@agentapprove/openclaw 0.1.2 → 0.1.3

package/dist/index.js

@@ -1,6 +1,6 @@
 // src/index.ts
 import { fileURLToPath } from "url";
-import { randomBytes } from "crypto";
+import { randomBytes as randomBytes2 } from "crypto";
 
 // src/config.ts
 import { readFileSync, existsSync, statSync } from "fs";
@@ -81,16 +81,24 @@ function loadConfig(openclawConfig, logger) {
   const debug = openclawConfig?.debug || process.env.AGENTAPPROVE_DEBUG === "true" || parseConfigValue(fileContent, "AGENTAPPROVE_DEBUG") === "true" || false;
   const agentName = process.env.AGENTAPPROVE_AGENT_NAME || parseConfigValue(fileContent, "AGENTAPPROVE_OPENCLAW_NAME") || "OpenClaw";
   const e2eEnabled = parseConfigValue(fileContent, "AGENTAPPROVE_E2E_ENABLED") === "true";
-  const e2eKeyPath = join(homedir(), ".agentapprove", "e2e-key");
+  const e2eUserKeyPath = join(homedir(), ".agentapprove", "e2e-key");
+  const e2eServerKeyPath = join(homedir(), ".agentapprove", "e2e-server-key");
   let e2eUserKey;
   let e2eServerKey;
-  if (e2eEnabled && existsSync(e2eKeyPath)) {
-    try {
-      const keyData = JSON.parse(readFileSync(e2eKeyPath, "utf-8"));
-      e2eUserKey = keyData.userKey;
-      e2eServerKey = keyData.serverKey;
-    } catch {
-      logger?.warn("Failed to load E2E encryption keys");
+  if (e2eEnabled) {
+    if (existsSync(e2eUserKeyPath)) {
+      try {
+        e2eUserKey = readFileSync(e2eUserKeyPath, "utf-8").trim();
+      } catch {
+        logger?.warn("Failed to load E2E user key");
+      }
+    }
+    if (existsSync(e2eServerKeyPath)) {
+      try {
+        e2eServerKey = readFileSync(e2eServerKeyPath, "utf-8").trim();
+      } catch {
+        logger?.warn("Failed to load E2E server key");
+      }
     }
   }
   return {
@@ -166,6 +174,94 @@ function applyPrivacyFilter(request, privacyTier) {
   return filtered;
 }
 
+// src/e2e-crypto.ts
+import { createHash, createHmac, createCipheriv, randomBytes } from "crypto";
+function keyId(keyHex) {
+  const keyBytes = Buffer.from(keyHex, "hex");
+  const hash = createHash("sha256").update(keyBytes).digest();
+  return hash.subarray(0, 4).toString("hex");
+}
+function deriveEncKey(keyHex) {
+  const prefix = Buffer.from("agentapprove-e2e-enc:");
+  const keyBytes = Buffer.from(keyHex, "hex");
+  return createHash("sha256").update(Buffer.concat([prefix, keyBytes])).digest();
+}
+function deriveMacKey(keyHex) {
+  const prefix = Buffer.from("agentapprove-e2e-mac:");
+  const keyBytes = Buffer.from(keyHex, "hex");
+  return createHash("sha256").update(Buffer.concat([prefix, keyBytes])).digest();
+}
+function e2eEncrypt(keyHex, plaintext) {
+  const kid = keyId(keyHex);
+  const encKey = deriveEncKey(keyHex);
+  const macKey = deriveMacKey(keyHex);
+  const iv = randomBytes(16);
+  const cipher = createCipheriv("aes-256-ctr", encKey, iv);
+  const ciphertext = Buffer.concat([cipher.update(plaintext, "utf-8"), cipher.final()]);
+  const ivHex = iv.toString("hex");
+  const ciphertextBase64 = ciphertext.toString("base64");
+  const hmac = createHmac("sha256", macKey).update(Buffer.concat([iv, ciphertext])).digest("hex");
+  return `E2E:v1:${kid}:${ivHex}:${ciphertextBase64}:${hmac}`;
+}
+function applyApprovalE2E(payload, userKey, serverKey) {
+  const sensitiveFields = {};
+  for (const field of ["command", "toolInput", "cwd"]) {
+    if (payload[field] != null) {
+      sensitiveFields[field] = payload[field];
+    }
+  }
+  if (Object.keys(sensitiveFields).length === 0) {
+    return payload;
+  }
+  const sensitiveJson = JSON.stringify(sensitiveFields);
+  const result = { ...payload };
+  delete result.command;
+  delete result.toolInput;
+  delete result.cwd;
+  const e2e = {
+    user: e2eEncrypt(userKey, sensitiveJson)
+  };
+  if (serverKey) {
+    e2e.server = e2eEncrypt(serverKey, sensitiveJson);
+  }
+  result.e2e = e2e;
+  return result;
+}
+function applyEventE2E(payload, userKey) {
+  const contentFields = {};
+  for (const field of [
+    "command",
+    "toolInput",
+    "response",
+    "responsePreview",
+    "text",
+    "textPreview",
+    "prompt",
+    "output",
+    "cwd"
+  ]) {
+    if (payload[field] != null) {
+      contentFields[field] = payload[field];
+    }
+  }
+  if (Object.keys(contentFields).length === 0) {
+    return payload;
+  }
+  const e2ePayload = e2eEncrypt(userKey, JSON.stringify(contentFields));
+  const result = { ...payload };
+  delete result.command;
+  delete result.toolInput;
+  delete result.response;
+  delete result.responsePreview;
+  delete result.text;
+  delete result.textPreview;
+  delete result.prompt;
+  delete result.output;
+  delete result.cwd;
+  result.e2ePayload = e2ePayload;
+  return result;
+}
+
 // src/debug.ts
 import { appendFileSync, existsSync as existsSync2, mkdirSync, statSync as statSync2, readFileSync as readFileSync3, writeFileSync } from "fs";
 import { join as join2, dirname } from "path";
@@ -256,8 +352,14 @@ async function sendApprovalRequest(request, config, pluginPath) {
   if (!config.token) {
     throw new Error("No Agent Approve token configured");
   }
-  const filtered = applyPrivacyFilter(request, config.privacyTier);
-  const bodyStr = JSON.stringify(filtered);
+  let payload;
+  if (config.e2eEnabled && config.e2eUserKey) {
+    payload = applyApprovalE2E(request, config.e2eUserKey, config.e2eServerKey);
+    debugLog("E2E encryption applied to approval request");
+  } else {
+    payload = applyPrivacyFilter(request, config.privacyTier);
+  }
+  const bodyStr = JSON.stringify(payload);
   const pluginHash = getPluginHash(pluginPath);
   const hmacHeaders = buildHMACHeaders(bodyStr, config.token, config.hookVersion, pluginHash);
   const headers = {
@@ -284,7 +386,11 @@ async function sendApprovalRequest(request, config, pluginPath) {
 async function sendEvent(event, config, pluginPath) {
   if (!config.token) return;
   try {
-    const bodyStr = JSON.stringify(event);
+    let payload = { ...event };
+    if (config.e2eEnabled && config.e2eUserKey) {
+      payload = applyEventE2E(payload, config.e2eUserKey);
+    }
+    const bodyStr = JSON.stringify(payload);
     const pluginHash = getPluginHash(pluginPath);
     const hmacHeaders = buildHMACHeaders(bodyStr, config.token, config.hookVersion, pluginHash);
     const headers = {
@@ -307,19 +413,8 @@ try {
 } catch {
   pluginFilePath = __filename;
 }
-var gatewaySessionId = randomBytes(12).toString("hex");
-function extractSessionIdFromParams(params) {
-  if (!params) return void 0;
-  const raw = params.sessionId || params.session_id || params.conversationId || params.conversation_id;
-  if (typeof raw === "string" && raw.trim().length > 0) {
-    return raw.trim();
-  }
-  return void 0;
-}
-function resolveSessionId(ctx, params) {
-  return extractSessionIdFromParams(params) || ctx?.sessionKey || gatewaySessionId;
-}
-function classifyTool(toolName) {
+var gatewaySessionId = randomBytes2(12).toString("hex");
+function classifyTool(toolName, params) {
   const lower = toolName.toLowerCase();
   if (lower === "exec" || lower === "process") {
     return { toolType: "shell_command", displayName: toolName };
@@ -334,6 +429,9 @@ function classifyTool(toolName) {
     return { toolType: "browser", displayName: toolName };
   }
   if (lower === "message" || lower === "agent_send") {
+    const action = params?.action;
+    if (action === "send") return { toolType: "message_send", displayName: toolName };
+    if (action === "read") return { toolType: "message_read", displayName: toolName };
     return { toolType: "message", displayName: toolName };
   }
   if (lower === "sessions_spawn" || lower === "sessions_send") {
@@ -358,8 +456,42 @@ function extractCommand(toolName, params) {
   if (lower === "apply_patch") {
     return "apply_patch";
   }
+  if (lower === "message" || lower === "agent_send") {
+    const action = params.action;
+    const target = params.target || params.to || params.channelId || params.channel_id;
+    const provider = params.channel;
+    const channelLabel = target ? provider ? `${provider}:${target}` : target : provider || "channel";
+    if (action === "send") {
+      const msg = params.message;
+      return msg ? `[${channelLabel}] ${msg}` : `Send to ${channelLabel}`;
+    }
+    if (action === "read") {
+      return `Read from ${channelLabel}`;
+    }
+    return void 0;
+  }
   return void 0;
 }
+function extractResultPreview(toolName, params, result, maxLen = 300) {
+  if (!result) return void 0;
+  const lower = toolName.toLowerCase();
+  if (lower === "message" && params.action === "read") {
+    const res = result;
+    const messages = res.messages;
+    if (Array.isArray(messages) && messages.length > 0) {
+      const previews = messages.slice(0, 5).map((m) => {
+        const author = m.user || "?";
+        const text = m.text || "";
+        return `${author}: ${text}`;
+      });
+      const summary = previews.join("\n");
+      return summary.length > maxLen ? summary.slice(0, maxLen) + "..." : summary;
+    }
+  }
+  const str = typeof result === "string" ? result : JSON.stringify(result);
+  if (str.length <= maxLen) return str;
+  return str.slice(0, maxLen) + "...";
+}
 function handleFailBehavior(config, error, toolName, logger) {
   logger.warn(`Agent Approve API error for tool "${toolName}": ${error.message}`);
   debugLog(`API error: ${error.message}, failBehavior: ${config.failBehavior}`);
@@ -385,7 +517,7 @@ function register(api) {
   api.logger.info(`Agent Approve: Plugin loaded (privacy: ${config.privacyTier}, fail: ${config.failBehavior})`);
   debugLog(`Plugin loaded, API: ${config.apiUrl}, agent: ${config.agentName}`);
   api.on("before_tool_call", async (event, ctx) => {
-    const { toolType, displayName } = classifyTool(event.toolName);
+    const { toolType, displayName } = classifyTool(event.toolName, event.params);
     const command = extractCommand(event.toolName, event.params);
     const request = {
       toolName: displayName,
@@ -394,7 +526,7 @@ function register(api) {
       toolInput: event.params,
       agent: config.agentName,
       hookType: "before_tool_call",
-      sessionId: resolveSessionId(ctx, event.params),
+      sessionId: gatewaySessionId,
       cwd: event.params.workdir || void 0,
       timestamp: (/* @__PURE__ */ new Date()).toISOString()
     };
@@ -419,15 +551,18 @@ function register(api) {
     }
   });
   api.on("after_tool_call", async (event, ctx) => {
-    const { toolType } = classifyTool(event.toolName);
+    const { toolType } = classifyTool(event.toolName, event.params);
+    const resultPreview = extractResultPreview(event.toolName, event.params, event.result);
     void sendEvent({
       toolName: event.toolName,
       toolType,
+      eventType: "tool_complete",
       agent: config.agentName,
       hookType: "after_tool_call",
-      sessionId: resolveSessionId(ctx, event.params),
+      sessionId: gatewaySessionId,
+      command: extractCommand(event.toolName, event.params),
       status: event.error ? "error" : "success",
-      error: event.error,
+      response: event.error || resultPreview || void 0,
       durationMs: event.durationMs,
       timestamp: (/* @__PURE__ */ new Date()).toISOString()
     }, config, pluginFilePath);
@@ -435,14 +570,19 @@ function register(api) {
   api.registerHook(
     ["command:new", "command:stop", "command:reset"],
     async (event) => {
+      const eventTypeMap = {
+        new: "session_start",
+        stop: "session_end",
+        reset: "session_start"
+      };
       void sendEvent({
         toolName: `command:${event.action}`,
         toolType: "command",
+        eventType: eventTypeMap[event.action] || "command_event",
         agent: config.agentName,
         hookType: "command_event",
-        sessionId: event.sessionKey || gatewaySessionId,
-        timestamp: event.timestamp.toISOString(),
-        metadata: { sessionKey: event.sessionKey, action: event.action }
+        sessionId: gatewaySessionId,
+        timestamp: event.timestamp.toISOString()
       }, config, pluginFilePath);
     },
     { name: "agentapprove-command-monitor", description: "Log command events to Agent Approve" }
@@ -450,22 +590,30 @@ function register(api) {
   api.registerHook(
     ["message:received", "message:sent"],
     async (event) => {
-      const direction = event.action === "received" ? "inbound" : "outbound";
+      const isInbound = event.action === "received";
+      const provider = event.context.channelId;
+      const peer = isInbound ? event.context.from : event.context.to;
+      const channelLabel = [provider, peer].filter(Boolean).join(":") || void 0;
       const payload = {
         toolName: `message:${event.action}`,
         toolType: "message_event",
+        eventType: isInbound ? "prompt_submitted" : "response",
         agent: config.agentName,
         hookType: "session_event",
-        sessionId: event.sessionKey || gatewaySessionId,
+        sessionId: gatewaySessionId,
         timestamp: event.timestamp.toISOString(),
-        metadata: {
-          direction,
-          channelId: event.context.channelId,
-          sessionKey: event.sessionKey
-        }
+        cwd: channelLabel
       };
-      if (config.privacyTier === "full" && event.context.content) {
-        payload.metadata.contentPreview = event.context.content.slice(0, 100);
+      const content = event.context.content;
+      if (content) {
+        if (config.privacyTier === "full") {
+          payload.textPreview = content.slice(0, 200);
+        } else if (config.privacyTier === "summary") {
+          payload.textPreview = content.slice(0, 50);
+        }
+        if (isInbound && peer) {
+          payload.prompt = `${peer}: ${content}`.slice(0, 200);
+        }
       }
       void sendEvent(payload, config, pluginFilePath);
     },

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "openclaw",
   "name": "Agent Approve",
   "description": "Mobile approval for AI agent tool execution. Approve or deny tool calls from your iPhone and Apple Watch.",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "homepage": "https://agentapprove.com",
   "configSchema": {
     "type": "object",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentapprove/openclaw",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "Agent Approve plugin for OpenClaw - approve or deny AI agent tool calls from your iPhone and Apple Watch",
   "main": "dist/index.js",
   "scripts": {