@elizaos/agent 2.0.3-beta.2 → 2.0.3-beta.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/__tests__/view-user-journeys.d.ts.map +1 -1
- package/__tests__/view-user-journeys.js +52 -41
- package/actions/context-signal.d.ts +2 -2
- package/actions/files.d.ts +9 -0
- package/actions/files.d.ts.map +1 -0
- package/actions/files.js +183 -0
- package/actions/index.d.ts +17 -17
- package/api/accounts-routes.d.ts +1 -1
- package/api/accounts-routes.js +1 -1
- package/api/agent-admin-routes.d.ts +1 -1
- package/api/agent-admin-routes.js +2 -2
- package/api/agent-model.d.ts +1 -1
- package/api/agent-status-routes.d.ts +1 -3
- package/api/agent-status-routes.d.ts.map +1 -1
- package/api/agent-status-routes.js +0 -2
- package/api/approval-routes.d.ts +38 -0
- package/api/approval-routes.d.ts.map +1 -0
- package/api/approval-routes.js +223 -0
- package/api/background-routes.d.ts +13 -0
- package/api/background-routes.d.ts.map +1 -0
- package/api/background-routes.js +91 -0
- package/api/binance-skill-helpers.d.ts +2 -2
- package/api/binance-skill-helpers.js +2 -2
- package/api/builtin-views.d.ts.map +1 -1
- package/api/builtin-views.js +44 -4
- package/api/character-routes.d.ts +1 -1
- package/api/chat-augmentation.d.ts.map +1 -1
- package/api/chat-augmentation.js +17 -0
- package/api/chat-routes.d.ts +29 -2
- package/api/chat-routes.d.ts.map +1 -1
- package/api/chat-routes.js +76 -1
- package/api/commands-routes.d.ts +10 -8
- package/api/commands-routes.d.ts.map +1 -1
- package/api/commands-routes.js +17 -59
- package/api/config-routes.d.ts +1 -1
- package/api/config-routes.d.ts.map +1 -1
- package/api/config-routes.js +0 -2
- package/api/connector-routes.d.ts +1 -1
- package/api/conversation-metadata.d.ts +1 -1
- package/api/conversation-metadata.d.ts.map +1 -1
- package/api/conversation-metadata.js +0 -1
- package/api/conversation-routes.d.ts +4 -3
- package/api/conversation-routes.d.ts.map +1 -1
- package/api/conversation-routes.js +34 -1
- package/api/documents-service-loader.d.ts +0 -4
- package/api/documents-service-loader.d.ts.map +1 -1
- package/api/documents-service-loader.js +0 -2
- package/api/files-routes.d.ts +14 -0
- package/api/files-routes.d.ts.map +1 -0
- package/api/files-routes.js +47 -0
- package/api/first-run-routes.d.ts +1 -1
- package/api/health-routes.d.ts +2 -2
- package/api/index.d.ts +40 -39
- package/api/index.d.ts.map +1 -1
- package/api/index.js +1 -0
- package/api/interactions-routes.d.ts +33 -0
- package/api/interactions-routes.d.ts.map +1 -0
- package/api/interactions-routes.js +63 -0
- package/api/media-runtime.d.ts +2 -1
- package/api/media-runtime.d.ts.map +1 -1
- package/api/media-runtime.js +64 -7
- package/api/media-store.d.ts +36 -0
- package/api/media-store.d.ts.map +1 -1
- package/api/media-store.js +141 -2
- package/api/memory-bounds.d.ts +0 -1
- package/api/memory-bounds.d.ts.map +1 -1
- package/api/memory-bounds.js +0 -1
- package/api/misc-routes.d.ts +1 -1
- package/api/model-provider-helpers.d.ts +2 -2
- package/api/model-provider-helpers.js +2 -2
- package/api/permissions-routes-extra.d.ts +1 -1
- package/api/permissions-routes.d.ts +1 -1
- package/api/permissions-routes.d.ts.map +1 -1
- package/api/permissions-routes.js +8 -7
- package/api/plugin-discovery-helpers.d.ts +5 -6
- package/api/plugin-discovery-helpers.d.ts.map +1 -1
- package/api/plugin-discovery-helpers.js +3 -4
- package/api/plugin-runtime-apply.d.ts +2 -2
- package/api/plugin-runtime-apply.d.ts.map +1 -1
- package/api/plugin-runtime-apply.js +74 -0
- package/api/provider-switch-config.d.ts +1 -1
- package/api/provider-switch-routes.d.ts +2 -2
- package/api/registry-routes.d.ts +1 -1
- package/api/registry-service.d.ts +1 -1
- package/api/remote-capability-routes.d.ts +2 -2
- package/api/remote-capability-routes.d.ts.map +1 -1
- package/api/remote-capability-routes.js +19 -0
- package/api/server-autonomy-helpers.d.ts +2 -2
- package/api/server-helpers-auth.d.ts +10 -0
- package/api/server-helpers-auth.d.ts.map +1 -1
- package/api/server-helpers-auth.js +16 -210
- package/api/server-helpers-config.d.ts +1 -1
- package/api/server-helpers-mcp.d.ts +2 -2
- package/api/server-helpers-plugin.d.ts +1 -1
- package/api/server-helpers-swarm.d.ts +3 -3
- package/api/server-helpers-swarm.d.ts.map +1 -1
- package/api/server-helpers-swarm.js +15 -5
- package/api/server-helpers-wallet.d.ts +1 -1
- package/api/server-helpers.d.ts +4 -4
- package/api/server-lazy-routes.d.ts +40 -38
- package/api/server-lazy-routes.d.ts.map +1 -1
- package/api/server-lazy-routes.js +7 -0
- package/api/server-route-dispatch.d.ts +2 -2
- package/api/server-route-dispatch.d.ts.map +1 -1
- package/api/server-route-dispatch.js +7 -0
- package/api/server-types.d.ts +9 -7
- package/api/server-types.d.ts.map +1 -1
- package/api/server.d.ts +19 -19
- package/api/server.d.ts.map +1 -1
- package/api/server.js +111 -17
- package/api/static-file-server.d.ts +2 -2
- package/api/static-file-server.js +2 -2
- package/api/subscription-routes.d.ts +4 -4
- package/api/subscription-routes.js +3 -4
- package/api/suggestions-routes.d.ts +1 -1
- package/api/suggestions-routes.d.ts.map +1 -1
- package/api/suggestions-routes.js +2 -3
- package/api/terminal-execution-routing.d.ts +1 -1
- package/api/training-service-like.d.ts +1 -1
- package/api/trajectory-fallback-routes.d.ts.map +1 -1
- package/api/trajectory-fallback-routes.js +21 -1
- package/api/update-routes.d.ts +1 -1
- package/api/view-registry-types.d.ts +1 -1
- package/api/views-registry.d.ts +14 -4
- package/api/views-registry.d.ts.map +1 -1
- package/api/views-registry.js +107 -72
- package/api/views-routes.d.ts +1 -1
- package/api/views-routes.d.ts.map +1 -1
- package/api/views-routes.js +131 -14
- package/api/views-search-index.d.ts +1 -1
- package/api/wallet-capability.d.ts +3 -3
- package/api/wallet-rpc.d.ts +1 -1
- package/api/wallet.d.ts +3 -3
- package/api/wallet.d.ts.map +1 -1
- package/api/wallet.js +4 -3
- package/api/workbench-context.d.ts +1 -1
- package/api/workbench-helpers.d.ts +3 -3
- package/api/workbench-helpers.js +3 -3
- package/api/workbench-routes.d.ts +2 -2
- package/api/workbench-vfs-routes.d.ts +1 -1
- package/api/ws-event-replay.d.ts +1 -2
- package/api/ws-event-replay.d.ts.map +1 -1
- package/api/ws-event-replay.js +1 -2
- package/api/x-relay-routes.d.ts +2 -2
- package/api/x402-route-validation.d.ts +4 -0
- package/api/x402-route-validation.d.ts.map +1 -0
- package/api/x402-route-validation.js +6 -0
- package/assets/view-heroes/background.png +0 -0
- package/auth/account-storage.d.ts +1 -1
- package/auth/anthropic.d.ts +1 -1
- package/auth/credentials.d.ts +2 -2
- package/auth/index.d.ts +7 -7
- package/auth/oauth-flow.d.ts +2 -2
- package/auth/openai-codex.d.ts +1 -1
- package/awareness/index.d.ts +1 -1
- package/config/config.js +0 -1
- package/config/env-vars.d.ts +1 -1
- package/config/env-vars.d.ts.map +1 -1
- package/config/env-vars.js +0 -1
- package/config/index.d.ts +10 -10
- package/config/model-metadata.d.ts +1 -1
- package/config/owner-contacts.d.ts +1 -1
- package/config/schema.d.ts +1 -1
- package/hooks/discovery.d.ts +1 -1
- package/hooks/eligibility.d.ts +2 -2
- package/hooks/index.d.ts +2 -2
- package/hooks/loader.d.ts +2 -2
- package/hooks/registry.d.ts +1 -1
- package/index.d.ts +87 -85
- package/index.d.ts.map +1 -1
- package/index.js +11 -3
- package/package.json +54 -44
- package/providers/media-provider.d.ts +1 -1
- package/providers/page-scoped-context.d.ts.map +1 -1
- package/providers/page-scoped-context.js +1 -70
- package/providers/relevant-conversations.d.ts.map +1 -1
- package/providers/relevant-conversations.js +8 -9
- package/providers/workspace.d.ts +1 -1
- package/runtime/actions/web-fetch.d.ts.map +1 -1
- package/runtime/actions/web-fetch.js +23 -3
- package/runtime/actions/web-search.d.ts +32 -0
- package/runtime/actions/web-search.d.ts.map +1 -0
- package/runtime/actions/web-search.js +245 -0
- package/runtime/advanced-capabilities-config.d.ts +1 -1
- package/runtime/boot-telemetry.d.ts +1 -1
- package/runtime/conversation-compactor-runtime.d.ts +1 -1
- package/runtime/conversation-compactor-runtime.js +1 -1
- package/runtime/conversation-compactor.d.ts +1 -1
- package/runtime/core-plugins.d.ts.map +1 -1
- package/runtime/core-plugins.js +9 -0
- package/runtime/custom-actions.d.ts +18 -9
- package/runtime/custom-actions.d.ts.map +1 -1
- package/runtime/custom-actions.js +85 -23
- package/runtime/eliza-plugin.d.ts.map +1 -1
- package/runtime/eliza-plugin.js +15 -1
- package/runtime/eliza.d.ts +9 -7
- package/runtime/eliza.d.ts.map +1 -1
- package/runtime/eliza.js +86 -23
- package/runtime/first-time-setup.d.ts +1 -3
- package/runtime/first-time-setup.d.ts.map +1 -1
- package/runtime/first-time-setup.js +0 -2
- package/runtime/index.d.ts +18 -18
- package/runtime/load-plugin-from-vfs.d.ts +2 -2
- package/runtime/mobile-dns.d.ts.map +1 -1
- package/runtime/mobile-dns.js +2 -5
- package/runtime/operations/classifier.d.ts +1 -1
- package/runtime/operations/cold-strategy.d.ts +1 -1
- package/runtime/operations/health-checks.d.ts +1 -1
- package/runtime/operations/health.d.ts +1 -1
- package/runtime/operations/index.d.ts +10 -10
- package/runtime/operations/manager.d.ts +3 -3
- package/runtime/operations/reload-hot.d.ts +1 -1
- package/runtime/operations/repository.d.ts +1 -1
- package/runtime/operations/vault-bridge.d.ts +1 -1
- package/runtime/plugin-collector.d.ts +6 -1
- package/runtime/plugin-collector.d.ts.map +1 -1
- package/runtime/plugin-collector.js +11 -28
- package/runtime/plugin-lifecycle.d.ts.map +1 -1
- package/runtime/plugin-lifecycle.js +1 -0
- package/runtime/plugin-resolver.d.ts +2 -2
- package/runtime/plugin-resolver.d.ts.map +1 -1
- package/runtime/plugin-resolver.js +113 -65
- package/runtime/plugin-types.d.ts +1 -1
- package/runtime/prompt-optimization.d.ts +4 -4
- package/runtime/remote-coding-runner-gate.d.ts +7 -0
- package/runtime/remote-coding-runner-gate.d.ts.map +1 -0
- package/runtime/remote-coding-runner-gate.js +36 -0
- package/runtime/roles/src/index.d.ts +4 -4
- package/runtime/roles.d.ts +2 -2
- package/runtime/sandbox-character.d.ts +1 -1
- package/runtime/tool-call-cache/cache.d.ts +1 -1
- package/runtime/tool-call-cache/disk-store.d.ts +1 -1
- package/runtime/tool-call-cache/index.d.ts +6 -6
- package/runtime/tool-call-cache/key.d.ts +1 -1
- package/runtime/tool-call-cache/redact.d.ts +1 -1
- package/runtime/tool-call-cache/registry.d.ts +1 -1
- package/runtime/tool-call-cache-wrapper.d.ts +7 -9
- package/runtime/tool-call-cache-wrapper.d.ts.map +1 -1
- package/runtime/tool-call-cache-wrapper.js +6 -11
- package/runtime/trajectory-export.d.ts +3 -3
- package/runtime/trajectory-internals.d.ts +2 -1
- package/runtime/trajectory-internals.d.ts.map +1 -1
- package/runtime/trajectory-persistence.d.ts +5 -5
- package/runtime/trajectory-steps-reader.d.ts +1 -1
- package/runtime/trajectory-steps-writer.d.ts +1 -1
- package/runtime/trajectory-storage.d.ts +4 -4
- package/runtime/view-action-affinity.d.ts +18 -15
- package/runtime/view-action-affinity.d.ts.map +1 -1
- package/runtime/view-action-affinity.js +26 -29
- package/runtime/web-search-tools.d.ts +4 -1
- package/runtime/web-search-tools.d.ts.map +1 -1
- package/runtime/web-search-tools.js +37 -9
- package/security/index.d.ts +3 -3
- package/services/approval/index.d.ts +9 -0
- package/services/approval/index.d.ts.map +1 -0
- package/services/approval/index.js +8 -0
- package/services/approval/service.d.ts +35 -0
- package/services/approval/service.d.ts.map +1 -0
- package/services/approval/service.js +40 -0
- package/services/approval/sql.d.ts +18 -0
- package/services/approval/sql.d.ts.map +1 -0
- package/services/approval/sql.js +104 -0
- package/services/approval/store.d.ts +39 -0
- package/services/approval/store.d.ts.map +1 -0
- package/services/approval/store.js +534 -0
- package/services/approval/types.d.ts +207 -0
- package/services/approval/types.d.ts.map +1 -0
- package/services/approval/types.js +34 -0
- package/services/character-persistence.d.ts +2 -2
- package/services/client-chat-sender.d.ts +1 -1
- package/services/config-plugin-manager.d.ts +2 -2
- package/services/connector-setup-service.d.ts +1 -1
- package/services/cove-quote-x509.d.ts +1 -1
- package/services/cove-quote.d.ts +2 -2
- package/services/dstack-tee-provider.d.ts +1 -1
- package/services/file-storage.d.ts +20 -0
- package/services/file-storage.d.ts.map +1 -0
- package/services/file-storage.js +70 -0
- package/services/global-pause/index.d.ts +8 -0
- package/services/global-pause/index.d.ts.map +1 -0
- package/services/global-pause/index.js +7 -0
- package/services/global-pause/service.d.ts +29 -0
- package/services/global-pause/service.d.ts.map +1 -0
- package/services/global-pause/service.js +34 -0
- package/services/global-pause/store.d.ts +31 -0
- package/services/global-pause/store.d.ts.map +1 -0
- package/services/global-pause/store.js +83 -0
- package/services/handoff/index.d.ts +8 -0
- package/services/handoff/index.d.ts.map +1 -0
- package/services/handoff/index.js +7 -0
- package/services/handoff/service.d.ts +29 -0
- package/services/handoff/service.d.ts.map +1 -0
- package/services/handoff/service.js +34 -0
- package/services/handoff/store.d.ts +76 -0
- package/services/handoff/store.d.ts.map +1 -0
- package/services/handoff/store.js +148 -0
- package/services/index.d.ts +30 -31
- package/services/index.d.ts.map +1 -1
- package/services/index.js +0 -6
- package/services/js-runtime-bridge.d.ts.map +1 -1
- package/services/js-runtime-bridge.js +8 -2
- package/services/knowledge-graph/index.d.ts +4 -4
- package/services/knowledge-graph/service.d.ts +2 -2
- package/services/pending-prompts/index.d.ts +8 -0
- package/services/pending-prompts/index.d.ts.map +1 -0
- package/services/pending-prompts/index.js +7 -0
- package/services/pending-prompts/service.d.ts +34 -0
- package/services/pending-prompts/service.d.ts.map +1 -0
- package/services/pending-prompts/service.js +68 -0
- package/services/pending-prompts/store.d.ts +70 -0
- package/services/pending-prompts/store.d.ts.map +1 -0
- package/services/pending-prompts/store.js +191 -0
- package/services/plugin-compiler.d.ts +1 -1
- package/services/plugin-installer.d.ts.map +1 -1
- package/services/plugin-installer.js +21 -11
- package/services/plugin-manager-types.d.ts +1 -1
- package/services/proactive-interaction-decider.d.ts +62 -11
- package/services/proactive-interaction-decider.d.ts.map +1 -1
- package/services/proactive-interaction-decider.js +223 -35
- package/services/push/apns-provider.d.ts +1 -1
- package/services/push/fcm-provider.d.ts +1 -1
- package/services/push/notification-push-service.d.ts +2 -2
- package/services/registry-client-app-meta.d.ts +1 -1
- package/services/registry-client-endpoints.d.ts +2 -2
- package/services/registry-client-local.d.ts +1 -1
- package/services/registry-client-network.d.ts +1 -1
- package/services/registry-client-queries.d.ts +1 -1
- package/services/registry-client.d.ts +3 -3
- package/services/relationships-graph.d.ts +1 -1
- package/services/remote-capability-cloud-sandbox.d.ts +3 -3
- package/services/remote-capability-endpoint-conformance.d.ts +1 -1
- package/services/remote-capability-endpoint-provider.d.ts +4 -4
- package/services/remote-capability-url-endpoint-providers.d.ts +1 -1
- package/services/remote-plugin-adapter.d.ts.map +1 -1
- package/services/remote-plugin-adapter.js +3 -0
- package/services/remote-plugin-bridge.d.ts.map +1 -1
- package/services/remote-plugin-bridge.js +97 -26
- package/services/remote-signing-service.d.ts +4 -4
- package/services/research-task-executor.d.ts +1 -1
- package/services/sandbox-manager.d.ts +1 -1
- package/services/self-updater.d.ts +1 -1
- package/services/self-updater.d.ts.map +1 -1
- package/services/self-updater.js +23 -9
- package/services/shell-execution-router.d.ts +1 -1
- package/services/shell-execution-router.d.ts.map +1 -1
- package/services/shell-execution-router.js +19 -2
- package/services/tee-boot-gate-state.d.ts +1 -1
- package/services/tee-boot-gate.d.ts +4 -4
- package/services/tee-confidential-inference.d.ts +3 -3
- package/services/tee-key-release.d.ts +2 -2
- package/services/tee-model-key-boot.d.ts +4 -4
- package/services/tee-policy.d.ts +1 -1
- package/services/tee-production-profile.d.ts +1 -1
- package/services/tee-release-policy.d.ts +1 -1
- package/services/tee-revocation.d.ts +2 -2
- package/services/tee-runtime-config.d.ts +1 -1
- package/services/tee-sealed-volume.d.ts +3 -3
- package/services/tee-signer-backend.d.ts +3 -3
- package/services/update-checker.d.ts +1 -1
- package/services/vault-signer-backend.d.ts +1 -1
- package/services/vfs-git.d.ts +1 -1
- package/test-support/index.d.ts +3 -3
- package/triggers/runtime.d.ts +1 -1
- package/triggers/scheduling.d.ts +3 -22
- package/triggers/scheduling.d.ts.map +1 -1
- package/triggers/scheduling.js +2 -214
- package/tui/agent-terminal-tui.d.ts.map +1 -1
- package/tui/agent-terminal-tui.js +174 -72
- package/types/index.d.ts +3 -3
- package/api/nfa-routes.d.ts +0 -6
- package/api/nfa-routes.d.ts.map +0 -1
- package/api/nfa-routes.js +0 -125
- package/api/server-auth.d.ts +0 -46
- package/api/server-auth.d.ts.map +0 -1
- package/api/server-auth.js +0 -504
- package/runtime/restart.d.ts +0 -9
- package/runtime/restart.d.ts.map +0 -1
- package/runtime/restart.js +0 -8
- package/test-utils/sqlite-compat.d.ts +0 -23
- package/test-utils/sqlite-compat.d.ts.map +0 -1
- package/test-utils/sqlite-compat.js +0 -214
package/api/index.d.ts
CHANGED
|
@@ -1,43 +1,44 @@
|
|
|
1
1
|
export { type AppManagerLike, type AppsRouteContext, type FavoriteAppsStore, handleAppsRoutes, } from "@elizaos/plugin-app-manager";
|
|
2
2
|
export type { WalletAddressesSnapshot, WalletRouteContext, WalletRouteDependencies, WalletRpcReadinessSnapshot, } from "@elizaos/plugin-wallet";
|
|
3
3
|
export declare const handleWalletRoutes: typeof import("@elizaos/plugin-wallet").handleWalletRoutes;
|
|
4
|
-
export * from "./accounts-routes.
|
|
5
|
-
export * from "./agent-admin-routes.
|
|
6
|
-
export * from "./agent-lifecycle-routes.
|
|
7
|
-
export * from "./agent-model.
|
|
8
|
-
export * from "./agent-transfer-routes.
|
|
9
|
-
export * from "./
|
|
10
|
-
export * from "./
|
|
11
|
-
export * from "./
|
|
12
|
-
export * from "./
|
|
13
|
-
export * from "./
|
|
14
|
-
export * from "./
|
|
15
|
-
export * from "./
|
|
16
|
-
export * from "./
|
|
17
|
-
export
|
|
18
|
-
export
|
|
19
|
-
export * from "./
|
|
20
|
-
export * from "./
|
|
21
|
-
export * from "./memory-
|
|
22
|
-
export * from "./
|
|
23
|
-
export * from "./
|
|
24
|
-
export * from "./
|
|
25
|
-
export * from "./
|
|
26
|
-
export * from "./
|
|
27
|
-
export * from "./
|
|
28
|
-
export * from "./
|
|
29
|
-
export * from "./
|
|
30
|
-
export * from "./registry-
|
|
31
|
-
export
|
|
32
|
-
export
|
|
33
|
-
export * from "./
|
|
34
|
-
export * from "./
|
|
35
|
-
export * from "./training-
|
|
36
|
-
export * from "./
|
|
37
|
-
export * from "./
|
|
38
|
-
export * from "./wallet
|
|
39
|
-
export * from "./wallet-
|
|
40
|
-
export * from "./wallet-
|
|
41
|
-
export * from "./
|
|
42
|
-
export * from "./
|
|
4
|
+
export * from "./accounts-routes.js";
|
|
5
|
+
export * from "./agent-admin-routes.js";
|
|
6
|
+
export * from "./agent-lifecycle-routes.js";
|
|
7
|
+
export * from "./agent-model.js";
|
|
8
|
+
export * from "./agent-transfer-routes.js";
|
|
9
|
+
export * from "./approval-routes.js";
|
|
10
|
+
export * from "./auth-routes.js";
|
|
11
|
+
export * from "./bug-report-routes.js";
|
|
12
|
+
export * from "./character-routes.js";
|
|
13
|
+
export * from "./compat-utils.js";
|
|
14
|
+
export * from "./connector-health.js";
|
|
15
|
+
export * from "./credit-detection.js";
|
|
16
|
+
export * from "./database.js";
|
|
17
|
+
export * from "./diagnostics-routes.js";
|
|
18
|
+
export { type DispatchRouteArgs, dispatchRoute, } from "./dispatch-route.js";
|
|
19
|
+
export * from "./documents-service-loader.js";
|
|
20
|
+
export * from "./early-logs.js";
|
|
21
|
+
export * from "./memory-bounds.js";
|
|
22
|
+
export * from "./memory-routes.js";
|
|
23
|
+
export * from "./models-routes.js";
|
|
24
|
+
export * from "./parse-action-block.js";
|
|
25
|
+
export * from "./permission-request-prompt.js";
|
|
26
|
+
export * from "./permissions-routes.js";
|
|
27
|
+
export * from "./plugin-validation.js";
|
|
28
|
+
export * from "./provider-switch-config.js";
|
|
29
|
+
export * from "./rate-limiter.js";
|
|
30
|
+
export * from "./registry-routes.js";
|
|
31
|
+
export * from "./registry-service.js";
|
|
32
|
+
export { matchPluginRoutePath, tryHandleRuntimePluginRoute, } from "./runtime-plugin-routes.js";
|
|
33
|
+
export * from "./subscription-routes.js";
|
|
34
|
+
export * from "./terminal-run-limits.js";
|
|
35
|
+
export * from "./training-backend-check.js";
|
|
36
|
+
export * from "./training-service-like.js";
|
|
37
|
+
export * from "./tx-service.js";
|
|
38
|
+
export * from "./wallet.js";
|
|
39
|
+
export * from "./wallet-evm-balance.js";
|
|
40
|
+
export * from "./wallet-rpc.js";
|
|
41
|
+
export * from "./wallet-trading-profile.js";
|
|
42
|
+
export * from "./workbench-vfs-routes.js";
|
|
43
|
+
export * from "./zip-utils.js";
|
|
43
44
|
//# sourceMappingURL=index.d.ts.map
|
package/api/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/api/index.ts"],"names":[],"mappings":"AAIA,OAAO,EACL,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,gBAAgB,GACjB,MAAM,6BAA6B,CAAC;AAMrC,YAAY,EACV,uBAAuB,EACvB,kBAAkB,EAClB,uBAAuB,EACvB,0BAA0B,GAC3B,MAAM,wBAAwB,CAAC;AAChC,eAAO,MAAM,kBAAkB,EAAE,cAAc,wBAAwB,EAAE,kBAItE,CAAC;AACJ,cAAc,sBAAsB,CAAC;AACrC,cAAc,yBAAyB,CAAC;AACxC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,kBAAkB,CAAC;AACjC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,kBAAkB,CAAC;AACjC,cAAc,wBAAwB,CAAC;AACvC,cAAc,uBAAuB,CAAC;AACtC,cAAc,mBAAmB,CAAC;AAClC,cAAc,uBAAuB,CAAC;AACtC,cAAc,uBAAuB,CAAC;AACtC,cAAc,eAAe,CAAC;AAC9B,cAAc,yBAAyB,CAAC;AACxC,OAAO,EACL,KAAK,iBAAiB,EACtB,aAAa,GACd,MAAM,qBAAqB,CAAC;AAC7B,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iBAAiB,CAAC;AAChC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,yBAAyB,CAAC;AACxC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yBAAyB,CAAC;AACxC,cAAc,wBAAwB,CAAC;AACvC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,mBAAmB,CAAC;AAClC,cAAc,sBAAsB,CAAC;AACrC,cAAc,uBAAuB,CAAC;AAKtC,OAAO,EACL,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,cAAc,0BAA0B,CAAC;AACzC,cAAc,0BAA0B,CAAC;AACzC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,4BAA4B,CAAC;AAC3C,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,yBAAyB,CAAC;AACxC,cAAc,iBAAiB,CAAC;AAChC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,gBAAgB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/api/index.ts"],"names":[],"mappings":"AAIA,OAAO,EACL,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,gBAAgB,GACjB,MAAM,6BAA6B,CAAC;AAMrC,YAAY,EACV,uBAAuB,EACvB,kBAAkB,EAClB,uBAAuB,EACvB,0BAA0B,GAC3B,MAAM,wBAAwB,CAAC;AAChC,eAAO,MAAM,kBAAkB,EAAE,cAAc,wBAAwB,EAAE,kBAItE,CAAC;AACJ,cAAc,sBAAsB,CAAC;AACrC,cAAc,yBAAyB,CAAC;AACxC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,kBAAkB,CAAC;AACjC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,wBAAwB,CAAC;AACvC,cAAc,uBAAuB,CAAC;AACtC,cAAc,mBAAmB,CAAC;AAClC,cAAc,uBAAuB,CAAC;AACtC,cAAc,uBAAuB,CAAC;AACtC,cAAc,eAAe,CAAC;AAC9B,cAAc,yBAAyB,CAAC;AACxC,OAAO,EACL,KAAK,iBAAiB,EACtB,aAAa,GACd,MAAM,qBAAqB,CAAC;AAC7B,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iBAAiB,CAAC;AAChC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,yBAAyB,CAAC;AACxC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yBAAyB,CAAC;AACxC,cAAc,wBAAwB,CAAC;AACvC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,mBAAmB,CAAC;AAClC,cAAc,sBAAsB,CAAC;AACrC,cAAc,uBAAuB,CAAC;AAKtC,OAAO,EACL,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,cAAc,0BAA0B,CAAC;AACzC,cAAc,0BAA0B,CAAC;AACzC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,4BAA4B,CAAC;AAC3C,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,yBAAyB,CAAC;AACxC,cAAc,iBAAiB,CAAC;AAChC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,gBAAgB,CAAC"}
|
package/api/index.js
CHANGED
|
@@ -12,6 +12,7 @@ export * from "./agent-admin-routes.js";
|
|
|
12
12
|
export * from "./agent-lifecycle-routes.js";
|
|
13
13
|
export * from "./agent-model.js";
|
|
14
14
|
export * from "./agent-transfer-routes.js";
|
|
15
|
+
export * from "./approval-routes.js";
|
|
15
16
|
export * from "./auth-routes.js";
|
|
16
17
|
export * from "./bug-report-routes.js";
|
|
17
18
|
export * from "./character-routes.js";
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* POST /api/interactions/shortcut — report a user-fired UI/keyboard shortcut so
|
|
3
|
+
* the agent observes it as a first-class interaction (#8792).
|
|
4
|
+
*
|
|
5
|
+
* The view-switch half of this contract lives in `views-routes.ts`
|
|
6
|
+
* (`POST /api/views/:id/navigate` → `VIEW_SWITCHED`). This is the keyboard /
|
|
7
|
+
* command-palette half: the client reports a stable `shortcutId` and the route
|
|
8
|
+
* emits `EventType.SHORTCUT_FIRED`, which the proactive-interaction decider
|
|
9
|
+
* consumes (governed by debounce / cooldown / daily-cap / model-judge-silent).
|
|
10
|
+
*
|
|
11
|
+
* Emission is fire-and-forget: a dropped event must never break the shortcut the
|
|
12
|
+
* user actually pressed. This route is auth+proxy thin — it records nothing and
|
|
13
|
+
* computes nothing beyond input validation.
|
|
14
|
+
*/
|
|
15
|
+
import type http from "node:http";
|
|
16
|
+
import { type AgentRuntime } from "@elizaos/core";
|
|
17
|
+
export interface InteractionsRouteContext {
|
|
18
|
+
req: http.IncomingMessage;
|
|
19
|
+
res: http.ServerResponse;
|
|
20
|
+
method: string;
|
|
21
|
+
pathname: string;
|
|
22
|
+
json: (res: http.ServerResponse, data: unknown, status?: number) => void;
|
|
23
|
+
error: (res: http.ServerResponse, message: string, status?: number) => void;
|
|
24
|
+
runtime: AgentRuntime | null | undefined;
|
|
25
|
+
}
|
|
26
|
+
export interface ShortcutInteractionRequest {
|
|
27
|
+
shortcutId: string;
|
|
28
|
+
context?: string;
|
|
29
|
+
}
|
|
30
|
+
/** Parse + validate the shortcut report body; null on anything malformed. */
|
|
31
|
+
export declare function parseShortcutBody(raw: string): ShortcutInteractionRequest | null;
|
|
32
|
+
export declare function handleInteractionsRoutes(ctx: InteractionsRouteContext): Promise<boolean>;
|
|
33
|
+
//# sourceMappingURL=interactions-routes.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"interactions-routes.d.ts","sourceRoot":"","sources":["../../src/api/interactions-routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EACL,KAAK,YAAY,EAGlB,MAAM,eAAe,CAAC;AAQvB,MAAM,WAAW,wBAAwB;IACvC,GAAG,EAAE,IAAI,CAAC,eAAe,CAAC;IAC1B,GAAG,EAAE,IAAI,CAAC,cAAc,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;IACzE,KAAK,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC,cAAc,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;IAC5E,OAAO,EAAE,YAAY,GAAG,IAAI,GAAG,SAAS,CAAC;CAC1C;AAED,MAAM,WAAW,0BAA0B;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,6EAA6E;AAC7E,wBAAgB,iBAAiB,CAC/B,GAAG,EAAE,MAAM,GACV,0BAA0B,GAAG,IAAI,CAoBnC;AAED,wBAAsB,wBAAwB,CAC5C,GAAG,EAAE,wBAAwB,GAC5B,OAAO,CAAC,OAAO,CAAC,CAuClB"}
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
import { EventType, readRequestBodyBuffer, } from "@elizaos/core";
|
|
2
|
+
const MAX_BODY_BYTES = 4 * 1024;
|
|
3
|
+
/** Stable shortcut id: kebab-case, bounded length (e.g. "open-command-palette"). */
|
|
4
|
+
const SHORTCUT_ID_PATTERN = /^[a-z][a-z0-9-]{1,48}$/;
|
|
5
|
+
const MAX_CONTEXT_CHARS = 120;
|
|
6
|
+
/** Parse + validate the shortcut report body; null on anything malformed. */
|
|
7
|
+
export function parseShortcutBody(raw) {
|
|
8
|
+
if (!raw.trim())
|
|
9
|
+
return null;
|
|
10
|
+
let parsed;
|
|
11
|
+
try {
|
|
12
|
+
parsed = JSON.parse(raw);
|
|
13
|
+
}
|
|
14
|
+
catch {
|
|
15
|
+
return null;
|
|
16
|
+
}
|
|
17
|
+
if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
|
|
18
|
+
return null;
|
|
19
|
+
}
|
|
20
|
+
const body = parsed;
|
|
21
|
+
const shortcutId = typeof body.shortcutId === "string" ? body.shortcutId.trim() : "";
|
|
22
|
+
if (!SHORTCUT_ID_PATTERN.test(shortcutId))
|
|
23
|
+
return null;
|
|
24
|
+
const context = typeof body.context === "string" && body.context.trim()
|
|
25
|
+
? body.context.trim().slice(0, MAX_CONTEXT_CHARS)
|
|
26
|
+
: undefined;
|
|
27
|
+
return { shortcutId, ...(context ? { context } : {}) };
|
|
28
|
+
}
|
|
29
|
+
export async function handleInteractionsRoutes(ctx) {
|
|
30
|
+
const { req, res, method, pathname, json, error, runtime } = ctx;
|
|
31
|
+
if (pathname !== "/api/interactions/shortcut")
|
|
32
|
+
return false;
|
|
33
|
+
if (method !== "POST") {
|
|
34
|
+
error(res, "Method not allowed", 405);
|
|
35
|
+
return true;
|
|
36
|
+
}
|
|
37
|
+
const buffer = await readRequestBodyBuffer(req, {
|
|
38
|
+
maxBytes: MAX_BODY_BYTES,
|
|
39
|
+
returnNullOnTooLarge: true,
|
|
40
|
+
});
|
|
41
|
+
const request = parseShortcutBody(buffer?.toString("utf8") ?? "");
|
|
42
|
+
if (!request) {
|
|
43
|
+
error(res, "Invalid shortcut interaction body", 400);
|
|
44
|
+
return true;
|
|
45
|
+
}
|
|
46
|
+
// Emit the first-class SHORTCUT_FIRED interaction event (#8792). Fire-and-forget
|
|
47
|
+
// so the proactive decider can react without ever blocking the response.
|
|
48
|
+
if (runtime) {
|
|
49
|
+
void runtime
|
|
50
|
+
.emitEvent(EventType.SHORTCUT_FIRED, {
|
|
51
|
+
runtime,
|
|
52
|
+
source: "shortcut-interaction",
|
|
53
|
+
shortcutId: request.shortcutId,
|
|
54
|
+
...(request.context ? { context: request.context } : {}),
|
|
55
|
+
initiatedBy: "user",
|
|
56
|
+
})
|
|
57
|
+
.catch((err) => {
|
|
58
|
+
runtime.logger?.debug?.({ src: "InteractionsRoutes", err }, "[InteractionsRoutes] SHORTCUT_FIRED emit failed");
|
|
59
|
+
});
|
|
60
|
+
}
|
|
61
|
+
json(res, { ok: true, shortcutId: request.shortcutId });
|
|
62
|
+
return true;
|
|
63
|
+
}
|
package/api/media-runtime.d.ts
CHANGED
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
* The pure store lives in `./media-store.ts`; this module only connects it to
|
|
8
8
|
* the runtime (routes / pipeline hooks / tasks).
|
|
9
9
|
*/
|
|
10
|
-
import type { IAgentRuntime, Route } from "@elizaos/core";
|
|
10
|
+
import type { IAgentRuntime, Memory, Route } from "@elizaos/core";
|
|
11
11
|
/**
|
|
12
12
|
* Public GET route for stored media. On HTTP platforms (browser, desktop,
|
|
13
13
|
* Android) the pre-auth `serveMediaFile` handler answers first and this route
|
|
@@ -26,6 +26,7 @@ export declare const mediaFileRoute: Route;
|
|
|
26
26
|
* to both the wire response and the saved memory.
|
|
27
27
|
*/
|
|
28
28
|
export declare function registerMediaPipelineHook(runtime: IAgentRuntime): void;
|
|
29
|
+
export declare function collectReferencedMedia(memories: Memory[]): Set<string>;
|
|
29
30
|
/**
|
|
30
31
|
* Register the orphan-media GC: a daily task that diffs every live message
|
|
31
32
|
* attachment URL against the store and deletes files no message references
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"media-runtime.d.ts","sourceRoot":"","sources":["../../src/api/media-runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,aAAa,
|
|
1
|
+
{"version":3,"file":"media-runtime.d.ts","sourceRoot":"","sources":["../../src/api/media-runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAkDlE;;;;;;GAMG;AACH,eAAO,MAAM,cAAc,EAAE,KAmB5B,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI,CAyCtE;AAMD,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,CAyBtE;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI,CA2ChE"}
|
package/api/media-runtime.js
CHANGED
|
@@ -7,7 +7,38 @@
|
|
|
7
7
|
* The pure store lives in `./media-store.ts`; this module only connects it to
|
|
8
8
|
* the runtime (routes / pipeline hooks / tasks).
|
|
9
9
|
*/
|
|
10
|
-
import {
|
|
10
|
+
import { fetchRemoteMedia, logger } from "@elizaos/core";
|
|
11
|
+
import { ensureThumbnailForStoredFile, gcUnreferencedMedia, handleMediaRouteRequest, isStoredMediaUrl, mediaFileNameFromUrl, persistAttachmentUrlIfInline, persistMediaBytes, } from "./media-store.js";
|
|
12
|
+
/** Cap on bytes pulled while rehosting a remote attachment into the store. */
|
|
13
|
+
const REHOST_MAX_BYTES = 50 * 1024 * 1024;
|
|
14
|
+
/** Media content types worth rehosting (skip `link` and unknown). */
|
|
15
|
+
const REHOSTABLE_CONTENT_TYPES = new Set([
|
|
16
|
+
"image",
|
|
17
|
+
"video",
|
|
18
|
+
"audio",
|
|
19
|
+
"document",
|
|
20
|
+
]);
|
|
21
|
+
/**
|
|
22
|
+
* Rehost a remote (http/https) media URL into the content-addressed store via
|
|
23
|
+
* the SSRF-guarded fetcher (blocks private/loopback) with a hard size cap, so an
|
|
24
|
+
* agent-generated/provider URL that may expire becomes a durable, same-origin
|
|
25
|
+
* `/api/media/<hash>` URL. Returns the served URL, or null on any failure
|
|
26
|
+
* (blocked host, too large, unreachable) so the caller can keep the original.
|
|
27
|
+
*/
|
|
28
|
+
async function rehostRemoteMediaUrl(url) {
|
|
29
|
+
try {
|
|
30
|
+
const { buffer, contentType } = await fetchRemoteMedia({
|
|
31
|
+
url,
|
|
32
|
+
maxBytes: REHOST_MAX_BYTES,
|
|
33
|
+
});
|
|
34
|
+
return persistMediaBytes(buffer, contentType ?? "application/octet-stream")
|
|
35
|
+
.url;
|
|
36
|
+
}
|
|
37
|
+
catch (err) {
|
|
38
|
+
logger.warn(`[media-persist] failed to rehost ${url}: ${err instanceof Error ? err.message : String(err)}`);
|
|
39
|
+
return null;
|
|
40
|
+
}
|
|
41
|
+
}
|
|
11
42
|
const MEDIA_URL_PREFIX = "/api/media/";
|
|
12
43
|
/**
|
|
13
44
|
* Public GET route for stored media. On HTTP platforms (browser, desktop,
|
|
@@ -58,6 +89,22 @@ export function registerMediaPipelineHook(runtime) {
|
|
|
58
89
|
if (attachment.url.startsWith("data:")) {
|
|
59
90
|
attachment.url = persistAttachmentUrlIfInline(attachment.url);
|
|
60
91
|
}
|
|
92
|
+
else if (/^https?:\/\//i.test(attachment.url) &&
|
|
93
|
+
!isStoredMediaUrl(attachment.url) &&
|
|
94
|
+
typeof attachment.contentType === "string" &&
|
|
95
|
+
REHOSTABLE_CONTENT_TYPES.has(attachment.contentType)) {
|
|
96
|
+
// Rehost remote agent-generated/outgoing media into the durable store
|
|
97
|
+
// so a provider URL that may expire doesn't leave a broken tile in
|
|
98
|
+
// history. SSRF-guarded + size-capped; on failure keep the original
|
|
99
|
+
// URL and mark it ephemeral so the UI can offer a retry.
|
|
100
|
+
const rehosted = await rehostRemoteMediaUrl(attachment.url);
|
|
101
|
+
if (rehosted) {
|
|
102
|
+
attachment.url = rehosted;
|
|
103
|
+
}
|
|
104
|
+
else {
|
|
105
|
+
attachment.ephemeral = true;
|
|
106
|
+
}
|
|
107
|
+
}
|
|
61
108
|
// Pre-compute a thumbnail for stored images lacking one (generated
|
|
62
109
|
// media). `ensureThumbnailForStoredFile` self-gates on image mime/size.
|
|
63
110
|
if (!attachment.thumbnailUrl && isStoredMediaUrl(attachment.url)) {
|
|
@@ -75,15 +122,25 @@ export function registerMediaPipelineHook(runtime) {
|
|
|
75
122
|
const MEDIA_GC_TASK_NAME = "MEDIA_GC";
|
|
76
123
|
const MEDIA_GC_TAGS = ["queue", "repeat", "media-gc"];
|
|
77
124
|
const MEDIA_GC_INTERVAL_MS = 24 * 60 * 60 * 1000; // daily
|
|
78
|
-
function collectReferencedMedia(memories) {
|
|
125
|
+
export function collectReferencedMedia(memories) {
|
|
79
126
|
const referenced = new Set();
|
|
80
127
|
for (const memory of memories) {
|
|
81
128
|
const attachments = memory.content?.attachments;
|
|
82
|
-
if (
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
129
|
+
if (Array.isArray(attachments)) {
|
|
130
|
+
for (const attachment of attachments) {
|
|
131
|
+
const url = typeof attachment?.url === "string" ? attachment.url : "";
|
|
132
|
+
const name = mediaFileNameFromUrl(url);
|
|
133
|
+
if (name)
|
|
134
|
+
referenced.add(name);
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
// Document-linked original-bytes files: a knowledge document references its
|
|
138
|
+
// stored original via `metadata.mediaUrl` (no content.attachments entry).
|
|
139
|
+
// Collect it so the file survives GC while the document still references it.
|
|
140
|
+
const mediaUrl = memory.metadata
|
|
141
|
+
?.mediaUrl;
|
|
142
|
+
if (typeof mediaUrl === "string") {
|
|
143
|
+
const name = mediaFileNameFromUrl(mediaUrl);
|
|
87
144
|
if (name)
|
|
88
145
|
referenced.add(name);
|
|
89
146
|
}
|
package/api/media-store.d.ts
CHANGED
|
@@ -14,6 +14,22 @@
|
|
|
14
14
|
* content-addressed pattern from the dedicated media directory.
|
|
15
15
|
*/
|
|
16
16
|
import type http from "node:http";
|
|
17
|
+
/**
|
|
18
|
+
* MIME types that are safe to render inline in a browser context. Everything
|
|
19
|
+
* else — notably `image/svg+xml`, `text/html`, and unknown/active types — is
|
|
20
|
+
* served with `Content-Disposition: attachment` so it can never execute script
|
|
21
|
+
* on the dashboard origin (stored-XSS defence). SVG is deliberately excluded:
|
|
22
|
+
* it is an XML document that can carry `<script>` and event handlers.
|
|
23
|
+
*/
|
|
24
|
+
export declare function isInlineSafeMime(mime: string): boolean;
|
|
25
|
+
/**
|
|
26
|
+
* Sniff the leading bytes for active XML/HTML markup. Returns the TRUE dangerous
|
|
27
|
+
* mime when the content is SVG or HTML, else null. Used to reconcile a declared
|
|
28
|
+
* "safe image" mime against bytes that are really markup, so the store records
|
|
29
|
+
* (and later serves) the truthful, attachment-served type — defence in depth on
|
|
30
|
+
* top of the strict extension map and the nosniff header.
|
|
31
|
+
*/
|
|
32
|
+
export declare function sniffMarkupMime(buffer: Buffer): string | null;
|
|
17
33
|
export interface MediaFileStat {
|
|
18
34
|
name: string;
|
|
19
35
|
size: number;
|
|
@@ -50,6 +66,26 @@ export declare function gcUnreferencedMedia(referenced: Set<string>): {
|
|
|
50
66
|
removed: number;
|
|
51
67
|
scanned: number;
|
|
52
68
|
};
|
|
69
|
+
export interface MediaFileInfo {
|
|
70
|
+
fileName: string;
|
|
71
|
+
url: string;
|
|
72
|
+
hash: string;
|
|
73
|
+
mimeType: string;
|
|
74
|
+
size: number;
|
|
75
|
+
createdAt: number;
|
|
76
|
+
}
|
|
77
|
+
/**
|
|
78
|
+
* List every stored media file with derived metadata (size, mime, mtime) for
|
|
79
|
+
* the Files surface. Read-only directory scan; never throws (returns [] on
|
|
80
|
+
* failure). Metadata is derived (no separate index), matching the
|
|
81
|
+
* content-addressed model — original filenames aren't retained here.
|
|
82
|
+
*/
|
|
83
|
+
export declare function listMediaFiles(): MediaFileInfo[];
|
|
84
|
+
/**
|
|
85
|
+
* Delete a stored media file by its strict content-addressed name. Returns true
|
|
86
|
+
* when removed. Validates the name + dir to defend against traversal.
|
|
87
|
+
*/
|
|
88
|
+
export declare function deleteMediaFile(fileName: string): boolean;
|
|
53
89
|
/**
|
|
54
90
|
* Serve a media file for the IN-PROCESS route path (iOS, where no HTTP server
|
|
55
91
|
* runs and requests are dispatched over `runtime.routes`). Returns a
|
package/api/media-store.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"media-store.d.ts","sourceRoot":"","sources":["../../src/api/media-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"media-store.d.ts","sourceRoot":"","sources":["../../src/api/media-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAsElC;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAStD;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAiC7D;AAsDD,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,aAAa,EAAE,EACtB,GAAG,EAAE,MAAM,GACV,MAAM,EAAE,CAYV;AAiDD,MAAM,WAAW,cAAc;IAC7B,qEAAqE;IACrE,GAAG,EAAE,MAAM,CAAC;IACZ,4DAA4D;IAC5D,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,yFAAyF;AACzF,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GACf,cAAc,CAuBhB;AAID,kFAAkF;AAClF,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI,CAgBrE;AAED,4EAA4E;AAC5E,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAErD;AAED,yFAAyF;AACzF,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAI/D;AAMD;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG;IAC5D,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB,CAgCA;AAOD,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,IAAI,aAAa,EAAE,CA6BhD;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAWzD;AAwDD;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,GACb;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,CA2BpE;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAC5B,GAAG,EAAE,IAAI,CAAC,eAAe,EACzB,GAAG,EAAE,IAAI,CAAC,cAAc,EACxB,QAAQ,EAAE,MAAM,GACf,OAAO,CAkET;AAED;;;;GAIG;AACH,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAQxB;AAED;;;;GAIG;AACH,wBAAsB,4BAA4B,CAChD,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAWxB;AAED,kFAAkF;AAClF,wBAAgB,4BAA4B,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAahE"}
|
package/api/media-store.js
CHANGED
|
@@ -79,6 +79,76 @@ const MIME_BY_EXT = {
|
|
|
79
79
|
/** Strict content-addressed name: 64-hex sha256 + short alphanumeric extension. */
|
|
80
80
|
const MEDIA_FILE_NAME = /^[a-f0-9]{64}\.[a-z0-9]{1,8}$/;
|
|
81
81
|
const MEDIA_URL_PREFIX = "/api/media/";
|
|
82
|
+
/**
|
|
83
|
+
* MIME types that are safe to render inline in a browser context. Everything
|
|
84
|
+
* else — notably `image/svg+xml`, `text/html`, and unknown/active types — is
|
|
85
|
+
* served with `Content-Disposition: attachment` so it can never execute script
|
|
86
|
+
* on the dashboard origin (stored-XSS defence). SVG is deliberately excluded:
|
|
87
|
+
* it is an XML document that can carry `<script>` and event handlers.
|
|
88
|
+
*/
|
|
89
|
+
export function isInlineSafeMime(mime) {
|
|
90
|
+
const m = (mime.split(";")[0] ?? "").trim().toLowerCase();
|
|
91
|
+
if (m === "image/svg+xml")
|
|
92
|
+
return false;
|
|
93
|
+
return ((m.startsWith("image/") && m !== "image/svg+xml") ||
|
|
94
|
+
m.startsWith("audio/") ||
|
|
95
|
+
m.startsWith("video/") ||
|
|
96
|
+
m === "application/pdf");
|
|
97
|
+
}
|
|
98
|
+
/**
|
|
99
|
+
* Sniff the leading bytes for active XML/HTML markup. Returns the TRUE dangerous
|
|
100
|
+
* mime when the content is SVG or HTML, else null. Used to reconcile a declared
|
|
101
|
+
* "safe image" mime against bytes that are really markup, so the store records
|
|
102
|
+
* (and later serves) the truthful, attachment-served type — defence in depth on
|
|
103
|
+
* top of the strict extension map and the nosniff header.
|
|
104
|
+
*/
|
|
105
|
+
export function sniffMarkupMime(buffer) {
|
|
106
|
+
// Skip a leading UTF-8 BOM / whitespace before peeking at the first token.
|
|
107
|
+
let i = 0;
|
|
108
|
+
if (buffer.length >= 3 &&
|
|
109
|
+
buffer[0] === 0xef &&
|
|
110
|
+
buffer[1] === 0xbb &&
|
|
111
|
+
buffer[2] === 0xbf) {
|
|
112
|
+
i = 3;
|
|
113
|
+
}
|
|
114
|
+
while (i < buffer.length && i < 64) {
|
|
115
|
+
const c = buffer[i];
|
|
116
|
+
if (c === 0x20 || c === 0x09 || c === 0x0a || c === 0x0d) {
|
|
117
|
+
i += 1;
|
|
118
|
+
continue;
|
|
119
|
+
}
|
|
120
|
+
break;
|
|
121
|
+
}
|
|
122
|
+
const head = buffer
|
|
123
|
+
.subarray(i, Math.min(buffer.length, i + 512))
|
|
124
|
+
.toString("utf8")
|
|
125
|
+
.toLowerCase();
|
|
126
|
+
if (head.startsWith("<svg") ||
|
|
127
|
+
(head.startsWith("<?xml") && head.includes("<svg"))) {
|
|
128
|
+
return "image/svg+xml";
|
|
129
|
+
}
|
|
130
|
+
if (head.startsWith("<!doctype html") || head.startsWith("<html")) {
|
|
131
|
+
return "text/html";
|
|
132
|
+
}
|
|
133
|
+
return null;
|
|
134
|
+
}
|
|
135
|
+
/**
|
|
136
|
+
* Build the security headers for a served media response. Always sets
|
|
137
|
+
* `X-Content-Type-Options: nosniff` (so a mislabelled image is never sniffed to
|
|
138
|
+
* HTML) and a fully-sandboxed CSP (applies when the URL is navigated to as a
|
|
139
|
+
* document). Inline-safe types render inline; everything else (SVG, HTML,
|
|
140
|
+
* unknown/active) is forced to download so it cannot execute on this origin.
|
|
141
|
+
*/
|
|
142
|
+
function mediaSecurityHeaders(fileName, contentType) {
|
|
143
|
+
const disposition = isInlineSafeMime(contentType)
|
|
144
|
+
? "inline"
|
|
145
|
+
: `attachment; filename="${fileName}"`;
|
|
146
|
+
return {
|
|
147
|
+
"X-Content-Type-Options": "nosniff",
|
|
148
|
+
"Content-Disposition": disposition,
|
|
149
|
+
"Content-Security-Policy": "default-src 'none'; style-src 'unsafe-inline'; sandbox",
|
|
150
|
+
};
|
|
151
|
+
}
|
|
82
152
|
let cachedMediaDir = null;
|
|
83
153
|
function mediaDir() {
|
|
84
154
|
if (cachedMediaDir)
|
|
@@ -173,8 +243,20 @@ function maybeEvict() {
|
|
|
173
243
|
}
|
|
174
244
|
/** Write bytes to the content-addressed store (idempotent) and return the served URL. */
|
|
175
245
|
export function persistMediaBytes(buffer, mimeType) {
|
|
246
|
+
// Reconcile a declared "safe image" mime against bytes that are really active
|
|
247
|
+
// markup (SVG/HTML), so the store records the truthful type and the serve path
|
|
248
|
+
// forces an attachment download instead of inline rendering. Truthful active
|
|
249
|
+
// types declared up front are left as-is (still served as attachments).
|
|
250
|
+
let effectiveMime = mimeType;
|
|
251
|
+
if (isInlineSafeMime(mimeType)) {
|
|
252
|
+
const sniffed = sniffMarkupMime(buffer);
|
|
253
|
+
if (sniffed) {
|
|
254
|
+
logger.warn(`[media-store] declared ${mimeType} but content sniffed as ${sniffed}; storing as ${sniffed} (served as download)`);
|
|
255
|
+
effectiveMime = sniffed;
|
|
256
|
+
}
|
|
257
|
+
}
|
|
176
258
|
const hash = crypto.createHash("sha256").update(buffer).digest("hex");
|
|
177
|
-
const fileName = `${hash}.${extForMime(
|
|
259
|
+
const fileName = `${hash}.${extForMime(effectiveMime)}`;
|
|
178
260
|
const filePath = path.join(mediaDir(), fileName);
|
|
179
261
|
if (!fs.existsSync(filePath)) {
|
|
180
262
|
fs.writeFileSync(filePath, buffer);
|
|
@@ -260,6 +342,61 @@ function mimeForFile(fileName) {
|
|
|
260
342
|
const ext = fileName.split(".").pop()?.toLowerCase() ?? "bin";
|
|
261
343
|
return MIME_BY_EXT[ext] ?? "application/octet-stream";
|
|
262
344
|
}
|
|
345
|
+
/**
|
|
346
|
+
* List every stored media file with derived metadata (size, mime, mtime) for
|
|
347
|
+
* the Files surface. Read-only directory scan; never throws (returns [] on
|
|
348
|
+
* failure). Metadata is derived (no separate index), matching the
|
|
349
|
+
* content-addressed model — original filenames aren't retained here.
|
|
350
|
+
*/
|
|
351
|
+
export function listMediaFiles() {
|
|
352
|
+
const out = [];
|
|
353
|
+
try {
|
|
354
|
+
const dir = mediaDir();
|
|
355
|
+
for (const name of fs.readdirSync(dir)) {
|
|
356
|
+
if (!MEDIA_FILE_NAME.test(name))
|
|
357
|
+
continue;
|
|
358
|
+
try {
|
|
359
|
+
const stat = fs.statSync(path.join(dir, name));
|
|
360
|
+
if (!stat.isFile())
|
|
361
|
+
continue;
|
|
362
|
+
out.push({
|
|
363
|
+
fileName: name,
|
|
364
|
+
url: `${MEDIA_URL_PREFIX}${name}`,
|
|
365
|
+
hash: name.split(".")[0] ?? name,
|
|
366
|
+
mimeType: mimeForFile(name),
|
|
367
|
+
size: stat.size,
|
|
368
|
+
createdAt: stat.mtimeMs,
|
|
369
|
+
});
|
|
370
|
+
}
|
|
371
|
+
catch {
|
|
372
|
+
// file vanished mid-scan — skip
|
|
373
|
+
}
|
|
374
|
+
}
|
|
375
|
+
}
|
|
376
|
+
catch (err) {
|
|
377
|
+
logger.warn(`[media-store] list failed: ${err instanceof Error ? err.message : String(err)}`);
|
|
378
|
+
}
|
|
379
|
+
return out;
|
|
380
|
+
}
|
|
381
|
+
/**
|
|
382
|
+
* Delete a stored media file by its strict content-addressed name. Returns true
|
|
383
|
+
* when removed. Validates the name + dir to defend against traversal.
|
|
384
|
+
*/
|
|
385
|
+
export function deleteMediaFile(fileName) {
|
|
386
|
+
if (!MEDIA_FILE_NAME.test(fileName))
|
|
387
|
+
return false;
|
|
388
|
+
try {
|
|
389
|
+
const dir = mediaDir();
|
|
390
|
+
const filePath = path.join(dir, fileName);
|
|
391
|
+
if (path.dirname(filePath) !== dir)
|
|
392
|
+
return false;
|
|
393
|
+
fs.unlinkSync(filePath);
|
|
394
|
+
return true;
|
|
395
|
+
}
|
|
396
|
+
catch {
|
|
397
|
+
return false;
|
|
398
|
+
}
|
|
399
|
+
}
|
|
263
400
|
// Touch-on-serve → LRU: bump the file's mtime when it's served so eviction
|
|
264
401
|
// (oldest-mtime-first) keeps frequently-viewed media and drops the truly cold
|
|
265
402
|
// files. Throttled per file so a burst of range requests doesn't thrash the fs.
|
|
@@ -307,7 +444,7 @@ function resolveMediaFile(pathname) {
|
|
|
307
444
|
return { error: 404 };
|
|
308
445
|
}
|
|
309
446
|
touchOnServe(filePath);
|
|
310
|
-
return { filePath, size: stat.size, contentType: mimeForFile(name) };
|
|
447
|
+
return { filePath, size: stat.size, contentType: mimeForFile(name), name };
|
|
311
448
|
}
|
|
312
449
|
/**
|
|
313
450
|
* Serve a media file for the IN-PROCESS route path (iOS, where no HTTP server
|
|
@@ -337,6 +474,7 @@ export function handleMediaRouteRequest(pathname, method) {
|
|
|
337
474
|
"Content-Type": resolved.contentType,
|
|
338
475
|
"Cache-Control": "public, max-age=31536000, immutable",
|
|
339
476
|
"Content-Length": String(resolved.size),
|
|
477
|
+
...mediaSecurityHeaders(resolved.name, resolved.contentType),
|
|
340
478
|
};
|
|
341
479
|
if (method === "HEAD")
|
|
342
480
|
return { status: 200, headers };
|
|
@@ -367,6 +505,7 @@ export function serveMediaFile(req, res, pathname) {
|
|
|
367
505
|
"Content-Type": contentType,
|
|
368
506
|
"Cache-Control": "public, max-age=31536000, immutable",
|
|
369
507
|
"Accept-Ranges": "bytes",
|
|
508
|
+
...mediaSecurityHeaders(resolved.name, contentType),
|
|
370
509
|
};
|
|
371
510
|
const range = req.headers.range;
|
|
372
511
|
if (range && method === "GET") {
|
package/api/memory-bounds.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"memory-bounds.d.ts","sourceRoot":"","sources":["../../src/api/memory-bounds.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"memory-bounds.d.ts","sourceRoot":"","sources":["../../src/api/memory-bounds.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,UAAU,cAAc;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,EAChC,GAAG,EAAE,MAAM,EACX,SAAS,EAAE,MAAM,GAChB,IAAI,CAKN;AAID,UAAU,gBAAgB;IACxB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,CAAC,SAAS,gBAAgB,EAChE,GAAG,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,EACnB,GAAG,EAAE,MAAM,GACV,MAAM,GAAG,IAAI,CAcf;AAID;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,EAClC,MAAM,EAAE,CAAC,EAAE,EACX,KAAK,EAAE,CAAC,EACR,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,GACjB,MAAM,CAMR;AAID,UAAU,UAAU;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,EAC9B,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,MAAM,EAC/B,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,GACpB,MAAM,CAaR"}
|
package/api/memory-bounds.js
CHANGED
package/api/misc-routes.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import type http from "node:http";
|
|
2
2
|
import { type AgentRuntime } from "@elizaos/core";
|
|
3
3
|
import type { ReadJsonBodyOptions } from "@elizaos/shared";
|
|
4
|
-
import type { ElizaConfig } from "../config/config.
|
|
4
|
+
import type { ElizaConfig } from "../config/config.js";
|
|
5
5
|
interface StreamEventEnvelope {
|
|
6
6
|
type: string;
|
|
7
7
|
version: number;
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Model and provider discovery helpers.
|
|
3
3
|
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
4
|
+
* Handles model listing, provider caching, and inventory (chain/RPC)
|
|
5
|
+
* option resolution.
|
|
6
6
|
*/
|
|
7
7
|
type ModelOption = {
|
|
8
8
|
id: string;
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Model and provider discovery helpers.
|
|
3
3
|
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
4
|
+
* Handles model listing, provider caching, and inventory (chain/RPC)
|
|
5
|
+
* option resolution.
|
|
6
6
|
*/
|
|
7
7
|
import fs from "node:fs";
|
|
8
8
|
import path from "node:path";
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type http from "node:http";
|
|
2
2
|
import type { AgentAutomationMode, ReadJsonBodyOptions } from "@elizaos/shared";
|
|
3
|
-
import type { ElizaConfig } from "../config/config.
|
|
3
|
+
import type { ElizaConfig } from "../config/config.js";
|
|
4
4
|
export interface PermissionsExtraRouteContext {
|
|
5
5
|
req: http.IncomingMessage;
|
|
6
6
|
res: http.ServerResponse;
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { AgentRuntime, RouteRequestContext } from "@elizaos/core";
|
|
2
2
|
import type { PermissionState } from "@elizaos/shared";
|
|
3
|
-
import type { AutonomousConfigLike } from "../types/config-like.
|
|
3
|
+
import type { AutonomousConfigLike } from "../types/config-like.js";
|
|
4
4
|
interface PermissionAutonomousConfigLike extends AutonomousConfigLike {
|
|
5
5
|
features?: {
|
|
6
6
|
shellEnabled?: boolean;
|