@chrysb/alphaclaw 0.3.5-beta.1 → 0.4.0

package/lib/public/js/components/sidebar.js

@@ -172,83 +172,99 @@ export const AppSidebar = ({
         <${FolderLineIcon} className="sidebar-tab-icon" />
       </button>
     </div>
-    ${sidebarTab === "menu"
-      ? navSections.map(
-          (section) => html`
-            <div class="sidebar-label">${section.label}</div>
-            <nav class="sidebar-nav">
-              ${section.items.map(
-                (item) => html`
-                  <a
-                    class=${selectedNavId === item.id ? "active" : ""}
-                    onclick=${() => onSelectNavItem(item.id)}
-                  >
-                    ${item.label}
-                  </a>
-                `,
-              )}
-            </nav>
-          `,
-        )
-      : html`
-          <div class="sidebar-browse-layout" ref=${browseLayoutRef}>
-            <div
-              class="sidebar-browse-panel"
-            >
-              <${FileTree}
-                onSelectFile=${onSelectBrowseFile}
-                selectedPath=${selectedBrowsePath}
-                onPreviewFile=${onPreviewBrowseFile}
+    <div
+      style=${{
+        display: sidebarTab === "menu" ? "flex" : "none",
+        flexDirection: "column",
+        flex: "1 1 auto",
+        minHeight: 0,
+      }}
+    >
+      ${navSections.map(
+        (section) => html`
+          <div class="sidebar-label">${section.label}</div>
+          <nav class="sidebar-nav">
+            ${section.items.map(
+              (item) => html`
+                <a
+                  class=${selectedNavId === item.id ? "active" : ""}
+                  onclick=${() => onSelectNavItem(item.id)}
+                >
+                  ${item.label}
+                </a>
+              `,
+            )}
+          </nav>
+        `,
+      )}
+      <div class="sidebar-footer">
+        ${acHasUpdate && acLatest && !acDismissed
+          ? html`
+              <${UpdateActionButton}
+                onClick=${onAcUpdate}
+                loading=${acUpdating}
+                warning=${true}
+                idleLabel=${`Update to v${acLatest}`}
+                loadingLabel="Updating..."
+                className="w-full justify-center"
               />
-            </div>
-            <div
-              class=${`sidebar-browse-resizer ${isResizingBrowsePanels ? "is-resizing" : ""}`}
-              onpointerdown=${onBrowsePanelResizerPointerDown}
-              role="separator"
-              aria-orientation="horizontal"
-              aria-label="Resize browse and git panels"
-            ></div>
-            <div class="sidebar-browse-bottom">
-              <div
-                class="sidebar-browse-bottom-inner"
-                ref=${browseBottomPanelRef}
-                style=${{ height: `${browseBottomPanelHeightPx}px` }}
-              >
-              <${SidebarGitPanel} onSelectFile=${onSelectBrowseFile} />
-              ${acHasUpdate && acLatest && !acDismissed
-                ? html`
-                    <${UpdateActionButton}
-                      onClick=${onAcUpdate}
-                      loading=${acUpdating}
-                      warning=${true}
-                      idleLabel=${`Update to v${acLatest}`}
-                      loadingLabel="Updating..."
-                      className="w-full justify-center"
-                    />
-                  `
-                : null}
-              </div>
-            </div>
-          </div>
-        `}
-    ${sidebarTab === "menu"
-      ? html`
-          <div class="sidebar-footer">
-            ${acHasUpdate && acLatest && !acDismissed
-              ? html`
-                  <${UpdateActionButton}
-                    onClick=${onAcUpdate}
-                    loading=${acUpdating}
-                    warning=${true}
-                    idleLabel=${`Update to v${acLatest}`}
-                    loadingLabel="Updating..."
-                    className="w-full justify-center"
-                  />
-                `
-              : null}
+            `
+          : null}
+      </div>
+    </div>
+    <div
+      style=${{
+        display: sidebarTab === "browse" ? "flex" : "none",
+        flexDirection: "column",
+        flex: "1 1 auto",
+        minHeight: 0,
+        overflow: "hidden",
+      }}
+    >
+      <div class="sidebar-browse-layout" ref=${browseLayoutRef}>
+        <div
+          class="sidebar-browse-panel"
+        >
+          <${FileTree}
+            onSelectFile=${onSelectBrowseFile}
+            selectedPath=${selectedBrowsePath}
+            onPreviewFile=${onPreviewBrowseFile}
+            isActive=${sidebarTab === "browse"}
+          />
+        </div>
+        <div
+          class=${`sidebar-browse-resizer ${isResizingBrowsePanels ? "is-resizing" : ""}`}
+          onpointerdown=${onBrowsePanelResizerPointerDown}
+          role="separator"
+          aria-orientation="horizontal"
+          aria-label="Resize browse and git panels"
+        ></div>
+        <div class="sidebar-browse-bottom">
+          <div
+            class="sidebar-browse-bottom-inner"
+            ref=${browseBottomPanelRef}
+            style=${{ height: `${browseBottomPanelHeightPx}px` }}
+          >
+          <${SidebarGitPanel}
+            onSelectFile=${onSelectBrowseFile}
+            isActive=${sidebarTab === "browse"}
+          />
+          ${acHasUpdate && acLatest && !acDismissed
+            ? html`
+                <${UpdateActionButton}
+                  onClick=${onAcUpdate}
+                  loading=${acUpdating}
+                  warning=${true}
+                  idleLabel=${`Update to v${acLatest}`}
+                  loadingLabel="Updating..."
+                  className="w-full justify-center"
+                />
+              `
+            : null}
           </div>
-        `
-      : null}
+        </div>
+      </div>
+    </div>
   </div>
 `;
 };

package/lib/public/js/lib/api.js

@@ -38,27 +38,73 @@ export async function rejectPairing(id, channel) {
   return res.json();
 }
 
-export async function fetchGoogleStatus() {
-  const res = await authFetch('/api/google/status');
+export async function fetchGoogleAccounts() {
+  const res = await authFetch('/api/google/accounts');
   return res.json();
 }
 
-export async function checkGoogleApis() {
-  const res = await authFetch('/api/google/check');
+export async function fetchGoogleStatus(accountId = "") {
+  const params = new URLSearchParams();
+  if (accountId) params.set("accountId", String(accountId));
+  const suffix = params.toString() ? `?${params.toString()}` : "";
+  const res = await authFetch(`/api/google/status${suffix}`);
   return res.json();
 }
 
-export async function saveGoogleCredentials(clientId, clientSecret, email) {
+export async function checkGoogleApis(accountId = "") {
+  const params = new URLSearchParams();
+  if (accountId) params.set("accountId", String(accountId));
+  const suffix = params.toString() ? `?${params.toString()}` : "";
+  const res = await authFetch(`/api/google/check${suffix}`);
+  return res.json();
+}
+
+export async function saveGoogleCredentials({
+  clientId,
+  clientSecret,
+  email,
+  services = [],
+  client = "default",
+  personal = false,
+  accountId = "",
+}) {
   const res = await authFetch('/api/google/credentials', {
     method: 'POST',
     headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({ clientId, clientSecret, email }),
+    body: JSON.stringify({
+      clientId,
+      clientSecret,
+      email,
+      services,
+      client,
+      personal,
+      accountId,
+    }),
   });
   return res.json();
 }
 
-export async function disconnectGoogle() {
-  const res = await authFetch('/api/google/disconnect', { method: 'POST' });
+export async function saveGoogleAccount({
+  email,
+  services = [],
+  client = "default",
+  personal = false,
+  accountId = "",
+}) {
+  const res = await authFetch('/api/google/accounts', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ email, services, client, personal, accountId }),
+  });
+  return res.json();
+}
+
+export async function disconnectGoogle(accountId = "") {
+  const res = await authFetch('/api/google/disconnect', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ accountId }),
+  });
   return res.json();
 }
 
@@ -389,6 +435,24 @@ export const saveFileContent = async (filePath, content) => {
   return parseJsonOrThrow(res, 'Could not save file');
 };
 
+export const deleteBrowseFile = async (filePath) => {
+  const res = await authFetch('/api/browse/delete', {
+    method: 'DELETE',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ path: String(filePath || '') }),
+  });
+  return parseJsonOrThrow(res, 'Could not delete file');
+};
+
+export const restoreBrowseFile = async (filePath) => {
+  const res = await authFetch('/api/browse/restore', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ path: String(filePath || '') }),
+  });
+  return parseJsonOrThrow(res, 'Could not restore file');
+};
+
 export const fetchBrowseGitSummary = async () => {
   const res = await authFetch('/api/browse/git-summary');
   return parseJsonOrThrow(res, 'Could not load git summary');

package/lib/public/js/lib/browse-file-policies.js

@@ -1,15 +1,33 @@
-export const kProtectedBrowsePaths = new Set([
-  "openclaw.json",
-  "devices/paired.json",
-]);
+const kBrowseFilePoliciesUrl = new URL(
+  "../../shared/browse-file-policies.json",
+  import.meta.url,
+);
 
-export const kLockedBrowsePaths = new Set([
-  "hooks/bootstrap/agents.md",
-  "hooks/bootstrap/tools.md",
-  "skills/control-ui/skill.md",
-  ".alphaclaw/hourly-git-sync.sh",
-  ".alphaclaw/.cli-device-auto-approved",
-]);
+let kBrowseFilePolicies = {
+  protectedPaths: [],
+  lockedPaths: [],
+};
+try {
+  const policyResponse = await fetch(kBrowseFilePoliciesUrl);
+  if (policyResponse.ok) {
+    const policyJson = await policyResponse.json();
+    if (policyJson && typeof policyJson === "object") {
+      kBrowseFilePolicies = policyJson;
+    }
+  }
+} catch {}
+
+export const kProtectedBrowsePaths = new Set(
+  Array.isArray(kBrowseFilePolicies?.protectedPaths)
+    ? kBrowseFilePolicies.protectedPaths
+    : [],
+);
+
+export const kLockedBrowsePaths = new Set(
+  Array.isArray(kBrowseFilePolicies?.lockedPaths)
+    ? kBrowseFilePolicies.lockedPaths
+    : [],
+);
 
 export const normalizeBrowsePolicyPath = (inputPath) =>
   String(inputPath || "")

package/lib/public/js/lib/syntax-highlighters/index.js

@@ -8,11 +8,12 @@ import { escapeHtml, toLineObjects } from "./utils.js";
 
 export const getFileSyntaxKind = (filePath) => {
   const normalizedPath = String(filePath || "").toLowerCase();
-  if (/\.(md|markdown|mdx)$/i.test(normalizedPath)) return "markdown";
-  if (/\.(json|jsonl)$/i.test(normalizedPath)) return "json";
-  if (/\.(html|htm)$/i.test(normalizedPath)) return "html";
-  if (/\.(js|mjs|cjs)$/i.test(normalizedPath)) return "javascript";
-  if (/\.(css|scss)$/i.test(normalizedPath)) return "css";
+  const pathWithoutBakSuffix = normalizedPath.replace(/(\.bak)+$/i, "");
+  if (/\.(md|markdown|mdx)$/i.test(pathWithoutBakSuffix)) return "markdown";
+  if (/\.(json|jsonl)$/i.test(pathWithoutBakSuffix)) return "json";
+  if (/\.(html|htm)$/i.test(pathWithoutBakSuffix)) return "html";
+  if (/\.(js|mjs|cjs)$/i.test(pathWithoutBakSuffix)) return "javascript";
+  if (/\.(css|scss)$/i.test(pathWithoutBakSuffix)) return "css";
   return "plain";
 };
 

package/lib/public/shared/browse-file-policies.json

@@ -0,0 +1,13 @@
+{
+  "protectedPaths": [
+    "openclaw.json",
+    "devices/paired.json"
+  ],
+  "lockedPaths": [
+    "hooks/bootstrap/agents.md",
+    "hooks/bootstrap/tools.md",
+    "skills/control-ui/skill.md",
+    ".alphaclaw/hourly-git-sync.sh",
+    ".alphaclaw/.cli-device-auto-approved"
+  ]
+}

package/lib/server/constants.js

@@ -1,5 +1,6 @@
 const os = require("os");
 const path = require("path");
+const kBrowseFilePolicies = require("../public/shared/browse-file-policies.json");
 
 const parsePositiveIntEnv = (value, fallbackValue) => {
   const parsed = Number.parseInt(String(value || ""), 10);
@@ -258,6 +259,11 @@ const GOG_CONFIG_DIR = path.join(OPENCLAW_DIR, "gogcli");
 const GOG_CREDENTIALS_PATH = path.join(GOG_CONFIG_DIR, "credentials.json");
 const GOG_STATE_PATH = path.join(GOG_CONFIG_DIR, "state.json");
 const GOG_KEYRING_PASSWORD = process.env.GOG_KEYRING_PASSWORD || "alphaclaw";
+const kMaxGoogleAccounts = 5;
+const gogClientCredentialsPath = (clientName = "default") =>
+  clientName === "default"
+    ? GOG_CREDENTIALS_PATH
+    : path.join(GOG_CONFIG_DIR, `credentials-${clientName}.json`);
 
 const API_TEST_COMMANDS = {
   gmail: "gmail labels list",
@@ -274,13 +280,16 @@ const kChannelDefs = {
   telegram: { envKey: "TELEGRAM_BOT_TOKEN" },
   discord: { envKey: "DISCORD_BOT_TOKEN" },
 };
-const kLockedBrowsePaths = new Set([
-  "hooks/bootstrap/agents.md",
-  "hooks/bootstrap/tools.md",
-  "skills/control-ui/skill.md",
-  ".alphaclaw/hourly-git-sync.sh",
-  ".alphaclaw/.cli-device-auto-approved",
-]);
+const kProtectedBrowsePaths = new Set(
+  Array.isArray(kBrowseFilePolicies?.protectedPaths)
+    ? kBrowseFilePolicies.protectedPaths
+    : [],
+);
+const kLockedBrowsePaths = new Set(
+  Array.isArray(kBrowseFilePolicies?.lockedPaths)
+    ? kBrowseFilePolicies.lockedPaths
+    : [],
+);
 
 const SETUP_API_PREFIXES = [
   "/api/status",
@@ -350,6 +359,7 @@ module.exports = {
   kSystemVars,
   kKnownVars,
   kKnownKeys,
+  kProtectedBrowsePaths,
   kLockedBrowsePaths,
   SCOPE_MAP,
   REVERSE_SCOPE_MAP,
@@ -358,6 +368,8 @@ module.exports = {
   GOG_CREDENTIALS_PATH,
   GOG_STATE_PATH,
   GOG_KEYRING_PASSWORD,
+  kMaxGoogleAccounts,
+  gogClientCredentialsPath,
   API_TEST_COMMANDS,
   kChannelDefs,
   SETUP_API_PREFIXES,

package/lib/server/google-state.js

@@ -0,0 +1,187 @@
+const crypto = require("crypto");
+
+const kGoogleStateVersion = 2;
+const kDefaultGoogleClient = "default";
+const kDefaultGoogleScopes = [
+  "gmail:read",
+  "calendar:read",
+  "calendar:write",
+  "drive:read",
+  "sheets:read",
+  "docs:read",
+];
+
+const createEmptyGoogleState = () => ({
+  version: kGoogleStateVersion,
+  accounts: [],
+});
+
+const createGoogleAccountId = () => crypto.randomBytes(4).toString("hex");
+
+const normalizeScopes = (services) => {
+  if (!Array.isArray(services)) return [...kDefaultGoogleScopes];
+  const deduped = Array.from(
+    new Set(
+      services
+        .map((scope) => String(scope || "").trim())
+        .filter(Boolean),
+    ),
+  );
+  return deduped.length ? deduped : [...kDefaultGoogleScopes];
+};
+
+const isLikelyPersonalEmail = (email = "") => {
+  const normalized = String(email || "").trim().toLowerCase();
+  return normalized.endsWith("@gmail.com") || normalized.endsWith("@googlemail.com");
+};
+
+const normalizePersonalFlag = ({ account = {}, client = kDefaultGoogleClient }) => {
+  if (typeof account.personal === "boolean") return account.personal;
+  if (client === "personal") return true;
+  return isLikelyPersonalEmail(account.email);
+};
+
+const normalizeGoogleAccount = (account = {}) => ({
+  // Backward-compatible migration path for older state entries that predate
+  // explicit personal flags or were saved before the personal marker existed.
+  ...(() => {
+    const client =
+      String(account.client || kDefaultGoogleClient).trim() || kDefaultGoogleClient;
+    return {
+      id: String(account.id || createGoogleAccountId()),
+      email: String(account.email || "").trim(),
+      client,
+      personal: normalizePersonalFlag({ account, client }),
+      services: normalizeScopes(account.services),
+      authenticated: Boolean(account.authenticated),
+    };
+  })(),
+});
+
+const normalizeGoogleStateV2 = (state = {}) => {
+  const accounts = Array.isArray(state.accounts)
+    ? state.accounts.map((account) => normalizeGoogleAccount(account))
+    : [];
+  return {
+    version: kGoogleStateVersion,
+    accounts,
+  };
+};
+
+const hasPersonalGoogleAccount = (state = {}) =>
+  (state.accounts || []).some((account) => account.personal);
+
+const writeGoogleState = ({ fs, statePath, state }) => {
+  const normalized = normalizeGoogleStateV2(state);
+  fs.writeFileSync(statePath, JSON.stringify(normalized, null, 2));
+  return normalized;
+};
+
+const migrateGoogleStateV1 = ({ fs, statePath, rawState = {} }) => {
+  const email = String(rawState.email || "").trim();
+  const accounts = email
+    ? [
+        normalizeGoogleAccount({
+          id: createGoogleAccountId(),
+          email,
+          services: rawState.services,
+          authenticated: Boolean(rawState.authenticated),
+          client: kDefaultGoogleClient,
+          personal: false,
+        }),
+      ]
+    : [];
+  const migrated = {
+    version: kGoogleStateVersion,
+    accounts,
+  };
+  fs.writeFileSync(statePath, JSON.stringify(migrated, null, 2));
+  return migrated;
+};
+
+const readGoogleState = ({ fs, statePath }) => {
+  if (!fs.existsSync(statePath)) return createEmptyGoogleState();
+  try {
+    const raw = JSON.parse(fs.readFileSync(statePath, "utf8"));
+    if (raw && raw.version === kGoogleStateVersion && Array.isArray(raw.accounts)) {
+      const normalized = normalizeGoogleStateV2(raw);
+      if (JSON.stringify(raw) !== JSON.stringify(normalized)) {
+        fs.writeFileSync(statePath, JSON.stringify(normalized, null, 2));
+      }
+      return normalized;
+    }
+    return migrateGoogleStateV1({ fs, statePath, rawState: raw || {} });
+  } catch {
+    return createEmptyGoogleState();
+  }
+};
+
+const listGoogleAccounts = (state = {}) => [...(state.accounts || [])];
+
+const getGoogleAccountById = (state = {}, accountId = "") =>
+  (state.accounts || []).find((account) => account.id === accountId) || null;
+
+const getGoogleAccountByEmailAndClient = (
+  state = {},
+  email = "",
+  client = kDefaultGoogleClient,
+) =>
+  (state.accounts || []).find(
+    (account) => account.email === email && account.client === client,
+  ) || null;
+
+const upsertGoogleAccount = ({
+  state,
+  account,
+  maxAccounts = 5,
+}) => {
+  const nextState = normalizeGoogleStateV2(state);
+  const normalized = normalizeGoogleAccount(account);
+  if (!normalized.email) throw new Error("Account email is required");
+  const existingIdx = nextState.accounts.findIndex((item) => item.id === normalized.id);
+
+  if (normalized.personal) {
+    const personalExists = nextState.accounts.some(
+      (item, idx) => item.personal && idx !== existingIdx,
+    );
+    if (personalExists) {
+      throw new Error("Only one personal account is allowed");
+    }
+  }
+
+  if (existingIdx >= 0) {
+    nextState.accounts[existingIdx] = normalized;
+    return { state: nextState, account: normalized };
+  }
+
+  if (nextState.accounts.length >= maxAccounts) {
+    throw new Error(`Maximum ${maxAccounts} Google accounts allowed`);
+  }
+
+  nextState.accounts.push(normalized);
+  return { state: nextState, account: normalized };
+};
+
+const removeGoogleAccount = ({ state, accountId }) => {
+  const nextState = normalizeGoogleStateV2(state);
+  const removed = getGoogleAccountById(nextState, accountId);
+  if (!removed) return { state: nextState, account: null };
+  nextState.accounts = nextState.accounts.filter((account) => account.id !== accountId);
+  return { state: nextState, account: removed };
+};
+
+module.exports = {
+  kGoogleStateVersion,
+  kDefaultGoogleClient,
+  kDefaultGoogleScopes,
+  createGoogleAccountId,
+  createEmptyGoogleState,
+  readGoogleState,
+  writeGoogleState,
+  listGoogleAccounts,
+  getGoogleAccountById,
+  getGoogleAccountByEmailAndClient,
+  upsertGoogleAccount,
+  removeGoogleAccount,
+  hasPersonalGoogleAccount,
+};

package/lib/server/helpers.js

@@ -3,7 +3,7 @@ const crypto = require("crypto");
 const {
   CODEX_JWT_CLAIM_PATH,
   kOnboardingModelProviders,
-  GOG_CREDENTIALS_PATH,
+  gogClientCredentialsPath,
 } = require("./constants");
 
 const normalizeOpenclawVersion = (rawVersion) => {
@@ -170,9 +170,10 @@ const getApiEnableUrl = (svc, projectId) => {
   return `https://console.developers.google.com/apis/api/${api}/overview${project}`;
 };
 
-const readGoogleCredentials = () => {
+const readGoogleCredentials = (clientName = "default") => {
   try {
-    const c = JSON.parse(fs.readFileSync(GOG_CREDENTIALS_PATH, "utf8"));
+    const credentialsPath = gogClientCredentialsPath(clientName);
+    const c = JSON.parse(fs.readFileSync(credentialsPath, "utf8"));
     return {
       clientId:
         c.web?.client_id || c.installed?.client_id || c.client_id || null,
@@ -181,9 +182,16 @@ const readGoogleCredentials = () => {
         c.installed?.client_secret ||
         c.client_secret ||
         null,
+      path: credentialsPath,
+      client: clientName,
     };
   } catch {
-    return { clientId: null, clientSecret: null };
+    return {
+      clientId: null,
+      clientSecret: null,
+      path: gogClientCredentialsPath(clientName),
+      client: clientName,
+    };
   }
 };