@agenthifive/openclaw 0.3.2 → 0.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/register.js
CHANGED
|
@@ -23,7 +23,7 @@ import { verifyPatches } from "./patch-verify.js";
|
|
|
23
23
|
// ---------------------------------------------------------------------------
|
|
24
24
|
const DEFAULT_BASE_URL = "https://app.agenthifive.com";
|
|
25
25
|
const PLUGIN_ID = "agenthifive";
|
|
26
|
-
const PLUGIN_VERSION = "0.3.
|
|
26
|
+
const PLUGIN_VERSION = "0.3.3";
|
|
27
27
|
// ---------------------------------------------------------------------------
|
|
28
28
|
// Module-scoped singletons (lifecycle managed by register/stop)
|
|
29
29
|
// ---------------------------------------------------------------------------
|
package/dist/vault-provider.d.ts
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Credential provider backed by AgentHiFive Vault.
|
|
3
3
|
*
|
|
4
|
-
* resolve()
|
|
5
|
-
*
|
|
6
|
-
*
|
|
4
|
+
* resolve() always returns null — all LLM credential access goes through
|
|
5
|
+
* vault/llm proxy (Model B brokered). The class is kept for isAvailable(),
|
|
6
|
+
* getConfig(), and buildAuthHeaders() used by tools and hooks.
|
|
7
7
|
*/
|
|
8
8
|
export type CredentialQuery = {
|
|
9
9
|
provider: string;
|
|
@@ -32,12 +32,10 @@ export type VaultProviderConfig = {
|
|
|
32
32
|
export declare class VaultCredentialProvider implements CredentialProvider {
|
|
33
33
|
readonly id = "agenthifive-vault";
|
|
34
34
|
private config;
|
|
35
|
-
private cache;
|
|
36
35
|
constructor(config: VaultProviderConfig);
|
|
37
|
-
resolve(
|
|
36
|
+
resolve(_query: CredentialQuery): Promise<CredentialResult | null>;
|
|
38
37
|
isAvailable(): Promise<boolean>;
|
|
39
38
|
getConfig(): VaultProviderConfig;
|
|
40
39
|
buildAuthHeaders(): Record<string, string>;
|
|
41
|
-
private fetchCredential;
|
|
42
40
|
}
|
|
43
41
|
//# sourceMappingURL=vault-provider.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vault-provider.d.ts","sourceRoot":"","sources":["../src/vault-provider.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,MAAM,MAAM,eAAe,GAAG;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC;IAClE,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;CACjC;
|
|
1
|
+
{"version":3,"file":"vault-provider.d.ts","sourceRoot":"","sources":["../src/vault-provider.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,MAAM,MAAM,eAAe,GAAG;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC;IAClE,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;CACjC;AAMD,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE;QAAE,IAAI,EAAE,QAAQ,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IACxC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,mFAAmF;IACnF,cAAc,CAAC,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;CACzC,CAAC;AAEF,qBAAa,uBAAwB,YAAW,kBAAkB;IAChE,QAAQ,CAAC,EAAE,uBAAuB;IAElC,OAAO,CAAC,MAAM,CAAsB;gBAExB,MAAM,EAAE,mBAAmB;IAIjC,OAAO,CAAC,MAAM,EAAE,eAAe,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAOlE,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAWrC,SAAS,IAAI,mBAAmB;IAIhC,gBAAgB,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;CAG3C"}
|
package/dist/vault-provider.js
CHANGED
|
@@ -1,36 +1,21 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Credential provider backed by AgentHiFive Vault.
|
|
3
3
|
*
|
|
4
|
-
* resolve()
|
|
5
|
-
*
|
|
6
|
-
*
|
|
4
|
+
* resolve() always returns null — all LLM credential access goes through
|
|
5
|
+
* vault/llm proxy (Model B brokered). The class is kept for isAvailable(),
|
|
6
|
+
* getConfig(), and buildAuthHeaders() used by tools and hooks.
|
|
7
7
|
*/
|
|
8
|
-
// ---------------------------------------------------------------------------
|
|
9
|
-
// Provider → service mapping (matches AH5 API's SERVICE_CATALOG)
|
|
10
|
-
// ---------------------------------------------------------------------------
|
|
11
|
-
const PROVIDER_TO_SERVICE = {
|
|
12
|
-
anthropic: "anthropic-messages",
|
|
13
|
-
openai: "openai",
|
|
14
|
-
gemini: "gemini",
|
|
15
|
-
openrouter: "openrouter",
|
|
16
|
-
};
|
|
17
8
|
export class VaultCredentialProvider {
|
|
18
9
|
id = "agenthifive-vault";
|
|
19
10
|
config;
|
|
20
|
-
cache = new Map();
|
|
21
11
|
constructor(config) {
|
|
22
12
|
this.config = config;
|
|
23
13
|
}
|
|
24
|
-
async resolve(
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
const cached = this.cache.get(query.provider);
|
|
30
|
-
if (cached && cached.expiresAt > Date.now() + 30_000) {
|
|
31
|
-
return { token: cached.token, expiresAt: cached.expiresAt };
|
|
32
|
-
}
|
|
33
|
-
return this.fetchCredential(query.provider, serviceId, true);
|
|
14
|
+
async resolve(_query) {
|
|
15
|
+
// All LLM credential resolution goes through vault/llm proxy (Model B).
|
|
16
|
+
// The patch in resolveApiKeyForProvider returns the vault bearer token
|
|
17
|
+
// directly, and the provider baseUrl is redirected to the vault proxy.
|
|
18
|
+
return null;
|
|
34
19
|
}
|
|
35
20
|
async isAvailable() {
|
|
36
21
|
try {
|
|
@@ -49,37 +34,5 @@ export class VaultCredentialProvider {
|
|
|
49
34
|
buildAuthHeaders() {
|
|
50
35
|
return { Authorization: `Bearer ${this.config.auth.token}` };
|
|
51
36
|
}
|
|
52
|
-
async fetchCredential(provider, serviceId, allowRetry) {
|
|
53
|
-
try {
|
|
54
|
-
const response = await fetch(`${this.config.baseUrl}/v1/vault/execute`, {
|
|
55
|
-
method: "POST",
|
|
56
|
-
headers: {
|
|
57
|
-
"Content-Type": "application/json",
|
|
58
|
-
...this.buildAuthHeaders(),
|
|
59
|
-
},
|
|
60
|
-
body: JSON.stringify({ model: "A", service: serviceId }),
|
|
61
|
-
signal: AbortSignal.timeout(this.config.timeoutMs),
|
|
62
|
-
});
|
|
63
|
-
// Handle 401 with token refresh retry
|
|
64
|
-
if (response.status === 401 && allowRetry && this.config.onTokenRefresh) {
|
|
65
|
-
const refreshed = await this.config.onTokenRefresh();
|
|
66
|
-
if (refreshed) {
|
|
67
|
-
return this.fetchCredential(provider, serviceId, false);
|
|
68
|
-
}
|
|
69
|
-
return null;
|
|
70
|
-
}
|
|
71
|
-
if (!response.ok)
|
|
72
|
-
return null;
|
|
73
|
-
const data = (await response.json());
|
|
74
|
-
if (!data.accessToken)
|
|
75
|
-
return null;
|
|
76
|
-
const expiresAt = Date.now() + (data.expiresIn ?? 3600) * 1000;
|
|
77
|
-
this.cache.set(provider, { token: data.accessToken, expiresAt });
|
|
78
|
-
return { token: data.accessToken, expiresAt };
|
|
79
|
-
}
|
|
80
|
-
catch {
|
|
81
|
-
return null;
|
|
82
|
-
}
|
|
83
|
-
}
|
|
84
37
|
}
|
|
85
38
|
//# sourceMappingURL=vault-provider.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vault-provider.js","sourceRoot":"","sources":["../src/vault-provider.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;
|
|
1
|
+
{"version":3,"file":"vault-provider.js","sourceRoot":"","sources":["../src/vault-provider.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAmCH,MAAM,OAAO,uBAAuB;IACzB,EAAE,GAAG,mBAAmB,CAAC;IAE1B,MAAM,CAAsB;IAEpC,YAAY,MAA2B;QACrC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAuB;QACnC,wEAAwE;QACxE,uEAAuE;QACvE,uEAAuE;QACvE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,YAAY,EAAE;gBAC/D,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;aAClC,CAAC,CAAC;YACH,OAAO,QAAQ,CAAC,EAAE,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,gBAAgB;QACd,OAAO,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;IAC/D,CAAC;CACF"}
|