@agentapprove/openclaw 0.1.5 → 0.1.6

package/dist/index.js

@@ -154,7 +154,7 @@ function deriveEpochKey(rootKeyHex, epoch) {
   }
   return current;
 }
-function migrateRootKey() {
+function migrateRootKey(debug = false) {
   if (!existsSync2(E2E_KEY_FILE) || existsSync2(E2E_ROOT_KEY_FILE)) return;
   try {
     copyFileSync(E2E_KEY_FILE, E2E_ROOT_KEY_FILE);
@@ -173,12 +173,12 @@ function migrateRootKey() {
       };
       writeFileSync2(E2E_ROTATION_FILE, JSON.stringify(config, null, 2), { mode: 384 });
     }
-    debugLog("Migrated e2e-key to e2e-root-key");
+    if (debug) debugLog("Migrated e2e-key to e2e-root-key");
   } catch {
   }
 }
-function checkAndRotateKeys(currentKeyHex) {
-  migrateRootKey();
+function checkAndRotateKeys(currentKeyHex, debug = false) {
+  migrateRootKey(debug);
   if (!existsSync2(E2E_ROTATION_FILE) || !existsSync2(E2E_ROOT_KEY_FILE)) {
     return currentKeyHex;
   }
@@ -217,7 +217,7 @@ function checkAndRotateKeys(currentKeyHex) {
     writeFileSync2(E2E_ROTATION_FILE, JSON.stringify(rotCfg, null, 2), { mode: 384 });
   } catch {
   }
-  debugLog(`E2E key rotated: epoch ${currentEpoch} -> ${expectedEpoch}`);
+  if (debug) debugLog(`E2E key rotated: epoch ${currentEpoch} -> ${expectedEpoch}`);
   return newKey;
 }
 
@@ -293,7 +293,7 @@ function loadConfig(openclawConfig, logger) {
   const timeout = openclawConfig?.timeout || parseInt(process.env.AGENTAPPROVE_TIMEOUT || "", 10) || parseInt(parseConfigValue(fileContent, "AGENTAPPROVE_TIMEOUT") || "", 10) || 300;
   const failBehavior = openclawConfig?.failBehavior || process.env.AGENTAPPROVE_FAIL_BEHAVIOR || parseConfigValue(fileContent, "AGENTAPPROVE_FAIL_BEHAVIOR") || "ask";
   const privacyTier = openclawConfig?.privacyTier || process.env.AGENTAPPROVE_PRIVACY || parseConfigValue(fileContent, "AGENTAPPROVE_PRIVACY") || "full";
-  const debug = openclawConfig?.debug || process.env.AGENTAPPROVE_DEBUG === "true" || parseConfigValue(fileContent, "AGENTAPPROVE_DEBUG") === "true" || false;
+  const debug = openclawConfig?.debug || process.env.AGENTAPPROVE_DEBUG === "true" || process.env.AGENTAPPROVE_DEBUG_LOG === "true" || parseConfigValue(fileContent, "AGENTAPPROVE_DEBUG") === "true" || parseConfigValue(fileContent, "AGENTAPPROVE_DEBUG_LOG") === "true" || false;
   const agentName = process.env.AGENTAPPROVE_AGENT_NAME || parseConfigValue(fileContent, "AGENTAPPROVE_OPENCLAW_NAME") || "OpenClaw";
   const e2eEnabled = process.env.AGENTAPPROVE_E2E_ENABLED === "true" || parseConfigValue(fileContent, "AGENTAPPROVE_E2E_ENABLED") === "true";
   const e2eUserKeyPath = join3(homedir3(), ".agentapprove", "e2e-key");
@@ -316,7 +316,7 @@ function loadConfig(openclawConfig, logger) {
       }
     }
     if (e2eUserKey) {
-      e2eUserKey = checkAndRotateKeys(e2eUserKey) || e2eUserKey;
+      e2eUserKey = checkAndRotateKeys(e2eUserKey, debug) || e2eUserKey;
     }
   }
   if (debug) {
@@ -331,7 +331,7 @@ function loadConfig(openclawConfig, logger) {
     failBehavior,
     privacyTier,
     debug,
-    hookVersion: "1.1.2",
+    hookVersion: "1.1.3",
     agentName,
     e2eEnabled,
     e2eUserKey,
@@ -453,12 +453,142 @@ function applyEventPrivacyFilter(event, privacyTier) {
   return filtered;
 }
 
+// src/config-sync.ts
+import { readFileSync as readFileSync5, writeFileSync as writeFileSync3, existsSync as existsSync4, renameSync } from "fs";
+import { join as join4 } from "path";
+import { homedir as homedir4 } from "os";
+function getAADir() {
+  return process.env.__AGENTAPPROVE_TEST_DIR || join4(homedir4(), ".agentapprove");
+}
+function getEnvPath() {
+  return join4(getAADir(), "env");
+}
+function getRotationFile() {
+  return join4(getAADir(), "e2e-rotation.json");
+}
+var VALID_PRIVACY = /* @__PURE__ */ new Set(["minimal", "summary", "full"]);
+var VALID_FAIL = /* @__PURE__ */ new Set(["allow", "deny", "ask"]);
+function updateEnvValues(updates) {
+  const envPath = getEnvPath();
+  if (!existsSync4(envPath)) return;
+  const validUpdates = Object.fromEntries(
+    Object.entries(updates).filter(([, v]) => !/[`$(){};<>|&!\\]/.test(v))
+  );
+  const updateKeys = new Set(Object.keys(validUpdates));
+  if (updateKeys.size === 0) return;
+  try {
+    const content = readFileSync5(envPath, "utf-8");
+    const lines = content.split("\n");
+    const filtered = lines.filter((line) => {
+      const trimmed = line.replace(/^export\s+/, "").trim();
+      const eqIdx = trimmed.indexOf("=");
+      if (eqIdx <= 0) return true;
+      return !updateKeys.has(trimmed.slice(0, eqIdx));
+    });
+    for (const [key, value] of Object.entries(validUpdates)) {
+      filtered.push(`export ${key}=${value}`);
+    }
+    const tmpPath = `${envPath}.tmp.${process.pid}`;
+    writeFileSync3(tmpPath, filtered.join("\n"), { mode: 384 });
+    renameSync(tmpPath, envPath);
+  } catch {
+  }
+}
+function syncRotationConfig(serverPeriod, serverStartedAt, debug) {
+  const rotationFile = getRotationFile();
+  if (!existsSync4(rotationFile)) return;
+  try {
+    const raw = readFileSync5(rotationFile, "utf-8");
+    const config = JSON.parse(raw);
+    const currentPeriod = config.periodSeconds ?? 0;
+    const newPeriod = serverPeriod ?? 0;
+    let needsUpdate = false;
+    if (typeof newPeriod === "number" && newPeriod !== currentPeriod) {
+      config.periodSeconds = newPeriod;
+      needsUpdate = true;
+    }
+    if (serverStartedAt && (!config.startedAt || config.startedAt === "null")) {
+      config.startedAt = serverStartedAt;
+      needsUpdate = true;
+    }
+    if (needsUpdate) {
+      const tmpPath = `${rotationFile}.tmp.${process.pid}`;
+      writeFileSync3(tmpPath, JSON.stringify(config, null, 2), { mode: 384 });
+      renameSync(tmpPath, rotationFile);
+      if (debug) {
+        debugLog(`E2E rotation synced: periodSeconds=${newPeriod}`);
+      }
+    }
+  } catch {
+  }
+}
+function processConfigSync(parsed, config) {
+  const sync = parsed.configSync;
+  if (!sync || !sync.configSetAt) return;
+  const localSetAt = getLocalConfigSetAt();
+  if (sync.configSetAt <= localSetAt) return;
+  if (config.debug) {
+    debugLog(`Config sync: server=${sync.configSetAt} > local=${localSetAt}, updating...`);
+  }
+  const envUpdates = {};
+  if (sync.privacyTier && VALID_PRIVACY.has(sync.privacyTier)) {
+    envUpdates["AGENTAPPROVE_PRIVACY"] = sync.privacyTier;
+    config.privacyTier = sync.privacyTier;
+    if (config.debug) debugLog(`Config synced: privacy=${sync.privacyTier}`);
+  }
+  if (sync.timeoutSeconds != null) {
+    const t = sync.timeoutSeconds;
+    if (t >= 30 && t <= 600) {
+      envUpdates["AGENTAPPROVE_TIMEOUT"] = String(t);
+      config.timeout = t;
+      if (config.debug) debugLog(`Config synced: timeout=${t}`);
+    }
+  }
+  if (sync.failBehavior && VALID_FAIL.has(sync.failBehavior)) {
+    envUpdates["AGENTAPPROVE_FAIL_BEHAVIOR"] = sync.failBehavior;
+    config.failBehavior = sync.failBehavior;
+    if (config.debug) debugLog(`Config synced: failBehavior=${sync.failBehavior}`);
+  }
+  if (sync.e2eEnabled === true || sync.e2eEnabled === false) {
+    envUpdates["AGENTAPPROVE_E2E_ENABLED"] = String(sync.e2eEnabled);
+    config.e2eEnabled = sync.e2eEnabled;
+    if (config.debug) debugLog(`Config synced: e2eEnabled=${sync.e2eEnabled}`);
+  }
+  syncRotationConfig(sync.e2eRotationPeriod, sync.e2eRotationStartedAt, config.debug);
+  if (config.e2eEnabled && config.e2eUserKey) {
+    const rotatedKey = checkAndRotateKeys(config.e2eUserKey, config.debug);
+    if (rotatedKey && rotatedKey !== config.e2eUserKey) {
+      config.e2eUserKey = rotatedKey;
+      if (config.debug) debugLog(`Key rotated after config sync`);
+    }
+  }
+  envUpdates["AGENTAPPROVE_CONFIG_SET_AT"] = String(sync.configSetAt);
+  updateEnvValues(envUpdates);
+}
+function getLocalConfigSetAt() {
+  const envPath = getEnvPath();
+  if (!existsSync4(envPath)) return 0;
+  try {
+    const content = readFileSync5(envPath, "utf-8");
+    for (const raw of content.split("\n")) {
+      const line = raw.replace(/^export\s+/, "").trim();
+      if (line.startsWith("AGENTAPPROVE_CONFIG_SET_AT=")) {
+        const val = line.slice("AGENTAPPROVE_CONFIG_SET_AT=".length).replace(/^["']|["']$/g, "");
+        const num = parseInt(val, 10);
+        return isNaN(num) ? 0 : num;
+      }
+    }
+  } catch {
+  }
+  return 0;
+}
+
 // src/api-client.ts
 var cachedPluginHash;
-function getPluginHash(pluginPath) {
+function getPluginHash(pluginPath, debug = false) {
   if (!cachedPluginHash) {
     cachedPluginHash = computePluginHash(pluginPath);
-    if (cachedPluginHash) {
+    if (cachedPluginHash && debug) {
       debugLog(`Plugin hash computed: ${cachedPluginHash.slice(0, 16)}...`);
     }
   }
@@ -515,7 +645,7 @@ async function sendApprovalRequest(request, config, pluginPath) {
     payload = applyPrivacyFilter(request, config.privacyTier);
   }
   const bodyStr = JSON.stringify(payload);
-  const pluginHash = getPluginHash(pluginPath);
+  const pluginHash = getPluginHash(pluginPath, config.debug);
   const hmacHeaders = buildHMACHeaders(bodyStr, config.token, config.hookVersion, pluginHash);
   const headers = {
     "Authorization": `Bearer ${config.token}`,
@@ -532,11 +662,14 @@ async function sendApprovalRequest(request, config, pluginPath) {
   if (response.status !== 200) {
     throw new Error(`API returned status ${response.status}: ${response.body.slice(0, 200)}`);
   }
+  let parsed;
   try {
-    return JSON.parse(response.body);
+    parsed = JSON.parse(response.body);
   } catch {
     throw new Error(`Failed to parse API response: ${response.body.slice(0, 200)}`);
   }
+  processConfigSync(parsed, config);
+  return parsed;
 }
 async function sendEvent(event, config, pluginPath) {
   if (!config.token) return;
@@ -554,7 +687,7 @@ async function sendEvent(event, config, pluginPath) {
       }
     }
     const bodyStr = JSON.stringify(payload);
-    const pluginHash = getPluginHash(pluginPath);
+    const pluginHash = getPluginHash(pluginPath, config.debug);
     const hmacHeaders = buildHMACHeaders(bodyStr, config.token, config.hookVersion, pluginHash);
     const headers = {
       "Authorization": `Bearer ${config.token}`,
@@ -570,6 +703,13 @@ async function sendEvent(event, config, pluginPath) {
     if (config.debug) {
       debugLog(`send_event response: ${response.body.slice(0, 200)}`);
     }
+    if (response.status === 200) {
+      try {
+        const parsed = JSON.parse(response.body);
+        processConfigSync(parsed, config);
+      } catch {
+      }
+    }
   } catch (err) {
     if (config.debug) {
       debugLog(`Failed to send ${eventType || "event"}: ${err instanceof Error ? err.message : String(err)}`);
@@ -712,7 +852,11 @@ function register(api) {
   }
   api.logger.info(`Agent Approve: Plugin loaded (privacy: ${config.privacyTier}, fail: ${config.failBehavior})`);
   if (config.debug) {
-    debugLog(`Plugin loaded, API: ${config.apiUrl}, agent: ${config.agentName}`);
+    const e2eStatus = !config.e2eEnabled ? "disabled" : !config.e2eUserKey ? "enabled (key missing)" : "enabled";
+    debugLog(
+      `Plugin loaded: v${config.hookVersion}, api=${config.apiUrl}, privacy=${config.privacyTier}, e2e=${e2eStatus}, debug=${config.debug}`
+    );
+    debugLog(`Full config: agent=${config.agentName}, timeout=${config.timeout}s, fail=${config.failBehavior}`);
   }
   api.on("before_tool_call", async (event, ctx) => {
     const conversationId = resolveConversationId();

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "openclaw",
   "name": "Agent Approve",
   "description": "Mobile approval for AI agent tool execution. Approve or deny tool calls from your iPhone and Apple Watch.",
-  "version": "0.1.5",
+  "version": "0.1.6",
   "homepage": "https://agentapprove.com",
   "configSchema": {
     "type": "object",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentapprove/openclaw",
-  "version": "0.1.5",
+  "version": "0.1.6",
   "description": "Agent Approve plugin for OpenClaw - approve or deny AI agent tool calls from your iPhone and Apple Watch",
   "main": "dist/index.js",
   "scripts": {