@agentvault/secure-channel 0.6.10 → 0.6.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/openclaw-entry.d.ts.map +1 -1
  2. package/dist/openclaw-entry.js +20 -2
  3. package/dist/openclaw-entry.js.map +2 -2
  4. package/package.json +1 -1
package/dist/openclaw-entry.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"openclaw-entry.d.ts","sourceRoot":"","sources":["../src/openclaw-entry.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;;;;;kBAuPa,GAAG;;AALnB,wBASE"}
1
+ {"version":3,"file":"openclaw-entry.d.ts","sourceRoot":"","sources":["../src/openclaw-entry.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;;;;;kBAgRa,GAAG;;AALnB,wBASE"}
package/dist/openclaw-entry.js CHANGED
@@ -179,8 +179,26 @@ var agentVaultPlugin = {
179
179
  },
180
180
  outbound: {
181
181
  deliveryMode: "direct",
182
- sendText: async ({ text, accountId }) => {
183
- const ch = _channels.get(accountId ?? "default");
182
+ // Register valid send targets so OpenClaw's `message` tool can route
183
+ // proactive (agent-initiated) sends — not just replies to inbound messages.
184
+ targets: async ({ cfg }) => {
185
+ const accountIds = listAccountIds(cfg);
186
+ if (!accountIds.length) return [];
187
+ return accountIds.flatMap((accountId) => {
188
+ const account = resolveAccount(cfg, accountId);
189
+ return [
190
+ {
191
+ id: "owner",
192
+ label: `AgentVault Owner`,
193
+ accountId
194
+ },
195
+ ...accountId !== "owner" ? [{ id: accountId, label: `AgentVault Owner (${accountId})`, accountId }] : []
196
+ ];
197
+ });
198
+ },
199
+ sendText: async ({ text, accountId, targetId }) => {
200
+ const resolvedId = accountId ?? (targetId === "owner" ? "default" : targetId ?? "default");
201
+ const ch = _channels.get(resolvedId);
184
202
  if (!ch) return { ok: false, error: "AgentVault channel not connected" };
185
203
  try {
186
204
  await ch.send(text);
package/dist/openclaw-entry.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../src/openclaw-entry.ts"],
4
- "sourcesContent": ["/**\n * OpenClaw channel plugin entry point.\n *\n * Intentionally thin \u2014 no heavy imports (libsodium etc.) at module load time.\n * SecureChannel is dynamically imported inside gateway.startAccount (already async)\n * so libsodium's top-level await never runs during plugin registration.\n *\n * Loaded by OpenClaw via the `openclaw.extensions` field in package.json.\n */\n\nimport { spawn } from \"node:child_process\";\nimport { resolve } from \"node:path\";\n\n// --- Runtime and active channels (set during register) ---\nlet _ocRuntime: any = null;\nconst _channels = new Map<string, any>();\nconst _messageQueue: Array<() => Promise<void>> = [];\n\nfunction _setRuntime(rt: any) {\n _ocRuntime = rt;\n // Flush any messages that arrived before runtime was ready\n if (_messageQueue.length > 0) {\n const pending = _messageQueue.splice(0);\n for (const fn of pending) {\n fn().catch(() => {});\n }\n }\n}\n\n// --- Channel config helpers ---\n\nfunction listAccountIds(cfg: any): string[] {\n return cfg?.channels?.agentvault?.dataDir ? [\"default\"] : [];\n}\n\nfunction resolveAccount(cfg: any, accountId?: string) {\n const av = cfg?.channels?.agentvault ?? {};\n return {\n accountId: accountId ?? \"default\",\n dataDir: av.dataDir ?? \"~/.openclaw/agentvault\",\n apiUrl: av.apiUrl ?? \"https://api.agentvault.chat\",\n agentName: av.agentName ?? \"OpenClaw Agent\",\n configured: Boolean(av.dataDir),\n };\n}\n\n// --- Inbound message dispatch ---\n\nasync function handleInbound(params: {\n plaintext: string;\n metadata: any;\n channel: any;\n account: any;\n cfg: any;\n}): Promise<void> {\n const { plaintext, metadata, channel, account, cfg } = params;\n const core = _ocRuntime;\n\n const route = core.channel.routing.resolveAgentRoute({\n cfg,\n channel: \"agentvault\",\n accountId: account.accountId,\n peer: { kind: \"direct\", id: \"agentvault:owner\" },\n });\n\n const storePath = core.channel.session.resolveStorePath(cfg?.session?.store, {\n agentId: route.agentId,\n });\n\n const envelopeOptions = core.channel.reply.resolveEnvelopeFormatOptions(cfg);\n const previousTimestamp = core.channel.session.readSessionUpdatedAt({\n storePath,\n sessionKey: route.sessionKey,\n });\n\n const body = core.channel.reply.formatAgentEnvelope({\n channel: \"AgentVault\",\n from: \"Owner\",\n timestamp: new Date(metadata.timestamp).getTime(),\n previousTimestamp,\n envelope: envelopeOptions,\n body: plaintext,\n });\n\n const ctxPayload = core.channel.reply.finalizeInboundContext({\n Body: body,\n RawBody: plaintext,\n CommandBody: plaintext,\n From: \"agentvault:owner\",\n To: `agentvault:agent:${account.accountId}`,\n SessionKey: route.sessionKey,\n AccountId: account.accountId,\n ChatType: \"direct\",\n ConversationLabel: \"AgentVault\",\n SenderName: \"Owner\",\n SenderId: \"agentvault:owner\",\n Provider: \"agentvault\",\n Surface: \"agentvault\",\n MessageSid: metadata.messageId,\n Timestamp: new Date(metadata.timestamp).getTime(),\n OriginatingChannel: \"agentvault\",\n OriginatingTo: `agentvault:agent:${account.accountId}`,\n CommandAuthorized: true,\n });\n\n await core.channel.session.recordInboundSession({\n storePath,\n sessionKey: ctxPayload.SessionKey ?? route.sessionKey,\n ctx: ctxPayload,\n onRecordError: (err: Error) => {\n core.error?.(`[AgentVault] session record failed: ${String(err)}`);\n },\n });\n\n // Fire-and-forget wake so the session processes this message even when idle.\n // Uses the same primitive as `openclaw system event --mode now`.\n try {\n const home = process.env.HOME ?? \"\";\n const extraPaths = [\n `${home}/.local/bin`,\n `${home}/.pnpm/bin`,\n `${home}/Library/pnpm/bin`,\n \"/usr/local/bin\",\n \"/opt/homebrew/bin\",\n ].join(\":\");\n const wakeEnv = { ...process.env, PATH: `${extraPaths}:${process.env.PATH ?? \"\"}` };\n const wakeProc = spawn(\n \"openclaw\",\n [\"system\", \"event\", \"--text\", \"AgentVault: new message received\", \"--mode\", \"now\"],\n { stdio: \"ignore\", env: wakeEnv },\n );\n wakeProc.unref(); // Don't block the gateway process on this\n } catch {\n // Best-effort \u2014 never let a wake failure block message dispatch\n }\n\n await core.channel.reply.dispatchReplyWithBufferedBlockDispatcher({\n ctx: ctxPayload,\n cfg,\n dispatcherOptions: {\n deliver: async (payload: { text?: string }) => {\n const text = (payload.text ?? \"\").trim();\n if (text) await channel.send(text);\n },\n onError: (err: Error, info?: { kind?: string }) => {\n core.error?.(`[AgentVault] ${info?.kind ?? \"reply\"} error: ${String(err)}`);\n },\n },\n replyOptions: {},\n });\n}\n\n// --- Channel plugin definition ---\n\nconst agentVaultPlugin = {\n id: \"agentvault\",\n meta: {\n id: \"agentvault\",\n label: \"AgentVault\",\n selectionLabel: \"AgentVault (E2E Encrypted)\",\n docsPath: \"https://agentvault.chat/docs\",\n blurb: \"Zero-knowledge, end-to-end encrypted messaging between owners and their AI agents.\",\n aliases: [\"av\", \"agent-vault\"],\n },\n capabilities: { chatTypes: [\"direct\"] },\n config: { listAccountIds, resolveAccount },\n\n gateway: {\n startAccount: async (ctx: any) => {\n const { account, cfg, log, abortSignal } = ctx;\n\n if (!account.configured) {\n throw new Error(\n \"AgentVault channel not configured. Run: npx @agentvault/secure-channel setup --token=av_tok_...\\nThen restart OpenClaw.\",\n );\n }\n\n const dataDir = resolve(account.dataDir.replace(/^~/, process.env.HOME ?? \"~\"));\n log?.info(`[AgentVault] starting (dataDir=${dataDir})`);\n\n // Lazy import \u2014 defers libsodium initialization until channel actually starts\n const { SecureChannel } = await import(\"./index.js\");\n\n // startAccount must STAY PENDING while the channel is running.\n // Resolving signals \"channel stopped\" to the gateway health monitor,\n // which triggers auto-restart. We block here until the abortSignal\n // fires (gateway shutdown / config reload), then clean up.\n await new Promise<void>((resolve, reject) => {\n let channel: any;\n\n const onAbort = async () => {\n await channel?.stop();\n _channels.delete(account.accountId);\n resolve();\n };\n\n abortSignal?.addEventListener(\"abort\", () => void onAbort());\n\n // Lazy import \u2014 defers libsodium initialization until channel starts\n import(\"./index.js\").then(({ SecureChannel }) => {\n channel = new SecureChannel({\n inviteToken: \"\",\n dataDir,\n apiUrl: account.apiUrl,\n agentName: account.agentName,\n onMessage: async (plaintext: string, metadata: any) => {\n if (!_ocRuntime) {\n log?.info(\"[AgentVault] runtime not ready, queuing message\");\n _messageQueue.push(async () => {\n await handleInbound({ plaintext, metadata, channel, account, cfg });\n });\n return;\n }\n try {\n await handleInbound({ plaintext, metadata, channel, account, cfg });\n } catch (err) {\n log?.info(`[AgentVault] inbound error: ${String(err)}`);\n }\n },\n onStateChange: (state: string) => {\n log?.info(`[AgentVault] \u2192 ${state}`);\n // \"error\" is a permanent failure \u2014 reject so gateway can restart\n if (state === \"error\") reject(new Error(\"AgentVault channel permanent error\"));\n // All other states (connecting/ready/disconnected) are handled\n // internally by SecureChannel's reconnect logic \u2014 do NOT resolve.\n },\n });\n\n _channels.set(account.accountId, channel);\n channel.start().catch(reject);\n }).catch(reject);\n });\n\n return { stop: async () => {} }; // Channel already stopped via abortSignal by this point\n },\n },\n\n outbound: {\n deliveryMode: \"direct\" as const,\n sendText: async ({ text, accountId }: { text: string; accountId?: string }) => {\n const ch = _channels.get(accountId ?? \"default\");\n if (!ch) return { ok: false, error: \"AgentVault channel not connected\" };\n try { await ch.send(text); return { ok: true }; }\n catch (err) { return { ok: false, error: String(err) }; }\n },\n },\n};\n\n// --- Plugin export ---\n\nexport default {\n // Plugin id matches unscoped package name (@agentvault/secure-channel \u2192 secure-channel)\n id: \"secure-channel\",\n name: \"AgentVault\",\n description: \"End-to-end encrypted, zero-knowledge messaging between AI agent owners and their agents.\",\n register(api: any) {\n _setRuntime(api.runtime);\n api.registerChannel({ plugin: agentVaultPlugin });\n },\n};\n"],
5
- "mappings": ";AAUA,SAAS,aAAa;AACtB,SAAS,eAAe;AAGxB,IAAI,aAAkB;AACtB,IAAM,YAAY,oBAAI,IAAiB;AACvC,IAAM,gBAA4C,CAAC;AAEnD,SAAS,YAAY,IAAS;AAC5B,eAAa;AAEb,MAAI,cAAc,SAAS,GAAG;AAC5B,UAAM,UAAU,cAAc,OAAO,CAAC;AACtC,eAAW,MAAM,SAAS;AACxB,SAAG,EAAE,MAAM,MAAM;AAAA,MAAC,CAAC;AAAA,IACrB;AAAA,EACF;AACF;AAIA,SAAS,eAAe,KAAoB;AAC1C,SAAO,KAAK,UAAU,YAAY,UAAU,CAAC,SAAS,IAAI,CAAC;AAC7D;AAEA,SAAS,eAAe,KAAU,WAAoB;AACpD,QAAM,KAAK,KAAK,UAAU,cAAc,CAAC;AACzC,SAAO;AAAA,IACL,WAAW,aAAa;AAAA,IACxB,SAAS,GAAG,WAAW;AAAA,IACvB,QAAQ,GAAG,UAAU;AAAA,IACrB,WAAW,GAAG,aAAa;AAAA,IAC3B,YAAY,QAAQ,GAAG,OAAO;AAAA,EAChC;AACF;AAIA,eAAe,cAAc,QAMX;AAChB,QAAM,EAAE,WAAW,UAAU,SAAS,SAAS,IAAI,IAAI;AACvD,QAAM,OAAO;AAEb,QAAM,QAAQ,KAAK,QAAQ,QAAQ,kBAAkB;AAAA,IACnD;AAAA,IACA,SAAS;AAAA,IACT,WAAW,QAAQ;AAAA,IACnB,MAAM,EAAE,MAAM,UAAU,IAAI,mBAAmB;AAAA,EACjD,CAAC;AAED,QAAM,YAAY,KAAK,QAAQ,QAAQ,iBAAiB,KAAK,SAAS,OAAO;AAAA,IAC3E,SAAS,MAAM;AAAA,EACjB,CAAC;AAED,QAAM,kBAAkB,KAAK,QAAQ,MAAM,6BAA6B,GAAG;AAC3E,QAAM,oBAAoB,KAAK,QAAQ,QAAQ,qBAAqB;AAAA,IAClE;AAAA,IACA,YAAY,MAAM;AAAA,EACpB,CAAC;AAED,QAAM,OAAO,KAAK,QAAQ,MAAM,oBAAoB;AAAA,IAClD,SAAS;AAAA,IACT,MAAM;AAAA,IACN,WAAW,IAAI,KAAK,SAAS,SAAS,EAAE,QAAQ;AAAA,IAChD;AAAA,IACA,UAAU;AAAA,IACV,MAAM;AAAA,EACR,CAAC;AAED,QAAM,aAAa,KAAK,QAAQ,MAAM,uBAAuB;AAAA,IAC3D,MAAM;AAAA,IACN,SAAS;AAAA,IACT,aAAa;AAAA,IACb,MAAM;AAAA,IACN,IAAI,oBAAoB,QAAQ,SAAS;AAAA,IACzC,YAAY,MAAM;AAAA,IAClB,WAAW,QAAQ;AAAA,IACnB,UAAU;AAAA,IACV,mBAAmB;AAAA,IACnB,YAAY;AAAA,IACZ,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,YAAY,SAAS;AAAA,IACrB,WAAW,IAAI,KAAK,SAAS,SAAS,EAAE,QAAQ;AAAA,IAChD,oBAAoB;AAAA,IACpB,eAAe,oBAAoB,QAAQ,SAAS;AAAA,IACpD,mBAAmB;AAAA,EACrB,CAAC;AAED,QAAM,KAAK,QAAQ,QAAQ,qBAAqB;AAAA,IAC9C;AAAA,IACA,YAAY,WAAW,cAAc,MAAM;AAAA,IAC3C,KAAK;AAAA,IACL,eAAe,CAAC,QAAe;AAC7B,WAAK,QAAQ,uCAAuC,OAAO,GAAG,CAAC,EAAE;AAAA,IACnE;AAAA,EACF,CAAC;AAID,MAAI;AACF,UAAM,OAAO,QAAQ,IAAI,QAAQ;AACjC,UAAM,aAAa;AAAA,MACjB,GAAG,IAAI;AAAA,MACP,GAAG,IAAI;AAAA,MACP,GAAG,IAAI;AAAA,MACP;AAAA,MACA;AAAA,IACF,EAAE,KAAK,GAAG;AACV,UAAM,UAAU,EAAE,GAAG,QAAQ,KAAK,MAAM,GAAG,UAAU,IAAI,QAAQ,IAAI,QAAQ,EAAE,GAAG;AAClF,UAAM,WAAW;AAAA,MACf;AAAA,MACA,CAAC,UAAU,SAAS,UAAU,oCAAoC,UAAU,KAAK;AAAA,MACjF,EAAE,OAAO,UAAU,KAAK,QAAQ;AAAA,IAClC;AACA,aAAS,MAAM;AAAA,EACjB,QAAQ;AAAA,EAER;AAEA,QAAM,KAAK,QAAQ,MAAM,yCAAyC;AAAA,IAChE,KAAK;AAAA,IACL;AAAA,IACA,mBAAmB;AAAA,MACjB,SAAS,OAAO,YAA+B;AAC7C,cAAM,QAAQ,QAAQ,QAAQ,IAAI,KAAK;AACvC,YAAI,KAAM,OAAM,QAAQ,KAAK,IAAI;AAAA,MACnC;AAAA,MACA,SAAS,CAAC,KAAY,SAA6B;AACjD,aAAK,QAAQ,gBAAgB,MAAM,QAAQ,OAAO,WAAW,OAAO,GAAG,CAAC,EAAE;AAAA,MAC5E;AAAA,IACF;AAAA,IACA,cAAc,CAAC;AAAA,EACjB,CAAC;AACH;AAIA,IAAM,mBAAmB;AAAA,EACvB,IAAI;AAAA,EACJ,MAAM;AAAA,IACJ,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,gBAAgB;AAAA,IAChB,UAAU;AAAA,IACV,OAAO;AAAA,IACP,SAAS,CAAC,MAAM,aAAa;AAAA,EAC/B;AAAA,EACA,cAAc,EAAE,WAAW,CAAC,QAAQ,EAAE;AAAA,EACtC,QAAQ,EAAE,gBAAgB,eAAe;AAAA,EAEzC,SAAS;AAAA,IACP,cAAc,OAAO,QAAa;AAChC,YAAM,EAAE,SAAS,KAAK,KAAK,YAAY,IAAI;AAE3C,UAAI,CAAC,QAAQ,YAAY;AACvB,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAEA,YAAM,UAAU,QAAQ,QAAQ,QAAQ,QAAQ,MAAM,QAAQ,IAAI,QAAQ,GAAG,CAAC;AAC9E,WAAK,KAAK,kCAAkC,OAAO,GAAG;AAGtD,YAAM,EAAE,cAAc,IAAI,MAAM,OAAO,YAAY;AAMnD,YAAM,IAAI,QAAc,CAACA,UAAS,WAAW;AAC3C,YAAI;AAEJ,cAAM,UAAU,YAAY;AAC1B,gBAAM,SAAS,KAAK;AACpB,oBAAU,OAAO,QAAQ,SAAS;AAClC,UAAAA,SAAQ;AAAA,QACV;AAEA,qBAAa,iBAAiB,SAAS,MAAM,KAAK,QAAQ,CAAC;AAG3D,eAAO,YAAY,EAAE,KAAK,CAAC,EAAE,eAAAC,eAAc,MAAM;AAC/C,oBAAU,IAAIA,eAAc;AAAA,YAC1B,aAAa;AAAA,YACb;AAAA,YACA,QAAQ,QAAQ;AAAA,YAChB,WAAW,QAAQ;AAAA,YACnB,WAAW,OAAO,WAAmB,aAAkB;AACrD,kBAAI,CAAC,YAAY;AACf,qBAAK,KAAK,iDAAiD;AAC3D,8BAAc,KAAK,YAAY;AAC7B,wBAAM,cAAc,EAAE,WAAW,UAAU,SAAS,SAAS,IAAI,CAAC;AAAA,gBACpE,CAAC;AACD;AAAA,cACF;AACA,kBAAI;AACF,sBAAM,cAAc,EAAE,WAAW,UAAU,SAAS,SAAS,IAAI,CAAC;AAAA,cACpE,SAAS,KAAK;AACZ,qBAAK,KAAK,+BAA+B,OAAO,GAAG,CAAC,EAAE;AAAA,cACxD;AAAA,YACF;AAAA,YACA,eAAe,CAAC,UAAkB;AAChC,mBAAK,KAAK,uBAAkB,KAAK,EAAE;AAEnC,kBAAI,UAAU,QAAS,QAAO,IAAI,MAAM,oCAAoC,CAAC;AAAA,YAG/E;AAAA,UACF,CAAC;AAED,oBAAU,IAAI,QAAQ,WAAW,OAAO;AACxC,kBAAQ,MAAM,EAAE,MAAM,MAAM;AAAA,QAC9B,CAAC,EAAE,MAAM,MAAM;AAAA,MACjB,CAAC;AAED,aAAO,EAAE,MAAM,YAAY;AAAA,MAAC,EAAE;AAAA,IAChC;AAAA,EACF;AAAA,EAEA,UAAU;AAAA,IACR,cAAc;AAAA,IACd,UAAU,OAAO,EAAE,MAAM,UAAU,MAA4C;AAC7E,YAAM,KAAK,UAAU,IAAI,aAAa,SAAS;AAC/C,UAAI,CAAC,GAAI,QAAO,EAAE,IAAI,OAAO,OAAO,mCAAmC;AACvE,UAAI;AAAE,cAAM,GAAG,KAAK,IAAI;AAAG,eAAO,EAAE,IAAI,KAAK;AAAA,MAAG,SACzC,KAAK;AAAE,eAAO,EAAE,IAAI,OAAO,OAAO,OAAO,GAAG,EAAE;AAAA,MAAG;AAAA,IAC1D;AAAA,EACF;AACF;AAIA,IAAO,yBAAQ;AAAA;AAAA,EAEb,IAAI;AAAA,EACJ,MAAM;AAAA,EACN,aAAa;AAAA,EACb,SAAS,KAAU;AACjB,gBAAY,IAAI,OAAO;AACvB,QAAI,gBAAgB,EAAE,QAAQ,iBAAiB,CAAC;AAAA,EAClD;AACF;",
4
+ "sourcesContent": ["/**\n * OpenClaw channel plugin entry point.\n *\n * Intentionally thin \u2014 no heavy imports (libsodium etc.) at module load time.\n * SecureChannel is dynamically imported inside gateway.startAccount (already async)\n * so libsodium's top-level await never runs during plugin registration.\n *\n * Loaded by OpenClaw via the `openclaw.extensions` field in package.json.\n */\n\nimport { spawn } from \"node:child_process\";\nimport { resolve } from \"node:path\";\n\n// --- Runtime and active channels (set during register) ---\nlet _ocRuntime: any = null;\nconst _channels = new Map<string, any>();\nconst _messageQueue: Array<() => Promise<void>> = [];\n\nfunction _setRuntime(rt: any) {\n _ocRuntime = rt;\n // Flush any messages that arrived before runtime was ready\n if (_messageQueue.length > 0) {\n const pending = _messageQueue.splice(0);\n for (const fn of pending) {\n fn().catch(() => {});\n }\n }\n}\n\n// --- Channel config helpers ---\n\nfunction listAccountIds(cfg: any): string[] {\n return cfg?.channels?.agentvault?.dataDir ? [\"default\"] : [];\n}\n\nfunction resolveAccount(cfg: any, accountId?: string) {\n const av = cfg?.channels?.agentvault ?? {};\n return {\n accountId: accountId ?? \"default\",\n dataDir: av.dataDir ?? \"~/.openclaw/agentvault\",\n apiUrl: av.apiUrl ?? \"https://api.agentvault.chat\",\n agentName: av.agentName ?? \"OpenClaw Agent\",\n configured: Boolean(av.dataDir),\n };\n}\n\n// --- Inbound message dispatch ---\n\nasync function handleInbound(params: {\n plaintext: string;\n metadata: any;\n channel: any;\n account: any;\n cfg: any;\n}): Promise<void> {\n const { plaintext, metadata, channel, account, cfg } = params;\n const core = _ocRuntime;\n\n const route = core.channel.routing.resolveAgentRoute({\n cfg,\n channel: \"agentvault\",\n accountId: account.accountId,\n peer: { kind: \"direct\", id: \"agentvault:owner\" },\n });\n\n const storePath = core.channel.session.resolveStorePath(cfg?.session?.store, {\n agentId: route.agentId,\n });\n\n const envelopeOptions = core.channel.reply.resolveEnvelopeFormatOptions(cfg);\n const previousTimestamp = core.channel.session.readSessionUpdatedAt({\n storePath,\n sessionKey: route.sessionKey,\n });\n\n const body = core.channel.reply.formatAgentEnvelope({\n channel: \"AgentVault\",\n from: \"Owner\",\n timestamp: new Date(metadata.timestamp).getTime(),\n previousTimestamp,\n envelope: envelopeOptions,\n body: plaintext,\n });\n\n const ctxPayload = core.channel.reply.finalizeInboundContext({\n Body: body,\n RawBody: plaintext,\n CommandBody: plaintext,\n From: \"agentvault:owner\",\n To: `agentvault:agent:${account.accountId}`,\n SessionKey: route.sessionKey,\n AccountId: account.accountId,\n ChatType: \"direct\",\n ConversationLabel: \"AgentVault\",\n SenderName: \"Owner\",\n SenderId: \"agentvault:owner\",\n Provider: \"agentvault\",\n Surface: \"agentvault\",\n MessageSid: metadata.messageId,\n Timestamp: new Date(metadata.timestamp).getTime(),\n OriginatingChannel: \"agentvault\",\n OriginatingTo: `agentvault:agent:${account.accountId}`,\n CommandAuthorized: true,\n });\n\n await core.channel.session.recordInboundSession({\n storePath,\n sessionKey: ctxPayload.SessionKey ?? route.sessionKey,\n ctx: ctxPayload,\n onRecordError: (err: Error) => {\n core.error?.(`[AgentVault] session record failed: ${String(err)}`);\n },\n });\n\n // Fire-and-forget wake so the session processes this message even when idle.\n // Uses the same primitive as `openclaw system event --mode now`.\n try {\n const home = process.env.HOME ?? \"\";\n const extraPaths = [\n `${home}/.local/bin`,\n `${home}/.pnpm/bin`,\n `${home}/Library/pnpm/bin`,\n \"/usr/local/bin\",\n \"/opt/homebrew/bin\",\n ].join(\":\");\n const wakeEnv = { ...process.env, PATH: `${extraPaths}:${process.env.PATH ?? \"\"}` };\n const wakeProc = spawn(\n \"openclaw\",\n [\"system\", \"event\", \"--text\", \"AgentVault: new message received\", \"--mode\", \"now\"],\n { stdio: \"ignore\", env: wakeEnv },\n );\n wakeProc.unref(); // Don't block the gateway process on this\n } catch {\n // Best-effort \u2014 never let a wake failure block message dispatch\n }\n\n await core.channel.reply.dispatchReplyWithBufferedBlockDispatcher({\n ctx: ctxPayload,\n cfg,\n dispatcherOptions: {\n deliver: async (payload: { text?: string }) => {\n const text = (payload.text ?? \"\").trim();\n if (text) await channel.send(text);\n },\n onError: (err: Error, info?: { kind?: string }) => {\n core.error?.(`[AgentVault] ${info?.kind ?? \"reply\"} error: ${String(err)}`);\n },\n },\n replyOptions: {},\n });\n}\n\n// --- Channel plugin definition ---\n\nconst agentVaultPlugin = {\n id: \"agentvault\",\n meta: {\n id: \"agentvault\",\n label: \"AgentVault\",\n selectionLabel: \"AgentVault (E2E Encrypted)\",\n docsPath: \"https://agentvault.chat/docs\",\n blurb: \"Zero-knowledge, end-to-end encrypted messaging between owners and their AI agents.\",\n aliases: [\"av\", \"agent-vault\"],\n },\n capabilities: { chatTypes: [\"direct\"] },\n config: { listAccountIds, resolveAccount },\n\n gateway: {\n startAccount: async (ctx: any) => {\n const { account, cfg, log, abortSignal } = ctx;\n\n if (!account.configured) {\n throw new Error(\n \"AgentVault channel not configured. Run: npx @agentvault/secure-channel setup --token=av_tok_...\\nThen restart OpenClaw.\",\n );\n }\n\n const dataDir = resolve(account.dataDir.replace(/^~/, process.env.HOME ?? \"~\"));\n log?.info(`[AgentVault] starting (dataDir=${dataDir})`);\n\n // Lazy import \u2014 defers libsodium initialization until channel actually starts\n const { SecureChannel } = await import(\"./index.js\");\n\n // startAccount must STAY PENDING while the channel is running.\n // Resolving signals \"channel stopped\" to the gateway health monitor,\n // which triggers auto-restart. We block here until the abortSignal\n // fires (gateway shutdown / config reload), then clean up.\n await new Promise<void>((resolve, reject) => {\n let channel: any;\n\n const onAbort = async () => {\n await channel?.stop();\n _channels.delete(account.accountId);\n resolve();\n };\n\n abortSignal?.addEventListener(\"abort\", () => void onAbort());\n\n // Lazy import \u2014 defers libsodium initialization until channel starts\n import(\"./index.js\").then(({ SecureChannel }) => {\n channel = new SecureChannel({\n inviteToken: \"\",\n dataDir,\n apiUrl: account.apiUrl,\n agentName: account.agentName,\n onMessage: async (plaintext: string, metadata: any) => {\n if (!_ocRuntime) {\n log?.info(\"[AgentVault] runtime not ready, queuing message\");\n _messageQueue.push(async () => {\n await handleInbound({ plaintext, metadata, channel, account, cfg });\n });\n return;\n }\n try {\n await handleInbound({ plaintext, metadata, channel, account, cfg });\n } catch (err) {\n log?.info(`[AgentVault] inbound error: ${String(err)}`);\n }\n },\n onStateChange: (state: string) => {\n log?.info(`[AgentVault] \u2192 ${state}`);\n // \"error\" is a permanent failure \u2014 reject so gateway can restart\n if (state === \"error\") reject(new Error(\"AgentVault channel permanent error\"));\n // All other states (connecting/ready/disconnected) are handled\n // internally by SecureChannel's reconnect logic \u2014 do NOT resolve.\n },\n });\n\n _channels.set(account.accountId, channel);\n channel.start().catch(reject);\n }).catch(reject);\n });\n\n return { stop: async () => {} }; // Channel already stopped via abortSignal by this point\n },\n },\n\n outbound: {\n deliveryMode: \"direct\" as const,\n\n // Register valid send targets so OpenClaw's `message` tool can route\n // proactive (agent-initiated) sends \u2014 not just replies to inbound messages.\n targets: async ({ cfg }: { cfg: any }) => {\n const accountIds = listAccountIds(cfg);\n if (!accountIds.length) return [];\n return accountIds.flatMap((accountId) => {\n const account = resolveAccount(cfg, accountId);\n // Expose \"owner\" as the canonical target ID (plus accountId as alias).\n // Both route to the same channel connection.\n return [\n {\n id: \"owner\",\n label: `AgentVault Owner`,\n accountId,\n },\n ...(accountId !== \"owner\"\n ? [{ id: accountId, label: `AgentVault Owner (${accountId})`, accountId }]\n : []),\n ];\n });\n },\n\n sendText: async ({ text, accountId, targetId }: { text: string; accountId?: string; targetId?: string }) => {\n // Resolve channel: prefer accountId, fall back to targetId lookup, then default.\n const resolvedId = accountId ?? (targetId === \"owner\" ? \"default\" : (targetId ?? \"default\"));\n const ch = _channels.get(resolvedId);\n if (!ch) return { ok: false, error: \"AgentVault channel not connected\" };\n try { await ch.send(text); return { ok: true }; }\n catch (err) { return { ok: false, error: String(err) }; }\n },\n },\n};\n\n// --- Plugin export ---\n\nexport default {\n // Plugin id matches unscoped package name (@agentvault/secure-channel \u2192 secure-channel)\n id: \"secure-channel\",\n name: \"AgentVault\",\n description: \"End-to-end encrypted, zero-knowledge messaging between AI agent owners and their agents.\",\n register(api: any) {\n _setRuntime(api.runtime);\n api.registerChannel({ plugin: agentVaultPlugin });\n },\n};\n"],
5
+ "mappings": ";AAUA,SAAS,aAAa;AACtB,SAAS,eAAe;AAGxB,IAAI,aAAkB;AACtB,IAAM,YAAY,oBAAI,IAAiB;AACvC,IAAM,gBAA4C,CAAC;AAEnD,SAAS,YAAY,IAAS;AAC5B,eAAa;AAEb,MAAI,cAAc,SAAS,GAAG;AAC5B,UAAM,UAAU,cAAc,OAAO,CAAC;AACtC,eAAW,MAAM,SAAS;AACxB,SAAG,EAAE,MAAM,MAAM;AAAA,MAAC,CAAC;AAAA,IACrB;AAAA,EACF;AACF;AAIA,SAAS,eAAe,KAAoB;AAC1C,SAAO,KAAK,UAAU,YAAY,UAAU,CAAC,SAAS,IAAI,CAAC;AAC7D;AAEA,SAAS,eAAe,KAAU,WAAoB;AACpD,QAAM,KAAK,KAAK,UAAU,cAAc,CAAC;AACzC,SAAO;AAAA,IACL,WAAW,aAAa;AAAA,IACxB,SAAS,GAAG,WAAW;AAAA,IACvB,QAAQ,GAAG,UAAU;AAAA,IACrB,WAAW,GAAG,aAAa;AAAA,IAC3B,YAAY,QAAQ,GAAG,OAAO;AAAA,EAChC;AACF;AAIA,eAAe,cAAc,QAMX;AAChB,QAAM,EAAE,WAAW,UAAU,SAAS,SAAS,IAAI,IAAI;AACvD,QAAM,OAAO;AAEb,QAAM,QAAQ,KAAK,QAAQ,QAAQ,kBAAkB;AAAA,IACnD;AAAA,IACA,SAAS;AAAA,IACT,WAAW,QAAQ;AAAA,IACnB,MAAM,EAAE,MAAM,UAAU,IAAI,mBAAmB;AAAA,EACjD,CAAC;AAED,QAAM,YAAY,KAAK,QAAQ,QAAQ,iBAAiB,KAAK,SAAS,OAAO;AAAA,IAC3E,SAAS,MAAM;AAAA,EACjB,CAAC;AAED,QAAM,kBAAkB,KAAK,QAAQ,MAAM,6BAA6B,GAAG;AAC3E,QAAM,oBAAoB,KAAK,QAAQ,QAAQ,qBAAqB;AAAA,IAClE;AAAA,IACA,YAAY,MAAM;AAAA,EACpB,CAAC;AAED,QAAM,OAAO,KAAK,QAAQ,MAAM,oBAAoB;AAAA,IAClD,SAAS;AAAA,IACT,MAAM;AAAA,IACN,WAAW,IAAI,KAAK,SAAS,SAAS,EAAE,QAAQ;AAAA,IAChD;AAAA,IACA,UAAU;AAAA,IACV,MAAM;AAAA,EACR,CAAC;AAED,QAAM,aAAa,KAAK,QAAQ,MAAM,uBAAuB;AAAA,IAC3D,MAAM;AAAA,IACN,SAAS;AAAA,IACT,aAAa;AAAA,IACb,MAAM;AAAA,IACN,IAAI,oBAAoB,QAAQ,SAAS;AAAA,IACzC,YAAY,MAAM;AAAA,IAClB,WAAW,QAAQ;AAAA,IACnB,UAAU;AAAA,IACV,mBAAmB;AAAA,IACnB,YAAY;AAAA,IACZ,UAAU;AAAA,IACV,UAAU;AAAA,IACV,SAAS;AAAA,IACT,YAAY,SAAS;AAAA,IACrB,WAAW,IAAI,KAAK,SAAS,SAAS,EAAE,QAAQ;AAAA,IAChD,oBAAoB;AAAA,IACpB,eAAe,oBAAoB,QAAQ,SAAS;AAAA,IACpD,mBAAmB;AAAA,EACrB,CAAC;AAED,QAAM,KAAK,QAAQ,QAAQ,qBAAqB;AAAA,IAC9C;AAAA,IACA,YAAY,WAAW,cAAc,MAAM;AAAA,IAC3C,KAAK;AAAA,IACL,eAAe,CAAC,QAAe;AAC7B,WAAK,QAAQ,uCAAuC,OAAO,GAAG,CAAC,EAAE;AAAA,IACnE;AAAA,EACF,CAAC;AAID,MAAI;AACF,UAAM,OAAO,QAAQ,IAAI,QAAQ;AACjC,UAAM,aAAa;AAAA,MACjB,GAAG,IAAI;AAAA,MACP,GAAG,IAAI;AAAA,MACP,GAAG,IAAI;AAAA,MACP;AAAA,MACA;AAAA,IACF,EAAE,KAAK,GAAG;AACV,UAAM,UAAU,EAAE,GAAG,QAAQ,KAAK,MAAM,GAAG,UAAU,IAAI,QAAQ,IAAI,QAAQ,EAAE,GAAG;AAClF,UAAM,WAAW;AAAA,MACf;AAAA,MACA,CAAC,UAAU,SAAS,UAAU,oCAAoC,UAAU,KAAK;AAAA,MACjF,EAAE,OAAO,UAAU,KAAK,QAAQ;AAAA,IAClC;AACA,aAAS,MAAM;AAAA,EACjB,QAAQ;AAAA,EAER;AAEA,QAAM,KAAK,QAAQ,MAAM,yCAAyC;AAAA,IAChE,KAAK;AAAA,IACL;AAAA,IACA,mBAAmB;AAAA,MACjB,SAAS,OAAO,YAA+B;AAC7C,cAAM,QAAQ,QAAQ,QAAQ,IAAI,KAAK;AACvC,YAAI,KAAM,OAAM,QAAQ,KAAK,IAAI;AAAA,MACnC;AAAA,MACA,SAAS,CAAC,KAAY,SAA6B;AACjD,aAAK,QAAQ,gBAAgB,MAAM,QAAQ,OAAO,WAAW,OAAO,GAAG,CAAC,EAAE;AAAA,MAC5E;AAAA,IACF;AAAA,IACA,cAAc,CAAC;AAAA,EACjB,CAAC;AACH;AAIA,IAAM,mBAAmB;AAAA,EACvB,IAAI;AAAA,EACJ,MAAM;AAAA,IACJ,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,gBAAgB;AAAA,IAChB,UAAU;AAAA,IACV,OAAO;AAAA,IACP,SAAS,CAAC,MAAM,aAAa;AAAA,EAC/B;AAAA,EACA,cAAc,EAAE,WAAW,CAAC,QAAQ,EAAE;AAAA,EACtC,QAAQ,EAAE,gBAAgB,eAAe;AAAA,EAEzC,SAAS;AAAA,IACP,cAAc,OAAO,QAAa;AAChC,YAAM,EAAE,SAAS,KAAK,KAAK,YAAY,IAAI;AAE3C,UAAI,CAAC,QAAQ,YAAY;AACvB,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAEA,YAAM,UAAU,QAAQ,QAAQ,QAAQ,QAAQ,MAAM,QAAQ,IAAI,QAAQ,GAAG,CAAC;AAC9E,WAAK,KAAK,kCAAkC,OAAO,GAAG;AAGtD,YAAM,EAAE,cAAc,IAAI,MAAM,OAAO,YAAY;AAMnD,YAAM,IAAI,QAAc,CAACA,UAAS,WAAW;AAC3C,YAAI;AAEJ,cAAM,UAAU,YAAY;AAC1B,gBAAM,SAAS,KAAK;AACpB,oBAAU,OAAO,QAAQ,SAAS;AAClC,UAAAA,SAAQ;AAAA,QACV;AAEA,qBAAa,iBAAiB,SAAS,MAAM,KAAK,QAAQ,CAAC;AAG3D,eAAO,YAAY,EAAE,KAAK,CAAC,EAAE,eAAAC,eAAc,MAAM;AAC/C,oBAAU,IAAIA,eAAc;AAAA,YAC1B,aAAa;AAAA,YACb;AAAA,YACA,QAAQ,QAAQ;AAAA,YAChB,WAAW,QAAQ;AAAA,YACnB,WAAW,OAAO,WAAmB,aAAkB;AACrD,kBAAI,CAAC,YAAY;AACf,qBAAK,KAAK,iDAAiD;AAC3D,8BAAc,KAAK,YAAY;AAC7B,wBAAM,cAAc,EAAE,WAAW,UAAU,SAAS,SAAS,IAAI,CAAC;AAAA,gBACpE,CAAC;AACD;AAAA,cACF;AACA,kBAAI;AACF,sBAAM,cAAc,EAAE,WAAW,UAAU,SAAS,SAAS,IAAI,CAAC;AAAA,cACpE,SAAS,KAAK;AACZ,qBAAK,KAAK,+BAA+B,OAAO,GAAG,CAAC,EAAE;AAAA,cACxD;AAAA,YACF;AAAA,YACA,eAAe,CAAC,UAAkB;AAChC,mBAAK,KAAK,uBAAkB,KAAK,EAAE;AAEnC,kBAAI,UAAU,QAAS,QAAO,IAAI,MAAM,oCAAoC,CAAC;AAAA,YAG/E;AAAA,UACF,CAAC;AAED,oBAAU,IAAI,QAAQ,WAAW,OAAO;AACxC,kBAAQ,MAAM,EAAE,MAAM,MAAM;AAAA,QAC9B,CAAC,EAAE,MAAM,MAAM;AAAA,MACjB,CAAC;AAED,aAAO,EAAE,MAAM,YAAY;AAAA,MAAC,EAAE;AAAA,IAChC;AAAA,EACF;AAAA,EAEA,UAAU;AAAA,IACR,cAAc;AAAA;AAAA;AAAA,IAId,SAAS,OAAO,EAAE,IAAI,MAAoB;AACxC,YAAM,aAAa,eAAe,GAAG;AACrC,UAAI,CAAC,WAAW,OAAQ,QAAO,CAAC;AAChC,aAAO,WAAW,QAAQ,CAAC,cAAc;AACvC,cAAM,UAAU,eAAe,KAAK,SAAS;AAG7C,eAAO;AAAA,UACL;AAAA,YACE,IAAI;AAAA,YACJ,OAAO;AAAA,YACP;AAAA,UACF;AAAA,UACA,GAAI,cAAc,UACd,CAAC,EAAE,IAAI,WAAW,OAAO,qBAAqB,SAAS,KAAK,UAAU,CAAC,IACvE,CAAC;AAAA,QACP;AAAA,MACF,CAAC;AAAA,IACH;AAAA,IAEA,UAAU,OAAO,EAAE,MAAM,WAAW,SAAS,MAA+D;AAE1G,YAAM,aAAa,cAAc,aAAa,UAAU,YAAa,YAAY;AACjF,YAAM,KAAK,UAAU,IAAI,UAAU;AACnC,UAAI,CAAC,GAAI,QAAO,EAAE,IAAI,OAAO,OAAO,mCAAmC;AACvE,UAAI;AAAE,cAAM,GAAG,KAAK,IAAI;AAAG,eAAO,EAAE,IAAI,KAAK;AAAA,MAAG,SACzC,KAAK;AAAE,eAAO,EAAE,IAAI,OAAO,OAAO,OAAO,GAAG,EAAE;AAAA,MAAG;AAAA,IAC1D;AAAA,EACF;AACF;AAIA,IAAO,yBAAQ;AAAA;AAAA,EAEb,IAAI;AAAA,EACJ,MAAM;AAAA,EACN,aAAa;AAAA,EACb,SAAS,KAAU;AACjB,gBAAY,IAAI,OAAO;AACvB,QAAI,gBAAgB,EAAE,QAAQ,iBAAiB,CAAC;AAAA,EAClD;AACF;",
6
6
  "names": ["resolve", "SecureChannel"]
7
7
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@agentvault/secure-channel",
3
- "version": "0.6.10",
3
+ "version": "0.6.11",
4
4
  "type": "module",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",