@agentapprove/openclaw 0.1.8 → 0.1.9

package/dist/index.js

@@ -9,7 +9,7 @@ import { homedir as homedir3 } from "os";
 import { execSync } from "child_process";
 
 // src/e2e-crypto.ts
-import { createHash, createHmac, createCipheriv, randomBytes } from "crypto";
+import { createHash, createHmac, createCipheriv, createDecipheriv, randomBytes, timingSafeEqual } from "crypto";
 import { readFileSync as readFileSync2, writeFileSync as writeFileSync2, existsSync as existsSync2, copyFileSync } from "fs";
 import { join as join2 } from "path";
 import { homedir as homedir2 } from "os";
@@ -135,6 +135,35 @@ function e2eEncrypt(keyHex, plaintext) {
   const hmac = createHmac("sha256", macKey).update(Buffer.concat([iv, ciphertext])).digest("hex");
   return `E2E:v1:${kid}:${ivHex}:${ciphertextBase64}:${hmac}`;
 }
+function isE2EEncrypted(value) {
+  return value.startsWith("E2E:v1:");
+}
+function e2eDecrypt(keyHex, encrypted) {
+  try {
+    if (!isE2EEncrypted(encrypted)) return null;
+    const parts = encrypted.split(":");
+    if (parts.length !== 6) return null;
+    const kid = parts[2];
+    if (kid !== keyId(keyHex)) return null;
+    const ivHex = parts[3];
+    const ciphertextBase64 = parts[4];
+    const hmacHex = parts[5];
+    const encKey = deriveEncKey(keyHex);
+    const macKey = deriveMacKey(keyHex);
+    const iv = Buffer.from(ivHex, "hex");
+    const ciphertext = Buffer.from(ciphertextBase64, "base64");
+    const expectedHmac = createHmac("sha256", macKey).update(Buffer.concat([iv, ciphertext])).digest();
+    const actualHmac = Buffer.from(hmacHex, "hex");
+    if (expectedHmac.length !== actualHmac.length || !timingSafeEqual(expectedHmac, actualHmac)) {
+      return null;
+    }
+    const decipher = createDecipheriv("aes-256-ctr", encKey, iv);
+    const plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+    return plaintext.toString("utf-8");
+  } catch {
+    return null;
+  }
+}
 function applyApprovalE2E(payload, userKey, serverKey) {
   const sensitiveFields = {};
   for (const field of ["command", "toolInput", "cwd"]) {
@@ -386,7 +415,7 @@ function loadConfig(openclawConfig, logger) {
     failBehavior,
     privacyTier,
     debug,
-    hookVersion: "1.1.4",
+    hookVersion: "1.1.5",
     agentType: "openclaw",
     agentName,
     e2eEnabled,
@@ -731,6 +760,51 @@ async function sendApprovalRequest(request, config, pluginPath, hookName = "open
   processConfigSync(parsed, config);
   return parsed;
 }
+async function sendStopRequest(request, config, pluginPath, hookName = "openclaw-plugin") {
+  if (!config.token) {
+    throw new Error("Missing token. Download the iOS app, run npx agentapprove, and pair your device. Subscription required.");
+  }
+  let payload = applyEventPrivacyFilter(
+    { ...request },
+    config.privacyTier
+  );
+  if (config.e2eEnabled && config.e2eUserKey) {
+    payload = applyEventE2E(payload, config.e2eUserKey);
+    if (config.debug) {
+      debugLog("E2E encryption applied to stop request", hookName);
+    }
+  }
+  const bodyStr = JSON.stringify(payload);
+  const pluginHash = getPluginHash(pluginPath, config.debug, hookName);
+  const hmacHeaders = buildHMACHeaders(bodyStr, config.token, config.hookVersion, pluginHash);
+  const headers = {
+    "Authorization": `Bearer ${config.token}`,
+    ...hmacHeaders
+  };
+  const url = `${config.apiUrl}/${config.apiVersion}/stop`;
+  const stopTimeoutMs = 3e5;
+  if (config.debug) {
+    debugLog(`Sending stop request to ${url}`, hookName);
+    debugLog(`=== SENT TO ${url} ===`, hookName);
+    debugLogRawInline(bodyStr);
+    debugLog("=== END SENT ===", hookName);
+  }
+  const response = await httpPost(url, bodyStr, headers, stopTimeoutMs);
+  if (config.debug) {
+    debugLog(`Stop response: ${response.body || "<empty>"}`, hookName);
+  }
+  if (response.status !== 200) {
+    throw new Error(`Stop API returned status ${response.status}: ${response.body.slice(0, 200)}`);
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(response.body);
+  } catch {
+    parsed = {};
+  }
+  processConfigSync(parsed, config);
+  return parsed;
+}
 async function sendEvent(event, config, pluginPath, hookName = "openclaw-plugin") {
   if (!config.token) return;
   const eventType = event.eventType;
@@ -1106,18 +1180,67 @@ function register(api) {
       debugLog(`Agent ended: success=${event.success}${event.durationMs ? `, duration=${event.durationMs}ms` : ""}${event.error ? `, error=${event.error}` : ""}`, HOOK_AGENT_END);
     }
     const conversationId = resolveConversationId();
-    void sendEvent({
-      eventType: "stop",
+    const stopRequest = {
       agent: config.agentType,
       agentName: config.agentName,
-      hookType: "agent_end",
+      eventType: "stop",
+      status: event.success ? "completed" : "error",
+      loopCount: Array.isArray(event.messages) ? event.messages.length : 0,
       sessionId: conversationId,
       conversationId,
-      status: event.success ? "completed" : "error",
-      durationMs: event.durationMs,
-      response: event.error || void 0,
-      timestamp: (/* @__PURE__ */ new Date()).toISOString()
-    }, config, pluginFilePath, HOOK_AGENT_END);
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      ...config.e2eEnabled && config.e2eUserKey ? { e2eKeyId: keyId(config.e2eUserKey) } : {}
+    };
+    try {
+      const response = await sendStopRequest(stopRequest, config, pluginFilePath, HOOK_AGENT_END);
+      if (config.debug) {
+        debugLog(`Stop response: followup=${response.followup_message ? "yes" : "no"}`, HOOK_AGENT_END);
+      }
+      if (response.followup_message) {
+        let followupText = response.followup_message;
+        if (config.e2eEnabled && config.e2eUserKey && isE2EEncrypted(followupText)) {
+          const decrypted = e2eDecrypt(config.e2eUserKey, followupText);
+          if (!decrypted) {
+            api.logger.warn("Agent Approve: failed to decrypt follow-up message");
+            return;
+          }
+          if (config.debug) {
+            debugLog(`Decrypted follow-up: ${decrypted.slice(0, 50)}...`, HOOK_AGENT_END);
+          }
+          followupText = decrypted;
+        }
+        if (!api.runtime?.system?.enqueueSystemEvent) {
+          api.logger.warn(
+            "Agent Approve: follow-up received but runtime.system API unavailable (OpenClaw version may be too old)"
+          );
+          return;
+        }
+        try {
+          const sessionKey = ctx.sessionKey || conversationId;
+          api.runtime.system.enqueueSystemEvent(
+            `Agent Approve follow-up from user: ${followupText}`,
+            { sessionKey }
+          );
+          api.runtime.system.requestHeartbeatNow({
+            sessionKey,
+            reason: "agentapprove-followup"
+          });
+          if (config.debug) {
+            debugLog(`Follow-up injected via system event, heartbeat requested`, HOOK_AGENT_END);
+          }
+          api.logger.info(`Agent Approve: follow-up injected, heartbeat requested`);
+        } catch (injectionError) {
+          const injMsg = injectionError instanceof Error ? injectionError.message : String(injectionError);
+          api.logger.warn(`Agent Approve: follow-up injection failed \u2014 ${injMsg}`);
+        }
+      }
+    } catch (error) {
+      const msg = error instanceof Error ? error.message : String(error);
+      if (config.debug) {
+        debugLog(`Stop request error: ${msg}`, HOOK_AGENT_END);
+      }
+      api.logger.warn(`Agent Approve: stop request failed \u2014 ${msg}`);
+    }
   });
   api.on("before_compaction", async (event, ctx) => {
     if (config.debug) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentapprove/openclaw",
-  "version": "0.1.8",
+  "version": "0.1.9",
   "description": "Agent Approve plugin for OpenClaw - approve or deny AI agent tool calls from your iPhone and Apple Watch",
   "main": "dist/index.js",
   "scripts": {