@castlekit/castle 0.3.0 → 0.3.2

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Brian Laughlan
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/install.sh

@@ -569,8 +569,27 @@ install_castle() {
         echo -e "${WARN}→${NC} Installing Castle (${INFO}${CASTLE_VERSION}${NC})..."
     fi
 
-    if ! npm --loglevel "$NPM_LOGLEVEL" ${NPM_SILENT_FLAG:+$NPM_SILENT_FLAG} --no-fund --no-audit install -g "$install_spec"; then
+    # Run npm install in background with a spinner so the user knows it's working
+    local npm_log
+    npm_log="$(mktempfile)"
+    npm --loglevel "$NPM_LOGLEVEL" ${NPM_SILENT_FLAG:+$NPM_SILENT_FLAG} --no-fund --no-audit install -g "$install_spec" > "$npm_log" 2>&1 &
+    local npm_pid=$!
+
+    local spin_chars='⠋⠙⠹⠸⠼⠴⠦⠧⠇⠏'
+    local i=0
+    while kill -0 "$npm_pid" 2>/dev/null; do
+        local c="${spin_chars:i%${#spin_chars}:1}"
+        printf "\r  ${ACCENT}%s${NC} Installing..." "$c"
+        ((i++)) || true
+        sleep 0.1
+    done
+    printf "\r                          \r"
+
+    wait "$npm_pid"
+    local npm_exit=$?
+    if [[ "$npm_exit" -ne 0 ]]; then
         echo -e "${ERROR}npm install failed${NC}"
+        cat "$npm_log"
         echo -e "Try: ${INFO}npm install -g --force ${install_spec}${NC}"
         exit 1
     fi

package/package.json

@@ -1,18 +1,34 @@
 {
   "name": "@castlekit/castle",
-  "version": "0.3.0",
+  "version": "0.3.2",
   "description": "The multi-agent workspace",
   "type": "module",
   "bin": {
     "castle": "./bin/castle.js"
   },
+  "files": [
+    "bin/",
+    "src/",
+    "index.js",
+    "install.sh",
+    "next.config.ts",
+    "postcss.config.mjs",
+    "tsconfig.json",
+    "drizzle.config.ts",
+    "LICENSE",
+    "README.md",
+    "!src/**/__tests__/**",
+    "!src/**/*.test.*"
+  ],
   "scripts": {
     "dev": "next dev -p 3333",
     "build": "next build",
     "start": "next start -p 3333",
     "lint": "next lint",
     "test": "vitest run",
-    "test:watch": "vitest"
+    "test:watch": "vitest",
+    "stress": "vitest run --config vitest.stress.config.ts",
+    "ci": "npm audit --omit=dev --audit-level=high && npm test && npm run build"
   },
   "repository": {
     "type": "git",

package/src/app/api/openclaw/agents/route.ts

@@ -105,10 +105,14 @@ export async function GET() {
   }
 
   try {
+    const _start = Date.now();
     // Fetch agents and config in parallel
     const [agentsResult, configResult] = await Promise.all([
       gw.request<AgentsListPayload>("agents.list", {}),
-      gw.request<ConfigGetPayload>("config.get", {}).catch(() => null),
+      gw.request<ConfigGetPayload>("config.get", {}).catch((err) => {
+        console.warn("[Agents API] config.get failed (non-fatal):", (err as Error).message);
+        return null;
+      }),
     ]);
 
     // Build workspace lookup from config
@@ -130,11 +134,13 @@ export async function GET() {
       return { id: agent.id, name, description, avatar, emoji };
     });
 
+    console.log(`[Agents API] GET list OK — ${agents.length} agents (${Date.now() - _start}ms)`);
     return NextResponse.json({
       agents,
       defaultId: agentsResult?.defaultId,
     });
   } catch (err) {
+    console.error("[Agents API] GET list FAILED:", err instanceof Error ? err.message : "Unknown error");
     return NextResponse.json(
       { error: err instanceof Error ? err.message : "Failed to list agents", agents: [] },
       { status: 500 }

package/src/app/api/openclaw/chat/channels/route.ts

@@ -41,9 +41,10 @@ export async function GET(request: NextRequest) {
 
     const archived = searchParams.get("archived") === "1";
     const all = getChannels(archived);
+    console.log(`[Channels API] GET list OK — ${all.length} channels (archived=${archived})`);
     return NextResponse.json({ channels: all });
   } catch (err) {
-    console.error("[Chat Channels] List failed:", (err as Error).message);
+    console.error("[Channels API] GET list FAILED:", (err as Error).message);
     return NextResponse.json(
       { error: sanitizeForApi((err as Error).message) },
       { status: 500 }
@@ -129,9 +130,10 @@ export async function POST(request: NextRequest) {
       if (!deleted) {
         return NextResponse.json({ error: "Channel not found" }, { status: 404 });
       }
+      console.log(`[Channels API] POST delete OK — id=${body.id}`);
       return NextResponse.json({ ok: true });
     } catch (err) {
-      console.error("[Chat Channels] Delete failed:", (err as Error).message);
+      console.error(`[Channels API] POST delete FAILED — id=${body.id}:`, (err as Error).message);
       return NextResponse.json(
         { error: sanitizeForApi((err as Error).message) },
         { status: 500 }
@@ -203,9 +205,10 @@ export async function POST(request: NextRequest) {
 
   try {
     const channel = createChannel(cleanName, body.defaultAgentId, body.agents);
+    console.log(`[Channels API] POST create OK — id=${channel.id} name="${cleanName}"`);
     return NextResponse.json({ channel }, { status: 201 });
   } catch (err) {
-    console.error("[Chat Channels] Create failed:", (err as Error).message);
+    console.error(`[Channels API] POST create FAILED — name="${cleanName}":`, (err as Error).message);
     return NextResponse.json(
       { error: sanitizeForApi((err as Error).message) },
       { status: 500 }

package/src/app/api/openclaw/chat/route.ts

@@ -22,12 +22,16 @@ const MAX_MESSAGE_LENGTH = 32768; // 32KB
 // ============================================================================
 
 export async function POST(request: NextRequest) {
+  const _start = Date.now();
   const csrf = checkCsrf(request);
   if (csrf) return csrf;
 
   // Rate limit: 30 messages per minute
   const rl = checkRateLimit(rateLimitKey(request, "chat:send"), 30);
-  if (rl) return rl;
+  if (rl) {
+    console.warn("[Chat API] Rate limited on chat:send");
+    return rl;
+  }
 
   let body: ChatSendRequest;
   try {
@@ -100,6 +104,7 @@ export async function POST(request: NextRequest) {
       sessionKey,
     });
 
+    console.log(`[Chat API] POST send OK — runId=${runId} channel=${body.channelId} (${Date.now() - _start}ms)`);
     return NextResponse.json({
       runId,
       messageId: userMsg.id,
@@ -110,9 +115,9 @@ export async function POST(request: NextRequest) {
     try {
       deleteMessage(userMsg.id);
     } catch (delErr) {
-      console.error("[Chat API] Cleanup failed:", (delErr as Error).message);
+      console.error("[Chat API] Cleanup of optimistic message failed:", (delErr as Error).message);
     }
-    console.error("[Chat API] Send failed:", (err as Error).message);
+    console.error(`[Chat API] POST send FAILED — channel=${body.channelId} (${Date.now() - _start}ms):`, (err as Error).message);
     return NextResponse.json(
       { error: sanitizeForApi((err as Error).message) },
       { status: 502 }
@@ -125,6 +130,7 @@ export async function POST(request: NextRequest) {
 // ============================================================================
 
 export async function PUT(request: NextRequest) {
+  const _start = Date.now();
   const csrf = checkCsrf(request);
   if (csrf) return csrf;
 
@@ -178,9 +184,10 @@ export async function PUT(request: NextRequest) {
       outputTokens: body.outputTokens,
     });
 
+    console.log(`[Chat API] PUT complete OK — runId=${body.runId} new msg=${agentMsg.id} (${Date.now() - _start}ms)`);
     return NextResponse.json({ messageId: agentMsg.id, updated: false });
   } catch (err) {
-    console.error("[Chat API] Complete failed:", (err as Error).message);
+    console.error(`[Chat API] PUT complete FAILED — runId=${body.runId} (${Date.now() - _start}ms):`, (err as Error).message);
     return NextResponse.json(
       { error: sanitizeForApi((err as Error).message) },
       { status: 500 }
@@ -196,12 +203,14 @@ export async function DELETE(request: NextRequest) {
   const csrf = checkCsrf(request);
   if (csrf) return csrf;
 
+  console.log("[Chat API] DELETE abort requested");
   try {
     const gateway = ensureGateway();
     await gateway.request("chat.abort", {});
+    console.log("[Chat API] DELETE abort OK");
     return NextResponse.json({ ok: true });
   } catch (err) {
-    console.error("[Chat API] Abort failed:", (err as Error).message);
+    console.error("[Chat API] DELETE abort FAILED:", (err as Error).message);
     return NextResponse.json(
       { error: sanitizeForApi((err as Error).message) },
       { status: 502 }
@@ -217,6 +226,7 @@ export async function DELETE(request: NextRequest) {
 // ============================================================================
 
 export async function GET(request: NextRequest) {
+  const _start = Date.now();
   const { searchParams } = new URL(request.url);
   const channelId = searchParams.get("channelId");
   const limit = Math.min(parseInt(searchParams.get("limit") || "50", 10), 200);
@@ -258,12 +268,13 @@ export async function GET(request: NextRequest) {
 
     // Default / backward pagination
     const msgs = getMessagesByChannel(channelId, limit, before);
+    console.log(`[Chat API] GET history OK — channel=${channelId} msgs=${msgs.length} (${Date.now() - _start}ms)`);
     return NextResponse.json({
       messages: msgs,
       hasMore: msgs.length === limit,
     });
   } catch (err) {
-    console.error("[Chat API] History failed:", (err as Error).message);
+    console.error(`[Chat API] GET history FAILED — channel=${channelId} (${Date.now() - _start}ms):`, (err as Error).message);
     return NextResponse.json(
       { error: sanitizeForApi((err as Error).message) },
       { status: 500 }

package/src/app/api/openclaw/chat/search/route.ts

@@ -93,9 +93,10 @@ export async function GET(request: NextRequest) {
     // Future: merge results from searchTasks(), searchNotes(), etc.
     // Sort by timestamp descending (already sorted by FTS query)
 
+    console.log(`[Search API] GET OK — query="${q.slice(0, 50)}" results=${results.length}`);
     return NextResponse.json({ results });
   } catch (err) {
-    console.error("[Chat Search] Failed:", (err as Error).message);
+    console.error(`[Search API] GET FAILED — query="${q?.slice(0, 50)}":`, (err as Error).message);
     return NextResponse.json(
       { error: sanitizeForApi((err as Error).message) },
       { status: 500 }

package/src/app/api/openclaw/config/route.ts

@@ -125,8 +125,10 @@ export async function PATCH(request: NextRequest) {
     }
 
     await gw.request("config.patch", patch);
+    console.log("[Config API] PATCH OK");
     return NextResponse.json({ ok: true });
   } catch (err) {
+    console.error("[Config API] PATCH FAILED:", err instanceof Error ? err.message : "Unknown error");
     return NextResponse.json(
       { error: err instanceof Error ? err.message : "Config patch failed" },
       { status: 500 }

package/src/app/api/openclaw/events/route.ts

@@ -36,11 +36,19 @@ function redactEventPayload(evt: GatewayEvent): GatewayEvent {
  * SSE endpoint -- streams OpenClaw Gateway events to the browser in real-time.
  * Browser connects once via EventSource and receives push updates.
  */
-export async function GET() {
+export async function GET(request: Request) {
   const gw = ensureGateway();
 
   const encoder = new TextEncoder();
   let closed = false;
+  const connectedAt = Date.now();
+  let eventCount = 0;
+
+  console.log(`[SSE] Client connected (gateway: ${gw.state})`);
+
+  // Use the request's AbortSignal as the primary cleanup mechanism.
+  // ReadableStream.cancel() is unreliable in some environments.
+  const signal = request.signal;
 
   const stream = new ReadableStream({
     start(controller) {
@@ -58,11 +66,13 @@ export async function GET() {
       // Forward gateway events (with sensitive fields redacted)
       const onGatewayEvent = (evt: GatewayEvent) => {
         if (closed) return;
+        eventCount++;
         try {
           const safe = redactEventPayload(evt);
           controller.enqueue(encoder.encode(`data: ${JSON.stringify(safe)}\n\n`));
-        } catch {
-          // Stream may have closed
+        } catch (err) {
+          console.warn(`[SSE] Stream write failed for event ${evt.event}:`, (err as Error).message);
+          cleanup();
         }
       };
 
@@ -80,7 +90,7 @@ export async function GET() {
           };
           controller.enqueue(encoder.encode(`data: ${JSON.stringify(msg)}\n\n`));
         } catch {
-          // Stream may have closed
+          cleanup();
         }
       };
 
@@ -90,23 +100,28 @@ export async function GET() {
         try {
           controller.enqueue(encoder.encode(`: heartbeat\n\n`));
         } catch {
-          // Stream may have closed
+          cleanup();
         }
       }, 30000);
 
       gw.on("gatewayEvent", onGatewayEvent);
       gw.on("stateChange", onStateChange);
 
-      // Cleanup when the client disconnects
+      // Cleanup: remove listeners, stop heartbeat
       const cleanup = () => {
+        if (closed) return; // prevent double cleanup
         closed = true;
+        const duration = Math.round((Date.now() - connectedAt) / 1000);
+        console.log(`[SSE] Client disconnected (${duration}s, ${eventCount} events forwarded)`);
         clearInterval(heartbeat);
         gw.off("gatewayEvent", onGatewayEvent);
         gw.off("stateChange", onStateChange);
       };
 
-      // The stream's cancel is called when the client disconnects
-      // We store cleanup for the cancel callback
+      // Primary cleanup: request.signal fires when client disconnects
+      signal.addEventListener("abort", cleanup, { once: true });
+
+      // Store for cancel callback as fallback
       (controller as unknown as { _cleanup: () => void })._cleanup = cleanup;
     },
     cancel(controller) {

package/src/app/api/openclaw/ping/route.ts

@@ -47,6 +47,10 @@ export async function POST() {
     await gw.request("health", {});
     const latency = Date.now() - start;
 
+    if (latency > 1000) {
+      console.warn(`[Ping] Health check slow: ${latency}ms`);
+    }
+
     return NextResponse.json({
       ok: true,
       configured: true,
@@ -54,6 +58,7 @@ export async function POST() {
       server: gw.serverInfo,
     });
   } catch (err) {
+    console.error("[Ping] Health check failed:", err instanceof Error ? err.message : "Unknown error");
     return NextResponse.json({
       ok: false,
       configured: true,

package/src/app/api/openclaw/session/context/route.ts

@@ -0,0 +1,163 @@
+import { NextRequest, NextResponse } from "next/server";
+import { ensureGateway } from "@/lib/gateway-connection";
+import { sanitizeForApi } from "@/lib/api-security";
+import {
+  getCompactionBoundary,
+  setCompactionBoundary,
+} from "@/lib/db/queries";
+
+// ============================================================================
+// Types
+// ============================================================================
+
+interface PreviewMessage {
+  role: string;
+  content?: string;
+  timestamp?: number;
+}
+
+interface PreviewResponse {
+  messages?: PreviewMessage[];
+  entries?: PreviewMessage[];
+}
+
+interface ContextBoundaryResponse {
+  /** ID of the oldest message still in the agent's context. Null if unknown. */
+  boundaryMessageId: string | null;
+  /** Whether the boundary was freshly determined (true) or loaded from cache (false). */
+  fresh: boolean;
+}
+
+// ============================================================================
+// GET /api/openclaw/session/context?sessionKey=X&channelId=Y
+//
+// Determines the compaction boundary: which messages the agent can "see".
+// Calls sessions.preview on the Gateway, matches against local DB, caches result.
+// ============================================================================
+
+export async function GET(request: NextRequest) {
+  const { searchParams } = new URL(request.url);
+  const sessionKey = searchParams.get("sessionKey");
+  const channelId = searchParams.get("channelId");
+
+  if (!sessionKey) {
+    return NextResponse.json(
+      { error: "sessionKey is required" },
+      { status: 400 }
+    );
+  }
+
+  try {
+    // First, check cached boundary
+    const cached = getCompactionBoundary(sessionKey);
+
+    // Try to get fresh boundary from Gateway
+    const gateway = ensureGateway();
+    let fresh = false;
+    let boundaryMessageId = cached;
+
+    try {
+      const preview = await gateway.request<PreviewResponse>(
+        "sessions.preview",
+        {
+          keys: [sessionKey],
+          limit: 100,
+          maxChars: 20000,
+        }
+      );
+
+      // The preview returns messages that the agent can currently see.
+      // Find the oldest message in the preview to determine the boundary.
+      const previewMessages = preview.messages || preview.entries || [];
+
+      if (previewMessages.length > 0 && channelId) {
+        // Import dynamically to avoid circular deps
+        const { getDb } = await import("@/lib/db/index");
+        const { messages } = await import("@/lib/db/schema");
+        const { eq, asc } = await import("drizzle-orm");
+
+        const db = getDb();
+
+        // Get oldest message timestamp from preview
+        const oldestPreview = previewMessages[0];
+        const oldestTimestamp = oldestPreview?.timestamp;
+
+        if (oldestTimestamp) {
+          // Find the Castle message closest to this timestamp
+          const localMessages = db
+            .select({ id: messages.id, createdAt: messages.createdAt })
+            .from(messages)
+            .where(eq(messages.channelId, channelId))
+            .orderBy(asc(messages.createdAt))
+            .all();
+
+          // Find the message with timestamp closest to the oldest preview message
+          let closestId: string | null = null;
+          let closestDiff = Infinity;
+          for (const msg of localMessages) {
+            const diff = Math.abs(msg.createdAt - oldestTimestamp);
+            if (diff < closestDiff) {
+              closestDiff = diff;
+              closestId = msg.id;
+            }
+          }
+
+          if (closestId && closestDiff < 60000) {
+            // Match within 60s tolerance
+            boundaryMessageId = closestId;
+            fresh = true;
+
+            // Cache it in the DB
+            setCompactionBoundary(sessionKey, closestId);
+          }
+        }
+      }
+    } catch (previewErr) {
+      // sessions.preview might not be available — fall back to cached
+      console.warn(
+        "[Session Context] sessions.preview failed, using cached boundary:",
+        (previewErr as Error).message
+      );
+    }
+
+    const response: ContextBoundaryResponse = {
+      boundaryMessageId,
+      fresh,
+    };
+
+    return NextResponse.json(response);
+  } catch (err) {
+    const message = (err as Error).message;
+    console.error("[Session Context] Failed:", message);
+    return NextResponse.json(
+      { error: sanitizeForApi(message) },
+      { status: 502 }
+    );
+  }
+}
+
+// ============================================================================
+// POST /api/openclaw/session/context — Update boundary after compaction event
+// ============================================================================
+
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json();
+    const { sessionKey, boundaryMessageId } = body;
+
+    if (!sessionKey || !boundaryMessageId) {
+      return NextResponse.json(
+        { error: "sessionKey and boundaryMessageId are required" },
+        { status: 400 }
+      );
+    }
+
+    setCompactionBoundary(sessionKey, boundaryMessageId);
+    return NextResponse.json({ ok: true });
+  } catch (err) {
+    return NextResponse.json(
+      { error: (err as Error).message },
+      { status: 500 }
+    );
+  }
+}