@full-self-developing/fsd 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.engine/engine-config.json +27 -0
- package/CODEBASE_CONTEXT.md +152 -0
- package/README.md +111 -0
- package/README_zh.md +111 -0
- package/UI_SPEC.md +57 -0
- package/agents/api-proxy.js +542 -0
- package/agents/base.js +280 -0
- package/agents/branch-manager.js +135 -0
- package/agents/cli-models.json +48 -0
- package/agents/coder.js +128 -0
- package/agents/core-request.js +174 -0
- package/agents/dispatcher.js +491 -0
- package/agents/drivers/.atomcode/graph.bin +0 -0
- package/agents/drivers/atomcode.js +143 -0
- package/agents/drivers/gemini-cli.js +195 -0
- package/agents/drivers/index.js +65 -0
- package/agents/drivers/openrouter.js +390 -0
- package/agents/engine-config.js +444 -0
- package/agents/log-fixer.js +72 -0
- package/agents/mcp-client-manager.js +159 -0
- package/agents/optimizer.js +54 -0
- package/agents/path-validator.js +43 -0
- package/agents/planner.js +81 -0
- package/agents/prompt-manager.js +170 -0
- package/agents/skeptic.js +79 -0
- package/agents/skills-manager.js +130 -0
- package/agents/summarizer.js +34 -0
- package/agents/test-runner.js +85 -0
- package/bin/cli.js +166 -0
- package/client/eslint.config.js +21 -0
- package/client/index.html +12 -0
- package/client/package-lock.json +3339 -0
- package/client/package.json +35 -0
- package/client/src/App.jsx +745 -0
- package/client/src/api.js +78 -0
- package/client/src/components/ChatPanel.jsx +277 -0
- package/client/src/components/ConfirmationModal.jsx +61 -0
- package/client/src/components/ErrorBoundary.jsx +66 -0
- package/client/src/components/FolderPicker.jsx +200 -0
- package/client/src/components/LoopPanel.jsx +863 -0
- package/client/src/components/NotFound.jsx +52 -0
- package/client/src/components/SettingsPanel.jsx +966 -0
- package/client/src/components/Sidebar.jsx +318 -0
- package/client/src/context/SettingsContext.jsx +353 -0
- package/client/src/i18n.js +462 -0
- package/client/src/index.css +31 -0
- package/client/src/main.jsx +17 -0
- package/client/vite.config.js +19 -0
- package/design.md +875 -0
- package/extensions/alibaba/index.ts +11 -0
- package/extensions/alibaba/openclaw.plugin.json +34 -0
- package/extensions/alibaba/package.json +15 -0
- package/extensions/alibaba/plugin-registration.contract.test.ts +7 -0
- package/extensions/alibaba/tsconfig.json +16 -0
- package/extensions/alibaba/video-generation-provider.test.ts +92 -0
- package/extensions/alibaba/video-generation-provider.ts +83 -0
- package/extensions/amazon-bedrock/api.ts +6 -0
- package/extensions/amazon-bedrock/aws-credential-refresh.ts +42 -0
- package/extensions/amazon-bedrock/config-api.ts +4 -0
- package/extensions/amazon-bedrock/config-compat.test.ts +81 -0
- package/extensions/amazon-bedrock/config-compat.ts +107 -0
- package/extensions/amazon-bedrock/discovery-shared.ts +28 -0
- package/extensions/amazon-bedrock/discovery.test.ts +608 -0
- package/extensions/amazon-bedrock/discovery.ts +616 -0
- package/extensions/amazon-bedrock/embedding-provider.test.ts +109 -0
- package/extensions/amazon-bedrock/embedding-provider.ts +470 -0
- package/extensions/amazon-bedrock/index.test.ts +1249 -0
- package/extensions/amazon-bedrock/index.ts +11 -0
- package/extensions/amazon-bedrock/lazy-import.test.ts +56 -0
- package/extensions/amazon-bedrock/memory-embedding-adapter.test.ts +105 -0
- package/extensions/amazon-bedrock/memory-embedding-adapter.ts +47 -0
- package/extensions/amazon-bedrock/npm-shrinkwrap.json +1241 -0
- package/extensions/amazon-bedrock/openclaw.plugin.json +80 -0
- package/extensions/amazon-bedrock/package.json +41 -0
- package/extensions/amazon-bedrock/provider-policy-api.test.ts +46 -0
- package/extensions/amazon-bedrock/provider-policy-api.ts +9 -0
- package/extensions/amazon-bedrock/register.sync.runtime.ts +659 -0
- package/extensions/amazon-bedrock/setup-api.ts +18 -0
- package/extensions/amazon-bedrock/thinking-policy.ts +32 -0
- package/extensions/amazon-bedrock/tsconfig.json +16 -0
- package/extensions/anthropic/api.ts +11 -0
- package/extensions/anthropic/claude-model-refs.ts +104 -0
- package/extensions/anthropic/cli-auth-seam.ts +13 -0
- package/extensions/anthropic/cli-backend-api.ts +6 -0
- package/extensions/anthropic/cli-backend.ts +83 -0
- package/extensions/anthropic/cli-catalog.ts +42 -0
- package/extensions/anthropic/cli-constants.ts +41 -0
- package/extensions/anthropic/cli-migration.test.ts +487 -0
- package/extensions/anthropic/cli-migration.ts +266 -0
- package/extensions/anthropic/cli-shared.test.ts +300 -0
- package/extensions/anthropic/cli-shared.ts +248 -0
- package/extensions/anthropic/config-defaults.ts +428 -0
- package/extensions/anthropic/contract-api.ts +9 -0
- package/extensions/anthropic/doctor-contract-api.ts +14 -0
- package/extensions/anthropic/index.test.ts +663 -0
- package/extensions/anthropic/index.ts +11 -0
- package/extensions/anthropic/media-understanding-provider.ts +15 -0
- package/extensions/anthropic/openclaw.plugin.json +112 -0
- package/extensions/anthropic/package.json +18 -0
- package/extensions/anthropic/provider-contract-api.ts +59 -0
- package/extensions/anthropic/provider-discovery.ts +35 -0
- package/extensions/anthropic/provider-policy-api.test.ts +135 -0
- package/extensions/anthropic/provider-policy-api.ts +24 -0
- package/extensions/anthropic/provider-runtime.contract.test.ts +3 -0
- package/extensions/anthropic/register.runtime.ts +668 -0
- package/extensions/anthropic/replay-policy.ts +9 -0
- package/extensions/anthropic/setup-api.ts +11 -0
- package/extensions/anthropic/stream-wrappers.test.ts +233 -0
- package/extensions/anthropic/stream-wrappers.ts +228 -0
- package/extensions/anthropic/test-api.ts +3 -0
- package/extensions/anthropic/tsconfig.json +16 -0
- package/extensions/arcee/api.ts +8 -0
- package/extensions/arcee/index.test.ts +195 -0
- package/extensions/arcee/index.ts +142 -0
- package/extensions/arcee/models.ts +68 -0
- package/extensions/arcee/onboard.ts +43 -0
- package/extensions/arcee/openclaw.plugin.json +46 -0
- package/extensions/arcee/package.json +15 -0
- package/extensions/arcee/provider-catalog.ts +54 -0
- package/extensions/arcee/tsconfig.json +16 -0
- package/extensions/azure-speech/azure-speech.live.test.ts +92 -0
- package/extensions/azure-speech/index.ts +11 -0
- package/extensions/azure-speech/openclaw.plugin.json +66 -0
- package/extensions/azure-speech/package.json +15 -0
- package/extensions/azure-speech/speech-provider.test.ts +242 -0
- package/extensions/azure-speech/speech-provider.ts +306 -0
- package/extensions/azure-speech/tsconfig.json +16 -0
- package/extensions/azure-speech/tts.test.ts +127 -0
- package/extensions/azure-speech/tts.ts +209 -0
- package/extensions/byteplus/api.ts +8 -0
- package/extensions/byteplus/index.test.ts +60 -0
- package/extensions/byteplus/index.ts +84 -0
- package/extensions/byteplus/live.test.ts +60 -0
- package/extensions/byteplus/models.ts +35 -0
- package/extensions/byteplus/openclaw.plugin.json +165 -0
- package/extensions/byteplus/package.json +15 -0
- package/extensions/byteplus/plugin-registration.contract.test.ts +8 -0
- package/extensions/byteplus/provider-catalog.ts +17 -0
- package/extensions/byteplus/provider-discovery.ts +31 -0
- package/extensions/byteplus/tsconfig.json +16 -0
- package/extensions/byteplus/video-generation-provider.test.ts +223 -0
- package/extensions/byteplus/video-generation-provider.ts +389 -0
- package/extensions/cerebras/api.ts +7 -0
- package/extensions/cerebras/index.ts +41 -0
- package/extensions/cerebras/models.ts +25 -0
- package/extensions/cerebras/onboard.ts +26 -0
- package/extensions/cerebras/openclaw.plugin.json +111 -0
- package/extensions/cerebras/package.json +15 -0
- package/extensions/cerebras/provider-catalog.ts +10 -0
- package/extensions/cerebras/tsconfig.json +16 -0
- package/extensions/chutes/api.ts +14 -0
- package/extensions/chutes/implicit-provider.test.ts +107 -0
- package/extensions/chutes/index.ts +194 -0
- package/extensions/chutes/model-discovery-env.ts +5 -0
- package/extensions/chutes/models.test.ts +289 -0
- package/extensions/chutes/models.ts +632 -0
- package/extensions/chutes/oauth.ts +235 -0
- package/extensions/chutes/onboard.ts +63 -0
- package/extensions/chutes/openclaw.plugin.json +726 -0
- package/extensions/chutes/package.json +15 -0
- package/extensions/chutes/provider-catalog.ts +29 -0
- package/extensions/chutes/tsconfig.json +16 -0
- package/extensions/cloudflare-ai-gateway/api.ts +14 -0
- package/extensions/cloudflare-ai-gateway/catalog-provider.ts +73 -0
- package/extensions/cloudflare-ai-gateway/index.test.ts +60 -0
- package/extensions/cloudflare-ai-gateway/index.ts +233 -0
- package/extensions/cloudflare-ai-gateway/models.ts +44 -0
- package/extensions/cloudflare-ai-gateway/onboard.ts +91 -0
- package/extensions/cloudflare-ai-gateway/openclaw.plugin.json +44 -0
- package/extensions/cloudflare-ai-gateway/package.json +15 -0
- package/extensions/cloudflare-ai-gateway/provider-discovery.contract.test.ts +3 -0
- package/extensions/cloudflare-ai-gateway/stream-wrappers.test.ts +160 -0
- package/extensions/cloudflare-ai-gateway/stream-wrappers.ts +32 -0
- package/extensions/cloudflare-ai-gateway/tsconfig.json +16 -0
- package/extensions/codex/doctor-contract-api.test.ts +44 -0
- package/extensions/codex/doctor-contract-api.ts +68 -0
- package/extensions/codex/harness.ts +85 -0
- package/extensions/codex/index.test.ts +230 -0
- package/extensions/codex/index.ts +125 -0
- package/extensions/codex/media-understanding-provider.test.ts +496 -0
- package/extensions/codex/media-understanding-provider.ts +524 -0
- package/extensions/codex/npm-shrinkwrap.json +1949 -0
- package/extensions/codex/openclaw.plugin.json +403 -0
- package/extensions/codex/package.json +41 -0
- package/extensions/codex/prompt-overlay-runtime-contract.test.ts +48 -0
- package/extensions/codex/prompt-overlay.ts +21 -0
- package/extensions/codex/provider-catalog.ts +83 -0
- package/extensions/codex/provider-discovery.ts +45 -0
- package/extensions/codex/provider.test.ts +384 -0
- package/extensions/codex/provider.ts +243 -0
- package/extensions/codex/src/app-server/app-inventory-cache.test.ts +176 -0
- package/extensions/codex/src/app-server/app-inventory-cache.ts +324 -0
- package/extensions/codex/src/app-server/approval-bridge.test.ts +1472 -0
- package/extensions/codex/src/app-server/approval-bridge.ts +1211 -0
- package/extensions/codex/src/app-server/auth-bridge.test.ts +1449 -0
- package/extensions/codex/src/app-server/auth-bridge.ts +614 -0
- package/extensions/codex/src/app-server/auth-profile-runtime-contract.test.ts +242 -0
- package/extensions/codex/src/app-server/capabilities.ts +27 -0
- package/extensions/codex/src/app-server/client-factory.ts +24 -0
- package/extensions/codex/src/app-server/client.test.ts +563 -0
- package/extensions/codex/src/app-server/client.ts +721 -0
- package/extensions/codex/src/app-server/compact.test.ts +1029 -0
- package/extensions/codex/src/app-server/compact.ts +662 -0
- package/extensions/codex/src/app-server/computer-use.test.ts +788 -0
- package/extensions/codex/src/app-server/computer-use.ts +683 -0
- package/extensions/codex/src/app-server/config.test.ts +948 -0
- package/extensions/codex/src/app-server/config.ts +1093 -0
- package/extensions/codex/src/app-server/context-engine-projection.test.ts +252 -0
- package/extensions/codex/src/app-server/context-engine-projection.ts +403 -0
- package/extensions/codex/src/app-server/delivery-no-reply-runtime-contract.test.ts +80 -0
- package/extensions/codex/src/app-server/dynamic-tool-diagnostics.ts +73 -0
- package/extensions/codex/src/app-server/dynamic-tool-profile.ts +70 -0
- package/extensions/codex/src/app-server/dynamic-tools.test.ts +1357 -0
- package/extensions/codex/src/app-server/dynamic-tools.ts +646 -0
- package/extensions/codex/src/app-server/elicitation-bridge.test.ts +1281 -0
- package/extensions/codex/src/app-server/elicitation-bridge.ts +828 -0
- package/extensions/codex/src/app-server/event-projector.test.ts +2885 -0
- package/extensions/codex/src/app-server/event-projector.ts +2047 -0
- package/extensions/codex/src/app-server/image-payload-sanitizer.test.ts +49 -0
- package/extensions/codex/src/app-server/image-payload-sanitizer.ts +195 -0
- package/extensions/codex/src/app-server/local-runtime-attribution.ts +39 -0
- package/extensions/codex/src/app-server/managed-binary.test.ts +141 -0
- package/extensions/codex/src/app-server/managed-binary.ts +193 -0
- package/extensions/codex/src/app-server/models.test.ts +246 -0
- package/extensions/codex/src/app-server/models.ts +172 -0
- package/extensions/codex/src/app-server/native-hook-relay.test.ts +274 -0
- package/extensions/codex/src/app-server/native-hook-relay.ts +150 -0
- package/extensions/codex/src/app-server/native-subagent-monitor.test.ts +1125 -0
- package/extensions/codex/src/app-server/native-subagent-monitor.ts +1061 -0
- package/extensions/codex/src/app-server/native-subagent-notification.test.ts +176 -0
- package/extensions/codex/src/app-server/native-subagent-notification.ts +222 -0
- package/extensions/codex/src/app-server/native-subagent-task-ids.ts +3 -0
- package/extensions/codex/src/app-server/native-subagent-task-mirror.test.ts +625 -0
- package/extensions/codex/src/app-server/native-subagent-task-mirror.ts +460 -0
- package/extensions/codex/src/app-server/notification-correlation.ts +91 -0
- package/extensions/codex/src/app-server/openclaw-owned-tool-runtime-contract.test.ts +456 -0
- package/extensions/codex/src/app-server/outcome-fallback-runtime-contract.test.ts +404 -0
- package/extensions/codex/src/app-server/plugin-activation.test.ts +336 -0
- package/extensions/codex/src/app-server/plugin-activation.ts +283 -0
- package/extensions/codex/src/app-server/plugin-app-cache-key.ts +74 -0
- package/extensions/codex/src/app-server/plugin-approval-roundtrip.ts +122 -0
- package/extensions/codex/src/app-server/plugin-inventory.test.ts +355 -0
- package/extensions/codex/src/app-server/plugin-inventory.ts +357 -0
- package/extensions/codex/src/app-server/plugin-thread-config.test.ts +865 -0
- package/extensions/codex/src/app-server/plugin-thread-config.ts +455 -0
- package/extensions/codex/src/app-server/protocol-generated/json/DynamicToolCallParams.json +33 -0
- package/extensions/codex/src/app-server/protocol-generated/json/v2/ErrorNotification.json +199 -0
- package/extensions/codex/src/app-server/protocol-generated/json/v2/GetAccountResponse.json +102 -0
- package/extensions/codex/src/app-server/protocol-generated/json/v2/ModelListResponse.json +227 -0
- package/extensions/codex/src/app-server/protocol-generated/json/v2/ThreadResumeResponse.json +2630 -0
- package/extensions/codex/src/app-server/protocol-generated/json/v2/ThreadStartResponse.json +2630 -0
- package/extensions/codex/src/app-server/protocol-generated/json/v2/TurnCompletedNotification.json +1659 -0
- package/extensions/codex/src/app-server/protocol-generated/json/v2/TurnStartResponse.json +1655 -0
- package/extensions/codex/src/app-server/protocol-validators.test.ts +75 -0
- package/extensions/codex/src/app-server/protocol-validators.ts +203 -0
- package/extensions/codex/src/app-server/protocol.ts +537 -0
- package/extensions/codex/src/app-server/rate-limit-cache.ts +48 -0
- package/extensions/codex/src/app-server/rate-limits.test.ts +202 -0
- package/extensions/codex/src/app-server/rate-limits.ts +583 -0
- package/extensions/codex/src/app-server/request.test.ts +68 -0
- package/extensions/codex/src/app-server/request.ts +90 -0
- package/extensions/codex/src/app-server/run-attempt-thread-cleanup.test.ts +197 -0
- package/extensions/codex/src/app-server/run-attempt.context-engine.test.ts +1246 -0
- package/extensions/codex/src/app-server/run-attempt.test.ts +10799 -0
- package/extensions/codex/src/app-server/run-attempt.ts +5264 -0
- package/extensions/codex/src/app-server/run-attempt.vision-tools.test.ts +35 -0
- package/extensions/codex/src/app-server/sandbox-exec-server/filesystem.ts +261 -0
- package/extensions/codex/src/app-server/sandbox-exec-server/fs-policy.ts +346 -0
- package/extensions/codex/src/app-server/sandbox-exec-server/http.ts +312 -0
- package/extensions/codex/src/app-server/sandbox-exec-server/json-rpc.ts +93 -0
- package/extensions/codex/src/app-server/sandbox-exec-server/processes.ts +411 -0
- package/extensions/codex/src/app-server/sandbox-exec-server/runtime.ts +22 -0
- package/extensions/codex/src/app-server/sandbox-exec-server/types.ts +80 -0
- package/extensions/codex/src/app-server/sandbox-exec-server.fs.test.ts +527 -0
- package/extensions/codex/src/app-server/sandbox-exec-server.http.test.ts +210 -0
- package/extensions/codex/src/app-server/sandbox-exec-server.test-helpers.ts +236 -0
- package/extensions/codex/src/app-server/sandbox-exec-server.test.ts +460 -0
- package/extensions/codex/src/app-server/sandbox-exec-server.ts +355 -0
- package/extensions/codex/src/app-server/sandbox-guard.ts +153 -0
- package/extensions/codex/src/app-server/schema-normalization-runtime-contract.test.ts +206 -0
- package/extensions/codex/src/app-server/session-binding.test.ts +303 -0
- package/extensions/codex/src/app-server/session-binding.ts +407 -0
- package/extensions/codex/src/app-server/session-history.ts +44 -0
- package/extensions/codex/src/app-server/shared-client.test.ts +591 -0
- package/extensions/codex/src/app-server/shared-client.ts +289 -0
- package/extensions/codex/src/app-server/side-question.test.ts +1243 -0
- package/extensions/codex/src/app-server/side-question.ts +1019 -0
- package/extensions/codex/src/app-server/test-support.ts +48 -0
- package/extensions/codex/src/app-server/thread-lifecycle.test.ts +447 -0
- package/extensions/codex/src/app-server/thread-lifecycle.ts +1004 -0
- package/extensions/codex/src/app-server/thread-lifecycle.user-mcp-servers.test.ts +442 -0
- package/extensions/codex/src/app-server/timeout.ts +9 -0
- package/extensions/codex/src/app-server/tool-progress-normalization.ts +77 -0
- package/extensions/codex/src/app-server/trajectory.test.ts +205 -0
- package/extensions/codex/src/app-server/trajectory.ts +368 -0
- package/extensions/codex/src/app-server/transcript-mirror.test.ts +527 -0
- package/extensions/codex/src/app-server/transcript-mirror.ts +208 -0
- package/extensions/codex/src/app-server/transcript-repair-runtime-contract.test.ts +44 -0
- package/extensions/codex/src/app-server/transport-stdio.test.ts +184 -0
- package/extensions/codex/src/app-server/transport-stdio.ts +107 -0
- package/extensions/codex/src/app-server/transport-websocket.test.ts +71 -0
- package/extensions/codex/src/app-server/transport-websocket.ts +90 -0
- package/extensions/codex/src/app-server/transport.ts +117 -0
- package/extensions/codex/src/app-server/user-input-bridge.test.ts +249 -0
- package/extensions/codex/src/app-server/user-input-bridge.ts +316 -0
- package/extensions/codex/src/app-server/version.ts +5 -0
- package/extensions/codex/src/app-server/vision-tools.ts +12 -0
- package/extensions/codex/src/command-account.ts +589 -0
- package/extensions/codex/src/command-formatters.ts +426 -0
- package/extensions/codex/src/command-handlers.ts +2092 -0
- package/extensions/codex/src/command-plugins-management.test.ts +172 -0
- package/extensions/codex/src/command-plugins-management.ts +137 -0
- package/extensions/codex/src/command-rpc.test.ts +16 -0
- package/extensions/codex/src/command-rpc.ts +146 -0
- package/extensions/codex/src/commands.test.ts +3737 -0
- package/extensions/codex/src/commands.ts +65 -0
- package/extensions/codex/src/conversation-binding-data.ts +124 -0
- package/extensions/codex/src/conversation-binding.test.ts +697 -0
- package/extensions/codex/src/conversation-binding.ts +575 -0
- package/extensions/codex/src/conversation-control.test.ts +126 -0
- package/extensions/codex/src/conversation-control.ts +303 -0
- package/extensions/codex/src/conversation-turn-collector.test.ts +191 -0
- package/extensions/codex/src/conversation-turn-collector.ts +190 -0
- package/extensions/codex/src/conversation-turn-input.test.ts +141 -0
- package/extensions/codex/src/conversation-turn-input.ts +106 -0
- package/extensions/codex/src/manifest.test.ts +20 -0
- package/extensions/codex/src/migration/apply.ts +501 -0
- package/extensions/codex/src/migration/helpers.ts +55 -0
- package/extensions/codex/src/migration/plan.ts +461 -0
- package/extensions/codex/src/migration/provider.test.ts +1741 -0
- package/extensions/codex/src/migration/provider.ts +41 -0
- package/extensions/codex/src/migration/source.ts +643 -0
- package/extensions/codex/src/migration/targets.ts +25 -0
- package/extensions/codex/src/node-cli-sessions.test.ts +180 -0
- package/extensions/codex/src/node-cli-sessions.ts +711 -0
- package/extensions/codex/test-api.ts +95 -0
- package/extensions/codex/tsconfig.json +16 -0
- package/extensions/comfy/comfy.live.test.ts +128 -0
- package/extensions/comfy/image-generation-provider.test.ts +457 -0
- package/extensions/comfy/image-generation-provider.ts +79 -0
- package/extensions/comfy/index.test.ts +51 -0
- package/extensions/comfy/index.ts +45 -0
- package/extensions/comfy/music-generation-provider.test.ts +101 -0
- package/extensions/comfy/music-generation-provider.ts +88 -0
- package/extensions/comfy/openclaw.plugin.json +268 -0
- package/extensions/comfy/package.json +15 -0
- package/extensions/comfy/plugin-registration.contract.test.ts +11 -0
- package/extensions/comfy/test-helpers.ts +113 -0
- package/extensions/comfy/tsconfig.json +16 -0
- package/extensions/comfy/video-generation-provider.test.ts +184 -0
- package/extensions/comfy/video-generation-provider.ts +104 -0
- package/extensions/comfy/workflow-runtime.ts +827 -0
- package/extensions/deepgram/audio.live.test.ts +75 -0
- package/extensions/deepgram/audio.test.ts +146 -0
- package/extensions/deepgram/audio.ts +109 -0
- package/extensions/deepgram/index.ts +13 -0
- package/extensions/deepgram/media-understanding-provider.ts +10 -0
- package/extensions/deepgram/openclaw.plugin.json +30 -0
- package/extensions/deepgram/package.json +15 -0
- package/extensions/deepgram/realtime-transcription-provider.test.ts +69 -0
- package/extensions/deepgram/realtime-transcription-provider.ts +283 -0
- package/extensions/deepgram/test-api.ts +2 -0
- package/extensions/deepgram/tsconfig.json +16 -0
- package/extensions/deepinfra/api.ts +8 -0
- package/extensions/deepinfra/embedding-provider.ts +33 -0
- package/extensions/deepinfra/image-generation-provider.test.ts +224 -0
- package/extensions/deepinfra/image-generation-provider.ts +89 -0
- package/extensions/deepinfra/index.test.ts +113 -0
- package/extensions/deepinfra/index.ts +84 -0
- package/extensions/deepinfra/media-models.ts +50 -0
- package/extensions/deepinfra/media-understanding-provider.test.ts +73 -0
- package/extensions/deepinfra/media-understanding-provider.ts +37 -0
- package/extensions/deepinfra/memory-embedding-adapter.test.ts +31 -0
- package/extensions/deepinfra/memory-embedding-adapter.ts +35 -0
- package/extensions/deepinfra/onboard.test.ts +172 -0
- package/extensions/deepinfra/onboard.ts +36 -0
- package/extensions/deepinfra/openclaw.plugin.json +203 -0
- package/extensions/deepinfra/package.json +15 -0
- package/extensions/deepinfra/provider-catalog.ts +24 -0
- package/extensions/deepinfra/provider-models.test.ts +217 -0
- package/extensions/deepinfra/provider-models.ts +167 -0
- package/extensions/deepinfra/provider-policy-api.test.ts +41 -0
- package/extensions/deepinfra/provider-policy-api.ts +21 -0
- package/extensions/deepinfra/provider.contract.test.ts +3 -0
- package/extensions/deepinfra/speech-provider.test.ts +169 -0
- package/extensions/deepinfra/speech-provider.ts +41 -0
- package/extensions/deepinfra/tsconfig.json +16 -0
- package/extensions/deepinfra/video-generation-provider.test.ts +194 -0
- package/extensions/deepinfra/video-generation-provider.ts +262 -0
- package/extensions/deepseek/api.ts +7 -0
- package/extensions/deepseek/deepseek.live.test.ts +232 -0
- package/extensions/deepseek/index.test.ts +488 -0
- package/extensions/deepseek/index.ts +58 -0
- package/extensions/deepseek/models.ts +33 -0
- package/extensions/deepseek/onboard.ts +31 -0
- package/extensions/deepseek/openclaw.plugin.json +132 -0
- package/extensions/deepseek/package.json +15 -0
- package/extensions/deepseek/provider-catalog.ts +14 -0
- package/extensions/deepseek/provider-discovery.ts +17 -0
- package/extensions/deepseek/provider-policy-api.test.ts +264 -0
- package/extensions/deepseek/provider-policy-api.ts +104 -0
- package/extensions/deepseek/stream.ts +14 -0
- package/extensions/deepseek/thinking.ts +19 -0
- package/extensions/deepseek/tsconfig.json +16 -0
- package/extensions/elevenlabs/config-api.ts +8 -0
- package/extensions/elevenlabs/config-compat.test.ts +75 -0
- package/extensions/elevenlabs/config-compat.ts +181 -0
- package/extensions/elevenlabs/contract-api.ts +8 -0
- package/extensions/elevenlabs/doctor-contract.ts +34 -0
- package/extensions/elevenlabs/elevenlabs.live.test.ts +91 -0
- package/extensions/elevenlabs/index.ts +15 -0
- package/extensions/elevenlabs/media-understanding-provider.test.ts +95 -0
- package/extensions/elevenlabs/media-understanding-provider.ts +85 -0
- package/extensions/elevenlabs/openclaw.plugin.json +40 -0
- package/extensions/elevenlabs/package.json +15 -0
- package/extensions/elevenlabs/realtime-transcription-provider.test.ts +60 -0
- package/extensions/elevenlabs/realtime-transcription-provider.ts +284 -0
- package/extensions/elevenlabs/setup-api.ts +11 -0
- package/extensions/elevenlabs/shared.ts +10 -0
- package/extensions/elevenlabs/speech-provider.test.ts +124 -0
- package/extensions/elevenlabs/speech-provider.ts +594 -0
- package/extensions/elevenlabs/test-api.ts +6 -0
- package/extensions/elevenlabs/tsconfig.json +16 -0
- package/extensions/elevenlabs/tts.test.ts +212 -0
- package/extensions/elevenlabs/tts.ts +198 -0
- package/extensions/fal/image-generation-provider.test.ts +710 -0
- package/extensions/fal/image-generation-provider.ts +463 -0
- package/extensions/fal/index.ts +19 -0
- package/extensions/fal/music-generation-provider.test.ts +200 -0
- package/extensions/fal/music-generation-provider.ts +219 -0
- package/extensions/fal/onboard.ts +21 -0
- package/extensions/fal/openclaw.plugin.json +42 -0
- package/extensions/fal/package.json +15 -0
- package/extensions/fal/plugin-registration.contract.test.ts +11 -0
- package/extensions/fal/provider-contract-api.ts +31 -0
- package/extensions/fal/provider-registration.ts +38 -0
- package/extensions/fal/test-api.ts +3 -0
- package/extensions/fal/tsconfig.json +16 -0
- package/extensions/fal/video-generation-provider.test.ts +566 -0
- package/extensions/fal/video-generation-provider.ts +648 -0
- package/extensions/fireworks/index.test.ts +181 -0
- package/extensions/fireworks/index.ts +85 -0
- package/extensions/fireworks/model-id.ts +5 -0
- package/extensions/fireworks/onboard.ts +30 -0
- package/extensions/fireworks/openclaw.plugin.json +73 -0
- package/extensions/fireworks/package.json +18 -0
- package/extensions/fireworks/provider-catalog.ts +50 -0
- package/extensions/fireworks/provider-policy-api.ts +8 -0
- package/extensions/fireworks/stream.test.ts +184 -0
- package/extensions/fireworks/stream.ts +39 -0
- package/extensions/fireworks/thinking-policy.ts +17 -0
- package/extensions/fireworks/tsconfig.json +16 -0
- package/extensions/github-copilot/api.ts +1 -0
- package/extensions/github-copilot/auth.test.ts +109 -0
- package/extensions/github-copilot/auth.ts +65 -0
- package/extensions/github-copilot/connection-bound-ids.live.test.ts +231 -0
- package/extensions/github-copilot/connection-bound-ids.test.ts +96 -0
- package/extensions/github-copilot/connection-bound-ids.ts +81 -0
- package/extensions/github-copilot/embeddings.test.ts +287 -0
- package/extensions/github-copilot/embeddings.ts +342 -0
- package/extensions/github-copilot/index.test.ts +660 -0
- package/extensions/github-copilot/index.ts +492 -0
- package/extensions/github-copilot/login.ts +323 -0
- package/extensions/github-copilot/model-metadata.ts +51 -0
- package/extensions/github-copilot/models-defaults.ts +61 -0
- package/extensions/github-copilot/models.test.ts +695 -0
- package/extensions/github-copilot/models.ts +274 -0
- package/extensions/github-copilot/openclaw.plugin.json +270 -0
- package/extensions/github-copilot/package.json +19 -0
- package/extensions/github-copilot/provider-auth.contract.test.ts +3 -0
- package/extensions/github-copilot/provider-discovery.contract.test.ts +7 -0
- package/extensions/github-copilot/provider-runtime.contract.test.ts +3 -0
- package/extensions/github-copilot/register.runtime.ts +24 -0
- package/extensions/github-copilot/replay-policy.ts +9 -0
- package/extensions/github-copilot/stream.test.ts +282 -0
- package/extensions/github-copilot/stream.ts +157 -0
- package/extensions/github-copilot/token.ts +6 -0
- package/extensions/github-copilot/tsconfig.json +16 -0
- package/extensions/github-copilot/usage.ts +68 -0
- package/extensions/google/api.test.ts +249 -0
- package/extensions/google/api.ts +91 -0
- package/extensions/google/cli-backend.ts +58 -0
- package/extensions/google/default-model.test.ts +115 -0
- package/extensions/google/doctor-contract-api.ts +18 -0
- package/extensions/google/embedding-batch.ts +379 -0
- package/extensions/google/embedding-provider.test.ts +264 -0
- package/extensions/google/embedding-provider.ts +441 -0
- package/extensions/google/gemini-auth.ts +20 -0
- package/extensions/google/gemini-cli-provider.ts +145 -0
- package/extensions/google/generation-provider-metadata.ts +121 -0
- package/extensions/google/google-genai-runtime.ts +8 -0
- package/extensions/google/google-shared.test-helpers.ts +99 -0
- package/extensions/google/google-shared.test.ts +380 -0
- package/extensions/google/google.live.test.ts +179 -0
- package/extensions/google/image-generation-provider.test.ts +503 -0
- package/extensions/google/image-generation-provider.ts +272 -0
- package/extensions/google/index.test.ts +310 -0
- package/extensions/google/index.ts +354 -0
- package/extensions/google/manifest.test.ts +104 -0
- package/extensions/google/media-understanding-provider.ts +164 -0
- package/extensions/google/media-understanding-provider.video.test.ts +158 -0
- package/extensions/google/memory-embedding-adapter.ts +79 -0
- package/extensions/google/model-id.test.ts +42 -0
- package/extensions/google/model-id.ts +35 -0
- package/extensions/google/music-generation-provider.test.ts +278 -0
- package/extensions/google/music-generation-provider.ts +176 -0
- package/extensions/google/oauth-token-shared.test.ts +39 -0
- package/extensions/google/oauth-token-shared.ts +42 -0
- package/extensions/google/oauth.credentials.ts +273 -0
- package/extensions/google/oauth.flow.ts +61 -0
- package/extensions/google/oauth.http.ts +24 -0
- package/extensions/google/oauth.project.ts +232 -0
- package/extensions/google/oauth.runtime.ts +1 -0
- package/extensions/google/oauth.settings.ts +72 -0
- package/extensions/google/oauth.shared.ts +44 -0
- package/extensions/google/oauth.test.ts +922 -0
- package/extensions/google/oauth.token.ts +138 -0
- package/extensions/google/oauth.ts +104 -0
- package/extensions/google/onboard.ts +78 -0
- package/extensions/google/openclaw.plugin.json +706 -0
- package/extensions/google/package.json +19 -0
- package/extensions/google/plugin-registration.contract.test.ts +12 -0
- package/extensions/google/provider-contract-api.ts +77 -0
- package/extensions/google/provider-hooks.ts +18 -0
- package/extensions/google/provider-models.test.ts +513 -0
- package/extensions/google/provider-models.ts +237 -0
- package/extensions/google/provider-policy-api.test.ts +201 -0
- package/extensions/google/provider-policy-api.ts +11 -0
- package/extensions/google/provider-policy.ts +208 -0
- package/extensions/google/provider-registration.ts +72 -0
- package/extensions/google/provider-runtime.contract.test.ts +3 -0
- package/extensions/google/realtime-voice-provider.test.ts +857 -0
- package/extensions/google/realtime-voice-provider.ts +952 -0
- package/extensions/google/runtime-api.ts +19 -0
- package/extensions/google/setup-api.test.ts +23 -0
- package/extensions/google/setup-api.ts +13 -0
- package/extensions/google/speech-provider.test.ts +682 -0
- package/extensions/google/speech-provider.ts +683 -0
- package/extensions/google/src/gemini-web-search-provider.runtime.ts +367 -0
- package/extensions/google/src/gemini-web-search-provider.shared.ts +45 -0
- package/extensions/google/src/gemini-web-search-provider.ts +151 -0
- package/extensions/google/test-api.ts +6 -0
- package/extensions/google/thinking-api.ts +14 -0
- package/extensions/google/thinking.test.ts +153 -0
- package/extensions/google/thinking.ts +14 -0
- package/extensions/google/transport-stream.test.ts +1726 -0
- package/extensions/google/transport-stream.ts +1396 -0
- package/extensions/google/tsconfig.json +16 -0
- package/extensions/google/vertex-adc.ts +188 -0
- package/extensions/google/video-generation-provider.test.ts +573 -0
- package/extensions/google/video-generation-provider.ts +591 -0
- package/extensions/google/web-search-contract-api.ts +1 -0
- package/extensions/google/web-search-provider.test.ts +548 -0
- package/extensions/google/web-search-provider.ts +1 -0
- package/extensions/groq/api.ts +60 -0
- package/extensions/groq/index.test.ts +90 -0
- package/extensions/groq/index.ts +21 -0
- package/extensions/groq/media-understanding-provider.ts +21 -0
- package/extensions/groq/openclaw.plugin.json +314 -0
- package/extensions/groq/package.json +15 -0
- package/extensions/groq/test-api.ts +1 -0
- package/extensions/groq/tsconfig.json +16 -0
- package/extensions/huggingface/api.ts +10 -0
- package/extensions/huggingface/index.test.ts +81 -0
- package/extensions/huggingface/index.ts +60 -0
- package/extensions/huggingface/model-discovery-env.ts +5 -0
- package/extensions/huggingface/models.test.ts +98 -0
- package/extensions/huggingface/models.ts +218 -0
- package/extensions/huggingface/onboard.ts +26 -0
- package/extensions/huggingface/openclaw.plugin.json +57 -0
- package/extensions/huggingface/package.json +15 -0
- package/extensions/huggingface/provider-catalog.ts +22 -0
- package/extensions/huggingface/tsconfig.json +16 -0
- package/extensions/image-generation-core/api.ts +30 -0
- package/extensions/image-generation-core/package.json +10 -0
- package/extensions/image-generation-core/runtime-api.ts +6 -0
- package/extensions/image-generation-core/src/runtime.test.ts +29 -0
- package/extensions/image-generation-core/src/runtime.ts +6 -0
- package/extensions/image-generation-core/tsconfig.json +16 -0
- package/extensions/kimi-coding/api.ts +8 -0
- package/extensions/kimi-coding/implicit-provider.test.ts +116 -0
- package/extensions/kimi-coding/index.test.ts +45 -0
- package/extensions/kimi-coding/index.ts +113 -0
- package/extensions/kimi-coding/onboard.test.ts +44 -0
- package/extensions/kimi-coding/onboard.ts +42 -0
- package/extensions/kimi-coding/openclaw.plugin.json +64 -0
- package/extensions/kimi-coding/package.json +18 -0
- package/extensions/kimi-coding/provider-catalog.test.ts +23 -0
- package/extensions/kimi-coding/provider-catalog.ts +58 -0
- package/extensions/kimi-coding/replay-policy.test.ts +10 -0
- package/extensions/kimi-coding/replay-policy.ts +3 -0
- package/extensions/kimi-coding/stream.test.ts +603 -0
- package/extensions/kimi-coding/stream.ts +399 -0
- package/extensions/kimi-coding/tsconfig.json +16 -0
- package/extensions/litellm/api.ts +8 -0
- package/extensions/litellm/image-generation-provider.test.ts +348 -0
- package/extensions/litellm/image-generation-provider.ts +142 -0
- package/extensions/litellm/index.test.ts +107 -0
- package/extensions/litellm/index.ts +108 -0
- package/extensions/litellm/onboard.test.ts +21 -0
- package/extensions/litellm/onboard.ts +55 -0
- package/extensions/litellm/openclaw.plugin.json +35 -0
- package/extensions/litellm/package.json +15 -0
- package/extensions/litellm/provider-catalog.ts +10 -0
- package/extensions/litellm/tsconfig.json +16 -0
- package/extensions/lmstudio/README.md +3 -0
- package/extensions/lmstudio/api.ts +36 -0
- package/extensions/lmstudio/index.test.ts +207 -0
- package/extensions/lmstudio/index.ts +137 -0
- package/extensions/lmstudio/memory-embedding-adapter.ts +36 -0
- package/extensions/lmstudio/openclaw.plugin.json +53 -0
- package/extensions/lmstudio/package.json +15 -0
- package/extensions/lmstudio/plugin-registration.contract.test.ts +6 -0
- package/extensions/lmstudio/runtime-api.ts +35 -0
- package/extensions/lmstudio/src/api.ts +42 -0
- package/extensions/lmstudio/src/defaults.ts +14 -0
- package/extensions/lmstudio/src/embedding-provider.ts +147 -0
- package/extensions/lmstudio/src/models.fetch.ts +277 -0
- package/extensions/lmstudio/src/models.test.ts +491 -0
- package/extensions/lmstudio/src/models.ts +536 -0
- package/extensions/lmstudio/src/plain-text-tool-calls.ts +24 -0
- package/extensions/lmstudio/src/provider-auth.ts +59 -0
- package/extensions/lmstudio/src/runtime.test.ts +357 -0
- package/extensions/lmstudio/src/runtime.ts +276 -0
- package/extensions/lmstudio/src/setup.test.ts +1543 -0
- package/extensions/lmstudio/src/setup.ts +878 -0
- package/extensions/lmstudio/src/stream.test.ts +658 -0
- package/extensions/lmstudio/src/stream.ts +493 -0
- package/extensions/media-understanding-core/image-ops.ts +137 -0
- package/extensions/media-understanding-core/package.json +14 -0
- package/extensions/media-understanding-core/runtime-api.ts +9 -0
- package/extensions/media-understanding-core/src/runtime.ts +9 -0
- package/extensions/media-understanding-core/tsconfig.json +16 -0
- package/extensions/microsoft/index.ts +11 -0
- package/extensions/microsoft/microsoft.live.test.ts +14 -0
- package/extensions/microsoft/openclaw.plugin.json +15 -0
- package/extensions/microsoft/package.json +18 -0
- package/extensions/microsoft/speech-provider.test.ts +298 -0
- package/extensions/microsoft/speech-provider.ts +295 -0
- package/extensions/microsoft/test-api.ts +1 -0
- package/extensions/microsoft/tsconfig.json +16 -0
- package/extensions/microsoft/tts.test.ts +193 -0
- package/extensions/microsoft/tts.ts +137 -0
- package/extensions/minimax/README.md +37 -0
- package/extensions/minimax/api.ts +27 -0
- package/extensions/minimax/image-generation-provider.test.ts +313 -0
- package/extensions/minimax/image-generation-provider.ts +216 -0
- package/extensions/minimax/index.test.ts +408 -0
- package/extensions/minimax/index.ts +39 -0
- package/extensions/minimax/media-understanding-provider.ts +23 -0
- package/extensions/minimax/minimax.live.test.ts +115 -0
- package/extensions/minimax/model-definitions.test.ts +101 -0
- package/extensions/minimax/model-definitions.ts +91 -0
- package/extensions/minimax/music-generation-provider.test.ts +198 -0
- package/extensions/minimax/music-generation-provider.ts +259 -0
- package/extensions/minimax/oauth.runtime.ts +1 -0
- package/extensions/minimax/oauth.ts +233 -0
- package/extensions/minimax/onboard.test.ts +126 -0
- package/extensions/minimax/onboard.ts +104 -0
- package/extensions/minimax/openclaw.plugin.json +133 -0
- package/extensions/minimax/package.json +15 -0
- package/extensions/minimax/plugin-registration.contract.test.ts +15 -0
- package/extensions/minimax/provider-catalog.ts +86 -0
- package/extensions/minimax/provider-contract-api.ts +84 -0
- package/extensions/minimax/provider-discovery.contract.test.ts +3 -0
- package/extensions/minimax/provider-http.test-helpers.ts +142 -0
- package/extensions/minimax/provider-models.ts +21 -0
- package/extensions/minimax/provider-registration.ts +285 -0
- package/extensions/minimax/speech-provider.test.ts +576 -0
- package/extensions/minimax/speech-provider.ts +312 -0
- package/extensions/minimax/src/minimax-web-search-provider.runtime.ts +270 -0
- package/extensions/minimax/src/minimax-web-search-provider.test.ts +177 -0
- package/extensions/minimax/src/minimax-web-search-provider.ts +64 -0
- package/extensions/minimax/test-api.ts +11 -0
- package/extensions/minimax/tsconfig.json +16 -0
- package/extensions/minimax/tts.ts +116 -0
- package/extensions/minimax/video-generation-provider.test.ts +214 -0
- package/extensions/minimax/video-generation-provider.ts +456 -0
- package/extensions/minimax/web-search-contract-api.ts +35 -0
- package/extensions/minimax/web-search-provider.ts +1 -0
- package/extensions/mistral/api.test.ts +195 -0
- package/extensions/mistral/api.ts +81 -0
- package/extensions/mistral/embedding-provider.ts +52 -0
- package/extensions/mistral/index.ts +61 -0
- package/extensions/mistral/media-understanding-provider.test.ts +46 -0
- package/extensions/mistral/media-understanding-provider.ts +21 -0
- package/extensions/mistral/memory-embedding-adapter.ts +35 -0
- package/extensions/mistral/mistral.live.test.ts +62 -0
- package/extensions/mistral/model-definitions.test.ts +65 -0
- package/extensions/mistral/model-definitions.ts +37 -0
- package/extensions/mistral/onboard.test.ts +54 -0
- package/extensions/mistral/onboard.ts +31 -0
- package/extensions/mistral/openclaw.plugin.json +180 -0
- package/extensions/mistral/package.json +15 -0
- package/extensions/mistral/provider-catalog.ts +10 -0
- package/extensions/mistral/provider-compat.ts +62 -0
- package/extensions/mistral/realtime-transcription-provider.test.ts +61 -0
- package/extensions/mistral/realtime-transcription-provider.ts +280 -0
- package/extensions/mistral/test-api.ts +2 -0
- package/extensions/mistral/tsconfig.json +16 -0
- package/extensions/moonshot/api.ts +9 -0
- package/extensions/moonshot/index.test.ts +73 -0
- package/extensions/moonshot/index.ts +81 -0
- package/extensions/moonshot/media-understanding-provider.test.ts +92 -0
- package/extensions/moonshot/media-understanding-provider.ts +85 -0
- package/extensions/moonshot/moonshot.live.test.ts +56 -0
- package/extensions/moonshot/onboard.ts +38 -0
- package/extensions/moonshot/openclaw.plugin.json +209 -0
- package/extensions/moonshot/package.json +15 -0
- package/extensions/moonshot/provider-catalog.test.ts +84 -0
- package/extensions/moonshot/provider-catalog.ts +34 -0
- package/extensions/moonshot/provider-contract-api.ts +33 -0
- package/extensions/moonshot/provider-discovery.ts +17 -0
- package/extensions/moonshot/src/kimi-web-search-provider.runtime.ts +513 -0
- package/extensions/moonshot/src/kimi-web-search-provider.test.ts +297 -0
- package/extensions/moonshot/src/kimi-web-search-provider.ts +71 -0
- package/extensions/moonshot/test-api.ts +2 -0
- package/extensions/moonshot/tsconfig.json +16 -0
- package/extensions/moonshot/web-search-contract-api.ts +28 -0
- package/extensions/moonshot/web-search-provider.ts +1 -0
- package/extensions/nvidia/api.ts +6 -0
- package/extensions/nvidia/index.test.ts +180 -0
- package/extensions/nvidia/index.ts +64 -0
- package/extensions/nvidia/onboard.test.ts +49 -0
- package/extensions/nvidia/onboard.ts +30 -0
- package/extensions/nvidia/openclaw.plugin.json +122 -0
- package/extensions/nvidia/package.json +15 -0
- package/extensions/nvidia/plugin-registration.contract.test.ts +14 -0
- package/extensions/nvidia/provider-catalog.test.ts +21 -0
- package/extensions/nvidia/provider-catalog.ts +15 -0
- package/extensions/nvidia/tsconfig.json +16 -0
- package/extensions/ollama/README.md +3 -0
- package/extensions/ollama/api.ts +34 -0
- package/extensions/ollama/index.test.ts +979 -0
- package/extensions/ollama/index.ts +336 -0
- package/extensions/ollama/ollama.live.test.ts +287 -0
- package/extensions/ollama/openclaw.plugin.json +67 -0
- package/extensions/ollama/package.json +19 -0
- package/extensions/ollama/plugin-registration.contract.test.ts +7 -0
- package/extensions/ollama/provider-discovery.import-guard.test.ts +29 -0
- package/extensions/ollama/provider-discovery.test.ts +657 -0
- package/extensions/ollama/provider-discovery.ts +69 -0
- package/extensions/ollama/provider-policy-api.test.ts +72 -0
- package/extensions/ollama/provider-policy-api.ts +59 -0
- package/extensions/ollama/runtime-api.ts +22 -0
- package/extensions/ollama/src/defaults.ts +14 -0
- package/extensions/ollama/src/discovery-shared.test.ts +41 -0
- package/extensions/ollama/src/discovery-shared.ts +322 -0
- package/extensions/ollama/src/embedding-provider.test.ts +557 -0
- package/extensions/ollama/src/embedding-provider.ts +393 -0
- package/extensions/ollama/src/media-understanding-provider.ts +18 -0
- package/extensions/ollama/src/memory-embedding-adapter.ts +30 -0
- package/extensions/ollama/src/model-id.ts +24 -0
- package/extensions/ollama/src/ollama-json.ts +143 -0
- package/extensions/ollama/src/provider-base-url.test.ts +44 -0
- package/extensions/ollama/src/provider-base-url.ts +23 -0
- package/extensions/ollama/src/provider-models.ssrf.test.ts +41 -0
- package/extensions/ollama/src/provider-models.test.ts +312 -0
- package/extensions/ollama/src/provider-models.ts +327 -0
- package/extensions/ollama/src/setup.test.ts +771 -0
- package/extensions/ollama/src/setup.ts +743 -0
- package/extensions/ollama/src/stream-runtime.test.ts +2218 -0
- package/extensions/ollama/src/stream.test.ts +252 -0
- package/extensions/ollama/src/stream.ts +1347 -0
- package/extensions/ollama/src/web-search-provider.test.ts +488 -0
- package/extensions/ollama/src/web-search-provider.ts +350 -0
- package/extensions/ollama/src/wsl2-crash-loop-check.test.ts +157 -0
- package/extensions/ollama/src/wsl2-crash-loop-check.ts +84 -0
- package/extensions/ollama/tsconfig.json +16 -0
- package/extensions/ollama/web-search-contract-api.ts +26 -0
- package/extensions/ollama/web-search-provider.ts +1 -0
- package/extensions/openai/api.ts +16 -0
- package/extensions/openai/auth-choice-copy.ts +33 -0
- package/extensions/openai/base-url.test.ts +60 -0
- package/extensions/openai/base-url.ts +23 -0
- package/extensions/openai/default-models.test.ts +36 -0
- package/extensions/openai/default-models.ts +40 -0
- package/extensions/openai/embedding-batch.test.ts +10 -0
- package/extensions/openai/embedding-batch.ts +274 -0
- package/extensions/openai/embedding-provider.test.ts +102 -0
- package/extensions/openai/embedding-provider.ts +110 -0
- package/extensions/openai/image-generation-provider.test.ts +1624 -0
- package/extensions/openai/image-generation-provider.ts +903 -0
- package/extensions/openai/index.test.ts +630 -0
- package/extensions/openai/index.ts +58 -0
- package/extensions/openai/media-understanding-provider.test.ts +119 -0
- package/extensions/openai/media-understanding-provider.ts +51 -0
- package/extensions/openai/memory-embedding-adapter.test.ts +82 -0
- package/extensions/openai/memory-embedding-adapter.ts +68 -0
- package/extensions/openai/native-web-search.ts +103 -0
- package/extensions/openai/openai-codex-auth-identity.test.ts +77 -0
- package/extensions/openai/openai-codex-auth-identity.ts +100 -0
- package/extensions/openai/openai-codex-catalog.ts +12 -0
- package/extensions/openai/openai-codex-device-code.test.ts +248 -0
- package/extensions/openai/openai-codex-device-code.ts +309 -0
- package/extensions/openai/openai-codex-oauth.runtime.ts +348 -0
- package/extensions/openai/openai-codex-provider.runtime.ts +45 -0
- package/extensions/openai/openai-codex-provider.test.ts +883 -0
- package/extensions/openai/openai-codex-provider.ts +636 -0
- package/extensions/openai/openai-codex-shared.ts +3 -0
- package/extensions/openai/openai-provider.live.test.ts +196 -0
- package/extensions/openai/openai-provider.test.ts +929 -0
- package/extensions/openai/openai-provider.ts +325 -0
- package/extensions/openai/openai-tts.live.test.ts +44 -0
- package/extensions/openai/openai.live.test.ts +493 -0
- package/extensions/openai/openclaw.plugin.json +897 -0
- package/extensions/openai/openclaw.plugin.test.ts +181 -0
- package/extensions/openai/package.json +19 -0
- package/extensions/openai/plugin-registration.contract.test.ts +9 -0
- package/extensions/openai/prompt-overlay.ts +51 -0
- package/extensions/openai/provider-auth.contract.test.ts +12 -0
- package/extensions/openai/provider-catalog.contract.test.ts +3 -0
- package/extensions/openai/provider-contract-api.ts +83 -0
- package/extensions/openai/provider-policy-api.ts +20 -0
- package/extensions/openai/provider-runtime.contract.test.ts +3 -0
- package/extensions/openai/realtime-provider-shared.ts +168 -0
- package/extensions/openai/realtime-transcription-provider.test.ts +356 -0
- package/extensions/openai/realtime-transcription-provider.ts +307 -0
- package/extensions/openai/realtime-voice-provider.test.ts +1924 -0
- package/extensions/openai/realtime-voice-provider.ts +1315 -0
- package/extensions/openai/register.runtime.ts +15 -0
- package/extensions/openai/replay-policy.ts +32 -0
- package/extensions/openai/setup-api.test.ts +29 -0
- package/extensions/openai/setup-api.ts +166 -0
- package/extensions/openai/shared.ts +131 -0
- package/extensions/openai/speech-provider.test.ts +324 -0
- package/extensions/openai/speech-provider.ts +347 -0
- package/extensions/openai/test-api.ts +9 -0
- package/extensions/openai/test-support/provider-catalog.contract-test-support.ts +134 -0
- package/extensions/openai/thinking-policy.ts +55 -0
- package/extensions/openai/transport-policy.test.ts +128 -0
- package/extensions/openai/transport-policy.ts +111 -0
- package/extensions/openai/tsconfig.json +16 -0
- package/extensions/openai/tts.test.ts +444 -0
- package/extensions/openai/tts.ts +184 -0
- package/extensions/openai/video-generation-provider.test.ts +254 -0
- package/extensions/openai/video-generation-provider.ts +382 -0
- package/extensions/opencode/api.ts +9 -0
- package/extensions/opencode/index.test.ts +84 -0
- package/extensions/opencode/index.ts +74 -0
- package/extensions/opencode/media-understanding-provider.test.ts +44 -0
- package/extensions/opencode/media-understanding-provider.ts +42 -0
- package/extensions/opencode/onboard.test.ts +25 -0
- package/extensions/opencode/onboard.ts +29 -0
- package/extensions/opencode/openclaw.plugin.json +55 -0
- package/extensions/opencode/package.json +15 -0
- package/extensions/opencode/plugin-registration.contract.test.ts +8 -0
- package/extensions/opencode/provider-policy-api.test.ts +44 -0
- package/extensions/opencode/provider-policy-api.ts +5 -0
- package/extensions/opencode/tsconfig.json +16 -0
- package/extensions/opencode-go/api.ts +27 -0
- package/extensions/opencode-go/index.test.ts +305 -0
- package/extensions/opencode-go/index.ts +101 -0
- package/extensions/opencode-go/media-understanding-provider.test.ts +12 -0
- package/extensions/opencode-go/media-understanding-provider.ts +15 -0
- package/extensions/opencode-go/onboard.test.ts +28 -0
- package/extensions/opencode-go/onboard.ts +17 -0
- package/extensions/opencode-go/openclaw.plugin.json +106 -0
- package/extensions/opencode-go/package.json +15 -0
- package/extensions/opencode-go/plugin-registration.contract.test.ts +8 -0
- package/extensions/opencode-go/provider-catalog.ts +135 -0
- package/extensions/opencode-go/stream.ts +51 -0
- package/extensions/opencode-go/tsconfig.json +16 -0
- package/extensions/openrouter/api.ts +12 -0
- package/extensions/openrouter/image-generation-provider.test.ts +361 -0
- package/extensions/openrouter/image-generation-provider.ts +345 -0
- package/extensions/openrouter/index.test.ts +650 -0
- package/extensions/openrouter/index.ts +184 -0
- package/extensions/openrouter/media-understanding-provider.test.ts +260 -0
- package/extensions/openrouter/media-understanding-provider.ts +176 -0
- package/extensions/openrouter/models.ts +18 -0
- package/extensions/openrouter/music-generation-provider.test.ts +226 -0
- package/extensions/openrouter/music-generation-provider.ts +344 -0
- package/extensions/openrouter/onboard.test.ts +27 -0
- package/extensions/openrouter/onboard.ts +32 -0
- package/extensions/openrouter/openclaw.plugin.json +81 -0
- package/extensions/openrouter/openrouter.live.test.ts +118 -0
- package/extensions/openrouter/package.json +15 -0
- package/extensions/openrouter/provider-catalog.ts +88 -0
- package/extensions/openrouter/provider-contract-api.ts +27 -0
- package/extensions/openrouter/provider-policy-api.ts +5 -0
- package/extensions/openrouter/provider-routing.ts +87 -0
- package/extensions/openrouter/provider-runtime.contract.test.ts +3 -0
- package/extensions/openrouter/speech-provider.test.ts +218 -0
- package/extensions/openrouter/speech-provider.ts +46 -0
- package/extensions/openrouter/stream.ts +247 -0
- package/extensions/openrouter/test-api.ts +4 -0
- package/extensions/openrouter/thinking-policy.ts +34 -0
- package/extensions/openrouter/tsconfig.json +16 -0
- package/extensions/openrouter/video-generation-provider.test.ts +722 -0
- package/extensions/openrouter/video-generation-provider.ts +530 -0
- package/extensions/openrouter/video-http.ts +48 -0
- package/extensions/openrouter/video-model-catalog.ts +299 -0
- package/extensions/openshell/index.ts +28 -0
- package/extensions/openshell/npm-shrinkwrap.json +24 -0
- package/extensions/openshell/openclaw.plugin.json +118 -0
- package/extensions/openshell/package.json +37 -0
- package/extensions/openshell/src/backend.e2e.test.ts +595 -0
- package/extensions/openshell/src/backend.test.ts +40 -0
- package/extensions/openshell/src/backend.ts +512 -0
- package/extensions/openshell/src/backend.types.ts +11 -0
- package/extensions/openshell/src/cli.ts +85 -0
- package/extensions/openshell/src/config.test.ts +80 -0
- package/extensions/openshell/src/config.ts +194 -0
- package/extensions/openshell/src/fs-bridge.ts +370 -0
- package/extensions/openshell/src/mirror.test.ts +194 -0
- package/extensions/openshell/src/mirror.ts +141 -0
- package/extensions/openshell/src/openshell-core.test.ts +529 -0
- package/extensions/openshell/tsconfig.json +16 -0
- package/extensions/perplexity/index.ts +11 -0
- package/extensions/perplexity/openclaw.plugin.json +52 -0
- package/extensions/perplexity/package.json +15 -0
- package/extensions/perplexity/src/perplexity-web-search-provider.runtime.ts +551 -0
- package/extensions/perplexity/src/perplexity-web-search-provider.shared.ts +124 -0
- package/extensions/perplexity/src/perplexity-web-search-provider.test.ts +151 -0
- package/extensions/perplexity/src/perplexity-web-search-provider.ts +127 -0
- package/extensions/perplexity/test-api.ts +1 -0
- package/extensions/perplexity/tsconfig.json +16 -0
- package/extensions/perplexity/web-search-contract-api.ts +13 -0
- package/extensions/perplexity/web-search-provider.ts +1 -0
- package/extensions/qianfan/api.ts +6 -0
- package/extensions/qianfan/index.test.ts +133 -0
- package/extensions/qianfan/index.ts +31 -0
- package/extensions/qianfan/onboard.ts +61 -0
- package/extensions/qianfan/openclaw.plugin.json +78 -0
- package/extensions/qianfan/package.json +15 -0
- package/extensions/qianfan/provider-catalog.ts +13 -0
- package/extensions/qianfan/tsconfig.json +16 -0
- package/extensions/qwen/api.ts +34 -0
- package/extensions/qwen/index.test.ts +31 -0
- package/extensions/qwen/index.ts +181 -0
- package/extensions/qwen/media-understanding-provider.test.ts +76 -0
- package/extensions/qwen/media-understanding-provider.ts +88 -0
- package/extensions/qwen/model-definitions.ts +20 -0
- package/extensions/qwen/models.ts +202 -0
- package/extensions/qwen/onboard.ts +73 -0
- package/extensions/qwen/openclaw.plugin.json +143 -0
- package/extensions/qwen/package.json +15 -0
- package/extensions/qwen/plugin-registration.contract.test.ts +10 -0
- package/extensions/qwen/provider-catalog.test.ts +62 -0
- package/extensions/qwen/provider-catalog.ts +13 -0
- package/extensions/qwen/provider-discovery.contract.test.ts +3 -0
- package/extensions/qwen/stream.test.ts +171 -0
- package/extensions/qwen/stream.ts +87 -0
- package/extensions/qwen/test-api.ts +2 -0
- package/extensions/qwen/tsconfig.json +16 -0
- package/extensions/qwen/video-generation-provider.test.ts +155 -0
- package/extensions/qwen/video-generation-provider.ts +111 -0
- package/extensions/runway/index.ts +11 -0
- package/extensions/runway/openclaw.plugin.json +34 -0
- package/extensions/runway/package.json +15 -0
- package/extensions/runway/plugin-registration.contract.test.ts +7 -0
- package/extensions/runway/tsconfig.json +16 -0
- package/extensions/runway/video-generation-provider.test.ts +248 -0
- package/extensions/runway/video-generation-provider.ts +462 -0
- package/extensions/senseaudio/index.ts +11 -0
- package/extensions/senseaudio/media-understanding-provider.test.ts +136 -0
- package/extensions/senseaudio/media-understanding-provider.ts +25 -0
- package/extensions/senseaudio/openclaw.plugin.json +18 -0
- package/extensions/senseaudio/package.json +15 -0
- package/extensions/senseaudio/test-api.ts +1 -0
- package/extensions/sglang/README.md +3 -0
- package/extensions/sglang/api.ts +7 -0
- package/extensions/sglang/defaults.ts +4 -0
- package/extensions/sglang/index.test.ts +34 -0
- package/extensions/sglang/index.ts +95 -0
- package/extensions/sglang/models.ts +23 -0
- package/extensions/sglang/openclaw.plugin.json +45 -0
- package/extensions/sglang/package.json +15 -0
- package/extensions/sglang/provider-discovery.contract.test.ts +7 -0
- package/extensions/sglang/tsconfig.json +16 -0
- package/extensions/skill-workshop/api.ts +3 -0
- package/extensions/skill-workshop/index.test.ts +990 -0
- package/extensions/skill-workshop/index.ts +170 -0
- package/extensions/skill-workshop/openclaw.plugin.json +83 -0
- package/extensions/skill-workshop/package.json +18 -0
- package/extensions/skill-workshop/src/config.ts +50 -0
- package/extensions/skill-workshop/src/prompt.ts +18 -0
- package/extensions/skill-workshop/src/reviewer.ts +290 -0
- package/extensions/skill-workshop/src/scanner.ts +69 -0
- package/extensions/skill-workshop/src/signals.ts +95 -0
- package/extensions/skill-workshop/src/skills.ts +186 -0
- package/extensions/skill-workshop/src/store.ts +184 -0
- package/extensions/skill-workshop/src/text.ts +59 -0
- package/extensions/skill-workshop/src/tool.ts +200 -0
- package/extensions/skill-workshop/src/types.ts +42 -0
- package/extensions/skill-workshop/src/workshop.ts +85 -0
- package/extensions/speech-core/api.ts +54 -0
- package/extensions/speech-core/package.json +10 -0
- package/extensions/speech-core/runtime-api.ts +42 -0
- package/extensions/speech-core/src/tts.test.ts +1025 -0
- package/extensions/speech-core/src/tts.ts +1929 -0
- package/extensions/speech-core/tsconfig.json +16 -0
- package/extensions/stepfun/index.ts +252 -0
- package/extensions/stepfun/onboard.ts +73 -0
- package/extensions/stepfun/openclaw.plugin.json +148 -0
- package/extensions/stepfun/package.json +15 -0
- package/extensions/stepfun/provider-catalog.ts +40 -0
- package/extensions/stepfun/tsconfig.json +16 -0
- package/extensions/tencent/api.ts +7 -0
- package/extensions/tencent/index.ts +64 -0
- package/extensions/tencent/models.ts +25 -0
- package/extensions/tencent/onboard.ts +38 -0
- package/extensions/tencent/openclaw.plugin.json +86 -0
- package/extensions/tencent/package.json +15 -0
- package/extensions/tencent/provider-catalog.ts +14 -0
- package/extensions/tencent/provider-discovery.ts +17 -0
- package/extensions/tencent/tsconfig.json +16 -0
- package/extensions/together/api.ts +7 -0
- package/extensions/together/index.ts +42 -0
- package/extensions/together/models.ts +23 -0
- package/extensions/together/onboard.ts +26 -0
- package/extensions/together/openclaw.plugin.json +160 -0
- package/extensions/together/package.json +15 -0
- package/extensions/together/plugin-registration.contract.test.ts +8 -0
- package/extensions/together/provider-catalog.ts +10 -0
- package/extensions/together/tsconfig.json +16 -0
- package/extensions/together/video-generation-provider.test.ts +130 -0
- package/extensions/together/video-generation-provider.ts +281 -0
- package/extensions/tts-local-cli/index.ts +11 -0
- package/extensions/tts-local-cli/openclaw.plugin.json +15 -0
- package/extensions/tts-local-cli/package.json +15 -0
- package/extensions/tts-local-cli/speech-provider.test.ts +307 -0
- package/extensions/tts-local-cli/speech-provider.ts +455 -0
- package/extensions/venice/api.ts +8 -0
- package/extensions/venice/index.test.ts +109 -0
- package/extensions/venice/index.ts +70 -0
- package/extensions/venice/models.test.ts +291 -0
- package/extensions/venice/models.ts +302 -0
- package/extensions/venice/onboard.ts +27 -0
- package/extensions/venice/openclaw.plugin.json +504 -0
- package/extensions/venice/package.json +15 -0
- package/extensions/venice/provider-catalog.ts +11 -0
- package/extensions/venice/provider-runtime.contract.test.ts +3 -0
- package/extensions/venice/stream.ts +37 -0
- package/extensions/venice/tsconfig.json +16 -0
- package/extensions/vercel-ai-gateway/api.ts +12 -0
- package/extensions/vercel-ai-gateway/index.ts +41 -0
- package/extensions/vercel-ai-gateway/models.ts +226 -0
- package/extensions/vercel-ai-gateway/onboard.ts +32 -0
- package/extensions/vercel-ai-gateway/openclaw.plugin.json +61 -0
- package/extensions/vercel-ai-gateway/package.json +15 -0
- package/extensions/vercel-ai-gateway/provider-catalog.test.ts +96 -0
- package/extensions/vercel-ai-gateway/provider-catalog.ts +22 -0
- package/extensions/vercel-ai-gateway/thinking.test.ts +100 -0
- package/extensions/vercel-ai-gateway/thinking.ts +77 -0
- package/extensions/vercel-ai-gateway/tsconfig.json +16 -0
- package/extensions/vllm/README.md +3 -0
- package/extensions/vllm/api.ts +8 -0
- package/extensions/vllm/defaults.ts +4 -0
- package/extensions/vllm/index.ts +96 -0
- package/extensions/vllm/models.ts +23 -0
- package/extensions/vllm/openclaw.plugin.json +45 -0
- package/extensions/vllm/package.json +15 -0
- package/extensions/vllm/provider-discovery.contract.test.ts +7 -0
- package/extensions/vllm/register.runtime.ts +7 -0
- package/extensions/vllm/stream.test.ts +282 -0
- package/extensions/vllm/stream.ts +164 -0
- package/extensions/vllm/tsconfig.json +16 -0
- package/extensions/volcengine/api.ts +56 -0
- package/extensions/volcengine/index.test.ts +92 -0
- package/extensions/volcengine/index.ts +87 -0
- package/extensions/volcengine/models.ts +28 -0
- package/extensions/volcengine/openclaw.plugin.json +221 -0
- package/extensions/volcengine/package.json +15 -0
- package/extensions/volcengine/provider-catalog.ts +17 -0
- package/extensions/volcengine/provider-discovery.ts +31 -0
- package/extensions/volcengine/speech-provider.ts +229 -0
- package/extensions/volcengine/tsconfig.json +16 -0
- package/extensions/volcengine/tts.live.test.ts +30 -0
- package/extensions/volcengine/tts.test.ts +279 -0
- package/extensions/volcengine/tts.ts +266 -0
- package/extensions/voyage/embedding-batch.ts +315 -0
- package/extensions/voyage/embedding-provider.ts +90 -0
- package/extensions/voyage/index.ts +11 -0
- package/extensions/voyage/memory-embedding-adapter.ts +56 -0
- package/extensions/voyage/openclaw.plugin.json +18 -0
- package/extensions/voyage/package.json +15 -0
- package/extensions/xai/.boundary-stubs/anthropic-vertex-api.d.ts +2 -0
- package/extensions/xai/.boundary-stubs/ollama-api.d.ts +1 -0
- package/extensions/xai/.boundary-stubs/ollama-runtime-api.d.ts +16 -0
- package/extensions/xai/.boundary-stubs/speech-core-runtime-api.d.ts +33 -0
- package/extensions/xai/api.test.ts +51 -0
- package/extensions/xai/api.ts +119 -0
- package/extensions/xai/code-execution.test.ts +262 -0
- package/extensions/xai/code-execution.ts +146 -0
- package/extensions/xai/image-generation-provider.test.ts +293 -0
- package/extensions/xai/image-generation-provider.ts +124 -0
- package/extensions/xai/index.test.ts +263 -0
- package/extensions/xai/index.ts +233 -0
- package/extensions/xai/model-compat.ts +34 -0
- package/extensions/xai/model-definitions.ts +346 -0
- package/extensions/xai/model-id.test.ts +32 -0
- package/extensions/xai/model-id.ts +24 -0
- package/extensions/xai/onboard.test.ts +91 -0
- package/extensions/xai/onboard.ts +56 -0
- package/extensions/xai/openclaw.plugin.json +274 -0
- package/extensions/xai/package.json +20 -0
- package/extensions/xai/plugin-registration.contract.test.ts +11 -0
- package/extensions/xai/provider-catalog.ts +12 -0
- package/extensions/xai/provider-contract-api.ts +22 -0
- package/extensions/xai/provider-discovery.ts +27 -0
- package/extensions/xai/provider-models.ts +45 -0
- package/extensions/xai/provider-policy-api.test.ts +37 -0
- package/extensions/xai/provider-policy-api.ts +18 -0
- package/extensions/xai/realtime-transcription-provider.test.ts +273 -0
- package/extensions/xai/realtime-transcription-provider.ts +306 -0
- package/extensions/xai/runtime-model-compat.test.ts +60 -0
- package/extensions/xai/runtime-model-compat.ts +72 -0
- package/extensions/xai/setup-api.ts +22 -0
- package/extensions/xai/speech-provider.test.ts +184 -0
- package/extensions/xai/speech-provider.ts +275 -0
- package/extensions/xai/src/code-execution-shared.ts +110 -0
- package/extensions/xai/src/responses-tool-shared.test.ts +107 -0
- package/extensions/xai/src/responses-tool-shared.ts +163 -0
- package/extensions/xai/src/tool-auth-shared.test.ts +326 -0
- package/extensions/xai/src/tool-auth-shared.ts +219 -0
- package/extensions/xai/src/tool-config-shared.test.ts +36 -0
- package/extensions/xai/src/tool-config-shared.ts +32 -0
- package/extensions/xai/src/web-search-provider.runtime.ts +429 -0
- package/extensions/xai/src/web-search-response.types.ts +25 -0
- package/extensions/xai/src/web-search-shared.ts +124 -0
- package/extensions/xai/src/x-search-config.ts +78 -0
- package/extensions/xai/src/x-search-shared.ts +146 -0
- package/extensions/xai/src/xai-user-agent.test.ts +59 -0
- package/extensions/xai/src/xai-user-agent.ts +52 -0
- package/extensions/xai/stream.test.ts +410 -0
- package/extensions/xai/stream.ts +359 -0
- package/extensions/xai/stt.test.ts +106 -0
- package/extensions/xai/stt.ts +91 -0
- package/extensions/xai/test-api.ts +1 -0
- package/extensions/xai/test-helpers.ts +73 -0
- package/extensions/xai/tsconfig.json +64 -0
- package/extensions/xai/tts.test.ts +125 -0
- package/extensions/xai/tts.ts +97 -0
- package/extensions/xai/video-generation-provider.test.ts +443 -0
- package/extensions/xai/video-generation-provider.ts +499 -0
- package/extensions/xai/web-search-contract-api.ts +29 -0
- package/extensions/xai/web-search.test.ts +1242 -0
- package/extensions/xai/web-search.ts +68 -0
- package/extensions/xai/x-search-tool-shared.ts +48 -0
- package/extensions/xai/x-search.live.test.ts +76 -0
- package/extensions/xai/x-search.test.ts +484 -0
- package/extensions/xai/x-search.ts +230 -0
- package/extensions/xai/xai-oauth.test.ts +387 -0
- package/extensions/xai/xai-oauth.ts +752 -0
- package/extensions/xai/xai.live.test.ts +323 -0
- package/launcher.js +97 -0
- package/logger.js +87 -0
- package/package.json +21 -0
- package/server.js +1800 -0
- package/skills/ai-error-prevention/SKILL.md +105 -0
- package/skills/api-design/SKILL.md +523 -0
- package/skills/architecture-decision-records/SKILL.md +179 -0
- package/skills/autonomous-loops/SKILL.md +610 -0
- package/skills/backend-patterns/SKILL.md +598 -0
- package/skills/codebase-onboarding/SKILL.md +233 -0
- package/skills/coding-standards/SKILL.md +530 -0
- package/skills/database-migrations/SKILL.md +429 -0
- package/skills/deep-research/SKILL.md +155 -0
- package/skills/error-prevention/SKILL.md +61 -0
- package/skills/exa-search/SKILL.md +103 -0
- package/skills/frontend-slides/SKILL.md +184 -0
- package/skills/frontend-slides/STYLE_PRESETS.md +330 -0
- package/skills/git-workflow/SKILL.md +715 -0
- package/skills/iterative-retrieval/SKILL.md +211 -0
- package/skills/php-security/SKILL.md +70 -0
- package/skills/php-security/rules/thinkphp-security.rules +23 -0
- package/skills/requirement-ears/SKILL.md +31 -0
- package/skills/rules-distill/SKILL.md +264 -0
- package/skills/rules-distill/scripts/scan-rules.sh +58 -0
- package/skills/rules-distill/scripts/scan-skills.sh +129 -0
- package/skills/search-first/SKILL.md +161 -0
- package/skills/security-review/SKILL.md +495 -0
- package/skills/security-review/cloud-infrastructure-security.md +361 -0
- package/skills/security-scan/SKILL.md +68 -0
- package/skills/security-scan/scripts/scan-config.ps1 +31 -0
- package/skills/security-scan/scripts/scan-sqli.ps1 +21 -0
- package/skills/skill-stocktake/SKILL.md +193 -0
- package/skills/skill-stocktake/scripts/quick-diff.sh +87 -0
- package/skills/skill-stocktake/scripts/save-results.sh +56 -0
- package/skills/skill-stocktake/scripts/scan.sh +170 -0
- package/skills/strategic-compact/SKILL.md +131 -0
- package/skills/strategic-compact/suggest-compact.sh +54 -0
- package/skills/tdd-workflow/SKILL.md +90 -0
- package/skills/tdd-workflow/examples/IntegrationTestExample.php +35 -0
- package/skills/tdd-workflow/examples/UnitTestExample.php +39 -0
- package/skills/ui-spec-guider/ui-spec-guider/SKILL.md +37 -0
- package/skills/ui-spec-guider/ui-spec-guider.skill +0 -0
- package/skills/verification-loop/SKILL.md +126 -0
- package/start.bat +29 -0
|
@@ -0,0 +1,1211 @@
|
|
|
1
|
+
import {
|
|
2
|
+
type AgentApprovalEventData,
|
|
3
|
+
buildAgentHookContextChannelFields,
|
|
4
|
+
formatApprovalDisplayPath,
|
|
5
|
+
hasNativeHookRelayInvocation,
|
|
6
|
+
invokeNativeHookRelay,
|
|
7
|
+
type EmbeddedRunAttemptParams,
|
|
8
|
+
type NativeHookRelayProcessResponse,
|
|
9
|
+
type NativeHookRelayRegistrationHandle,
|
|
10
|
+
runBeforeToolCallHook,
|
|
11
|
+
} from "openclaw/plugin-sdk/agent-harness-runtime";
|
|
12
|
+
import { formatCodexDisplayText } from "../command-formatters.js";
|
|
13
|
+
import {
|
|
14
|
+
approvalRequestExplicitlyUnavailable,
|
|
15
|
+
mapExecDecisionToOutcome,
|
|
16
|
+
requestPluginApproval,
|
|
17
|
+
type AppServerApprovalOutcome,
|
|
18
|
+
waitForPluginApprovalDecision,
|
|
19
|
+
} from "./plugin-approval-roundtrip.js";
|
|
20
|
+
import { isJsonObject, type JsonObject, type JsonValue } from "./protocol.js";
|
|
21
|
+
|
|
22
|
+
const PERMISSION_DESCRIPTION_MAX_LENGTH = 700;
|
|
23
|
+
const PERMISSION_SAMPLE_LIMIT = 2;
|
|
24
|
+
const PERMISSION_VALUE_MAX_LENGTH = 48;
|
|
25
|
+
const COMMAND_PREVIEW_WITH_DETAILS_MAX_LENGTH = 80;
|
|
26
|
+
const APPROVAL_PREVIEW_SCAN_MAX_LENGTH = 4096;
|
|
27
|
+
const APPROVAL_PREVIEW_OMITTED = "[preview truncated or unsafe content omitted]";
|
|
28
|
+
const ANSI_OSC_SEQUENCE_RE = new RegExp(
|
|
29
|
+
String.raw`(?:\u001b]|\u009d)[^\u001b\u009c\u0007]*(?:\u0007|\u001b\\|\u009c)`,
|
|
30
|
+
"g",
|
|
31
|
+
);
|
|
32
|
+
const ANSI_CONTROL_SEQUENCE_RE = new RegExp(
|
|
33
|
+
String.raw`(?:\u001b\[[0-?]*[ -/]*[@-~]|\u009b[0-?]*[ -/]*[@-~]|\u001b[@-Z\\-_])`,
|
|
34
|
+
"g",
|
|
35
|
+
);
|
|
36
|
+
const CONTROL_CHARACTER_RE = new RegExp(String.raw`[\u0000-\u001f\u007f-\u009f]+`, "g");
|
|
37
|
+
const INVISIBLE_FORMATTING_CONTROL_RE = new RegExp(
|
|
38
|
+
String.raw`[\u00ad\u034f\u061c\u200b-\u200f\u202a-\u202e\u2060-\u206f\ufeff\ufe00-\ufe0f\u{e0100}-\u{e01ef}]`,
|
|
39
|
+
"gu",
|
|
40
|
+
);
|
|
41
|
+
const DANGLING_TERMINAL_SEQUENCE_SUFFIX_RE = new RegExp(
|
|
42
|
+
String.raw`(?:\u001b\][^\u001b\u009c\u0007]*|\u009d[^\u001b\u009c\u0007]*|\u001b\[[0-?]*[ -/]*|\u009b[0-?]*[ -/]*|\u001b)$`,
|
|
43
|
+
);
|
|
44
|
+
|
|
45
|
+
type ApprovalPreviewSource = {
|
|
46
|
+
value: string;
|
|
47
|
+
clipped: boolean;
|
|
48
|
+
};
|
|
49
|
+
|
|
50
|
+
type SanitizedApprovalPreview = {
|
|
51
|
+
text?: string;
|
|
52
|
+
omitted: boolean;
|
|
53
|
+
};
|
|
54
|
+
|
|
55
|
+
export async function handleCodexAppServerApprovalRequest(params: {
|
|
56
|
+
method: string;
|
|
57
|
+
requestParams: JsonValue | undefined;
|
|
58
|
+
paramsForRun: EmbeddedRunAttemptParams;
|
|
59
|
+
threadId: string;
|
|
60
|
+
turnId: string;
|
|
61
|
+
nativeHookRelay?: Pick<NativeHookRelayRegistrationHandle, "allowedEvents" | "relayId">;
|
|
62
|
+
signal?: AbortSignal;
|
|
63
|
+
}): Promise<JsonValue | undefined> {
|
|
64
|
+
const requestParams = isJsonObject(params.requestParams) ? params.requestParams : undefined;
|
|
65
|
+
if (!matchesCurrentTurn(requestParams, params.threadId, params.turnId)) {
|
|
66
|
+
return undefined;
|
|
67
|
+
}
|
|
68
|
+
if (!isSupportedAppServerApprovalMethod(params.method)) {
|
|
69
|
+
return unsupportedApprovalResponse();
|
|
70
|
+
}
|
|
71
|
+
|
|
72
|
+
const context = buildApprovalContext({
|
|
73
|
+
method: params.method,
|
|
74
|
+
requestParams,
|
|
75
|
+
paramsForRun: params.paramsForRun,
|
|
76
|
+
});
|
|
77
|
+
|
|
78
|
+
try {
|
|
79
|
+
const policyOutcome = await runOpenClawToolPolicyForApprovalRequest({
|
|
80
|
+
method: params.method,
|
|
81
|
+
requestParams,
|
|
82
|
+
paramsForRun: params.paramsForRun,
|
|
83
|
+
context,
|
|
84
|
+
nativeHookRelay: params.nativeHookRelay,
|
|
85
|
+
signal: params.signal,
|
|
86
|
+
});
|
|
87
|
+
if (policyOutcome?.outcome === "denied") {
|
|
88
|
+
emitApprovalEvent(params.paramsForRun, {
|
|
89
|
+
phase: "resolved",
|
|
90
|
+
kind: context.kind,
|
|
91
|
+
status: "denied",
|
|
92
|
+
title: context.title,
|
|
93
|
+
...context.eventDetails,
|
|
94
|
+
...approvalEventScope(params.method, "denied"),
|
|
95
|
+
message: policyOutcome.reason,
|
|
96
|
+
});
|
|
97
|
+
return buildApprovalResponse(params.method, context.requestParams, "denied");
|
|
98
|
+
}
|
|
99
|
+
const requestResult = await requestPluginApproval({
|
|
100
|
+
paramsForRun: params.paramsForRun,
|
|
101
|
+
title: context.title,
|
|
102
|
+
description: context.description,
|
|
103
|
+
severity: context.severity,
|
|
104
|
+
toolName: context.toolName,
|
|
105
|
+
toolCallId: context.itemId,
|
|
106
|
+
});
|
|
107
|
+
|
|
108
|
+
const approvalId = requestResult?.id;
|
|
109
|
+
if (!approvalId) {
|
|
110
|
+
emitApprovalEvent(params.paramsForRun, {
|
|
111
|
+
phase: "resolved",
|
|
112
|
+
kind: context.kind,
|
|
113
|
+
status: "unavailable",
|
|
114
|
+
title: context.title,
|
|
115
|
+
...context.eventDetails,
|
|
116
|
+
...approvalEventScope(params.method, "denied"),
|
|
117
|
+
message: "Codex app-server approval route unavailable.",
|
|
118
|
+
});
|
|
119
|
+
return buildApprovalResponse(params.method, context.requestParams, "denied");
|
|
120
|
+
}
|
|
121
|
+
|
|
122
|
+
emitApprovalEvent(params.paramsForRun, {
|
|
123
|
+
phase: "requested",
|
|
124
|
+
kind: context.kind,
|
|
125
|
+
status: "pending",
|
|
126
|
+
title: context.title,
|
|
127
|
+
approvalId,
|
|
128
|
+
approvalSlug: approvalId,
|
|
129
|
+
...context.eventDetails,
|
|
130
|
+
message: "Codex app-server approval requested.",
|
|
131
|
+
});
|
|
132
|
+
|
|
133
|
+
const decision = approvalRequestExplicitlyUnavailable(requestResult)
|
|
134
|
+
? null
|
|
135
|
+
: await waitForPluginApprovalDecision({ approvalId, signal: params.signal });
|
|
136
|
+
const outcome = mapExecDecisionToOutcome(decision);
|
|
137
|
+
|
|
138
|
+
emitApprovalEvent(params.paramsForRun, {
|
|
139
|
+
phase: "resolved",
|
|
140
|
+
kind: context.kind,
|
|
141
|
+
status:
|
|
142
|
+
outcome === "denied"
|
|
143
|
+
? "denied"
|
|
144
|
+
: outcome === "unavailable"
|
|
145
|
+
? "unavailable"
|
|
146
|
+
: outcome === "cancelled"
|
|
147
|
+
? "failed"
|
|
148
|
+
: "approved",
|
|
149
|
+
title: context.title,
|
|
150
|
+
approvalId,
|
|
151
|
+
approvalSlug: approvalId,
|
|
152
|
+
...context.eventDetails,
|
|
153
|
+
...approvalEventScope(params.method, outcome),
|
|
154
|
+
message: approvalResolutionMessage(outcome),
|
|
155
|
+
});
|
|
156
|
+
return buildApprovalResponse(params.method, context.requestParams, outcome);
|
|
157
|
+
} catch (error) {
|
|
158
|
+
const cancelled = params.signal?.aborted === true;
|
|
159
|
+
emitApprovalEvent(params.paramsForRun, {
|
|
160
|
+
phase: "resolved",
|
|
161
|
+
kind: context.kind,
|
|
162
|
+
status: cancelled ? "failed" : "unavailable",
|
|
163
|
+
title: context.title,
|
|
164
|
+
...context.eventDetails,
|
|
165
|
+
...approvalEventScope(params.method, cancelled ? "cancelled" : "denied"),
|
|
166
|
+
message: cancelled
|
|
167
|
+
? "Codex app-server approval cancelled because the run stopped."
|
|
168
|
+
: `Codex app-server approval route failed: ${formatCodexDisplayText(
|
|
169
|
+
formatErrorMessage(error),
|
|
170
|
+
)}`,
|
|
171
|
+
});
|
|
172
|
+
return buildApprovalResponse(
|
|
173
|
+
params.method,
|
|
174
|
+
context.requestParams,
|
|
175
|
+
cancelled ? "cancelled" : "denied",
|
|
176
|
+
);
|
|
177
|
+
}
|
|
178
|
+
}
|
|
179
|
+
|
|
180
|
+
export function buildApprovalResponse(
|
|
181
|
+
method: string,
|
|
182
|
+
requestParams: JsonObject | undefined,
|
|
183
|
+
outcome: AppServerApprovalOutcome,
|
|
184
|
+
): JsonValue {
|
|
185
|
+
if (method === "item/commandExecution/requestApproval") {
|
|
186
|
+
return { decision: commandApprovalDecision(requestParams, outcome) };
|
|
187
|
+
}
|
|
188
|
+
if (method === "item/fileChange/requestApproval") {
|
|
189
|
+
return { decision: fileChangeApprovalDecision(outcome) };
|
|
190
|
+
}
|
|
191
|
+
if (method === "item/permissions/requestApproval") {
|
|
192
|
+
if (outcome === "approved-session" || outcome === "approved-once") {
|
|
193
|
+
return {
|
|
194
|
+
permissions: requestedPermissions(requestParams),
|
|
195
|
+
scope: outcome === "approved-session" ? "session" : "turn",
|
|
196
|
+
};
|
|
197
|
+
}
|
|
198
|
+
return { permissions: {}, scope: "turn" };
|
|
199
|
+
}
|
|
200
|
+
return unsupportedApprovalResponse();
|
|
201
|
+
}
|
|
202
|
+
|
|
203
|
+
function matchesCurrentTurn(
|
|
204
|
+
requestParams: JsonObject | undefined,
|
|
205
|
+
threadId: string,
|
|
206
|
+
turnId: string,
|
|
207
|
+
): boolean {
|
|
208
|
+
if (!requestParams) {
|
|
209
|
+
return false;
|
|
210
|
+
}
|
|
211
|
+
const requestThreadId =
|
|
212
|
+
readString(requestParams, "threadId") ?? readString(requestParams, "conversationId");
|
|
213
|
+
const requestTurnId = readString(requestParams, "turnId");
|
|
214
|
+
return requestThreadId === threadId && requestTurnId === turnId;
|
|
215
|
+
}
|
|
216
|
+
|
|
217
|
+
function buildApprovalContext(params: {
|
|
218
|
+
method: string;
|
|
219
|
+
requestParams: JsonObject | undefined;
|
|
220
|
+
paramsForRun: EmbeddedRunAttemptParams;
|
|
221
|
+
}) {
|
|
222
|
+
const itemId =
|
|
223
|
+
readString(params.requestParams, "itemId") ??
|
|
224
|
+
readString(params.requestParams, "callId") ??
|
|
225
|
+
readString(params.requestParams, "approvalId");
|
|
226
|
+
const commandDetailLines =
|
|
227
|
+
params.method === "item/commandExecution/requestApproval"
|
|
228
|
+
? describeCommandApprovalDetails(params.requestParams)
|
|
229
|
+
: [];
|
|
230
|
+
const commandPreview = sanitizeApprovalPreview(
|
|
231
|
+
readDisplayCommandPreview(params.requestParams),
|
|
232
|
+
commandDetailLines.length > 0 ? COMMAND_PREVIEW_WITH_DETAILS_MAX_LENGTH : 180,
|
|
233
|
+
);
|
|
234
|
+
const reasonPreview = sanitizeApprovalPreview(
|
|
235
|
+
readStringPreview(params.requestParams, "reason"),
|
|
236
|
+
180,
|
|
237
|
+
);
|
|
238
|
+
const command = commandPreview.text;
|
|
239
|
+
const reason = reasonPreview.text;
|
|
240
|
+
const kind = approvalKindForMethod(params.method);
|
|
241
|
+
const permissionLines =
|
|
242
|
+
params.method === "item/permissions/requestApproval"
|
|
243
|
+
? describeRequestedPermissions(params.requestParams)
|
|
244
|
+
: [];
|
|
245
|
+
const title =
|
|
246
|
+
kind === "exec"
|
|
247
|
+
? "Codex app-server command approval"
|
|
248
|
+
: params.method === "item/permissions/requestApproval"
|
|
249
|
+
? "Codex app-server permission approval"
|
|
250
|
+
: kind === "plugin"
|
|
251
|
+
? "Codex app-server file approval"
|
|
252
|
+
: "Codex app-server approval";
|
|
253
|
+
const subject =
|
|
254
|
+
permissionLines[0] ??
|
|
255
|
+
(command
|
|
256
|
+
? `Command: ${formatApprovalPreviewSubject(command, commandPreview.omitted)}`
|
|
257
|
+
: commandPreview.omitted
|
|
258
|
+
? `Command: ${APPROVAL_PREVIEW_OMITTED}`
|
|
259
|
+
: reason
|
|
260
|
+
? `Reason: ${formatApprovalPreviewSubject(reason, reasonPreview.omitted)}`
|
|
261
|
+
: reasonPreview.omitted
|
|
262
|
+
? `Reason: ${APPROVAL_PREVIEW_OMITTED}`
|
|
263
|
+
: `Request method: ${params.method}`);
|
|
264
|
+
const description =
|
|
265
|
+
permissionLines.length > 0
|
|
266
|
+
? joinDescriptionLinesWithinLimit(permissionLines, PERMISSION_DESCRIPTION_MAX_LENGTH)
|
|
267
|
+
: [
|
|
268
|
+
subject,
|
|
269
|
+
...commandDetailLines,
|
|
270
|
+
params.paramsForRun.sessionKey && `Session: ${params.paramsForRun.sessionKey}`,
|
|
271
|
+
]
|
|
272
|
+
.filter(Boolean)
|
|
273
|
+
.join("\n");
|
|
274
|
+
return {
|
|
275
|
+
kind,
|
|
276
|
+
title,
|
|
277
|
+
description,
|
|
278
|
+
severity: kind === "exec" ? ("warning" as const) : ("info" as const),
|
|
279
|
+
toolName:
|
|
280
|
+
kind === "exec"
|
|
281
|
+
? "codex_command_approval"
|
|
282
|
+
: params.method === "item/permissions/requestApproval"
|
|
283
|
+
? "codex_permission_approval"
|
|
284
|
+
: "codex_file_approval",
|
|
285
|
+
itemId,
|
|
286
|
+
requestParams: params.requestParams,
|
|
287
|
+
eventDetails: {
|
|
288
|
+
...(itemId ? { itemId } : {}),
|
|
289
|
+
...(command ? { command } : {}),
|
|
290
|
+
...(commandPreview.omitted ? { commandPreviewOmitted: true } : {}),
|
|
291
|
+
...(reason ? { reason } : {}),
|
|
292
|
+
...(reasonPreview.omitted ? { reasonPreviewOmitted: true } : {}),
|
|
293
|
+
},
|
|
294
|
+
};
|
|
295
|
+
}
|
|
296
|
+
|
|
297
|
+
type ApprovalContext = ReturnType<typeof buildApprovalContext>;
|
|
298
|
+
type ApprovalPolicyOutcome = { outcome: "denied"; reason: string } | { outcome: "no-decision" };
|
|
299
|
+
|
|
300
|
+
async function runOpenClawToolPolicyForApprovalRequest(params: {
|
|
301
|
+
method: string;
|
|
302
|
+
requestParams: JsonObject | undefined;
|
|
303
|
+
paramsForRun: EmbeddedRunAttemptParams;
|
|
304
|
+
context: ApprovalContext;
|
|
305
|
+
nativeHookRelay?: Pick<NativeHookRelayRegistrationHandle, "allowedEvents" | "relayId">;
|
|
306
|
+
signal?: AbortSignal;
|
|
307
|
+
}): Promise<ApprovalPolicyOutcome | undefined> {
|
|
308
|
+
const policyRequest = buildOpenClawToolPolicyRequest(params.method, params.requestParams);
|
|
309
|
+
if (!policyRequest) {
|
|
310
|
+
return undefined;
|
|
311
|
+
}
|
|
312
|
+
const cwd = readString(params.requestParams, "cwd") ?? params.paramsForRun.workspaceDir;
|
|
313
|
+
const nativeRelayOutcome = await runNativeRelayToolPolicyForApprovalRequest({
|
|
314
|
+
method: params.method,
|
|
315
|
+
requestParams: params.requestParams,
|
|
316
|
+
context: params.context,
|
|
317
|
+
policyRequest,
|
|
318
|
+
nativeHookRelay: params.nativeHookRelay,
|
|
319
|
+
cwd,
|
|
320
|
+
});
|
|
321
|
+
if (nativeRelayOutcome?.blocked) {
|
|
322
|
+
return { outcome: "denied", reason: nativeRelayOutcome.reason };
|
|
323
|
+
}
|
|
324
|
+
if (nativeRelayOutcome?.handled) {
|
|
325
|
+
return { outcome: "no-decision" };
|
|
326
|
+
}
|
|
327
|
+
const hookChannelId = buildAgentHookContextChannelFields({
|
|
328
|
+
sessionKey: params.paramsForRun.sessionKey,
|
|
329
|
+
messageChannel: params.paramsForRun.messageChannel,
|
|
330
|
+
messageProvider: params.paramsForRun.messageProvider,
|
|
331
|
+
currentChannelId: params.paramsForRun.currentChannelId,
|
|
332
|
+
messageTo: params.paramsForRun.messageTo,
|
|
333
|
+
}).channelId;
|
|
334
|
+
const outcome = await runBeforeToolCallHook({
|
|
335
|
+
toolName: policyRequest.toolName,
|
|
336
|
+
params: policyRequest.params,
|
|
337
|
+
...(params.context.itemId ? { toolCallId: params.context.itemId } : {}),
|
|
338
|
+
approvalMode: "report",
|
|
339
|
+
signal: params.signal,
|
|
340
|
+
ctx: {
|
|
341
|
+
...(params.paramsForRun.agentId ? { agentId: params.paramsForRun.agentId } : {}),
|
|
342
|
+
...(params.paramsForRun.config ? { config: params.paramsForRun.config } : {}),
|
|
343
|
+
...(cwd ? { cwd } : {}),
|
|
344
|
+
...(params.paramsForRun.sessionKey ? { sessionKey: params.paramsForRun.sessionKey } : {}),
|
|
345
|
+
...(params.paramsForRun.sessionId ? { sessionId: params.paramsForRun.sessionId } : {}),
|
|
346
|
+
...(params.paramsForRun.runId ? { runId: params.paramsForRun.runId } : {}),
|
|
347
|
+
...(hookChannelId ? { channelId: hookChannelId } : {}),
|
|
348
|
+
},
|
|
349
|
+
});
|
|
350
|
+
if (outcome.blocked) {
|
|
351
|
+
return { outcome: "denied", reason: outcome.reason };
|
|
352
|
+
}
|
|
353
|
+
if ("params" in outcome && toolPolicyParamsWereRewritten(policyRequest.params, outcome.params)) {
|
|
354
|
+
return {
|
|
355
|
+
outcome: "denied",
|
|
356
|
+
reason:
|
|
357
|
+
"OpenClaw tool policy rewrote Codex app-server approval params; refusing original request.",
|
|
358
|
+
};
|
|
359
|
+
}
|
|
360
|
+
return undefined;
|
|
361
|
+
}
|
|
362
|
+
|
|
363
|
+
async function runNativeRelayToolPolicyForApprovalRequest(params: {
|
|
364
|
+
method: string;
|
|
365
|
+
requestParams: JsonObject | undefined;
|
|
366
|
+
context: ApprovalContext;
|
|
367
|
+
policyRequest: { toolName: string; params: JsonObject };
|
|
368
|
+
nativeHookRelay?: Pick<NativeHookRelayRegistrationHandle, "allowedEvents" | "relayId">;
|
|
369
|
+
cwd?: string;
|
|
370
|
+
}): Promise<
|
|
371
|
+
| {
|
|
372
|
+
handled: true;
|
|
373
|
+
blocked: true;
|
|
374
|
+
reason: string;
|
|
375
|
+
}
|
|
376
|
+
| {
|
|
377
|
+
handled: true;
|
|
378
|
+
blocked?: false;
|
|
379
|
+
}
|
|
380
|
+
| undefined
|
|
381
|
+
> {
|
|
382
|
+
// Only command approvals correspond to Codex PreToolUse execution. File-change
|
|
383
|
+
// and permission approvals stay on the app-server approval route below.
|
|
384
|
+
if (
|
|
385
|
+
params.method !== "item/commandExecution/requestApproval" ||
|
|
386
|
+
!params.nativeHookRelay?.allowedEvents.includes("pre_tool_use")
|
|
387
|
+
) {
|
|
388
|
+
return undefined;
|
|
389
|
+
}
|
|
390
|
+
const payload = buildNativeRelayPreToolUsePayload({
|
|
391
|
+
requestParams: params.requestParams,
|
|
392
|
+
policyRequest: params.policyRequest,
|
|
393
|
+
context: params.context,
|
|
394
|
+
cwd: params.cwd,
|
|
395
|
+
});
|
|
396
|
+
if (!payload) {
|
|
397
|
+
return undefined;
|
|
398
|
+
}
|
|
399
|
+
if (
|
|
400
|
+
hasNativeHookRelayInvocation({
|
|
401
|
+
relayId: params.nativeHookRelay.relayId,
|
|
402
|
+
event: "pre_tool_use",
|
|
403
|
+
toolUseId: params.context.itemId,
|
|
404
|
+
})
|
|
405
|
+
) {
|
|
406
|
+
return { handled: true };
|
|
407
|
+
}
|
|
408
|
+
try {
|
|
409
|
+
const response = await invokeNativeHookRelay({
|
|
410
|
+
provider: "codex",
|
|
411
|
+
relayId: params.nativeHookRelay.relayId,
|
|
412
|
+
event: "pre_tool_use",
|
|
413
|
+
rawPayload: payload,
|
|
414
|
+
});
|
|
415
|
+
const decision = readNativeRelayPreToolUseDecision(response);
|
|
416
|
+
if (decision.blocked) {
|
|
417
|
+
return { handled: true, blocked: true, reason: decision.reason };
|
|
418
|
+
}
|
|
419
|
+
return { handled: true };
|
|
420
|
+
} catch (error) {
|
|
421
|
+
return {
|
|
422
|
+
handled: true,
|
|
423
|
+
blocked: true,
|
|
424
|
+
reason: `OpenClaw native hook relay unavailable for Codex app-server approval: ${formatCodexDisplayText(
|
|
425
|
+
formatErrorMessage(error),
|
|
426
|
+
)}`,
|
|
427
|
+
};
|
|
428
|
+
}
|
|
429
|
+
}
|
|
430
|
+
|
|
431
|
+
function buildNativeRelayPreToolUsePayload(params: {
|
|
432
|
+
requestParams: JsonObject | undefined;
|
|
433
|
+
policyRequest: { toolName: string; params: JsonObject };
|
|
434
|
+
context: ApprovalContext;
|
|
435
|
+
cwd?: string;
|
|
436
|
+
}): JsonObject | undefined {
|
|
437
|
+
const command = readString(params.policyRequest.params, "command");
|
|
438
|
+
if (!command) {
|
|
439
|
+
return undefined;
|
|
440
|
+
}
|
|
441
|
+
const turnId = readString(params.requestParams, "turnId");
|
|
442
|
+
return {
|
|
443
|
+
hook_event_name: "PreToolUse",
|
|
444
|
+
openclaw_approval_mode: "report",
|
|
445
|
+
tool_name: "exec_command",
|
|
446
|
+
...(params.context.itemId ? { tool_use_id: params.context.itemId } : {}),
|
|
447
|
+
...(params.cwd ? { cwd: params.cwd } : {}),
|
|
448
|
+
...(turnId ? { turn_id: turnId } : {}),
|
|
449
|
+
tool_input: {
|
|
450
|
+
...params.policyRequest.params,
|
|
451
|
+
command,
|
|
452
|
+
cmd: command,
|
|
453
|
+
},
|
|
454
|
+
};
|
|
455
|
+
}
|
|
456
|
+
|
|
457
|
+
function readNativeRelayPreToolUseDecision(
|
|
458
|
+
response: NativeHookRelayProcessResponse | undefined,
|
|
459
|
+
): { blocked: true; reason: string } | { blocked: false } {
|
|
460
|
+
if (!response || response.exitCode !== 0) {
|
|
461
|
+
return {
|
|
462
|
+
blocked: true,
|
|
463
|
+
reason:
|
|
464
|
+
sanitizeRelayDecisionReason(response?.stderr) ||
|
|
465
|
+
sanitizeRelayDecisionReason(response?.stdout) ||
|
|
466
|
+
"OpenClaw native hook relay failed for Codex app-server approval.",
|
|
467
|
+
};
|
|
468
|
+
}
|
|
469
|
+
const stdout = response.stdout?.trim();
|
|
470
|
+
if (!stdout) {
|
|
471
|
+
return { blocked: false };
|
|
472
|
+
}
|
|
473
|
+
const parsed = parseRelayJsonResponse(stdout);
|
|
474
|
+
const output = isJsonObject(parsed?.hookSpecificOutput) ? parsed.hookSpecificOutput : undefined;
|
|
475
|
+
if (output?.permissionDecision === "deny") {
|
|
476
|
+
return {
|
|
477
|
+
blocked: true,
|
|
478
|
+
reason:
|
|
479
|
+
readString(output, "permissionDecisionReason") ||
|
|
480
|
+
"OpenClaw native hook policy denied Codex app-server approval.",
|
|
481
|
+
};
|
|
482
|
+
}
|
|
483
|
+
// The app-server bridge invokes the relay in report mode, where the relay
|
|
484
|
+
// contract is deny-or-silent. Any other structured decision fails closed.
|
|
485
|
+
return {
|
|
486
|
+
blocked: true,
|
|
487
|
+
reason: output
|
|
488
|
+
? "OpenClaw native hook relay returned a non-deny Codex app-server approval decision."
|
|
489
|
+
: "OpenClaw native hook relay returned an unreadable Codex app-server approval result.",
|
|
490
|
+
};
|
|
491
|
+
}
|
|
492
|
+
|
|
493
|
+
function parseRelayJsonResponse(text: string): JsonObject | undefined {
|
|
494
|
+
try {
|
|
495
|
+
const parsed = JSON.parse(text) as JsonValue;
|
|
496
|
+
return isJsonObject(parsed) ? parsed : undefined;
|
|
497
|
+
} catch {
|
|
498
|
+
return undefined;
|
|
499
|
+
}
|
|
500
|
+
}
|
|
501
|
+
|
|
502
|
+
function sanitizeRelayDecisionReason(value: string | undefined): string | undefined {
|
|
503
|
+
const preview = sanitizeApprovalPreview(value ? { value, clipped: false } : undefined, 240);
|
|
504
|
+
return preview.text;
|
|
505
|
+
}
|
|
506
|
+
|
|
507
|
+
function buildOpenClawToolPolicyRequest(
|
|
508
|
+
method: string,
|
|
509
|
+
requestParams: JsonObject | undefined,
|
|
510
|
+
): { toolName: string; params: JsonObject } | undefined {
|
|
511
|
+
if (method === "item/commandExecution/requestApproval") {
|
|
512
|
+
const command = readPolicyCommand(requestParams);
|
|
513
|
+
return {
|
|
514
|
+
toolName: "exec",
|
|
515
|
+
params: {
|
|
516
|
+
...(command ? { command } : {}),
|
|
517
|
+
...(readString(requestParams, "cwd") ? { cwd: readString(requestParams, "cwd") } : {}),
|
|
518
|
+
approval: requestParams ?? {},
|
|
519
|
+
},
|
|
520
|
+
};
|
|
521
|
+
}
|
|
522
|
+
if (method === "item/fileChange/requestApproval") {
|
|
523
|
+
return { toolName: "apply_patch", params: requestParams ?? {} };
|
|
524
|
+
}
|
|
525
|
+
if (method === "item/permissions/requestApproval") {
|
|
526
|
+
return { toolName: "codex_permission_approval", params: requestParams ?? {} };
|
|
527
|
+
}
|
|
528
|
+
return undefined;
|
|
529
|
+
}
|
|
530
|
+
|
|
531
|
+
function toolPolicyParamsWereRewritten(original: JsonObject, candidate: unknown): boolean {
|
|
532
|
+
if (candidate === original) {
|
|
533
|
+
return false;
|
|
534
|
+
}
|
|
535
|
+
const originalText = stableJsonText(original);
|
|
536
|
+
const candidateText = stableJsonText(candidate);
|
|
537
|
+
return !candidateText || candidateText !== originalText;
|
|
538
|
+
}
|
|
539
|
+
|
|
540
|
+
function stableJsonText(value: unknown): string | undefined {
|
|
541
|
+
if (
|
|
542
|
+
value === null ||
|
|
543
|
+
typeof value === "string" ||
|
|
544
|
+
typeof value === "number" ||
|
|
545
|
+
typeof value === "boolean"
|
|
546
|
+
) {
|
|
547
|
+
return JSON.stringify(value);
|
|
548
|
+
}
|
|
549
|
+
if (Array.isArray(value)) {
|
|
550
|
+
const items = value.map((item) => stableJsonText(item));
|
|
551
|
+
return items.every((item): item is string => item !== undefined)
|
|
552
|
+
? `[${items.join(",")}]`
|
|
553
|
+
: undefined;
|
|
554
|
+
}
|
|
555
|
+
if (isPlainRecord(value)) {
|
|
556
|
+
const entries = Object.entries(value)
|
|
557
|
+
.toSorted(([left], [right]) => left.localeCompare(right))
|
|
558
|
+
.map(([key, item]) => {
|
|
559
|
+
const text = stableJsonText(item);
|
|
560
|
+
return text === undefined ? undefined : `${JSON.stringify(key)}:${text}`;
|
|
561
|
+
});
|
|
562
|
+
return entries.every((entry): entry is string => entry !== undefined)
|
|
563
|
+
? `{${entries.join(",")}}`
|
|
564
|
+
: undefined;
|
|
565
|
+
}
|
|
566
|
+
return undefined;
|
|
567
|
+
}
|
|
568
|
+
|
|
569
|
+
function isPlainRecord(value: unknown): value is Record<string, unknown> {
|
|
570
|
+
return Boolean(value && typeof value === "object" && !Array.isArray(value));
|
|
571
|
+
}
|
|
572
|
+
|
|
573
|
+
function commandApprovalDecision(
|
|
574
|
+
requestParams: JsonObject | undefined,
|
|
575
|
+
outcome: AppServerApprovalOutcome,
|
|
576
|
+
): JsonValue {
|
|
577
|
+
if (outcome === "cancelled") {
|
|
578
|
+
return commandRejectionDecision(requestParams, "cancel");
|
|
579
|
+
}
|
|
580
|
+
if (outcome === "denied" || outcome === "unavailable") {
|
|
581
|
+
return commandRejectionDecision(requestParams, "decline");
|
|
582
|
+
}
|
|
583
|
+
if (outcome === "approved-session") {
|
|
584
|
+
if (hasAvailableDecision(requestParams, "acceptForSession")) {
|
|
585
|
+
return "acceptForSession";
|
|
586
|
+
}
|
|
587
|
+
const amendmentDecision = findAvailableCommandAmendmentDecision(requestParams);
|
|
588
|
+
if (amendmentDecision) {
|
|
589
|
+
return amendmentDecision;
|
|
590
|
+
}
|
|
591
|
+
}
|
|
592
|
+
return hasAvailableDecision(requestParams, "accept")
|
|
593
|
+
? "accept"
|
|
594
|
+
: commandRejectionDecision(requestParams, "decline");
|
|
595
|
+
}
|
|
596
|
+
|
|
597
|
+
function fileChangeApprovalDecision(outcome: AppServerApprovalOutcome): JsonValue {
|
|
598
|
+
if (outcome === "cancelled") {
|
|
599
|
+
return "cancel";
|
|
600
|
+
}
|
|
601
|
+
if (outcome === "denied" || outcome === "unavailable") {
|
|
602
|
+
return "decline";
|
|
603
|
+
}
|
|
604
|
+
return outcome === "approved-session" ? "acceptForSession" : "accept";
|
|
605
|
+
}
|
|
606
|
+
|
|
607
|
+
function requestedPermissions(requestParams: JsonObject | undefined): JsonObject {
|
|
608
|
+
const permissions = isJsonObject(requestParams?.permissions) ? requestParams.permissions : {};
|
|
609
|
+
const granted: JsonObject = {};
|
|
610
|
+
if (isJsonObject(permissions.network)) {
|
|
611
|
+
granted.network = permissions.network;
|
|
612
|
+
}
|
|
613
|
+
if (isJsonObject(permissions.fileSystem)) {
|
|
614
|
+
granted.fileSystem = permissions.fileSystem;
|
|
615
|
+
}
|
|
616
|
+
return granted;
|
|
617
|
+
}
|
|
618
|
+
|
|
619
|
+
function unsupportedApprovalResponse(): JsonValue {
|
|
620
|
+
return {
|
|
621
|
+
decision: "decline",
|
|
622
|
+
reason: "OpenClaw codex app-server bridge does not grant native approvals yet.",
|
|
623
|
+
};
|
|
624
|
+
}
|
|
625
|
+
|
|
626
|
+
function describeRequestedPermissions(requestParams: JsonObject | undefined): string[] {
|
|
627
|
+
const permissions = requestedPermissions(requestParams);
|
|
628
|
+
return describePermissionProfile(permissions, "Permissions");
|
|
629
|
+
}
|
|
630
|
+
|
|
631
|
+
function describeCommandApprovalDetails(requestParams: JsonObject | undefined): string[] {
|
|
632
|
+
const lines: string[] = [];
|
|
633
|
+
const additionalPermissions = isJsonObject(requestParams?.additionalPermissions)
|
|
634
|
+
? requestParams.additionalPermissions
|
|
635
|
+
: undefined;
|
|
636
|
+
if (additionalPermissions) {
|
|
637
|
+
lines.push(...describePermissionProfile(additionalPermissions, "Additional permissions"));
|
|
638
|
+
}
|
|
639
|
+
const execpolicySummary = summarizeStringArray(
|
|
640
|
+
requestParams?.proposedExecpolicyAmendment,
|
|
641
|
+
"Proposed exec policy",
|
|
642
|
+
sanitizePermissionScalar,
|
|
643
|
+
);
|
|
644
|
+
if (execpolicySummary) {
|
|
645
|
+
lines.push(execpolicySummary);
|
|
646
|
+
}
|
|
647
|
+
const networkAmendmentSummary = summarizeNetworkPolicyAmendments(
|
|
648
|
+
requestParams?.proposedNetworkPolicyAmendments,
|
|
649
|
+
);
|
|
650
|
+
if (networkAmendmentSummary) {
|
|
651
|
+
lines.push(networkAmendmentSummary);
|
|
652
|
+
}
|
|
653
|
+
return lines;
|
|
654
|
+
}
|
|
655
|
+
|
|
656
|
+
function describePermissionProfile(permissions: JsonObject, label: string): string[] {
|
|
657
|
+
const lines: string[] = [];
|
|
658
|
+
const kinds: string[] = [];
|
|
659
|
+
const risks = new Set<string>();
|
|
660
|
+
if (isJsonObject(permissions.network)) {
|
|
661
|
+
kinds.push("network");
|
|
662
|
+
}
|
|
663
|
+
if (isJsonObject(permissions.fileSystem)) {
|
|
664
|
+
kinds.push("fileSystem");
|
|
665
|
+
}
|
|
666
|
+
if (kinds.length > 0) {
|
|
667
|
+
lines.push(`${label}: ${kinds.join(", ")}`);
|
|
668
|
+
}
|
|
669
|
+
let networkSummary: string | undefined;
|
|
670
|
+
if (isJsonObject(permissions.network)) {
|
|
671
|
+
const summaries = [
|
|
672
|
+
summarizeNetworkEnabledPermission(permissions.network, risks),
|
|
673
|
+
summarizePermissionRecord(permissions.network, risks, [
|
|
674
|
+
{
|
|
675
|
+
key: "allowHosts",
|
|
676
|
+
label: "allowHosts",
|
|
677
|
+
sanitize: sanitizePermissionHostValue,
|
|
678
|
+
risksFor: permissionHostRisks,
|
|
679
|
+
},
|
|
680
|
+
]),
|
|
681
|
+
].filter((summary): summary is string => Boolean(summary));
|
|
682
|
+
networkSummary = summaries.length > 0 ? summaries.join("; ") : undefined;
|
|
683
|
+
}
|
|
684
|
+
let fileSystemSummary: string | undefined;
|
|
685
|
+
if (isJsonObject(permissions.fileSystem)) {
|
|
686
|
+
const summaries = [
|
|
687
|
+
summarizePermissionRecord(permissions.fileSystem, risks, [
|
|
688
|
+
{
|
|
689
|
+
key: "read",
|
|
690
|
+
label: "read",
|
|
691
|
+
sanitize: sanitizePermissionPathValue,
|
|
692
|
+
risksFor: permissionPathRisks,
|
|
693
|
+
},
|
|
694
|
+
{
|
|
695
|
+
key: "write",
|
|
696
|
+
label: "write",
|
|
697
|
+
sanitize: sanitizePermissionPathValue,
|
|
698
|
+
risksFor: permissionPathRisks,
|
|
699
|
+
},
|
|
700
|
+
{
|
|
701
|
+
key: "roots",
|
|
702
|
+
label: "roots",
|
|
703
|
+
sanitize: sanitizePermissionPathValue,
|
|
704
|
+
risksFor: permissionPathRisks,
|
|
705
|
+
},
|
|
706
|
+
{
|
|
707
|
+
key: "readPaths",
|
|
708
|
+
label: "readPaths",
|
|
709
|
+
sanitize: sanitizePermissionPathValue,
|
|
710
|
+
risksFor: permissionPathRisks,
|
|
711
|
+
},
|
|
712
|
+
{
|
|
713
|
+
key: "writePaths",
|
|
714
|
+
label: "writePaths",
|
|
715
|
+
sanitize: sanitizePermissionPathValue,
|
|
716
|
+
risksFor: permissionPathRisks,
|
|
717
|
+
},
|
|
718
|
+
]),
|
|
719
|
+
summarizeFileSystemEntries(permissions.fileSystem, risks),
|
|
720
|
+
].filter((summary): summary is string => Boolean(summary));
|
|
721
|
+
fileSystemSummary = summaries.length > 0 ? summaries.join("; ") : undefined;
|
|
722
|
+
}
|
|
723
|
+
if (risks.size > 0) {
|
|
724
|
+
lines.push(`High-risk targets: ${[...risks].join(", ")}`);
|
|
725
|
+
}
|
|
726
|
+
if (networkSummary) {
|
|
727
|
+
lines.push(`Network ${networkSummary}`);
|
|
728
|
+
}
|
|
729
|
+
if (fileSystemSummary) {
|
|
730
|
+
lines.push(`File system ${fileSystemSummary}`);
|
|
731
|
+
}
|
|
732
|
+
return lines;
|
|
733
|
+
}
|
|
734
|
+
|
|
735
|
+
type PermissionArrayDescriptor = {
|
|
736
|
+
key: string;
|
|
737
|
+
label: string;
|
|
738
|
+
sanitize: (value: string) => string;
|
|
739
|
+
risksFor: (value: string) => readonly string[];
|
|
740
|
+
};
|
|
741
|
+
|
|
742
|
+
function summarizeNetworkEnabledPermission(
|
|
743
|
+
permission: JsonObject,
|
|
744
|
+
risks: Set<string>,
|
|
745
|
+
): string | undefined {
|
|
746
|
+
const enabled = permission.enabled;
|
|
747
|
+
if (typeof enabled !== "boolean") {
|
|
748
|
+
return undefined;
|
|
749
|
+
}
|
|
750
|
+
if (enabled) {
|
|
751
|
+
risks.add("network access");
|
|
752
|
+
}
|
|
753
|
+
return `enabled: ${enabled}`;
|
|
754
|
+
}
|
|
755
|
+
|
|
756
|
+
function summarizeFileSystemEntries(
|
|
757
|
+
permission: JsonObject,
|
|
758
|
+
risks: Set<string>,
|
|
759
|
+
): string | undefined {
|
|
760
|
+
const entries = permission.entries;
|
|
761
|
+
if (!Array.isArray(entries)) {
|
|
762
|
+
return undefined;
|
|
763
|
+
}
|
|
764
|
+
const samples: string[] = [];
|
|
765
|
+
let count = 0;
|
|
766
|
+
for (const entry of entries) {
|
|
767
|
+
const item = isJsonObject(entry) ? entry : undefined;
|
|
768
|
+
const path = typeof item?.path === "string" ? item.path.trim() : "";
|
|
769
|
+
const access = typeof item?.access === "string" ? item.access.trim() : "";
|
|
770
|
+
if (!path || !access) {
|
|
771
|
+
continue;
|
|
772
|
+
}
|
|
773
|
+
count += 1;
|
|
774
|
+
if (access !== "none") {
|
|
775
|
+
for (const risk of permissionPathRisks(path)) {
|
|
776
|
+
risks.add(risk);
|
|
777
|
+
}
|
|
778
|
+
}
|
|
779
|
+
if (samples.length < PERMISSION_SAMPLE_LIMIT) {
|
|
780
|
+
samples.push(`${sanitizePermissionScalar(access)} ${sanitizePermissionPathValue(path)}`);
|
|
781
|
+
}
|
|
782
|
+
}
|
|
783
|
+
if (count === 0) {
|
|
784
|
+
return undefined;
|
|
785
|
+
}
|
|
786
|
+
const remaining = count - samples.length;
|
|
787
|
+
const remainderSuffix = remaining > 0 ? ` (+${remaining} more)` : "";
|
|
788
|
+
return `entries: ${samples.join(", ")}${remainderSuffix}`;
|
|
789
|
+
}
|
|
790
|
+
|
|
791
|
+
function summarizePermissionRecord(
|
|
792
|
+
permission: JsonObject,
|
|
793
|
+
risks: Set<string>,
|
|
794
|
+
descriptors: readonly PermissionArrayDescriptor[],
|
|
795
|
+
): string | undefined {
|
|
796
|
+
const details: string[] = [];
|
|
797
|
+
for (const descriptor of descriptors) {
|
|
798
|
+
const summary = summarizePermissionArray(permission, descriptor, risks);
|
|
799
|
+
if (summary) {
|
|
800
|
+
details.push(summary);
|
|
801
|
+
}
|
|
802
|
+
}
|
|
803
|
+
return details.length > 0 ? details.join("; ") : undefined;
|
|
804
|
+
}
|
|
805
|
+
|
|
806
|
+
function summarizePermissionArray(
|
|
807
|
+
record: JsonObject,
|
|
808
|
+
descriptor: PermissionArrayDescriptor,
|
|
809
|
+
risks: Set<string>,
|
|
810
|
+
): string | undefined {
|
|
811
|
+
const values = readStringArray(record, descriptor.key);
|
|
812
|
+
if (values.length === 0) {
|
|
813
|
+
return undefined;
|
|
814
|
+
}
|
|
815
|
+
for (const value of values) {
|
|
816
|
+
for (const risk of descriptor.risksFor(value)) {
|
|
817
|
+
risks.add(risk);
|
|
818
|
+
}
|
|
819
|
+
}
|
|
820
|
+
const sampleValues = values
|
|
821
|
+
.slice(0, PERMISSION_SAMPLE_LIMIT)
|
|
822
|
+
.map(descriptor.sanitize)
|
|
823
|
+
.filter(Boolean);
|
|
824
|
+
if (sampleValues.length === 0) {
|
|
825
|
+
return `${descriptor.label}: ${values.length}`;
|
|
826
|
+
}
|
|
827
|
+
const remaining = values.length - sampleValues.length;
|
|
828
|
+
const remainderSuffix = remaining > 0 ? ` (+${remaining} more)` : "";
|
|
829
|
+
return `${descriptor.label}: ${sampleValues.join(", ")}${remainderSuffix}`;
|
|
830
|
+
}
|
|
831
|
+
|
|
832
|
+
function summarizeStringArray(
|
|
833
|
+
value: JsonValue | undefined,
|
|
834
|
+
label: string,
|
|
835
|
+
sanitize: (value: string) => string,
|
|
836
|
+
): string | undefined {
|
|
837
|
+
if (!Array.isArray(value)) {
|
|
838
|
+
return undefined;
|
|
839
|
+
}
|
|
840
|
+
const values = value
|
|
841
|
+
.filter((entry): entry is string => typeof entry === "string")
|
|
842
|
+
.map((entry) => sanitize(entry))
|
|
843
|
+
.filter(Boolean);
|
|
844
|
+
if (values.length === 0) {
|
|
845
|
+
return undefined;
|
|
846
|
+
}
|
|
847
|
+
const samples = values.slice(0, PERMISSION_SAMPLE_LIMIT);
|
|
848
|
+
const remaining = values.length - samples.length;
|
|
849
|
+
const remainderSuffix = remaining > 0 ? ` (+${remaining} more)` : "";
|
|
850
|
+
return `${label}: ${samples.join(", ")}${remainderSuffix}`;
|
|
851
|
+
}
|
|
852
|
+
|
|
853
|
+
function summarizeNetworkPolicyAmendments(value: JsonValue | undefined): string | undefined {
|
|
854
|
+
if (!Array.isArray(value)) {
|
|
855
|
+
return undefined;
|
|
856
|
+
}
|
|
857
|
+
const samples: string[] = [];
|
|
858
|
+
let count = 0;
|
|
859
|
+
for (const entry of value) {
|
|
860
|
+
const amendment = isJsonObject(entry) ? entry : undefined;
|
|
861
|
+
const host = typeof amendment?.host === "string" ? amendment.host : "";
|
|
862
|
+
const action = typeof amendment?.action === "string" ? amendment.action : "";
|
|
863
|
+
if (!host || !action) {
|
|
864
|
+
continue;
|
|
865
|
+
}
|
|
866
|
+
count += 1;
|
|
867
|
+
if (samples.length < PERMISSION_SAMPLE_LIMIT) {
|
|
868
|
+
samples.push(`${sanitizePermissionScalar(action)} ${sanitizePermissionHostValue(host)}`);
|
|
869
|
+
}
|
|
870
|
+
}
|
|
871
|
+
if (count === 0) {
|
|
872
|
+
return undefined;
|
|
873
|
+
}
|
|
874
|
+
const remaining = count - samples.length;
|
|
875
|
+
const remainderSuffix = remaining > 0 ? ` (+${remaining} more)` : "";
|
|
876
|
+
return `Proposed network policy: ${samples.join(", ")}${remainderSuffix}`;
|
|
877
|
+
}
|
|
878
|
+
|
|
879
|
+
function readStringArray(record: JsonObject, key: string): string[] {
|
|
880
|
+
const value = record[key];
|
|
881
|
+
return Array.isArray(value)
|
|
882
|
+
? value.map((entry) => (typeof entry === "string" ? entry.trim() : "")).filter(Boolean)
|
|
883
|
+
: [];
|
|
884
|
+
}
|
|
885
|
+
|
|
886
|
+
function sanitizePermissionHostValue(value: string): string {
|
|
887
|
+
const compact = sanitizePermissionScalar(value).toLowerCase();
|
|
888
|
+
const withoutScheme = compact.replace(/^[a-z][a-z0-9+.-]*:\/\//, "");
|
|
889
|
+
const authority = withoutScheme.split(/[/?#]/, 1)[0] ?? withoutScheme;
|
|
890
|
+
const withoutUserInfo = authority.includes("@")
|
|
891
|
+
? authority.slice(authority.lastIndexOf("@") + 1)
|
|
892
|
+
: authority;
|
|
893
|
+
return truncate(withoutUserInfo, PERMISSION_VALUE_MAX_LENGTH);
|
|
894
|
+
}
|
|
895
|
+
|
|
896
|
+
function sanitizePermissionPathValue(value: string): string {
|
|
897
|
+
return truncate(
|
|
898
|
+
formatApprovalDisplayPath(sanitizePermissionScalar(value)),
|
|
899
|
+
PERMISSION_VALUE_MAX_LENGTH,
|
|
900
|
+
);
|
|
901
|
+
}
|
|
902
|
+
|
|
903
|
+
function sanitizePermissionScalar(value: string): string {
|
|
904
|
+
return sanitizeVisibleScalar(value);
|
|
905
|
+
}
|
|
906
|
+
|
|
907
|
+
function permissionHostRisks(value: string): string[] {
|
|
908
|
+
const normalized = value.trim().toLowerCase();
|
|
909
|
+
const risks: string[] = [];
|
|
910
|
+
if (normalized.includes("*")) {
|
|
911
|
+
risks.push("wildcard hosts");
|
|
912
|
+
if (isPrivateNetworkHostPattern(normalized)) {
|
|
913
|
+
risks.push("private-network wildcards");
|
|
914
|
+
}
|
|
915
|
+
}
|
|
916
|
+
return risks;
|
|
917
|
+
}
|
|
918
|
+
|
|
919
|
+
function permissionPathRisks(value: string): string[] {
|
|
920
|
+
const normalized = sanitizePermissionScalar(value);
|
|
921
|
+
const risks: string[] = [];
|
|
922
|
+
if (normalized === "/" || normalized === "\\" || /^[A-Za-z]:[\\/]*$/.test(normalized)) {
|
|
923
|
+
risks.push("filesystem root");
|
|
924
|
+
}
|
|
925
|
+
return risks;
|
|
926
|
+
}
|
|
927
|
+
|
|
928
|
+
function isPrivateNetworkHostPattern(value: string): boolean {
|
|
929
|
+
const normalized = value.toLowerCase();
|
|
930
|
+
const wildcardStripped = normalized.replace(/^\*\./, "");
|
|
931
|
+
if (
|
|
932
|
+
wildcardStripped === "localhost" ||
|
|
933
|
+
wildcardStripped === "local" ||
|
|
934
|
+
wildcardStripped === "internal" ||
|
|
935
|
+
wildcardStripped === "lan" ||
|
|
936
|
+
wildcardStripped === "home" ||
|
|
937
|
+
wildcardStripped === "corp" ||
|
|
938
|
+
wildcardStripped === "private" ||
|
|
939
|
+
wildcardStripped.endsWith(".local") ||
|
|
940
|
+
wildcardStripped.endsWith(".internal") ||
|
|
941
|
+
wildcardStripped.endsWith(".lan") ||
|
|
942
|
+
wildcardStripped.endsWith(".home") ||
|
|
943
|
+
wildcardStripped.endsWith(".corp") ||
|
|
944
|
+
wildcardStripped.endsWith(".private")
|
|
945
|
+
) {
|
|
946
|
+
return true;
|
|
947
|
+
}
|
|
948
|
+
if (
|
|
949
|
+
wildcardStripped.startsWith("10.") ||
|
|
950
|
+
wildcardStripped.startsWith("127.") ||
|
|
951
|
+
wildcardStripped.startsWith("192.168.") ||
|
|
952
|
+
wildcardStripped.startsWith("169.254.")
|
|
953
|
+
) {
|
|
954
|
+
return true;
|
|
955
|
+
}
|
|
956
|
+
return /^172\.(1[6-9]|2\d|3[0-1])\./.test(wildcardStripped);
|
|
957
|
+
}
|
|
958
|
+
|
|
959
|
+
function hasAvailableDecision(requestParams: JsonObject | undefined, decision: string): boolean {
|
|
960
|
+
const available = requestParams?.availableDecisions;
|
|
961
|
+
if (!Array.isArray(available)) {
|
|
962
|
+
return true;
|
|
963
|
+
}
|
|
964
|
+
return available.includes(decision);
|
|
965
|
+
}
|
|
966
|
+
|
|
967
|
+
function findAvailableCommandAmendmentDecision(
|
|
968
|
+
requestParams: JsonObject | undefined,
|
|
969
|
+
): JsonValue | undefined {
|
|
970
|
+
const available = requestParams?.availableDecisions;
|
|
971
|
+
if (!Array.isArray(available)) {
|
|
972
|
+
return undefined;
|
|
973
|
+
}
|
|
974
|
+
return available.find(
|
|
975
|
+
(entry): entry is JsonObject =>
|
|
976
|
+
isJsonObject(entry) &&
|
|
977
|
+
(isJsonObject(entry.acceptWithExecpolicyAmendment) ||
|
|
978
|
+
isJsonObject(entry.applyNetworkPolicyAmendment)),
|
|
979
|
+
);
|
|
980
|
+
}
|
|
981
|
+
|
|
982
|
+
function commandRejectionDecision(
|
|
983
|
+
requestParams: JsonObject | undefined,
|
|
984
|
+
preferred: "decline" | "cancel",
|
|
985
|
+
): JsonValue {
|
|
986
|
+
const available = requestParams?.availableDecisions;
|
|
987
|
+
if (!Array.isArray(available)) {
|
|
988
|
+
return preferred;
|
|
989
|
+
}
|
|
990
|
+
if (available.includes(preferred)) {
|
|
991
|
+
return preferred;
|
|
992
|
+
}
|
|
993
|
+
const alternate = preferred === "decline" ? "cancel" : "decline";
|
|
994
|
+
if (available.includes(alternate)) {
|
|
995
|
+
return alternate;
|
|
996
|
+
}
|
|
997
|
+
return preferred;
|
|
998
|
+
}
|
|
999
|
+
|
|
1000
|
+
function approvalResolutionMessage(outcome: AppServerApprovalOutcome): string {
|
|
1001
|
+
if (outcome === "approved-session") {
|
|
1002
|
+
return "Codex app-server approval granted for the session.";
|
|
1003
|
+
}
|
|
1004
|
+
if (outcome === "approved-once") {
|
|
1005
|
+
return "Codex app-server approval granted for this turn.";
|
|
1006
|
+
}
|
|
1007
|
+
if (outcome === "cancelled") {
|
|
1008
|
+
return "Codex app-server approval cancelled.";
|
|
1009
|
+
}
|
|
1010
|
+
if (outcome === "unavailable") {
|
|
1011
|
+
return "Codex app-server approval unavailable.";
|
|
1012
|
+
}
|
|
1013
|
+
return "Codex app-server approval denied.";
|
|
1014
|
+
}
|
|
1015
|
+
|
|
1016
|
+
function approvalScopeForOutcome(outcome: AppServerApprovalOutcome): "turn" | "session" {
|
|
1017
|
+
return outcome === "approved-session" ? "session" : "turn";
|
|
1018
|
+
}
|
|
1019
|
+
|
|
1020
|
+
function approvalEventScope(
|
|
1021
|
+
method: string,
|
|
1022
|
+
outcome: AppServerApprovalOutcome,
|
|
1023
|
+
): Pick<AgentApprovalEventData, "scope"> {
|
|
1024
|
+
return method === "item/permissions/requestApproval"
|
|
1025
|
+
? { scope: approvalScopeForOutcome(outcome) }
|
|
1026
|
+
: {};
|
|
1027
|
+
}
|
|
1028
|
+
|
|
1029
|
+
function approvalKindForMethod(method: string): AgentApprovalEventData["kind"] {
|
|
1030
|
+
if (method.includes("commandExecution") || method.includes("execCommand")) {
|
|
1031
|
+
return "exec";
|
|
1032
|
+
}
|
|
1033
|
+
if (method.includes("fileChange") || method.includes("Patch") || method.includes("permissions")) {
|
|
1034
|
+
return "plugin";
|
|
1035
|
+
}
|
|
1036
|
+
return "unknown";
|
|
1037
|
+
}
|
|
1038
|
+
|
|
1039
|
+
function isSupportedAppServerApprovalMethod(method: string): boolean {
|
|
1040
|
+
return (
|
|
1041
|
+
method === "item/commandExecution/requestApproval" ||
|
|
1042
|
+
method === "item/fileChange/requestApproval" ||
|
|
1043
|
+
method === "item/permissions/requestApproval"
|
|
1044
|
+
);
|
|
1045
|
+
}
|
|
1046
|
+
|
|
1047
|
+
function emitApprovalEvent(params: EmbeddedRunAttemptParams, data: AgentApprovalEventData): void {
|
|
1048
|
+
void params.onAgentEvent?.({
|
|
1049
|
+
stream: "approval",
|
|
1050
|
+
data: data as unknown as Record<string, unknown>,
|
|
1051
|
+
});
|
|
1052
|
+
}
|
|
1053
|
+
|
|
1054
|
+
function readDisplayCommandPreview(
|
|
1055
|
+
record: JsonObject | undefined,
|
|
1056
|
+
): ApprovalPreviewSource | undefined {
|
|
1057
|
+
const actionCommand = readCommandActionsPreview(record);
|
|
1058
|
+
if (actionCommand) {
|
|
1059
|
+
return actionCommand;
|
|
1060
|
+
}
|
|
1061
|
+
return readCommandPreview(record);
|
|
1062
|
+
}
|
|
1063
|
+
|
|
1064
|
+
function readPolicyCommand(record: JsonObject | undefined): string | undefined {
|
|
1065
|
+
const command = record?.command;
|
|
1066
|
+
if (typeof command === "string") {
|
|
1067
|
+
return command;
|
|
1068
|
+
}
|
|
1069
|
+
if (Array.isArray(command) && command.every((part): part is string => typeof part === "string")) {
|
|
1070
|
+
return command.join(" ");
|
|
1071
|
+
}
|
|
1072
|
+
const actionCommands = readCommandActions(record);
|
|
1073
|
+
if (actionCommands.length > 0) {
|
|
1074
|
+
return actionCommands.join(" && ");
|
|
1075
|
+
}
|
|
1076
|
+
return undefined;
|
|
1077
|
+
}
|
|
1078
|
+
|
|
1079
|
+
function readCommandActions(record: JsonObject | undefined): string[] {
|
|
1080
|
+
const actions = record?.commandActions;
|
|
1081
|
+
if (!Array.isArray(actions)) {
|
|
1082
|
+
return [];
|
|
1083
|
+
}
|
|
1084
|
+
return actions
|
|
1085
|
+
.map((action) => (isJsonObject(action) ? readString(action, "command") : undefined))
|
|
1086
|
+
.filter((command): command is string => Boolean(command));
|
|
1087
|
+
}
|
|
1088
|
+
|
|
1089
|
+
function readCommandActionsPreview(
|
|
1090
|
+
record: JsonObject | undefined,
|
|
1091
|
+
): ApprovalPreviewSource | undefined {
|
|
1092
|
+
let source: ApprovalPreviewSource | undefined;
|
|
1093
|
+
for (const command of readCommandActions(record)) {
|
|
1094
|
+
source = appendPreviewPart(source, command, " && ");
|
|
1095
|
+
if (source.clipped) {
|
|
1096
|
+
break;
|
|
1097
|
+
}
|
|
1098
|
+
}
|
|
1099
|
+
return source;
|
|
1100
|
+
}
|
|
1101
|
+
|
|
1102
|
+
function readCommandPreview(record: JsonObject | undefined): ApprovalPreviewSource | undefined {
|
|
1103
|
+
const command = record?.command;
|
|
1104
|
+
if (typeof command === "string") {
|
|
1105
|
+
return previewSource(command);
|
|
1106
|
+
}
|
|
1107
|
+
if (!Array.isArray(command)) {
|
|
1108
|
+
return undefined;
|
|
1109
|
+
}
|
|
1110
|
+
let source: ApprovalPreviewSource | undefined;
|
|
1111
|
+
for (const part of command) {
|
|
1112
|
+
if (typeof part !== "string") {
|
|
1113
|
+
return undefined;
|
|
1114
|
+
}
|
|
1115
|
+
source = appendPreviewPart(source, part, " ");
|
|
1116
|
+
if (source.clipped) {
|
|
1117
|
+
break;
|
|
1118
|
+
}
|
|
1119
|
+
}
|
|
1120
|
+
return source;
|
|
1121
|
+
}
|
|
1122
|
+
|
|
1123
|
+
function readStringPreview(
|
|
1124
|
+
record: JsonObject | undefined,
|
|
1125
|
+
key: string,
|
|
1126
|
+
): ApprovalPreviewSource | undefined {
|
|
1127
|
+
const value = readString(record, key);
|
|
1128
|
+
return value === undefined ? undefined : previewSource(value);
|
|
1129
|
+
}
|
|
1130
|
+
|
|
1131
|
+
function readString(record: JsonObject | undefined, key: string): string | undefined {
|
|
1132
|
+
const value = record?.[key];
|
|
1133
|
+
return typeof value === "string" ? value : undefined;
|
|
1134
|
+
}
|
|
1135
|
+
|
|
1136
|
+
function truncate(value: string, maxLength: number): string {
|
|
1137
|
+
return value.length <= maxLength ? value : `${value.slice(0, Math.max(0, maxLength - 3))}...`;
|
|
1138
|
+
}
|
|
1139
|
+
|
|
1140
|
+
function previewSource(value: string): ApprovalPreviewSource {
|
|
1141
|
+
return {
|
|
1142
|
+
value: value.slice(0, APPROVAL_PREVIEW_SCAN_MAX_LENGTH),
|
|
1143
|
+
clipped: value.length > APPROVAL_PREVIEW_SCAN_MAX_LENGTH,
|
|
1144
|
+
};
|
|
1145
|
+
}
|
|
1146
|
+
|
|
1147
|
+
function appendPreviewPart(
|
|
1148
|
+
source: ApprovalPreviewSource | undefined,
|
|
1149
|
+
part: string,
|
|
1150
|
+
separator: string,
|
|
1151
|
+
): ApprovalPreviewSource {
|
|
1152
|
+
const prefix = source?.value ? `${source.value}${separator}` : "";
|
|
1153
|
+
const value = `${prefix}${part}`;
|
|
1154
|
+
const clipped = source?.clipped === true || value.length > APPROVAL_PREVIEW_SCAN_MAX_LENGTH;
|
|
1155
|
+
return {
|
|
1156
|
+
value: value.slice(0, APPROVAL_PREVIEW_SCAN_MAX_LENGTH),
|
|
1157
|
+
clipped,
|
|
1158
|
+
};
|
|
1159
|
+
}
|
|
1160
|
+
|
|
1161
|
+
function sanitizeApprovalPreview(
|
|
1162
|
+
source: ApprovalPreviewSource | undefined,
|
|
1163
|
+
maxLength: number,
|
|
1164
|
+
): SanitizedApprovalPreview {
|
|
1165
|
+
if (!source || !source.value) {
|
|
1166
|
+
return { omitted: false };
|
|
1167
|
+
}
|
|
1168
|
+
const rawPreview = source.value.replace(DANGLING_TERMINAL_SEQUENCE_SUFFIX_RE, "");
|
|
1169
|
+
const sanitized = sanitizeVisibleScalar(rawPreview);
|
|
1170
|
+
if (!sanitized) {
|
|
1171
|
+
return { omitted: true };
|
|
1172
|
+
}
|
|
1173
|
+
return { text: formatCodexDisplayText(truncate(sanitized, maxLength)), omitted: source.clipped };
|
|
1174
|
+
}
|
|
1175
|
+
|
|
1176
|
+
function sanitizeVisibleScalar(value: string): string {
|
|
1177
|
+
return value
|
|
1178
|
+
.replace(ANSI_OSC_SEQUENCE_RE, "")
|
|
1179
|
+
.replace(ANSI_CONTROL_SEQUENCE_RE, "")
|
|
1180
|
+
.replace(INVISIBLE_FORMATTING_CONTROL_RE, " ")
|
|
1181
|
+
.replace(CONTROL_CHARACTER_RE, " ")
|
|
1182
|
+
.replace(/\s+/g, " ")
|
|
1183
|
+
.trim();
|
|
1184
|
+
}
|
|
1185
|
+
|
|
1186
|
+
function formatApprovalPreviewSubject(text: string, omitted: boolean): string {
|
|
1187
|
+
return omitted ? `${text} ${APPROVAL_PREVIEW_OMITTED}` : text;
|
|
1188
|
+
}
|
|
1189
|
+
|
|
1190
|
+
function joinDescriptionLinesWithinLimit(lines: string[], maxLength: number): string {
|
|
1191
|
+
let description = "";
|
|
1192
|
+
for (const line of lines) {
|
|
1193
|
+
const prefix = description ? "\n" : "";
|
|
1194
|
+
const next = `${description}${prefix}${line}`;
|
|
1195
|
+
if (next.length <= maxLength) {
|
|
1196
|
+
description = next;
|
|
1197
|
+
continue;
|
|
1198
|
+
}
|
|
1199
|
+
const remaining = maxLength - description.length - prefix.length;
|
|
1200
|
+
if (remaining < 3) {
|
|
1201
|
+
break;
|
|
1202
|
+
}
|
|
1203
|
+
description += `${prefix}${truncate(line, remaining)}`;
|
|
1204
|
+
break;
|
|
1205
|
+
}
|
|
1206
|
+
return description;
|
|
1207
|
+
}
|
|
1208
|
+
|
|
1209
|
+
function formatErrorMessage(error: unknown): string {
|
|
1210
|
+
return error instanceof Error ? error.message : String(error);
|
|
1211
|
+
}
|