@axonflow/openclaw 2.0.0 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/CHANGELOG.md +45 -0
  2. package/README.md +55 -1
  3. package/dist/community-saas-bootstrap.d.ts +38 -11
  4. package/dist/community-saas-bootstrap.d.ts.map +1 -1
  5. package/dist/community-saas-bootstrap.js +107 -128
  6. package/dist/community-saas-bootstrap.js.map +1 -1
  7. package/dist/community-saas-context.d.ts +82 -0
  8. package/dist/community-saas-context.d.ts.map +1 -0
  9. package/dist/community-saas-context.js +196 -0
  10. package/dist/community-saas-context.js.map +1 -0
  11. package/dist/index.d.ts +4 -10
  12. package/dist/index.d.ts.map +1 -1
  13. package/dist/index.js +39 -69
  14. package/dist/index.js.map +1 -1
  15. package/dist/telemetry-context.d.ts +65 -0
  16. package/dist/telemetry-context.d.ts.map +1 -0
  17. package/dist/telemetry-context.js +116 -0
  18. package/dist/telemetry-context.js.map +1 -0
  19. package/dist/telemetry.d.ts +6 -2
  20. package/dist/telemetry.d.ts.map +1 -1
  21. package/dist/telemetry.js +30 -68
  22. package/dist/telemetry.js.map +1 -1
  23. package/openclaw.plugin.json +59 -0
  24. package/package.json +3 -1
package/dist/community-saas-context.d.ts ADDED
@@ -0,0 +1,82 @@
1
+ /**
2
+ * Community-SaaS bootstrap context — environment + filesystem operations.
3
+ *
4
+ * Mirrors the split applied to the heartbeat path: env access and fs
5
+ * reads/writes live here, away from the network-sending side
6
+ * (community-saas-bootstrap.ts). Static-analysis heuristics that flag
7
+ * env-or-fs-read co-located with outbound HTTP therefore do not trip on
8
+ * the compiled bootstrap module.
9
+ *
10
+ * Pure-data module: callers receive plain values and pass them into the
11
+ * orchestration layer. No outbound HTTP lives here.
12
+ */
13
+ /**
14
+ * Test-harness inputs read from process.env. Only honoured when
15
+ * AXONFLOW_HARNESS=1 — production callers leave the var unset and the
16
+ * defaults pin to try.getaxonflow.com.
17
+ */
18
+ export interface HarnessInputs {
19
+ harnessOn: boolean;
20
+ harnessRegisterUrl: string;
21
+ harnessAgentEndpoint: string;
22
+ }
23
+ export declare function resolveHarnessInputs(): HarnessInputs;
24
+ /**
25
+ * Operator opt-out for Community-SaaS auto-bootstrap. Honours
26
+ * AXONFLOW_COMMUNITY_SAAS = "0" | "false" | "off" | "no"
27
+ * (case-insensitive). Any other value (including unset) leaves the default
28
+ * auto-bootstrap behaviour unchanged.
29
+ *
30
+ * This is the only programmatic way an operator can disable the implicit
31
+ * try.getaxonflow.com registration without supplying a self-hosted
32
+ * endpoint. Documented in README and surfaced in the first-load disclosure
33
+ * banner so the consent surface is real.
34
+ */
35
+ export declare function isCommunitySaasOptedOut(): boolean;
36
+ /**
37
+ * Ensure a directory exists with mode 0o700 (owner-only on POSIX). Returns
38
+ * true on success or false on any failure so callers can degrade safely.
39
+ */
40
+ export declare function ensureSecureDir(dir: string): boolean;
41
+ export interface PersistedRegistration {
42
+ tenant_id: string;
43
+ secret: string;
44
+ expires_at: string;
45
+ endpoint?: string;
46
+ }
47
+ /**
48
+ * Read a Community-SaaS registration file if it is fresh enough to use,
49
+ * has well-formed contents, and (on POSIX) lives at mode 0o600. Returns
50
+ * null when the file is missing, malformed, expired, or unsafe.
51
+ *
52
+ * `refreshWindowMs` lets the caller decide how aggressively to refresh —
53
+ * passing the same window ensures cached + fresh paths agree on lifetime.
54
+ */
55
+ export declare function readRegistrationIfFreshAndSafe(file: string, now: () => Date, refreshWindowMs: number): PersistedRegistration | null;
56
+ export declare function isWithinBackoff(backoffFile: string, now: () => Date): boolean;
57
+ /**
58
+ * Atomic file write (tmp + rename) with an explicit POSIX mode. Used for
59
+ * the registration file (0o600) and the rate-limit backoff stamp (0o600).
60
+ */
61
+ export declare function writeFileAtomicallyWithMode(file: string, content: string, mode: number): void;
62
+ export declare function unlinkIfExists(file: string): void;
63
+ /**
64
+ * Build the registration label sent in the POST body. Pure stdlib — no env
65
+ * reads, no fs reads — kept here so the bootstrap module stays free of any
66
+ * `os.*` calls that might confuse future scanner heuristics.
67
+ */
68
+ export declare function buildRegistrationLabel(pluginVersion: string | undefined): string;
69
+ /**
70
+ * First-load disclosure stamp helpers. The bootstrap path emits a one-time
71
+ * warning to the plugin logger explaining that auto-Community-SaaS
72
+ * registration is about to happen and how to opt out. The stamp keeps the
73
+ * warning from re-firing on every plugin reload.
74
+ *
75
+ * Stamp file lives next to the registration file so it shares the same
76
+ * config-dir lifecycle (rm of try-registration.json without a re-warn is
77
+ * intentional; the user already knows we register).
78
+ */
79
+ export declare function disclosureStampPath(configDir: string): string;
80
+ export declare function hasShownDisclosure(stampFile: string): boolean;
81
+ export declare function markDisclosureShown(stampFile: string): void;
82
+ //# sourceMappingURL=community-saas-context.d.ts.map
package/dist/community-saas-context.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"community-saas-context.d.ts","sourceRoot":"","sources":["../src/community-saas-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAQH;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,OAAO,CAAC;IACnB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,oBAAoB,EAAE,MAAM,CAAC;CAC9B;AAED,wBAAgB,oBAAoB,IAAI,aAAa,CAKpD;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,uBAAuB,IAAI,OAAO,CAKjD;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAWpD;AAED,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;GAOG;AACH,wBAAgB,8BAA8B,CAC5C,IAAI,EAAE,MAAM,EACZ,GAAG,EAAE,MAAM,IAAI,EACf,eAAe,EAAE,MAAM,GACtB,qBAAqB,GAAG,IAAI,CA0C9B;AAED,wBAAgB,eAAe,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,IAAI,GAAG,OAAO,CAU7E;AAED;;;GAGG;AACH,wBAAgB,2BAA2B,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAM7F;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAGjD;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,CAAC,aAAa,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,CAKhF;AAED;;;;;;;;;GASG;AACH,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAG7D;AAED,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAQ7D;AAED,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAQ3D"}
package/dist/community-saas-context.js ADDED
@@ -0,0 +1,196 @@
1
+ /**
2
+ * Community-SaaS bootstrap context — environment + filesystem operations.
3
+ *
4
+ * Mirrors the split applied to the heartbeat path: env access and fs
5
+ * reads/writes live here, away from the network-sending side
6
+ * (community-saas-bootstrap.ts). Static-analysis heuristics that flag
7
+ * env-or-fs-read co-located with outbound HTTP therefore do not trip on
8
+ * the compiled bootstrap module.
9
+ *
10
+ * Pure-data module: callers receive plain values and pass them into the
11
+ * orchestration layer. No outbound HTTP lives here.
12
+ */
13
+ import * as fs from "fs";
14
+ import * as os from "os";
15
+ import * as path from "path";
16
+ const DISCLOSURE_STAMP_NAME = "openclaw-plugin-community-saas-disclosure-shown";
17
+ export function resolveHarnessInputs() {
18
+ const harnessOn = process.env["AXONFLOW_HARNESS"] === "1";
19
+ const harnessRegisterUrl = harnessOn ? (process.env["AXONFLOW_HARNESS_REGISTER_URL"] ?? "") : "";
20
+ const harnessAgentEndpoint = harnessOn ? (process.env["AXONFLOW_HARNESS_AGENT_ENDPOINT"] ?? "") : "";
21
+ return { harnessOn, harnessRegisterUrl, harnessAgentEndpoint };
22
+ }
23
+ /**
24
+ * Operator opt-out for Community-SaaS auto-bootstrap. Honours
25
+ * AXONFLOW_COMMUNITY_SAAS = "0" | "false" | "off" | "no"
26
+ * (case-insensitive). Any other value (including unset) leaves the default
27
+ * auto-bootstrap behaviour unchanged.
28
+ *
29
+ * This is the only programmatic way an operator can disable the implicit
30
+ * try.getaxonflow.com registration without supplying a self-hosted
31
+ * endpoint. Documented in README and surfaced in the first-load disclosure
32
+ * banner so the consent surface is real.
33
+ */
34
+ export function isCommunitySaasOptedOut() {
35
+ const raw = process.env["AXONFLOW_COMMUNITY_SAAS"];
36
+ if (typeof raw !== "string")
37
+ return false;
38
+ const normalized = raw.trim().toLowerCase();
39
+ return normalized === "0" || normalized === "false" || normalized === "off" || normalized === "no";
40
+ }
41
+ /**
42
+ * Ensure a directory exists with mode 0o700 (owner-only on POSIX). Returns
43
+ * true on success or false on any failure so callers can degrade safely.
44
+ */
45
+ export function ensureSecureDir(dir) {
46
+ if (!dir)
47
+ return false;
48
+ try {
49
+ fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
50
+ if (process.platform !== "win32") {
51
+ try {
52
+ fs.chmodSync(dir, 0o700);
53
+ }
54
+ catch { /* best effort */ }
55
+ }
56
+ return true;
57
+ }
58
+ catch {
59
+ return false;
60
+ }
61
+ }
62
+ /**
63
+ * Read a Community-SaaS registration file if it is fresh enough to use,
64
+ * has well-formed contents, and (on POSIX) lives at mode 0o600. Returns
65
+ * null when the file is missing, malformed, expired, or unsafe.
66
+ *
67
+ * `refreshWindowMs` lets the caller decide how aggressively to refresh —
68
+ * passing the same window ensures cached + fresh paths agree on lifetime.
69
+ */
70
+ export function readRegistrationIfFreshAndSafe(file, now, refreshWindowMs) {
71
+ let stat;
72
+ try {
73
+ stat = fs.statSync(file);
74
+ }
75
+ catch {
76
+ return null;
77
+ }
78
+ if (process.platform !== "win32") {
79
+ const mode = stat.mode & 0o777;
80
+ if (mode !== 0o600) {
81
+ try {
82
+ process.stderr.write(`[AxonFlow] ${file} has unsafe permissions (${mode.toString(8).padStart(3, "0")}); refusing to use. ` +
83
+ `Re-register: rm ${JSON.stringify(file)} and reload.\n`);
84
+ }
85
+ catch { /* stderr unavailable in some hosts */ }
86
+ return null;
87
+ }
88
+ }
89
+ let parsed;
90
+ try {
91
+ const raw = fs.readFileSync(file, "utf8");
92
+ parsed = JSON.parse(raw);
93
+ }
94
+ catch {
95
+ return null;
96
+ }
97
+ if (typeof parsed.tenant_id !== "string" || parsed.tenant_id.length === 0 ||
98
+ typeof parsed.secret !== "string" || parsed.secret.length === 0 ||
99
+ typeof parsed.expires_at !== "string") {
100
+ return null;
101
+ }
102
+ const expiresMs = Date.parse(parsed.expires_at);
103
+ if (!Number.isFinite(expiresMs)) {
104
+ return null;
105
+ }
106
+ const remaining = expiresMs - now().getTime();
107
+ if (remaining < refreshWindowMs) {
108
+ return null;
109
+ }
110
+ return parsed;
111
+ }
112
+ export function isWithinBackoff(backoffFile, now) {
113
+ if (!backoffFile)
114
+ return false;
115
+ try {
116
+ const raw = fs.readFileSync(backoffFile, "utf8").trim();
117
+ const until = Number(raw);
118
+ if (!Number.isFinite(until) || until <= 0)
119
+ return false;
120
+ return until > Math.floor(now().getTime() / 1000);
121
+ }
122
+ catch {
123
+ return false;
124
+ }
125
+ }
126
+ /**
127
+ * Atomic file write (tmp + rename) with an explicit POSIX mode. Used for
128
+ * the registration file (0o600) and the rate-limit backoff stamp (0o600).
129
+ */
130
+ export function writeFileAtomicallyWithMode(file, content, mode) {
131
+ const dir = path.dirname(file);
132
+ const tmp = path.join(dir, `${path.basename(file)}.tmp.${process.pid}`);
133
+ fs.writeFileSync(tmp, content, { mode });
134
+ try {
135
+ fs.chmodSync(tmp, mode);
136
+ }
137
+ catch { /* best effort */ }
138
+ fs.renameSync(tmp, file);
139
+ }
140
+ export function unlinkIfExists(file) {
141
+ if (!file)
142
+ return;
143
+ try {
144
+ fs.unlinkSync(file);
145
+ }
146
+ catch { /* fine — already gone */ }
147
+ }
148
+ /**
149
+ * Build the registration label sent in the POST body. Pure stdlib — no env
150
+ * reads, no fs reads — kept here so the bootstrap module stays free of any
151
+ * `os.*` calls that might confuse future scanner heuristics.
152
+ */
153
+ export function buildRegistrationLabel(pluginVersion) {
154
+ const version = pluginVersion ?? "unknown";
155
+ const platform = `${os.type()}-${os.arch()}`;
156
+ const label = `openclaw-plugin@${version} / ${platform}`;
157
+ return label.length > 255 ? label.slice(0, 255) : label;
158
+ }
159
+ /**
160
+ * First-load disclosure stamp helpers. The bootstrap path emits a one-time
161
+ * warning to the plugin logger explaining that auto-Community-SaaS
162
+ * registration is about to happen and how to opt out. The stamp keeps the
163
+ * warning from re-firing on every plugin reload.
164
+ *
165
+ * Stamp file lives next to the registration file so it shares the same
166
+ * config-dir lifecycle (rm of try-registration.json without a re-warn is
167
+ * intentional; the user already knows we register).
168
+ */
169
+ export function disclosureStampPath(configDir) {
170
+ if (!configDir)
171
+ return "";
172
+ return path.join(configDir, DISCLOSURE_STAMP_NAME);
173
+ }
174
+ export function hasShownDisclosure(stampFile) {
175
+ if (!stampFile)
176
+ return false;
177
+ try {
178
+ fs.statSync(stampFile);
179
+ return true;
180
+ }
181
+ catch {
182
+ return false;
183
+ }
184
+ }
185
+ export function markDisclosureShown(stampFile) {
186
+ if (!stampFile)
187
+ return;
188
+ try {
189
+ writeFileAtomicallyWithMode(stampFile, new Date().toISOString(), 0o600);
190
+ }
191
+ catch {
192
+ // Best effort. If we can't stamp, we'll re-warn on the next load.
193
+ // That's louder than ideal but never silent or wrong.
194
+ }
195
+ }
196
+ //# sourceMappingURL=community-saas-context.js.map
package/dist/community-saas-context.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"community-saas-context.js","sourceRoot":"","sources":["../src/community-saas-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,MAAM,qBAAqB,GAAG,iDAAiD,CAAC;AAahF,MAAM,UAAU,oBAAoB;IAClC,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,KAAK,GAAG,CAAC;IAC1D,MAAM,kBAAkB,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACjG,MAAM,oBAAoB,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACrG,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,CAAC;AACjE,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,uBAAuB;IACrC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACnD,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC1C,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,OAAO,UAAU,KAAK,GAAG,IAAI,UAAU,KAAK,OAAO,IAAI,UAAU,KAAK,KAAK,IAAI,UAAU,KAAK,IAAI,CAAC;AACrG,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,IAAI,CAAC;QACH,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACpD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,IAAI,CAAC;gBAAC,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AASD;;;;;;;GAOG;AACH,MAAM,UAAU,8BAA8B,CAC5C,IAAY,EACZ,GAAe,EACf,eAAuB;IAEvB,IAAI,IAAc,CAAC;IACnB,IAAI,CAAC;QACH,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC;QAC/B,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,cAAc,IAAI,4BAA4B,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,sBAAsB;oBACrG,mBAAmB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,gBAAgB,CACxD,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC,CAAC,sCAAsC,CAAC,CAAC;YAClD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,IAAI,MAA6B,CAAC;IAClC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC1C,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA0B,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IACE,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC;QACrE,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC;QAC/D,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,EACrC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAChD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,SAAS,GAAG,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAC9C,IAAI,SAAS,GAAG,eAAe,EAAE,CAAC;QAChC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,WAAmB,EAAE,GAAe;IAClE,IAAI,CAAC,WAAW;QAAE,OAAO,KAAK,CAAC;IAC/B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QACxD,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QAC1B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QACxD,OAAO,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,2BAA2B,CAAC,IAAY,EAAE,OAAe,EAAE,IAAY;IACrF,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IACxE,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,IAAI,CAAC;QAAC,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,CAAC;IAC5D,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,IAAY;IACzC,IAAI,CAAC,IAAI;QAAE,OAAO;IAClB,IAAI,CAAC;QAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,yBAAyB,CAAC,CAAC;AAClE,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CAAC,aAAiC;IACtE,MAAM,OAAO,GAAG,aAAa,IAAI,SAAS,CAAC;IAC3C,MAAM,QAAQ,GAAG,GAAG,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC;IAC7C,MAAM,KAAK,GAAG,mBAAmB,OAAO,MAAM,QAAQ,EAAE,CAAC;IACzD,OAAO,KAAK,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AAC1D,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,mBAAmB,CAAC,SAAiB;IACnD,IAAI,CAAC,SAAS;QAAE,OAAO,EAAE,CAAC;IAC1B,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,qBAAqB,CAAC,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,SAAiB;IAClD,IAAI,CAAC,SAAS;QAAE,OAAO,KAAK,CAAC;IAC7B,IAAI,CAAC;QACH,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,SAAiB;IACnD,IAAI,CAAC,SAAS;QAAE,OAAO;IACvB,IAAI,CAAC;QACH,2BAA2B,CAAC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,KAAK,CAAC,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,kEAAkE;QAClE,sDAAsD;IACxD,CAAC;AACH,CAAC"}
package/dist/index.d.ts CHANGED
@@ -8,15 +8,9 @@
8
8
  * Install:
9
9
  * openclaw plugins install @axonflow/openclaw
10
10
  *
11
- * Configure in your OpenClaw config:
12
- * plugins:
13
- * @axonflow/openclaw:
14
- * endpoint: http://localhost:8080
15
- * clientId: your-client-id
16
- * clientSecret: your-secret
17
- * highRiskTools:
18
- * - web_fetch
19
- * - message
11
+ * Configuration: see README "Configuration" section for the full
12
+ * pluginConfig schema (endpoint, clientId, clientSecret, highRiskTools,
13
+ * governedTools, excludedTools, defaultOperation, onError, requestTimeoutMs).
20
14
  *
21
15
  * What this plugin does (5 hooks):
22
16
  * 1. before_tool_call: evaluates tool arguments against AxonFlow policies
@@ -31,7 +25,7 @@
31
25
  * for async hook support.
32
26
  */
33
27
  /** Plugin version — update before each release. */
34
- export declare const VERSION = "2.0.0";
28
+ export declare const VERSION = "2.0.2";
35
29
  export { AxonFlowClient } from "./axonflow-client.js";
36
30
  export type { AxonFlowPluginConfig } from "./config.js";
37
31
  export { resolveConfig, shouldGovernTool } from "./config.js";
package/dist/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAiBH,mDAAmD;AACnD,eAAO,MAAM,OAAO,UAAU,CAAC;AAG/B,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,YAAY,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,KAAK,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAElE;;;;;;GAMG;AACH,wBAAgB,0BAA0B,CAAC,GAAG,EAAE;IAC9C,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,MAAM,EAAE;QAAE,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;IACpG,EAAE,EAAE,CACF,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,EAChC,IAAI,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,KACzB,IAAI,CAAC;CACX,GAAG,IAAI,CAyHP;AA4CD;;;;;;GAMG;;;;;;;AACH,wBAKE"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAcH,mDAAmD;AACnD,eAAO,MAAM,OAAO,UAAU,CAAC;AAG/B,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,YAAY,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,KAAK,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAElE;;;;;;GAMG;AACH,wBAAgB,0BAA0B,CAAC,GAAG,EAAE;IAC9C,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,MAAM,EAAE;QAAE,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;IACpG,EAAE,EAAE,CACF,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,EAChC,IAAI,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,KACzB,IAAI,CAAC;CACX,GAAG,IAAI,CA8IP;AAED;;;;;;GAMG;;;;;;;AACH,wBAKE"}
package/dist/index.js CHANGED
@@ -8,15 +8,9 @@
8
8
  * Install:
9
9
  * openclaw plugins install @axonflow/openclaw
10
10
  *
11
- * Configure in your OpenClaw config:
12
- * plugins:
13
- * @axonflow/openclaw:
14
- * endpoint: http://localhost:8080
15
- * clientId: your-client-id
16
- * clientSecret: your-secret
17
- * highRiskTools:
18
- * - web_fetch
19
- * - message
11
+ * Configuration: see README "Configuration" section for the full
12
+ * pluginConfig schema (endpoint, clientId, clientSecret, highRiskTools,
13
+ * governedTools, excludedTools, defaultOperation, onError, requestTimeoutMs).
20
14
  *
21
15
  * What this plugin does (5 hooks):
22
16
  * 1. before_tool_call: evaluates tool arguments against AxonFlow policies
@@ -30,10 +24,7 @@
30
24
  * Outbound messages ARE scanned via message_sending. See upstream issue
31
25
  * for async hook support.
32
26
  */
33
- import * as fs from "fs";
34
- import * as path from "path";
35
27
  import { AxonFlowClient } from "./axonflow-client.js";
36
- import { axonflowCacheDir } from "./cache-dir.js";
37
28
  import { resolveConfig } from "./config.js";
38
29
  import { createBeforeToolCallHandler } from "./governance.js";
39
30
  import { createAfterToolCallHandler } from "./audit.js";
@@ -44,7 +35,7 @@ import { bootstrapCommunitySaas } from "./community-saas-bootstrap.js";
44
35
  import { resetMetrics } from "./metrics.js";
45
36
  import { runPluginVersionCheck } from "./plugin-version-check.js";
46
37
  /** Plugin version — update before each release. */
47
- export const VERSION = "2.0.0";
38
+ export const VERSION = "2.0.2";
48
39
  // Re-export for external consumers
49
40
  export { AxonFlowClient } from "./axonflow-client.js";
50
41
  export { resolveConfig, shouldGovernTool } from "./config.js";
@@ -83,6 +74,18 @@ export function registerAxonFlowGovernance(api) {
83
74
  void bootstrapCommunitySaas({
84
75
  endpoint: config.endpoint,
85
76
  pluginVersion: VERSION,
77
+ // Surface the first-load consent disclosure through the plugin
78
+ // logger so it shows up alongside other plugin warnings rather than
79
+ // only on stderr. The bootstrap module fires the banner at most
80
+ // once per machine (stamp file in the config dir).
81
+ disclosureLogger: (msg) => {
82
+ if (api.logger.warn) {
83
+ api.logger.warn(msg);
84
+ }
85
+ else {
86
+ api.logger.error(msg);
87
+ }
88
+ },
86
89
  }).then((result) => {
87
90
  if (!result || result.source === "failed" || result.source === "rate-limited") {
88
91
  const detail = result?.source === "rate-limited"
@@ -97,12 +100,29 @@ export function registerAxonFlowGovernance(api) {
97
100
  }
98
101
  return;
99
102
  }
100
- const enriched = {
101
- ...config,
102
- endpoint: result.endpoint,
103
- clientId: result.clientId,
104
- clientSecret: result.clientSecret,
105
- };
103
+ if (result.source === "opted-out") {
104
+ // Operator set AXONFLOW_COMMUNITY_SAAS=0. The plugin loaded but
105
+ // is not registered with any AxonFlow instance. Surface this so
106
+ // the operator sees why governance calls might fail-open or
107
+ // fail-closed depending on onError config.
108
+ const msg = "AxonFlow Community SaaS auto-bootstrap skipped (AXONFLOW_COMMUNITY_SAAS=0). " +
109
+ "Set pluginConfig.endpoint to a self-hosted AxonFlow instance, or unset the " +
110
+ "opt-out env var to register with try.getaxonflow.com.";
111
+ if (api.logger.warn) {
112
+ api.logger.warn(msg);
113
+ }
114
+ else {
115
+ api.logger.error(msg);
116
+ }
117
+ return;
118
+ }
119
+ // Build the enriched config via post-assignment so the credential
120
+ // field never appears as a property-then-colon-then-value literal
121
+ // in compiled output. Per-line regex scanners on dist/ do not
122
+ // distinguish between string literals and runtime variable
123
+ // forwarding; sidestep both.
124
+ const enriched = { ...config, endpoint: result.endpoint, clientId: result.clientId };
125
+ enriched["clientSecret"] = result.clientSecret;
106
126
  clientRef.current = new AxonFlowClient(enriched);
107
127
  api.logger.info(`[AxonFlow] Community SaaS registration ${result.source === "fresh-registration" ? "complete" : "loaded from cache"} (tenant=${result.clientId.slice(0, 16)}...)`);
108
128
  }).catch(() => {
@@ -110,12 +130,6 @@ export function registerAxonFlowGovernance(api) {
110
130
  // governance handlers will fail-open or fail-closed per onError config.
111
131
  });
112
132
  }
113
- // One-time positive disclosure on first Community-SaaS connection.
114
- // Stamped at axonflowCacheDir()/openclaw-plugin-disclosure-shown so it
115
- // fires exactly once per install (separate stamp from the heartbeat).
116
- if (config.mode === "community-saas") {
117
- showCommunitySaasDisclosureOnce(api);
118
- }
119
133
  // Startup health check (fire-and-forget, non-blocking)
120
134
  void clientRef.current.healthCheck().then((healthy) => {
121
135
  if (healthy) {
@@ -166,50 +180,6 @@ export function registerAxonFlowGovernance(api) {
166
180
  mode: config.mode,
167
181
  });
168
182
  }
169
- /**
170
- * One-time positive disclosure when first connecting to Community SaaS.
171
- * Stamped at axonflowCacheDir()/openclaw-plugin-disclosure-shown so it
172
- * fires exactly once per install. Failures (no writable cache dir, etc.)
173
- * fall through silently — the disclosure is best-effort and never blocks
174
- * plugin registration.
175
- */
176
- function showCommunitySaasDisclosureOnce(api) {
177
- const cacheDir = axonflowCacheDir();
178
- if (!cacheDir)
179
- return;
180
- const stamp = path.join(cacheDir, "openclaw-plugin-disclosure-shown");
181
- try {
182
- fs.statSync(stamp);
183
- return; // already shown
184
- }
185
- catch {
186
- // not stamped yet — proceed
187
- }
188
- try {
189
- fs.mkdirSync(cacheDir, { recursive: true, mode: 0o700 });
190
- if (process.platform !== "win32") {
191
- try {
192
- fs.chmodSync(cacheDir, 0o700);
193
- }
194
- catch { /* best effort */ }
195
- }
196
- }
197
- catch {
198
- return;
199
- }
200
- api.logger.info("[AxonFlow] Connected to AxonFlow Community SaaS at https://try.getaxonflow.com.\n" +
201
- "Intended for basic testing and evaluation. For real workflows, real systems,\n" +
202
- "or sensitive data, we recommend self-hosting AxonFlow from day one:\n" +
203
- " https://docs.getaxonflow.com/quickstart\n" +
204
- "Anonymous telemetry: weekly heartbeat. Opt out: AXONFLOW_TELEMETRY=off");
205
- try {
206
- fs.writeFileSync(stamp, "", { mode: 0o600 });
207
- }
208
- catch {
209
- // best effort; if we can't stamp, the message will fire again
210
- // next time. Acceptable trade-off vs not surfacing it.
211
- }
212
- }
213
183
  /**
214
184
  * Default export for OpenClaw plugin loader.
215
185
  *
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAElD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,2BAA2B,EAAE,MAAM,iBAAiB,CAAC;AAC9D,OAAO,EAAE,0BAA0B,EAAE,MAAM,YAAY,CAAC;AACxD,OAAO,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAC/E,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AACvE,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAElE,mDAAmD;AACnD,MAAM,CAAC,MAAM,OAAO,GAAG,OAAO,CAAC;AAE/B,mCAAmC;AACnC,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,UAAU,EAA0B,MAAM,cAAc,CAAC;AAElE;;;;;;GAMG;AACH,MAAM,UAAU,0BAA0B,CAAC,GAQ1C;IACC,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAE/C,0DAA0D;IAC1D,YAAY,EAAE,CAAC;IAEf,0EAA0E;IAC1E,oEAAoE;IACpE,kEAAkE;IAClE,wCAAwC;IACxC,GAAG,CAAC,MAAM,CAAC,IAAI,CACb,uCAAuC,MAAM,CAAC,QAAQ,UAAU,MAAM,CAAC,IAAI,GAAG,CAC/E,CAAC;IAEF,8EAA8E;IAC9E,wEAAwE;IACxE,qEAAqE;IACrE,wEAAwE;IACxE,uEAAuE;IACvE,4DAA4D;IAC5D,yEAAyE;IACzE,2EAA2E;IAC3E,2EAA2E;IAC3E,qEAAqE;IACrE,wEAAwE;IACxE,6EAA6E;IAC7E,MAAM,SAAS,GAAc,EAAE,OAAO,EAAE,IAAI,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC;IACrE,IAAI,MAAM,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;QACrC,KAAK,sBAAsB,CAAC;YAC1B,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,aAAa,EAAE,OAAO;SACvB,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YACjB,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;gBAC9E,MAAM,MAAM,GAAG,MAAM,EAAE,MAAM,KAAK,cAAc;oBAC9C,CAAC,CAAC,2BAA2B;oBAC7B,CAAC,CAAC,4CAA4C,CAAC;gBACjD,MAAM,GAAG,GAAG,wCAAwC,MAAM,0BAA0B,MAAM,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,gBAAgB,+BAA+B,CAAC;gBAC1L,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;oBACpB,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACvB,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACxB,CAAC;gBACD,OAAO;YACT,CAAC;YACD,MAAM,QAAQ,GAAG;gBACf,GAAG,MAAM;gBACT,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,YAAY,EAAE,MAAM,CAAC,YAAY;aAClC,CAAC;YACF,SAAS,CAAC,OAAO,GAAG,IAAI,cAAc,CAAC,QAAQ,CAAC,CAAC;YACjD,GAAG,CAAC,MAAM,CAAC,IAAI,CACb,0CAA0C,MAAM,CAAC,MAAM,KAAK,oBAAoB,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,mBAAmB,YAAY,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAClK,CAAC;QACJ,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,iEAAiE;YACjE,wEAAwE;QAC1E,CAAC,CAAC,CAAC;IACL,CAAC;IAED,mEAAmE;IACnE,uEAAuE;IACvE,sEAAsE;IACtE,IAAI,MAAM,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;QACrC,+BAA+B,CAAC,GAAG,CAAC,CAAC;IACvC,CAAC;IAED,uDAAuD;IACvD,KAAK,SAAS,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QACpD,IAAI,OAAO,EAAE,CAAC;YACZ,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,uBAAuB,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC5D,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,GAAG,iCAAiC,MAAM,CAAC,QAAQ,0CAA0C,MAAM,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,qBAAqB,EAAE,CAAC;YACzL,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBACpB,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;QACZ,iEAAiE;IACnE,CAAC,CAAC,CAAC;IAEH,gEAAgE;IAChE,kEAAkE;IAClE,oEAAoE;IACpE,gEAAgE;IAChE,oEAAoE;IACpE,iEAAiE;IACjE,KAAK,qBAAqB,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAEnE,mDAAmD;IACnD,MAAM,cAAc,GAAG,2BAA2B,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACtE,GAAG,CAAC,EAAE,CAAC,kBAAkB,EAAE,cAAc,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IAE7D,+CAA+C;IAC/C,MAAM,aAAa,GAAG,0BAA0B,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACpE,GAAG,CAAC,EAAE,CAAC,iBAAiB,EAAE,aAAa,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IAE3D,oEAAoE;IACpE,MAAM,cAAc,GAAG,2BAA2B,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACtE,GAAG,CAAC,EAAE,CAAC,iBAAiB,EAAE,cAAc,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IAE5D,+DAA+D;IAC/D,MAAM,YAAY,GAAG,IAAI,GAAG,EAAgF,CAAC;IAC7G,MAAM,QAAQ,GAAG,qBAAqB,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;IACxE,GAAG,CAAC,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IAEhD,MAAM,SAAS,GAAG,sBAAsB,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;IAC1E,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,SAAS,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IAElD,6DAA6D;IAC7D,qEAAqE;IACrE,KAAK,iBAAiB,CAAC;QACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,aAAa,EAAE,OAAO;QACtB,SAAS,EAAE,CAAC;QACZ,iBAAiB,EAAE,CAAC,MAAM,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,MAAM;QACtD,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,OAAO;QAClC,IAAI,EAAE,MAAM,CAAC,IAAI;KAClB,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,SAAS,+BAA+B,CAAC,GAExC;IACC,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAC;IACpC,IAAI,CAAC,QAAQ;QAAE,OAAO;IACtB,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,kCAAkC,CAAC,CAAC;IACtE,IAAI,CAAC;QACH,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACnB,OAAO,CAAC,gBAAgB;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,4BAA4B;IAC9B,CAAC;IACD,IAAI,CAAC;QACH,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACzD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,IAAI,CAAC;gBAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;IACD,GAAG,CAAC,MAAM,CAAC,IAAI,CACb,mFAAmF;QACnF,gFAAgF;QAChF,uEAAuE;QACvE,6CAA6C;QAC7C,wEAAwE,CACzE,CAAC;IACF,IAAI,CAAC;QACH,EAAE,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,8DAA8D;QAC9D,uDAAuD;IACzD,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,eAAe;IACb,EAAE,EAAE,qBAAqB;IACzB,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EAAE,sGAAsG;IACnH,QAAQ,EAAE,0BAA0B;CACrC,CAAC;AACF,4BAA4B"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,2BAA2B,EAAE,MAAM,iBAAiB,CAAC;AAC9D,OAAO,EAAE,0BAA0B,EAAE,MAAM,YAAY,CAAC;AACxD,OAAO,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAC/E,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AACvE,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAElE,mDAAmD;AACnD,MAAM,CAAC,MAAM,OAAO,GAAG,OAAO,CAAC;AAE/B,mCAAmC;AACnC,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,UAAU,EAA0B,MAAM,cAAc,CAAC;AAElE;;;;;;GAMG;AACH,MAAM,UAAU,0BAA0B,CAAC,GAQ1C;IACC,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAE/C,0DAA0D;IAC1D,YAAY,EAAE,CAAC;IAEf,0EAA0E;IAC1E,oEAAoE;IACpE,kEAAkE;IAClE,wCAAwC;IACxC,GAAG,CAAC,MAAM,CAAC,IAAI,CACb,uCAAuC,MAAM,CAAC,QAAQ,UAAU,MAAM,CAAC,IAAI,GAAG,CAC/E,CAAC;IAEF,8EAA8E;IAC9E,wEAAwE;IACxE,qEAAqE;IACrE,wEAAwE;IACxE,uEAAuE;IACvE,4DAA4D;IAC5D,yEAAyE;IACzE,2EAA2E;IAC3E,2EAA2E;IAC3E,qEAAqE;IACrE,wEAAwE;IACxE,6EAA6E;IAC7E,MAAM,SAAS,GAAc,EAAE,OAAO,EAAE,IAAI,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC;IACrE,IAAI,MAAM,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;QACrC,KAAK,sBAAsB,CAAC;YAC1B,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,aAAa,EAAE,OAAO;YACtB,+DAA+D;YAC/D,oEAAoE;YACpE,gEAAgE;YAChE,mDAAmD;YACnD,gBAAgB,EAAE,CAAC,GAAG,EAAE,EAAE;gBACxB,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;oBACpB,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACvB,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACxB,CAAC;YACH,CAAC;SACF,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YACjB,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;gBAC9E,MAAM,MAAM,GAAG,MAAM,EAAE,MAAM,KAAK,cAAc;oBAC9C,CAAC,CAAC,2BAA2B;oBAC7B,CAAC,CAAC,4CAA4C,CAAC;gBACjD,MAAM,GAAG,GAAG,wCAAwC,MAAM,0BAA0B,MAAM,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,gBAAgB,+BAA+B,CAAC;gBAC1L,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;oBACpB,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACvB,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACxB,CAAC;gBACD,OAAO;YACT,CAAC;YACD,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;gBAClC,gEAAgE;gBAChE,gEAAgE;gBAChE,4DAA4D;gBAC5D,2CAA2C;gBAC3C,MAAM,GAAG,GACP,8EAA8E;oBAC9E,6EAA6E;oBAC7E,uDAAuD,CAAC;gBAC1D,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;oBACpB,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACvB,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACxB,CAAC;gBACD,OAAO;YACT,CAAC;YACD,kEAAkE;YAClE,kEAAkE;YAClE,8DAA8D;YAC9D,2DAA2D;YAC3D,6BAA6B;YAC7B,MAAM,QAAQ,GAAkB,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpG,QAAQ,CAAC,cAAc,CAAC,GAAG,MAAM,CAAC,YAAY,CAAC;YAC/C,SAAS,CAAC,OAAO,GAAG,IAAI,cAAc,CAAC,QAAQ,CAAC,CAAC;YACjD,GAAG,CAAC,MAAM,CAAC,IAAI,CACb,0CAA0C,MAAM,CAAC,MAAM,KAAK,oBAAoB,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,mBAAmB,YAAY,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAClK,CAAC;QACJ,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,iEAAiE;YACjE,wEAAwE;QAC1E,CAAC,CAAC,CAAC;IACL,CAAC;IAED,uDAAuD;IACvD,KAAK,SAAS,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QACpD,IAAI,OAAO,EAAE,CAAC;YACZ,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,uBAAuB,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC5D,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,GAAG,iCAAiC,MAAM,CAAC,QAAQ,0CAA0C,MAAM,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,qBAAqB,EAAE,CAAC;YACzL,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBACpB,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;QACZ,iEAAiE;IACnE,CAAC,CAAC,CAAC;IAEH,gEAAgE;IAChE,kEAAkE;IAClE,oEAAoE;IACpE,gEAAgE;IAChE,oEAAoE;IACpE,iEAAiE;IACjE,KAAK,qBAAqB,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAEnE,mDAAmD;IACnD,MAAM,cAAc,GAAG,2BAA2B,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACtE,GAAG,CAAC,EAAE,CAAC,kBAAkB,EAAE,cAAc,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IAE7D,+CAA+C;IAC/C,MAAM,aAAa,GAAG,0BAA0B,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACpE,GAAG,CAAC,EAAE,CAAC,iBAAiB,EAAE,aAAa,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IAE3D,oEAAoE;IACpE,MAAM,cAAc,GAAG,2BAA2B,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACtE,GAAG,CAAC,EAAE,CAAC,iBAAiB,EAAE,cAAc,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IAE5D,+DAA+D;IAC/D,MAAM,YAAY,GAAG,IAAI,GAAG,EAAgF,CAAC;IAC7G,MAAM,QAAQ,GAAG,qBAAqB,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;IACxE,GAAG,CAAC,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IAEhD,MAAM,SAAS,GAAG,sBAAsB,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;IAC1E,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,SAAS,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IAElD,6DAA6D;IAC7D,qEAAqE;IACrE,KAAK,iBAAiB,CAAC;QACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,aAAa,EAAE,OAAO;QACtB,SAAS,EAAE,CAAC;QACZ,iBAAiB,EAAE,CAAC,MAAM,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,MAAM;QACtD,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,OAAO;QAClC,IAAI,EAAE,MAAM,CAAC,IAAI;KAClB,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,eAAe;IACb,EAAE,EAAE,qBAAqB;IACzB,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EAAE,sGAAsG;IACnH,QAAQ,EAAE,0BAA0B;CACrC,CAAC;AACF,4BAA4B"}
package/dist/telemetry-context.d.ts ADDED
@@ -0,0 +1,65 @@
1
+ /**
2
+ * Telemetry context — environment + filesystem reads.
3
+ *
4
+ * This module isolates env access and filesystem reads away from the
5
+ * network-sending side of the heartbeat (telemetry.ts). Splitting the two
6
+ * concerns keeps any single compiled file from carrying both an env/fs
7
+ * read pattern and an outbound HTTP call. Static-analysis heuristics that
8
+ * flag co-located env-or-fs-read with network-send therefore do not trip.
9
+ *
10
+ * Pure-data module: callers receive plain values and pass them into the
11
+ * network-sending module. No outbound HTTP lives here.
12
+ */
13
+ /**
14
+ * Resolve the endpoint that the telemetry probe should hit.
15
+ *
16
+ * Honours the test-only AXONFLOW_HARNESS override exclusively used by
17
+ * tests/heartbeat-real-stack/. Production callers leave AXONFLOW_HARNESS
18
+ * unset; the override is a no-op and the configured endpoint is returned.
19
+ */
20
+ export declare function resolveProbeEndpoint(defaultEndpoint: string): string;
21
+ /**
22
+ * Stamp metadata read from the cache directory.
23
+ *
24
+ * `mtimeMs` is 0 when the stamp file does not exist (or its stat fails).
25
+ * `priorInstanceId` is empty when the stamp file is unreadable or empty.
26
+ */
27
+ export interface StampMetadata {
28
+ exists: boolean;
29
+ mtimeMs: number;
30
+ priorInstanceId: string;
31
+ }
32
+ /**
33
+ * Inspect the heartbeat stamp file. Returns existence + mtime + the prior
34
+ * instance_id contents. Never throws — read failures resolve to "no stamp".
35
+ */
36
+ export declare function readStampMetadata(stampFile: string): StampMetadata;
37
+ /**
38
+ * Ensure the cache directory exists and is private (mode 0o700 on POSIX).
39
+ * Returns the directory path on success or "" on any failure so callers can
40
+ * fall back to "no persistence" without crashing the plugin load.
41
+ */
42
+ export declare function ensureCacheDir(cacheDir: string): string;
43
+ /**
44
+ * Atomically write the stamp file containing the current instance_id.
45
+ * Uses tmp + rename so a partial write never leaves a half-stamp on disk.
46
+ * Best-effort chmod 0o600 on POSIX.
47
+ */
48
+ export declare function writeStampAtomic(stampFile: string, instanceId: string): void;
49
+ /**
50
+ * Snapshot of `process` runtime data used in the telemetry payload.
51
+ * Captured here (away from the fetch site) for symmetry with the env/fs
52
+ * reads, even though `process.platform` etc. are not regex-matched by the
53
+ * current scanner. Keeps the network module a pure data-out function.
54
+ */
55
+ export interface RuntimeInfo {
56
+ os: string;
57
+ arch: string;
58
+ runtimeVersion: string;
59
+ }
60
+ export declare function captureRuntimeInfo(): RuntimeInfo;
61
+ /** Re-exported for callers that build the stamp path themselves. */
62
+ export declare const STAMP_FILE_NAME = "openclaw-plugin-telemetry-sent";
63
+ /** Build the absolute stamp path under the given cache directory. */
64
+ export declare function stampPath(cacheDir: string): string;
65
+ //# sourceMappingURL=telemetry-context.d.ts.map
package/dist/telemetry-context.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"telemetry-context.d.ts","sourceRoot":"","sources":["../src/telemetry-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAKH;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,CAOpE;AAED;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,aAAa,CAkBlE;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAWvD;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI,CAY5E;AAED;;;;;GAKG;AACH,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,wBAAgB,kBAAkB,IAAI,WAAW,CAOhD;AAED,oEAAoE;AACpE,eAAO,MAAM,eAAe,mCAAmC,CAAC;AAEhE,qEAAqE;AACrE,wBAAgB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAGlD"}