@chrysb/alphaclaw 0.2.3 → 0.3.0

package/lib/server/routes/proxy.js

@@ -1,26 +1,24 @@
-const registerProxyRoutes = ({ app, proxy, SETUP_API_PREFIXES, requireAuth }) => {
+const registerProxyRoutes = ({
+  app,
+  proxy,
+  SETUP_API_PREFIXES,
+  requireAuth,
+  webhookMiddleware,
+}) => {
   app.all("/openclaw", requireAuth, (req, res) => {
     req.url = "/";
     proxy.web(req, res);
   });
-  app.all("/openclaw/*path", requireAuth, (req, res) => {
+  app.all("/openclaw/*", requireAuth, (req, res) => {
     req.url = req.url.replace(/^\/openclaw/, "");
     proxy.web(req, res);
   });
-  app.all("/assets/*path", requireAuth, (req, res) => proxy.web(req, res));
+  app.all("/assets/*", requireAuth, (req, res) => proxy.web(req, res));
 
-  app.all("/webhook/*path", (req, res) => {
-    if (!req.headers.authorization && req.query.token) {
-      req.headers.authorization = `Bearer ${req.query.token}`;
-      delete req.query.token;
-      const url = new URL(req.url, `http://${req.headers.host}`);
-      url.searchParams.delete("token");
-      req.url = url.pathname + url.search;
-    }
-    proxy.web(req, res);
-  });
+  app.all("/hooks/*", webhookMiddleware);
+  app.all("/webhook/*", webhookMiddleware);
 
-  app.all("/api/*path", (req, res) => {
+  app.all("/api/*", (req, res) => {
     if (SETUP_API_PREFIXES.some((p) => req.path.startsWith(p))) return;
     proxy.web(req, res);
   });

package/lib/server/routes/system.js

@@ -15,7 +15,9 @@ const registerSystemRoutes = ({
   alphaclawVersionService,
   clawCmd,
   restartGateway,
+  onExpectedGatewayRestart,
   OPENCLAW_DIR,
+  restartRequiredState,
 }) => {
   let envRestartPending = false;
   const kEnvVarsReservedForUserInput = new Set([
@@ -30,8 +32,7 @@ const registerSystemRoutes = ({
     new Set([...kSystemVars, ...kEnvVarsReservedForUserInput]),
   );
   const isReservedUserEnvVar = (key) =>
-    kSystemVars.has(key)
-    || kEnvVarsReservedForUserInput.has(key);
+    kSystemVars.has(key) || kEnvVarsReservedForUserInput.has(key);
   const kSystemCronPath = "/etc/cron.d/openclaw-hourly-sync";
   const kSystemCronConfigPath = `${OPENCLAW_DIR}/cron/system-sync.json`;
   const kSystemCronScriptPath = `${OPENCLAW_DIR}/hourly-git-sync.sh`;
@@ -69,11 +70,18 @@ const registerSystemRoutes = ({
   };
   const applySystemCronConfig = (nextConfig) => {
     fs.mkdirSync(`${OPENCLAW_DIR}/cron`, { recursive: true });
-    fs.writeFileSync(kSystemCronConfigPath, JSON.stringify(nextConfig, null, 2));
+    fs.writeFileSync(
+      kSystemCronConfigPath,
+      JSON.stringify(nextConfig, null, 2),
+    );
     if (nextConfig.enabled) {
-      fs.writeFileSync(kSystemCronPath, buildSystemCronContent(nextConfig.schedule), {
-        mode: 0o644,
-      });
+      fs.writeFileSync(
+        kSystemCronPath,
+        buildSystemCronContent(nextConfig.schedule),
+        {
+          mode: 0o644,
+        },
+      );
     } else {
       fs.rmSync(kSystemCronPath, { force: true });
     }
@@ -140,7 +148,9 @@ const registerSystemRoutes = ({
     }
 
     const filtered = vars.filter((v) => !isReservedUserEnvVar(v.key));
-    const existingLockedVars = readEnvFile().filter((v) => isReservedUserEnvVar(v.key));
+    const existingLockedVars = readEnvFile().filter((v) =>
+      isReservedUserEnvVar(v.key),
+    );
     const nextEnvVars = [...filtered, ...existingLockedVars];
     syncChannelConfig(nextEnvVars, "remove");
     writeEnvFile(nextEnvVars);
@@ -149,7 +159,9 @@ const registerSystemRoutes = ({
       envRestartPending = true;
     }
     const restartRequired = envRestartPending && isOnboarded();
-    console.log(`[alphaclaw] Env vars saved (${nextEnvVars.length} vars, changed=${changed})`);
+    console.log(
+      `[alphaclaw] Env vars saved (${nextEnvVars.length} vars, changed=${changed})`,
+    );
     syncChannelConfig(nextEnvVars, "add");
 
     res.json({ ok: true, changed, restartRequired });
@@ -161,7 +173,11 @@ const registerSystemRoutes = ({
     const repo = process.env.GITHUB_WORKSPACE_REPO || "";
     const openclawVersion = openclawVersionService.readOpenclawVersion();
     res.json({
-      gateway: running ? "running" : configExists ? "starting" : "not_onboarded",
+      gateway: running
+        ? "running"
+        : configExists
+          ? "starting"
+          : "not_onboarded",
       configExists,
       channels: getChannelStatus(),
       repo,
@@ -178,10 +194,14 @@ const registerSystemRoutes = ({
     const current = readSystemCronConfig();
     const { enabled, schedule } = req.body || {};
     if (enabled !== undefined && typeof enabled !== "boolean") {
-      return res.status(400).json({ ok: false, error: "enabled must be a boolean" });
+      return res
+        .status(400)
+        .json({ ok: false, error: "enabled must be a boolean" });
     }
     if (schedule !== undefined && !isValidCronSchedule(schedule)) {
-      return res.status(400).json({ ok: false, error: "schedule must be a 5-field cron string" });
+      return res
+        .status(400)
+        .json({ ok: false, error: "schedule must be a 5-field cron string" });
     }
     const nextConfig = {
       enabled: typeof enabled === "boolean" ? enabled : current.enabled,
@@ -246,13 +266,39 @@ const registerSystemRoutes = ({
     res.json({ ok: true, url: "/openclaw" });
   });
 
-  app.post("/api/gateway/restart", (req, res) => {
+  app.get("/api/restart-status", async (req, res) => {
+    try {
+      const snapshot = await restartRequiredState.getSnapshot();
+      res.json({
+        ok: true,
+        restartRequired: snapshot.restartRequired || envRestartPending,
+        restartInProgress: snapshot.restartInProgress,
+        gatewayRunning: snapshot.gatewayRunning,
+      });
+    } catch (err) {
+      res.status(500).json({ ok: false, error: err.message });
+    }
+  });
+
+  app.post("/api/gateway/restart", async (req, res) => {
     if (!isOnboarded()) {
       return res.status(400).json({ ok: false, error: "Not onboarded" });
     }
-    restartGateway();
-    envRestartPending = false;
-    res.json({ ok: true });
+    restartRequiredState.markRestartInProgress();
+    try {
+      if (typeof onExpectedGatewayRestart === "function") {
+        onExpectedGatewayRestart();
+      }
+      restartGateway();
+      envRestartPending = false;
+      restartRequiredState.clearRequired();
+      restartRequiredState.markRestartComplete();
+      const snapshot = await restartRequiredState.getSnapshot();
+      res.json({ ok: true, restartRequired: snapshot.restartRequired });
+    } catch (err) {
+      restartRequiredState.markRestartComplete();
+      res.status(500).json({ ok: false, error: err.message });
+    }
   });
 };
 

package/lib/server/routes/telegram.js

@@ -4,25 +4,6 @@ const { isDebugEnabled } = require("../helpers");
 const topicRegistry = require("../topic-registry");
 const { syncConfigForTelegram } = require("../telegram-workspace");
 
-const getRequestBody = (req) => (req.body && typeof req.body === "object" ? req.body : {});
-const getRequestQuery = (req) => (req.query && typeof req.query === "object" ? req.query : {});
-const parseJsonString = (value) => {
-  if (typeof value !== "string" || !value.trim()) return null;
-  try {
-    return JSON.parse(value);
-  } catch {
-    return null;
-  }
-};
-const getRequestPayload = (req) => {
-  const body = getRequestBody(req);
-  const query = getRequestQuery(req);
-  const payloadFromQuery = parseJsonString(query.payload);
-  if (payloadFromQuery && typeof payloadFromQuery === "object" && !Array.isArray(payloadFromQuery)) {
-    return { ...payloadFromQuery, ...body };
-  }
-  return body;
-};
 const parseBooleanValue = (value, fallbackValue = false) => {
   if (typeof value === "boolean") return value;
   if (typeof value === "number") return value !== 0;
@@ -34,9 +15,8 @@ const parseBooleanValue = (value, fallbackValue = false) => {
   return fallbackValue;
 };
 const resolveGroupId = (req) => {
-  const body = getRequestPayload(req);
-  const query = getRequestQuery(req);
-  const rawGroupId = body.groupId ?? body.chatId ?? query.groupId ?? query.chatId;
+  const body = req.body || {};
+  const rawGroupId = body.groupId ?? body.chatId;
   return rawGroupId == null ? "" : String(rawGroupId).trim();
 };
 const resolveAllowUserId = async ({ telegramApi, groupId, preferredUserId }) => {
@@ -121,12 +101,11 @@ const registerTelegramRoutes = ({ app, telegramApi, syncPromptFiles }) => {
   // Create a topic via Telegram API + add to registry
   app.post("/api/telegram/groups/:groupId/topics", async (req, res) => {
     const { groupId } = req.params;
-    const payload = getRequestPayload(req);
-    const query = getRequestQuery(req);
-    const name = String(payload.name ?? query.name ?? "").trim();
-    const rawIconColor = payload.iconColor ?? query.iconColor;
+    const body = req.body || {};
+    const name = String(body.name ?? "").trim();
+    const rawIconColor = body.iconColor;
     const systemInstructions = String(
-      payload.systemInstructions ?? payload.systemPrompt ?? query.systemInstructions ?? query.systemPrompt ?? "",
+      body.systemInstructions ?? body.systemPrompt ?? "",
     ).trim();
     const iconColorValue = rawIconColor == null ? null : Number.parseInt(String(rawIconColor), 10);
     const iconColor = Number.isFinite(iconColorValue) ? iconColorValue : undefined;
@@ -160,14 +139,8 @@ const registerTelegramRoutes = ({ app, telegramApi, syncPromptFiles }) => {
   // Bulk-create topics
   app.post("/api/telegram/groups/:groupId/topics/bulk", async (req, res) => {
     const { groupId } = req.params;
-    const payload = getRequestPayload(req);
-    const query = getRequestQuery(req);
-    const queryTopics = parseJsonString(query.topics);
-    const topics = Array.isArray(payload.topics)
-      ? payload.topics
-      : Array.isArray(queryTopics)
-        ? queryTopics
-        : [];
+    const body = req.body || {};
+    const topics = Array.isArray(body.topics) ? body.topics : [];
     if (!Array.isArray(topics) || topics.length === 0) {
       return res.status(400).json({ ok: false, error: "topics array is required" });
     }
@@ -247,15 +220,12 @@ const registerTelegramRoutes = ({ app, telegramApi, syncPromptFiles }) => {
   // Rename a topic
   app.put("/api/telegram/groups/:groupId/topics/:topicId", async (req, res) => {
     const { groupId, topicId } = req.params;
-    const payload = getRequestPayload(req);
-    const query = getRequestQuery(req);
-    const name = String(payload.name ?? query.name ?? "").trim();
-    const hasSystemInstructions = Object.prototype.hasOwnProperty.call(payload, "systemInstructions")
-      || Object.prototype.hasOwnProperty.call(payload, "systemPrompt")
-      || Object.prototype.hasOwnProperty.call(query, "systemInstructions")
-      || Object.prototype.hasOwnProperty.call(query, "systemPrompt");
+    const body = req.body || {};
+    const name = String(body.name ?? "").trim();
+    const hasSystemInstructions = Object.prototype.hasOwnProperty.call(body, "systemInstructions")
+      || Object.prototype.hasOwnProperty.call(body, "systemPrompt");
     const systemInstructions = String(
-      payload.systemInstructions ?? payload.systemPrompt ?? query.systemInstructions ?? query.systemPrompt ?? "",
+      body.systemInstructions ?? body.systemPrompt ?? "",
     ).trim();
     if (!name) return res.status(400).json({ ok: false, error: "name is required" });
     try {
@@ -302,11 +272,10 @@ const registerTelegramRoutes = ({ app, telegramApi, syncPromptFiles }) => {
   // Configure openclaw.json for a group
   app.post("/api/telegram/groups/:groupId/configure", async (req, res) => {
     const { groupId } = req.params;
-    const payload = getRequestPayload(req);
-    const query = getRequestQuery(req);
-    const userId = payload.userId ?? query.userId ?? "";
-    const groupName = payload.groupName ?? query.groupName ?? "";
-    const requireMention = parseBooleanValue(payload.requireMention ?? query.requireMention, false);
+    const body = req.body || {};
+    const userId = body.userId ?? "";
+    const groupName = body.groupName ?? "";
+    const requireMention = parseBooleanValue(body.requireMention, false);
     try {
       const resolvedUserId = await resolveAllowUserId({
         telegramApi,

package/lib/server/routes/watchdog.js

@@ -0,0 +1,68 @@
+const registerWatchdogRoutes = ({
+  app,
+  requireAuth,
+  watchdog,
+  getRecentEvents,
+  readLogTail,
+}) => {
+  app.get("/api/watchdog/status", requireAuth, (req, res) => {
+    try {
+      const status = watchdog.getStatus();
+      res.json({ ok: true, status });
+    } catch (err) {
+      res.status(500).json({ ok: false, error: err.message });
+    }
+  });
+
+  app.get("/api/watchdog/events", requireAuth, (req, res) => {
+    try {
+      const limit = Number.parseInt(String(req.query.limit || "20"), 10) || 20;
+      const includeRoutine =
+        String(req.query.includeRoutine || "").trim() === "1" ||
+        String(req.query.includeRoutine || "").trim().toLowerCase() === "true";
+      const events = getRecentEvents({ limit, includeRoutine });
+      res.json({ ok: true, events });
+    } catch (err) {
+      res.status(500).json({ ok: false, error: err.message });
+    }
+  });
+
+  app.get("/api/watchdog/logs", requireAuth, (req, res) => {
+    try {
+      const tail = Number.parseInt(String(req.query.tail || "65536"), 10) || 65536;
+      const logs = readLogTail(tail);
+      res.setHeader("Content-Type", "text/plain; charset=utf-8");
+      res.status(200).send(logs);
+    } catch (err) {
+      res.status(500).json({ ok: false, error: err.message });
+    }
+  });
+
+  app.post("/api/watchdog/repair", requireAuth, async (req, res) => {
+    try {
+      const result = await watchdog.triggerRepair();
+      res.json({ ok: !!result?.ok, result });
+    } catch (err) {
+      res.status(500).json({ ok: false, error: err.message });
+    }
+  });
+
+  app.get("/api/watchdog/settings", requireAuth, (req, res) => {
+    try {
+      res.json({ ok: true, settings: watchdog.getSettings() });
+    } catch (err) {
+      res.status(500).json({ ok: false, error: err.message });
+    }
+  });
+
+  app.put("/api/watchdog/settings", requireAuth, (req, res) => {
+    try {
+      const settings = watchdog.updateSettings(req.body || {});
+      res.json({ ok: true, settings });
+    } catch (err) {
+      res.status(400).json({ ok: false, error: err.message });
+    }
+  });
+};
+
+module.exports = { registerWatchdogRoutes };

package/lib/server/routes/webhooks.js

@@ -0,0 +1,214 @@
+const {
+  listWebhooks,
+  getWebhookDetail,
+  createWebhook,
+  deleteWebhook,
+  validateWebhookName,
+} = require("../webhooks");
+
+const isFiniteInteger = (value) => Number.isFinite(value) && Number.isInteger(value);
+const parseBooleanFlag = (value) => {
+  const normalized = String(value == null ? "" : value).trim().toLowerCase();
+  return ["1", "true", "yes", "on"].includes(normalized);
+};
+
+const buildHealth = ({ totalCount, errorCount }) => {
+  if (!totalCount || totalCount <= 0) return "green";
+  if (!errorCount || errorCount <= 0) return "green";
+  if (errorCount >= totalCount) return "red";
+  return "yellow";
+};
+
+const mapSummaryByHook = (summaries) => {
+  const byHook = new Map();
+  for (const summary of summaries || []) byHook.set(summary.hookName, summary);
+  return byHook;
+};
+
+const mergeWebhookAndSummary = ({ webhook, summary }) => {
+  const totalCount = Number(summary?.totalCount || 0);
+  const errorCount = Number(summary?.errorCount || 0);
+  const successCount = Number(summary?.successCount || 0);
+  return {
+    ...webhook,
+    lastReceived: summary?.lastReceived || null,
+    totalCount,
+    successCount,
+    errorCount,
+    health: buildHealth({ totalCount, errorCount }),
+  };
+};
+
+const normalizeStatusFilter = (rawStatus) => {
+  const status = String(rawStatus || "all").trim().toLowerCase();
+  if (["all", "success", "error"].includes(status)) return status;
+  return "all";
+};
+
+const buildWebhookUrls = ({ baseUrl, name }) => {
+  const fullUrl = `${baseUrl}/hooks/${name}`;
+  const token = String(process.env.WEBHOOK_TOKEN || "").trim();
+  const queryStringUrl = token
+    ? `${fullUrl}?token=${encodeURIComponent(token)}`
+    : `${fullUrl}?token=<WEBHOOK_TOKEN>`;
+  const authHeaderValue = token
+    ? `Authorization: Bearer ${token}`
+    : "Authorization: Bearer <WEBHOOK_TOKEN>";
+  return { fullUrl, queryStringUrl, authHeaderValue, hasRuntimeToken: !!token };
+};
+
+const registerWebhookRoutes = ({
+  app,
+  fs,
+  constants,
+  getBaseUrl,
+  webhooksDb,
+  shellCmd,
+  restartRequiredState,
+}) => {
+  const fallbackRestartState = {
+    markRequired: () => {},
+    getSnapshot: async () => ({ restartRequired: false }),
+  };
+  const resolvedRestartState = restartRequiredState || fallbackRestartState;
+  const { markRequired: markRestartRequired, getSnapshot: getRestartSnapshot } = resolvedRestartState;
+  const runWebhookGitSync = async (action, name) => {
+    if (typeof shellCmd !== "function") return null;
+    const safeName = String(name || "").trim();
+    const message = `webhooks: ${action} ${safeName}`.replace(/"/g, "");
+    try {
+      await shellCmd(`alphaclaw git-sync -m "${message}"`, {
+        timeout: 30000,
+      });
+      return null;
+    } catch (err) {
+      return err?.message || "alphaclaw git-sync failed";
+    }
+  };
+
+  app.get("/api/webhooks", (req, res) => {
+    try {
+      const hooks = listWebhooks({ fs, constants });
+      const summaries = webhooksDb.getHookSummaries();
+      const summaryByHook = mapSummaryByHook(summaries);
+      const webhooks = hooks.map((webhook) =>
+        mergeWebhookAndSummary({
+          webhook,
+          summary: summaryByHook.get(webhook.name),
+        }));
+      res.json({ ok: true, webhooks });
+    } catch (err) {
+      res.status(500).json({ ok: false, error: err.message });
+    }
+  });
+
+  app.get("/api/webhooks/:name", (req, res) => {
+    try {
+      const name = validateWebhookName(req.params.name);
+      const detail = getWebhookDetail({ fs, constants, name });
+      if (!detail) return res.status(404).json({ ok: false, error: "Webhook not found" });
+      const summary = webhooksDb.getHookSummaries().find((item) => item.hookName === name);
+      const merged = mergeWebhookAndSummary({ webhook: detail, summary });
+      const baseUrl = getBaseUrl(req);
+      const urls = buildWebhookUrls({ baseUrl, name });
+      return res.json({
+        ok: true,
+        webhook: {
+          ...merged,
+          fullUrl: urls.fullUrl,
+          queryStringUrl: urls.queryStringUrl,
+          authHeaderValue: urls.authHeaderValue,
+          hasRuntimeToken: urls.hasRuntimeToken,
+          authNote:
+            "All hooks use WEBHOOK_TOKEN. Use Authorization: Bearer <token> or x-openclaw-token header.",
+        },
+      });
+    } catch (err) {
+      return res.status(400).json({ ok: false, error: err.message });
+    }
+  });
+
+  app.post("/api/webhooks", async (req, res) => {
+    try {
+      const { name: rawName } = req.body || {};
+      const name = validateWebhookName(rawName);
+      const webhook = createWebhook({ fs, constants, name });
+      const baseUrl = getBaseUrl(req);
+      const urls = buildWebhookUrls({ baseUrl, name });
+      const syncWarning = await runWebhookGitSync("create", name);
+      markRestartRequired("webhooks");
+      const snapshot = await getRestartSnapshot();
+      return res.status(201).json({
+        ok: true,
+        webhook: {
+          ...webhook,
+          fullUrl: urls.fullUrl,
+          queryStringUrl: urls.queryStringUrl,
+          authHeaderValue: urls.authHeaderValue,
+          hasRuntimeToken: urls.hasRuntimeToken,
+        },
+        restartRequired: snapshot.restartRequired,
+        syncWarning,
+      });
+    } catch (err) {
+      const status = String(err.message || "").includes("already exists") ? 409 : 400;
+      return res.status(status).json({ ok: false, error: err.message });
+    }
+  });
+
+  app.delete("/api/webhooks/:name", async (req, res) => {
+    try {
+      const name = validateWebhookName(req.params.name);
+      const deleteTransformDir = parseBooleanFlag(req?.body?.deleteTransformDir);
+      const deletion = deleteWebhook({ fs, constants, name, deleteTransformDir });
+      if (!deletion?.removed) return res.status(404).json({ ok: false, error: "Webhook not found" });
+      const deletedRequestCount = webhooksDb.deleteRequestsByHook(name);
+      const syncWarning = await runWebhookGitSync("delete", name);
+      markRestartRequired("webhooks");
+      const snapshot = await getRestartSnapshot();
+      return res.json({
+        ok: true,
+        restartRequired: snapshot.restartRequired,
+        syncWarning,
+        deletedRequestCount,
+        deletedTransformDir: !!deletion.deletedTransformDir,
+      });
+    } catch (err) {
+      return res.status(400).json({ ok: false, error: err.message });
+    }
+  });
+
+  app.get("/api/webhooks/:name/requests", (req, res) => {
+    try {
+      const name = validateWebhookName(req.params.name);
+      const limit = Number.parseInt(String(req.query.limit || 50), 10);
+      const offset = Number.parseInt(String(req.query.offset || 0), 10);
+      const status = normalizeStatusFilter(req.query.status);
+      const hasBadPaging = !isFiniteInteger(limit) || limit <= 0 || !isFiniteInteger(offset) || offset < 0;
+      if (hasBadPaging) {
+        return res.status(400).json({ ok: false, error: "Invalid limit/offset" });
+      }
+      const requests = webhooksDb.getRequests(name, { limit, offset, status });
+      return res.json({ ok: true, requests });
+    } catch (err) {
+      return res.status(400).json({ ok: false, error: err.message });
+    }
+  });
+
+  app.get("/api/webhooks/:name/requests/:id", (req, res) => {
+    try {
+      const name = validateWebhookName(req.params.name);
+      const requestId = Number.parseInt(String(req.params.id || 0), 10);
+      if (!isFiniteInteger(requestId) || requestId <= 0) {
+        return res.status(400).json({ ok: false, error: "Invalid request id" });
+      }
+      const request = webhooksDb.getRequestById(name, requestId);
+      if (!request) return res.status(404).json({ ok: false, error: "Request not found" });
+      return res.json({ ok: true, request });
+    } catch (err) {
+      return res.status(400).json({ ok: false, error: err.message });
+    }
+  });
+};
+
+module.exports = { registerWebhookRoutes };

package/lib/server/telegram-api.js

@@ -51,6 +51,16 @@ const createTelegramApi = (getToken) => {
       ...(opts.iconCustomEmojiId && { icon_custom_emoji_id: opts.iconCustomEmojiId }),
     });
 
+  const sendMessage = (chatId, text, opts = {}) =>
+    call("sendMessage", {
+      chat_id: chatId,
+      text: String(text || ""),
+      ...(opts.parseMode && { parse_mode: opts.parseMode }),
+      ...(opts.disableWebPagePreview && {
+        disable_web_page_preview: !!opts.disableWebPagePreview,
+      }),
+    });
+
   return {
     getMe,
     getChat,
@@ -59,6 +69,7 @@ const createTelegramApi = (getToken) => {
     createForumTopic,
     deleteForumTopic,
     editForumTopic,
+    sendMessage,
   };
 };