npm - @agentvault/agentvault - Versions diffs - 0.14.4 → 0.14.6 - Mend

@agentvault/agentvault 0.14.4 → 0.14.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/channel.d.ts +12 -0
package/dist/channel.d.ts.map +1 -1
package/dist/cli.js +360 -26
package/dist/cli.js.map +4 -4
package/dist/create-agent.d.ts.map +1 -1
package/dist/index.js +309 -12
package/dist/index.js.map +4 -4
package/dist/workspace-handlers.d.ts +62 -0
package/dist/workspace-handlers.d.ts.map +1 -0
package/package.json +1 -1

package/dist/create-agent.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"create-agent.d.ts","sourceRoot":"","sources":["../src/create-agent.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAOH,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAID,wDAAwD;AACxD,wBAAgB,YAAY,IAAI,MAAM,CAGrC;AAED,mDAAmD;AACnD,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,GAAG,CAIpD;AA4BD;;;GAGG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,SAAQ,GAAG,MAAM,CAInE;AAOD,yDAAyD;AACzD,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CA8C3E;AAID,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,~~CAsKjF~~"}
1	+ {"version":3,"file":"create-agent.d.ts","sourceRoot":"","sources":["../src/create-agent.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAOH,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAID,wDAAwD;AACxD,wBAAgB,YAAY,IAAI,MAAM,CAGrC;AAED,mDAAmD;AACnD,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,GAAG,CAIpD;AA4BD;;;GAGG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,SAAQ,GAAG,MAAM,CAInE;AAOD,yDAAyD;AACzD,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CA8C3E;AAID,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CA+KjF"}

package/dist/index.js CHANGED Viewed

@@ -1,5 +1,11 @@
 var __defProp = Object.defineProperty;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __require = /* @__PURE__ */ ((x2) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x2, {
+  get: (a2, b2) => (typeof require !== "undefined" ? require : a2)[b2]
+}) : x2)(function(x2) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x2 + '" is not supported');
+});
 var __esm = (fn, res) => function __init() {
   return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
 };
@@ -45022,9 +45028,53 @@ var init_file_crypto = __esm({
 });
 // ../crypto/dist/did.js
+function canonicalize(obj) {
+  const json = jsonCanonical(obj) ?? "";
+  return libsodium_wrappers_default.from_string(json);
+}
+function jsonCanonical(value) {
+  if (value === void 0)
+    return void 0;
+  if (value === null)
+    return "null";
+  if (typeof value === "boolean" || typeof value === "number")
+    return JSON.stringify(value);
+  if (typeof value === "string")
+    return JSON.stringify(value);
+  if (Array.isArray(value)) {
+    return "[" + value.map(jsonCanonical).join(",") + "]";
+  }
+  if (typeof value === "object") {
+    const keys = Object.keys(value).sort();
+    const entries = keys.map((k2) => {
+      const v2 = jsonCanonical(value[k2]);
+      if (v2 === void 0)
+        return void 0;
+      return JSON.stringify(k2) + ":" + v2;
+    }).filter((entry) => entry !== void 0);
+    return "{" + entries.join(",") + "}";
+  }
+  return JSON.stringify(value);
+}
+async function verifyDocumentSignature(document, signature, publicKey) {
+  await libsodium_wrappers_default.ready;
+  const canonical = canonicalize(document);
+  const domainPrefix = libsodium_wrappers_default.from_string(DOMAIN_DID_DOCUMENT);
+  const message = new Uint8Array(domainPrefix.length + canonical.length);
+  message.set(domainPrefix);
+  message.set(canonical, domainPrefix.length);
+  try {
+    return libsodium_wrappers_default.crypto_sign_verify_detached(signature, message, publicKey);
+  } catch {
+    return false;
+  }
+}
+var DOMAIN_DID_DOCUMENT;
 var init_did = __esm({
   async "../crypto/dist/did.js"() {
     "use strict";
+    await init_libsodium_wrappers();
+    DOMAIN_DID_DOCUMENT = "DID-DOCUMENT:";
   }
 });
@@ -45979,13 +46029,152 @@ var init_http_handlers = __esm({
   }
 });
+// src/workspace-handlers.ts
+var workspace_handlers_exports = {};
+__export(workspace_handlers_exports, {
+  handleWorkspaceList: () => handleWorkspaceList,
+  handleWorkspaceRead: () => handleWorkspaceRead,
+  handleWorkspaceUpload: () => handleWorkspaceUpload,
+  validateWorkspaceFilename: () => validateWorkspaceFilename
+});
+import { readdir, readFile as readFile2, writeFile as writeFile2, rename as rename2, stat, unlink } from "node:fs/promises";
+import { join as join2 } from "node:path";
+import { randomUUID } from "node:crypto";
+function validateWorkspaceFilename(filename) {
+  if (!filename || typeof filename !== "string") {
+    return "Filename is required";
+  }
+  if (filename.includes("\0")) {
+    return "Filename contains null bytes";
+  }
+  if (filename.includes("..")) {
+    return "Path traversal not allowed";
+  }
+  if (filename.includes("/") || filename.includes("\\")) {
+    return "Path separators not allowed in filename";
+  }
+  if (!filename.endsWith(".md")) {
+    return "Only .md files are allowed";
+  }
+  if (!/^[a-zA-Z0-9._-]+$/.test(filename)) {
+    return "Filename may only contain letters, numbers, hyphens, underscores, and dots";
+  }
+  return null;
+}
+async function handleWorkspaceUpload(data, workspaceDir) {
+  const filenameError = validateWorkspaceFilename(data.filename);
+  if (filenameError) {
+    return { status: "error", error: filenameError };
+  }
+  if (!data.content || typeof data.content !== "string") {
+    return { status: "error", error: "File content is required" };
+  }
+  const contentBytes = Buffer.byteLength(data.content, "utf-8");
+  if (contentBytes > MAX_FILE_SIZE) {
+    return {
+      status: "error",
+      error: `File exceeds 100KB limit (${Math.round(contentBytes / 1024)}KB)`
+    };
+  }
+  let verified = false;
+  try {
+    const signatureBytes = base64ToBytes(data.signature);
+    const publicKeyBytes = base64ToBytes(data.signer_public_key);
+    const signedPayload = {
+      filename: data.filename,
+      content: data.content,
+      timestamp: data.timestamp
+    };
+    verified = await verifyDocumentSignature(signedPayload, signatureBytes, publicKeyBytes);
+  } catch (err) {
+    return { status: "error", error: "Signature verification failed: invalid format" };
+  }
+  if (!verified) {
+    return { status: "error", error: "Invalid signature \u2014 file may have been tampered with" };
+  }
+  const targetPath = join2(workspaceDir, data.filename);
+  const tempPath = join2(workspaceDir, `.tmp_${randomUUID()}_${data.filename}`);
+  try {
+    await writeFile2(tempPath, data.content, "utf-8");
+    await rename2(tempPath, targetPath);
+  } catch (err) {
+    try {
+      await unlink(tempPath);
+    } catch {
+    }
+    return { status: "error", error: `Failed to write file: ${err.message}` };
+  }
+  console.log(`[Workspace] Wrote ${data.filename} (${contentBytes} bytes, sig verified) \u2192 ${targetPath}`);
+  return {
+    status: "success",
+    written_path: targetPath,
+    verified_signature: true
+  };
+}
+async function handleWorkspaceList(workspaceDir) {
+  try {
+    const entries = await readdir(workspaceDir);
+    const files = [];
+    for (const entry of entries) {
+      if (!entry.endsWith(".md")) continue;
+      try {
+        const filePath = join2(workspaceDir, entry);
+        const fileStat = await stat(filePath);
+        if (!fileStat.isFile()) continue;
+        files.push({
+          filename: entry,
+          size: fileStat.size,
+          modified: fileStat.mtime.toISOString()
+        });
+      } catch {
+      }
+    }
+    files.sort((a2, b2) => a2.filename.localeCompare(b2.filename));
+    return { files };
+  } catch (err) {
+    if (err.code === "ENOENT") {
+      return { files: [] };
+    }
+    throw err;
+  }
+}
+async function handleWorkspaceRead(data, workspaceDir) {
+  const filenameError = validateWorkspaceFilename(data.filename);
+  if (filenameError) {
+    return { error: filenameError };
+  }
+  const filePath = join2(workspaceDir, data.filename);
+  try {
+    const content = await readFile2(filePath, "utf-8");
+    const fileStat = await stat(filePath);
+    return {
+      filename: data.filename,
+      content,
+      size: fileStat.size
+    };
+  } catch (err) {
+    if (err.code === "ENOENT") {
+      return { error: `File not found: ${data.filename}` };
+    }
+    return { error: `Failed to read file: ${err.message}` };
+  }
+}
+var MAX_FILE_SIZE;
+var init_workspace_handlers = __esm({
+  async "src/workspace-handlers.ts"() {
+    "use strict";
+    await init_dist();
+    MAX_FILE_SIZE = 100 * 1024;
+  }
+});
 // src/channel.ts
 import { EventEmitter } from "node:events";
 import { createServer } from "node:http";
-import { randomUUID } from "node:crypto";
-import { writeFile as writeFile2, mkdir as mkdir2 } from "node:fs/promises";
-import { join as join2 } from "node:path";
-import { readFile as readFile2 } from "node:fs/promises";
+import { randomUUID as randomUUID2 } from "node:crypto";
+import { writeFile as writeFile3, mkdir as mkdir2 } from "node:fs/promises";
+import { join as join3 } from "node:path";
+import { readFile as readFile3 } from "node:fs/promises";
 import WebSocket from "ws";
 function migratePersistedState(raw) {
   if (raw.sessions && raw.primaryConversationId) {
@@ -46038,6 +46227,8 @@ var init_channel = __esm({
       _pollTimer = null;
       _reconnectAttempt = 0;
       _reconnectTimer = null;
+      _rapidDisconnects = 0;
+      _lastWsOpenTime = 0;
       _pingTimer = null;
       _lastServerMessage = 0;
       _pendingAcks = [];
@@ -46227,7 +46418,7 @@ var init_channel = __esm({
             }
           }
         }
-        const messageGroupId = randomUUID();
+        const messageGroupId = randomUUID2();
         let sentCount = 0;
         for (const [convId, session] of this._sessions) {
           if (!session.activated) continue;
@@ -46322,7 +46513,7 @@ var init_channel = __esm({
        * as a high-priority message. Returns the generated decision_id.
        */
       async sendDecisionRequest(request) {
-        const decision_id = `dec_${randomUUID().replace(/-/g, "").slice(0, 16)}`;
+        const decision_id = `dec_${randomUUID2().replace(/-/g, "").slice(0, 16)}`;
         const payload = JSON.stringify({
           type: "message",
           text: `\u{1F4CB} ${request.title}`,
@@ -46627,7 +46818,7 @@ var init_channel = __esm({
           description: artifact.description,
           attachment: attachMeta
         });
-        const messageGroupId = randomUUID();
+        const messageGroupId = randomUUID2();
         for (const [convId, session] of this._sessions) {
           if (!session.activated) continue;
           const encrypted = session.ratchet.encrypt(envelope);
@@ -47264,6 +47455,7 @@ var init_channel = __esm({
         ws.on("open", async () => {
           try {
             this._reconnectAttempt = 0;
+            this._lastWsOpenTime = Date.now();
             this._startPing(ws);
             this._startWakeDetector();
             this._startPendingPoll();
@@ -47789,6 +47981,41 @@ var init_channel = __esm({
           await this._persistState();
           return;
         }
+        if (messageType === "workspace_file_upload") {
+          try {
+            const parsed = JSON.parse(plaintext);
+            const workspaceDir = this._resolveWorkspaceDir();
+            const { handleWorkspaceUpload: handleWorkspaceUpload2 } = await init_workspace_handlers().then(() => workspace_handlers_exports);
+            const result = await handleWorkspaceUpload2(parsed, workspaceDir);
+            await this._sendStructuredReply(convId, { type: "workspace_file_ack", filename: parsed.filename, ...result });
+          } catch (err) {
+            await this._sendStructuredReply(convId, { type: "workspace_file_ack", status: "error", error: err.message });
+          }
+          return;
+        }
+        if (messageType === "workspace_file_list") {
+          try {
+            const workspaceDir = this._resolveWorkspaceDir();
+            const { handleWorkspaceList: handleWorkspaceList2 } = await init_workspace_handlers().then(() => workspace_handlers_exports);
+            const result = await handleWorkspaceList2(workspaceDir);
+            await this._sendStructuredReply(convId, { type: "workspace_file_list_response", ...result });
+          } catch (err) {
+            await this._sendStructuredReply(convId, { type: "workspace_file_list_response", files: [], error: err.message });
+          }
+          return;
+        }
+        if (messageType === "workspace_file_read") {
+          try {
+            const parsed = JSON.parse(plaintext);
+            const workspaceDir = this._resolveWorkspaceDir();
+            const { handleWorkspaceRead: handleWorkspaceRead2 } = await init_workspace_handlers().then(() => workspace_handlers_exports);
+            const result = await handleWorkspaceRead2(parsed, workspaceDir);
+            await this._sendStructuredReply(convId, { type: "workspace_file_read_response", ...result });
+          } catch (err) {
+            await this._sendStructuredReply(convId, { type: "workspace_file_read_response", error: err.message });
+          }
+          return;
+        }
         if (this._scanEngine) {
           const scanResult = this._scanEngine.scanInbound(messageText);
           if (scanResult.status === "blocked") {
@@ -47869,7 +48096,7 @@ ${messageText}`;
        * and save the plaintext file to disk.
        */
       async _downloadAndDecryptAttachment(info) {
-        const attachDir = join2(this.config.dataDir, "attachments");
+        const attachDir = join3(this.config.dataDir, "attachments");
         await mkdir2(attachDir, { recursive: true });
         const url = `${this.config.apiUrl}${info.blobUrl}`;
         const res = await fetch(url, {
@@ -47887,8 +48114,8 @@ ${messageText}`;
         const fileKey = base64ToBytes(info.fileKey);
         const fileNonce = base64ToBytes(info.fileNonce);
         const decrypted = decryptFile(encryptedData, fileKey, fileNonce);
-        const filePath = join2(attachDir, info.filename);
-        await writeFile2(filePath, decrypted);
+        const filePath = join3(attachDir, info.filename);
+        await writeFile3(filePath, decrypted);
         console.log(`[SecureChannel] Attachment saved: ${filePath} (${decrypted.length} bytes)`);
         return { filePath, decrypted };
       }
@@ -47897,7 +48124,7 @@ ${messageText}`;
        * for inclusion in the message envelope.
        */
       async _uploadAttachment(filePath, conversationId) {
-        const data = await readFile2(filePath);
+        const data = await readFile3(filePath);
         const plainData = new Uint8Array(data);
         const result = encryptFile(plainData);
         const { Blob: NodeBlob, FormData: NodeFormData } = await import("node:buffer").then(
@@ -47949,7 +48176,7 @@ ${messageText}`;
           attachment: attachMeta
         });
         this._appendHistory("agent", plaintext, topicId);
-        const messageGroupId = randomUUID();
+        const messageGroupId = randomUUID2();
         for (const [convId, session] of this._sessions) {
           if (!session.activated) continue;
           const encrypted = session.ratchet.encrypt(envelope);
@@ -47999,6 +48226,56 @@ ${messageText}`;
           );
         }
       }
+      /**
+       * Resolve the agent's workspace directory.
+       * Looks for OpenClaw workspace config, falls back to default path.
+       */
+      _resolveWorkspaceDir() {
+        const homedir = process.env.HOME ?? process.env.USERPROFILE ?? "/tmp";
+        try {
+          const configPath = join3(homedir, ".openclaw", "openclaw.json");
+          const raw = __require("node:fs").readFileSync(configPath, "utf-8");
+          const config = JSON.parse(raw);
+          const agents = config?.agents?.list;
+          if (Array.isArray(agents)) {
+            for (const agent of agents) {
+              if (agent.workspace && typeof agent.workspace === "string") {
+                return agent.workspace;
+              }
+            }
+          }
+        } catch {
+        }
+        if (this.config.dataDir) {
+          return join3(this.config.dataDir, "..", "workspace");
+        }
+        return join3(homedir, ".openclaw", "workspace");
+      }
+      /**
+       * Send a structured JSON reply to a specific conversation.
+       * Encrypts the payload via the conversation's ratchet and sends via WebSocket.
+       */
+      async _sendStructuredReply(convId, payload) {
+        const session = this._sessions.get(convId);
+        if (!session || !this._ws) {
+          console.warn(`[SecureChannel] Cannot send structured reply \u2014 no session for ${convId.slice(0, 8)}...`);
+          return;
+        }
+        const plaintext = JSON.stringify(payload);
+        const encrypted = session.ratchet.encrypt(plaintext);
+        const transport = encryptedMessageToTransport(encrypted);
+        this._ws.send(
+          JSON.stringify({
+            event: "message",
+            data: {
+              conversation_id: convId,
+              header_blob: transport.header_blob,
+              ciphertext: transport.ciphertext
+            }
+          })
+        );
+        await this._persistState();
+      }
       /**
        * Send stored message history to a newly-activated session.
        * Batches all history into a single encrypted message.
@@ -48559,6 +48836,26 @@ ${messageText}`;
       _scheduleReconnect() {
         if (this._stopped) return;
         if (this._reconnectTimer) return;
+        const sinceOpen = Date.now() - this._lastWsOpenTime;
+        if (this._lastWsOpenTime > 0 && sinceOpen < 1e4) {
+          this._rapidDisconnects++;
+        } else {
+          this._rapidDisconnects = 0;
+        }
+        if (this._rapidDisconnects >= 5) {
+          console.error(
+            `[SecureChannel] Detected rapid connect/disconnect loop (${this._rapidDisconnects} times in <10s each).`
+          );
+          console.error(
+            `[SecureChannel] This usually means another process is already connected as this device.`
+          );
+          console.error(
+            `[SecureChannel] Stopping reconnection. Check for duplicate gateway processes or stale CLI sessions.`
+          );
+          this._setState("error");
+          this.emit("error", new Error("Reconnect loop detected \u2014 another process may be connected as this device"));
+          return;
+        }
         const delay = Math.min(
           RECONNECT_BASE_MS * Math.pow(2, this._reconnectAttempt),
           RECONNECT_MAX_MS