npm - @chrysb/alphaclaw - Versions diffs - 0.3.5-beta.1 → 0.4.1-beta.0 - Mend

@chrysb/alphaclaw 0.3.5-beta.1 → 0.4.1-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

package/bin/alphaclaw.js +1 -31
package/lib/public/assets/icons/google_icon.svg +8 -0
package/lib/public/css/explorer.css +53 -0
package/lib/public/css/shell.css +21 -19
package/lib/public/css/theme.css +17 -0
package/lib/public/js/app.js +205 -109
package/lib/public/js/components/credentials-modal.js +36 -8
package/lib/public/js/components/file-tree.js +212 -22
package/lib/public/js/components/file-viewer/editor-surface.js +5 -0
package/lib/public/js/components/file-viewer/index.js +47 -6
package/lib/public/js/components/file-viewer/markdown-split-view.js +2 -0
package/lib/public/js/components/file-viewer/status-banners.js +11 -6
package/lib/public/js/components/file-viewer/toolbar.js +56 -1
package/lib/public/js/components/file-viewer/use-editor-selection-restore.js +6 -0
package/lib/public/js/components/file-viewer/use-file-diff.js +11 -0
package/lib/public/js/components/file-viewer/use-file-loader.js +12 -2
package/lib/public/js/components/file-viewer/use-file-viewer.js +142 -15
package/lib/public/js/components/google/account-row.js +131 -0
package/lib/public/js/components/google/add-account-modal.js +93 -0
package/lib/public/js/components/google/gmail-setup-wizard.js +450 -0
package/lib/public/js/components/google/gmail-watch-toggle.js +81 -0
package/lib/public/js/components/google/index.js +553 -0
package/lib/public/js/components/google/use-gmail-watch.js +140 -0
package/lib/public/js/components/google/use-google-accounts.js +41 -0
package/lib/public/js/components/icons.js +26 -0
package/lib/public/js/components/scope-picker.js +1 -1
package/lib/public/js/components/sidebar-git-panel.js +48 -20
package/lib/public/js/components/sidebar.js +93 -75
package/lib/public/js/components/toast.js +11 -7
package/lib/public/js/components/usage-tab/constants.js +31 -0
package/lib/public/js/components/usage-tab/formatters.js +24 -0
package/lib/public/js/components/usage-tab/index.js +72 -0
package/lib/public/js/components/usage-tab/overview-section.js +147 -0
package/lib/public/js/components/usage-tab/sessions-section.js +175 -0
package/lib/public/js/components/usage-tab/use-usage-tab.js +241 -0
package/lib/public/js/components/webhooks.js +182 -129
package/lib/public/js/lib/api.js +178 -9
package/lib/public/js/lib/browse-file-policies.js +29 -11
package/lib/public/js/lib/format.js +71 -0
package/lib/public/js/lib/syntax-highlighters/index.js +6 -5
package/lib/public/shared/browse-file-policies.json +13 -0
package/lib/server/constants.js +47 -7
package/lib/server/gmail-push.js +109 -0
package/lib/server/gmail-serve.js +254 -0
package/lib/server/gmail-watch.js +725 -0
package/lib/server/google-state.js +317 -0
package/lib/server/helpers.js +17 -11
package/lib/server/internal-files-migration.js +31 -3
package/lib/server/onboarding/github.js +21 -2
package/lib/server/onboarding/index.js +1 -3
package/lib/server/onboarding/openclaw.js +3 -0
package/lib/server/onboarding/workspace.js +40 -0
package/lib/server/routes/browse/index.js +90 -2
package/lib/server/routes/gmail.js +128 -0
package/lib/server/routes/google.js +433 -213
package/lib/server/routes/system.js +107 -0
package/lib/server/routes/usage.js +29 -2
package/lib/server/routes/webhooks.js +52 -17
package/lib/server/usage-db.js +283 -15
package/lib/server/watchdog.js +66 -0
package/lib/server/webhook-middleware.js +99 -1
package/lib/server/webhooks.js +214 -65
package/lib/server.js +27 -0
package/lib/setup/gitignore +6 -0
package/lib/setup/hourly-git-sync.sh +29 -2
package/package.json +1 -1
package/lib/public/js/components/google.js +0 -228
package/lib/public/js/components/usage-tab.js +0 -531

package/lib/public/js/lib/api.js CHANGED Viewed

@@ -1,5 +1,24 @@
+const kClientTimeZoneHeader = "x-client-timezone";
+const getBrowserTimeZone = () => {
+  try {
+    return Intl?.DateTimeFormat?.().resolvedOptions?.().timeZone || "";
+  } catch {
+    return "";
+  }
+};
 export const authFetch = async (url, opts = {}) => {
-  const res = await fetch(url, opts);
+  const nextOptions = { ...opts };
+  const headers = new Headers(opts?.headers || {});
+  if (!headers.has(kClientTimeZoneHeader)) {
+    const browserTimeZone = getBrowserTimeZone();
+    if (browserTimeZone) {
+      headers.set(kClientTimeZoneHeader, browserTimeZone);
+    }
+  }
+  nextOptions.headers = headers;
+  const res = await fetch(url, nextOptions);
   if (res.status === 401) {
     try {
       window.localStorage?.clear?.();
@@ -38,30 +57,162 @@ export async function rejectPairing(id, channel) {
   return res.json();
 }
-export async function fetchGoogleStatus() {
-  const res = await authFetch('/api/google/status');
+export async function fetchGoogleAccounts() {
+  const res = await authFetch('/api/google/accounts');
+  return res.json();
+}
+export async function fetchGoogleStatus(accountId = "") {
+  const params = new URLSearchParams();
+  if (accountId) params.set("accountId", String(accountId));
+  const suffix = params.toString() ? `?${params.toString()}` : "";
+  const res = await authFetch(`/api/google/status${suffix}`);
+  return res.json();
+}
+export async function fetchGoogleCredentials({
+  accountId = "",
+  client = "",
+} = {}) {
+  const params = new URLSearchParams();
+  if (accountId) params.set("accountId", String(accountId));
+  if (client) params.set("client", String(client));
+  const suffix = params.toString() ? `?${params.toString()}` : "";
+  const res = await authFetch(`/api/google/credentials${suffix}`);
   return res.json();
 }
-export async function checkGoogleApis() {
-  const res = await authFetch('/api/google/check');
+export async function checkGoogleApis(accountId = "") {
+  const params = new URLSearchParams();
+  if (accountId) params.set("accountId", String(accountId));
+  const suffix = params.toString() ? `?${params.toString()}` : "";
+  const res = await authFetch(`/api/google/check${suffix}`);
   return res.json();
 }
-export async function saveGoogleCredentials(clientId, clientSecret, email) {
+export async function saveGoogleCredentials({
+  clientId,
+  clientSecret,
+  email,
+  services = [],
+  client = "default",
+  personal = false,
+  accountId = "",
+}) {
   const res = await authFetch('/api/google/credentials', {
     method: 'POST',
     headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({ clientId, clientSecret, email }),
+    body: JSON.stringify({
+      clientId,
+      clientSecret,
+      email,
+      services,
+      client,
+      personal,
+      accountId,
+    }),
   });
   return res.json();
 }
-export async function disconnectGoogle() {
-  const res = await authFetch('/api/google/disconnect', { method: 'POST' });
+export async function saveGoogleAccount({
+  email,
+  services = [],
+  client = "default",
+  personal = false,
+  accountId = "",
+}) {
+  const res = await authFetch('/api/google/accounts', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ email, services, client, personal, accountId }),
+  });
   return res.json();
 }
+export async function disconnectGoogle(accountId = "") {
+  const res = await authFetch('/api/google/disconnect', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ accountId }),
+  });
+  return res.json();
+}
+export const fetchGmailConfig = async () => {
+  const res = await authFetch("/api/gmail/config");
+  return parseJsonOrThrow(res, "Could not load Gmail watch config");
+};
+export const saveGmailConfig = async ({
+  client = "default",
+  topicPath = "",
+  projectId = "",
+  regeneratePushToken = false,
+} = {}) => {
+  const res = await authFetch("/api/gmail/config", {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      client,
+      topicPath,
+      projectId,
+      regeneratePushToken,
+    }),
+  });
+  return parseJsonOrThrow(res, "Could not save Gmail watch config");
+};
+export const startGmailWatch = async (accountId) => {
+  const res = await authFetch("/api/gmail/watch/start", {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ accountId: String(accountId || "") }),
+  });
+  return parseJsonOrThrow(res, "Could not start Gmail watch");
+};
+export const stopGmailWatch = async (accountId) => {
+  const res = await authFetch("/api/gmail/watch/stop", {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ accountId: String(accountId || "") }),
+  });
+  return parseJsonOrThrow(res, "Could not stop Gmail watch");
+};
+export const renewGmailWatch = async ({
+  accountId = "",
+  force = true,
+} = {}) => {
+  const res = await authFetch("/api/gmail/watch/renew", {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ accountId: String(accountId || ""), force: Boolean(force) }),
+  });
+  return parseJsonOrThrow(res, "Could not renew Gmail watch");
+};
+export const fetchAgentSessions = async () => {
+  const res = await authFetch("/api/agent/sessions");
+  return parseJsonOrThrow(res, "Could not load agent sessions");
+};
+export const sendAgentMessage = async ({
+  message = "",
+  sessionKey = "",
+} = {}) => {
+  const res = await authFetch("/api/agent/message", {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      message: String(message || ""),
+      sessionKey: String(sessionKey || ""),
+    }),
+  });
+  return parseJsonOrThrow(res, "Could not send message to agent");
+};
 export async function restartGateway() {
   const res = await authFetch('/api/gateway/restart', { method: 'POST' });
   return parseJsonOrThrow(res, 'Could not restart gateway');
@@ -389,6 +540,24 @@ export const saveFileContent = async (filePath, content) => {
   return parseJsonOrThrow(res, 'Could not save file');
 };
+export const deleteBrowseFile = async (filePath) => {
+  const res = await authFetch('/api/browse/delete', {
+    method: 'DELETE',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ path: String(filePath || '') }),
+  });
+  return parseJsonOrThrow(res, 'Could not delete file');
+};
+export const restoreBrowseFile = async (filePath) => {
+  const res = await authFetch('/api/browse/restore', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ path: String(filePath || '') }),
+  });
+  return parseJsonOrThrow(res, 'Could not restore file');
+};
 export const fetchBrowseGitSummary = async () => {
   const res = await authFetch('/api/browse/git-summary');
   return parseJsonOrThrow(res, 'Could not load git summary');

package/lib/public/js/lib/browse-file-policies.js CHANGED Viewed

@@ -1,15 +1,33 @@
-export const kProtectedBrowsePaths = new Set([
-  "openclaw.json",
-  "devices/paired.json",
-]);
+const kBrowseFilePoliciesUrl = new URL(
+  "../../shared/browse-file-policies.json",
+  import.meta.url,
+);
-export const kLockedBrowsePaths = new Set([
-  "hooks/bootstrap/agents.md",
-  "hooks/bootstrap/tools.md",
-  "skills/control-ui/skill.md",
-  ".alphaclaw/hourly-git-sync.sh",
-  ".alphaclaw/.cli-device-auto-approved",
-]);
+let kBrowseFilePolicies = {
+  protectedPaths: [],
+  lockedPaths: [],
+};
+try {
+  const policyResponse = await fetch(kBrowseFilePoliciesUrl);
+  if (policyResponse.ok) {
+    const policyJson = await policyResponse.json();
+    if (policyJson && typeof policyJson === "object") {
+      kBrowseFilePolicies = policyJson;
+    }
+  }
+} catch {}
+export const kProtectedBrowsePaths = new Set(
+  Array.isArray(kBrowseFilePolicies?.protectedPaths)
+    ? kBrowseFilePolicies.protectedPaths
+    : [],
+);
+export const kLockedBrowsePaths = new Set(
+  Array.isArray(kBrowseFilePolicies?.lockedPaths)
+    ? kBrowseFilePolicies.lockedPaths
+    : [],
+);
 export const normalizeBrowsePolicyPath = (inputPath) =>
   String(inputPath || "")

package/lib/public/js/lib/format.js ADDED Viewed

@@ -0,0 +1,71 @@
+const kIntegerFormatter = new Intl.NumberFormat("en-US");
+const kUsdFormatter = new Intl.NumberFormat("en-US", {
+  style: "currency",
+  currency: "USD",
+  minimumFractionDigits: 2,
+  maximumFractionDigits: 3,
+});
+const toDateValue = (
+  value,
+  { valueIsUnixSeconds = false, valueIsEpochMs = false } = {},
+) => {
+  if (value == null || value === "") return null;
+  if (value instanceof Date) return value;
+  if (valueIsUnixSeconds) return new Date(Number(value) * 1000);
+  if (valueIsEpochMs) return new Date(Number(value));
+  return new Date(value);
+};
+const isSameDay = (left, right) =>
+  left.getFullYear() === right.getFullYear() &&
+  left.getMonth() === right.getMonth() &&
+  left.getDate() === right.getDate();
+export const formatInteger = (value) =>
+  kIntegerFormatter.format(Number(value || 0));
+export const formatUsd = (value) => kUsdFormatter.format(Number(value || 0));
+export const formatLocaleDateTime = (
+  value,
+  { fallback = "—", valueIsUnixSeconds = false, valueIsEpochMs = false } = {},
+) => {
+  try {
+    const dateValue = toDateValue(value, { valueIsUnixSeconds, valueIsEpochMs });
+    if (!dateValue || Number.isNaN(dateValue.getTime())) return fallback;
+    return dateValue.toLocaleString();
+  } catch {
+    return fallback;
+  }
+};
+export const formatLocaleDateTimeWithTodayTime = (
+  value,
+  {
+    fallback = "—",
+    valueIsUnixSeconds = false,
+    valueIsEpochMs = false,
+  } = {},
+) => {
+  try {
+    const dateValue = toDateValue(value, { valueIsUnixSeconds, valueIsEpochMs });
+    if (!dateValue || Number.isNaN(dateValue.getTime())) return fallback;
+    return isSameDay(dateValue, new Date())
+      ? dateValue.toLocaleTimeString()
+      : dateValue.toLocaleString();
+  } catch {
+    return fallback;
+  }
+};
+export const formatDurationCompactMs = (value) => {
+  const ms = Number(value || 0);
+  if (!Number.isFinite(ms) || ms <= 0) return "0s";
+  if (ms < 1000) return `${Math.round(ms)}ms`;
+  const totalSeconds = Math.round(ms / 1000);
+  const minutes = Math.floor(totalSeconds / 60);
+  const seconds = totalSeconds % 60;
+  if (minutes <= 0) return `${seconds}s`;
+  return `${minutes}m ${seconds}s`;
+};

package/lib/public/js/lib/syntax-highlighters/index.js CHANGED Viewed

@@ -8,11 +8,12 @@ import { escapeHtml, toLineObjects } from "./utils.js";
 export const getFileSyntaxKind = (filePath) => {
   const normalizedPath = String(filePath || "").toLowerCase();
-  if (/\.(md|markdown|mdx)$/i.test(normalizedPath)) return "markdown";
-  if (/\.(json|jsonl)$/i.test(normalizedPath)) return "json";
-  if (/\.(html|htm)$/i.test(normalizedPath)) return "html";
-  if (/\.(js|mjs|cjs)$/i.test(normalizedPath)) return "javascript";
-  if (/\.(css|scss)$/i.test(normalizedPath)) return "css";
+  const pathWithoutBakSuffix = normalizedPath.replace(/(\.bak)+$/i, "");
+  if (/\.(md|markdown|mdx)$/i.test(pathWithoutBakSuffix)) return "markdown";
+  if (/\.(json|jsonl)$/i.test(pathWithoutBakSuffix)) return "json";
+  if (/\.(html|htm)$/i.test(pathWithoutBakSuffix)) return "html";
+  if (/\.(js|mjs|cjs)$/i.test(pathWithoutBakSuffix)) return "javascript";
+  if (/\.(css|scss)$/i.test(pathWithoutBakSuffix)) return "css";
   return "plain";
 };

package/lib/public/shared/browse-file-policies.json ADDED Viewed

@@ -0,0 +1,13 @@
+{
+  "protectedPaths": [
+    "openclaw.json",
+    "devices/paired.json"
+  ],
+  "lockedPaths": [
+    "hooks/bootstrap/agents.md",
+    "hooks/bootstrap/tools.md",
+    "skills/control-ui/skill.md",
+    ".alphaclaw/hourly-git-sync.sh",
+    ".alphaclaw/.cli-device-auto-approved"
+  ]
+}

package/lib/server/constants.js CHANGED Viewed

@@ -1,5 +1,6 @@
 const os = require("os");
 const path = require("path");
+const kBrowseFilePolicies = require("../public/shared/browse-file-policies.json");
 const parsePositiveIntEnv = (value, fallbackValue) => {
   const parsed = Number.parseInt(String(value || ""), 10);
@@ -119,6 +120,12 @@ const kMaxPayloadBytes = parsePositiveIntEnv(process.env.WEBHOOK_LOG_MAX_BYTES,
 const kWebhookPruneDays = parsePositiveIntEnv(process.env.WEBHOOK_LOG_RETENTION_DAYS, 30);
 const kWatchdogCheckIntervalMs =
   parsePositiveIntEnv(process.env.WATCHDOG_CHECK_INTERVAL, 120) * 1000;
+const kWatchdogDegradedCheckIntervalMs =
+  parsePositiveIntEnv(process.env.WATCHDOG_DEGRADED_CHECK_INTERVAL, 5) * 1000;
+const kWatchdogStartupFailureThreshold = parsePositiveIntEnv(
+  process.env.WATCHDOG_STARTUP_FAILURE_THRESHOLD,
+  3,
+);
 const kWatchdogMaxRepairAttempts = parsePositiveIntEnv(
   process.env.WATCHDOG_MAX_REPAIR_ATTEMPTS,
   2,
@@ -140,6 +147,7 @@ const kLogMaxBytes = parsePositiveIntEnv(
 const kSystemVars = new Set([
   "WEBHOOK_TOKEN",
+  "OPENCLAW_HOOKS_TOKEN",
   "OPENCLAW_GATEWAY_TOKEN",
   "SETUP_PASSWORD",
   "PORT",
@@ -258,6 +266,25 @@ const GOG_CONFIG_DIR = path.join(OPENCLAW_DIR, "gogcli");
 const GOG_CREDENTIALS_PATH = path.join(GOG_CONFIG_DIR, "credentials.json");
 const GOG_STATE_PATH = path.join(GOG_CONFIG_DIR, "state.json");
 const GOG_KEYRING_PASSWORD = process.env.GOG_KEYRING_PASSWORD || "alphaclaw";
+const kMaxGoogleAccounts = 5;
+const kGmailServeBasePort = parsePositiveIntEnv(
+  process.env.GMAIL_SERVE_BASE_PORT,
+  18801,
+);
+const kGmailWatchRenewalIntervalMs =
+  parsePositiveIntEnv(process.env.GMAIL_WATCH_RENEWAL_INTERVAL_SECONDS, 6 * 60 * 60) *
+  1000;
+const kGmailWatchRenewalThresholdMs =
+  parsePositiveIntEnv(process.env.GMAIL_WATCH_RENEWAL_THRESHOLD_SECONDS, 24 * 60 * 60) *
+  1000;
+const kGmailMaxBodyBytes = parsePositiveIntEnv(
+  process.env.GMAIL_WATCH_MAX_BODY_BYTES,
+  20000,
+);
+const gogClientCredentialsPath = (clientName = "default") =>
+  clientName === "default"
+    ? GOG_CREDENTIALS_PATH
+    : path.join(GOG_CONFIG_DIR, `credentials-${clientName}.json`);
 const API_TEST_COMMANDS = {
   gmail: "gmail labels list",
@@ -274,13 +301,16 @@ const kChannelDefs = {
   telegram: { envKey: "TELEGRAM_BOT_TOKEN" },
   discord: { envKey: "DISCORD_BOT_TOKEN" },
 };
-const kLockedBrowsePaths = new Set([
-  "hooks/bootstrap/agents.md",
-  "hooks/bootstrap/tools.md",
-  "skills/control-ui/skill.md",
-  ".alphaclaw/hourly-git-sync.sh",
-  ".alphaclaw/.cli-device-auto-approved",
-]);
+const kProtectedBrowsePaths = new Set(
+  Array.isArray(kBrowseFilePolicies?.protectedPaths)
+    ? kBrowseFilePolicies.protectedPaths
+    : [],
+);
+const kLockedBrowsePaths = new Set(
+  Array.isArray(kBrowseFilePolicies?.lockedPaths)
+    ? kBrowseFilePolicies.lockedPaths
+    : [],
+);
 const SETUP_API_PREFIXES = [
   "/api/status",
@@ -299,6 +329,7 @@ const SETUP_API_PREFIXES = [
   "/api/sync-cron",
   "/api/telegram",
   "/api/webhooks",
+  "/api/gmail",
   "/api/watchdog",
   "/api/usage",
 ];
@@ -342,6 +373,8 @@ module.exports = {
   kMaxPayloadBytes,
   kWebhookPruneDays,
   kWatchdogCheckIntervalMs,
+  kWatchdogDegradedCheckIntervalMs,
+  kWatchdogStartupFailureThreshold,
   kWatchdogMaxRepairAttempts,
   kWatchdogCrashLoopWindowMs,
   kWatchdogCrashLoopThreshold,
@@ -350,6 +383,7 @@ module.exports = {
   kSystemVars,
   kKnownVars,
   kKnownKeys,
+  kProtectedBrowsePaths,
   kLockedBrowsePaths,
   SCOPE_MAP,
   REVERSE_SCOPE_MAP,
@@ -358,6 +392,12 @@ module.exports = {
   GOG_CREDENTIALS_PATH,
   GOG_STATE_PATH,
   GOG_KEYRING_PASSWORD,
+  kMaxGoogleAccounts,
+  kGmailServeBasePort,
+  kGmailWatchRenewalIntervalMs,
+  kGmailWatchRenewalThresholdMs,
+  kGmailMaxBodyBytes,
+  gogClientCredentialsPath,
   API_TEST_COMMANDS,
   kChannelDefs,
   SETUP_API_PREFIXES,

package/lib/server/gmail-push.js ADDED Viewed

@@ -0,0 +1,109 @@
+const http = require("http");
+const extractBodyBuffer = (body) => {
+  if (Buffer.isBuffer(body)) return body;
+  if (typeof body === "string") return Buffer.from(body, "utf8");
+  if (body && typeof body === "object") {
+    return Buffer.from(JSON.stringify(body), "utf8");
+  }
+  return Buffer.alloc(0);
+};
+const parsePushEnvelope = (bodyBuffer) => {
+  const parsed = JSON.parse(String(bodyBuffer || Buffer.alloc(0)).toString("utf8"));
+  const encodedData = String(parsed?.message?.data || "");
+  const decodedData = encodedData
+    ? JSON.parse(Buffer.from(encodedData, "base64").toString("utf8"))
+    : {};
+  return {
+    envelope: parsed || {},
+    payload: decodedData || {},
+  };
+};
+const proxyPushToServe = async ({
+  port,
+  bodyBuffer,
+  headers,
+}) =>
+  await new Promise((resolve, reject) => {
+    const request = http.request(
+      {
+        hostname: "127.0.0.1",
+        port,
+        method: "POST",
+        path: "/",
+        headers: {
+          "content-type": headers["content-type"] || "application/json",
+          "content-length": String(bodyBuffer.length),
+        },
+      },
+      (response) => {
+        const chunks = [];
+        response.on("data", (chunk) => chunks.push(Buffer.from(chunk)));
+        response.on("end", () => {
+          resolve({
+            statusCode: response.statusCode || 200,
+            body: Buffer.concat(chunks).toString("utf8"),
+          });
+        });
+      },
+    );
+    request.on("error", reject);
+    if (bodyBuffer.length) request.write(bodyBuffer);
+    request.end();
+  });
+const createGmailPushHandler = ({
+  resolvePushToken,
+  resolveTargetByEmail,
+  markPushReceived,
+}) =>
+  async (req, res) => {
+    try {
+      const expectedToken = String(resolvePushToken?.() || "").trim();
+      const receivedToken = String(req.query?.token || "").trim();
+      if (!expectedToken || !receivedToken || expectedToken !== receivedToken) {
+        return res.status(401).json({ ok: false, error: "Invalid push token" });
+      }
+      const bodyBuffer = extractBodyBuffer(req.body);
+      const { payload } = parsePushEnvelope(bodyBuffer);
+      const email = String(payload?.emailAddress || "").trim().toLowerCase();
+      if (!email) {
+        return res.status(200).json({ ok: true, ignored: true, reason: "missing_email" });
+      }
+      const target = resolveTargetByEmail?.(email);
+      if (!target?.port) {
+        return res.status(200).json({ ok: true, ignored: true, reason: "watch_not_enabled" });
+      }
+      try {
+        const proxied = await proxyPushToServe({
+          port: target.port,
+          bodyBuffer,
+          headers: req.headers || {},
+        });
+        await markPushReceived?.({
+          accountId: target.accountId,
+          at: Date.now(),
+        });
+        return res
+          .status(proxied.statusCode)
+          .send(proxied.body || "");
+      } catch (err) {
+        console.error(
+          `[alphaclaw] Gmail push proxy error for ${email}: ${err.message || "unknown"}`,
+        );
+        return res.status(200).json({ ok: true, ignored: true, reason: "proxy_error" });
+      }
+    } catch (err) {
+      console.error("[alphaclaw] Gmail push handler error:", err);
+      return res.status(200).json({ ok: true, ignored: true, reason: "handler_error" });
+    }
+  };
+module.exports = {
+  createGmailPushHandler,
+};