@agent-vm/openclaw-gateway 0.0.56 → 0.0.58
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +3 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +46 -5
- package/dist/index.js.map +1 -1
- package/package.json +3 -3
package/dist/index.d.ts
CHANGED
|
@@ -141,6 +141,8 @@ type GatewayZoneGatewayConfig = OpenClawGatewayZoneGatewayConfig | WorkerGateway
|
|
|
141
141
|
interface GatewayZoneConfig {
|
|
142
142
|
readonly id: string;
|
|
143
143
|
readonly gateway: GatewayZoneGatewayConfig;
|
|
144
|
+
readonly runtimeEnvironment?: Readonly<Record<string, string>>;
|
|
145
|
+
readonly runtimePluginConfigs?: Readonly<Record<string, Readonly<Record<string, unknown>>>>;
|
|
144
146
|
readonly secrets: Record<string, {
|
|
145
147
|
readonly source: '1password';
|
|
146
148
|
readonly ref: string;
|
|
@@ -161,6 +163,7 @@ interface BuildGatewayVmSpecOptions {
|
|
|
161
163
|
readonly gatewayCacheDir: string;
|
|
162
164
|
readonly projectNamespace: string;
|
|
163
165
|
readonly resolvedSecrets: Record<string, string>;
|
|
166
|
+
readonly runtimeDir: string;
|
|
164
167
|
readonly tcpPool: {
|
|
165
168
|
readonly basePort: number;
|
|
166
169
|
readonly size: number;
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","names":["gatewayTypeValues","GatewayType","buildGatewaySessionLabel","buildToolSessionLabel","PinnedRealFsRoot","SecretSpec","SecretRef","SecretResolver","Promise","Record","VfsMountSpec","GatewayHealthCheck","GatewayProcessSpec","GatewayVmSpec","GatewayAuthConfig","GatewayAuthProfilesRef","OnePasswordGatewayAuthProfilesRef","EnvironmentGatewayAuthProfilesRef","GatewaySshSecretEnvMode","GatewaySshConfig","GatewayZoneBaseGatewayConfig","OpenClawGatewayZoneGatewayConfig","Readonly","WorkerGatewayZoneGatewayConfig","GatewayZoneGatewayConfig","GatewayZoneConfig","BuildGatewayVmSpecOptions","GatewayLifecycle","SplitResolvedGatewaySecretsResult","splitResolvedGatewaySecrets"],"sources":["../../gateway-interface/dist/index.d.ts","../src/openclaw-lifecycle.ts"],"sourcesContent":["//#region src/gateway-runtime-contract.d.ts\ndeclare const gatewayTypeValues: readonly [\"openclaw\", \"worker\"];\ntype GatewayType = (typeof gatewayTypeValues)[number];\ndeclare function buildGatewaySessionLabel(projectNamespace: string, zoneId: string): string;\ndeclare function buildToolSessionLabel(projectNamespace: string, zoneId: string, tcpSlot: number): string;\n//#endregion\n//#region ../gondolin-adapter/dist/index.d.ts\n\n//#endregion\n//#region src/pinned-realfs.d.ts\ninterface PinnedRealFsRoot {\n readonly hostPath: string;\n readonly realPath: string;\n readonly fd: number;\n readonly device: number;\n readonly inode: number;\n}\n//#endregion\n//#region src/types.d.ts\ninterface SecretSpec {\n readonly hosts: readonly string[];\n readonly value: string;\n}\ntype SecretRef = {\n readonly source: '1password';\n readonly ref: string;\n} | {\n readonly source: 'environment';\n readonly ref: string;\n};\n//#endregion\n//#region src/secret-resolver.d.ts\n\ninterface SecretResolver {\n resolve(ref: SecretRef): Promise<string>;\n resolveAll(refs: Record<string, SecretRef>): Promise<Record<string, string>>;\n}\ninterface VfsMountSpec {\n readonly kind: 'realfs' | 'realfs-readonly' | 'memory' | 'shadow';\n readonly hostPath?: string;\n readonly pinnedHostRoot?: PinnedRealFsRoot;\n readonly shadowConfig?: {\n readonly deny: readonly string[];\n readonly tmpfs: readonly string[];\n };\n}\n//#endregion\n//#region src/gateway-process-spec.d.ts\ntype GatewayHealthCheck = {\n readonly type: 'http';\n readonly port: number;\n readonly path: string;\n} | {\n readonly type: 'command';\n readonly command: string;\n};\n/**\n * Everything about the process running inside the VM.\n * Retained by the running gateway handle for logs, health, restart.\n */\ninterface GatewayProcessSpec {\n readonly bootstrapCommand: string;\n readonly startCommand: string;\n readonly healthCheck: GatewayHealthCheck;\n readonly guestListenPort: number;\n readonly logPath: string;\n}\n//#endregion\n//#region src/gateway-vm-spec.d.ts\n/**\n * Everything the controller needs to create the Gondolin VM.\n * Lifecycle implementations own the full Gondolin-facing contract.\n */\ninterface GatewayVmSpec {\n readonly environment: Record<string, string>;\n readonly vfsMounts: Record<string, VfsMountSpec>;\n readonly mediatedSecrets: Record<string, SecretSpec>;\n readonly tcpHosts: Record<string, string>;\n readonly allowedHosts: readonly string[];\n readonly rootfsMode: 'readonly' | 'memory' | 'cow';\n readonly sessionLabel: string;\n}\n//#endregion\n//#region src/gateway-lifecycle.d.ts\n/**\n * Describes how to run interactive auth for a gateway type.\n * Static property — available without a running VM.\n */\ninterface GatewayAuthConfig {\n /**\n * Shell command to list available auth providers inside the VM.\n * Should output one provider name per line to stdout.\n */\n readonly listProvidersCommand: string;\n /**\n * Build the shell command for interactive auth login.\n * The CLI passes this as the SSH remote command with -t (TTY).\n */\n readonly buildLoginCommand: (provider: string, options?: {\n readonly deviceCode?: boolean;\n readonly setDefault?: boolean;\n }) => string;\n}\ninterface GatewayAuthProfilesRef {\n readonly source: '1password' | 'environment';\n}\ninterface OnePasswordGatewayAuthProfilesRef extends GatewayAuthProfilesRef {\n readonly source: '1password';\n readonly ref: string;\n}\ninterface EnvironmentGatewayAuthProfilesRef extends GatewayAuthProfilesRef {\n readonly source: 'environment';\n readonly envVar: string;\n}\ntype GatewaySshSecretEnvMode = 'always' | 'explicit' | 'never';\ninterface GatewaySshConfig {\n readonly secretEnv: GatewaySshSecretEnvMode;\n}\ninterface GatewayZoneBaseGatewayConfig {\n readonly type: GatewayType;\n readonly memory: string;\n readonly cpus: number;\n readonly port: number;\n readonly config: string;\n readonly stateDir: string;\n readonly ssh: GatewaySshConfig;\n readonly authProfilesRef?: OnePasswordGatewayAuthProfilesRef | EnvironmentGatewayAuthProfilesRef | undefined;\n}\ninterface OpenClawGatewayZoneGatewayConfig extends GatewayZoneBaseGatewayConfig {\n readonly type: 'openclaw';\n readonly zoneFilesDir: string;\n readonly authProfilesByAgent?: Readonly<Record<string, OnePasswordGatewayAuthProfilesRef | EnvironmentGatewayAuthProfilesRef>>;\n}\ninterface WorkerGatewayZoneGatewayConfig extends GatewayZoneBaseGatewayConfig {\n readonly type: 'worker';\n}\ntype GatewayZoneGatewayConfig = OpenClawGatewayZoneGatewayConfig | WorkerGatewayZoneGatewayConfig;\n/**\n * Zone config as the lifecycle sees it.\n * Decoupled from SystemConfig — the controller maps into this shape.\n */\ninterface GatewayZoneConfig {\n readonly id: string;\n readonly gateway: GatewayZoneGatewayConfig;\n readonly secrets: Record<string, {\n readonly source: '1password';\n readonly ref: string;\n readonly injection: 'env' | 'http-mediation';\n readonly hosts?: readonly string[] | undefined;\n } | {\n readonly source: 'environment';\n readonly envVar: string;\n readonly injection: 'env' | 'http-mediation';\n readonly hosts?: readonly string[] | undefined;\n }>;\n readonly allowedHosts: readonly string[];\n readonly websocketBypass: readonly string[];\n readonly defaultToolVmProfile?: string;\n}\ninterface BuildGatewayVmSpecOptions {\n readonly controllerPort: number;\n readonly gatewayCacheDir: string;\n readonly projectNamespace: string;\n readonly resolvedSecrets: Record<string, string>;\n readonly tcpPool: {\n readonly basePort: number;\n readonly size: number;\n };\n readonly zone: GatewayZoneConfig;\n}\ninterface GatewayLifecycle {\n /**\n * How to run interactive auth for this gateway type.\n * Absent means the gateway type does not support interactive auth.\n */\n readonly authConfig?: GatewayAuthConfig | undefined;\n /**\n * Build the full VM spec — everything Gondolin needs to create the VM.\n * Pure data assembly — no side effects.\n */\n buildVmSpec(options: BuildGatewayVmSpecOptions): GatewayVmSpec;\n /**\n * Build the process spec — everything about startup, health, and logging.\n * Pure data assembly — no side effects.\n */\n buildProcessSpec(zone: GatewayZoneConfig, resolvedSecrets: Record<string, string>): GatewayProcessSpec;\n /**\n * Optional hook to prepare host-side state before the VM boots.\n * Example: writing auth-profiles.json from 1Password.\n */\n prepareHostState?(zone: GatewayZoneConfig, secretResolver: SecretResolver): Promise<void>;\n}\n//#endregion\n//#region src/split-resolved-gateway-secrets.d.ts\ninterface SplitResolvedGatewaySecretsResult {\n readonly environmentSecrets: Record<string, string>;\n readonly mediatedSecrets: Record<string, SecretSpec>;\n}\ndeclare function splitResolvedGatewaySecrets(zone: GatewayZoneConfig, resolvedSecrets: Record<string, string>): SplitResolvedGatewaySecretsResult;\n//#endregion\nexport { type BuildGatewayVmSpecOptions, type GatewayAuthConfig, type GatewayHealthCheck, type GatewayLifecycle, type GatewayProcessSpec, type GatewayType, type GatewayVmSpec, type GatewayZoneConfig, type SplitResolvedGatewaySecretsResult, buildGatewaySessionLabel, buildToolSessionLabel, gatewayTypeValues, splitResolvedGatewaySecrets };\n//# sourceMappingURL=index.d.ts.map"],"mappings":";;cACcA,iBAAkD,EAAA,SAAA,CAAA,UAAA,EAAA,QAAA,CAAA;AAAA,KAC3DC,WAAAA,GAAW,CAAA,OAAWD,iBAAAA,CAAAA,CAAAA,MAAiB,CAAA;AAiBxB;AAIN;;;;UAbJI,gBAAAA,CAyBSK;EAAoCA,SAAAA,QAAAA,EAAAA,MAAAA;EAARD,SAAAA,QAAAA,EAAAA,MAAAA;EAAO,SAAA,EAAA,EAAA,MAAA;EAAA,SAE5CE,MAAAA,EAAY,MAAA;EAGsB,SAQvCC,KAAAA,EAAAA,MAAAA;AAAkB;AAemB;;UA5ChCN,UAAAA,CAwD2BK;EAAfD,SAAAA,KAAAA,EAAAA,SAAAA,MAAAA,EAAAA;EACqBJ,SAAAA,KAAAA,EAAAA,MAAAA;;KArDtCC,SAAAA,GAsDgBG;EAAM,SAAA,MAAA,EAAA,WAAA;EAAA,SAWjBK,GAAAA,EAAAA,MAAAA;AAAiB,CAAA,GAejBC;EAAsB,SAGtBC,MAAAA,EAAAA,aAAAA;EAAgE,SAIhEC,GAAAA,EAAAA,MAAAA;AAAgE,CAAA;AAI9C;AAEiB;;UAnFnCV,cAAAA,CA4FMY;EACaH,OAAAA,CAAAA,GAAAA,EA5FdV,SA4FcU,CAAAA,EA5FFR,OA4FEQ,CAAAA,MAAAA,CAAAA;EAAoCC,UAAAA,CAAAA,IAAAA,EA3F9CR,MA2F8CQ,CAAAA,MAAAA,EA3F/BX,SA2F+BW,CAAAA,CAAAA,EA3FlBT,OA2FkBS,CA3FVR,MA2FUQ,CAAAA,MAAAA,EAAAA,MAAAA,CAAAA,CAAAA;;AAAiC,UAzFxFP,YAAAA,CA2FAW;EAG+CL,SAAAA,IAAAA,EAAAA,QAAAA,GAAAA,iBAAAA,GAAAA,QAAAA,GAAAA,QAAAA;EAAoCC,SAAAA,QAAAA,CAAAA,EAAAA,MAAAA;EAAnDR,SAAAA,cAAAA,CAAAA,EA3FdL,gBA2FcK;EAATa,SAAAA,YAAAA,CAAAA,EAAAA;IAHkBF,SAAAA,IAAAA,EAAAA,SAAAA,MAAAA,EAAAA;IAA4B,SAAA,KAAA,EAAA,SAAA,MAAA,EAAA;EAAA,CAAA;AAKF;AAGoB;AAQvE;AAwBQ,KAxH7BT,kBAAAA,GA0HqB;EAKFG,SAAAA,IAAAA,EAAAA,MAAAA;EAKDY,SAAAA,IAAAA,EAAAA,MAAAA;EAA4Bb,SAAAA,IAAAA,EAAAA,MAAAA;CAK1BY,GAAAA;EAAoChB,SAAAA,IAAAA,EAAAA,SAAAA;EAAyBG,SAAAA,OAAAA,EAAAA,MAAAA;CAK5Da;;;;;UAlIhBb,kBAAAA;;ECyOV,SAAa,YAAA,EAgGZ,MAAA;wBDtUuBD;;;;;;;;;;UAUdE,aAAAA;wBACcJ;sBACFA,eAAeC;4BACTD,eAAeJ;qBACtBI;;;;;;;;;;;UAWXK,iBAAAA;;;;;;;;;;;;;;;UAeAC,sBAAAA;;;UAGAC,iCAAAA,SAA0CD;;;;UAI1CE,iCAAAA,SAA0CF;;;;KAI/CG,uBAAAA;UACKC,gBAAAA;sBACYD;;UAEZE,4BAAAA;iBACOnB;;;;;;gBAMDkB;6BACaH,oCAAoCC;;UAEvDI,gCAAAA,SAAyCD;;;iCAGlBE,SAASb,eAAeO,oCAAoCC;;UAEnFM,8BAAAA,SAAuCH;;;KAG5CI,wBAAAA,GAA2BH,mCAAmCE;;;;;UAKzDE,iBAAAA;;oBAEUD;oBACAf;;;;;;;;;;;;;;;UAeViB,yBAAAA;;;;4BAIkBjB;;;;;iBAKXgB;;UAEPE,gBAAAA;;;;;wBAKcb;;;;;uBAKDY,4BAA4Bb;;;;;yBAK1BY,oCAAoChB,yBAAyBG;;;;;0BAK5Da,mCAAmClB,iBAAiBC;;;;;;AA7LhER,cCoSD,iBDpSmD,ECoShC,gBDpSgC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","names":["gatewayTypeValues","GatewayType","buildGatewaySessionLabel","buildToolSessionLabel","PinnedRealFsRoot","SecretSpec","SecretRef","SecretResolver","Promise","Record","VfsMountSpec","GatewayHealthCheck","GatewayProcessSpec","GatewayVmSpec","GatewayAuthConfig","GatewayAuthProfilesRef","OnePasswordGatewayAuthProfilesRef","EnvironmentGatewayAuthProfilesRef","GatewaySshSecretEnvMode","GatewaySshConfig","GatewayZoneBaseGatewayConfig","OpenClawGatewayZoneGatewayConfig","Readonly","WorkerGatewayZoneGatewayConfig","GatewayZoneGatewayConfig","GatewayZoneConfig","BuildGatewayVmSpecOptions","GatewayLifecycle","SplitResolvedGatewaySecretsResult","splitResolvedGatewaySecrets"],"sources":["../../gateway-interface/dist/index.d.ts","../src/openclaw-lifecycle.ts"],"sourcesContent":["//#region src/gateway-runtime-contract.d.ts\ndeclare const gatewayTypeValues: readonly [\"openclaw\", \"worker\"];\ntype GatewayType = (typeof gatewayTypeValues)[number];\ndeclare function buildGatewaySessionLabel(projectNamespace: string, zoneId: string): string;\ndeclare function buildToolSessionLabel(projectNamespace: string, zoneId: string, tcpSlot: number): string;\n//#endregion\n//#region ../gondolin-adapter/dist/index.d.ts\n\n//#endregion\n//#region src/pinned-realfs.d.ts\ninterface PinnedRealFsRoot {\n readonly hostPath: string;\n readonly realPath: string;\n readonly fd: number;\n readonly device: number;\n readonly inode: number;\n}\n//#endregion\n//#region src/types.d.ts\ninterface SecretSpec {\n readonly hosts: readonly string[];\n readonly value: string;\n}\ntype SecretRef = {\n readonly source: '1password';\n readonly ref: string;\n} | {\n readonly source: 'environment';\n readonly ref: string;\n};\n//#endregion\n//#region src/secret-resolver.d.ts\n\ninterface SecretResolver {\n resolve(ref: SecretRef): Promise<string>;\n resolveAll(refs: Record<string, SecretRef>): Promise<Record<string, string>>;\n}\ninterface VfsMountSpec {\n readonly kind: 'realfs' | 'realfs-readonly' | 'memory' | 'shadow';\n readonly hostPath?: string;\n readonly pinnedHostRoot?: PinnedRealFsRoot;\n readonly shadowConfig?: {\n readonly deny: readonly string[];\n readonly tmpfs: readonly string[];\n };\n}\n//#endregion\n//#region src/gateway-process-spec.d.ts\ntype GatewayHealthCheck = {\n readonly type: 'http';\n readonly port: number;\n readonly path: string;\n} | {\n readonly type: 'command';\n readonly command: string;\n};\n/**\n * Everything about the process running inside the VM.\n * Retained by the running gateway handle for logs, health, restart.\n */\ninterface GatewayProcessSpec {\n readonly bootstrapCommand: string;\n readonly startCommand: string;\n readonly healthCheck: GatewayHealthCheck;\n readonly guestListenPort: number;\n readonly logPath: string;\n}\n//#endregion\n//#region src/gateway-vm-spec.d.ts\n/**\n * Everything the controller needs to create the Gondolin VM.\n * Lifecycle implementations own the full Gondolin-facing contract.\n */\ninterface GatewayVmSpec {\n readonly environment: Record<string, string>;\n readonly vfsMounts: Record<string, VfsMountSpec>;\n readonly mediatedSecrets: Record<string, SecretSpec>;\n readonly tcpHosts: Record<string, string>;\n readonly allowedHosts: readonly string[];\n readonly rootfsMode: 'readonly' | 'memory' | 'cow';\n readonly sessionLabel: string;\n}\n//#endregion\n//#region src/gateway-lifecycle.d.ts\n/**\n * Describes how to run interactive auth for a gateway type.\n * Static property — available without a running VM.\n */\ninterface GatewayAuthConfig {\n /**\n * Shell command to list available auth providers inside the VM.\n * Should output one provider name per line to stdout.\n */\n readonly listProvidersCommand: string;\n /**\n * Build the shell command for interactive auth login.\n * The CLI passes this as the SSH remote command with -t (TTY).\n */\n readonly buildLoginCommand: (provider: string, options?: {\n readonly deviceCode?: boolean;\n readonly setDefault?: boolean;\n }) => string;\n}\ninterface GatewayAuthProfilesRef {\n readonly source: '1password' | 'environment';\n}\ninterface OnePasswordGatewayAuthProfilesRef extends GatewayAuthProfilesRef {\n readonly source: '1password';\n readonly ref: string;\n}\ninterface EnvironmentGatewayAuthProfilesRef extends GatewayAuthProfilesRef {\n readonly source: 'environment';\n readonly envVar: string;\n}\ntype GatewaySshSecretEnvMode = 'always' | 'explicit' | 'never';\ninterface GatewaySshConfig {\n readonly secretEnv: GatewaySshSecretEnvMode;\n}\ninterface GatewayZoneBaseGatewayConfig {\n readonly type: GatewayType;\n readonly memory: string;\n readonly cpus: number;\n readonly port: number;\n readonly config: string;\n readonly stateDir: string;\n readonly ssh: GatewaySshConfig;\n readonly authProfilesRef?: OnePasswordGatewayAuthProfilesRef | EnvironmentGatewayAuthProfilesRef | undefined;\n}\ninterface OpenClawGatewayZoneGatewayConfig extends GatewayZoneBaseGatewayConfig {\n readonly type: 'openclaw';\n readonly zoneFilesDir: string;\n readonly authProfilesByAgent?: Readonly<Record<string, OnePasswordGatewayAuthProfilesRef | EnvironmentGatewayAuthProfilesRef>>;\n}\ninterface WorkerGatewayZoneGatewayConfig extends GatewayZoneBaseGatewayConfig {\n readonly type: 'worker';\n}\ntype GatewayZoneGatewayConfig = OpenClawGatewayZoneGatewayConfig | WorkerGatewayZoneGatewayConfig;\n/**\n * Zone config as the lifecycle sees it.\n * Decoupled from SystemConfig — the controller maps into this shape.\n */\ninterface GatewayZoneConfig {\n readonly id: string;\n readonly gateway: GatewayZoneGatewayConfig;\n readonly runtimeEnvironment?: Readonly<Record<string, string>>;\n readonly runtimePluginConfigs?: Readonly<Record<string, Readonly<Record<string, unknown>>>>;\n readonly secrets: Record<string, {\n readonly source: '1password';\n readonly ref: string;\n readonly injection: 'env' | 'http-mediation';\n readonly hosts?: readonly string[] | undefined;\n } | {\n readonly source: 'environment';\n readonly envVar: string;\n readonly injection: 'env' | 'http-mediation';\n readonly hosts?: readonly string[] | undefined;\n }>;\n readonly allowedHosts: readonly string[];\n readonly websocketBypass: readonly string[];\n readonly defaultToolVmProfile?: string;\n}\ninterface BuildGatewayVmSpecOptions {\n readonly controllerPort: number;\n readonly gatewayCacheDir: string;\n readonly projectNamespace: string;\n readonly resolvedSecrets: Record<string, string>;\n readonly runtimeDir: string;\n readonly tcpPool: {\n readonly basePort: number;\n readonly size: number;\n };\n readonly zone: GatewayZoneConfig;\n}\ninterface GatewayLifecycle {\n /**\n * How to run interactive auth for this gateway type.\n * Absent means the gateway type does not support interactive auth.\n */\n readonly authConfig?: GatewayAuthConfig | undefined;\n /**\n * Build the full VM spec — everything Gondolin needs to create the VM.\n * Pure data assembly — no side effects.\n */\n buildVmSpec(options: BuildGatewayVmSpecOptions): GatewayVmSpec;\n /**\n * Build the process spec — everything about startup, health, and logging.\n * Pure data assembly — no side effects.\n */\n buildProcessSpec(zone: GatewayZoneConfig, resolvedSecrets: Record<string, string>): GatewayProcessSpec;\n /**\n * Optional hook to prepare host-side state before the VM boots.\n * Example: writing auth-profiles.json from 1Password.\n */\n prepareHostState?(zone: GatewayZoneConfig, secretResolver: SecretResolver): Promise<void>;\n}\n//#endregion\n//#region src/split-resolved-gateway-secrets.d.ts\ninterface SplitResolvedGatewaySecretsResult {\n readonly environmentSecrets: Record<string, string>;\n readonly mediatedSecrets: Record<string, SecretSpec>;\n}\ndeclare function splitResolvedGatewaySecrets(zone: GatewayZoneConfig, resolvedSecrets: Record<string, string>): SplitResolvedGatewaySecretsResult;\n//#endregion\nexport { type BuildGatewayVmSpecOptions, type GatewayAuthConfig, type GatewayHealthCheck, type GatewayLifecycle, type GatewayProcessSpec, type GatewayType, type GatewayVmSpec, type GatewayZoneConfig, type SplitResolvedGatewaySecretsResult, buildGatewaySessionLabel, buildToolSessionLabel, gatewayTypeValues, splitResolvedGatewaySecrets };\n//# sourceMappingURL=index.d.ts.map"],"mappings":";;cACcA,iBAAkD,EAAA,SAAA,CAAA,UAAA,EAAA,QAAA,CAAA;AAAA,KAC3DC,WAAAA,GAAW,CAAA,OAAWD,iBAAAA,CAAAA,CAAAA,MAAiB,CAAA;AAiBxB;AAIN;;;;UAbJI,gBAAAA,CAyBSK;EAAoCA,SAAAA,QAAAA,EAAAA,MAAAA;EAARD,SAAAA,QAAAA,EAAAA,MAAAA;EAAO,SAAA,EAAA,EAAA,MAAA;EAAA,SAE5CE,MAAAA,EAAY,MAAA;EAGsB,SAQvCC,KAAAA,EAAAA,MAAAA;AAAkB;AAemB;;UA5ChCN,UAAAA,CAwD2BK;EAAfD,SAAAA,KAAAA,EAAAA,SAAAA,MAAAA,EAAAA;EACqBJ,SAAAA,KAAAA,EAAAA,MAAAA;;KArDtCC,SAAAA,GAsDgBG;EAAM,SAAA,MAAA,EAAA,WAAA;EAAA,SAWjBK,GAAAA,EAAAA,MAAAA;AAAiB,CAAA,GAejBC;EAAsB,SAGtBC,MAAAA,EAAAA,aAAAA;EAAgE,SAIhEC,GAAAA,EAAAA,MAAAA;AAAgE,CAAA;AAI9C;AAEiB;;UAnFnCV,cAAAA,CA4FMY;EACaH,OAAAA,CAAAA,GAAAA,EA5FdV,SA4FcU,CAAAA,EA5FFR,OA4FEQ,CAAAA,MAAAA,CAAAA;EAAoCC,UAAAA,CAAAA,IAAAA,EA3F9CR,MA2F8CQ,CAAAA,MAAAA,EA3F/BX,SA2F+BW,CAAAA,CAAAA,EA3FlBT,OA2FkBS,CA3FVR,MA2FUQ,CAAAA,MAAAA,EAAAA,MAAAA,CAAAA,CAAAA;;AAAiC,UAzFxFP,YAAAA,CA2FAW;EAG+CL,SAAAA,IAAAA,EAAAA,QAAAA,GAAAA,iBAAAA,GAAAA,QAAAA,GAAAA,QAAAA;EAAoCC,SAAAA,QAAAA,CAAAA,EAAAA,MAAAA;EAAnDR,SAAAA,cAAAA,CAAAA,EA3FdL,gBA2FcK;EAATa,SAAAA,YAAAA,CAAAA,EAAAA;IAHkBF,SAAAA,IAAAA,EAAAA,SAAAA,MAAAA,EAAAA;IAA4B,SAAA,KAAA,EAAA,SAAA,MAAA,EAAA;EAAA,CAAA;AAKF;AAGoB;;KAxF5FT,kBAAAA,GAgGoCF;EAATa,SAAAA,IAAAA,EAAAA,MAAAA;EACmCb,SAAAA,IAAAA,EAAAA,MAAAA;EAATa,SAAAA,IAAAA,EAAAA,MAAAA;CAAfb,GAAAA;EAATa,SAAAA,IAAAA,EAAAA,SAAAA;EACdb,SAAAA,OAAAA,EAAAA,MAAAA;CAAM;AAAA;AAyBQ;;;UA/GxBG,kBAAAA,CA2HyCC;EAK1BY,SAAAA,gBAAAA,EAAAA,MAAAA;EAAoChB,SAAAA,YAAAA,EAAAA,MAAAA;EAAyBG,SAAAA,WAAAA,EA7H9DD,kBA6H8DC;EAK5Da,SAAAA,eAAAA,EAAAA,MAAAA;EAAmClB,SAAAA,OAAAA,EAAAA,MAAAA;;;;;;AC+J7D;;UDvRUM,aAAAA;wBACcJ;sBACFA,eAAeC;4BACTD,eAAeJ;qBACtBI;;;;;;;;;;;UAWXK,iBAAAA;;;;;;;;;;;;;;;UAeAC,sBAAAA;;;UAGAC,iCAAAA,SAA0CD;;;;UAI1CE,iCAAAA,SAA0CF;;;;KAI/CG,uBAAAA;UACKC,gBAAAA;sBACYD;;UAEZE,4BAAAA;iBACOnB;;;;;;gBAMDkB;6BACaH,oCAAoCC;;UAEvDI,gCAAAA,SAAyCD;;;iCAGlBE,SAASb,eAAeO,oCAAoCC;;UAEnFM,8BAAAA,SAAuCH;;;KAG5CI,wBAAAA,GAA2BH,mCAAmCE;;;;;UAKzDE,iBAAAA;;oBAEUD;gCACYF,SAASb;kCACPa,SAASb,eAAea,SAASb;oBAC/CA;;;;;;;;;;;;;;;UAeViB,yBAAAA;;;;4BAIkBjB;;;;;;iBAMXgB;;UAEPE,gBAAAA;;;;;wBAKcb;;;;;uBAKDY,4BAA4Bb;;;;;yBAK1BY,oCAAoChB,yBAAyBG;;;;;0BAK5Da,mCAAmClB,iBAAiBC;;;;;;AAhMhER,cC+VD,iBD/VmD,EC+VhC,gBD/VgC"}
|
package/dist/index.js
CHANGED
|
@@ -9,6 +9,9 @@ const effectiveOpenClawConfigVmPath = `/home/openclaw/.openclaw/state/${effectiv
|
|
|
9
9
|
const openClawStateDirVmPath = "/home/openclaw/.openclaw/state";
|
|
10
10
|
const openClawCacheDirVmPath = "/home/openclaw/.openclaw/cache";
|
|
11
11
|
const openClawZoneFilesDirVmPath = "/zone";
|
|
12
|
+
const agentVmLogsDirVmPath = "/agent-vm/logs";
|
|
13
|
+
const openClawRuntimeLogFileVmPath = `${agentVmLogsDirVmPath}/openclaw-YYYY-MM-DD.log`;
|
|
14
|
+
const openClawGatewayBootLogFileVmPath = `${agentVmLogsDirVmPath}/gateway-boot-latest.log`;
|
|
12
15
|
const openClawShellEnvFilePath = "/etc/profile.d/openclaw-env.sh";
|
|
13
16
|
const openClawRuntimeSecretsEnvFilePath = "/run/openclaw/secrets.env";
|
|
14
17
|
const openClawGatewayTokenSecretRef = {
|
|
@@ -42,7 +45,10 @@ function buildOpenClawBootstrapCommand(zone, resolvedSecrets) {
|
|
|
42
45
|
"export UV_CACHE_DIR=/work/cache/uv",
|
|
43
46
|
"export NODE_EXTRA_CA_CERTS=/run/gondolin/ca-certificates.crt"
|
|
44
47
|
];
|
|
45
|
-
const secretEnvironmentLines = Object.entries(
|
|
48
|
+
const secretEnvironmentLines = Object.entries({
|
|
49
|
+
...environmentSecrets,
|
|
50
|
+
...zone.runtimeEnvironment
|
|
51
|
+
}).map(([secretName, secretValue]) => `export ${secretName}=${shellQuote(secretValue)}`);
|
|
46
52
|
return `mkdir -p /root /etc/profile.d /run/openclaw /work/tmp /work/cache/npm /work/cache/pnpm/store /work/cache/pip /work/cache/uv && chown -R openclaw:openclaw /work && cat > ${openClawShellEnvFilePath} << 'ENVEOF'\n` + environmentLines.join("\n") + `
|
|
47
53
|
ENVEOF
|
|
48
54
|
chmod 644 ${openClawShellEnvFilePath} && cat > ${openClawRuntimeSecretsEnvFilePath} << 'ENVEOF'\n` + secretEnvironmentLines.join("\n") + `
|
|
@@ -85,6 +91,34 @@ function buildEffectiveSecretsConfig(parsedBaseConfig) {
|
|
|
85
91
|
}
|
|
86
92
|
};
|
|
87
93
|
}
|
|
94
|
+
function buildEffectivePluginsConfig(parsedBaseConfig, runtimePluginConfigs) {
|
|
95
|
+
const existingPluginsConfig = isObjectRecord(parsedBaseConfig.plugins) ? parsedBaseConfig.plugins : {};
|
|
96
|
+
const existingEntriesConfig = isObjectRecord(existingPluginsConfig.entries) ? existingPluginsConfig.entries : {};
|
|
97
|
+
const runtimeEntriesConfig = Object.fromEntries(Object.entries(runtimePluginConfigs ?? {}).map(([pluginId, runtimeConfig]) => {
|
|
98
|
+
const existingEntryConfig = isObjectRecord(existingEntriesConfig[pluginId]) ? existingEntriesConfig[pluginId] : {};
|
|
99
|
+
const existingPluginConfig = isObjectRecord(existingEntryConfig.config) ? existingEntryConfig.config : {};
|
|
100
|
+
return [pluginId, {
|
|
101
|
+
...existingEntryConfig,
|
|
102
|
+
config: {
|
|
103
|
+
...existingPluginConfig,
|
|
104
|
+
...runtimeConfig
|
|
105
|
+
}
|
|
106
|
+
}];
|
|
107
|
+
}));
|
|
108
|
+
return {
|
|
109
|
+
...existingPluginsConfig,
|
|
110
|
+
entries: {
|
|
111
|
+
...existingEntriesConfig,
|
|
112
|
+
...runtimeEntriesConfig
|
|
113
|
+
}
|
|
114
|
+
};
|
|
115
|
+
}
|
|
116
|
+
function buildEffectiveLoggingConfig(parsedBaseConfig) {
|
|
117
|
+
return {
|
|
118
|
+
file: openClawRuntimeLogFileVmPath,
|
|
119
|
+
...isObjectRecord(parsedBaseConfig.logging) ? parsedBaseConfig.logging : {}
|
|
120
|
+
};
|
|
121
|
+
}
|
|
88
122
|
async function writeAuthProfilesIfConfigured(zone, secretResolver) {
|
|
89
123
|
const authProfilesByAgent = {
|
|
90
124
|
...zone.gateway.authProfilesRef ? { main: zone.gateway.authProfilesRef } : {},
|
|
@@ -123,6 +157,7 @@ async function writeEffectiveOpenClawConfig(zone) {
|
|
|
123
157
|
const existingAuthConfig = isObjectRecord(config.auth) ? config.auth : {};
|
|
124
158
|
const effectiveConfig = {
|
|
125
159
|
...parsedBaseConfig,
|
|
160
|
+
logging: buildEffectiveLoggingConfig(parsedBaseConfig),
|
|
126
161
|
gateway: {
|
|
127
162
|
...config,
|
|
128
163
|
auth: {
|
|
@@ -136,6 +171,7 @@ async function writeEffectiveOpenClawConfig(zone) {
|
|
|
136
171
|
lastTouchedAt: (/* @__PURE__ */ new Date()).toISOString(),
|
|
137
172
|
lastTouchedVersion: "agent-vm"
|
|
138
173
|
},
|
|
174
|
+
plugins: buildEffectivePluginsConfig(parsedBaseConfig, zone.runtimePluginConfigs),
|
|
139
175
|
secrets: buildEffectiveSecretsConfig(parsedBaseConfig)
|
|
140
176
|
};
|
|
141
177
|
const effectiveConfigPath = getEffectiveOpenClawConfigHostPath(zone);
|
|
@@ -159,7 +195,7 @@ const openclawLifecycle = {
|
|
|
159
195
|
...options.setDefault === true ? ["--set-default"] : []
|
|
160
196
|
].join(" ")
|
|
161
197
|
},
|
|
162
|
-
buildVmSpec({ controllerPort, gatewayCacheDir, projectNamespace, resolvedSecrets, tcpPool, zone }) {
|
|
198
|
+
buildVmSpec({ controllerPort, gatewayCacheDir, projectNamespace, resolvedSecrets, runtimeDir, tcpPool, zone }) {
|
|
163
199
|
if (zone.gateway.type !== "openclaw") throw new Error(`OpenClaw lifecycle cannot build gateway type '${zone.gateway.type}'.`);
|
|
164
200
|
const configDirectory = path.dirname(path.resolve(zone.gateway.config));
|
|
165
201
|
const { environmentSecrets, mediatedSecrets } = splitResolvedGatewaySecrets(zone, resolvedSecrets);
|
|
@@ -180,7 +216,8 @@ const openclawLifecycle = {
|
|
|
180
216
|
UV_CACHE_DIR: "/work/cache/uv",
|
|
181
217
|
npm_config_cache: "/work/cache/npm",
|
|
182
218
|
pnpm_config_store_dir: "/work/cache/pnpm/store",
|
|
183
|
-
...environmentSecrets
|
|
219
|
+
...environmentSecrets,
|
|
220
|
+
...zone.runtimeEnvironment
|
|
184
221
|
},
|
|
185
222
|
mediatedSecrets,
|
|
186
223
|
rootfsMode: "cow",
|
|
@@ -202,6 +239,10 @@ const openclawLifecycle = {
|
|
|
202
239
|
[openClawZoneFilesDirVmPath]: {
|
|
203
240
|
hostPath: zone.gateway.zoneFilesDir,
|
|
204
241
|
kind: "realfs"
|
|
242
|
+
},
|
|
243
|
+
[agentVmLogsDirVmPath]: {
|
|
244
|
+
hostPath: path.join(runtimeDir, "zones", zone.id, "logs"),
|
|
245
|
+
kind: "realfs"
|
|
205
246
|
}
|
|
206
247
|
}
|
|
207
248
|
};
|
|
@@ -209,14 +250,14 @@ const openclawLifecycle = {
|
|
|
209
250
|
buildProcessSpec(zone, resolvedSecrets) {
|
|
210
251
|
return {
|
|
211
252
|
bootstrapCommand: buildOpenClawBootstrapCommand(zone, resolvedSecrets),
|
|
212
|
-
startCommand: `set -a && . ${openClawRuntimeSecretsEnvFilePath} && set +a && cd /home/openclaw && nohup openclaw gateway --port 18789 >
|
|
253
|
+
startCommand: `set -a && . ${openClawRuntimeSecretsEnvFilePath} && set +a && cd /home/openclaw && nohup openclaw gateway --port 18789 > ${openClawGatewayBootLogFileVmPath} 2>&1 &`,
|
|
213
254
|
healthCheck: {
|
|
214
255
|
type: "http",
|
|
215
256
|
port: 18789,
|
|
216
257
|
path: "/readyz"
|
|
217
258
|
},
|
|
218
259
|
guestListenPort: 18789,
|
|
219
|
-
logPath:
|
|
260
|
+
logPath: openClawGatewayBootLogFileVmPath
|
|
220
261
|
};
|
|
221
262
|
},
|
|
222
263
|
async prepareHostState(zone, secretResolver) {
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","names":["openClawGatewayTokenSecretRef: OpenClawSecretRef","tcpHosts: Record<string, string>","parsedBaseConfig: unknown","openclawLifecycle: GatewayLifecycle","buildGatewaySessionLabelValue"],"sources":["../src/openclaw-lifecycle.ts"],"sourcesContent":["import { chmod, mkdir, readFile } from 'node:fs/promises';\nimport path from 'node:path';\n\nimport type {\n\tBuildGatewayVmSpecOptions,\n\tGatewayLifecycle,\n\tGatewayProcessSpec,\n\tGatewayZoneConfig,\n\tGatewayVmSpec,\n} from '@agent-vm/gateway-interface';\nimport {\n\tbuildGatewaySessionLabel as buildGatewaySessionLabelValue,\n\tsplitResolvedGatewaySecrets,\n} from '@agent-vm/gateway-interface';\nimport {\n\ttype SecretRef,\n\ttype SecretResolver,\n\twriteFileAtomically,\n} from '@agent-vm/gondolin-adapter';\n\nconst effectiveOpenClawConfigFileName = 'effective-openclaw.json';\nconst effectiveOpenClawConfigVmPath = `/home/openclaw/.openclaw/state/${effectiveOpenClawConfigFileName}`;\nconst openClawStateDirVmPath = '/home/openclaw/.openclaw/state';\nconst openClawCacheDirVmPath = '/home/openclaw/.openclaw/cache';\nconst openClawZoneFilesDirVmPath = '/zone';\nconst openClawShellEnvFilePath = '/etc/profile.d/openclaw-env.sh';\nconst openClawRuntimeSecretsEnvFilePath = '/run/openclaw/secrets.env';\nconst openClawGatewayTokenEnvVar = 'OPENCLAW_GATEWAY_TOKEN';\n\ninterface OpenClawSecretRef {\n\treadonly id: string;\n\treadonly provider: string;\n\treadonly source: 'env';\n}\n\nconst openClawGatewayTokenSecretRef: OpenClawSecretRef = {\n\tid: openClawGatewayTokenEnvVar,\n\tprovider: 'default',\n\tsource: 'env',\n};\n\nfunction isObjectRecord(value: unknown): value is Record<string, unknown> {\n\treturn typeof value === 'object' && value !== null && !Array.isArray(value);\n}\n\nfunction buildGatewayTcpHosts(\n\tzone: GatewayZoneConfig,\n\tcontrollerPort: number,\n\ttcpPool: { readonly basePort: number; readonly size: number },\n): Record<string, string> {\n\tconst tcpHosts: Record<string, string> = {\n\t\t'controller.vm.host:18800': `127.0.0.1:${controllerPort}`,\n\t};\n\n\tfor (let slot = 0; slot < tcpPool.size; slot += 1) {\n\t\ttcpHosts[`tool-${slot}.vm.host:22`] = `127.0.0.1:${tcpPool.basePort + slot}`;\n\t}\n\n\tfor (const websocketHost of zone.websocketBypass) {\n\t\ttcpHosts[websocketHost] = websocketHost;\n\t}\n\n\treturn tcpHosts;\n}\n\nfunction buildOpenClawBootstrapCommand(\n\tzone: GatewayZoneConfig,\n\tresolvedSecrets: Record<string, string>,\n): string {\n\tconst { environmentSecrets } = splitResolvedGatewaySecrets(zone, resolvedSecrets);\n\tconst environmentLines = [\n\t\t'export OPENCLAW_HOME=/home/openclaw',\n\t\t`export OPENCLAW_CONFIG_PATH=${effectiveOpenClawConfigVmPath}`,\n\t\t`export OPENCLAW_STATE_DIR=${openClawStateDirVmPath}`,\n\t\t'export PNPM_HOME=/pnpm',\n\t\t'export PATH=/pnpm:$PATH',\n\t\t'export TMPDIR=/work/tmp',\n\t\t'export TMP=/work/tmp',\n\t\t'export TEMP=/work/tmp',\n\t\t'export npm_config_cache=/work/cache/npm',\n\t\t'export pnpm_config_store_dir=/work/cache/pnpm/store',\n\t\t'export PIP_CACHE_DIR=/work/cache/pip',\n\t\t'export UV_CACHE_DIR=/work/cache/uv',\n\t\t'export NODE_EXTRA_CA_CERTS=/run/gondolin/ca-certificates.crt',\n\t];\n\tconst secretEnvironmentLines = Object.entries(environmentSecrets).map(\n\t\t([secretName, secretValue]) => `export ${secretName}=${shellQuote(secretValue)}`,\n\t);\n\n\treturn (\n\t\t`mkdir -p /root /etc/profile.d /run/openclaw /work/tmp /work/cache/npm /work/cache/pnpm/store /work/cache/pip /work/cache/uv && chown -R openclaw:openclaw /work && cat > ${openClawShellEnvFilePath} << 'ENVEOF'\\n` +\n\t\tenvironmentLines.join('\\n') +\n\t\t'\\nENVEOF\\n' +\n\t\t`chmod 644 ${openClawShellEnvFilePath} && ` +\n\t\t`cat > ${openClawRuntimeSecretsEnvFilePath} << 'ENVEOF'\\n` +\n\t\tsecretEnvironmentLines.join('\\n') +\n\t\t'\\nENVEOF\\n' +\n\t\t`chmod 600 ${openClawRuntimeSecretsEnvFilePath} && ` +\n\t\t'touch /root/.bashrc && ' +\n\t\t`grep -qxF 'source ${openClawShellEnvFilePath}' /root/.bashrc || echo 'source ${openClawShellEnvFilePath}' >> /root/.bashrc && ` +\n\t\t'touch /root/.bash_profile && ' +\n\t\t\"grep -qxF 'source /root/.bashrc' /root/.bash_profile || echo 'source /root/.bashrc' >> /root/.bash_profile\"\n\t);\n}\n\nfunction getEffectiveOpenClawConfigHostPath(zone: GatewayZoneConfig): string {\n\treturn path.join(zone.gateway.stateDir, effectiveOpenClawConfigFileName);\n}\n\nfunction shellQuote(value: string): string {\n\treturn `'${value.replace(/'/gu, `'\\\\''`)}'`;\n}\n\ntype SourceAwareSecretReference =\n\t| {\n\t\t\treadonly source: 'environment';\n\t\t\treadonly envVar: string;\n\t }\n\t| {\n\t\t\treadonly source: '1password';\n\t\t\treadonly ref: string;\n\t };\n\nfunction isSourceAwareSecretReference(value: unknown): value is SourceAwareSecretReference {\n\tif (typeof value !== 'object' || value === null) {\n\t\treturn false;\n\t}\n\n\tif (!('source' in value) || typeof value.source !== 'string') {\n\t\treturn false;\n\t}\n\n\tif (value.source === 'environment') {\n\t\treturn 'envVar' in value && typeof value.envVar === 'string';\n\t}\n\n\tif (value.source === '1password') {\n\t\treturn 'ref' in value && typeof value.ref === 'string';\n\t}\n\n\treturn false;\n}\n\nfunction toSecretRef(secret: SourceAwareSecretReference): SecretRef {\n\treturn secret.source === 'environment'\n\t\t? {\n\t\t\t\tsource: 'environment',\n\t\t\t\tref: secret.envVar,\n\t\t\t}\n\t\t: {\n\t\t\t\tsource: '1password',\n\t\t\t\tref: secret.ref,\n\t\t\t};\n}\n\nfunction describeSecretReference(secret: SourceAwareSecretReference): string {\n\treturn secret.source === 'environment' ? secret.envVar : secret.ref;\n}\n\nfunction buildEffectiveSecretsConfig(\n\tparsedBaseConfig: Record<string, unknown>,\n): Record<string, unknown> {\n\tconst existingSecretsConfig = isObjectRecord(parsedBaseConfig.secrets)\n\t\t? parsedBaseConfig.secrets\n\t\t: {};\n\tconst existingProvidersConfig = isObjectRecord(existingSecretsConfig.providers)\n\t\t? existingSecretsConfig.providers\n\t\t: {};\n\n\treturn {\n\t\t...existingSecretsConfig,\n\t\tproviders: {\n\t\t\t...existingProvidersConfig,\n\t\t\tdefault: {\n\t\t\t\tsource: 'env',\n\t\t\t},\n\t\t},\n\t};\n}\n\nasync function writeAuthProfilesIfConfigured(\n\tzone: GatewayZoneConfig,\n\tsecretResolver: SecretResolver,\n): Promise<void> {\n\tconst authProfilesByAgent = {\n\t\t...(zone.gateway.authProfilesRef ? { main: zone.gateway.authProfilesRef } : {}),\n\t\t...(zone.gateway.type === 'openclaw' ? (zone.gateway.authProfilesByAgent ?? {}) : {}),\n\t};\n\n\tconst writeResults = await Promise.allSettled(\n\t\tObject.entries(authProfilesByAgent).map(async ([agentId, authProfilesSecretCandidate]) => {\n\t\t\tif (!isSourceAwareSecretReference(authProfilesSecretCandidate)) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Zone '${zone.id}' has an invalid auth profile shape for agent '${agentId}'.`,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst authProfilesSecret = authProfilesSecretCandidate;\n\n\t\t\ttry {\n\t\t\t\tconst authProfilesDirectory = path.join(zone.gateway.stateDir, 'agents', agentId, 'agent');\n\t\t\t\tawait mkdir(authProfilesDirectory, { recursive: true, mode: 0o700 });\n\t\t\t\tawait chmod(authProfilesDirectory, 0o700);\n\t\t\t\tconst authProfiles = await secretResolver.resolve(toSecretRef(authProfilesSecret));\n\t\t\t\tawait writeFileAtomically(\n\t\t\t\t\tpath.join(authProfilesDirectory, 'auth-profiles.json'),\n\t\t\t\t\tauthProfiles,\n\t\t\t\t\t{ mode: 0o600 },\n\t\t\t\t);\n\t\t\t} catch (error) {\n\t\t\t\tconst message = error instanceof Error ? error.message : String(error);\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Failed to write OpenClaw auth profiles for zone '${zone.id}' agent '${agentId}' from '${describeSecretReference(authProfilesSecret)}': ${message}`,\n\t\t\t\t\t{ cause: error },\n\t\t\t\t);\n\t\t\t}\n\t\t}),\n\t);\n\tconst writeErrors = writeResults\n\t\t.filter((result): result is PromiseRejectedResult => result.status === 'rejected')\n\t\t.map((result) =>\n\t\t\tresult.reason instanceof Error ? result.reason : new Error(String(result.reason)),\n\t\t);\n\tif (writeErrors.length > 0) {\n\t\tthrow new AggregateError(\n\t\t\twriteErrors,\n\t\t\t`Failed to write ${String(writeErrors.length)} OpenClaw auth profile file(s) for zone '${zone.id}'.`,\n\t\t);\n\t}\n}\n\nasync function writeEffectiveOpenClawConfig(zone: GatewayZoneConfig): Promise<void> {\n\tconst gatewayTokenSecret = zone.secrets.OPENCLAW_GATEWAY_TOKEN;\n\tif (!gatewayTokenSecret) {\n\t\tthrow new Error(\n\t\t\t`Zone '${zone.id}' secret 'OPENCLAW_GATEWAY_TOKEN' is missing. Add an explicit 1Password or environment reference such as 'op://agent-vm/${zone.id}-gateway-auth/password'.`,\n\t\t);\n\t}\n\tif (!isSourceAwareSecretReference(gatewayTokenSecret)) {\n\t\tthrow new Error(`Zone '${zone.id}' secret 'OPENCLAW_GATEWAY_TOKEN' has an invalid shape.`);\n\t}\n\n\ttry {\n\t\tif (gatewayTokenSecret.source === '1password' && !gatewayTokenSecret.ref) {\n\t\t\tthrow new Error(\n\t\t\t\t`Zone '${zone.id}' secret 'OPENCLAW_GATEWAY_TOKEN' is missing 'ref'. Add an explicit 1Password reference such as 'op://agent-vm/${zone.id}-gateway-auth/password'.`,\n\t\t\t);\n\t\t}\n\t\tif (gatewayTokenSecret.source === 'environment' && !gatewayTokenSecret.envVar) {\n\t\t\tthrow new Error(\n\t\t\t\t`Zone '${zone.id}' secret 'OPENCLAW_GATEWAY_TOKEN' is missing 'envVar'. Add an explicit environment variable name.`,\n\t\t\t);\n\t\t}\n\t\tconst rawBaseConfig = await readFile(zone.gateway.config, 'utf8');\n\t\tconst parsedBaseConfig: unknown = JSON.parse(rawBaseConfig);\n\t\tif (!isObjectRecord(parsedBaseConfig)) {\n\t\t\tthrow new Error(`OpenClaw config at '${zone.gateway.config}' must be a JSON object.`);\n\t\t}\n\t\tconst config = isObjectRecord(parsedBaseConfig.gateway) ? parsedBaseConfig.gateway : {};\n\t\tconst existingAuthConfig = isObjectRecord(config.auth) ? config.auth : {};\n\t\tconst effectiveConfig = {\n\t\t\t...parsedBaseConfig,\n\t\t\tgateway: {\n\t\t\t\t...config,\n\t\t\t\tauth: {\n\t\t\t\t\t...existingAuthConfig,\n\t\t\t\t\tmode: 'token',\n\t\t\t\t\ttoken: openClawGatewayTokenSecretRef,\n\t\t\t\t},\n\t\t\t},\n\t\t\tmeta: {\n\t\t\t\t...(isObjectRecord(parsedBaseConfig.meta) ? parsedBaseConfig.meta : {}),\n\t\t\t\tlastTouchedAt: new Date().toISOString(),\n\t\t\t\tlastTouchedVersion: 'agent-vm',\n\t\t\t},\n\t\t\tsecrets: buildEffectiveSecretsConfig(parsedBaseConfig),\n\t\t};\n\t\tconst effectiveConfigPath = getEffectiveOpenClawConfigHostPath(zone);\n\t\tawait mkdir(zone.gateway.stateDir, { recursive: true, mode: 0o700 });\n\t\tawait chmod(zone.gateway.stateDir, 0o700);\n\t\tawait writeFileAtomically(\n\t\t\teffectiveConfigPath,\n\t\t\t`${JSON.stringify(effectiveConfig, null, 2)}\\n`,\n\t\t\t{ mode: 0o600 },\n\t\t);\n\t} catch (error) {\n\t\tconst message = error instanceof Error ? error.message : String(error);\n\t\tthrow new Error(\n\t\t\t`Failed to write effective OpenClaw config for zone '${zone.id}' from '${zone.gateway.config}' using secret '${describeSecretReference(gatewayTokenSecret)}': ${message}`,\n\t\t\t{ cause: error },\n\t\t);\n\t}\n}\n\nexport const openclawLifecycle: GatewayLifecycle = {\n\tauthConfig: {\n\t\tlistProvidersCommand: 'openclaw models auth list --format plain 2>/dev/null || echo \"\"',\n\t\tbuildLoginCommand: (\n\t\t\tprovider: string,\n\t\t\toptions: { readonly deviceCode?: boolean; readonly setDefault?: boolean } = {},\n\t\t): string =>\n\t\t\t[\n\t\t\t\t`openclaw models auth login --provider ${shellQuote(provider)}`,\n\t\t\t\t...(options.deviceCode === true ? ['--device-code'] : []),\n\t\t\t\t...(options.setDefault === true ? ['--set-default'] : []),\n\t\t\t].join(' '),\n\t},\n\n\tbuildVmSpec({\n\t\tcontrollerPort,\n\t\tgatewayCacheDir,\n\t\tprojectNamespace,\n\t\tresolvedSecrets,\n\t\ttcpPool,\n\t\tzone,\n\t}: BuildGatewayVmSpecOptions): GatewayVmSpec {\n\t\tif (zone.gateway.type !== 'openclaw') {\n\t\t\tthrow new Error(`OpenClaw lifecycle cannot build gateway type '${zone.gateway.type}'.`);\n\t\t}\n\t\tconst configDirectory = path.dirname(path.resolve(zone.gateway.config));\n\t\tconst { environmentSecrets, mediatedSecrets } = splitResolvedGatewaySecrets(\n\t\t\tzone,\n\t\t\tresolvedSecrets,\n\t\t);\n\n\t\treturn {\n\t\t\tallowedHosts: [...zone.allowedHosts],\n\t\t\tenvironment: {\n\t\t\t\tHOME: '/home/openclaw',\n\t\t\t\tNODE_EXTRA_CA_CERTS: '/run/gondolin/ca-certificates.crt',\n\t\t\t\tOPENCLAW_CONFIG_PATH: effectiveOpenClawConfigVmPath,\n\t\t\t\tOPENCLAW_HOME: '/home/openclaw',\n\t\t\t\tOPENCLAW_STATE_DIR: openClawStateDirVmPath,\n\t\t\t\tPATH: `/pnpm:${process.env.PATH ?? ''}`,\n\t\t\t\tPIP_CACHE_DIR: '/work/cache/pip',\n\t\t\t\tPNPM_HOME: '/pnpm',\n\t\t\t\tTEMP: '/work/tmp',\n\t\t\t\tTMP: '/work/tmp',\n\t\t\t\tTMPDIR: '/work/tmp',\n\t\t\t\tUV_CACHE_DIR: '/work/cache/uv',\n\t\t\t\tnpm_config_cache: '/work/cache/npm',\n\t\t\t\tpnpm_config_store_dir: '/work/cache/pnpm/store',\n\t\t\t\t...environmentSecrets,\n\t\t\t},\n\t\t\tmediatedSecrets,\n\t\t\trootfsMode: 'cow',\n\t\t\tsessionLabel: buildGatewaySessionLabelValue(projectNamespace, zone.id),\n\t\t\ttcpHosts: buildGatewayTcpHosts(zone, controllerPort, tcpPool),\n\t\t\tvfsMounts: {\n\t\t\t\t'/home/openclaw/.openclaw/config': {\n\t\t\t\t\thostPath: configDirectory,\n\t\t\t\t\tkind: 'realfs',\n\t\t\t\t},\n\t\t\t\t[openClawCacheDirVmPath]: {\n\t\t\t\t\thostPath: gatewayCacheDir,\n\t\t\t\t\tkind: 'realfs',\n\t\t\t\t},\n\t\t\t\t'/home/openclaw/.openclaw/state': {\n\t\t\t\t\thostPath: zone.gateway.stateDir,\n\t\t\t\t\tkind: 'realfs',\n\t\t\t\t},\n\t\t\t\t[openClawZoneFilesDirVmPath]: {\n\t\t\t\t\thostPath: zone.gateway.zoneFilesDir,\n\t\t\t\t\tkind: 'realfs',\n\t\t\t\t},\n\t\t\t},\n\t\t};\n\t},\n\n\tbuildProcessSpec(\n\t\tzone: GatewayZoneConfig,\n\t\tresolvedSecrets: Record<string, string>,\n\t): GatewayProcessSpec {\n\t\treturn {\n\t\t\tbootstrapCommand: buildOpenClawBootstrapCommand(zone, resolvedSecrets),\n\t\t\tstartCommand: `set -a && . ${openClawRuntimeSecretsEnvFilePath} && set +a && cd /home/openclaw && nohup openclaw gateway --port 18789 > /tmp/openclaw.log 2>&1 &`,\n\t\t\thealthCheck: {\n\t\t\t\ttype: 'http',\n\t\t\t\tport: 18789,\n\t\t\t\tpath: '/readyz',\n\t\t\t},\n\t\t\tguestListenPort: 18789,\n\t\t\tlogPath: '/tmp/openclaw.log',\n\t\t};\n\t},\n\n\tasync prepareHostState(zone: GatewayZoneConfig, secretResolver: SecretResolver): Promise<void> {\n\t\tawait writeEffectiveOpenClawConfig(zone);\n\t\tawait writeAuthProfilesIfConfigured(zone, secretResolver);\n\t},\n};\n"],"mappings":";;;;;;AAoBA,MAAM,kCAAkC;AACxC,MAAM,gCAAgC,kCAAkC;AACxE,MAAM,yBAAyB;AAC/B,MAAM,yBAAyB;AAC/B,MAAM,6BAA6B;AACnC,MAAM,2BAA2B;AACjC,MAAM,oCAAoC;AAS1C,MAAMA,gCAAmD;CACxD,IATkC;CAUlC,UAAU;CACV,QAAQ;CACR;AAED,SAAS,eAAe,OAAkD;AACzE,QAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,MAAM;;AAG5E,SAAS,qBACR,MACA,gBACA,SACyB;CACzB,MAAMC,WAAmC,EACxC,4BAA4B,aAAa,kBACzC;AAED,MAAK,IAAI,OAAO,GAAG,OAAO,QAAQ,MAAM,QAAQ,EAC/C,UAAS,QAAQ,KAAK,gBAAgB,aAAa,QAAQ,WAAW;AAGvE,MAAK,MAAM,iBAAiB,KAAK,gBAChC,UAAS,iBAAiB;AAG3B,QAAO;;AAGR,SAAS,8BACR,MACA,iBACS;CACT,MAAM,EAAE,uBAAuB,4BAA4B,MAAM,gBAAgB;CACjF,MAAM,mBAAmB;EACxB;EACA,+BAA+B;EAC/B,6BAA6B;EAC7B;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;CACD,MAAM,yBAAyB,OAAO,QAAQ,mBAAmB,CAAC,KAChE,CAAC,YAAY,iBAAiB,UAAU,WAAW,GAAG,WAAW,YAAY,GAC9E;AAED,QACC,4KAA4K,yBAAyB,kBACrM,iBAAiB,KAAK,KAAK,GAC3B;;YACa,yBAAyB,YAC7B,kCAAkC,kBAC3C,uBAAuB,KAAK,KAAK,GACjC;;YACa,kCAAkC,+CAE1B,yBAAyB,kCAAkC,yBAAyB;;AAM3G,SAAS,mCAAmC,MAAiC;AAC5E,QAAO,KAAK,KAAK,KAAK,QAAQ,UAAU,gCAAgC;;AAGzE,SAAS,WAAW,OAAuB;AAC1C,QAAO,IAAI,MAAM,QAAQ,OAAO,QAAQ,CAAC;;AAa1C,SAAS,6BAA6B,OAAqD;AAC1F,KAAI,OAAO,UAAU,YAAY,UAAU,KAC1C,QAAO;AAGR,KAAI,EAAE,YAAY,UAAU,OAAO,MAAM,WAAW,SACnD,QAAO;AAGR,KAAI,MAAM,WAAW,cACpB,QAAO,YAAY,SAAS,OAAO,MAAM,WAAW;AAGrD,KAAI,MAAM,WAAW,YACpB,QAAO,SAAS,SAAS,OAAO,MAAM,QAAQ;AAG/C,QAAO;;AAGR,SAAS,YAAY,QAA+C;AACnE,QAAO,OAAO,WAAW,gBACtB;EACA,QAAQ;EACR,KAAK,OAAO;EACZ,GACA;EACA,QAAQ;EACR,KAAK,OAAO;EACZ;;AAGJ,SAAS,wBAAwB,QAA4C;AAC5E,QAAO,OAAO,WAAW,gBAAgB,OAAO,SAAS,OAAO;;AAGjE,SAAS,4BACR,kBAC0B;CAC1B,MAAM,wBAAwB,eAAe,iBAAiB,QAAQ,GACnE,iBAAiB,UACjB,EAAE;CACL,MAAM,0BAA0B,eAAe,sBAAsB,UAAU,GAC5E,sBAAsB,YACtB,EAAE;AAEL,QAAO;EACN,GAAG;EACH,WAAW;GACV,GAAG;GACH,SAAS,EACR,QAAQ,OACR;GACD;EACD;;AAGF,eAAe,8BACd,MACA,gBACgB;CAChB,MAAM,sBAAsB;EAC3B,GAAI,KAAK,QAAQ,kBAAkB,EAAE,MAAM,KAAK,QAAQ,iBAAiB,GAAG,EAAE;EAC9E,GAAI,KAAK,QAAQ,SAAS,aAAc,KAAK,QAAQ,uBAAuB,EAAE,GAAI,EAAE;EACpF;CA8BD,MAAM,eA5Be,MAAM,QAAQ,WAClC,OAAO,QAAQ,oBAAoB,CAAC,IAAI,OAAO,CAAC,SAAS,iCAAiC;AACzF,MAAI,CAAC,6BAA6B,4BAA4B,CAC7D,OAAM,IAAI,MACT,SAAS,KAAK,GAAG,iDAAiD,QAAQ,IAC1E;EAEF,MAAM,qBAAqB;AAE3B,MAAI;GACH,MAAM,wBAAwB,KAAK,KAAK,KAAK,QAAQ,UAAU,UAAU,SAAS,QAAQ;AAC1F,SAAM,MAAM,uBAAuB;IAAE,WAAW;IAAM,MAAM;IAAO,CAAC;AACpE,SAAM,MAAM,uBAAuB,IAAM;GACzC,MAAM,eAAe,MAAM,eAAe,QAAQ,YAAY,mBAAmB,CAAC;AAClF,SAAM,oBACL,KAAK,KAAK,uBAAuB,qBAAqB,EACtD,cACA,EAAE,MAAM,KAAO,CACf;WACO,OAAO;GACf,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;AACtE,SAAM,IAAI,MACT,oDAAoD,KAAK,GAAG,WAAW,QAAQ,UAAU,wBAAwB,mBAAmB,CAAC,KAAK,WAC1I,EAAE,OAAO,OAAO,CAChB;;GAED,CACF,EAEC,QAAQ,WAA4C,OAAO,WAAW,WAAW,CACjF,KAAK,WACL,OAAO,kBAAkB,QAAQ,OAAO,SAAS,IAAI,MAAM,OAAO,OAAO,OAAO,CAAC,CACjF;AACF,KAAI,YAAY,SAAS,EACxB,OAAM,IAAI,eACT,aACA,mBAAmB,OAAO,YAAY,OAAO,CAAC,2CAA2C,KAAK,GAAG,IACjG;;AAIH,eAAe,6BAA6B,MAAwC;CACnF,MAAM,qBAAqB,KAAK,QAAQ;AACxC,KAAI,CAAC,mBACJ,OAAM,IAAI,MACT,SAAS,KAAK,GAAG,0HAA0H,KAAK,GAAG,0BACnJ;AAEF,KAAI,CAAC,6BAA6B,mBAAmB,CACpD,OAAM,IAAI,MAAM,SAAS,KAAK,GAAG,yDAAyD;AAG3F,KAAI;AACH,MAAI,mBAAmB,WAAW,eAAe,CAAC,mBAAmB,IACpE,OAAM,IAAI,MACT,SAAS,KAAK,GAAG,iHAAiH,KAAK,GAAG,0BAC1I;AAEF,MAAI,mBAAmB,WAAW,iBAAiB,CAAC,mBAAmB,OACtE,OAAM,IAAI,MACT,SAAS,KAAK,GAAG,mGACjB;EAEF,MAAM,gBAAgB,MAAM,SAAS,KAAK,QAAQ,QAAQ,OAAO;EACjE,MAAMC,mBAA4B,KAAK,MAAM,cAAc;AAC3D,MAAI,CAAC,eAAe,iBAAiB,CACpC,OAAM,IAAI,MAAM,uBAAuB,KAAK,QAAQ,OAAO,0BAA0B;EAEtF,MAAM,SAAS,eAAe,iBAAiB,QAAQ,GAAG,iBAAiB,UAAU,EAAE;EACvF,MAAM,qBAAqB,eAAe,OAAO,KAAK,GAAG,OAAO,OAAO,EAAE;EACzE,MAAM,kBAAkB;GACvB,GAAG;GACH,SAAS;IACR,GAAG;IACH,MAAM;KACL,GAAG;KACH,MAAM;KACN,OAAO;KACP;IACD;GACD,MAAM;IACL,GAAI,eAAe,iBAAiB,KAAK,GAAG,iBAAiB,OAAO,EAAE;IACtE,gCAAe,IAAI,MAAM,EAAC,aAAa;IACvC,oBAAoB;IACpB;GACD,SAAS,4BAA4B,iBAAiB;GACtD;EACD,MAAM,sBAAsB,mCAAmC,KAAK;AACpE,QAAM,MAAM,KAAK,QAAQ,UAAU;GAAE,WAAW;GAAM,MAAM;GAAO,CAAC;AACpE,QAAM,MAAM,KAAK,QAAQ,UAAU,IAAM;AACzC,QAAM,oBACL,qBACA,GAAG,KAAK,UAAU,iBAAiB,MAAM,EAAE,CAAC,KAC5C,EAAE,MAAM,KAAO,CACf;UACO,OAAO;EACf,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;AACtE,QAAM,IAAI,MACT,uDAAuD,KAAK,GAAG,UAAU,KAAK,QAAQ,OAAO,kBAAkB,wBAAwB,mBAAmB,CAAC,KAAK,WAChK,EAAE,OAAO,OAAO,CAChB;;;AAIH,MAAaC,oBAAsC;CAClD,YAAY;EACX,sBAAsB;EACtB,oBACC,UACA,UAA4E,EAAE,KAE9E;GACC,yCAAyC,WAAW,SAAS;GAC7D,GAAI,QAAQ,eAAe,OAAO,CAAC,gBAAgB,GAAG,EAAE;GACxD,GAAI,QAAQ,eAAe,OAAO,CAAC,gBAAgB,GAAG,EAAE;GACxD,CAAC,KAAK,IAAI;EACZ;CAED,YAAY,EACX,gBACA,iBACA,kBACA,iBACA,SACA,QAC4C;AAC5C,MAAI,KAAK,QAAQ,SAAS,WACzB,OAAM,IAAI,MAAM,iDAAiD,KAAK,QAAQ,KAAK,IAAI;EAExF,MAAM,kBAAkB,KAAK,QAAQ,KAAK,QAAQ,KAAK,QAAQ,OAAO,CAAC;EACvE,MAAM,EAAE,oBAAoB,oBAAoB,4BAC/C,MACA,gBACA;AAED,SAAO;GACN,cAAc,CAAC,GAAG,KAAK,aAAa;GACpC,aAAa;IACZ,MAAM;IACN,qBAAqB;IACrB,sBAAsB;IACtB,eAAe;IACf,oBAAoB;IACpB,MAAM,SAAS,QAAQ,IAAI,QAAQ;IACnC,eAAe;IACf,WAAW;IACX,MAAM;IACN,KAAK;IACL,QAAQ;IACR,cAAc;IACd,kBAAkB;IAClB,uBAAuB;IACvB,GAAG;IACH;GACD;GACA,YAAY;GACZ,cAAcC,yBAA8B,kBAAkB,KAAK,GAAG;GACtE,UAAU,qBAAqB,MAAM,gBAAgB,QAAQ;GAC7D,WAAW;IACV,mCAAmC;KAClC,UAAU;KACV,MAAM;KACN;KACA,yBAAyB;KACzB,UAAU;KACV,MAAM;KACN;IACD,kCAAkC;KACjC,UAAU,KAAK,QAAQ;KACvB,MAAM;KACN;KACA,6BAA6B;KAC7B,UAAU,KAAK,QAAQ;KACvB,MAAM;KACN;IACD;GACD;;CAGF,iBACC,MACA,iBACqB;AACrB,SAAO;GACN,kBAAkB,8BAA8B,MAAM,gBAAgB;GACtE,cAAc,eAAe,kCAAkC;GAC/D,aAAa;IACZ,MAAM;IACN,MAAM;IACN,MAAM;IACN;GACD,iBAAiB;GACjB,SAAS;GACT;;CAGF,MAAM,iBAAiB,MAAyB,gBAA+C;AAC9F,QAAM,6BAA6B,KAAK;AACxC,QAAM,8BAA8B,MAAM,eAAe;;CAE1D"}
|
|
1
|
+
{"version":3,"file":"index.js","names":["openClawGatewayTokenSecretRef: OpenClawSecretRef","tcpHosts: Record<string, string>","parsedBaseConfig: unknown","openclawLifecycle: GatewayLifecycle","buildGatewaySessionLabelValue"],"sources":["../src/openclaw-lifecycle.ts"],"sourcesContent":["import { chmod, mkdir, readFile } from 'node:fs/promises';\nimport path from 'node:path';\n\nimport type {\n\tBuildGatewayVmSpecOptions,\n\tGatewayLifecycle,\n\tGatewayProcessSpec,\n\tGatewayZoneConfig,\n\tGatewayVmSpec,\n} from '@agent-vm/gateway-interface';\nimport {\n\tbuildGatewaySessionLabel as buildGatewaySessionLabelValue,\n\tsplitResolvedGatewaySecrets,\n} from '@agent-vm/gateway-interface';\nimport {\n\ttype SecretRef,\n\ttype SecretResolver,\n\twriteFileAtomically,\n} from '@agent-vm/gondolin-adapter';\n\nconst effectiveOpenClawConfigFileName = 'effective-openclaw.json';\nconst effectiveOpenClawConfigVmPath = `/home/openclaw/.openclaw/state/${effectiveOpenClawConfigFileName}`;\nconst openClawStateDirVmPath = '/home/openclaw/.openclaw/state';\nconst openClawCacheDirVmPath = '/home/openclaw/.openclaw/cache';\nconst openClawZoneFilesDirVmPath = '/zone';\nconst agentVmLogsDirVmPath = '/agent-vm/logs';\nconst openClawRuntimeLogFileVmPath = `${agentVmLogsDirVmPath}/openclaw-YYYY-MM-DD.log`;\nconst openClawGatewayBootLogFileVmPath = `${agentVmLogsDirVmPath}/gateway-boot-latest.log`;\nconst openClawShellEnvFilePath = '/etc/profile.d/openclaw-env.sh';\nconst openClawRuntimeSecretsEnvFilePath = '/run/openclaw/secrets.env';\nconst openClawGatewayTokenEnvVar = 'OPENCLAW_GATEWAY_TOKEN';\n\ninterface OpenClawSecretRef {\n\treadonly id: string;\n\treadonly provider: string;\n\treadonly source: 'env';\n}\n\nconst openClawGatewayTokenSecretRef: OpenClawSecretRef = {\n\tid: openClawGatewayTokenEnvVar,\n\tprovider: 'default',\n\tsource: 'env',\n};\n\nfunction isObjectRecord(value: unknown): value is Record<string, unknown> {\n\treturn typeof value === 'object' && value !== null && !Array.isArray(value);\n}\n\nfunction buildGatewayTcpHosts(\n\tzone: GatewayZoneConfig,\n\tcontrollerPort: number,\n\ttcpPool: { readonly basePort: number; readonly size: number },\n): Record<string, string> {\n\tconst tcpHosts: Record<string, string> = {\n\t\t'controller.vm.host:18800': `127.0.0.1:${controllerPort}`,\n\t};\n\n\tfor (let slot = 0; slot < tcpPool.size; slot += 1) {\n\t\ttcpHosts[`tool-${slot}.vm.host:22`] = `127.0.0.1:${tcpPool.basePort + slot}`;\n\t}\n\n\tfor (const websocketHost of zone.websocketBypass) {\n\t\ttcpHosts[websocketHost] = websocketHost;\n\t}\n\n\treturn tcpHosts;\n}\n\nfunction buildOpenClawBootstrapCommand(\n\tzone: GatewayZoneConfig,\n\tresolvedSecrets: Record<string, string>,\n): string {\n\tconst { environmentSecrets } = splitResolvedGatewaySecrets(zone, resolvedSecrets);\n\tconst environmentLines = [\n\t\t'export OPENCLAW_HOME=/home/openclaw',\n\t\t`export OPENCLAW_CONFIG_PATH=${effectiveOpenClawConfigVmPath}`,\n\t\t`export OPENCLAW_STATE_DIR=${openClawStateDirVmPath}`,\n\t\t'export PNPM_HOME=/pnpm',\n\t\t'export PATH=/pnpm:$PATH',\n\t\t'export TMPDIR=/work/tmp',\n\t\t'export TMP=/work/tmp',\n\t\t'export TEMP=/work/tmp',\n\t\t'export npm_config_cache=/work/cache/npm',\n\t\t'export pnpm_config_store_dir=/work/cache/pnpm/store',\n\t\t'export PIP_CACHE_DIR=/work/cache/pip',\n\t\t'export UV_CACHE_DIR=/work/cache/uv',\n\t\t'export NODE_EXTRA_CA_CERTS=/run/gondolin/ca-certificates.crt',\n\t];\n\tconst secretEnvironmentLines = Object.entries({\n\t\t...environmentSecrets,\n\t\t...zone.runtimeEnvironment,\n\t}).map(([secretName, secretValue]) => `export ${secretName}=${shellQuote(secretValue)}`);\n\n\treturn (\n\t\t`mkdir -p /root /etc/profile.d /run/openclaw /work/tmp /work/cache/npm /work/cache/pnpm/store /work/cache/pip /work/cache/uv && chown -R openclaw:openclaw /work && cat > ${openClawShellEnvFilePath} << 'ENVEOF'\\n` +\n\t\tenvironmentLines.join('\\n') +\n\t\t'\\nENVEOF\\n' +\n\t\t`chmod 644 ${openClawShellEnvFilePath} && ` +\n\t\t`cat > ${openClawRuntimeSecretsEnvFilePath} << 'ENVEOF'\\n` +\n\t\tsecretEnvironmentLines.join('\\n') +\n\t\t'\\nENVEOF\\n' +\n\t\t`chmod 600 ${openClawRuntimeSecretsEnvFilePath} && ` +\n\t\t'touch /root/.bashrc && ' +\n\t\t`grep -qxF 'source ${openClawShellEnvFilePath}' /root/.bashrc || echo 'source ${openClawShellEnvFilePath}' >> /root/.bashrc && ` +\n\t\t'touch /root/.bash_profile && ' +\n\t\t\"grep -qxF 'source /root/.bashrc' /root/.bash_profile || echo 'source /root/.bashrc' >> /root/.bash_profile\"\n\t);\n}\n\nfunction getEffectiveOpenClawConfigHostPath(zone: GatewayZoneConfig): string {\n\treturn path.join(zone.gateway.stateDir, effectiveOpenClawConfigFileName);\n}\n\nfunction shellQuote(value: string): string {\n\treturn `'${value.replace(/'/gu, `'\\\\''`)}'`;\n}\n\ntype SourceAwareSecretReference =\n\t| {\n\t\t\treadonly source: 'environment';\n\t\t\treadonly envVar: string;\n\t }\n\t| {\n\t\t\treadonly source: '1password';\n\t\t\treadonly ref: string;\n\t };\n\nfunction isSourceAwareSecretReference(value: unknown): value is SourceAwareSecretReference {\n\tif (typeof value !== 'object' || value === null) {\n\t\treturn false;\n\t}\n\n\tif (!('source' in value) || typeof value.source !== 'string') {\n\t\treturn false;\n\t}\n\n\tif (value.source === 'environment') {\n\t\treturn 'envVar' in value && typeof value.envVar === 'string';\n\t}\n\n\tif (value.source === '1password') {\n\t\treturn 'ref' in value && typeof value.ref === 'string';\n\t}\n\n\treturn false;\n}\n\nfunction toSecretRef(secret: SourceAwareSecretReference): SecretRef {\n\treturn secret.source === 'environment'\n\t\t? {\n\t\t\t\tsource: 'environment',\n\t\t\t\tref: secret.envVar,\n\t\t\t}\n\t\t: {\n\t\t\t\tsource: '1password',\n\t\t\t\tref: secret.ref,\n\t\t\t};\n}\n\nfunction describeSecretReference(secret: SourceAwareSecretReference): string {\n\treturn secret.source === 'environment' ? secret.envVar : secret.ref;\n}\n\nfunction buildEffectiveSecretsConfig(\n\tparsedBaseConfig: Record<string, unknown>,\n): Record<string, unknown> {\n\tconst existingSecretsConfig = isObjectRecord(parsedBaseConfig.secrets)\n\t\t? parsedBaseConfig.secrets\n\t\t: {};\n\tconst existingProvidersConfig = isObjectRecord(existingSecretsConfig.providers)\n\t\t? existingSecretsConfig.providers\n\t\t: {};\n\n\treturn {\n\t\t...existingSecretsConfig,\n\t\tproviders: {\n\t\t\t...existingProvidersConfig,\n\t\t\tdefault: {\n\t\t\t\tsource: 'env',\n\t\t\t},\n\t\t},\n\t};\n}\n\nfunction buildEffectivePluginsConfig(\n\tparsedBaseConfig: Record<string, unknown>,\n\truntimePluginConfigs: Readonly<Record<string, Readonly<Record<string, unknown>>>> | undefined,\n): Record<string, unknown> {\n\tconst existingPluginsConfig = isObjectRecord(parsedBaseConfig.plugins)\n\t\t? parsedBaseConfig.plugins\n\t\t: {};\n\tconst existingEntriesConfig = isObjectRecord(existingPluginsConfig.entries)\n\t\t? existingPluginsConfig.entries\n\t\t: {};\n\tconst runtimeEntriesConfig = Object.fromEntries(\n\t\tObject.entries(runtimePluginConfigs ?? {}).map(([pluginId, runtimeConfig]) => {\n\t\t\tconst existingEntryConfig = isObjectRecord(existingEntriesConfig[pluginId])\n\t\t\t\t? existingEntriesConfig[pluginId]\n\t\t\t\t: {};\n\t\t\tconst existingPluginConfig = isObjectRecord(existingEntryConfig.config)\n\t\t\t\t? existingEntryConfig.config\n\t\t\t\t: {};\n\t\t\treturn [\n\t\t\t\tpluginId,\n\t\t\t\t{\n\t\t\t\t\t...existingEntryConfig,\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\t...existingPluginConfig,\n\t\t\t\t\t\t...runtimeConfig,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t] as const;\n\t\t}),\n\t);\n\n\treturn {\n\t\t...existingPluginsConfig,\n\t\tentries: {\n\t\t\t...existingEntriesConfig,\n\t\t\t...runtimeEntriesConfig,\n\t\t},\n\t};\n}\n\nfunction buildEffectiveLoggingConfig(\n\tparsedBaseConfig: Record<string, unknown>,\n): Record<string, unknown> {\n\tconst existingLoggingConfig = isObjectRecord(parsedBaseConfig.logging)\n\t\t? parsedBaseConfig.logging\n\t\t: {};\n\n\treturn {\n\t\tfile: openClawRuntimeLogFileVmPath,\n\t\t...existingLoggingConfig,\n\t};\n}\n\nasync function writeAuthProfilesIfConfigured(\n\tzone: GatewayZoneConfig,\n\tsecretResolver: SecretResolver,\n): Promise<void> {\n\tconst authProfilesByAgent = {\n\t\t...(zone.gateway.authProfilesRef ? { main: zone.gateway.authProfilesRef } : {}),\n\t\t...(zone.gateway.type === 'openclaw' ? (zone.gateway.authProfilesByAgent ?? {}) : {}),\n\t};\n\n\tconst writeResults = await Promise.allSettled(\n\t\tObject.entries(authProfilesByAgent).map(async ([agentId, authProfilesSecretCandidate]) => {\n\t\t\tif (!isSourceAwareSecretReference(authProfilesSecretCandidate)) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Zone '${zone.id}' has an invalid auth profile shape for agent '${agentId}'.`,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst authProfilesSecret = authProfilesSecretCandidate;\n\n\t\t\ttry {\n\t\t\t\tconst authProfilesDirectory = path.join(zone.gateway.stateDir, 'agents', agentId, 'agent');\n\t\t\t\tawait mkdir(authProfilesDirectory, { recursive: true, mode: 0o700 });\n\t\t\t\tawait chmod(authProfilesDirectory, 0o700);\n\t\t\t\tconst authProfiles = await secretResolver.resolve(toSecretRef(authProfilesSecret));\n\t\t\t\tawait writeFileAtomically(\n\t\t\t\t\tpath.join(authProfilesDirectory, 'auth-profiles.json'),\n\t\t\t\t\tauthProfiles,\n\t\t\t\t\t{ mode: 0o600 },\n\t\t\t\t);\n\t\t\t} catch (error) {\n\t\t\t\tconst message = error instanceof Error ? error.message : String(error);\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Failed to write OpenClaw auth profiles for zone '${zone.id}' agent '${agentId}' from '${describeSecretReference(authProfilesSecret)}': ${message}`,\n\t\t\t\t\t{ cause: error },\n\t\t\t\t);\n\t\t\t}\n\t\t}),\n\t);\n\tconst writeErrors = writeResults\n\t\t.filter((result): result is PromiseRejectedResult => result.status === 'rejected')\n\t\t.map((result) =>\n\t\t\tresult.reason instanceof Error ? result.reason : new Error(String(result.reason)),\n\t\t);\n\tif (writeErrors.length > 0) {\n\t\tthrow new AggregateError(\n\t\t\twriteErrors,\n\t\t\t`Failed to write ${String(writeErrors.length)} OpenClaw auth profile file(s) for zone '${zone.id}'.`,\n\t\t);\n\t}\n}\n\nasync function writeEffectiveOpenClawConfig(zone: GatewayZoneConfig): Promise<void> {\n\tconst gatewayTokenSecret = zone.secrets.OPENCLAW_GATEWAY_TOKEN;\n\tif (!gatewayTokenSecret) {\n\t\tthrow new Error(\n\t\t\t`Zone '${zone.id}' secret 'OPENCLAW_GATEWAY_TOKEN' is missing. Add an explicit 1Password or environment reference such as 'op://agent-vm/${zone.id}-gateway-auth/password'.`,\n\t\t);\n\t}\n\tif (!isSourceAwareSecretReference(gatewayTokenSecret)) {\n\t\tthrow new Error(`Zone '${zone.id}' secret 'OPENCLAW_GATEWAY_TOKEN' has an invalid shape.`);\n\t}\n\n\ttry {\n\t\tif (gatewayTokenSecret.source === '1password' && !gatewayTokenSecret.ref) {\n\t\t\tthrow new Error(\n\t\t\t\t`Zone '${zone.id}' secret 'OPENCLAW_GATEWAY_TOKEN' is missing 'ref'. Add an explicit 1Password reference such as 'op://agent-vm/${zone.id}-gateway-auth/password'.`,\n\t\t\t);\n\t\t}\n\t\tif (gatewayTokenSecret.source === 'environment' && !gatewayTokenSecret.envVar) {\n\t\t\tthrow new Error(\n\t\t\t\t`Zone '${zone.id}' secret 'OPENCLAW_GATEWAY_TOKEN' is missing 'envVar'. Add an explicit environment variable name.`,\n\t\t\t);\n\t\t}\n\t\tconst rawBaseConfig = await readFile(zone.gateway.config, 'utf8');\n\t\tconst parsedBaseConfig: unknown = JSON.parse(rawBaseConfig);\n\t\tif (!isObjectRecord(parsedBaseConfig)) {\n\t\t\tthrow new Error(`OpenClaw config at '${zone.gateway.config}' must be a JSON object.`);\n\t\t}\n\t\tconst config = isObjectRecord(parsedBaseConfig.gateway) ? parsedBaseConfig.gateway : {};\n\t\tconst existingAuthConfig = isObjectRecord(config.auth) ? config.auth : {};\n\t\tconst effectiveConfig = {\n\t\t\t...parsedBaseConfig,\n\t\t\tlogging: buildEffectiveLoggingConfig(parsedBaseConfig),\n\t\t\tgateway: {\n\t\t\t\t...config,\n\t\t\t\tauth: {\n\t\t\t\t\t...existingAuthConfig,\n\t\t\t\t\tmode: 'token',\n\t\t\t\t\ttoken: openClawGatewayTokenSecretRef,\n\t\t\t\t},\n\t\t\t},\n\t\t\tmeta: {\n\t\t\t\t...(isObjectRecord(parsedBaseConfig.meta) ? parsedBaseConfig.meta : {}),\n\t\t\t\tlastTouchedAt: new Date().toISOString(),\n\t\t\t\tlastTouchedVersion: 'agent-vm',\n\t\t\t},\n\t\t\tplugins: buildEffectivePluginsConfig(parsedBaseConfig, zone.runtimePluginConfigs),\n\t\t\tsecrets: buildEffectiveSecretsConfig(parsedBaseConfig),\n\t\t};\n\t\tconst effectiveConfigPath = getEffectiveOpenClawConfigHostPath(zone);\n\t\tawait mkdir(zone.gateway.stateDir, { recursive: true, mode: 0o700 });\n\t\tawait chmod(zone.gateway.stateDir, 0o700);\n\t\tawait writeFileAtomically(\n\t\t\teffectiveConfigPath,\n\t\t\t`${JSON.stringify(effectiveConfig, null, 2)}\\n`,\n\t\t\t{ mode: 0o600 },\n\t\t);\n\t} catch (error) {\n\t\tconst message = error instanceof Error ? error.message : String(error);\n\t\tthrow new Error(\n\t\t\t`Failed to write effective OpenClaw config for zone '${zone.id}' from '${zone.gateway.config}' using secret '${describeSecretReference(gatewayTokenSecret)}': ${message}`,\n\t\t\t{ cause: error },\n\t\t);\n\t}\n}\n\nexport const openclawLifecycle: GatewayLifecycle = {\n\tauthConfig: {\n\t\tlistProvidersCommand: 'openclaw models auth list --format plain 2>/dev/null || echo \"\"',\n\t\tbuildLoginCommand: (\n\t\t\tprovider: string,\n\t\t\toptions: { readonly deviceCode?: boolean; readonly setDefault?: boolean } = {},\n\t\t): string =>\n\t\t\t[\n\t\t\t\t`openclaw models auth login --provider ${shellQuote(provider)}`,\n\t\t\t\t...(options.deviceCode === true ? ['--device-code'] : []),\n\t\t\t\t...(options.setDefault === true ? ['--set-default'] : []),\n\t\t\t].join(' '),\n\t},\n\n\tbuildVmSpec({\n\t\tcontrollerPort,\n\t\tgatewayCacheDir,\n\t\tprojectNamespace,\n\t\tresolvedSecrets,\n\t\truntimeDir,\n\t\ttcpPool,\n\t\tzone,\n\t}: BuildGatewayVmSpecOptions): GatewayVmSpec {\n\t\tif (zone.gateway.type !== 'openclaw') {\n\t\t\tthrow new Error(`OpenClaw lifecycle cannot build gateway type '${zone.gateway.type}'.`);\n\t\t}\n\t\tconst configDirectory = path.dirname(path.resolve(zone.gateway.config));\n\t\tconst { environmentSecrets, mediatedSecrets } = splitResolvedGatewaySecrets(\n\t\t\tzone,\n\t\t\tresolvedSecrets,\n\t\t);\n\n\t\treturn {\n\t\t\tallowedHosts: [...zone.allowedHosts],\n\t\t\tenvironment: {\n\t\t\t\tHOME: '/home/openclaw',\n\t\t\t\tNODE_EXTRA_CA_CERTS: '/run/gondolin/ca-certificates.crt',\n\t\t\t\tOPENCLAW_CONFIG_PATH: effectiveOpenClawConfigVmPath,\n\t\t\t\tOPENCLAW_HOME: '/home/openclaw',\n\t\t\t\tOPENCLAW_STATE_DIR: openClawStateDirVmPath,\n\t\t\t\tPATH: `/pnpm:${process.env.PATH ?? ''}`,\n\t\t\t\tPIP_CACHE_DIR: '/work/cache/pip',\n\t\t\t\tPNPM_HOME: '/pnpm',\n\t\t\t\tTEMP: '/work/tmp',\n\t\t\t\tTMP: '/work/tmp',\n\t\t\t\tTMPDIR: '/work/tmp',\n\t\t\t\tUV_CACHE_DIR: '/work/cache/uv',\n\t\t\t\tnpm_config_cache: '/work/cache/npm',\n\t\t\t\tpnpm_config_store_dir: '/work/cache/pnpm/store',\n\t\t\t\t...environmentSecrets,\n\t\t\t\t...zone.runtimeEnvironment,\n\t\t\t},\n\t\t\tmediatedSecrets,\n\t\t\trootfsMode: 'cow',\n\t\t\tsessionLabel: buildGatewaySessionLabelValue(projectNamespace, zone.id),\n\t\t\ttcpHosts: buildGatewayTcpHosts(zone, controllerPort, tcpPool),\n\t\t\tvfsMounts: {\n\t\t\t\t'/home/openclaw/.openclaw/config': {\n\t\t\t\t\thostPath: configDirectory,\n\t\t\t\t\tkind: 'realfs',\n\t\t\t\t},\n\t\t\t\t[openClawCacheDirVmPath]: {\n\t\t\t\t\thostPath: gatewayCacheDir,\n\t\t\t\t\tkind: 'realfs',\n\t\t\t\t},\n\t\t\t\t'/home/openclaw/.openclaw/state': {\n\t\t\t\t\thostPath: zone.gateway.stateDir,\n\t\t\t\t\tkind: 'realfs',\n\t\t\t\t},\n\t\t\t\t[openClawZoneFilesDirVmPath]: {\n\t\t\t\t\thostPath: zone.gateway.zoneFilesDir,\n\t\t\t\t\tkind: 'realfs',\n\t\t\t\t},\n\t\t\t\t[agentVmLogsDirVmPath]: {\n\t\t\t\t\thostPath: path.join(runtimeDir, 'zones', zone.id, 'logs'),\n\t\t\t\t\tkind: 'realfs',\n\t\t\t\t},\n\t\t\t},\n\t\t};\n\t},\n\n\tbuildProcessSpec(\n\t\tzone: GatewayZoneConfig,\n\t\tresolvedSecrets: Record<string, string>,\n\t): GatewayProcessSpec {\n\t\treturn {\n\t\t\tbootstrapCommand: buildOpenClawBootstrapCommand(zone, resolvedSecrets),\n\t\t\tstartCommand: `set -a && . ${openClawRuntimeSecretsEnvFilePath} && set +a && cd /home/openclaw && nohup openclaw gateway --port 18789 > ${openClawGatewayBootLogFileVmPath} 2>&1 &`,\n\t\t\thealthCheck: {\n\t\t\t\ttype: 'http',\n\t\t\t\tport: 18789,\n\t\t\t\tpath: '/readyz',\n\t\t\t},\n\t\t\tguestListenPort: 18789,\n\t\t\tlogPath: openClawGatewayBootLogFileVmPath,\n\t\t};\n\t},\n\n\tasync prepareHostState(zone: GatewayZoneConfig, secretResolver: SecretResolver): Promise<void> {\n\t\tawait writeEffectiveOpenClawConfig(zone);\n\t\tawait writeAuthProfilesIfConfigured(zone, secretResolver);\n\t},\n};\n"],"mappings":";;;;;;AAoBA,MAAM,kCAAkC;AACxC,MAAM,gCAAgC,kCAAkC;AACxE,MAAM,yBAAyB;AAC/B,MAAM,yBAAyB;AAC/B,MAAM,6BAA6B;AACnC,MAAM,uBAAuB;AAC7B,MAAM,+BAA+B,GAAG,qBAAqB;AAC7D,MAAM,mCAAmC,GAAG,qBAAqB;AACjE,MAAM,2BAA2B;AACjC,MAAM,oCAAoC;AAS1C,MAAMA,gCAAmD;CACxD,IATkC;CAUlC,UAAU;CACV,QAAQ;CACR;AAED,SAAS,eAAe,OAAkD;AACzE,QAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,MAAM;;AAG5E,SAAS,qBACR,MACA,gBACA,SACyB;CACzB,MAAMC,WAAmC,EACxC,4BAA4B,aAAa,kBACzC;AAED,MAAK,IAAI,OAAO,GAAG,OAAO,QAAQ,MAAM,QAAQ,EAC/C,UAAS,QAAQ,KAAK,gBAAgB,aAAa,QAAQ,WAAW;AAGvE,MAAK,MAAM,iBAAiB,KAAK,gBAChC,UAAS,iBAAiB;AAG3B,QAAO;;AAGR,SAAS,8BACR,MACA,iBACS;CACT,MAAM,EAAE,uBAAuB,4BAA4B,MAAM,gBAAgB;CACjF,MAAM,mBAAmB;EACxB;EACA,+BAA+B;EAC/B,6BAA6B;EAC7B;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;CACD,MAAM,yBAAyB,OAAO,QAAQ;EAC7C,GAAG;EACH,GAAG,KAAK;EACR,CAAC,CAAC,KAAK,CAAC,YAAY,iBAAiB,UAAU,WAAW,GAAG,WAAW,YAAY,GAAG;AAExF,QACC,4KAA4K,yBAAyB,kBACrM,iBAAiB,KAAK,KAAK,GAC3B;;YACa,yBAAyB,YAC7B,kCAAkC,kBAC3C,uBAAuB,KAAK,KAAK,GACjC;;YACa,kCAAkC,+CAE1B,yBAAyB,kCAAkC,yBAAyB;;AAM3G,SAAS,mCAAmC,MAAiC;AAC5E,QAAO,KAAK,KAAK,KAAK,QAAQ,UAAU,gCAAgC;;AAGzE,SAAS,WAAW,OAAuB;AAC1C,QAAO,IAAI,MAAM,QAAQ,OAAO,QAAQ,CAAC;;AAa1C,SAAS,6BAA6B,OAAqD;AAC1F,KAAI,OAAO,UAAU,YAAY,UAAU,KAC1C,QAAO;AAGR,KAAI,EAAE,YAAY,UAAU,OAAO,MAAM,WAAW,SACnD,QAAO;AAGR,KAAI,MAAM,WAAW,cACpB,QAAO,YAAY,SAAS,OAAO,MAAM,WAAW;AAGrD,KAAI,MAAM,WAAW,YACpB,QAAO,SAAS,SAAS,OAAO,MAAM,QAAQ;AAG/C,QAAO;;AAGR,SAAS,YAAY,QAA+C;AACnE,QAAO,OAAO,WAAW,gBACtB;EACA,QAAQ;EACR,KAAK,OAAO;EACZ,GACA;EACA,QAAQ;EACR,KAAK,OAAO;EACZ;;AAGJ,SAAS,wBAAwB,QAA4C;AAC5E,QAAO,OAAO,WAAW,gBAAgB,OAAO,SAAS,OAAO;;AAGjE,SAAS,4BACR,kBAC0B;CAC1B,MAAM,wBAAwB,eAAe,iBAAiB,QAAQ,GACnE,iBAAiB,UACjB,EAAE;CACL,MAAM,0BAA0B,eAAe,sBAAsB,UAAU,GAC5E,sBAAsB,YACtB,EAAE;AAEL,QAAO;EACN,GAAG;EACH,WAAW;GACV,GAAG;GACH,SAAS,EACR,QAAQ,OACR;GACD;EACD;;AAGF,SAAS,4BACR,kBACA,sBAC0B;CAC1B,MAAM,wBAAwB,eAAe,iBAAiB,QAAQ,GACnE,iBAAiB,UACjB,EAAE;CACL,MAAM,wBAAwB,eAAe,sBAAsB,QAAQ,GACxE,sBAAsB,UACtB,EAAE;CACL,MAAM,uBAAuB,OAAO,YACnC,OAAO,QAAQ,wBAAwB,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,mBAAmB;EAC7E,MAAM,sBAAsB,eAAe,sBAAsB,UAAU,GACxE,sBAAsB,YACtB,EAAE;EACL,MAAM,uBAAuB,eAAe,oBAAoB,OAAO,GACpE,oBAAoB,SACpB,EAAE;AACL,SAAO,CACN,UACA;GACC,GAAG;GACH,QAAQ;IACP,GAAG;IACH,GAAG;IACH;GACD,CACD;GACA,CACF;AAED,QAAO;EACN,GAAG;EACH,SAAS;GACR,GAAG;GACH,GAAG;GACH;EACD;;AAGF,SAAS,4BACR,kBAC0B;AAK1B,QAAO;EACN,MAAM;EACN,GAN6B,eAAe,iBAAiB,QAAQ,GACnE,iBAAiB,UACjB,EAAE;EAKJ;;AAGF,eAAe,8BACd,MACA,gBACgB;CAChB,MAAM,sBAAsB;EAC3B,GAAI,KAAK,QAAQ,kBAAkB,EAAE,MAAM,KAAK,QAAQ,iBAAiB,GAAG,EAAE;EAC9E,GAAI,KAAK,QAAQ,SAAS,aAAc,KAAK,QAAQ,uBAAuB,EAAE,GAAI,EAAE;EACpF;CA8BD,MAAM,eA5Be,MAAM,QAAQ,WAClC,OAAO,QAAQ,oBAAoB,CAAC,IAAI,OAAO,CAAC,SAAS,iCAAiC;AACzF,MAAI,CAAC,6BAA6B,4BAA4B,CAC7D,OAAM,IAAI,MACT,SAAS,KAAK,GAAG,iDAAiD,QAAQ,IAC1E;EAEF,MAAM,qBAAqB;AAE3B,MAAI;GACH,MAAM,wBAAwB,KAAK,KAAK,KAAK,QAAQ,UAAU,UAAU,SAAS,QAAQ;AAC1F,SAAM,MAAM,uBAAuB;IAAE,WAAW;IAAM,MAAM;IAAO,CAAC;AACpE,SAAM,MAAM,uBAAuB,IAAM;GACzC,MAAM,eAAe,MAAM,eAAe,QAAQ,YAAY,mBAAmB,CAAC;AAClF,SAAM,oBACL,KAAK,KAAK,uBAAuB,qBAAqB,EACtD,cACA,EAAE,MAAM,KAAO,CACf;WACO,OAAO;GACf,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;AACtE,SAAM,IAAI,MACT,oDAAoD,KAAK,GAAG,WAAW,QAAQ,UAAU,wBAAwB,mBAAmB,CAAC,KAAK,WAC1I,EAAE,OAAO,OAAO,CAChB;;GAED,CACF,EAEC,QAAQ,WAA4C,OAAO,WAAW,WAAW,CACjF,KAAK,WACL,OAAO,kBAAkB,QAAQ,OAAO,SAAS,IAAI,MAAM,OAAO,OAAO,OAAO,CAAC,CACjF;AACF,KAAI,YAAY,SAAS,EACxB,OAAM,IAAI,eACT,aACA,mBAAmB,OAAO,YAAY,OAAO,CAAC,2CAA2C,KAAK,GAAG,IACjG;;AAIH,eAAe,6BAA6B,MAAwC;CACnF,MAAM,qBAAqB,KAAK,QAAQ;AACxC,KAAI,CAAC,mBACJ,OAAM,IAAI,MACT,SAAS,KAAK,GAAG,0HAA0H,KAAK,GAAG,0BACnJ;AAEF,KAAI,CAAC,6BAA6B,mBAAmB,CACpD,OAAM,IAAI,MAAM,SAAS,KAAK,GAAG,yDAAyD;AAG3F,KAAI;AACH,MAAI,mBAAmB,WAAW,eAAe,CAAC,mBAAmB,IACpE,OAAM,IAAI,MACT,SAAS,KAAK,GAAG,iHAAiH,KAAK,GAAG,0BAC1I;AAEF,MAAI,mBAAmB,WAAW,iBAAiB,CAAC,mBAAmB,OACtE,OAAM,IAAI,MACT,SAAS,KAAK,GAAG,mGACjB;EAEF,MAAM,gBAAgB,MAAM,SAAS,KAAK,QAAQ,QAAQ,OAAO;EACjE,MAAMC,mBAA4B,KAAK,MAAM,cAAc;AAC3D,MAAI,CAAC,eAAe,iBAAiB,CACpC,OAAM,IAAI,MAAM,uBAAuB,KAAK,QAAQ,OAAO,0BAA0B;EAEtF,MAAM,SAAS,eAAe,iBAAiB,QAAQ,GAAG,iBAAiB,UAAU,EAAE;EACvF,MAAM,qBAAqB,eAAe,OAAO,KAAK,GAAG,OAAO,OAAO,EAAE;EACzE,MAAM,kBAAkB;GACvB,GAAG;GACH,SAAS,4BAA4B,iBAAiB;GACtD,SAAS;IACR,GAAG;IACH,MAAM;KACL,GAAG;KACH,MAAM;KACN,OAAO;KACP;IACD;GACD,MAAM;IACL,GAAI,eAAe,iBAAiB,KAAK,GAAG,iBAAiB,OAAO,EAAE;IACtE,gCAAe,IAAI,MAAM,EAAC,aAAa;IACvC,oBAAoB;IACpB;GACD,SAAS,4BAA4B,kBAAkB,KAAK,qBAAqB;GACjF,SAAS,4BAA4B,iBAAiB;GACtD;EACD,MAAM,sBAAsB,mCAAmC,KAAK;AACpE,QAAM,MAAM,KAAK,QAAQ,UAAU;GAAE,WAAW;GAAM,MAAM;GAAO,CAAC;AACpE,QAAM,MAAM,KAAK,QAAQ,UAAU,IAAM;AACzC,QAAM,oBACL,qBACA,GAAG,KAAK,UAAU,iBAAiB,MAAM,EAAE,CAAC,KAC5C,EAAE,MAAM,KAAO,CACf;UACO,OAAO;EACf,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;AACtE,QAAM,IAAI,MACT,uDAAuD,KAAK,GAAG,UAAU,KAAK,QAAQ,OAAO,kBAAkB,wBAAwB,mBAAmB,CAAC,KAAK,WAChK,EAAE,OAAO,OAAO,CAChB;;;AAIH,MAAaC,oBAAsC;CAClD,YAAY;EACX,sBAAsB;EACtB,oBACC,UACA,UAA4E,EAAE,KAE9E;GACC,yCAAyC,WAAW,SAAS;GAC7D,GAAI,QAAQ,eAAe,OAAO,CAAC,gBAAgB,GAAG,EAAE;GACxD,GAAI,QAAQ,eAAe,OAAO,CAAC,gBAAgB,GAAG,EAAE;GACxD,CAAC,KAAK,IAAI;EACZ;CAED,YAAY,EACX,gBACA,iBACA,kBACA,iBACA,YACA,SACA,QAC4C;AAC5C,MAAI,KAAK,QAAQ,SAAS,WACzB,OAAM,IAAI,MAAM,iDAAiD,KAAK,QAAQ,KAAK,IAAI;EAExF,MAAM,kBAAkB,KAAK,QAAQ,KAAK,QAAQ,KAAK,QAAQ,OAAO,CAAC;EACvE,MAAM,EAAE,oBAAoB,oBAAoB,4BAC/C,MACA,gBACA;AAED,SAAO;GACN,cAAc,CAAC,GAAG,KAAK,aAAa;GACpC,aAAa;IACZ,MAAM;IACN,qBAAqB;IACrB,sBAAsB;IACtB,eAAe;IACf,oBAAoB;IACpB,MAAM,SAAS,QAAQ,IAAI,QAAQ;IACnC,eAAe;IACf,WAAW;IACX,MAAM;IACN,KAAK;IACL,QAAQ;IACR,cAAc;IACd,kBAAkB;IAClB,uBAAuB;IACvB,GAAG;IACH,GAAG,KAAK;IACR;GACD;GACA,YAAY;GACZ,cAAcC,yBAA8B,kBAAkB,KAAK,GAAG;GACtE,UAAU,qBAAqB,MAAM,gBAAgB,QAAQ;GAC7D,WAAW;IACV,mCAAmC;KAClC,UAAU;KACV,MAAM;KACN;KACA,yBAAyB;KACzB,UAAU;KACV,MAAM;KACN;IACD,kCAAkC;KACjC,UAAU,KAAK,QAAQ;KACvB,MAAM;KACN;KACA,6BAA6B;KAC7B,UAAU,KAAK,QAAQ;KACvB,MAAM;KACN;KACA,uBAAuB;KACvB,UAAU,KAAK,KAAK,YAAY,SAAS,KAAK,IAAI,OAAO;KACzD,MAAM;KACN;IACD;GACD;;CAGF,iBACC,MACA,iBACqB;AACrB,SAAO;GACN,kBAAkB,8BAA8B,MAAM,gBAAgB;GACtE,cAAc,eAAe,kCAAkC,2EAA2E,iCAAiC;GAC3K,aAAa;IACZ,MAAM;IACN,MAAM;IACN,MAAM;IACN;GACD,iBAAiB;GACjB,SAAS;GACT;;CAGF,MAAM,iBAAiB,MAAyB,gBAA+C;AAC9F,QAAM,6BAA6B,KAAK;AACxC,QAAM,8BAA8B,MAAM,eAAe;;CAE1D"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@agent-vm/openclaw-gateway",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.58",
|
|
4
4
|
"description": "OpenClaw gateway lifecycle running inside a Gondolin VM.",
|
|
5
5
|
"homepage": "https://github.com/ShravanSunder/agent-vm#readme",
|
|
6
6
|
"bugs": {
|
|
@@ -29,8 +29,8 @@
|
|
|
29
29
|
"access": "public"
|
|
30
30
|
},
|
|
31
31
|
"dependencies": {
|
|
32
|
-
"@agent-vm/gateway-interface": "0.0.
|
|
33
|
-
"@agent-vm/gondolin-adapter": "0.0.
|
|
32
|
+
"@agent-vm/gateway-interface": "0.0.58",
|
|
33
|
+
"@agent-vm/gondolin-adapter": "0.0.58"
|
|
34
34
|
},
|
|
35
35
|
"scripts": {
|
|
36
36
|
"build": "tsdown",
|