@castlekit/castle 0.1.6 → 0.3.1

package/src/app/api/openclaw/chat/storage/route.ts

@@ -0,0 +1,75 @@
+import { NextResponse } from "next/server";
+import { existsSync, statSync, readdirSync } from "fs";
+import { join } from "path";
+import { getCastleDir } from "@/lib/config";
+import { getStorageStats } from "@/lib/db/queries";
+import { getDbPath } from "@/lib/db/index";
+
+/**
+ * Recursively calculate total size of a directory.
+ */
+function getDirSize(dir: string): number {
+  if (!existsSync(dir)) return 0;
+
+  let total = 0;
+  const entries = readdirSync(dir, { withFileTypes: true });
+  for (const entry of entries) {
+    const fullPath = join(dir, entry.name);
+    if (entry.isDirectory()) {
+      total += getDirSize(fullPath);
+    } else {
+      try {
+        total += statSync(fullPath).size;
+      } catch {
+        // Skip files we can't stat
+      }
+    }
+  }
+  return total;
+}
+
+// ============================================================================
+// GET /api/openclaw/chat/storage — Storage stats
+// ============================================================================
+
+export async function GET() {
+  try {
+    const stats = getStorageStats();
+
+    // Get actual DB file size
+    const dbPath = getDbPath();
+    let dbSizeBytes = 0;
+    if (existsSync(dbPath)) {
+      dbSizeBytes = statSync(dbPath).size;
+    }
+
+    // Get actual attachments directory size
+    const attachmentsDir = join(getCastleDir(), "data", "attachments");
+    const attachmentsDirSize = getDirSize(attachmentsDir);
+
+    // Define warning thresholds
+    const WARN_DB_SIZE = 500 * 1024 * 1024;       // 500MB
+    const WARN_ATTACHMENTS = 2 * 1024 * 1024 * 1024; // 2GB
+    const warnings: string[] = [];
+
+    if (dbSizeBytes > WARN_DB_SIZE) {
+      warnings.push(`Database is ${(dbSizeBytes / 1024 / 1024).toFixed(0)}MB — consider archiving old messages`);
+    }
+    if (attachmentsDirSize > WARN_ATTACHMENTS) {
+      warnings.push(`Attachments using ${(attachmentsDirSize / 1024 / 1024 / 1024).toFixed(1)}GB of disk space`);
+    }
+
+    return NextResponse.json({
+      ...stats,
+      dbSizeBytes,
+      attachmentsDirBytes: attachmentsDirSize,
+      warnings,
+    });
+  } catch (err) {
+    console.error("[Storage] Stats failed:", (err as Error).message);
+    return NextResponse.json(
+      { error: "Failed to get storage stats" },
+      { status: 500 }
+    );
+  }
+}

package/src/app/api/openclaw/config/route.ts

@@ -125,8 +125,10 @@ export async function PATCH(request: NextRequest) {
     }
 
     await gw.request("config.patch", patch);
+    console.log("[Config API] PATCH OK");
     return NextResponse.json({ ok: true });
   } catch (err) {
+    console.error("[Config API] PATCH FAILED:", err instanceof Error ? err.message : "Unknown error");
     return NextResponse.json(
       { error: err instanceof Error ? err.message : "Config patch failed" },
       { status: 500 }

package/src/app/api/openclaw/events/route.ts

@@ -36,11 +36,19 @@ function redactEventPayload(evt: GatewayEvent): GatewayEvent {
  * SSE endpoint -- streams OpenClaw Gateway events to the browser in real-time.
  * Browser connects once via EventSource and receives push updates.
  */
-export async function GET() {
+export async function GET(request: Request) {
   const gw = ensureGateway();
 
   const encoder = new TextEncoder();
   let closed = false;
+  const connectedAt = Date.now();
+  let eventCount = 0;
+
+  console.log(`[SSE] Client connected (gateway: ${gw.state})`);
+
+  // Use the request's AbortSignal as the primary cleanup mechanism.
+  // ReadableStream.cancel() is unreliable in some environments.
+  const signal = request.signal;
 
   const stream = new ReadableStream({
     start(controller) {
@@ -58,11 +66,13 @@ export async function GET() {
       // Forward gateway events (with sensitive fields redacted)
       const onGatewayEvent = (evt: GatewayEvent) => {
         if (closed) return;
+        eventCount++;
         try {
           const safe = redactEventPayload(evt);
           controller.enqueue(encoder.encode(`data: ${JSON.stringify(safe)}\n\n`));
-        } catch {
-          // Stream may have closed
+        } catch (err) {
+          console.warn(`[SSE] Stream write failed for event ${evt.event}:`, (err as Error).message);
+          cleanup();
         }
       };
 
@@ -80,7 +90,7 @@ export async function GET() {
           };
           controller.enqueue(encoder.encode(`data: ${JSON.stringify(msg)}\n\n`));
         } catch {
-          // Stream may have closed
+          cleanup();
         }
       };
 
@@ -90,23 +100,28 @@ export async function GET() {
         try {
           controller.enqueue(encoder.encode(`: heartbeat\n\n`));
         } catch {
-          // Stream may have closed
+          cleanup();
         }
       }, 30000);
 
       gw.on("gatewayEvent", onGatewayEvent);
       gw.on("stateChange", onStateChange);
 
-      // Cleanup when the client disconnects
+      // Cleanup: remove listeners, stop heartbeat
       const cleanup = () => {
+        if (closed) return; // prevent double cleanup
         closed = true;
+        const duration = Math.round((Date.now() - connectedAt) / 1000);
+        console.log(`[SSE] Client disconnected (${duration}s, ${eventCount} events forwarded)`);
         clearInterval(heartbeat);
         gw.off("gatewayEvent", onGatewayEvent);
         gw.off("stateChange", onStateChange);
       };
 
-      // The stream's cancel is called when the client disconnects
-      // We store cleanup for the cancel callback
+      // Primary cleanup: request.signal fires when client disconnects
+      signal.addEventListener("abort", cleanup, { once: true });
+
+      // Store for cancel callback as fallback
       (controller as unknown as { _cleanup: () => void })._cleanup = cleanup;
     },
     cancel(controller) {

package/src/app/api/openclaw/logs/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from "next/server";
 import { readFileSync, existsSync, readdirSync } from "fs";
-import { join } from "path";
+import { join, resolve } from "path";
 import { getOpenClawDir } from "@/lib/config";
 import { sanitizeForApi } from "@/lib/api-security";
 
@@ -14,7 +14,17 @@ export async function GET(request: NextRequest) {
   const { searchParams } = new URL(request.url);
   const rawLines = parseInt(searchParams.get("lines") || "100", 10);
   const lines = Math.min(Math.max(1, Number.isFinite(rawLines) ? rawLines : 100), 10000);
-  const file = searchParams.get("file")?.trim() || "gateway";
+  const rawFile = searchParams.get("file")?.trim() || "gateway";
+
+  // Sanitize file parameter: only allow alphanumeric, hyphens, underscores, dots
+  // Reject anything with path separators or traversal patterns
+  const file = rawFile.replace(/[^a-zA-Z0-9._-]/g, "");
+  if (!file || file.includes("..") || file !== rawFile) {
+    return NextResponse.json(
+      { error: "Invalid log file name" },
+      { status: 400 }
+    );
+  }
 
   const logsDir = join(getOpenClawDir(), "logs");
 
@@ -27,7 +37,7 @@ export async function GET(request: NextRequest) {
     ? readdirSync(logsDir).filter((f) => f.endsWith(".log"))
     : [];
 
-  // Find matching log file
+  // Find matching log file — must match prefix exactly within the logs directory
   const logFile = availableFiles.find((f) => f.startsWith(file));
   if (!logFile) {
     return NextResponse.json({
@@ -39,6 +49,10 @@ export async function GET(request: NextRequest) {
 
   try {
     const logPath = join(logsDir, logFile);
+    // Final safety check: resolved path must be inside the logs directory
+    if (!resolve(logPath).startsWith(resolve(logsDir))) {
+      return NextResponse.json({ error: "Invalid log file path" }, { status: 400 });
+    }
     const content = readFileSync(logPath, "utf-8");
     const allLines = content.split("\n").filter(Boolean);
 

package/src/app/api/openclaw/ping/route.ts

@@ -47,6 +47,10 @@ export async function POST() {
     await gw.request("health", {});
     const latency = Date.now() - start;
 
+    if (latency > 1000) {
+      console.warn(`[Ping] Health check slow: ${latency}ms`);
+    }
+
     return NextResponse.json({
       ok: true,
       configured: true,
@@ -54,6 +58,7 @@ export async function POST() {
       server: gw.serverInfo,
     });
   } catch (err) {
+    console.error("[Ping] Health check failed:", err instanceof Error ? err.message : "Unknown error");
     return NextResponse.json({
       ok: false,
       configured: true,

package/src/app/api/openclaw/restart/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from "next/server";
 import { execSync } from "child_process";
-import { checkCsrf } from "@/lib/api-security";
+import { checkCsrf, checkRateLimit, rateLimitKey } from "@/lib/api-security";
 
 export const dynamic = "force-dynamic";
 
@@ -12,6 +12,11 @@ export const dynamic = "force-dynamic";
 export async function POST(request: NextRequest) {
   const csrf = checkCsrf(request);
   if (csrf) return csrf;
+
+  // Rate limit: 5 restarts per minute
+  const rl = checkRateLimit(rateLimitKey(request, "restart"), 5);
+  if (rl) return rl;
+
   try {
     // Try openclaw CLI restart first
     try {

package/src/app/api/openclaw/session/context/route.ts

@@ -0,0 +1,163 @@
+import { NextRequest, NextResponse } from "next/server";
+import { ensureGateway } from "@/lib/gateway-connection";
+import { sanitizeForApi } from "@/lib/api-security";
+import {
+  getCompactionBoundary,
+  setCompactionBoundary,
+} from "@/lib/db/queries";
+
+// ============================================================================
+// Types
+// ============================================================================
+
+interface PreviewMessage {
+  role: string;
+  content?: string;
+  timestamp?: number;
+}
+
+interface PreviewResponse {
+  messages?: PreviewMessage[];
+  entries?: PreviewMessage[];
+}
+
+interface ContextBoundaryResponse {
+  /** ID of the oldest message still in the agent's context. Null if unknown. */
+  boundaryMessageId: string | null;
+  /** Whether the boundary was freshly determined (true) or loaded from cache (false). */
+  fresh: boolean;
+}
+
+// ============================================================================
+// GET /api/openclaw/session/context?sessionKey=X&channelId=Y
+//
+// Determines the compaction boundary: which messages the agent can "see".
+// Calls sessions.preview on the Gateway, matches against local DB, caches result.
+// ============================================================================
+
+export async function GET(request: NextRequest) {
+  const { searchParams } = new URL(request.url);
+  const sessionKey = searchParams.get("sessionKey");
+  const channelId = searchParams.get("channelId");
+
+  if (!sessionKey) {
+    return NextResponse.json(
+      { error: "sessionKey is required" },
+      { status: 400 }
+    );
+  }
+
+  try {
+    // First, check cached boundary
+    const cached = getCompactionBoundary(sessionKey);
+
+    // Try to get fresh boundary from Gateway
+    const gateway = ensureGateway();
+    let fresh = false;
+    let boundaryMessageId = cached;
+
+    try {
+      const preview = await gateway.request<PreviewResponse>(
+        "sessions.preview",
+        {
+          keys: [sessionKey],
+          limit: 100,
+          maxChars: 20000,
+        }
+      );
+
+      // The preview returns messages that the agent can currently see.
+      // Find the oldest message in the preview to determine the boundary.
+      const previewMessages = preview.messages || preview.entries || [];
+
+      if (previewMessages.length > 0 && channelId) {
+        // Import dynamically to avoid circular deps
+        const { getDb } = await import("@/lib/db/index");
+        const { messages } = await import("@/lib/db/schema");
+        const { eq, asc } = await import("drizzle-orm");
+
+        const db = getDb();
+
+        // Get oldest message timestamp from preview
+        const oldestPreview = previewMessages[0];
+        const oldestTimestamp = oldestPreview?.timestamp;
+
+        if (oldestTimestamp) {
+          // Find the Castle message closest to this timestamp
+          const localMessages = db
+            .select({ id: messages.id, createdAt: messages.createdAt })
+            .from(messages)
+            .where(eq(messages.channelId, channelId))
+            .orderBy(asc(messages.createdAt))
+            .all();
+
+          // Find the message with timestamp closest to the oldest preview message
+          let closestId: string | null = null;
+          let closestDiff = Infinity;
+          for (const msg of localMessages) {
+            const diff = Math.abs(msg.createdAt - oldestTimestamp);
+            if (diff < closestDiff) {
+              closestDiff = diff;
+              closestId = msg.id;
+            }
+          }
+
+          if (closestId && closestDiff < 60000) {
+            // Match within 60s tolerance
+            boundaryMessageId = closestId;
+            fresh = true;
+
+            // Cache it in the DB
+            setCompactionBoundary(sessionKey, closestId);
+          }
+        }
+      }
+    } catch (previewErr) {
+      // sessions.preview might not be available — fall back to cached
+      console.warn(
+        "[Session Context] sessions.preview failed, using cached boundary:",
+        (previewErr as Error).message
+      );
+    }
+
+    const response: ContextBoundaryResponse = {
+      boundaryMessageId,
+      fresh,
+    };
+
+    return NextResponse.json(response);
+  } catch (err) {
+    const message = (err as Error).message;
+    console.error("[Session Context] Failed:", message);
+    return NextResponse.json(
+      { error: sanitizeForApi(message) },
+      { status: 502 }
+    );
+  }
+}
+
+// ============================================================================
+// POST /api/openclaw/session/context — Update boundary after compaction event
+// ============================================================================
+
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json();
+    const { sessionKey, boundaryMessageId } = body;
+
+    if (!sessionKey || !boundaryMessageId) {
+      return NextResponse.json(
+        { error: "sessionKey and boundaryMessageId are required" },
+        { status: 400 }
+      );
+    }
+
+    setCompactionBoundary(sessionKey, boundaryMessageId);
+    return NextResponse.json({ ok: true });
+  } catch (err) {
+    return NextResponse.json(
+      { error: (err as Error).message },
+      { status: 500 }
+    );
+  }
+}

package/src/app/api/openclaw/session/status/route.ts

@@ -0,0 +1,210 @@
+import { NextRequest, NextResponse } from "next/server";
+import { readFileSync, existsSync } from "fs";
+import { join } from "path";
+import { getOpenClawDir } from "@/lib/config";
+import { sanitizeForApi } from "@/lib/api-security";
+import type { SessionStatus } from "@/lib/types/chat";
+import JSON5 from "json5";
+
+// ============================================================================
+// GET /api/openclaw/session/status?sessionKey=X — Real session stats
+//
+// Reads directly from the OpenClaw session store on the filesystem.
+// This is the source of truth — the same data the Gateway uses.
+// ============================================================================
+
+export const dynamic = "force-dynamic";
+
+/**
+ * OpenClaw's default context window when nothing is configured.
+ * Matches DEFAULT_CONTEXT_TOKENS in the Gateway source (2e5 = 200,000).
+ */
+const OPENCLAW_DEFAULT_CONTEXT_TOKENS = 200_000;
+
+/**
+ * Parse a session key like "agent:main:castle:2d16fadb-..." to extract the agent ID.
+ * Format: agent:<agentId>:<channel>:<channelId>
+ */
+function parseAgentId(sessionKey: string): string | null {
+  const parts = sessionKey.split(":");
+  // agent:<agentId>:...
+  if (parts[0] === "agent" && parts.length >= 2) {
+    return parts[1];
+  }
+  return null;
+}
+
+/**
+ * Load a session entry from the OpenClaw session store.
+ * Reads ~/.openclaw/agents/<agentId>/sessions/sessions.json
+ */
+function loadSessionEntry(
+  sessionKey: string,
+  agentId: string
+): Record<string, unknown> | null {
+  const openclawDir = getOpenClawDir();
+  const storePath = join(openclawDir, "agents", agentId, "sessions", "sessions.json");
+
+  if (!existsSync(storePath)) {
+    return null;
+  }
+
+  try {
+    const raw = readFileSync(storePath, "utf-8");
+    const store = JSON.parse(raw) as Record<string, Record<string, unknown>>;
+    return store[sessionKey] ?? null;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Resolve the effective context window limit from OpenClaw config.
+ *
+ * Resolution order (matches Gateway logic):
+ *   1. agents.<agentId>.contextTokens  (per-agent override)
+ *   2. agents.defaults.contextTokens   (global default)
+ *   3. OPENCLAW_DEFAULT_CONTEXT_TOKENS  (200k — Gateway hardcoded default)
+ *
+ * Note: The session entry's `contextTokens` stores the MODEL's max context
+ * (e.g. 1M for Sonnet 4.5) which is NOT the operating limit. The real limit
+ * is set in config or defaults to 200k.
+ */
+function resolveEffectiveContextLimit(agentId: string): number {
+  const openclawDir = getOpenClawDir();
+  const configPaths = [
+    join(openclawDir, "openclaw.json"),
+    join(openclawDir, "openclaw.json5"),
+  ];
+
+  for (const configPath of configPaths) {
+    if (!existsSync(configPath)) continue;
+    try {
+      const raw = readFileSync(configPath, "utf-8");
+      const config = JSON5.parse(raw) as Record<string, unknown>;
+      const agents = config.agents as Record<string, unknown> | undefined;
+      if (!agents) continue;
+
+      // 1. Per-agent override: agents.<agentId>.contextTokens
+      const agentCfg = agents[agentId] as Record<string, unknown> | undefined;
+      if (agentCfg?.contextTokens && typeof agentCfg.contextTokens === "number") {
+        return agentCfg.contextTokens;
+      }
+
+      // 2. Global default: agents.defaults.contextTokens
+      const defaults = agents.defaults as Record<string, unknown> | undefined;
+      if (defaults?.contextTokens && typeof defaults.contextTokens === "number") {
+        return defaults.contextTokens;
+      }
+    } catch {
+      // Continue to next config path
+    }
+  }
+
+  // 3. Fallback: OpenClaw's hardcoded default
+  return OPENCLAW_DEFAULT_CONTEXT_TOKENS;
+}
+
+export async function GET(request: NextRequest) {
+  const { searchParams } = new URL(request.url);
+  const sessionKey = searchParams.get("sessionKey");
+
+  if (!sessionKey) {
+    return NextResponse.json(
+      { error: "sessionKey is required" },
+      { status: 400 }
+    );
+  }
+
+  try {
+    const agentId = parseAgentId(sessionKey);
+    if (!agentId) {
+      return NextResponse.json(
+        { error: "Could not parse agentId from sessionKey" },
+        { status: 400 }
+      );
+    }
+
+    const entry = loadSessionEntry(sessionKey, agentId);
+    if (!entry) {
+      console.log(`[Session Status] No session data for key=${sessionKey} agent=${agentId}`);
+      return new NextResponse(null, { status: 204 });
+    }
+
+    // Map the raw SessionEntry to our SessionStatus type
+    const inputTokens = (entry.inputTokens as number) ?? 0;
+    const outputTokens = (entry.outputTokens as number) ?? 0;
+    const totalTokens = (entry.totalTokens as number) ?? 0;
+
+    // The session entry's contextTokens is the MODEL's max (e.g. 1M for Sonnet 4.5).
+    // The real operating limit comes from config or defaults to 200k.
+    const modelMaxContext = (entry.contextTokens as number) ?? 0;
+    const effectiveLimit = resolveEffectiveContextLimit(agentId);
+    const percentage = effectiveLimit > 0
+      ? Math.round((totalTokens / effectiveLimit) * 100)
+      : 0;
+
+    // Extract system prompt report if available
+    const spr = entry.systemPromptReport as Record<string, unknown> | undefined;
+    let systemPrompt: SessionStatus["systemPrompt"] = undefined;
+
+    if (spr) {
+      const sp = spr.systemPrompt as Record<string, number> | undefined;
+      const skills = spr.skills as Record<string, unknown> | undefined;
+      const tools = spr.tools as Record<string, unknown> | undefined;
+      const files = spr.injectedWorkspaceFiles as Array<Record<string, unknown>> | undefined;
+
+      systemPrompt = {
+        totalChars: sp?.chars ?? 0,
+        projectContextChars: sp?.projectContextChars ?? 0,
+        nonProjectContextChars: sp?.nonProjectContextChars ?? 0,
+        skills: {
+          promptChars: (skills?.promptChars as number) ?? 0,
+          count: Array.isArray(skills?.entries) ? (skills.entries as unknown[]).length : 0,
+        },
+        tools: {
+          listChars: (tools?.listChars as number) ?? 0,
+          schemaChars: (tools?.schemaChars as number) ?? 0,
+          count: Array.isArray(tools?.entries) ? (tools.entries as unknown[]).length : 0,
+        },
+        workspaceFiles: (files ?? []).map((f) => ({
+          name: (f.name as string) ?? "",
+          injectedChars: (f.injectedChars as number) ?? 0,
+          truncated: (f.truncated as boolean) ?? false,
+        })),
+      };
+    }
+
+    const result: SessionStatus = {
+      sessionKey,
+      sessionId: (entry.sessionId as string) ?? "",
+      agentId,
+      model: (entry.model as string) ?? "unknown",
+      modelProvider: (entry.modelProvider as string) ?? "unknown",
+      tokens: {
+        input: inputTokens,
+        output: outputTokens,
+        total: totalTokens,
+      },
+      context: {
+        used: totalTokens,
+        limit: effectiveLimit,
+        modelMax: modelMaxContext,
+        percentage: Math.min(percentage, 100),
+      },
+      compactions: (entry.compactionCount as number) ?? 0,
+      thinkingLevel: (entry.thinkingLevel as string) ?? null,
+      updatedAt: (entry.updatedAt as number) ?? 0,
+      systemPrompt,
+    };
+
+    return NextResponse.json(result);
+  } catch (err) {
+    const message = (err as Error).message;
+    console.error("[Session Status] Failed:", message);
+    return NextResponse.json(
+      { error: sanitizeForApi(message) },
+      { status: 502 }
+    );
+  }
+}

package/src/app/api/openclaw/sessions/route.ts

@@ -52,8 +52,10 @@ export async function GET() {
     // Sort by most recently modified
     sessions.sort((a, b) => new Date(b.modifiedAt).getTime() - new Date(a.modifiedAt).getTime());
 
+    console.log(`[Sessions API] GET OK — ${sessions.length} sessions`);
     return NextResponse.json({ sessions });
   } catch (err) {
+    console.error("[Sessions API] GET FAILED:", err instanceof Error ? err.message : "Unknown error");
     return NextResponse.json(
       { error: err instanceof Error ? err.message : "Failed to read sessions" },
       { status: 500 }