@agentvault/secure-channel 0.5.0 → 0.6.0

package/dist/index.d.ts

@@ -1,4 +1,5 @@
 export { SecureChannel } from "./channel.js";
 export type { SecureChannelConfig, ChannelState, MessageMetadata, PersistedState, LegacyPersistedState, DeviceSession, HistoryEntry, } from "./types.js";
-export declare const VERSION = "0.3.0";
+export { agentVaultPlugin, setOcRuntime, getActiveChannel } from "./openclaw-plugin.js";
+export declare const VERSION = "0.5.1";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,YAAY,EACV,mBAAmB,EACnB,YAAY,EACZ,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,YAAY,GACb,MAAM,YAAY,CAAC;AACpB,eAAO,MAAM,OAAO,UAAU,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,YAAY,EACV,mBAAmB,EACnB,YAAY,EACZ,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,YAAY,GACb,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAExF,eAAO,MAAM,OAAO,UAAU,CAAC"}

package/dist/index.js

@@ -87,7 +87,7 @@ var randomValuesStandard;
 var crypto;
 var randomValueNodeJS;
 var _Module = Module;
-Module.ready = new Promise(function(resolve, reject) {
+Module.ready = new Promise(function(resolve2, reject) {
   var Module2 = _Module;
   Module2.onAbort = reject;
   Module2.print = function(what) {
@@ -99,13 +99,13 @@ Module.ready = new Promise(function(resolve, reject) {
   Module2.onRuntimeInitialized = function() {
     try {
       Module2._crypto_secretbox_keybytes();
-      resolve();
+      resolve2();
     } catch (err2) {
       reject(err2);
     }
   };
   Module2.useBackupModule = function() {
-    return new Promise(function(resolve2, reject2) {
+    return new Promise(function(resolve3, reject2) {
       var Module3 = {};
       Module3.onAbort = reject2;
       Module3.getRandomValue = _Module.getRandomValue;
@@ -118,7 +118,7 @@ Module.ready = new Promise(function(resolve, reject) {
         Object.keys(Module3).forEach(function(k2) {
           _Module[k2] = Module3[k2];
         });
-        resolve2();
+        resolve3();
       };
       var Module3 = typeof Module3 != "undefined" ? Module3 : {};
       var ENVIRONMENT_IS_WEB2 = !!globalThis.window;
@@ -178,13 +178,13 @@ Module.ready = new Promise(function(resolve, reject) {
           }
           readAsync2 = async (url) => {
             if (isFileURI2(url)) {
-              return new Promise((resolve3, reject3) => {
+              return new Promise((resolve4, reject3) => {
                 var xhr = new XMLHttpRequest();
                 xhr.open("GET", url, true);
                 xhr.responseType = "arraybuffer";
                 xhr.onload = () => {
                   if (xhr.status == 200 || xhr.status == 0 && xhr.response) {
-                    resolve3(xhr.response);
+                    resolve4(xhr.response);
                     return;
                   }
                   reject3(xhr.status);
@@ -40097,9 +40097,9 @@ Module.ready = new Promise(function(resolve, reject) {
         }
         var info = getWasmImports2();
         if (Module3["instantiateWasm"]) {
-          return new Promise((resolve3, reject3) => {
+          return new Promise((resolve4, reject3) => {
             Module3["instantiateWasm"](info, (inst, mod) => {
-              resolve3(receiveInstance(inst, mod));
+              resolve4(receiveInstance(inst, mod));
             });
           });
         }
@@ -41002,13 +41002,13 @@ Module.ready = new Promise(function(resolve, reject) {
       }
       readAsync = async (url) => {
         if (isFileURI(url)) {
-          return new Promise((resolve2, reject2) => {
+          return new Promise((resolve3, reject2) => {
             var xhr = new XMLHttpRequest();
             xhr.open("GET", url, true);
             xhr.responseType = "arraybuffer";
             xhr.onload = () => {
               if (xhr.status == 200 || xhr.status == 0 && xhr.response) {
-                resolve2(xhr.response);
+                resolve3(xhr.response);
                 return;
               }
               reject2(xhr.status);
@@ -41122,9 +41122,9 @@ Module.ready = new Promise(function(resolve, reject) {
     }
     var info = getWasmImports();
     if (Module2["instantiateWasm"]) {
-      return new Promise((resolve2, reject2) => {
+      return new Promise((resolve3, reject2) => {
         Module2["instantiateWasm"](info, (inst, mod) => {
-          resolve2(receiveInstance(inst, mod));
+          resolve3(receiveInstance(inst, mod));
         });
       });
     }
@@ -45011,6 +45011,9 @@ async function enrollDevice(apiUrl, inviteToken, identityPkHex, ephemeralPkHex,
 }
 async function pollDeviceStatus(apiUrl, deviceId) {
   const res = await fetch(`${apiUrl}/api/v1/devices/${deviceId}/status`);
+  if (res.status === 429) {
+    return { device_id: deviceId, status: "PENDING", fingerprint: "", rateLimited: true };
+  }
   if (!res.ok) {
     const detail = await res.text();
     throw new Error(`Status poll failed (${res.status}): ${detail}`);
@@ -45031,7 +45034,7 @@ async function activateDevice(apiUrl, deviceId) {
 }
 
 // src/channel.ts
-var POLL_INTERVAL_MS = 3e3;
+var POLL_INTERVAL_MS = 6e3;
 var RECONNECT_BASE_MS = 1e3;
 var RECONNECT_MAX_MS = 3e4;
 function migratePersistedState(raw) {
@@ -45316,6 +45319,10 @@ var SecureChannel = class extends EventEmitter {
           this.config.apiUrl,
           this._deviceId
         );
+        if (status.rateLimited) {
+          this._pollTimer = setTimeout(doPoll, POLL_INTERVAL_MS * 2);
+          return;
+        }
         if (status.status === "APPROVED") {
           await this._activate();
           return;
@@ -45765,10 +45772,191 @@ var SecureChannel = class extends EventEmitter {
   }
 };
 
+// src/openclaw-plugin.ts
+import { resolve } from "node:path";
+var _ocRuntime = null;
+var _channels = /* @__PURE__ */ new Map();
+function setOcRuntime(runtime) {
+  _ocRuntime = runtime;
+}
+function getActiveChannel(accountId = "default") {
+  return _channels.get(accountId);
+}
+var agentVaultPlugin = {
+  id: "agentvault",
+  meta: {
+    id: "agentvault",
+    label: "AgentVault",
+    selectionLabel: "AgentVault (E2E Encrypted)",
+    docsPath: "https://agentvault.chat/docs",
+    blurb: "Zero-knowledge, end-to-end encrypted messaging between owners and their AI agents.",
+    aliases: ["av", "agent-vault"]
+  },
+  capabilities: {
+    chatTypes: ["direct"]
+  },
+  config: {
+    listAccountIds: (cfg) => {
+      const av = cfg?.channels?.agentvault;
+      return av?.dataDir ? ["default"] : [];
+    },
+    resolveAccount: (cfg, accountId) => {
+      const av = cfg?.channels?.agentvault ?? {};
+      return {
+        accountId: accountId ?? "default",
+        dataDir: av.dataDir ?? "~/.openclaw/agentvault",
+        apiUrl: av.apiUrl ?? "https://api.agentvault.chat",
+        agentName: av.agentName ?? "OpenClaw Agent",
+        configured: Boolean(av.dataDir)
+      };
+    }
+  },
+  gateway: {
+    startAccount: async (ctx) => {
+      const { account, cfg, log, abortSignal } = ctx;
+      if (!account.configured) {
+        throw new Error(
+          "AgentVault channel is not configured.\nRun the one-time setup: npx @agentvault/secure-channel setup --token=av_tok_...\nThen restart OpenClaw: openclaw gateway restart"
+        );
+      }
+      const dataDir = resolve(account.dataDir.replace(/^~/, process.env.HOME ?? "~"));
+      log?.(`[AgentVault] starting channel (dataDir=${dataDir})`);
+      const channel = new SecureChannel({
+        // No invite token needed — resuming from persisted enrolled state
+        inviteToken: "",
+        dataDir,
+        apiUrl: account.apiUrl,
+        agentName: account.agentName,
+        onMessage: async (plaintext, metadata) => {
+          if (!_ocRuntime) {
+            log?.("[AgentVault] runtime not ready \u2014 dropping inbound message");
+            return;
+          }
+          try {
+            await _handleInbound({ plaintext, metadata, channel, account, cfg });
+          } catch (err) {
+            log?.(`[AgentVault] inbound dispatch error: ${String(err)}`);
+          }
+        },
+        onStateChange: (state) => {
+          log?.(`[AgentVault] state \u2192 ${state}`);
+        }
+      });
+      _channels.set(account.accountId, channel);
+      abortSignal?.addEventListener("abort", () => {
+        _channels.delete(account.accountId);
+      });
+      await channel.start();
+      return {
+        stop: async () => {
+          await channel.stop();
+          _channels.delete(account.accountId);
+        }
+      };
+    }
+  },
+  outbound: {
+    deliveryMode: "direct",
+    sendText: async ({
+      text,
+      accountId
+    }) => {
+      const channel = _channels.get(accountId ?? "default");
+      if (!channel) {
+        return { ok: false, error: "AgentVault channel is not connected" };
+      }
+      try {
+        await channel.send(text);
+        return { ok: true };
+      } catch (err) {
+        return { ok: false, error: String(err) };
+      }
+    }
+  }
+};
+async function _handleInbound(params) {
+  const { plaintext, metadata, channel, account, cfg } = params;
+  const core = _ocRuntime;
+  const sessionKey = `agentvault:${account.accountId}:${(metadata.conversationId ?? "default").slice(0, 8)}`;
+  const senderId = `agentvault:owner`;
+  const route = core.channel.routing.resolveAgentRoute({
+    cfg,
+    channel: "agentvault",
+    accountId: account.accountId,
+    peer: { kind: "direct", id: senderId }
+  });
+  const storePath = core.channel.session.resolveStorePath(cfg?.session?.store, {
+    agentId: route.agentId
+  });
+  const envelopeOptions = core.channel.reply.resolveEnvelopeFormatOptions(cfg);
+  const previousTimestamp = core.channel.session.readSessionUpdatedAt({
+    storePath,
+    sessionKey: route.sessionKey
+  });
+  const body = core.channel.reply.formatAgentEnvelope({
+    channel: "AgentVault",
+    from: "Owner",
+    timestamp: new Date(metadata.timestamp).getTime(),
+    previousTimestamp,
+    envelope: envelopeOptions,
+    body: plaintext
+  });
+  const ctxPayload = core.channel.reply.finalizeInboundContext({
+    Body: body,
+    RawBody: plaintext,
+    CommandBody: plaintext,
+    From: senderId,
+    To: `agentvault:agent:${account.accountId}`,
+    SessionKey: route.sessionKey,
+    AccountId: account.accountId,
+    ChatType: "direct",
+    ConversationLabel: "AgentVault",
+    SenderName: "Owner",
+    SenderId: senderId,
+    Provider: "agentvault",
+    Surface: "agentvault",
+    MessageSid: metadata.messageId,
+    Timestamp: new Date(metadata.timestamp).getTime(),
+    OriginatingChannel: "agentvault",
+    OriginatingTo: `agentvault:agent:${account.accountId}`,
+    // Owner is cryptographically verified via X3DH + Double Ratchet enrollment
+    CommandAuthorized: true
+  });
+  await core.channel.session.recordInboundSession({
+    storePath,
+    sessionKey: ctxPayload.SessionKey ?? route.sessionKey,
+    ctx: ctxPayload,
+    onRecordError: (err) => {
+      core.error?.(`[AgentVault] session record failed: ${String(err)}`);
+    }
+  });
+  await core.channel.reply.dispatchReplyWithBufferedBlockDispatcher({
+    ctx: ctxPayload,
+    cfg,
+    dispatcherOptions: {
+      deliver: async (payload) => {
+        const text = (payload.text ?? "").trim();
+        if (text) {
+          await channel.send(text);
+        }
+      },
+      onError: (err, info) => {
+        core.error?.(
+          `[AgentVault] ${info?.kind ?? "reply"} error: ${String(err)}`
+        );
+      }
+    },
+    replyOptions: {}
+  });
+}
+
 // src/index.ts
-var VERSION = "0.3.0";
+var VERSION = "0.5.1";
 export {
   SecureChannel,
-  VERSION
+  VERSION,
+  agentVaultPlugin,
+  getActiveChannel,
+  setOcRuntime
 };
 //# sourceMappingURL=index.js.map