@elizaos/agent 2.0.3-beta.2 → 2.0.3-beta.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/__tests__/view-user-journeys.d.ts.map +1 -1
- package/__tests__/view-user-journeys.js +52 -41
- package/actions/context-signal.d.ts +2 -2
- package/actions/files.d.ts +9 -0
- package/actions/files.d.ts.map +1 -0
- package/actions/files.js +183 -0
- package/actions/index.d.ts +17 -17
- package/api/accounts-routes.d.ts +1 -1
- package/api/accounts-routes.js +1 -1
- package/api/agent-admin-routes.d.ts +1 -1
- package/api/agent-admin-routes.js +2 -2
- package/api/agent-model.d.ts +1 -1
- package/api/agent-status-routes.d.ts +1 -3
- package/api/agent-status-routes.d.ts.map +1 -1
- package/api/agent-status-routes.js +0 -2
- package/api/approval-routes.d.ts +38 -0
- package/api/approval-routes.d.ts.map +1 -0
- package/api/approval-routes.js +223 -0
- package/api/background-routes.d.ts +13 -0
- package/api/background-routes.d.ts.map +1 -0
- package/api/background-routes.js +91 -0
- package/api/binance-skill-helpers.d.ts +2 -2
- package/api/binance-skill-helpers.js +2 -2
- package/api/builtin-views.d.ts.map +1 -1
- package/api/builtin-views.js +44 -4
- package/api/character-routes.d.ts +1 -1
- package/api/chat-augmentation.d.ts.map +1 -1
- package/api/chat-augmentation.js +17 -0
- package/api/chat-routes.d.ts +29 -2
- package/api/chat-routes.d.ts.map +1 -1
- package/api/chat-routes.js +76 -1
- package/api/commands-routes.d.ts +10 -8
- package/api/commands-routes.d.ts.map +1 -1
- package/api/commands-routes.js +17 -59
- package/api/config-routes.d.ts +1 -1
- package/api/config-routes.d.ts.map +1 -1
- package/api/config-routes.js +0 -2
- package/api/connector-routes.d.ts +1 -1
- package/api/conversation-metadata.d.ts +1 -1
- package/api/conversation-metadata.d.ts.map +1 -1
- package/api/conversation-metadata.js +0 -1
- package/api/conversation-routes.d.ts +4 -3
- package/api/conversation-routes.d.ts.map +1 -1
- package/api/conversation-routes.js +34 -1
- package/api/documents-service-loader.d.ts +0 -4
- package/api/documents-service-loader.d.ts.map +1 -1
- package/api/documents-service-loader.js +0 -2
- package/api/files-routes.d.ts +14 -0
- package/api/files-routes.d.ts.map +1 -0
- package/api/files-routes.js +47 -0
- package/api/first-run-routes.d.ts +1 -1
- package/api/health-routes.d.ts +2 -2
- package/api/index.d.ts +40 -39
- package/api/index.d.ts.map +1 -1
- package/api/index.js +1 -0
- package/api/interactions-routes.d.ts +33 -0
- package/api/interactions-routes.d.ts.map +1 -0
- package/api/interactions-routes.js +63 -0
- package/api/media-runtime.d.ts +2 -1
- package/api/media-runtime.d.ts.map +1 -1
- package/api/media-runtime.js +64 -7
- package/api/media-store.d.ts +36 -0
- package/api/media-store.d.ts.map +1 -1
- package/api/media-store.js +141 -2
- package/api/memory-bounds.d.ts +0 -1
- package/api/memory-bounds.d.ts.map +1 -1
- package/api/memory-bounds.js +0 -1
- package/api/misc-routes.d.ts +1 -1
- package/api/model-provider-helpers.d.ts +2 -2
- package/api/model-provider-helpers.js +2 -2
- package/api/permissions-routes-extra.d.ts +1 -1
- package/api/permissions-routes.d.ts +1 -1
- package/api/permissions-routes.d.ts.map +1 -1
- package/api/permissions-routes.js +8 -7
- package/api/plugin-discovery-helpers.d.ts +5 -6
- package/api/plugin-discovery-helpers.d.ts.map +1 -1
- package/api/plugin-discovery-helpers.js +3 -4
- package/api/plugin-runtime-apply.d.ts +2 -2
- package/api/plugin-runtime-apply.d.ts.map +1 -1
- package/api/plugin-runtime-apply.js +74 -0
- package/api/provider-switch-config.d.ts +1 -1
- package/api/provider-switch-routes.d.ts +2 -2
- package/api/registry-routes.d.ts +1 -1
- package/api/registry-service.d.ts +1 -1
- package/api/remote-capability-routes.d.ts +2 -2
- package/api/remote-capability-routes.d.ts.map +1 -1
- package/api/remote-capability-routes.js +19 -0
- package/api/server-autonomy-helpers.d.ts +2 -2
- package/api/server-helpers-auth.d.ts +10 -0
- package/api/server-helpers-auth.d.ts.map +1 -1
- package/api/server-helpers-auth.js +16 -210
- package/api/server-helpers-config.d.ts +1 -1
- package/api/server-helpers-mcp.d.ts +2 -2
- package/api/server-helpers-plugin.d.ts +1 -1
- package/api/server-helpers-swarm.d.ts +3 -3
- package/api/server-helpers-swarm.d.ts.map +1 -1
- package/api/server-helpers-swarm.js +15 -5
- package/api/server-helpers-wallet.d.ts +1 -1
- package/api/server-helpers.d.ts +4 -4
- package/api/server-lazy-routes.d.ts +40 -38
- package/api/server-lazy-routes.d.ts.map +1 -1
- package/api/server-lazy-routes.js +7 -0
- package/api/server-route-dispatch.d.ts +2 -2
- package/api/server-route-dispatch.d.ts.map +1 -1
- package/api/server-route-dispatch.js +7 -0
- package/api/server-types.d.ts +9 -7
- package/api/server-types.d.ts.map +1 -1
- package/api/server.d.ts +19 -19
- package/api/server.d.ts.map +1 -1
- package/api/server.js +111 -17
- package/api/static-file-server.d.ts +2 -2
- package/api/static-file-server.js +2 -2
- package/api/subscription-routes.d.ts +4 -4
- package/api/subscription-routes.js +3 -4
- package/api/suggestions-routes.d.ts +1 -1
- package/api/suggestions-routes.d.ts.map +1 -1
- package/api/suggestions-routes.js +2 -3
- package/api/terminal-execution-routing.d.ts +1 -1
- package/api/training-service-like.d.ts +1 -1
- package/api/trajectory-fallback-routes.d.ts.map +1 -1
- package/api/trajectory-fallback-routes.js +21 -1
- package/api/update-routes.d.ts +1 -1
- package/api/view-registry-types.d.ts +1 -1
- package/api/views-registry.d.ts +14 -4
- package/api/views-registry.d.ts.map +1 -1
- package/api/views-registry.js +107 -72
- package/api/views-routes.d.ts +1 -1
- package/api/views-routes.d.ts.map +1 -1
- package/api/views-routes.js +131 -14
- package/api/views-search-index.d.ts +1 -1
- package/api/wallet-capability.d.ts +3 -3
- package/api/wallet-rpc.d.ts +1 -1
- package/api/wallet.d.ts +3 -3
- package/api/wallet.d.ts.map +1 -1
- package/api/wallet.js +4 -3
- package/api/workbench-context.d.ts +1 -1
- package/api/workbench-helpers.d.ts +3 -3
- package/api/workbench-helpers.js +3 -3
- package/api/workbench-routes.d.ts +2 -2
- package/api/workbench-vfs-routes.d.ts +1 -1
- package/api/ws-event-replay.d.ts +1 -2
- package/api/ws-event-replay.d.ts.map +1 -1
- package/api/ws-event-replay.js +1 -2
- package/api/x-relay-routes.d.ts +2 -2
- package/api/x402-route-validation.d.ts +4 -0
- package/api/x402-route-validation.d.ts.map +1 -0
- package/api/x402-route-validation.js +6 -0
- package/assets/view-heroes/background.png +0 -0
- package/auth/account-storage.d.ts +1 -1
- package/auth/anthropic.d.ts +1 -1
- package/auth/credentials.d.ts +2 -2
- package/auth/index.d.ts +7 -7
- package/auth/oauth-flow.d.ts +2 -2
- package/auth/openai-codex.d.ts +1 -1
- package/awareness/index.d.ts +1 -1
- package/config/config.js +0 -1
- package/config/env-vars.d.ts +1 -1
- package/config/env-vars.d.ts.map +1 -1
- package/config/env-vars.js +0 -1
- package/config/index.d.ts +10 -10
- package/config/model-metadata.d.ts +1 -1
- package/config/owner-contacts.d.ts +1 -1
- package/config/schema.d.ts +1 -1
- package/hooks/discovery.d.ts +1 -1
- package/hooks/eligibility.d.ts +2 -2
- package/hooks/index.d.ts +2 -2
- package/hooks/loader.d.ts +2 -2
- package/hooks/registry.d.ts +1 -1
- package/index.d.ts +87 -85
- package/index.d.ts.map +1 -1
- package/index.js +11 -3
- package/package.json +54 -44
- package/providers/media-provider.d.ts +1 -1
- package/providers/page-scoped-context.d.ts.map +1 -1
- package/providers/page-scoped-context.js +1 -70
- package/providers/relevant-conversations.d.ts.map +1 -1
- package/providers/relevant-conversations.js +8 -9
- package/providers/workspace.d.ts +1 -1
- package/runtime/actions/web-fetch.d.ts.map +1 -1
- package/runtime/actions/web-fetch.js +23 -3
- package/runtime/actions/web-search.d.ts +32 -0
- package/runtime/actions/web-search.d.ts.map +1 -0
- package/runtime/actions/web-search.js +245 -0
- package/runtime/advanced-capabilities-config.d.ts +1 -1
- package/runtime/boot-telemetry.d.ts +1 -1
- package/runtime/conversation-compactor-runtime.d.ts +1 -1
- package/runtime/conversation-compactor-runtime.js +1 -1
- package/runtime/conversation-compactor.d.ts +1 -1
- package/runtime/core-plugins.d.ts.map +1 -1
- package/runtime/core-plugins.js +9 -0
- package/runtime/custom-actions.d.ts +18 -9
- package/runtime/custom-actions.d.ts.map +1 -1
- package/runtime/custom-actions.js +85 -23
- package/runtime/eliza-plugin.d.ts.map +1 -1
- package/runtime/eliza-plugin.js +15 -1
- package/runtime/eliza.d.ts +9 -7
- package/runtime/eliza.d.ts.map +1 -1
- package/runtime/eliza.js +86 -23
- package/runtime/first-time-setup.d.ts +1 -3
- package/runtime/first-time-setup.d.ts.map +1 -1
- package/runtime/first-time-setup.js +0 -2
- package/runtime/index.d.ts +18 -18
- package/runtime/load-plugin-from-vfs.d.ts +2 -2
- package/runtime/mobile-dns.d.ts.map +1 -1
- package/runtime/mobile-dns.js +2 -5
- package/runtime/operations/classifier.d.ts +1 -1
- package/runtime/operations/cold-strategy.d.ts +1 -1
- package/runtime/operations/health-checks.d.ts +1 -1
- package/runtime/operations/health.d.ts +1 -1
- package/runtime/operations/index.d.ts +10 -10
- package/runtime/operations/manager.d.ts +3 -3
- package/runtime/operations/reload-hot.d.ts +1 -1
- package/runtime/operations/repository.d.ts +1 -1
- package/runtime/operations/vault-bridge.d.ts +1 -1
- package/runtime/plugin-collector.d.ts +6 -1
- package/runtime/plugin-collector.d.ts.map +1 -1
- package/runtime/plugin-collector.js +11 -28
- package/runtime/plugin-lifecycle.d.ts.map +1 -1
- package/runtime/plugin-lifecycle.js +1 -0
- package/runtime/plugin-resolver.d.ts +2 -2
- package/runtime/plugin-resolver.d.ts.map +1 -1
- package/runtime/plugin-resolver.js +113 -65
- package/runtime/plugin-types.d.ts +1 -1
- package/runtime/prompt-optimization.d.ts +4 -4
- package/runtime/remote-coding-runner-gate.d.ts +7 -0
- package/runtime/remote-coding-runner-gate.d.ts.map +1 -0
- package/runtime/remote-coding-runner-gate.js +36 -0
- package/runtime/roles/src/index.d.ts +4 -4
- package/runtime/roles.d.ts +2 -2
- package/runtime/sandbox-character.d.ts +1 -1
- package/runtime/tool-call-cache/cache.d.ts +1 -1
- package/runtime/tool-call-cache/disk-store.d.ts +1 -1
- package/runtime/tool-call-cache/index.d.ts +6 -6
- package/runtime/tool-call-cache/key.d.ts +1 -1
- package/runtime/tool-call-cache/redact.d.ts +1 -1
- package/runtime/tool-call-cache/registry.d.ts +1 -1
- package/runtime/tool-call-cache-wrapper.d.ts +7 -9
- package/runtime/tool-call-cache-wrapper.d.ts.map +1 -1
- package/runtime/tool-call-cache-wrapper.js +6 -11
- package/runtime/trajectory-export.d.ts +3 -3
- package/runtime/trajectory-internals.d.ts +2 -1
- package/runtime/trajectory-internals.d.ts.map +1 -1
- package/runtime/trajectory-persistence.d.ts +5 -5
- package/runtime/trajectory-steps-reader.d.ts +1 -1
- package/runtime/trajectory-steps-writer.d.ts +1 -1
- package/runtime/trajectory-storage.d.ts +4 -4
- package/runtime/view-action-affinity.d.ts +18 -15
- package/runtime/view-action-affinity.d.ts.map +1 -1
- package/runtime/view-action-affinity.js +26 -29
- package/runtime/web-search-tools.d.ts +4 -1
- package/runtime/web-search-tools.d.ts.map +1 -1
- package/runtime/web-search-tools.js +37 -9
- package/security/index.d.ts +3 -3
- package/services/approval/index.d.ts +9 -0
- package/services/approval/index.d.ts.map +1 -0
- package/services/approval/index.js +8 -0
- package/services/approval/service.d.ts +35 -0
- package/services/approval/service.d.ts.map +1 -0
- package/services/approval/service.js +40 -0
- package/services/approval/sql.d.ts +18 -0
- package/services/approval/sql.d.ts.map +1 -0
- package/services/approval/sql.js +104 -0
- package/services/approval/store.d.ts +39 -0
- package/services/approval/store.d.ts.map +1 -0
- package/services/approval/store.js +534 -0
- package/services/approval/types.d.ts +207 -0
- package/services/approval/types.d.ts.map +1 -0
- package/services/approval/types.js +34 -0
- package/services/character-persistence.d.ts +2 -2
- package/services/client-chat-sender.d.ts +1 -1
- package/services/config-plugin-manager.d.ts +2 -2
- package/services/connector-setup-service.d.ts +1 -1
- package/services/cove-quote-x509.d.ts +1 -1
- package/services/cove-quote.d.ts +2 -2
- package/services/dstack-tee-provider.d.ts +1 -1
- package/services/file-storage.d.ts +20 -0
- package/services/file-storage.d.ts.map +1 -0
- package/services/file-storage.js +70 -0
- package/services/global-pause/index.d.ts +8 -0
- package/services/global-pause/index.d.ts.map +1 -0
- package/services/global-pause/index.js +7 -0
- package/services/global-pause/service.d.ts +29 -0
- package/services/global-pause/service.d.ts.map +1 -0
- package/services/global-pause/service.js +34 -0
- package/services/global-pause/store.d.ts +31 -0
- package/services/global-pause/store.d.ts.map +1 -0
- package/services/global-pause/store.js +83 -0
- package/services/handoff/index.d.ts +8 -0
- package/services/handoff/index.d.ts.map +1 -0
- package/services/handoff/index.js +7 -0
- package/services/handoff/service.d.ts +29 -0
- package/services/handoff/service.d.ts.map +1 -0
- package/services/handoff/service.js +34 -0
- package/services/handoff/store.d.ts +76 -0
- package/services/handoff/store.d.ts.map +1 -0
- package/services/handoff/store.js +148 -0
- package/services/index.d.ts +30 -31
- package/services/index.d.ts.map +1 -1
- package/services/index.js +0 -6
- package/services/js-runtime-bridge.d.ts.map +1 -1
- package/services/js-runtime-bridge.js +8 -2
- package/services/knowledge-graph/index.d.ts +4 -4
- package/services/knowledge-graph/service.d.ts +2 -2
- package/services/pending-prompts/index.d.ts +8 -0
- package/services/pending-prompts/index.d.ts.map +1 -0
- package/services/pending-prompts/index.js +7 -0
- package/services/pending-prompts/service.d.ts +34 -0
- package/services/pending-prompts/service.d.ts.map +1 -0
- package/services/pending-prompts/service.js +68 -0
- package/services/pending-prompts/store.d.ts +70 -0
- package/services/pending-prompts/store.d.ts.map +1 -0
- package/services/pending-prompts/store.js +191 -0
- package/services/plugin-compiler.d.ts +1 -1
- package/services/plugin-installer.d.ts.map +1 -1
- package/services/plugin-installer.js +21 -11
- package/services/plugin-manager-types.d.ts +1 -1
- package/services/proactive-interaction-decider.d.ts +62 -11
- package/services/proactive-interaction-decider.d.ts.map +1 -1
- package/services/proactive-interaction-decider.js +223 -35
- package/services/push/apns-provider.d.ts +1 -1
- package/services/push/fcm-provider.d.ts +1 -1
- package/services/push/notification-push-service.d.ts +2 -2
- package/services/registry-client-app-meta.d.ts +1 -1
- package/services/registry-client-endpoints.d.ts +2 -2
- package/services/registry-client-local.d.ts +1 -1
- package/services/registry-client-network.d.ts +1 -1
- package/services/registry-client-queries.d.ts +1 -1
- package/services/registry-client.d.ts +3 -3
- package/services/relationships-graph.d.ts +1 -1
- package/services/remote-capability-cloud-sandbox.d.ts +3 -3
- package/services/remote-capability-endpoint-conformance.d.ts +1 -1
- package/services/remote-capability-endpoint-provider.d.ts +4 -4
- package/services/remote-capability-url-endpoint-providers.d.ts +1 -1
- package/services/remote-plugin-adapter.d.ts.map +1 -1
- package/services/remote-plugin-adapter.js +3 -0
- package/services/remote-plugin-bridge.d.ts.map +1 -1
- package/services/remote-plugin-bridge.js +97 -26
- package/services/remote-signing-service.d.ts +4 -4
- package/services/research-task-executor.d.ts +1 -1
- package/services/sandbox-manager.d.ts +1 -1
- package/services/self-updater.d.ts +1 -1
- package/services/self-updater.d.ts.map +1 -1
- package/services/self-updater.js +23 -9
- package/services/shell-execution-router.d.ts +1 -1
- package/services/shell-execution-router.d.ts.map +1 -1
- package/services/shell-execution-router.js +19 -2
- package/services/tee-boot-gate-state.d.ts +1 -1
- package/services/tee-boot-gate.d.ts +4 -4
- package/services/tee-confidential-inference.d.ts +3 -3
- package/services/tee-key-release.d.ts +2 -2
- package/services/tee-model-key-boot.d.ts +4 -4
- package/services/tee-policy.d.ts +1 -1
- package/services/tee-production-profile.d.ts +1 -1
- package/services/tee-release-policy.d.ts +1 -1
- package/services/tee-revocation.d.ts +2 -2
- package/services/tee-runtime-config.d.ts +1 -1
- package/services/tee-sealed-volume.d.ts +3 -3
- package/services/tee-signer-backend.d.ts +3 -3
- package/services/update-checker.d.ts +1 -1
- package/services/vault-signer-backend.d.ts +1 -1
- package/services/vfs-git.d.ts +1 -1
- package/test-support/index.d.ts +3 -3
- package/triggers/runtime.d.ts +1 -1
- package/triggers/scheduling.d.ts +3 -22
- package/triggers/scheduling.d.ts.map +1 -1
- package/triggers/scheduling.js +2 -214
- package/tui/agent-terminal-tui.d.ts.map +1 -1
- package/tui/agent-terminal-tui.js +174 -72
- package/types/index.d.ts +3 -3
- package/api/nfa-routes.d.ts +0 -6
- package/api/nfa-routes.d.ts.map +0 -1
- package/api/nfa-routes.js +0 -125
- package/api/server-auth.d.ts +0 -46
- package/api/server-auth.d.ts.map +0 -1
- package/api/server-auth.js +0 -504
- package/runtime/restart.d.ts +0 -9
- package/runtime/restart.d.ts.map +0 -1
- package/runtime/restart.js +0 -8
- package/test-utils/sqlite-compat.d.ts +0 -23
- package/test-utils/sqlite-compat.d.ts.map +0 -1
- package/test-utils/sqlite-compat.js +0 -214
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissions-routes.d.ts","sourceRoot":"","sources":["../../src/api/permissions-routes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACvE,OAAO,KAAK,EAIV,eAAe,EAGhB,MAAM,iBAAiB,CAAC;AASzB,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAEpE,UAAU,8BAA+B,SAAQ,oBAAoB;IACnE,QAAQ,CAAC,EAAE;QACT,YAAY,CAAC,EAAE,OAAO,CAAC;KACxB,CAAC;IACF,OAAO,CAAC,EAAE;QACR,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE;YAAE,OAAO,CAAC,EAAE,OAAO,CAAA;SAAE,CAAC,CAAC;KACjD,CAAC;CACH;
|
|
1
|
+
{"version":3,"file":"permissions-routes.d.ts","sourceRoot":"","sources":["../../src/api/permissions-routes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACvE,OAAO,KAAK,EAIV,eAAe,EAGhB,MAAM,iBAAiB,CAAC;AASzB,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAEpE,UAAU,8BAA+B,SAAQ,oBAAoB;IACnE,QAAQ,CAAC,EAAE;QACT,YAAY,CAAC,EAAE,OAAO,CAAC;KACxB,CAAC;IACF,OAAO,CAAC,EAAE;QACR,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE;YAAE,OAAO,CAAC,EAAE,OAAO,CAAA;SAAE,CAAC,CAAC;KACjD,CAAC;CACH;AAqTD,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,YAAY,GAAG,IAAI,CAAC;IAC7B,MAAM,EAAE,8BAA8B,CAAC;IACvC,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IACnD,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,sBAAuB,SAAQ,mBAAmB;IACjE,KAAK,EAAE,oBAAoB,CAAC;IAC5B,UAAU,EAAE,CAAC,MAAM,EAAE,8BAA8B,KAAK,IAAI,CAAC;IAC7D,sBAAsB,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;CAClD;AAED,wBAAsB,sBAAsB,CAC1C,GAAG,EAAE,sBAAsB,GAC1B,OAAO,CAAC,OAAO,CAAC,CA8QlB"}
|
|
@@ -29,15 +29,16 @@ function currentPlatform() {
|
|
|
29
29
|
const p = process.platform;
|
|
30
30
|
return p === "darwin" || p === "win32" || p === "linux" ? p : "linux";
|
|
31
31
|
}
|
|
32
|
-
function
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
typeof service === "object" &&
|
|
32
|
+
function isPermissionsRegistry(service) {
|
|
33
|
+
return (typeof service === "object" &&
|
|
34
|
+
service !== null &&
|
|
36
35
|
"get" in service &&
|
|
37
36
|
"check" in service &&
|
|
38
|
-
"request" in service
|
|
39
|
-
|
|
40
|
-
|
|
37
|
+
"request" in service);
|
|
38
|
+
}
|
|
39
|
+
function getPermissionRegistry(runtime) {
|
|
40
|
+
const service = runtime?.getService(PERMISSIONS_REGISTRY_SERVICE);
|
|
41
|
+
return isPermissionsRegistry(service) ? service : null;
|
|
41
42
|
}
|
|
42
43
|
function unavailableWebsiteBlockingPermission() {
|
|
43
44
|
return {
|
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Plugin discovery and categorization helpers.
|
|
3
3
|
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
6
|
-
* secrets for the plugin management UI.
|
|
4
|
+
* Handles reading the plugins.json manifest, categorizing plugins, building
|
|
5
|
+
* parameter definitions, and aggregating secrets for the plugin management UI.
|
|
7
6
|
*/
|
|
8
|
-
import type { ElizaConfig } from "../config/config.
|
|
7
|
+
import type { ElizaConfig } from "../config/config.js";
|
|
9
8
|
export type { LogEntry, SkillEntry, StreamEventEnvelope, StreamEventType, } from "@elizaos/shared";
|
|
10
|
-
export type { PluginEntry, PluginParamDef } from "./server-types.
|
|
11
|
-
import type { PluginEntry, PluginParamDef } from "./server-types.
|
|
9
|
+
export type { PluginEntry, PluginParamDef } from "./server-types.js";
|
|
10
|
+
import type { PluginEntry, PluginParamDef } from "./server-types.js";
|
|
12
11
|
export declare function getReleaseBundledPluginIds(): Set<string>;
|
|
13
12
|
export interface PluginIndexEntry {
|
|
14
13
|
id: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"plugin-discovery-helpers.d.ts","sourceRoot":"","sources":["../../src/api/plugin-discovery-helpers.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"plugin-discovery-helpers.d.ts","sourceRoot":"","sources":["../../src/api/plugin-discovery-helpers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAqGvD,YAAY,EACV,QAAQ,EACR,UAAU,EACV,mBAAmB,EACnB,eAAe,GAChB,MAAM,iBAAiB,CAAC;AACzB,YAAY,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAErE,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAErE,wBAAgB,0BAA0B,IAAI,GAAG,CAAC,MAAM,CAAC,CAiBxD;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,EACJ,aAAa,GACb,WAAW,GACX,WAAW,GACX,UAAU,GACV,KAAK,GACL,SAAS,CAAC;IACd,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC3D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACxD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,gBAAgB,EAAE,CAAC;CAC7B;AA4BD,KAAK,yBAAyB,GAAG;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB,CAAC;AAYF,KAAK,qBAAqB,GAAG;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,yBAAyB,CAAC,CAAC;IAC7D,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CACzD,CAAC;AAiCF,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,MAAM,GAAG,IAAI,CAQrE;AAuQD,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAG/C;AAED,wBAAgB,cAAc,CAC5B,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,GACpD,cAAc,EAAE,CA+BlB;AAED,4EAA4E;AAC5E,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAkDpD;AAED,qFAAqF;AACrF,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAO/D;AAMD,eAAO,MAAM,gBAAgB,aA0C3B,CAAC;AAEH;;;;GAIG;AACH,eAAO,MAAM,6BAA6B,aAyCxC,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,2BAA2B,aAetC,CAAC;AAMH,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,OAAO,CAAC;IACnB,QAAQ,EAAE,OAAO,CAAC;IAClB,KAAK,EAAE,OAAO,CAAC;IACf,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,MAAM,EAAE,KAAK,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;CAC3E;AAoBD,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CA+CvD;AAED,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,WAAW,EAAE,GAAG,WAAW,EAAE,CAwCtE;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,WAAW,EACnB,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,GACtB,WAAW,EAAE,CAqJf;AAID;;;GAGG;AACH,wBAAgB,2BAA2B,IAAI,WAAW,EAAE,CAmI3D;AAED,wBAAgB,gBAAgB,CAC9B,EAAE,EAAE,MAAM,GACT,aAAa,GAAG,WAAW,GAAG,WAAW,GAAG,UAAU,GAAG,SAAS,CAqDpE;AA8GD,wBAAgB,0BAA0B,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAOzE;AAED,wBAAgB,sBAAsB,CACpC,UAAU,EAAE,MAAM,GAAG;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,GAAG,SAAS,GACtE,MAAM,GAAG,SAAS,CAiBpB;AAED,wBAAgB,wBAAwB,CACtC,OAAO,EAAE,MAAM,GAAG,SAAS,EAC3B,OAAO,EAAE,MAAM,GAAG,SAAS,GAC1B,MAAM,GAAG,SAAS,CAIpB;AAED,wBAAgB,0BAA0B,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAWrE;AAED,wBAAgB,2BAA2B,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,EAAE,CAYrE;AAED,wBAAgB,uBAAuB,CAAC,GAAG,OAAO,EAAE,OAAO,EAAE,GAAG,MAAM,EAAE,CAWvE;AAED,wBAAgB,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,EAAE,CAEjD;AAED,wBAAgB,qBAAqB,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,EAAE,CAQ1D;AAED,wBAAgB,wBAAwB,CACtC,EAAE,EAAE,MAAM,EACV,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,WAAW,CAAC,UAAU,CAAC,EACjC,WAAW,EAAE,MAAM,GAAG,SAAS,GAC9B,MAAM,CA2BR;AAED,wBAAgB,iBAAiB,CAC/B,EAAE,EAAE,MAAM,EACV,QAAQ,EAAE,WAAW,CAAC,UAAU,CAAC,EACjC,GAAG,OAAO,EAAE,OAAO,EAAE,GACpB,MAAM,EAAE,CAOV;AAED,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAKnD;AAED,wBAAgB,gCAAgC,CAC9C,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GAAG,SAAS,EAC3B,OAAO,CAAC,EAAE,MAAM,GACf,qBAAqB,CAiFvB"}
|
|
@@ -1,9 +1,8 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Plugin discovery and categorization helpers.
|
|
3
3
|
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
6
|
-
* secrets for the plugin management UI.
|
|
4
|
+
* Handles reading the plugins.json manifest, categorizing plugins, building
|
|
5
|
+
* parameter definitions, and aggregating secrets for the plugin management UI.
|
|
7
6
|
*/
|
|
8
7
|
import fs from "node:fs";
|
|
9
8
|
import { createRequire } from "node:module";
|
|
@@ -421,7 +420,6 @@ export const BLOCKED_ENV_KEYS = new Set([
|
|
|
421
420
|
"ELIZA_API_TOKEN",
|
|
422
421
|
"ELIZA_WALLET_EXPORT_TOKEN",
|
|
423
422
|
"ELIZA_TERMINAL_RUN_TOKEN",
|
|
424
|
-
"HYPERSCAPE_AUTH_TOKEN",
|
|
425
423
|
// Wallet private keys — writable via API would enable key theft / replacement
|
|
426
424
|
"EVM_PRIVATE_KEY",
|
|
427
425
|
"SOLANA_PRIVATE_KEY",
|
|
@@ -497,6 +495,7 @@ export const AGENT_EVENT_ALLOWED_STREAMS = new Set([
|
|
|
497
495
|
"assistant",
|
|
498
496
|
"thought",
|
|
499
497
|
"action",
|
|
498
|
+
"notification",
|
|
500
499
|
"viewer_stats",
|
|
501
500
|
]);
|
|
502
501
|
const AI_PROVIDERS = new Set([
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { type AgentRuntime } from "@elizaos/core";
|
|
2
|
-
import type { ElizaConfig } from "../config/config.
|
|
3
|
-
import type { ResolvedPlugin } from "../runtime/plugin-types.
|
|
2
|
+
import type { ElizaConfig } from "../config/config.js";
|
|
3
|
+
import type { ResolvedPlugin } from "../runtime/plugin-types.js";
|
|
4
4
|
export type PluginRuntimeApplyMode = "none" | "config_apply" | "plugin_reload" | "runtime_reload" | "restart_required";
|
|
5
5
|
export interface PluginRuntimeApplyResult {
|
|
6
6
|
mode: PluginRuntimeApplyMode;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"plugin-runtime-apply.d.ts","sourceRoot":"","sources":["../../src/api/plugin-runtime-apply.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAU,MAAM,eAAe,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEvD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAEjE,MAAM,MAAM,sBAAsB,GAC9B,MAAM,GACN,cAAc,GACd,eAAe,GACf,gBAAgB,GAChB,kBAAkB,CAAC;AAEvB,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,sBAAsB,CAAC;IAC7B,eAAe,EAAE,OAAO,CAAC;IACzB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,UAAU,iCAAiC;IACzC,OAAO,EAAE,YAAY,GAAG,IAAI,CAAC;IAC7B,cAAc,EAAE,WAAW,CAAC;IAC5B,UAAU,EAAE,WAAW,CAAC;IACxB,uBAAuB,CAAC,EAAE,cAAc,EAAE,CAAC;IAC3C,mBAAmB,CAAC,EAAE,cAAc,EAAE,CAAC;IACvC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CACvD;
|
|
1
|
+
{"version":3,"file":"plugin-runtime-apply.d.ts","sourceRoot":"","sources":["../../src/api/plugin-runtime-apply.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAU,MAAM,eAAe,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEvD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAEjE,MAAM,MAAM,sBAAsB,GAC9B,MAAM,GACN,cAAc,GACd,eAAe,GACf,gBAAgB,GAChB,kBAAkB,CAAC;AAEvB,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,sBAAsB,CAAC;IAC7B,eAAe,EAAE,OAAO,CAAC;IACzB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,UAAU,iCAAiC;IACzC,OAAO,EAAE,YAAY,GAAG,IAAI,CAAC;IAC7B,cAAc,EAAE,WAAW,CAAC;IAC5B,UAAU,EAAE,WAAW,CAAC;IACxB,uBAAuB,CAAC,EAAE,cAAc,EAAE,CAAC;IAC3C,mBAAmB,CAAC,EAAE,cAAc,EAAE,CAAC;IACvC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CACvD;AAkJD,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,iCAAiC,GACzC,OAAO,CAAC,wBAAwB,CAAC,CAuPnC"}
|
|
@@ -57,6 +57,49 @@ function packageRequiresRuntimeReload(packageName, previousResolvedMap, nextReso
|
|
|
57
57
|
const nextPlugin = nextResolvedMap.get(packageName)?.plugin;
|
|
58
58
|
return Boolean(previousPlugin?.adapter || nextPlugin?.adapter);
|
|
59
59
|
}
|
|
60
|
+
/**
|
|
61
|
+
* Two-phase reload rollback. A `plugin_reload` that throws partway leaves the
|
|
62
|
+
* in-memory plugin graph half-torn-down (plugins unloaded, replacements not
|
|
63
|
+
* registered) — a broken runtime. This undoes the partial mutation: it
|
|
64
|
+
* unregisters anything we newly registered, then re-registers (from their
|
|
65
|
+
* PREVIOUS resolved definitions) anything we unloaded, restoring the runtime to
|
|
66
|
+
* its pre-reload state. Returns true only when every step succeeded; a false
|
|
67
|
+
* means the graph may still be inconsistent and a full restart is the last
|
|
68
|
+
* resort. Best-effort and exception-safe — it never throws.
|
|
69
|
+
*/
|
|
70
|
+
async function rollbackPartialReload(opts) {
|
|
71
|
+
const { runtime, previousResolvedMap, nextResolvedMap, unloadedPackages, registeredPackages, } = opts;
|
|
72
|
+
let ok = true;
|
|
73
|
+
// 1. Unregister anything we newly registered (its NEXT plugin name).
|
|
74
|
+
for (const packageName of registeredPackages) {
|
|
75
|
+
const name = nextResolvedMap.get(packageName)?.plugin.name;
|
|
76
|
+
if (!name)
|
|
77
|
+
continue;
|
|
78
|
+
try {
|
|
79
|
+
await runtime.unloadPlugin(name);
|
|
80
|
+
}
|
|
81
|
+
catch (error) {
|
|
82
|
+
ok = false;
|
|
83
|
+
logger.warn(`[plugin-runtime-apply] rollback: failed to unregister newly-loaded ${packageName}: ${error instanceof Error ? error.message : String(error)}`);
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
// 2. Re-register the plugins we unloaded, from their PREVIOUS definitions.
|
|
87
|
+
for (const packageName of unloadedPackages) {
|
|
88
|
+
const previousPlugin = previousResolvedMap.get(packageName)?.plugin;
|
|
89
|
+
if (!previousPlugin) {
|
|
90
|
+
ok = false;
|
|
91
|
+
continue;
|
|
92
|
+
}
|
|
93
|
+
try {
|
|
94
|
+
await runtime.registerPlugin(previousPlugin);
|
|
95
|
+
}
|
|
96
|
+
catch (error) {
|
|
97
|
+
ok = false;
|
|
98
|
+
logger.warn(`[plugin-runtime-apply] rollback: failed to re-register ${packageName} from previous definition: ${error instanceof Error ? error.message : String(error)}`);
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
return ok;
|
|
102
|
+
}
|
|
60
103
|
export async function applyPluginRuntimeMutation(options) {
|
|
61
104
|
const { runtime, previousConfig, nextConfig, changedPluginId, changedPluginPackage, config, forceReloadPackages = [], expectRuntimeGraphChange = false, reason, restartRuntime, } = options;
|
|
62
105
|
if (!runtime) {
|
|
@@ -211,6 +254,37 @@ export async function applyPluginRuntimeMutation(options) {
|
|
|
211
254
|
}
|
|
212
255
|
catch (error) {
|
|
213
256
|
logger.warn(`[plugin-runtime-apply] Plugin reload failed for "${reason}": ${error instanceof Error ? error.message : String(error)}`);
|
|
257
|
+
// If we already mutated the graph, roll it back BEFORE any restart fallback
|
|
258
|
+
// so the runtime is never observed half-torn-down. A clean rollback restores
|
|
259
|
+
// the previous plugin graph; we then surface restart_required so the caller
|
|
260
|
+
// schedules a restart to actually apply the (failed) change — the old plugin
|
|
261
|
+
// keeps working in the interim instead of vanishing.
|
|
262
|
+
const mutated = unloadedPackages.length > 0 ||
|
|
263
|
+
reloadedPackages.length > 0 ||
|
|
264
|
+
loadedPackages.length > 0;
|
|
265
|
+
if (mutated) {
|
|
266
|
+
const rolledBack = await rollbackPartialReload({
|
|
267
|
+
runtime,
|
|
268
|
+
previousResolvedMap,
|
|
269
|
+
nextResolvedMap,
|
|
270
|
+
unloadedPackages,
|
|
271
|
+
registeredPackages: [...reloadedPackages, ...loadedPackages],
|
|
272
|
+
});
|
|
273
|
+
if (rolledBack) {
|
|
274
|
+
logger.info(`[plugin-runtime-apply] Rolled back partial reload for "${reason}"; runtime restored to previous plugin graph.`);
|
|
275
|
+
return {
|
|
276
|
+
mode: "restart_required",
|
|
277
|
+
requiresRestart: true,
|
|
278
|
+
restartedRuntime: false,
|
|
279
|
+
loadedPackages: [],
|
|
280
|
+
unloadedPackages: [],
|
|
281
|
+
reloadedPackages: [],
|
|
282
|
+
appliedConfigPackage,
|
|
283
|
+
reason: `${reason} (reload failed; rolled back to previous plugin graph)`,
|
|
284
|
+
};
|
|
285
|
+
}
|
|
286
|
+
logger.warn(`[plugin-runtime-apply] Rollback after failed reload for "${reason}" was incomplete; falling back to runtime restart.`);
|
|
287
|
+
}
|
|
214
288
|
const restartResult = await tryRuntimeRestart();
|
|
215
289
|
return { ...restartResult, appliedConfigPackage };
|
|
216
290
|
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { DeploymentTargetConfig, LinkedAccountFlagsConfig, ServiceCapability, ServiceRoutingConfig } from "@elizaos/shared";
|
|
2
2
|
import { type FirstRunConnection, type FirstRunCredentialInputs } from "@elizaos/shared";
|
|
3
|
-
import type { ElizaConfig } from "../config/types.eliza.
|
|
3
|
+
import type { ElizaConfig } from "../config/types.eliza.js";
|
|
4
4
|
type MutableElizaConfig = Partial<ElizaConfig> & {
|
|
5
5
|
cloud?: Record<string, unknown>;
|
|
6
6
|
models?: Record<string, unknown>;
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import type http from "node:http";
|
|
2
2
|
import type { ReadJsonBodyOptions } from "@elizaos/shared";
|
|
3
3
|
import type { SecretsManager } from "@elizaos/vault";
|
|
4
|
-
import type { ElizaConfig } from "../config/config.
|
|
5
|
-
import { type RuntimeOperationManager } from "../runtime/operations/index.
|
|
4
|
+
import type { ElizaConfig } from "../config/config.js";
|
|
5
|
+
import { type RuntimeOperationManager } from "../runtime/operations/index.js";
|
|
6
6
|
export interface ProviderSwitchRouteContext {
|
|
7
7
|
req: http.IncomingMessage;
|
|
8
8
|
res: http.ServerResponse;
|
package/api/registry-routes.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import type { RouteHelpers, RouteRequestMeta } from "@elizaos/core";
|
|
2
|
-
import type { RegistryPluginInfo, RegistrySearchResult } from "../services/plugin-manager-types.
|
|
2
|
+
import type { RegistryPluginInfo, RegistrySearchResult } from "../services/plugin-manager-types.js";
|
|
3
3
|
interface InstalledRegistryPluginLike {
|
|
4
4
|
name: string;
|
|
5
5
|
version?: string | null;
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import type http from "node:http";
|
|
2
2
|
import { type IAgentRuntime, type RouteHelpers, type RouteRequestMeta } from "@elizaos/core";
|
|
3
|
-
import { type ConnectCloudCapabilitySandboxOptions, type ConnectCloudCapabilitySandboxResult } from "../services/remote-capability-cloud-sandbox.
|
|
4
|
-
import { type ConnectRemoteCapabilityEndpointProviderOptions, type ConnectRemoteCapabilityEndpointProviderResult } from "../services/remote-capability-endpoint-provider.
|
|
3
|
+
import { type ConnectCloudCapabilitySandboxOptions, type ConnectCloudCapabilitySandboxResult } from "../services/remote-capability-cloud-sandbox.js";
|
|
4
|
+
import { type ConnectRemoteCapabilityEndpointProviderOptions, type ConnectRemoteCapabilityEndpointProviderResult } from "../services/remote-capability-endpoint-provider.js";
|
|
5
5
|
type JsonBodyReader = <T = Record<string, unknown>>(req: http.IncomingMessage, res: http.ServerResponse, options?: {
|
|
6
6
|
requireObject?: boolean;
|
|
7
7
|
}) => Promise<T | null>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"remote-capability-routes.d.ts","sourceRoot":"","sources":["../../src/api/remote-capability-routes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"remote-capability-routes.d.ts","sourceRoot":"","sources":["../../src/api/remote-capability-routes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAIL,KAAK,aAAa,EAElB,KAAK,YAAY,EACjB,KAAK,gBAAgB,EACtB,MAAM,eAAe,CAAC;AAMvB,OAAO,EACL,KAAK,oCAAoC,EACzC,KAAK,mCAAmC,EAEzC,MAAM,gDAAgD,CAAC;AACxD,OAAO,EACL,KAAK,8CAA8C,EACnD,KAAK,6CAA6C,EAMnD,MAAM,oDAAoD,CAAC;AAkB5D,KAAK,cAAc,GAAG,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChD,GAAG,EAAE,IAAI,CAAC,eAAe,EACzB,GAAG,EAAE,IAAI,CAAC,cAAc,EACxB,OAAO,CAAC,EAAE;IAAE,aAAa,CAAC,EAAE,OAAO,CAAA;CAAE,KAClC,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AAEvB,MAAM,WAAW,4BACf,SAAQ,gBAAgB,EACtB,IAAI,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC;IACtC,OAAO,EAAE,aAAa,GAAG,IAAI,CAAC;IAC9B,MAAM,CAAC,EAAE,6BAA6B,CAAC;IACvC,YAAY,EAAE,cAAc,CAAC;IAC7B,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,6BAA6B,KAAK,IAAI,CAAC;IAC7D,gBAAgB,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACjE,uBAAuB,CAAC,EAAE,CAAC,QAAQ,EACjC,OAAO,EAAE,aAAa,EACtB,OAAO,EAAE,8CAA8C,CAAC,QAAQ,CAAC,KAC9D,OAAO,CAAC,6CAA6C,CAAC,CAAC;IAC5D,mBAAmB,CAAC,EAAE,CACpB,OAAO,EAAE,aAAa,EACtB,OAAO,EAAE,oCAAoC,KAC1C,OAAO,CAAC,mCAAmC,CAAC,CAAC;CACnD;AAiDD,wBAAsB,4BAA4B,CAChD,GAAG,EAAE,4BAA4B,GAChC,OAAO,CAAC,OAAO,CAAC,CA2MlB;AAqFD,KAAK,6BAA6B,GAAG;IACnC,GAAG,CAAC,EAAE;QACJ,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC"}
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
+
import net from "node:net";
|
|
1
2
|
import { CAPABILITY_ROUTER_SERVICE_TYPE, CapabilityError, } from "@elizaos/core";
|
|
3
|
+
import { isBlockedPrivateOrLinkLocalIp, isLoopbackHost, normalizeHostLike, } from "../security/network-policy.js";
|
|
2
4
|
import { connectCloudCapabilitySandbox, } from "../services/remote-capability-cloud-sandbox.js";
|
|
3
5
|
import { connectRemoteCapabilityEndpointProvider, directRemoteCapabilityEndpointProvider, normalizeEndpointTrustPolicyOptions, } from "../services/remote-capability-endpoint-provider.js";
|
|
4
6
|
import { desktopCompanionCapabilityEndpointProvider, e2bCapabilityEndpointProvider, homeMachineCapabilityEndpointProvider, mobileCompanionCapabilityEndpointProvider, } from "../services/remote-capability-url-endpoint-providers.js";
|
|
@@ -537,6 +539,23 @@ function requireHttpUrl(value, field) {
|
|
|
537
539
|
if (parsed.username || parsed.password) {
|
|
538
540
|
throw new Error(`${field} must not include embedded credentials.`);
|
|
539
541
|
}
|
|
542
|
+
// SSRF guard: a remote-capability endpoint baseUrl is attacker-controlled by
|
|
543
|
+
// any authenticated caller (dedicated agents are reachable from the internet
|
|
544
|
+
// via the cloud proxy), and the router fetches it directly. Block literal
|
|
545
|
+
// private/loopback/link-local IPs and internal hostnames so it can't be aimed
|
|
546
|
+
// at cloud metadata (169.254.169.254) or internal services. Mirrors the host
|
|
547
|
+
// blocklist in runtime/custom-actions.ts. (Does not resolve DNS, so a public
|
|
548
|
+
// name pointing at a private address is not covered here.)
|
|
549
|
+
const host = normalizeHostLike(parsed.hostname);
|
|
550
|
+
if (!host ||
|
|
551
|
+
host === "0.0.0.0" ||
|
|
552
|
+
host === "metadata.google.internal" ||
|
|
553
|
+
host.endsWith(".local") ||
|
|
554
|
+
host.endsWith(".internal") ||
|
|
555
|
+
isLoopbackHost(host) ||
|
|
556
|
+
(net.isIP(host) !== 0 && isBlockedPrivateOrLinkLocalIp(host))) {
|
|
557
|
+
throw new Error(`${field} must not target a private, loopback, link-local, or internal address.`);
|
|
558
|
+
}
|
|
540
559
|
parsed.hash = "";
|
|
541
560
|
parsed.search = "";
|
|
542
561
|
return parsed.toString().replace(/\/+$/, "");
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import type { AgentEventPayloadLike } from "../runtime/agent-event-service.
|
|
2
|
-
import type { ServerState } from "./server-types.
|
|
1
|
+
import type { AgentEventPayloadLike } from "../runtime/agent-event-service.js";
|
|
2
|
+
import type { ServerState } from "./server-types.js";
|
|
3
3
|
export declare function isLifeOpsCloudPluginRoute(pathname: string): boolean;
|
|
4
4
|
export declare function maybeRouteAutonomyEventToConversation(state: ServerState, event: AgentEventPayloadLike): Promise<void>;
|
|
5
5
|
//# sourceMappingURL=server-autonomy-helpers.d.ts.map
|
|
@@ -22,6 +22,16 @@ export interface WaifuChatAccess {
|
|
|
22
22
|
export declare function resolveWaifuChatAccessToken(token: string | null | undefined, nowSeconds?: number): WaifuChatAccess | null;
|
|
23
23
|
export declare function resolveWaifuChatAccess(req: http.IncomingMessage): WaifuChatAccess | null;
|
|
24
24
|
export declare function isWaifuChatAuthorized(req: http.IncomingMessage, method: string, pathname: string): boolean;
|
|
25
|
+
/**
|
|
26
|
+
* Same-machine dashboard trust for the agent server. Delegates to the canonical
|
|
27
|
+
* `@elizaos/shared` parser with the agent's exact policy gates:
|
|
28
|
+
* - cloudCheck "container": `isCloudProvisionedContainer()` (the flag AND a
|
|
29
|
+
* provisioning token), NOT the raw `ELIZA_CLOUD_PROVISIONED` flag.
|
|
30
|
+
* - requireLocalAuthEnv: on-device local agents (Android) set
|
|
31
|
+
* `ELIZA_REQUIRE_LOCAL_AUTH=1` alongside a per-boot `ELIZA_API_TOKEN`, so
|
|
32
|
+
* loopback alone is not a trust signal there.
|
|
33
|
+
* - NO dev-auth bypass: the agent never honours `ELIZA_DEV_AUTH_BYPASS`.
|
|
34
|
+
*/
|
|
25
35
|
export declare function isTrustedLocalRequest(req: http.IncomingMessage): boolean;
|
|
26
36
|
/**
|
|
27
37
|
* True when the request carries a valid `X-Server-Token` matching the
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server-helpers-auth.d.ts","sourceRoot":"","sources":["../../src/api/server-helpers-auth.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"server-helpers-auth.d.ts","sourceRoot":"","sources":["../../src/api/server-helpers-auth.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AA0BlC,eAAO,MAAM,oBAAoB,QAoBrB,CAAC;AAcb,wBAAgB,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,eAAe,GAAG,OAAO,CA0ChE;AAED,wBAAgB,iBAAiB,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CA+BhE;AAqCD,wBAAgB,SAAS,CACvB,GAAG,EAAE,IAAI,CAAC,eAAe,EACzB,GAAG,EAAE,IAAI,CAAC,cAAc,EACxB,QAAQ,EAAE,MAAM,GACf,OAAO,CAsCT;AAaD,wBAAgB,qBAAqB,IAAI,MAAM,GAAG,SAAS,CAE1D;AAkCD,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,eAAe,GAAG,MAAM,GAAG,IAAI,CA8BzE;AAED,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC;AACvD,MAAM,MAAM,kBAAkB,GAAG,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC;AAE5D,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,aAAa,GAClB,kBAAkB,CAIpB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,aAAa,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B;AA0CD,wBAAgB,2BAA2B,CACzC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAChC,UAAU,SAAgC,GACzC,eAAe,GAAG,IAAI,CAiFxB;AAED,wBAAgB,sBAAsB,CACpC,GAAG,EAAE,IAAI,CAAC,eAAe,GACxB,eAAe,GAAG,IAAI,CAExB;AAsBD,wBAAgB,qBAAqB,CACnC,GAAG,EAAE,IAAI,CAAC,eAAe,EACzB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GACf,OAAO,CAKT;AAQD;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,IAAI,CAAC,eAAe,GAAG,OAAO,CAMxE;AA6BD;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,IAAI,CAAC,eAAe,GAAG,OAAO,CAM1E;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,eAAe,GAAG,OAAO,CAY/D;AAED,wBAAgB,yBAAyB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAiC5D;AAeD,wBAAgB,cAAc,IAAI,OAAO,CAKxC;AAED,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEzD;AAUD,wBAAgB,iBAAiB,IAAI,MAAM,GAAG,IAAI,CAWjD;AAED,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAe3D;AAED,wBAAgB,mBAAmB,IAAI,MAAM,CAE5C;AAED,wBAAgB,YAAY,IAAI,IAAI,CAGnC;AAQD,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAMjE;AAED,wBAAgB,0BAA0B,CACxC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,EAC1C,IAAI,EAAE;IAAE,QAAQ,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,IAAI,GAAG,SAAS,GAC9C,MAAM,GAAG,IAAI,CAMf;AAOD,wBAAgB,wBAAwB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAElE;AAMD,UAAU,sBAAsB;IAC9B,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,GAAG,GAAG,GAAG,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,wBAAgB,2BAA2B,CACzC,GAAG,EAAE,IAAI,CAAC,eAAe,EACzB,IAAI,EAAE,sBAAsB,GAC3B,oBAAoB,GAAG,IAAI,CA0C7B;AA0BD,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,IAAI,CAAC,eAAe,EAC7B,GAAG,EAAE,GAAG,GACP,OAAO,CAOT;AAED,MAAM,WAAW,yBAAyB;IACxC,MAAM,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,wBAAgB,gCAAgC,CAC9C,GAAG,EAAE,IAAI,CAAC,eAAe,EACzB,KAAK,EAAE,GAAG,GACT,yBAAyB,GAAG,IAAI,CAuClC;AAED,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,OAAO,aAAa,EAAE,MAAM,EACpC,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,GACd,IAAI,CAmBN"}
|
|
@@ -2,9 +2,8 @@
|
|
|
2
2
|
* Auth, CORS, pairing, terminal, and WebSocket auth helpers extracted from server.ts.
|
|
3
3
|
*/
|
|
4
4
|
import crypto from "node:crypto";
|
|
5
|
-
import { isIP } from "node:net";
|
|
6
5
|
import { logger } from "@elizaos/core";
|
|
7
|
-
import { isCloudProvisionedContainer, isNullOriginAllowed, resolveAllowedHosts, resolveAllowedOrigins, resolveApiBindHost, resolveApiSecurityConfig, resolveApiToken, setApiToken, stripOptionalHostPort, } from "@elizaos/shared";
|
|
6
|
+
import { isCloudProvisionedContainer, isLoopbackBindHost, isNullOriginAllowed, isTrustedLocalRequest as isTrustedLocalRequestShared, resolveAllowedHosts, resolveAllowedOrigins, resolveApiBindHost, resolveApiSecurityConfig, resolveApiToken, setApiToken, stripOptionalHostPort, } from "@elizaos/shared";
|
|
8
7
|
import { sweepExpiredEntries } from "./memory-bounds.js";
|
|
9
8
|
// ---------------------------------------------------------------------------
|
|
10
9
|
// CORS
|
|
@@ -403,176 +402,22 @@ function firstHeaderValue(value) {
|
|
|
403
402
|
return value[0];
|
|
404
403
|
return null;
|
|
405
404
|
}
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
"cf-connecting-ip",
|
|
417
|
-
"true-client-ip",
|
|
418
|
-
"fastly-client-ip",
|
|
419
|
-
"x-appengine-user-ip",
|
|
420
|
-
"x-azure-clientip",
|
|
421
|
-
]);
|
|
422
|
-
function headerValues(value) {
|
|
423
|
-
if (typeof value === "string")
|
|
424
|
-
return [value];
|
|
425
|
-
if (Array.isArray(value)) {
|
|
426
|
-
return value.filter((item) => typeof item === "string");
|
|
427
|
-
}
|
|
428
|
-
return [];
|
|
429
|
-
}
|
|
430
|
-
function isClientIpProxyHeaderName(name) {
|
|
431
|
-
const normalized = name.toLowerCase();
|
|
432
|
-
return (CLIENT_IP_PROXY_HEADERS.has(normalized) ||
|
|
433
|
-
normalized.endsWith("-client-ip") ||
|
|
434
|
-
normalized.endsWith("-connecting-ip") ||
|
|
435
|
-
normalized.endsWith("-real-ip"));
|
|
436
|
-
}
|
|
437
|
-
function extractForwardedForCandidates(raw) {
|
|
438
|
-
const candidates = [];
|
|
439
|
-
const pattern = /(?:^|[;,])\s*for=(?:"([^"]*)"|([^;,]*))/gi;
|
|
440
|
-
for (const match of raw.matchAll(pattern)) {
|
|
441
|
-
candidates.push(match[1] ?? match[2] ?? "");
|
|
442
|
-
}
|
|
443
|
-
return candidates;
|
|
444
|
-
}
|
|
445
|
-
function extractProxyClientAddressCandidates(headerName, raw) {
|
|
446
|
-
if (headerName === "forwarded") {
|
|
447
|
-
return extractForwardedForCandidates(raw);
|
|
448
|
-
}
|
|
449
|
-
const forwardedCandidates = raw.toLowerCase().includes("for=")
|
|
450
|
-
? extractForwardedForCandidates(raw)
|
|
451
|
-
: [];
|
|
452
|
-
if (forwardedCandidates.length > 0)
|
|
453
|
-
return forwardedCandidates;
|
|
454
|
-
return raw.split(",");
|
|
455
|
-
}
|
|
456
|
-
function stripMatchingQuotes(value) {
|
|
457
|
-
const trimmed = value.trim();
|
|
458
|
-
if ((trimmed.startsWith('"') && trimmed.endsWith('"')) ||
|
|
459
|
-
(trimmed.startsWith("'") && trimmed.endsWith("'"))) {
|
|
460
|
-
return trimmed.slice(1, -1);
|
|
461
|
-
}
|
|
462
|
-
return trimmed;
|
|
463
|
-
}
|
|
464
|
-
function isNeutralProxyClientAddress(raw) {
|
|
465
|
-
const normalized = stripMatchingQuotes(raw).trim().toLowerCase();
|
|
466
|
-
return (!normalized ||
|
|
467
|
-
normalized === "unknown" ||
|
|
468
|
-
normalized === "null" ||
|
|
469
|
-
normalized.startsWith("_"));
|
|
470
|
-
}
|
|
471
|
-
function normalizeProxyClientIp(raw) {
|
|
472
|
-
let normalized = stripMatchingQuotes(raw).trim();
|
|
473
|
-
if (!normalized)
|
|
474
|
-
return null;
|
|
475
|
-
if (normalized.startsWith("[")) {
|
|
476
|
-
const close = normalized.indexOf("]");
|
|
477
|
-
if (close > 0) {
|
|
478
|
-
normalized = normalized.slice(1, close);
|
|
479
|
-
}
|
|
480
|
-
}
|
|
481
|
-
else {
|
|
482
|
-
const ipv4HostPort = /^(\d{1,3}(?:\.\d{1,3}){3})(?::\d+)$/.exec(normalized);
|
|
483
|
-
if (ipv4HostPort?.[1]) {
|
|
484
|
-
normalized = ipv4HostPort[1];
|
|
485
|
-
}
|
|
486
|
-
}
|
|
487
|
-
const zoneIndex = normalized.indexOf("%");
|
|
488
|
-
if (zoneIndex >= 0) {
|
|
489
|
-
normalized = normalized.slice(0, zoneIndex);
|
|
490
|
-
}
|
|
491
|
-
normalized = normalized.trim().toLowerCase();
|
|
492
|
-
return isIP(normalized) ? normalized : null;
|
|
493
|
-
}
|
|
494
|
-
function isLoopbackProxyClientIp(ip) {
|
|
495
|
-
const normalized = ip.trim().toLowerCase();
|
|
496
|
-
return (normalized === "::1" ||
|
|
497
|
-
normalized === "0:0:0:0:0:0:0:1" ||
|
|
498
|
-
normalized.startsWith("127.") ||
|
|
499
|
-
normalized.startsWith("::ffff:127.") ||
|
|
500
|
-
normalized.startsWith("::ffff:0:127."));
|
|
501
|
-
}
|
|
502
|
-
function proxyClientHeaderBlocksLocalTrust(headers) {
|
|
503
|
-
for (const [rawName, rawValue] of Object.entries(headers)) {
|
|
504
|
-
const headerName = rawName.toLowerCase();
|
|
505
|
-
if (!isClientIpProxyHeaderName(headerName))
|
|
506
|
-
continue;
|
|
507
|
-
for (const value of headerValues(rawValue)) {
|
|
508
|
-
for (const candidate of extractProxyClientAddressCandidates(headerName, value)) {
|
|
509
|
-
if (isNeutralProxyClientAddress(candidate))
|
|
510
|
-
continue;
|
|
511
|
-
const ip = normalizeProxyClientIp(candidate);
|
|
512
|
-
if (!ip || !isLoopbackProxyClientIp(ip))
|
|
513
|
-
return true;
|
|
514
|
-
}
|
|
515
|
-
}
|
|
516
|
-
}
|
|
517
|
-
return false;
|
|
518
|
-
}
|
|
519
|
-
function isLoopbackRemoteAddress(remoteAddress) {
|
|
520
|
-
if (!remoteAddress)
|
|
521
|
-
return false;
|
|
522
|
-
const normalized = remoteAddress.trim().toLowerCase();
|
|
523
|
-
return (normalized === "127.0.0.1" ||
|
|
524
|
-
normalized === "::1" ||
|
|
525
|
-
normalized === "0:0:0:0:0:0:0:1" ||
|
|
526
|
-
normalized === "::ffff:127.0.0.1" ||
|
|
527
|
-
normalized === "::ffff:0:127.0.0.1");
|
|
528
|
-
}
|
|
529
|
-
function isTrustedLocalOrigin(raw) {
|
|
530
|
-
const trimmed = raw.trim();
|
|
531
|
-
if (!trimmed || trimmed === "null")
|
|
532
|
-
return true;
|
|
533
|
-
try {
|
|
534
|
-
const parsed = new URL(trimmed);
|
|
535
|
-
if (parsed.protocol === "file:" ||
|
|
536
|
-
parsed.protocol === "app:" ||
|
|
537
|
-
parsed.protocol === "tauri:" ||
|
|
538
|
-
parsed.protocol === "capacitor:" ||
|
|
539
|
-
parsed.protocol === "capacitor-electron:" ||
|
|
540
|
-
parsed.protocol === "electrobun:") {
|
|
541
|
-
return true;
|
|
542
|
-
}
|
|
543
|
-
return isLoopbackBindHost(parsed.hostname);
|
|
544
|
-
}
|
|
545
|
-
catch {
|
|
546
|
-
return false;
|
|
547
|
-
}
|
|
548
|
-
}
|
|
405
|
+
/**
|
|
406
|
+
* Same-machine dashboard trust for the agent server. Delegates to the canonical
|
|
407
|
+
* `@elizaos/shared` parser with the agent's exact policy gates:
|
|
408
|
+
* - cloudCheck "container": `isCloudProvisionedContainer()` (the flag AND a
|
|
409
|
+
* provisioning token), NOT the raw `ELIZA_CLOUD_PROVISIONED` flag.
|
|
410
|
+
* - requireLocalAuthEnv: on-device local agents (Android) set
|
|
411
|
+
* `ELIZA_REQUIRE_LOCAL_AUTH=1` alongside a per-boot `ELIZA_API_TOKEN`, so
|
|
412
|
+
* loopback alone is not a trust signal there.
|
|
413
|
+
* - NO dev-auth bypass: the agent never honours `ELIZA_DEV_AUTH_BYPASS`.
|
|
414
|
+
*/
|
|
549
415
|
export function isTrustedLocalRequest(req) {
|
|
550
|
-
|
|
551
|
-
|
|
552
|
-
|
|
553
|
-
|
|
554
|
-
|
|
555
|
-
// per-boot ELIZA_API_TOKEN; with this flag the server requires bearer
|
|
556
|
-
// auth on every route except /api/health (which is read-only liveness).
|
|
557
|
-
if (process.env.ELIZA_REQUIRE_LOCAL_AUTH === "1")
|
|
558
|
-
return false;
|
|
559
|
-
if (!isLoopbackRemoteAddress(req.socket.remoteAddress))
|
|
560
|
-
return false;
|
|
561
|
-
if (proxyClientHeaderBlocksLocalTrust(req.headers))
|
|
562
|
-
return false;
|
|
563
|
-
const host = firstHeaderValue(req.headers.host);
|
|
564
|
-
if (host && !isLoopbackBindHost(host))
|
|
565
|
-
return false;
|
|
566
|
-
const secFetchSite = firstHeaderValue(req.headers["sec-fetch-site"])?.toLowerCase();
|
|
567
|
-
if (secFetchSite === "cross-site")
|
|
568
|
-
return false;
|
|
569
|
-
const origin = firstHeaderValue(req.headers.origin);
|
|
570
|
-
if (origin && !isTrustedLocalOrigin(origin))
|
|
571
|
-
return false;
|
|
572
|
-
const referer = firstHeaderValue(req.headers.referer);
|
|
573
|
-
if (!origin && referer && !isTrustedLocalOrigin(referer))
|
|
574
|
-
return false;
|
|
575
|
-
return true;
|
|
416
|
+
return isTrustedLocalRequestShared(req, {
|
|
417
|
+
requireLocalAuthEnv: true,
|
|
418
|
+
devAuthBypassEnv: false,
|
|
419
|
+
cloudCheck: "container",
|
|
420
|
+
});
|
|
576
421
|
}
|
|
577
422
|
/**
|
|
578
423
|
* Resolve the shared service-to-service secret used by the cloud gateways to
|
|
@@ -629,45 +474,6 @@ export function isAuthorized(req) {
|
|
|
629
474
|
return false;
|
|
630
475
|
return tokenMatches(expected, provided);
|
|
631
476
|
}
|
|
632
|
-
function isLoopbackBindHost(host) {
|
|
633
|
-
let normalized = host.trim().toLowerCase();
|
|
634
|
-
if (!normalized)
|
|
635
|
-
return true;
|
|
636
|
-
// Allow users to provide full URLs by mistake (e.g. http://localhost:2138)
|
|
637
|
-
if (normalized.startsWith("http://") || normalized.startsWith("https://")) {
|
|
638
|
-
try {
|
|
639
|
-
const parsed = new URL(normalized);
|
|
640
|
-
normalized = parsed.hostname.toLowerCase();
|
|
641
|
-
}
|
|
642
|
-
catch {
|
|
643
|
-
// Fall through and parse as raw host value.
|
|
644
|
-
}
|
|
645
|
-
}
|
|
646
|
-
// [::1]:2138 -> ::1
|
|
647
|
-
const bracketedIpv6 = /^\[([^\]]+)\](?::\d+)?$/.exec(normalized);
|
|
648
|
-
if (bracketedIpv6?.[1]) {
|
|
649
|
-
normalized = bracketedIpv6[1];
|
|
650
|
-
}
|
|
651
|
-
else {
|
|
652
|
-
// localhost:2138 -> localhost, 127.0.0.1:2138 -> 127.0.0.1
|
|
653
|
-
const singleColonHostPort = /^([^:]+):(\d+)$/.exec(normalized);
|
|
654
|
-
if (singleColonHostPort?.[1]) {
|
|
655
|
-
normalized = singleColonHostPort[1];
|
|
656
|
-
}
|
|
657
|
-
}
|
|
658
|
-
normalized = normalized.replace(/^\[|\]$/g, "");
|
|
659
|
-
if (!normalized)
|
|
660
|
-
return true;
|
|
661
|
-
if (normalized === "localhost" ||
|
|
662
|
-
normalized === "::1" ||
|
|
663
|
-
normalized === "0:0:0:0:0:0:0:1" ||
|
|
664
|
-
normalized === "::ffff:127.0.0.1") {
|
|
665
|
-
return true;
|
|
666
|
-
}
|
|
667
|
-
if (normalized.startsWith("127."))
|
|
668
|
-
return true;
|
|
669
|
-
return false;
|
|
670
|
-
}
|
|
671
477
|
export function ensureApiTokenForBindHost(host) {
|
|
672
478
|
const { disableAutoApiToken } = resolveApiSecurityConfig(process.env);
|
|
673
479
|
const token = getConfiguredApiToken();
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* Config redaction, first-run, and skill validation helpers extracted from server.ts.
|
|
3
3
|
*/
|
|
4
4
|
import type http from "node:http";
|
|
5
|
-
import type { ElizaConfig } from "../config/config.
|
|
5
|
+
import type { ElizaConfig } from "../config/config.js";
|
|
6
6
|
/**
|
|
7
7
|
* Key patterns that indicate a value is sensitive and must be redacted.
|
|
8
8
|
*/
|
|
@@ -2,8 +2,8 @@
|
|
|
2
2
|
* MCP server configuration validation helpers extracted from server.ts.
|
|
3
3
|
*/
|
|
4
4
|
import type http from "node:http";
|
|
5
|
-
import type { TerminalRunRejection } from "./server-helpers-auth.
|
|
6
|
-
export { validateMcpServerConfig } from "../security/mcp-server-config.
|
|
5
|
+
import type { TerminalRunRejection } from "./server-helpers-auth.js";
|
|
6
|
+
export { validateMcpServerConfig } from "../security/mcp-server-config.js";
|
|
7
7
|
export declare function resolveMcpServersRejection(servers: Record<string, unknown>): Promise<string | null>;
|
|
8
8
|
export declare function mcpServersIncludeStdio(servers: Record<string, unknown>): boolean;
|
|
9
9
|
/**
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Plugin config/form helpers extracted from server.ts.
|
|
3
3
|
*/
|
|
4
|
-
import type { ServerState } from "./server-types.
|
|
4
|
+
import type { ServerState } from "./server-types.js";
|
|
5
5
|
export declare function resolvePluginConfigReply(prompt: string, _state: Pick<ServerState, "config" | "runtime">): Promise<string | null>;
|
|
6
6
|
export interface PluginConfigMutationRejection {
|
|
7
7
|
field: string;
|