tallowedHosts: [...zone.allowedHosts],\n\t\t\tenvironment: {\n\t\t\t\tHOME: '/home/openclaw',\n\t\t\t\tNODE_EXTRA_CA_CERTS: '/run/gondolin/ca-certificates.crt',\n\t\t\t\tOPENCLAW_CONFIG_PATH: effectiveOpenClawConfigVmPath,\n\t\t\t\tOPENCLAW_HOME: '/home/openclaw',\n\t\t\t\tOPENCLAW_STATE_DIR: openClawStateDirVmPath,\n\t\t\t\tPATH: `/pnpm:${process.env.PATH ?? ''}`,\n\t\t\t\tPIP_CACHE_DIR: '/work/cache/pip',\n\t\t\t\tPNPM_HOME: '/pnpm',\n\t\t\t\tTEMP: '/work/tmp',\n\t\t\t\tTMP: '/work/tmp',\n\t\t\t\tTMPDIR: '/work/tmp',\n\t\t\t\tUV_CACHE_DIR: '/work/cache/uv',\n\t\t\t\tnpm_config_cache: '/work/cache/npm',\n\t\t\t\tpnpm_config_store_dir: '/work/cache/pnpm/store',\n\t\t\t\t...environmentSecrets,\n\t\t\t},\n\t\t\tmediatedSecrets,\n\t\t\trootfsMode: 'cow',\n\t\t\tsessionLabel: buildGatewaySessionLabelValue(projectNamespace, zone.id),\n\t\t\ttcpHosts: buildGatewayTcpHosts(zone, controllerPort, tcpPool),\n\t\t\tvfsMounts: {\n\t\t\t\t'/home/openclaw/.openclaw/config': {\n\t\t\t\t\thostPath: configDirectory,\n\t\t\t\t\tkind: 'realfs',\n\t\t\t\t},\n\t\t\t\t[openClawCacheDirVmPath]: {\n\t\t\t\t\thostPath: gatewayCacheDir,\n\t\t\t\t\tkind: 'realfs',\n\t\t\t\t},\n\t\t\t\t'/home/openclaw/.openclaw/state': {\n\t\t\t\t\thostPath: zone.gateway.stateDir,\n\t\t\t\t\tkind: 'realfs',\n\t\t\t\t},\n\t\t\t\t[openClawZoneFilesDirVmPath]: {\n\t\t\t\t\thostPath: zone.gateway.zoneFilesDir,\n\t\t\t\t\tkind: 'realfs',\n\t\t\t\t},\n\t\t\t},\n\t\t};\n\t},\n\n\tbuildProcessSpec(\n\t\tzone: GatewayZoneConfig,\n\t\tresolvedSecrets: Record<string, string>,\n\t): GatewayProcessSpec {\n\t\treturn {\n\t\t\tbootstrapCommand: buildOpenClawBootstrapCommand(zone, resolvedSecrets),\n\t\t\tstartCommand: `set -a && . ${openClawRuntimeSecretsEnvFilePath} && set +a && cd /home/openclaw && nohup openclaw gateway --port 18789 > /tmp/openclaw.log 2>&1 &`,\n\t\t\thealthCheck: {\n\t\t\t\ttype: 'http',\n\t\t\t\tport: 18789,\n\t\t\t\tpath: '/readyz',\n\t\t\t},\n\t\t\tguestListenPort: 18789,\n\t\t\tlogPath: '/tmp/openclaw.log',\n\t\t};\n\t},\n\n\tasync prepareHostState(zone: GatewayZoneConfig, secretResolver: SecretResolver): Promise<void> {\n\t\tawait writeEffectiveOpenClawConfig(zone);\n\t\tawait writeAuthProfilesIfConfigured(zone, secretResolver);\n\t},\n};\n"],"mappings":";;;;;;AAoBA,MAAM,kCAAkC;AACxC,MAAM,gCAAgC,kCAAkC;AACxE,MAAM,yBAAyB;AAC/B,MAAM,yBAAyB;AAC/B,MAAM,6BAA6B;AACnC,MAAM,2BAA2B;AACjC,MAAM,oCAAoC;AAS1C,MAAMA,gCAAmD;CACxD,IATkC;CAUlC,UAAU;CACV,QAAQ;CACR;AAED,SAAS,eAAe,OAAkD;AACzE,QAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,MAAM;;AAG5E,SAAS,qBACR,MACA,gBACA,SACyB;CACzB,MAAMC,WAAmC,EACxC,4BAA4B,aAAa,kBACzC;AAED,MAAK,IAAI,OAAO,GAAG,OAAO,QAAQ,MAAM,QAAQ,EAC/C,UAAS,QAAQ,KAAK,gBAAgB,aAAa,QAAQ,WAAW;AAGvE,MAAK,MAAM,iBAAiB,KAAK,gBAChC,UAAS,iBAAiB;AAG3B,QAAO;;AAGR,SAAS,8BACR,MACA,iBACS;CACT,MAAM,EAAE,uBAAuB,4BAA4B,MAAM,gBAAgB;CACjF,MAAM,mBAAmB;EACxB;EACA,+BAA+B;EAC/B,6BAA6B;EAC7B;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;CACD,MAAM,yBAAyB,OAAO,QAAQ,mBAAmB,CAAC,KAChE,CAAC,YAAY,iBAAiB,UAAU,WAAW,GAAG,WAAW,YAAY,GAC9E;AAED,QACC,4KAA4K,yBAAyB,kBACrM,iBAAiB,KAAK,KAAK,GAC3B;;YACa,yBAAyB,YAC7B,kCAAkC,kBAC3C,uBAAuB,KAAK,KAAK,GACjC;;YACa,kCAAkC,+CAE1B,yBAAyB,kCAAkC,yBAAyB;;AAM3G,SAAS,mCAAmC,MAAiC;AAC5E,QAAO,KAAK,KAAK,KAAK,QAAQ,UAAU,gCAAgC;;AAGzE,SAAS,WAAW,OAAuB;AAC1C,QAAO,IAAI,MAAM,QAAQ,OAAO,QAAQ,CAAC;;AAa1C,SAAS,6BAA6B,OAAqD;AAC1F,KAAI,OAAO,UAAU,YAAY,UAAU,KAC1C,QAAO;AAGR,KAAI,EAAE,YAAY,UAAU,OAAO,MAAM,WAAW,SACnD,QAAO;AAGR,KAAI,MAAM,WAAW,cACpB,QAAO,YAAY,SAAS,OAAO,MAAM,WAAW;AAGrD,KAAI,MAAM,WAAW,YACpB,QAAO,SAAS,SAAS,OAAO,MAAM,QAAQ;AAG/C,QAAO;;AAGR,SAAS,YAAY,QAA+C;AACnE,QAAO,OAAO,WAAW,gBACtB;EACA,QAAQ;EACR,KAAK,OAAO;EACZ,GACA;EACA,QAAQ;EACR,KAAK,OAAO;EACZ;;AAGJ,SAAS,wBAAwB,QAA4C;AAC5E,QAAO,OAAO,WAAW,gBAAgB,OAAO,SAAS,OAAO;;AAGjE,SAAS,4BACR,kBAC0B;CAC1B,MAAM,wBAAwB,eAAe,iBAAiB,QAAQ,GACnE,iBAAiB,UACjB,EAAE;CACL,MAAM,0BAA0B,eAAe,sBAAsB,UAAU,GAC5E,sBAAsB,YACtB,EAAE;AAEL,QAAO;EACN,GAAG;EACH,WAAW;GACV,GAAG;GACH,SAAS,EACR,QAAQ,OACR;GACD;EACD;;AAGF,eAAe,8BACd,MACA,gBACgB;CAChB,MAAM,sBAAsB;EAC3B,GAAI,KAAK,QAAQ,kBAAkB,EAAE,MAAM,KAAK,QAAQ,iBAAiB,GAAG,EAAE;EAC9E,GAAI,KAAK,QAAQ,SAAS,aAAc,KAAK,QAAQ,uBAAuB,EAAE,GAAI,EAAE;EACpF;CA8BD,MAAM,eA5Be,MAAM,QAAQ,WAClC,OAAO,QAAQ,oBAAoB,CAAC,IAAI,OAAO,CAAC,SAAS,iCAAiC;AACzF,MAAI,CAAC,6BAA6B,4BAA4B,CAC7D,OAAM,IAAI,MACT,SAAS,KAAK,GAAG,iDAAiD,QAAQ,IAC1E;EAEF,MAAM,qBAAqB;AAE3B,MAAI;GACH,MAAM,wBAAwB,KAAK,KAAK,KAAK,QAAQ,UAAU,UAAU,SAAS,QAAQ;AAC1F,SAAM,MAAM,uBAAuB;IAAE,WAAW;IAAM,MAAM;IAAO,CAAC;AACpE,SAAM,MAAM,uBAAuB,IAAM;GACzC,MAAM,eAAe,MAAM,eAAe,QAAQ,YAAY,mBAAmB,CAAC;AAClF,SAAM,oBACL,KAAK,KAAK,uBAAuB,qBAAqB,EACtD,cACA,EAAE,MAAM,KAAO,CACf;WACO,OAAO;GACf,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;AACtE,SAAM,IAAI,MACT,oDAAoD,KAAK,GAAG,WAAW,QAAQ,UAAU,wBAAwB,mBAAmB,CAAC,KAAK,WAC1I,EAAE,OAAO,OAAO,CAChB;;GAED,CACF,EAEC,QAAQ,WAA4C,OAAO,WAAW,WAAW,CACjF,KAAK,WACL,OAAO,kBAAkB,QAAQ,OAAO,SAAS,IAAI,MAAM,OAAO,OAAO,OAAO,CAAC,CACjF;AACF,KAAI,YAAY,SAAS,EACxB,OAAM,IAAI,eACT,aACA,mBAAmB,OAAO,YAAY,OAAO,CAAC,2CAA2C,KAAK,GAAG,IACjG;;AAIH,eAAe,6BAA6B,MAAwC;CACnF,MAAM,qBAAqB,KAAK,QAAQ;AACxC,KAAI,CAAC,mBACJ,OAAM,IAAI,MACT,SAAS,KAAK,GAAG,0HAA0H,KAAK,GAAG,0BACnJ;AAEF,KAAI,CAAC,6BAA6B,mBAAmB,CACpD,OAAM,IAAI,MAAM,SAAS,KAAK,GAAG,yDAAyD;AAG3F,KAAI;AACH,MAAI,mBAAmB,WAAW,eAAe,CAAC,mBAAmB,IACpE,OAAM,IAAI,MACT,SAAS,KAAK,GAAG,iHAAiH,KAAK,GAAG,0BAC1I;AAEF,MAAI,mBAAmB,WAAW,iBAAiB,CAAC,mBAAmB,OACtE,OAAM,IAAI,MACT,SAAS,KAAK,GAAG,mGACjB;EAEF,MAAM,gBAAgB,MAAM,SAAS,KAAK,QAAQ,QAAQ,OAAO;EACjE,MAAMC,mBAA4B,KAAK,MAAM,cAAc;AAC3D,MAAI,CAAC,eAAe,iBAAiB,CACpC,OAAM,IAAI,MAAM,uBAAuB,KAAK,QAAQ,OAAO,0BAA0B;EAEtF,MAAM,SAAS,eAAe,iBAAiB,QAAQ,GAAG,iBAAiB,UAAU,EAAE;EACvF,MAAM,qBAAqB,eAAe,OAAO,KAAK,GAAG,OAAO,OAAO,EAAE;EACzE,MAAM,kBAAkB;GACvB,GAAG;GACH,SAAS;IACR,GAAG;IACH,MAAM;KACL,GAAG;KACH,MAAM;KACN,OAAO;KACP;IACD;GACD,MAAM;IACL,GAAI,eAAe,iBAAiB,KAAK,GAAG,iBAAiB,OAAO,EAAE;IACtE,gCAAe,IAAI,MAAM,EAAC,aAAa;IACvC,oBAAoB;IACpB;GACD,SAAS,4BAA4B,iBAAiB;GACtD;EACD,MAAM,sBAAsB,mCAAmC,KAAK;AACpE,QAAM,MAAM,KAAK,QAAQ,UAAU;GAAE,WAAW;GAAM,MAAM;GAAO,CAAC;AACpE,QAAM,MAAM,KAAK,QAAQ,UAAU,IAAM;AACzC,QAAM,oBACL,qBACA,GAAG,KAAK,UAAU,iBAAiB,MAAM,EAAE,CAAC,KAC5C,EAAE,MAAM,KAAO,CACf;UACO,OAAO;EACf,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;AACtE,QAAM,IAAI,MACT,uDAAuD,KAAK,GAAG,UAAU,KAAK,QAAQ,OAAO,kBAAkB,wBAAwB,mBAAmB,CAAC,KAAK,WAChK,EAAE,OAAO,OAAO,CAChB;;;AAIH,MAAaC,oBAAsC;CAClD,YAAY;EACX,sBAAsB;EACtB,oBACC,UACA,UAA4E,EAAE,KAE9E;GACC,yCAAyC,WAAW,SAAS;GAC7D,GAAI,QAAQ,eAAe,OAAO,CAAC,gBAAgB,GAAG,EAAE;GACxD,GAAI,QAAQ,eAAe,OAAO,CAAC,gBAAgB,GAAG,EAAE;GACxD,CAAC,KAAK,IAAI;EACZ;CAED,YAAY,EACX,gBACA,iBACA,kBACA,iBACA,SACA,QAC4C;AAC5C,MAAI,KAAK,QAAQ,SAAS,WACzB,OAAM,IAAI,MAAM,iDAAiD,KAAK,QAAQ,KAAK,IAAI;EAExF,MAAM,kBAAkB,KAAK,QAAQ,KAAK,QAAQ,KAAK,QAAQ,OAAO,CAAC;EACvE,MAAM,EAAE,oBAAoB,oBAAoB,4BAC/C,MACA,gBACA;AAED,SAAO;GACN,cAAc,CAAC,GAAG,KAAK,aAAa;GACpC,aAAa;IACZ,MAAM;IACN,qBAAqB;IACrB,sBAAsB;IACtB,eAAe;IACf,oBAAoB;IACpB,MAAM,SAAS,QAAQ,IAAI,QAAQ;IACnC,eAAe;IACf,WAAW;IACX,MAAM;IACN,KAAK;IACL,QAAQ;IACR,cAAc;IACd,kBAAkB;IAClB,uBAAuB;IACvB,GAAG;IACH;GACD;GACA,YAAY;GACZ,cAAcC,yBAA8B,kBAAkB,KAAK,GAAG;GACtE,UAAU,qBAAqB,MAAM,gBAAgB,QAAQ;GAC7D,WAAW;IACV,mCAAmC;KAClC,UAAU;KACV,MAAM;KACN;KACA,yBAAyB;KACzB,UAAU;KACV,MAAM;KACN;IACD,kCAAkC;KACjC,UAAU,KAAK,QAAQ;KACvB,MAAM;KACN;KACA,6BAA6B;KAC7B,UAAU,KAAK,QAAQ;KACvB,MAAM;KACN;IACD;GACD;;CAGF,iBACC,MACA,iBACqB;AACrB,SAAO;GACN,kBAAkB,8BAA8B,MAAM,gBAAgB;GACtE,cAAc,eAAe,kCAAkC;GAC/D,aAAa;IACZ,MAAM;IACN,MAAM;IACN,MAAM;IACN;GACD,iBAAiB;GACjB,SAAS;GACT;;CAGF,MAAM,iBAAiB,MAAyB,gBAA+C;AAC9F,QAAM,6BAA6B,KAAK;AACxC,QAAM,8BAA8B,MAAM,eAAe;;CAE1D"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@agent-vm/openclaw-gateway",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.51",
|
|
4
4
|
"description": "OpenClaw gateway lifecycle running inside a Gondolin VM.",
|
|
5
5
|
"homepage": "https://github.com/ShravanSunder/agent-vm#readme",
|
|
6
6
|
"bugs": {
|
|
@@ -29,8 +29,8 @@
|
|
|
29
29
|
"access": "public"
|
|
30
30
|
},
|
|
31
31
|
"dependencies": {
|
|
32
|
-
"@agent-vm/
|
|
33
|
-
"@agent-vm/
|
|
32
|
+
"@agent-vm/gateway-interface": "0.0.51",
|
|
33
|
+
"@agent-vm/gondolin-adapter": "0.0.51"
|
|
34
34
|
},
|
|
35
35
|
"scripts": {
|
|
36
36
|
"build": "tsdown",
|