npm - @cfio/cohort-sync - Versions diffs - 0.16.0 → 0.18.0 - Mend

@cfio/cohort-sync 0.16.0 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.js CHANGED Viewed

@@ -11861,7 +11861,10 @@ function closeBridge() {
 }
 var authCircuitOpen = false;
 function isUnauthorizedError(err) {
-  return String(err).includes("Unauthorized");
+  if (!(err instanceof ConvexError)) return false;
+  const data = err.data;
+  if (!data || typeof data !== "object") return false;
+  return data.code === "UNAUTHORIZED";
 }
 function tripAuthCircuit() {
   if (authCircuitOpen) return;
@@ -11880,6 +11883,7 @@ var markDeliveredByPlugin = makeFunctionReference("notifications:markDeliveredBy
 var getPendingCommandsForPlugin = makeFunctionReference("gatewayCommands:getPendingForPlugin");
 var acknowledgeCommandRef = makeFunctionReference("gatewayCommands:acknowledgeCommand");
 var failCommandRef = makeFunctionReference("gatewayCommands:failCommand");
+var getChannelsForPlugin = makeFunctionReference("cloudGatewayChannels:listForPlugin");
 var addCommentFromPluginRef = makeFunctionReference("comments:addCommentFromPlugin");
 async function pushTelemetry(apiKey2, data) {
   if (authCircuitOpen) return;
@@ -12210,6 +12214,41 @@ function startCommandSubscription(cfg, logger, resolveAgentName, gwClient) {
   logger.info("cohort-sync: command subscription active");
   return unsubscribe;
 }
+function subscribeChannels(apiKey2, onUpdate, logger) {
+  const c = getClient();
+  if (!c) {
+    (logger ?? getLogger()).warn(
+      "cohort-sync: no ConvexClient \u2014 channels subscription skipped"
+    );
+    return null;
+  }
+  const apiKeyHash = hashApiKey(apiKey2);
+  const unsubscribe = c.onUpdate(
+    getChannelsForPlugin,
+    { apiKeyHash },
+    (rows) => {
+      try {
+        onUpdate(rows);
+      } catch (err) {
+        (logger ?? getLogger()).error(
+          `cohort-sync: channels onUpdate handler threw: ${String(err)}`
+        );
+      }
+    },
+    (err) => {
+      if (isUnauthorizedError(err)) {
+        tripAuthCircuit();
+        return;
+      }
+      (logger ?? getLogger()).error(
+        `cohort-sync: channels subscription error: ${String(err)}`
+      );
+    }
+  );
+  unsubscribers.push(unsubscribe);
+  (logger ?? getLogger()).info("cohort-sync: channels subscription active");
+  return unsubscribe;
+}
 // src/gateway-client.ts
 import crypto2 from "node:crypto";
@@ -12305,7 +12344,13 @@ var ALLOWED_METHODS = /* @__PURE__ */ new Set([
   "agent",
   "snapshot",
   "system.presence",
-  "gateway.restart"
+  "gateway.restart",
+  // `secrets.reload` re-resolves SecretRefs and atomically swaps the runtime
+  // snapshot. The plugin's `cohort-sync/secrets-reload` gateway-method wrapper
+  // (see `gateway-methods.ts`) proxies inbound calls to this outbound RPC so
+  // the Cohort web app (and #608 channel attach/detach flows) can trigger a
+  // reload without minting an admin-scope key.
+  "secrets.reload"
 ]);
 function buildConnectFrame(id, token, pluginVersion, identity, nonce) {
   const signedAtMs = Date.now();
@@ -13378,7 +13423,7 @@ function dumpCtx(ctx) {
 function dumpEvent(event) {
   return dumpCtx(event);
 }
-var PLUGIN_VERSION = true ? "0.16.0" : "unknown";
+var PLUGIN_VERSION = true ? "0.18.0" : "unknown";
 function resolveGatewayToken(api) {
   const token = api.config?.gateway?.auth?.token;
   return typeof token === "string" ? token : null;
@@ -13507,6 +13552,19 @@ function initGatewayClient(port, token, cfg, resolveAgentName, logger) {
   });
   return client2;
 }
+function applyChannelRowsToBridge(rows, setChannel, resolveAgentName) {
+  let count = 0;
+  for (const row of rows) {
+    const agentName = resolveAgentName(row.agentId);
+    setChannel(row.kind, agentName);
+    count++;
+    if (row.accountId) {
+      setChannel(`${row.kind}:${row.accountId}`, agentName);
+      count++;
+    }
+  }
+  return count;
+}
 async function handleGatewayStart(event, state) {
   if (!state) {
     return;
@@ -13567,6 +13625,39 @@ async function handleGatewayStart(event, state) {
   for (const agentId of allAgentIds) {
     resolvedNameMap[agentId] = state.resolveAgentName(agentId);
   }
+  if (state.channelsUnsubscriber) {
+    state.channelsUnsubscriber();
+    state.channelsUnsubscriber = null;
+  }
+  try {
+    const unsubChannels = subscribeChannels(
+      cfg.apiKey,
+      (rows) => {
+        try {
+          const count = applyChannelRowsToBridge(
+            rows,
+            setChannelAgent,
+            state.resolveAgentName
+          );
+          logger.debug("cohort-sync: channels snapshot applied", {
+            rowCount: rows.length,
+            bridgeEntries: count,
+            bridge: Object.fromEntries(getChannelAgentBridge())
+          });
+        } catch (err) {
+          logger.warn(
+            `cohort-sync: applyChannelRowsToBridge failed: ${String(err)}`
+          );
+        }
+      },
+      logger
+    );
+    if (unsubChannels) state.channelsUnsubscriber = unsubChannels;
+  } catch (err) {
+    logger.warn(
+      `cohort-sync: channels subscription init failed: ${String(err)}`
+    );
+  }
   await startNotificationSubscription(
     event.port,
     cfg,
@@ -14009,6 +14100,13 @@ function registerHookHandlers(api, logger, getState) {
       clearInterval(state.keepaliveInterval);
       state.keepaliveInterval = null;
     }
+    if (state.channelsUnsubscriber) {
+      try {
+        state.channelsUnsubscriber();
+      } catch {
+      }
+      state.channelsUnsubscriber = null;
+    }
     state.activityBatch.drain();
     if (!isRestart) {
       const shutdownConfigIds = (config?.agents?.list ?? []).map((a) => a.id);
@@ -14156,11 +14254,82 @@ function initializeHookState(api, cfg) {
     gwClientInitialized,
     keepaliveInterval: null,
     commandUnsubscriber: commandUnsub,
+    channelsUnsubscriber: null,
     api,
     latestPluginVersion: null
   };
 }
+// src/gateway-methods.ts
+async function invokeSecretsReload(gwClient) {
+  if (!gwClient || !gwClient.isAlive()) {
+    return { ok: false, error: "gateway client not connected" };
+  }
+  try {
+    const result = await gwClient.request(
+      "secrets.reload",
+      void 0,
+      3e4
+      // Channel restart can take a few seconds — give it headroom.
+    );
+    const warningCount = typeof result?.warningCount === "number" ? result.warningCount : 0;
+    return { ok: true, warningCount };
+  } catch (err) {
+    return {
+      ok: false,
+      error: err instanceof Error ? err.message : String(err)
+    };
+  }
+}
+var ALLOWED_PAIRING_KINDS = /* @__PURE__ */ new Set([
+  "telegram",
+  "discord",
+  "slack",
+  "whatsapp",
+  "signal",
+  "imessage"
+]);
+var PAIRING_CODE_RE = /^[A-Z0-9]{4,16}$/;
+async function invokePairingApprove(params) {
+  const kind = typeof params.kind === "string" ? params.kind : "";
+  const code2 = typeof params.code === "string" ? params.code : "";
+  if (!ALLOWED_PAIRING_KINDS.has(kind)) {
+    return { ok: false, error: `invalid channel kind: ${kind || "(empty)"}` };
+  }
+  if (!PAIRING_CODE_RE.test(code2)) {
+    return { ok: false, error: "invalid pairing code (expected 4\u201316 uppercase alphanumerics)" };
+  }
+  return {
+    ok: false,
+    error: "pairing-approve via gateway-method is a stub; call openclaw pairing approve via Fly machines exec instead (see convex/cohortChannels.ts:runTelegramPairingApprove)"
+  };
+}
+function registerGatewayMethods(api, getGatewayClient) {
+  api.registerGatewayMethod(
+    "cohort-sync/secrets-reload",
+    async ({ respond }) => {
+      const result = await invokeSecretsReload(getGatewayClient());
+      respond(true, result);
+    },
+    // operator.write is the channel attach/detach surface — same scope used
+    // for any write-side channels operation. Admins also pass (admin is a
+    // superset).
+    { scope: "operator.write" }
+  );
+  api.registerGatewayMethod(
+    "cohort-sync/pairing-approve",
+    async ({ respond, params }) => {
+      const result = await invokePairingApprove(
+        params ?? {}
+      );
+      respond(true, result);
+    },
+    // Same scope rationale as secrets-reload — pairing approve is a channel
+    // write operation.
+    { scope: "operator.write" }
+  );
+}
 // src/pocket-guide.ts
 var POCKET_GUIDE = `# Cohort Agent Guide (Pocket Version)
@@ -14236,6 +14405,7 @@ var plugin = {
       return;
     }
     registerHookHandlers(api, api.logger, () => sharedHookState);
+    registerGatewayMethods(api, () => sharedHookState?.persistentGwClient ?? null);
     const gatewayPort = api.config?.gateway?.port ?? 18789;
     api.registerHook(
       "gateway:startup",

package/dist/openclaw.plugin.json CHANGED Viewed

@@ -55,5 +55,5 @@
       }
     }
   },
-  "version": "0.16.0"
+  "version": "0.18.0"
 }

package/dist/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cfio/cohort-sync",
-  "version": "0.16.0",
+  "version": "0.18.0",
   "description": "OpenClaw plugin — syncs agent telemetry, sessions, and activity to the Cohort dashboard",
   "type": "module",
   "main": "index.js",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cfio/cohort-sync",
-  "version": "0.16.0",
+  "version": "0.18.0",
   "description": "OpenClaw plugin — syncs agent telemetry, sessions, and activity to the Cohort dashboard",
   "license": "MIT",
   "homepage": "https://docs.cohort.bot/gateway",