@elizaos/agent 2.0.3-beta.2 → 2.0.3-beta.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/__tests__/view-user-journeys.d.ts.map +1 -1
- package/__tests__/view-user-journeys.js +52 -41
- package/actions/context-signal.d.ts +2 -2
- package/actions/files.d.ts +9 -0
- package/actions/files.d.ts.map +1 -0
- package/actions/files.js +183 -0
- package/actions/index.d.ts +17 -17
- package/api/accounts-routes.d.ts +1 -1
- package/api/accounts-routes.js +1 -1
- package/api/agent-admin-routes.d.ts +1 -1
- package/api/agent-admin-routes.js +2 -2
- package/api/agent-model.d.ts +1 -1
- package/api/agent-status-routes.d.ts +1 -3
- package/api/agent-status-routes.d.ts.map +1 -1
- package/api/agent-status-routes.js +0 -2
- package/api/approval-routes.d.ts +38 -0
- package/api/approval-routes.d.ts.map +1 -0
- package/api/approval-routes.js +223 -0
- package/api/background-routes.d.ts +13 -0
- package/api/background-routes.d.ts.map +1 -0
- package/api/background-routes.js +91 -0
- package/api/binance-skill-helpers.d.ts +2 -2
- package/api/binance-skill-helpers.js +2 -2
- package/api/builtin-views.d.ts.map +1 -1
- package/api/builtin-views.js +44 -4
- package/api/character-routes.d.ts +1 -1
- package/api/chat-augmentation.d.ts.map +1 -1
- package/api/chat-augmentation.js +17 -0
- package/api/chat-routes.d.ts +29 -2
- package/api/chat-routes.d.ts.map +1 -1
- package/api/chat-routes.js +76 -1
- package/api/commands-routes.d.ts +10 -8
- package/api/commands-routes.d.ts.map +1 -1
- package/api/commands-routes.js +17 -59
- package/api/config-routes.d.ts +1 -1
- package/api/config-routes.d.ts.map +1 -1
- package/api/config-routes.js +0 -2
- package/api/connector-routes.d.ts +1 -1
- package/api/conversation-metadata.d.ts +1 -1
- package/api/conversation-metadata.d.ts.map +1 -1
- package/api/conversation-metadata.js +0 -1
- package/api/conversation-routes.d.ts +4 -3
- package/api/conversation-routes.d.ts.map +1 -1
- package/api/conversation-routes.js +34 -1
- package/api/documents-service-loader.d.ts +0 -4
- package/api/documents-service-loader.d.ts.map +1 -1
- package/api/documents-service-loader.js +0 -2
- package/api/files-routes.d.ts +14 -0
- package/api/files-routes.d.ts.map +1 -0
- package/api/files-routes.js +47 -0
- package/api/first-run-routes.d.ts +1 -1
- package/api/health-routes.d.ts +2 -2
- package/api/index.d.ts +40 -39
- package/api/index.d.ts.map +1 -1
- package/api/index.js +1 -0
- package/api/interactions-routes.d.ts +33 -0
- package/api/interactions-routes.d.ts.map +1 -0
- package/api/interactions-routes.js +63 -0
- package/api/media-runtime.d.ts +2 -1
- package/api/media-runtime.d.ts.map +1 -1
- package/api/media-runtime.js +64 -7
- package/api/media-store.d.ts +36 -0
- package/api/media-store.d.ts.map +1 -1
- package/api/media-store.js +141 -2
- package/api/memory-bounds.d.ts +0 -1
- package/api/memory-bounds.d.ts.map +1 -1
- package/api/memory-bounds.js +0 -1
- package/api/misc-routes.d.ts +1 -1
- package/api/model-provider-helpers.d.ts +2 -2
- package/api/model-provider-helpers.js +2 -2
- package/api/permissions-routes-extra.d.ts +1 -1
- package/api/permissions-routes.d.ts +1 -1
- package/api/permissions-routes.d.ts.map +1 -1
- package/api/permissions-routes.js +8 -7
- package/api/plugin-discovery-helpers.d.ts +5 -6
- package/api/plugin-discovery-helpers.d.ts.map +1 -1
- package/api/plugin-discovery-helpers.js +3 -4
- package/api/plugin-runtime-apply.d.ts +2 -2
- package/api/plugin-runtime-apply.d.ts.map +1 -1
- package/api/plugin-runtime-apply.js +74 -0
- package/api/provider-switch-config.d.ts +1 -1
- package/api/provider-switch-routes.d.ts +2 -2
- package/api/registry-routes.d.ts +1 -1
- package/api/registry-service.d.ts +1 -1
- package/api/remote-capability-routes.d.ts +2 -2
- package/api/remote-capability-routes.d.ts.map +1 -1
- package/api/remote-capability-routes.js +19 -0
- package/api/server-autonomy-helpers.d.ts +2 -2
- package/api/server-helpers-auth.d.ts +10 -0
- package/api/server-helpers-auth.d.ts.map +1 -1
- package/api/server-helpers-auth.js +16 -210
- package/api/server-helpers-config.d.ts +1 -1
- package/api/server-helpers-mcp.d.ts +2 -2
- package/api/server-helpers-plugin.d.ts +1 -1
- package/api/server-helpers-swarm.d.ts +3 -3
- package/api/server-helpers-swarm.d.ts.map +1 -1
- package/api/server-helpers-swarm.js +15 -5
- package/api/server-helpers-wallet.d.ts +1 -1
- package/api/server-helpers.d.ts +4 -4
- package/api/server-lazy-routes.d.ts +40 -38
- package/api/server-lazy-routes.d.ts.map +1 -1
- package/api/server-lazy-routes.js +7 -0
- package/api/server-route-dispatch.d.ts +2 -2
- package/api/server-route-dispatch.d.ts.map +1 -1
- package/api/server-route-dispatch.js +7 -0
- package/api/server-types.d.ts +9 -7
- package/api/server-types.d.ts.map +1 -1
- package/api/server.d.ts +19 -19
- package/api/server.d.ts.map +1 -1
- package/api/server.js +111 -17
- package/api/static-file-server.d.ts +2 -2
- package/api/static-file-server.js +2 -2
- package/api/subscription-routes.d.ts +4 -4
- package/api/subscription-routes.js +3 -4
- package/api/suggestions-routes.d.ts +1 -1
- package/api/suggestions-routes.d.ts.map +1 -1
- package/api/suggestions-routes.js +2 -3
- package/api/terminal-execution-routing.d.ts +1 -1
- package/api/training-service-like.d.ts +1 -1
- package/api/trajectory-fallback-routes.d.ts.map +1 -1
- package/api/trajectory-fallback-routes.js +21 -1
- package/api/update-routes.d.ts +1 -1
- package/api/view-registry-types.d.ts +1 -1
- package/api/views-registry.d.ts +14 -4
- package/api/views-registry.d.ts.map +1 -1
- package/api/views-registry.js +107 -72
- package/api/views-routes.d.ts +1 -1
- package/api/views-routes.d.ts.map +1 -1
- package/api/views-routes.js +131 -14
- package/api/views-search-index.d.ts +1 -1
- package/api/wallet-capability.d.ts +3 -3
- package/api/wallet-rpc.d.ts +1 -1
- package/api/wallet.d.ts +3 -3
- package/api/wallet.d.ts.map +1 -1
- package/api/wallet.js +4 -3
- package/api/workbench-context.d.ts +1 -1
- package/api/workbench-helpers.d.ts +3 -3
- package/api/workbench-helpers.js +3 -3
- package/api/workbench-routes.d.ts +2 -2
- package/api/workbench-vfs-routes.d.ts +1 -1
- package/api/ws-event-replay.d.ts +1 -2
- package/api/ws-event-replay.d.ts.map +1 -1
- package/api/ws-event-replay.js +1 -2
- package/api/x-relay-routes.d.ts +2 -2
- package/api/x402-route-validation.d.ts +4 -0
- package/api/x402-route-validation.d.ts.map +1 -0
- package/api/x402-route-validation.js +6 -0
- package/assets/view-heroes/background.png +0 -0
- package/auth/account-storage.d.ts +1 -1
- package/auth/anthropic.d.ts +1 -1
- package/auth/credentials.d.ts +2 -2
- package/auth/index.d.ts +7 -7
- package/auth/oauth-flow.d.ts +2 -2
- package/auth/openai-codex.d.ts +1 -1
- package/awareness/index.d.ts +1 -1
- package/config/config.js +0 -1
- package/config/env-vars.d.ts +1 -1
- package/config/env-vars.d.ts.map +1 -1
- package/config/env-vars.js +0 -1
- package/config/index.d.ts +10 -10
- package/config/model-metadata.d.ts +1 -1
- package/config/owner-contacts.d.ts +1 -1
- package/config/schema.d.ts +1 -1
- package/hooks/discovery.d.ts +1 -1
- package/hooks/eligibility.d.ts +2 -2
- package/hooks/index.d.ts +2 -2
- package/hooks/loader.d.ts +2 -2
- package/hooks/registry.d.ts +1 -1
- package/index.d.ts +87 -85
- package/index.d.ts.map +1 -1
- package/index.js +11 -3
- package/package.json +54 -44
- package/providers/media-provider.d.ts +1 -1
- package/providers/page-scoped-context.d.ts.map +1 -1
- package/providers/page-scoped-context.js +1 -70
- package/providers/relevant-conversations.d.ts.map +1 -1
- package/providers/relevant-conversations.js +8 -9
- package/providers/workspace.d.ts +1 -1
- package/runtime/actions/web-fetch.d.ts.map +1 -1
- package/runtime/actions/web-fetch.js +23 -3
- package/runtime/actions/web-search.d.ts +32 -0
- package/runtime/actions/web-search.d.ts.map +1 -0
- package/runtime/actions/web-search.js +245 -0
- package/runtime/advanced-capabilities-config.d.ts +1 -1
- package/runtime/boot-telemetry.d.ts +1 -1
- package/runtime/conversation-compactor-runtime.d.ts +1 -1
- package/runtime/conversation-compactor-runtime.js +1 -1
- package/runtime/conversation-compactor.d.ts +1 -1
- package/runtime/core-plugins.d.ts.map +1 -1
- package/runtime/core-plugins.js +9 -0
- package/runtime/custom-actions.d.ts +18 -9
- package/runtime/custom-actions.d.ts.map +1 -1
- package/runtime/custom-actions.js +85 -23
- package/runtime/eliza-plugin.d.ts.map +1 -1
- package/runtime/eliza-plugin.js +15 -1
- package/runtime/eliza.d.ts +9 -7
- package/runtime/eliza.d.ts.map +1 -1
- package/runtime/eliza.js +86 -23
- package/runtime/first-time-setup.d.ts +1 -3
- package/runtime/first-time-setup.d.ts.map +1 -1
- package/runtime/first-time-setup.js +0 -2
- package/runtime/index.d.ts +18 -18
- package/runtime/load-plugin-from-vfs.d.ts +2 -2
- package/runtime/mobile-dns.d.ts.map +1 -1
- package/runtime/mobile-dns.js +2 -5
- package/runtime/operations/classifier.d.ts +1 -1
- package/runtime/operations/cold-strategy.d.ts +1 -1
- package/runtime/operations/health-checks.d.ts +1 -1
- package/runtime/operations/health.d.ts +1 -1
- package/runtime/operations/index.d.ts +10 -10
- package/runtime/operations/manager.d.ts +3 -3
- package/runtime/operations/reload-hot.d.ts +1 -1
- package/runtime/operations/repository.d.ts +1 -1
- package/runtime/operations/vault-bridge.d.ts +1 -1
- package/runtime/plugin-collector.d.ts +6 -1
- package/runtime/plugin-collector.d.ts.map +1 -1
- package/runtime/plugin-collector.js +11 -28
- package/runtime/plugin-lifecycle.d.ts.map +1 -1
- package/runtime/plugin-lifecycle.js +1 -0
- package/runtime/plugin-resolver.d.ts +2 -2
- package/runtime/plugin-resolver.d.ts.map +1 -1
- package/runtime/plugin-resolver.js +113 -65
- package/runtime/plugin-types.d.ts +1 -1
- package/runtime/prompt-optimization.d.ts +4 -4
- package/runtime/remote-coding-runner-gate.d.ts +7 -0
- package/runtime/remote-coding-runner-gate.d.ts.map +1 -0
- package/runtime/remote-coding-runner-gate.js +36 -0
- package/runtime/roles/src/index.d.ts +4 -4
- package/runtime/roles.d.ts +2 -2
- package/runtime/sandbox-character.d.ts +1 -1
- package/runtime/tool-call-cache/cache.d.ts +1 -1
- package/runtime/tool-call-cache/disk-store.d.ts +1 -1
- package/runtime/tool-call-cache/index.d.ts +6 -6
- package/runtime/tool-call-cache/key.d.ts +1 -1
- package/runtime/tool-call-cache/redact.d.ts +1 -1
- package/runtime/tool-call-cache/registry.d.ts +1 -1
- package/runtime/tool-call-cache-wrapper.d.ts +7 -9
- package/runtime/tool-call-cache-wrapper.d.ts.map +1 -1
- package/runtime/tool-call-cache-wrapper.js +6 -11
- package/runtime/trajectory-export.d.ts +3 -3
- package/runtime/trajectory-internals.d.ts +2 -1
- package/runtime/trajectory-internals.d.ts.map +1 -1
- package/runtime/trajectory-persistence.d.ts +5 -5
- package/runtime/trajectory-steps-reader.d.ts +1 -1
- package/runtime/trajectory-steps-writer.d.ts +1 -1
- package/runtime/trajectory-storage.d.ts +4 -4
- package/runtime/view-action-affinity.d.ts +18 -15
- package/runtime/view-action-affinity.d.ts.map +1 -1
- package/runtime/view-action-affinity.js +26 -29
- package/runtime/web-search-tools.d.ts +4 -1
- package/runtime/web-search-tools.d.ts.map +1 -1
- package/runtime/web-search-tools.js +37 -9
- package/security/index.d.ts +3 -3
- package/services/approval/index.d.ts +9 -0
- package/services/approval/index.d.ts.map +1 -0
- package/services/approval/index.js +8 -0
- package/services/approval/service.d.ts +35 -0
- package/services/approval/service.d.ts.map +1 -0
- package/services/approval/service.js +40 -0
- package/services/approval/sql.d.ts +18 -0
- package/services/approval/sql.d.ts.map +1 -0
- package/services/approval/sql.js +104 -0
- package/services/approval/store.d.ts +39 -0
- package/services/approval/store.d.ts.map +1 -0
- package/services/approval/store.js +534 -0
- package/services/approval/types.d.ts +207 -0
- package/services/approval/types.d.ts.map +1 -0
- package/services/approval/types.js +34 -0
- package/services/character-persistence.d.ts +2 -2
- package/services/client-chat-sender.d.ts +1 -1
- package/services/config-plugin-manager.d.ts +2 -2
- package/services/connector-setup-service.d.ts +1 -1
- package/services/cove-quote-x509.d.ts +1 -1
- package/services/cove-quote.d.ts +2 -2
- package/services/dstack-tee-provider.d.ts +1 -1
- package/services/file-storage.d.ts +20 -0
- package/services/file-storage.d.ts.map +1 -0
- package/services/file-storage.js +70 -0
- package/services/global-pause/index.d.ts +8 -0
- package/services/global-pause/index.d.ts.map +1 -0
- package/services/global-pause/index.js +7 -0
- package/services/global-pause/service.d.ts +29 -0
- package/services/global-pause/service.d.ts.map +1 -0
- package/services/global-pause/service.js +34 -0
- package/services/global-pause/store.d.ts +31 -0
- package/services/global-pause/store.d.ts.map +1 -0
- package/services/global-pause/store.js +83 -0
- package/services/handoff/index.d.ts +8 -0
- package/services/handoff/index.d.ts.map +1 -0
- package/services/handoff/index.js +7 -0
- package/services/handoff/service.d.ts +29 -0
- package/services/handoff/service.d.ts.map +1 -0
- package/services/handoff/service.js +34 -0
- package/services/handoff/store.d.ts +76 -0
- package/services/handoff/store.d.ts.map +1 -0
- package/services/handoff/store.js +148 -0
- package/services/index.d.ts +30 -31
- package/services/index.d.ts.map +1 -1
- package/services/index.js +0 -6
- package/services/js-runtime-bridge.d.ts.map +1 -1
- package/services/js-runtime-bridge.js +8 -2
- package/services/knowledge-graph/index.d.ts +4 -4
- package/services/knowledge-graph/service.d.ts +2 -2
- package/services/pending-prompts/index.d.ts +8 -0
- package/services/pending-prompts/index.d.ts.map +1 -0
- package/services/pending-prompts/index.js +7 -0
- package/services/pending-prompts/service.d.ts +34 -0
- package/services/pending-prompts/service.d.ts.map +1 -0
- package/services/pending-prompts/service.js +68 -0
- package/services/pending-prompts/store.d.ts +70 -0
- package/services/pending-prompts/store.d.ts.map +1 -0
- package/services/pending-prompts/store.js +191 -0
- package/services/plugin-compiler.d.ts +1 -1
- package/services/plugin-installer.d.ts.map +1 -1
- package/services/plugin-installer.js +21 -11
- package/services/plugin-manager-types.d.ts +1 -1
- package/services/proactive-interaction-decider.d.ts +62 -11
- package/services/proactive-interaction-decider.d.ts.map +1 -1
- package/services/proactive-interaction-decider.js +223 -35
- package/services/push/apns-provider.d.ts +1 -1
- package/services/push/fcm-provider.d.ts +1 -1
- package/services/push/notification-push-service.d.ts +2 -2
- package/services/registry-client-app-meta.d.ts +1 -1
- package/services/registry-client-endpoints.d.ts +2 -2
- package/services/registry-client-local.d.ts +1 -1
- package/services/registry-client-network.d.ts +1 -1
- package/services/registry-client-queries.d.ts +1 -1
- package/services/registry-client.d.ts +3 -3
- package/services/relationships-graph.d.ts +1 -1
- package/services/remote-capability-cloud-sandbox.d.ts +3 -3
- package/services/remote-capability-endpoint-conformance.d.ts +1 -1
- package/services/remote-capability-endpoint-provider.d.ts +4 -4
- package/services/remote-capability-url-endpoint-providers.d.ts +1 -1
- package/services/remote-plugin-adapter.d.ts.map +1 -1
- package/services/remote-plugin-adapter.js +3 -0
- package/services/remote-plugin-bridge.d.ts.map +1 -1
- package/services/remote-plugin-bridge.js +97 -26
- package/services/remote-signing-service.d.ts +4 -4
- package/services/research-task-executor.d.ts +1 -1
- package/services/sandbox-manager.d.ts +1 -1
- package/services/self-updater.d.ts +1 -1
- package/services/self-updater.d.ts.map +1 -1
- package/services/self-updater.js +23 -9
- package/services/shell-execution-router.d.ts +1 -1
- package/services/shell-execution-router.d.ts.map +1 -1
- package/services/shell-execution-router.js +19 -2
- package/services/tee-boot-gate-state.d.ts +1 -1
- package/services/tee-boot-gate.d.ts +4 -4
- package/services/tee-confidential-inference.d.ts +3 -3
- package/services/tee-key-release.d.ts +2 -2
- package/services/tee-model-key-boot.d.ts +4 -4
- package/services/tee-policy.d.ts +1 -1
- package/services/tee-production-profile.d.ts +1 -1
- package/services/tee-release-policy.d.ts +1 -1
- package/services/tee-revocation.d.ts +2 -2
- package/services/tee-runtime-config.d.ts +1 -1
- package/services/tee-sealed-volume.d.ts +3 -3
- package/services/tee-signer-backend.d.ts +3 -3
- package/services/update-checker.d.ts +1 -1
- package/services/vault-signer-backend.d.ts +1 -1
- package/services/vfs-git.d.ts +1 -1
- package/test-support/index.d.ts +3 -3
- package/triggers/runtime.d.ts +1 -1
- package/triggers/scheduling.d.ts +3 -22
- package/triggers/scheduling.d.ts.map +1 -1
- package/triggers/scheduling.js +2 -214
- package/tui/agent-terminal-tui.d.ts.map +1 -1
- package/tui/agent-terminal-tui.js +174 -72
- package/types/index.d.ts +3 -3
- package/api/nfa-routes.d.ts +0 -6
- package/api/nfa-routes.d.ts.map +0 -1
- package/api/nfa-routes.js +0 -125
- package/api/server-auth.d.ts +0 -46
- package/api/server-auth.d.ts.map +0 -1
- package/api/server-auth.js +0 -504
- package/runtime/restart.d.ts +0 -9
- package/runtime/restart.d.ts.map +0 -1
- package/runtime/restart.js +0 -8
- package/test-utils/sqlite-compat.d.ts +0 -23
- package/test-utils/sqlite-compat.d.ts.map +0 -1
- package/test-utils/sqlite-compat.js +0 -214
package/api/nfa-routes.js
DELETED
|
@@ -1,125 +0,0 @@
|
|
|
1
|
-
var __rewriteRelativeImportExtension = (this && this.__rewriteRelativeImportExtension) || function (path, preserveJsx) {
|
|
2
|
-
if (typeof path === "string" && /^\.\.?\//.test(path)) {
|
|
3
|
-
return path.replace(/\.(tsx)$|((?:\.d)?)((?:\.[^./]+?)?)\.([cm]?)ts$/i, function (m, tsx, d, ext, cm) {
|
|
4
|
-
return tsx ? preserveJsx ? ".jsx" : ".js" : d && (!ext || !cm) ? m : (d + ext + "." + cm.toLowerCase() + "js");
|
|
5
|
-
});
|
|
6
|
-
}
|
|
7
|
-
return path;
|
|
8
|
-
};
|
|
9
|
-
import { createHash } from "node:crypto";
|
|
10
|
-
import { readFile } from "node:fs/promises";
|
|
11
|
-
import { join } from "node:path";
|
|
12
|
-
import { resolveStateDir } from "@elizaos/core";
|
|
13
|
-
import { readJsonFile } from "../utils/atomic-json.js";
|
|
14
|
-
function emptyMerkleRoot() {
|
|
15
|
-
return createHash("sha256").update("", "utf8").digest("hex");
|
|
16
|
-
}
|
|
17
|
-
let nfaPlugin;
|
|
18
|
-
async function getNfaPlugin() {
|
|
19
|
-
if (nfaPlugin !== undefined)
|
|
20
|
-
return nfaPlugin;
|
|
21
|
-
try {
|
|
22
|
-
const pkgName = "@elizaos/plugin-bnb-identity";
|
|
23
|
-
const mod = await import(__rewriteRelativeImportExtension(/* @vite-ignore */ pkgName));
|
|
24
|
-
nfaPlugin =
|
|
25
|
-
typeof mod?.buildMerkleRoot === "function" &&
|
|
26
|
-
typeof mod?.parseLearnings === "function" &&
|
|
27
|
-
typeof mod?.sha256 === "function"
|
|
28
|
-
? {
|
|
29
|
-
buildMerkleRoot: mod.buildMerkleRoot,
|
|
30
|
-
parseLearnings: mod.parseLearnings,
|
|
31
|
-
sha256: mod.sha256,
|
|
32
|
-
}
|
|
33
|
-
: null;
|
|
34
|
-
}
|
|
35
|
-
catch {
|
|
36
|
-
nfaPlugin = null;
|
|
37
|
-
}
|
|
38
|
-
return nfaPlugin;
|
|
39
|
-
}
|
|
40
|
-
export async function handleNfaRoutes(ctx) {
|
|
41
|
-
const { res, method, pathname, json } = ctx;
|
|
42
|
-
if (method === "GET" && pathname === "/api/nfa/status") {
|
|
43
|
-
const elizaDir = resolveStateDir();
|
|
44
|
-
const [nfaRecord, identityRecord] = await Promise.all([
|
|
45
|
-
readJsonFile(join(elizaDir, "bap578-nfa.json")),
|
|
46
|
-
readJsonFile(join(elizaDir, "bnb-identity.json")),
|
|
47
|
-
]);
|
|
48
|
-
const bscscanBase = (nfaRecord?.network ?? identityRecord?.network ?? "bsc-testnet") === "bsc"
|
|
49
|
-
? "https://bscscan.com"
|
|
50
|
-
: "https://testnet.bscscan.com";
|
|
51
|
-
json(res, {
|
|
52
|
-
nfa: nfaRecord
|
|
53
|
-
? {
|
|
54
|
-
tokenId: nfaRecord.tokenId,
|
|
55
|
-
contractAddress: nfaRecord.contractAddress,
|
|
56
|
-
network: nfaRecord.network,
|
|
57
|
-
ownerAddress: nfaRecord.ownerAddress,
|
|
58
|
-
merkleRoot: nfaRecord.merkleRoot,
|
|
59
|
-
mintTxHash: nfaRecord.mintTxHash,
|
|
60
|
-
mintedAt: nfaRecord.mintedAt,
|
|
61
|
-
lastUpdatedAt: nfaRecord.lastUpdatedAt,
|
|
62
|
-
bscscanUrl: `${bscscanBase}/tx/${nfaRecord.mintTxHash}`,
|
|
63
|
-
}
|
|
64
|
-
: null,
|
|
65
|
-
identity: identityRecord
|
|
66
|
-
? {
|
|
67
|
-
agentId: identityRecord.agentId,
|
|
68
|
-
network: identityRecord.network,
|
|
69
|
-
ownerAddress: identityRecord.ownerAddress,
|
|
70
|
-
agentURI: identityRecord.agentURI,
|
|
71
|
-
registeredAt: identityRecord.registeredAt,
|
|
72
|
-
scanUrl: `https://${identityRecord.network === "bsc" ? "www" : "testnet"}.8004scan.io/agent/${identityRecord.agentId}`,
|
|
73
|
-
}
|
|
74
|
-
: null,
|
|
75
|
-
configured: !!(nfaRecord || identityRecord),
|
|
76
|
-
});
|
|
77
|
-
return true;
|
|
78
|
-
}
|
|
79
|
-
if (method === "GET" && pathname === "/api/nfa/learnings") {
|
|
80
|
-
const learningsPaths = [
|
|
81
|
-
join(resolveStateDir(), "LEARNINGS.md"),
|
|
82
|
-
join(process.cwd(), "LEARNINGS.md"),
|
|
83
|
-
];
|
|
84
|
-
let markdown = null;
|
|
85
|
-
let resolvedSource = null;
|
|
86
|
-
for (const path of learningsPaths) {
|
|
87
|
-
try {
|
|
88
|
-
markdown = await readFile(path, "utf8");
|
|
89
|
-
resolvedSource = path;
|
|
90
|
-
break;
|
|
91
|
-
}
|
|
92
|
-
catch { }
|
|
93
|
-
}
|
|
94
|
-
if (!markdown) {
|
|
95
|
-
json(res, {
|
|
96
|
-
entries: [],
|
|
97
|
-
merkleRoot: emptyMerkleRoot(),
|
|
98
|
-
totalEntries: 0,
|
|
99
|
-
source: null,
|
|
100
|
-
});
|
|
101
|
-
return true;
|
|
102
|
-
}
|
|
103
|
-
const plugin = await getNfaPlugin();
|
|
104
|
-
if (!plugin) {
|
|
105
|
-
json(res, {
|
|
106
|
-
entries: [],
|
|
107
|
-
merkleRoot: emptyMerkleRoot(),
|
|
108
|
-
totalEntries: 0,
|
|
109
|
-
source: null,
|
|
110
|
-
});
|
|
111
|
-
return true;
|
|
112
|
-
}
|
|
113
|
-
const entries = plugin.parseLearnings(markdown);
|
|
114
|
-
const leafHashes = entries.map((entry) => entry.hash);
|
|
115
|
-
const merkleRoot = plugin.buildMerkleRoot(leafHashes);
|
|
116
|
-
json(res, {
|
|
117
|
-
entries,
|
|
118
|
-
merkleRoot,
|
|
119
|
-
totalEntries: entries.length,
|
|
120
|
-
source: resolvedSource,
|
|
121
|
-
});
|
|
122
|
-
return true;
|
|
123
|
-
}
|
|
124
|
-
return false;
|
|
125
|
-
}
|
package/api/server-auth.d.ts
DELETED
|
@@ -1,46 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Auth, security, and WebSocket authorization helpers extracted from server.ts.
|
|
3
|
-
*/
|
|
4
|
-
import type http from "node:http";
|
|
5
|
-
import type { AgentRuntime } from "@elizaos/core";
|
|
6
|
-
import { type WalletExportRejection, type WalletExportRequestBody } from "@elizaos/shared";
|
|
7
|
-
import type { ConversationMeta } from "./server-helpers.ts";
|
|
8
|
-
export declare function extractAuthToken(req: http.IncomingMessage): string | null;
|
|
9
|
-
export declare function tokenMatches(expected: string, provided: string): boolean;
|
|
10
|
-
export declare function getConfiguredApiToken(): string | undefined;
|
|
11
|
-
export declare function isLoopbackBindHost(host: string): boolean;
|
|
12
|
-
export declare function isTrustedLocalRequest(req: http.IncomingMessage): boolean;
|
|
13
|
-
export declare function ensureApiTokenForBindHost(host: string): void;
|
|
14
|
-
export declare function isAuthorized(req: http.IncomingMessage): boolean;
|
|
15
|
-
export interface PluginConfigMutationRejection {
|
|
16
|
-
field: string;
|
|
17
|
-
message: string;
|
|
18
|
-
}
|
|
19
|
-
export declare function resolvePluginConfigMutationRejections(pluginParams: Array<{
|
|
20
|
-
key: string;
|
|
21
|
-
}>, config: Record<string, unknown>): PluginConfigMutationRejection[];
|
|
22
|
-
export type { WalletExportRejection };
|
|
23
|
-
export declare function resolveWalletExportRejection(req: http.IncomingMessage, body: WalletExportRequestBody): WalletExportRejection | null;
|
|
24
|
-
interface TerminalRunRequestBody {
|
|
25
|
-
terminalToken?: string;
|
|
26
|
-
}
|
|
27
|
-
export interface TerminalRunRejection {
|
|
28
|
-
status: 401 | 403;
|
|
29
|
-
reason: string;
|
|
30
|
-
}
|
|
31
|
-
export declare function resolveTerminalRunRejection(req: http.IncomingMessage, body: TerminalRunRequestBody): TerminalRunRejection | null;
|
|
32
|
-
export declare function extractWsQueryToken(url: URL): string | null;
|
|
33
|
-
export declare function hasWsQueryToken(url: URL): boolean;
|
|
34
|
-
export declare function extractWebSocketHandshakeToken(request: http.IncomingMessage, url: URL): string | null;
|
|
35
|
-
export declare function isWebSocketAuthorized(request: http.IncomingMessage, url: URL): boolean;
|
|
36
|
-
export interface WebSocketUpgradeRejection {
|
|
37
|
-
status: 401 | 403 | 404;
|
|
38
|
-
reason: string;
|
|
39
|
-
}
|
|
40
|
-
export declare function resolveWebSocketUpgradeRejection(req: http.IncomingMessage, wsUrl: URL, resolveCorsOrigin?: (origin?: string) => string | null): WebSocketUpgradeRejection | null;
|
|
41
|
-
export declare function isSafeResetStateDir(resolvedState: string, homeDir: string): boolean;
|
|
42
|
-
type ConversationRoomTitleRef = Pick<ConversationMeta, "id" | "title" | "roomId">;
|
|
43
|
-
export declare function persistConversationRoomTitle(runtime: Pick<AgentRuntime, "getRoom" | "adapter"> | null | undefined, conversation: ConversationRoomTitleRef): Promise<boolean>;
|
|
44
|
-
export declare function rejectWebSocketUpgrade(socket: import("node:stream").Duplex, statusCode: number, message: string): void;
|
|
45
|
-
export declare function decodePathComponent(raw: string, res: http.ServerResponse, fieldName: string): string | null;
|
|
46
|
-
//# sourceMappingURL=server-auth.d.ts.map
|
package/api/server-auth.d.ts.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"server-auth.d.ts","sourceRoot":"","sources":["../../src/api/server-auth.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAGlC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAElD,OAAO,EAKL,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC7B,MAAM,iBAAiB,CAAC;AAEzB,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAM5D,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,eAAe,GAAG,MAAM,GAAG,IAAI,CAyBzE;AAMD,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAKxE;AAED,wBAAgB,qBAAqB,IAAI,MAAM,GAAG,SAAS,CAE1D;AAiKD,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAuCxD;AAuBD,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,IAAI,CAAC,eAAe,GAAG,OAAO,CAoBxE;AAED,wBAAgB,yBAAyB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CA0B5D;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,eAAe,GAAG,OAAO,CAQ/D;AAMD,MAAM,WAAW,6BAA6B;IAC5C,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,wBAAgB,qCAAqC,CACnD,YAAY,EAAE,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,CAAC,EACpC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC9B,6BAA6B,EAAE,CA0BjC;AAMD,YAAY,EAAE,qBAAqB,EAAE,CAAC;AAEtC,wBAAgB,4BAA4B,CAC1C,GAAG,EAAE,IAAI,CAAC,eAAe,EACzB,IAAI,EAAE,uBAAuB,GAC5B,qBAAqB,GAAG,IAAI,CAuC9B;AAMD,UAAU,sBAAsB;IAC9B,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,GAAG,GAAG,GAAG,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,wBAAgB,2BAA2B,CACzC,GAAG,EAAE,IAAI,CAAC,eAAe,EACzB,IAAI,EAAE,sBAAsB,GAC3B,oBAAoB,GAAG,IAAI,CA0C7B;AAMD,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,GAAG,GAAG,MAAM,GAAG,IAAI,CAS3D;AAED,wBAAgB,eAAe,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAMjD;AAED,wBAAgB,8BAA8B,CAC5C,OAAO,EAAE,IAAI,CAAC,eAAe,EAC7B,GAAG,EAAE,GAAG,GACP,MAAM,GAAG,IAAI,CAIf;AAED,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,IAAI,CAAC,eAAe,EAC7B,GAAG,EAAE,GAAG,GACP,OAAO,CAOT;AAED,MAAM,WAAW,yBAAyB;IACxC,MAAM,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,wBAAgB,gCAAgC,CAC9C,GAAG,EAAE,IAAI,CAAC,eAAe,EACzB,KAAK,EAAE,GAAG,EACV,iBAAiB,GAAE,CAAC,MAAM,CAAC,EAAE,MAAM,KAAK,MAAM,GAAG,IAAiB,GACjE,yBAAyB,GAAG,IAAI,CAuClC;AAgBD,wBAAgB,mBAAmB,CACjC,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM,GACd,OAAO,CAgBT;AAMD,KAAK,wBAAwB,GAAG,IAAI,CAClC,gBAAgB,EAChB,IAAI,GAAG,OAAO,GAAG,QAAQ,CAC1B,CAAC;AAEF,wBAAsB,4BAA4B,CAChD,OAAO,EAAE,IAAI,CAAC,YAAY,EAAE,SAAS,GAAG,SAAS,CAAC,GAAG,IAAI,GAAG,SAAS,EACrE,YAAY,EAAE,wBAAwB,GACrC,OAAO,CAAC,OAAO,CAAC,CAalB;AAMD,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,OAAO,aAAa,EAAE,MAAM,EACpC,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,GACd,IAAI,CAmBN;AAED,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,IAAI,CAAC,cAAc,EACxB,SAAS,EAAE,MAAM,GAChB,MAAM,GAAG,IAAI,CAOf"}
|
package/api/server-auth.js
DELETED
|
@@ -1,504 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Auth, security, and WebSocket authorization helpers extracted from server.ts.
|
|
3
|
-
*/
|
|
4
|
-
import crypto from "node:crypto";
|
|
5
|
-
import { isIP } from "node:net";
|
|
6
|
-
import path from "node:path";
|
|
7
|
-
import { logger, sendJsonError } from "@elizaos/core";
|
|
8
|
-
import { isCloudProvisionedContainer, resolveApiSecurityConfig, resolveApiToken, setApiToken, } from "@elizaos/shared";
|
|
9
|
-
import { BLOCKED_ENV_KEYS } from "./plugin-discovery-helpers.js";
|
|
10
|
-
// ---------------------------------------------------------------------------
|
|
11
|
-
// Auth token extraction
|
|
12
|
-
// ---------------------------------------------------------------------------
|
|
13
|
-
export function extractAuthToken(req) {
|
|
14
|
-
const rawAuth = typeof req.headers.authorization === "string"
|
|
15
|
-
? req.headers.authorization
|
|
16
|
-
: "";
|
|
17
|
-
const auth = rawAuth.length > 8192 ? rawAuth.slice(0, 8192).trim() : rawAuth.trim();
|
|
18
|
-
if (auth &&
|
|
19
|
-
auth.length >= 7 &&
|
|
20
|
-
auth.slice(0, 7).toLowerCase() === "bearer ") {
|
|
21
|
-
const token = auth.slice(7).trim();
|
|
22
|
-
if (token)
|
|
23
|
-
return token;
|
|
24
|
-
}
|
|
25
|
-
const header = (typeof req.headers["x-eliza-token"] === "string" &&
|
|
26
|
-
req.headers["x-eliza-token"]) ||
|
|
27
|
-
(typeof req.headers["x-eliza-token"] === "string" &&
|
|
28
|
-
req.headers["x-eliza-token"]) ||
|
|
29
|
-
(typeof req.headers["x-api-key"] === "string" && req.headers["x-api-key"]);
|
|
30
|
-
if (typeof header === "string" && header.trim())
|
|
31
|
-
return header.trim();
|
|
32
|
-
return null;
|
|
33
|
-
}
|
|
34
|
-
// ---------------------------------------------------------------------------
|
|
35
|
-
// Token / API auth helpers
|
|
36
|
-
// ---------------------------------------------------------------------------
|
|
37
|
-
export function tokenMatches(expected, provided) {
|
|
38
|
-
const a = Buffer.from(expected, "utf8");
|
|
39
|
-
const b = Buffer.from(provided, "utf8");
|
|
40
|
-
if (a.length !== b.length)
|
|
41
|
-
return false;
|
|
42
|
-
return crypto.timingSafeEqual(a, b);
|
|
43
|
-
}
|
|
44
|
-
export function getConfiguredApiToken() {
|
|
45
|
-
return resolveApiToken(process.env) ?? undefined;
|
|
46
|
-
}
|
|
47
|
-
function firstHeaderValue(value) {
|
|
48
|
-
if (typeof value === "string")
|
|
49
|
-
return value;
|
|
50
|
-
if (Array.isArray(value) && typeof value[0] === "string")
|
|
51
|
-
return value[0];
|
|
52
|
-
return null;
|
|
53
|
-
}
|
|
54
|
-
const CLIENT_IP_PROXY_HEADERS = new Set([
|
|
55
|
-
"forwarded",
|
|
56
|
-
"forwarded-for",
|
|
57
|
-
"x-forwarded",
|
|
58
|
-
"x-forwarded-for",
|
|
59
|
-
"x-original-forwarded-for",
|
|
60
|
-
"x-real-ip",
|
|
61
|
-
"x-client-ip",
|
|
62
|
-
"x-forwarded-client-ip",
|
|
63
|
-
"x-cluster-client-ip",
|
|
64
|
-
"cf-connecting-ip",
|
|
65
|
-
"true-client-ip",
|
|
66
|
-
"fastly-client-ip",
|
|
67
|
-
"x-appengine-user-ip",
|
|
68
|
-
"x-azure-clientip",
|
|
69
|
-
]);
|
|
70
|
-
function headerValues(value) {
|
|
71
|
-
if (typeof value === "string")
|
|
72
|
-
return [value];
|
|
73
|
-
if (Array.isArray(value)) {
|
|
74
|
-
return value.filter((item) => typeof item === "string");
|
|
75
|
-
}
|
|
76
|
-
return [];
|
|
77
|
-
}
|
|
78
|
-
function isClientIpProxyHeaderName(name) {
|
|
79
|
-
const normalized = name.toLowerCase();
|
|
80
|
-
return (CLIENT_IP_PROXY_HEADERS.has(normalized) ||
|
|
81
|
-
normalized.endsWith("-client-ip") ||
|
|
82
|
-
normalized.endsWith("-connecting-ip") ||
|
|
83
|
-
normalized.endsWith("-real-ip"));
|
|
84
|
-
}
|
|
85
|
-
function extractForwardedForCandidates(raw) {
|
|
86
|
-
const candidates = [];
|
|
87
|
-
const pattern = /(?:^|[;,])\s*for=(?:"([^"]*)"|([^;,]*))/gi;
|
|
88
|
-
for (const match of raw.matchAll(pattern)) {
|
|
89
|
-
candidates.push(match[1] ?? match[2] ?? "");
|
|
90
|
-
}
|
|
91
|
-
return candidates;
|
|
92
|
-
}
|
|
93
|
-
function extractProxyClientAddressCandidates(headerName, raw) {
|
|
94
|
-
if (headerName === "forwarded") {
|
|
95
|
-
return extractForwardedForCandidates(raw);
|
|
96
|
-
}
|
|
97
|
-
const forwardedCandidates = raw.toLowerCase().includes("for=")
|
|
98
|
-
? extractForwardedForCandidates(raw)
|
|
99
|
-
: [];
|
|
100
|
-
if (forwardedCandidates.length > 0)
|
|
101
|
-
return forwardedCandidates;
|
|
102
|
-
return raw.split(",");
|
|
103
|
-
}
|
|
104
|
-
function stripMatchingQuotes(value) {
|
|
105
|
-
const trimmed = value.trim();
|
|
106
|
-
if ((trimmed.startsWith('"') && trimmed.endsWith('"')) ||
|
|
107
|
-
(trimmed.startsWith("'") && trimmed.endsWith("'"))) {
|
|
108
|
-
return trimmed.slice(1, -1);
|
|
109
|
-
}
|
|
110
|
-
return trimmed;
|
|
111
|
-
}
|
|
112
|
-
function isNeutralProxyClientAddress(raw) {
|
|
113
|
-
const normalized = stripMatchingQuotes(raw).trim().toLowerCase();
|
|
114
|
-
return (!normalized ||
|
|
115
|
-
normalized === "unknown" ||
|
|
116
|
-
normalized === "null" ||
|
|
117
|
-
normalized.startsWith("_"));
|
|
118
|
-
}
|
|
119
|
-
function normalizeProxyClientIp(raw) {
|
|
120
|
-
let normalized = stripMatchingQuotes(raw).trim();
|
|
121
|
-
if (!normalized)
|
|
122
|
-
return null;
|
|
123
|
-
if (normalized.startsWith("[")) {
|
|
124
|
-
const close = normalized.indexOf("]");
|
|
125
|
-
if (close > 0) {
|
|
126
|
-
normalized = normalized.slice(1, close);
|
|
127
|
-
}
|
|
128
|
-
}
|
|
129
|
-
else {
|
|
130
|
-
const ipv4HostPort = /^(\d{1,3}(?:\.\d{1,3}){3})(?::\d+)$/.exec(normalized);
|
|
131
|
-
if (ipv4HostPort?.[1]) {
|
|
132
|
-
normalized = ipv4HostPort[1];
|
|
133
|
-
}
|
|
134
|
-
}
|
|
135
|
-
const zoneIndex = normalized.indexOf("%");
|
|
136
|
-
if (zoneIndex >= 0) {
|
|
137
|
-
normalized = normalized.slice(0, zoneIndex);
|
|
138
|
-
}
|
|
139
|
-
normalized = normalized.trim().toLowerCase();
|
|
140
|
-
return isIP(normalized) ? normalized : null;
|
|
141
|
-
}
|
|
142
|
-
function isLoopbackProxyClientIp(ip) {
|
|
143
|
-
const normalized = ip.trim().toLowerCase();
|
|
144
|
-
return (normalized === "::1" ||
|
|
145
|
-
normalized === "0:0:0:0:0:0:0:1" ||
|
|
146
|
-
normalized.startsWith("127.") ||
|
|
147
|
-
normalized.startsWith("::ffff:127.") ||
|
|
148
|
-
normalized.startsWith("::ffff:0:127."));
|
|
149
|
-
}
|
|
150
|
-
function proxyClientHeaderBlocksLocalTrust(headers) {
|
|
151
|
-
for (const [rawName, rawValue] of Object.entries(headers)) {
|
|
152
|
-
const headerName = rawName.toLowerCase();
|
|
153
|
-
if (!isClientIpProxyHeaderName(headerName))
|
|
154
|
-
continue;
|
|
155
|
-
for (const value of headerValues(rawValue)) {
|
|
156
|
-
for (const candidate of extractProxyClientAddressCandidates(headerName, value)) {
|
|
157
|
-
if (isNeutralProxyClientAddress(candidate))
|
|
158
|
-
continue;
|
|
159
|
-
const ip = normalizeProxyClientIp(candidate);
|
|
160
|
-
if (!ip || !isLoopbackProxyClientIp(ip))
|
|
161
|
-
return true;
|
|
162
|
-
}
|
|
163
|
-
}
|
|
164
|
-
}
|
|
165
|
-
return false;
|
|
166
|
-
}
|
|
167
|
-
function isLoopbackRemoteAddress(remoteAddress) {
|
|
168
|
-
if (!remoteAddress)
|
|
169
|
-
return false;
|
|
170
|
-
const normalized = remoteAddress.trim().toLowerCase();
|
|
171
|
-
return (normalized === "127.0.0.1" ||
|
|
172
|
-
normalized === "::1" ||
|
|
173
|
-
normalized === "0:0:0:0:0:0:0:1" ||
|
|
174
|
-
normalized === "::ffff:127.0.0.1" ||
|
|
175
|
-
normalized === "::ffff:0:127.0.0.1");
|
|
176
|
-
}
|
|
177
|
-
export function isLoopbackBindHost(host) {
|
|
178
|
-
let normalized = host.trim().toLowerCase();
|
|
179
|
-
if (!normalized)
|
|
180
|
-
return true;
|
|
181
|
-
// Allow users to provide full URLs by mistake (e.g. http://localhost:2138)
|
|
182
|
-
if (normalized.startsWith("http://") || normalized.startsWith("https://")) {
|
|
183
|
-
try {
|
|
184
|
-
const parsed = new URL(normalized);
|
|
185
|
-
normalized = parsed.hostname.toLowerCase();
|
|
186
|
-
}
|
|
187
|
-
catch {
|
|
188
|
-
// Fall through and parse as raw host value.
|
|
189
|
-
}
|
|
190
|
-
}
|
|
191
|
-
// [::1]:2138 -> ::1
|
|
192
|
-
const bracketedIpv6 = /^\[([^\]]+)\](?::\d+)?$/.exec(normalized);
|
|
193
|
-
if (bracketedIpv6?.[1]) {
|
|
194
|
-
normalized = bracketedIpv6[1];
|
|
195
|
-
}
|
|
196
|
-
else {
|
|
197
|
-
// localhost:2138 -> localhost, 127.0.0.1:2138 -> 127.0.0.1
|
|
198
|
-
const singleColonHostPort = /^([^:]+):(\d+)$/.exec(normalized);
|
|
199
|
-
if (singleColonHostPort?.[1]) {
|
|
200
|
-
normalized = singleColonHostPort[1];
|
|
201
|
-
}
|
|
202
|
-
}
|
|
203
|
-
normalized = normalized.replace(/^\[|\]$/g, "");
|
|
204
|
-
if (!normalized)
|
|
205
|
-
return true;
|
|
206
|
-
if (normalized === "localhost" ||
|
|
207
|
-
normalized === "::1" ||
|
|
208
|
-
normalized === "0:0:0:0:0:0:0:1" ||
|
|
209
|
-
normalized === "::ffff:127.0.0.1") {
|
|
210
|
-
return true;
|
|
211
|
-
}
|
|
212
|
-
if (normalized.startsWith("127."))
|
|
213
|
-
return true;
|
|
214
|
-
return false;
|
|
215
|
-
}
|
|
216
|
-
function isTrustedLocalOrigin(raw) {
|
|
217
|
-
const trimmed = raw.trim();
|
|
218
|
-
if (!trimmed || trimmed === "null")
|
|
219
|
-
return true;
|
|
220
|
-
try {
|
|
221
|
-
const parsed = new URL(trimmed);
|
|
222
|
-
if (parsed.protocol === "file:" ||
|
|
223
|
-
parsed.protocol === "app:" ||
|
|
224
|
-
parsed.protocol === "tauri:" ||
|
|
225
|
-
parsed.protocol === "capacitor:" ||
|
|
226
|
-
parsed.protocol === "capacitor-electron:" ||
|
|
227
|
-
parsed.protocol === "electrobun:") {
|
|
228
|
-
return true;
|
|
229
|
-
}
|
|
230
|
-
return isLoopbackBindHost(parsed.hostname);
|
|
231
|
-
}
|
|
232
|
-
catch {
|
|
233
|
-
return false;
|
|
234
|
-
}
|
|
235
|
-
}
|
|
236
|
-
export function isTrustedLocalRequest(req) {
|
|
237
|
-
if (isCloudProvisionedContainer())
|
|
238
|
-
return false;
|
|
239
|
-
if (!isLoopbackRemoteAddress(req.socket.remoteAddress))
|
|
240
|
-
return false;
|
|
241
|
-
if (proxyClientHeaderBlocksLocalTrust(req.headers))
|
|
242
|
-
return false;
|
|
243
|
-
const host = firstHeaderValue(req.headers.host);
|
|
244
|
-
if (host && !isLoopbackBindHost(host))
|
|
245
|
-
return false;
|
|
246
|
-
const secFetchSite = firstHeaderValue(req.headers["sec-fetch-site"])?.toLowerCase();
|
|
247
|
-
if (secFetchSite === "cross-site")
|
|
248
|
-
return false;
|
|
249
|
-
const origin = firstHeaderValue(req.headers.origin);
|
|
250
|
-
if (origin && !isTrustedLocalOrigin(origin))
|
|
251
|
-
return false;
|
|
252
|
-
const referer = firstHeaderValue(req.headers.referer);
|
|
253
|
-
if (!origin && referer && !isTrustedLocalOrigin(referer))
|
|
254
|
-
return false;
|
|
255
|
-
return true;
|
|
256
|
-
}
|
|
257
|
-
export function ensureApiTokenForBindHost(host) {
|
|
258
|
-
if (resolveApiSecurityConfig(process.env).disableAutoApiToken) {
|
|
259
|
-
return;
|
|
260
|
-
}
|
|
261
|
-
const token = getConfiguredApiToken();
|
|
262
|
-
if (token)
|
|
263
|
-
return;
|
|
264
|
-
const cloudProvisioned = isCloudProvisionedContainer();
|
|
265
|
-
if (!cloudProvisioned && isLoopbackBindHost(host))
|
|
266
|
-
return;
|
|
267
|
-
const generated = crypto.randomBytes(32).toString("hex");
|
|
268
|
-
setApiToken(process.env, generated);
|
|
269
|
-
if (cloudProvisioned) {
|
|
270
|
-
logger.warn("[eliza-api] Steward-managed cloud container started without ELIZA_API_TOKEN; generated a temporary inbound API token for this process.");
|
|
271
|
-
}
|
|
272
|
-
else {
|
|
273
|
-
logger.warn(`[eliza-api] ELIZA_API_BIND=${host} is non-loopback and ELIZA_API_TOKEN is unset.`);
|
|
274
|
-
}
|
|
275
|
-
const tokenFingerprint = `${generated.slice(0, 4)}...${generated.slice(-4)}`;
|
|
276
|
-
logger.warn(`[eliza-api] Generated temporary API token (${tokenFingerprint}) for this process. Set ELIZA_API_TOKEN explicitly to override.`);
|
|
277
|
-
}
|
|
278
|
-
export function isAuthorized(req) {
|
|
279
|
-
if (isTrustedLocalRequest(req))
|
|
280
|
-
return true;
|
|
281
|
-
const expected = getConfiguredApiToken();
|
|
282
|
-
if (!expected)
|
|
283
|
-
return false;
|
|
284
|
-
const provided = extractAuthToken(req);
|
|
285
|
-
if (!provided)
|
|
286
|
-
return false;
|
|
287
|
-
return tokenMatches(expected, provided);
|
|
288
|
-
}
|
|
289
|
-
export function resolvePluginConfigMutationRejections(pluginParams, config) {
|
|
290
|
-
const allowedParamKeys = new Set(pluginParams.map((p) => p.key.toUpperCase().trim()));
|
|
291
|
-
const rejections = [];
|
|
292
|
-
for (const key of Object.keys(config)) {
|
|
293
|
-
const normalized = key.toUpperCase().trim();
|
|
294
|
-
if (!allowedParamKeys.has(normalized)) {
|
|
295
|
-
rejections.push({
|
|
296
|
-
field: key,
|
|
297
|
-
message: `${key} is not a declared config key for this plugin`,
|
|
298
|
-
});
|
|
299
|
-
continue;
|
|
300
|
-
}
|
|
301
|
-
if (BLOCKED_ENV_KEYS.has(normalized)) {
|
|
302
|
-
rejections.push({
|
|
303
|
-
field: key,
|
|
304
|
-
message: `${key} is blocked for security reasons`,
|
|
305
|
-
});
|
|
306
|
-
}
|
|
307
|
-
}
|
|
308
|
-
return rejections;
|
|
309
|
-
}
|
|
310
|
-
export function resolveWalletExportRejection(req, body) {
|
|
311
|
-
if (!body.confirm) {
|
|
312
|
-
return {
|
|
313
|
-
status: 403,
|
|
314
|
-
reason: 'Export requires explicit confirmation. Send { "confirm": true } in the request body.',
|
|
315
|
-
};
|
|
316
|
-
}
|
|
317
|
-
const expected = process.env.ELIZA_WALLET_EXPORT_TOKEN?.trim();
|
|
318
|
-
if (!expected) {
|
|
319
|
-
return {
|
|
320
|
-
status: 403,
|
|
321
|
-
reason: "Wallet export is disabled. Set ELIZA_WALLET_EXPORT_TOKEN to enable secure exports.",
|
|
322
|
-
};
|
|
323
|
-
}
|
|
324
|
-
const headerToken = typeof req.headers["x-eliza-export-token"] === "string"
|
|
325
|
-
? req.headers["x-eliza-export-token"].trim()
|
|
326
|
-
: "";
|
|
327
|
-
const bodyToken = typeof body.exportToken === "string" ? body.exportToken.trim() : "";
|
|
328
|
-
const provided = headerToken || bodyToken;
|
|
329
|
-
if (!provided) {
|
|
330
|
-
return {
|
|
331
|
-
status: 401,
|
|
332
|
-
reason: "Missing export token. Provide X-Eliza-Export-Token header or exportToken in request body.",
|
|
333
|
-
};
|
|
334
|
-
}
|
|
335
|
-
if (!tokenMatches(expected, provided)) {
|
|
336
|
-
return { status: 401, reason: "Invalid export token." };
|
|
337
|
-
}
|
|
338
|
-
return null;
|
|
339
|
-
}
|
|
340
|
-
export function resolveTerminalRunRejection(req, body) {
|
|
341
|
-
const expected = process.env.ELIZA_TERMINAL_RUN_TOKEN?.trim();
|
|
342
|
-
const apiTokenEnabled = Boolean(getConfiguredApiToken());
|
|
343
|
-
// Compatibility mode: local loopback sessions without API token keep
|
|
344
|
-
// existing behavior unless an explicit terminal token is configured.
|
|
345
|
-
if (!expected && !apiTokenEnabled) {
|
|
346
|
-
return null;
|
|
347
|
-
}
|
|
348
|
-
if (!expected) {
|
|
349
|
-
return {
|
|
350
|
-
status: 403,
|
|
351
|
-
reason: "Terminal run is disabled for token-authenticated API sessions. Set ELIZA_TERMINAL_RUN_TOKEN to enable command execution.",
|
|
352
|
-
};
|
|
353
|
-
}
|
|
354
|
-
const headerToken = typeof req.headers["x-eliza-terminal-token"] === "string"
|
|
355
|
-
? req.headers["x-eliza-terminal-token"].trim()
|
|
356
|
-
: "";
|
|
357
|
-
const bodyToken = typeof body.terminalToken === "string" ? body.terminalToken.trim() : "";
|
|
358
|
-
const provided = headerToken || bodyToken;
|
|
359
|
-
if (!provided) {
|
|
360
|
-
return {
|
|
361
|
-
status: 401,
|
|
362
|
-
reason: "Missing terminal token. Provide X-Eliza-Terminal-Token header or terminalToken in request body.",
|
|
363
|
-
};
|
|
364
|
-
}
|
|
365
|
-
if (!tokenMatches(expected, provided)) {
|
|
366
|
-
return {
|
|
367
|
-
status: 401,
|
|
368
|
-
reason: "Invalid terminal token.",
|
|
369
|
-
};
|
|
370
|
-
}
|
|
371
|
-
return null;
|
|
372
|
-
}
|
|
373
|
-
// ---------------------------------------------------------------------------
|
|
374
|
-
// WebSocket auth helpers
|
|
375
|
-
// ---------------------------------------------------------------------------
|
|
376
|
-
export function extractWsQueryToken(url) {
|
|
377
|
-
const allowQueryToken = process.env.ELIZA_ALLOW_WS_QUERY_TOKEN === "1";
|
|
378
|
-
if (!allowQueryToken)
|
|
379
|
-
return null;
|
|
380
|
-
const token = url.searchParams.get("token") ??
|
|
381
|
-
url.searchParams.get("apiKey") ??
|
|
382
|
-
url.searchParams.get("api_key");
|
|
383
|
-
return token?.trim() || null;
|
|
384
|
-
}
|
|
385
|
-
export function hasWsQueryToken(url) {
|
|
386
|
-
return (url.searchParams.has("token") ||
|
|
387
|
-
url.searchParams.has("apiKey") ||
|
|
388
|
-
url.searchParams.has("api_key"));
|
|
389
|
-
}
|
|
390
|
-
export function extractWebSocketHandshakeToken(request, url) {
|
|
391
|
-
const headerToken = extractAuthToken(request);
|
|
392
|
-
if (headerToken)
|
|
393
|
-
return headerToken;
|
|
394
|
-
return extractWsQueryToken(url);
|
|
395
|
-
}
|
|
396
|
-
export function isWebSocketAuthorized(request, url) {
|
|
397
|
-
const expected = getConfiguredApiToken();
|
|
398
|
-
if (!expected)
|
|
399
|
-
return !isCloudProvisionedContainer();
|
|
400
|
-
const handshakeToken = extractWebSocketHandshakeToken(request, url);
|
|
401
|
-
if (!handshakeToken)
|
|
402
|
-
return false;
|
|
403
|
-
return tokenMatches(expected, handshakeToken);
|
|
404
|
-
}
|
|
405
|
-
export function resolveWebSocketUpgradeRejection(req, wsUrl, resolveCorsOrigin = () => null) {
|
|
406
|
-
if (wsUrl.pathname !== "/ws") {
|
|
407
|
-
return { status: 404, reason: "Not found" };
|
|
408
|
-
}
|
|
409
|
-
const origin = typeof req.headers.origin === "string" ? req.headers.origin : undefined;
|
|
410
|
-
const allowedOrigin = resolveCorsOrigin(origin);
|
|
411
|
-
if (origin && !allowedOrigin) {
|
|
412
|
-
return { status: 403, reason: "Origin not allowed" };
|
|
413
|
-
}
|
|
414
|
-
const expected = getConfiguredApiToken();
|
|
415
|
-
if (!expected) {
|
|
416
|
-
return isCloudProvisionedContainer()
|
|
417
|
-
? { status: 401, reason: "Unauthorized" }
|
|
418
|
-
: null;
|
|
419
|
-
}
|
|
420
|
-
// Note: we used to reject upgrades when a query token was present but
|
|
421
|
-
// ELIZA_ALLOW_WS_QUERY_TOKEN was not "1". That veto was actively harmful —
|
|
422
|
-
// browsers cannot set Authorization on `new WebSocket(url)`, so SPAs have no
|
|
423
|
-
// option but to pass the token in the URL. extractWsQueryToken() already
|
|
424
|
-
// returns null when the flag is off, so handshakeToken simply falls through
|
|
425
|
-
// to header-or-null and the post-open `{type:"auth"}` fallback covers
|
|
426
|
-
// self-hosted setups behind header-aware upstream proxies.
|
|
427
|
-
const handshakeToken = extractWebSocketHandshakeToken(req, wsUrl);
|
|
428
|
-
if (handshakeToken && !tokenMatches(expected, handshakeToken)) {
|
|
429
|
-
return { status: 401, reason: "Unauthorized" };
|
|
430
|
-
}
|
|
431
|
-
// Cloud containers must authenticate at the handshake level because there is
|
|
432
|
-
// no trusted upstream proxy handling auth for the WebSocket path.
|
|
433
|
-
if (!handshakeToken && isCloudProvisionedContainer()) {
|
|
434
|
-
return { status: 401, reason: "Unauthorized" };
|
|
435
|
-
}
|
|
436
|
-
return null;
|
|
437
|
-
}
|
|
438
|
-
// ---------------------------------------------------------------------------
|
|
439
|
-
// State dir safety check
|
|
440
|
-
// ---------------------------------------------------------------------------
|
|
441
|
-
const RESET_STATE_ALLOWED_SEGMENTS = new Set(["eliza"]);
|
|
442
|
-
function hasAllowedResetSegment(resolvedState) {
|
|
443
|
-
return resolvedState
|
|
444
|
-
.split(path.sep)
|
|
445
|
-
.some((segment) => RESET_STATE_ALLOWED_SEGMENTS.has(segment.trim().toLowerCase()));
|
|
446
|
-
}
|
|
447
|
-
export function isSafeResetStateDir(resolvedState, homeDir) {
|
|
448
|
-
const normalizedState = path.resolve(resolvedState);
|
|
449
|
-
const normalizedHome = path.resolve(homeDir);
|
|
450
|
-
const parsedRoot = path.parse(normalizedState).root;
|
|
451
|
-
if (normalizedState === parsedRoot)
|
|
452
|
-
return false;
|
|
453
|
-
if (normalizedState === normalizedHome)
|
|
454
|
-
return false;
|
|
455
|
-
const relativeToHome = path.relative(normalizedHome, normalizedState);
|
|
456
|
-
const isUnderHome = relativeToHome.length > 0 &&
|
|
457
|
-
!relativeToHome.startsWith("..") &&
|
|
458
|
-
!path.isAbsolute(relativeToHome);
|
|
459
|
-
if (!isUnderHome)
|
|
460
|
-
return false;
|
|
461
|
-
return hasAllowedResetSegment(normalizedState);
|
|
462
|
-
}
|
|
463
|
-
export async function persistConversationRoomTitle(runtime, conversation) {
|
|
464
|
-
if (!runtime)
|
|
465
|
-
return false;
|
|
466
|
-
const room = await runtime.getRoom(conversation.roomId);
|
|
467
|
-
if (!room)
|
|
468
|
-
return false;
|
|
469
|
-
if (room.name === conversation.title)
|
|
470
|
-
return false;
|
|
471
|
-
const adapter = runtime.adapter;
|
|
472
|
-
if (typeof adapter.updateRoom !== "function")
|
|
473
|
-
return false;
|
|
474
|
-
await adapter.updateRoom({ ...room, name: conversation.title });
|
|
475
|
-
return true;
|
|
476
|
-
}
|
|
477
|
-
// ---------------------------------------------------------------------------
|
|
478
|
-
// WebSocket rejection & path decoding
|
|
479
|
-
// ---------------------------------------------------------------------------
|
|
480
|
-
export function rejectWebSocketUpgrade(socket, statusCode, message) {
|
|
481
|
-
const statusText = statusCode === 401
|
|
482
|
-
? "Unauthorized"
|
|
483
|
-
: statusCode === 403
|
|
484
|
-
? "Forbidden"
|
|
485
|
-
: statusCode === 404
|
|
486
|
-
? "Not Found"
|
|
487
|
-
: "Bad Request";
|
|
488
|
-
const body = `${message}\n`;
|
|
489
|
-
socket.write(`HTTP/1.1 ${statusCode} ${statusText}\r\n` +
|
|
490
|
-
"Connection: close\r\n" +
|
|
491
|
-
"Content-Type: text/plain; charset=utf-8\r\n" +
|
|
492
|
-
`Content-Length: ${Buffer.byteLength(body)}\r\n` +
|
|
493
|
-
"\r\n" +
|
|
494
|
-
body, () => socket.end());
|
|
495
|
-
}
|
|
496
|
-
export function decodePathComponent(raw, res, fieldName) {
|
|
497
|
-
try {
|
|
498
|
-
return decodeURIComponent(raw);
|
|
499
|
-
}
|
|
500
|
-
catch {
|
|
501
|
-
sendJsonError(res, `Invalid ${fieldName}: malformed URL encoding`, 400);
|
|
502
|
-
return null;
|
|
503
|
-
}
|
|
504
|
-
}
|
package/runtime/restart.d.ts
DELETED
|
@@ -1,9 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Restart infrastructure for Eliza — thin re-export of `@elizaos/shared/restart`.
|
|
3
|
-
*
|
|
4
|
-
* The single source of truth lives in `@elizaos/shared` (browser-safe inert
|
|
5
|
-
* default). This module preserves the historical import path used inside the
|
|
6
|
-
* agent package so existing imports keep working.
|
|
7
|
-
*/
|
|
8
|
-
export { RESTART_EXIT_CODE, type RestartHandler, requestRestart, setRestartHandler, } from "@elizaos/shared";
|
|
9
|
-
//# sourceMappingURL=restart.d.ts.map
|