@goplus/agentguard 1.1.9 → 1.1.13

package/dist/feed/cron.js

@@ -5,10 +5,19 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.validateCronExpression = validateCronExpression;
 exports.localTimeZone = localTimeZone;
+exports.installThreatFeedCron = installThreatFeedCron;
 exports.installOpenClawThreatFeedCron = installOpenClawThreatFeedCron;
 exports.extractOpenClawCronJobs = extractOpenClawCronJobs;
 exports.openClawGatewayRequest = openClawGatewayRequest;
+const node_child_process_1 = require("node:child_process");
+const node_crypto_1 = require("node:crypto");
+const promises_1 = require("node:fs/promises");
 const node_http_1 = __importDefault(require("node:http"));
+const node_net_1 = __importDefault(require("node:net"));
+const node_os_1 = require("node:os");
+const node_path_1 = require("node:path");
+class GatewayHttpFallbackError extends Error {
+}
 function validateCronExpression(value) {
     const expr = value.trim();
     const fields = expr.split(/\s+/);
@@ -23,9 +32,51 @@ function validateCronExpression(value) {
 function localTimeZone() {
     return Intl.DateTimeFormat().resolvedOptions().timeZone || 'UTC';
 }
+async function installThreatFeedCron(options, adapters = {}) {
+    const backend = options.backend ?? 'auto';
+    if (backend === 'auto' && !options.agentHost) {
+        throw new Error('Cron target auto requires a saved agent host. Run `agentguard init --agent <claude-code|codex|openclaw|hermes|qclaw>` first, or pass `--cron-target openclaw`, `--cron-target qclaw`, `--cron-target hermes`, or `--cron-target system`.');
+    }
+    if (backend === 'system' || (backend === 'auto' && options.agentHost !== 'openclaw' && options.agentHost !== 'qclaw' && options.agentHost !== 'hermes')) {
+        return installSystemThreatFeedCron(options, adapters.runCommand);
+    }
+    if (backend === 'hermes' || (backend === 'auto' && options.agentHost === 'hermes')) {
+        return installHermesNativeThreatFeedCron(options, adapters.runCommand);
+    }
+    if (backend === 'openclaw' || (backend === 'auto' && options.agentHost === 'openclaw')) {
+        let nativeError = null;
+        try {
+            const result = await installOpenClawNativeThreatFeedCron(options, adapters.runCommand);
+            result.backend = 'openclaw';
+            return result;
+        }
+        catch (err) {
+            nativeError = err;
+            if (!(nativeError instanceof CronBackendUnavailableError)) {
+                throw nativeError;
+            }
+        }
+        try {
+            const result = await installOpenClawThreatFeedCron(options, adapters.gateway);
+            result.backend = 'openclaw-gateway';
+            return result;
+        }
+        catch (gatewayError) {
+            throw new Error(`Could not install OpenClaw cron. Native openclaw command failed: ${nativeError.message}. ` +
+                `Gateway fallback failed: ${gatewayError.message}`);
+        }
+    }
+    if (backend === 'qclaw' || (backend === 'auto' && options.agentHost === 'qclaw')) {
+        const result = await installOpenClawThreatFeedCron(options, qclawGatewayOptions(adapters.gateway));
+        result.backend = 'qclaw-gateway';
+        return result;
+    }
+    throw new Error('Invalid cron target. Use auto, openclaw, qclaw, hermes, or system.');
+}
 async function installOpenClawThreatFeedCron(options, gateway = {}) {
     const schedule = validateCronExpression(options.cronExpression);
     const timezone = options.timezone ?? localTimeZone();
+    const command = threatFeedCommand(options.quiet, { notifyRun: true });
     const existing = await findOpenClawCronJobsByName(options.name, gateway);
     if (existing.length > 0 && !options.force) {
         return {
@@ -33,63 +84,369 @@ async function installOpenClawThreatFeedCron(options, gateway = {}) {
             schedule,
             timezone,
             created: false,
+            backend: 'openclaw-gateway',
+            command,
         };
     }
     const mode = options.quiet ? 'quiet' : 'manual';
-    const command = `agentguard subscribe${options.quiet ? ' --quiet' : ''} --json --cron-run`;
     const description = `AgentGuard Cloud threat feed subscription (${schedule})`;
-    const message = [
-        `Mode: ${mode}.`,
-        `Command: \`${command}\`.`,
-        `Run exactly the command above.`,
-        '',
-        'Rules:',
-        '- If the JSON field `hardFailures` is greater than 0, output a short error summary and do not send a notification.',
-        '- If the JSON field `shouldNotify` is true, send `notification.body` exactly as-is using the current session notification context.',
-        '- If `shouldNotify` is false, output "skipped" and finish without sending any message.',
-        '- If the command fails or the JSON cannot be parsed, output a short error summary and do not send a notification.',
-        '',
-        'Follow these rules exactly.',
-    ].join('\n');
+    const message = openClawCronMessage(options.quiet);
     if (existing.length > 0) {
         await removeOpenClawCronJobs(existing, gateway);
     }
-    await openClawGatewayRequest('cron.add', [
-        {
-            name: options.name,
-            description,
-            enabled: true,
-            schedule: {
-                kind: 'cron',
-                expr: schedule,
-                tz: timezone,
-            },
-            sessionTarget: 'isolated',
-            payload: {
-                kind: 'agentTurn',
-                message,
-                timeoutSeconds: 300,
-                agentguard: {
-                    mode,
-                    command,
-                },
-            },
-            delivery: {
-                mode: 'none',
+    await openClawGatewayRequest('cron.add', {
+        name: options.name,
+        description,
+        enabled: true,
+        schedule: {
+            kind: 'cron',
+            expr: schedule,
+            tz: timezone,
+        },
+        sessionTarget: 'isolated',
+        payload: {
+            kind: 'agentTurn',
+            message,
+            timeoutSeconds: 300,
+            agentguard: {
+                mode,
+                command,
             },
         },
-    ], gateway);
+        delivery: {
+            mode: 'announce',
+            channel: 'last',
+        },
+    }, gateway);
     return {
         name: options.name,
         schedule,
         timezone,
         created: true,
+        backend: 'openclaw-gateway',
+        command,
     };
 }
 async function findOpenClawCronJobsByName(name, gateway) {
-    const listed = await openClawGatewayRequest('cron.list', {}, gateway).catch(() => null);
+    const listed = await openClawGatewayRequest('cron.list', {}, gateway);
     return extractOpenClawCronJobs(listed).filter((job) => job.name === name);
 }
+async function installOpenClawNativeThreatFeedCron(options, runCommand = execCommand) {
+    const schedule = validateCronExpression(options.cronExpression);
+    const timezone = options.timezone ?? localTimeZone();
+    const command = threatFeedCommand(options.quiet, { notifyRun: true });
+    const message = openClawCronMessage(options.quiet);
+    let existing;
+    try {
+        existing = await runCommand('openclaw', ['cron', 'list']);
+    }
+    catch (err) {
+        throw new CronBackendUnavailableError(`Could not list native OpenClaw cron jobs. Is OpenClaw installed and available on PATH? ${err.message}`);
+    }
+    if (nativeCronListHasExactName(existing.stdout, options.name) && !options.force) {
+        return {
+            name: options.name,
+            schedule,
+            timezone,
+            created: false,
+            backend: 'openclaw',
+            command,
+        };
+    }
+    const args = [
+        'cron',
+        'add',
+        '--name',
+        options.name,
+        '--description',
+        `AgentGuard Cloud threat feed subscription (${schedule})`,
+        '--cron',
+        schedule,
+        '--tz',
+        timezone,
+        '--session',
+        'isolated',
+        '--message',
+        message,
+        '--timeout-seconds',
+        '300',
+        '--announce',
+        '--channel',
+        'last',
+        '--thinking',
+        'off',
+    ];
+    if (options.force)
+        args.push('--force');
+    await runCommand('openclaw', args);
+    return {
+        name: options.name,
+        schedule,
+        timezone,
+        created: true,
+        backend: 'openclaw',
+        command,
+    };
+}
+class CronBackendUnavailableError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'CronBackendUnavailableError';
+    }
+}
+function nativeCronListHasExactName(stdout, name) {
+    const jsonJobs = extractOpenClawCronJobs(parseJsonOrNull(stdout));
+    if (jsonJobs.some((job) => job.name === name))
+        return true;
+    return stdout
+        .split(/\r?\n/)
+        .map((line) => line.trim())
+        .filter(Boolean)
+        .some((line) => nativeCronListLineHasExactName(line, name));
+}
+function nativeCronListLineHasExactName(line, name) {
+    const quoted = line.match(/(["'])(.*?)\1/);
+    if (quoted?.[2] === name)
+        return true;
+    const cells = line.split(/\s{2,}|\t+/).map((cell) => cell.trim()).filter(Boolean);
+    return cells.includes(name);
+}
+function parseJsonOrNull(value) {
+    try {
+        return JSON.parse(value);
+    }
+    catch {
+        return null;
+    }
+}
+async function installHermesNativeThreatFeedCron(options, runCommand = execCommand) {
+    const schedule = validateCronExpression(options.cronExpression);
+    const timezone = options.timezone ?? localTimeZone();
+    const command = threatFeedCommand(options.quiet);
+    let existing;
+    try {
+        existing = await runCommand('hermes', ['cron', 'list']);
+    }
+    catch (err) {
+        throw new Error(`Could not list Hermes cron jobs. Is Hermes installed and available on PATH? ${err.message}`);
+    }
+    if (existing.stdout.includes(options.name) && !options.force) {
+        return {
+            name: options.name,
+            schedule,
+            timezone,
+            created: false,
+            backend: 'hermes',
+            command,
+        };
+    }
+    if (existing.stdout.includes(options.name) && options.force) {
+        await runCommand('hermes', ['cron', 'remove', options.name]);
+    }
+    const script = await writeHermesThreatFeedScript(options);
+    await runCommand('hermes', [
+        'cron',
+        'create',
+        schedule,
+        '--name',
+        options.name,
+        '--deliver',
+        'local',
+        '--script',
+        script,
+        '--no-agent',
+    ]);
+    return {
+        name: options.name,
+        schedule,
+        timezone,
+        created: true,
+        backend: 'hermes',
+        command,
+        script,
+    };
+}
+async function installSystemThreatFeedCron(options, runCommand = execCommand) {
+    const schedule = validateCronExpression(options.cronExpression);
+    const timezone = options.timezone ?? localTimeZone();
+    const command = threatFeedCommand(options.quiet);
+    const home = validateCronFilesystemPath(options.agentGuardHome ?? (0, node_path_1.join)((0, node_os_1.homedir)(), '.agentguard'), 'AGENTGUARD_HOME');
+    const jobId = sanitizeCronJobId(options.name);
+    const begin = `# AgentGuard begin ${jobId}`;
+    const end = `# AgentGuard end ${jobId}`;
+    const script = await writeSystemThreatFeedScript({
+        name: options.name,
+        quiet: options.quiet,
+        agentGuardHome: home,
+    });
+    const logPath = validateCronFilesystemPath((0, node_path_1.join)(home, 'feed-cron.log'), 'system cron log path');
+    const line = `${schedule} ${shellQuote(script)} >> ${shellQuote(logPath)} 2>&1`;
+    const existing = await runCommand('crontab', ['-l']).then((result) => result.stdout, () => '');
+    const hasExisting = existing.includes(begin);
+    if (hasExisting && !options.force) {
+        return {
+            name: options.name,
+            schedule,
+            timezone,
+            created: false,
+            backend: 'system',
+            command,
+            script,
+        };
+    }
+    const withoutExisting = removeAgentGuardCronBlock(existing, jobId).trimEnd();
+    const next = `${withoutExisting}${withoutExisting ? '\n' : ''}${begin}\n${line}\n${end}\n`;
+    await runCommand('crontab', ['-'], next);
+    return {
+        name: options.name,
+        schedule,
+        timezone,
+        created: true,
+        backend: 'system',
+        command,
+        script,
+    };
+}
+function threatFeedCommand(quiet, options = {}) {
+    const modeFlag = options.notifyRun ? '--cron-notify-run' : '--json --cron-run';
+    return `agentguard subscribe${quiet ? ' --quiet' : ''} ${modeFlag}`;
+}
+function qclawGatewayOptions(gateway = {}) {
+    return {
+        ...gateway,
+        port: gateway.port ?? 28789,
+        label: gateway.label ?? 'QClaw Gateway',
+    };
+}
+async function writeHermesThreatFeedScript(options) {
+    const hermesHome = (options.hermesHome ?? process.env.HERMES_HOME?.trim()) || (0, node_path_1.join)((0, node_os_1.homedir)(), '.hermes');
+    const scriptsDir = (0, node_path_1.join)(hermesHome, 'scripts');
+    await (0, promises_1.mkdir)(scriptsDir, { recursive: true });
+    const scriptName = `${sanitizeHermesScriptName(options.name)}.sh`;
+    const scriptPath = (0, node_path_1.join)(scriptsDir, scriptName);
+    const lines = [
+        '#!/usr/bin/env bash',
+        'set -euo pipefail',
+        `export AGENTGUARD_HOME=${shellQuote(options.agentGuardHome ?? (0, node_path_1.join)((0, node_os_1.homedir)(), '.agentguard'))}`,
+        process.env.PATH ? `export PATH=${shellQuote(process.env.PATH)}` : '',
+        `exec ${threatFeedCommand(options.quiet)}`,
+        '',
+    ].filter(Boolean);
+    await (0, promises_1.writeFile)(scriptPath, lines.join('\n'), { mode: 0o700 });
+    await (0, promises_1.chmod)(scriptPath, 0o700).catch(() => undefined);
+    return scriptName;
+}
+async function writeSystemThreatFeedScript(options) {
+    const scriptsDir = (0, node_path_1.join)(options.agentGuardHome, 'scripts');
+    await (0, promises_1.mkdir)(scriptsDir, { recursive: true });
+    const scriptPath = validateCronFilesystemPath((0, node_path_1.join)(scriptsDir, `${sanitizeCronJobId(options.name)}.sh`), 'system cron script path');
+    const lines = [
+        '#!/usr/bin/env bash',
+        'set -euo pipefail',
+        `export AGENTGUARD_HOME=${shellQuote(options.agentGuardHome)}`,
+        process.env.PATH ? `export PATH=${shellQuote(process.env.PATH)}` : '',
+        `exec ${threatFeedCommand(options.quiet)}`,
+        '',
+    ].filter(Boolean);
+    await (0, promises_1.writeFile)(scriptPath, lines.join('\n'), { mode: 0o700 });
+    await (0, promises_1.chmod)(scriptPath, 0o700).catch(() => undefined);
+    return scriptPath;
+}
+function validateCronFilesystemPath(value, label) {
+    if (!(0, node_path_1.isAbsolute)(value)) {
+        throw new Error(`${label} must be an absolute path for system cron installation.`);
+    }
+    if (/[\0\r\n'"]/.test(value)) {
+        throw new Error(`${label} must not contain quotes or newlines for system cron installation.`);
+    }
+    return value;
+}
+function sanitizeCronJobId(value) {
+    const normalized = value.trim().replace(/[^A-Za-z0-9._-]+/g, '-').replace(/^-+|-+$/g, '');
+    return normalized || 'agentguard-threat-feed';
+}
+function sanitizeHermesScriptName(value) {
+    const normalized = value.trim().replace(/[^A-Za-z0-9._-]+/g, '-').replace(/^-+|-+$/g, '');
+    return normalized ? `agentguard-${normalized}` : 'agentguard-threat-feed';
+}
+function shellQuote(value) {
+    return `'${value.replace(/'/g, `'\\''`)}'`;
+}
+function openClawCronMessage(quiet) {
+    const mode = quiet ? 'quiet' : 'manual';
+    const command = threatFeedCommand(quiet, { notifyRun: true });
+    return [
+        `Mode: ${mode}.`,
+        `Command: \`${command}\`.`,
+        `Run exactly the command above.`,
+        '',
+        'Rules:',
+        '- The command prints either the exact notification body or `NO_REPLY`.',
+        '- Output the command stdout exactly as your final response.',
+        '- Do not summarize, transform, add labels, or send a separate message.',
+        '- If the command fails or prints no stdout, output `NO_REPLY`.',
+        '',
+        'Follow these rules exactly.',
+    ].join('\n');
+}
+function removeAgentGuardCronBlock(value, name) {
+    const begin = `# AgentGuard begin ${name}`;
+    const end = `# AgentGuard end ${name}`;
+    const lines = value.split(/\r?\n/);
+    const kept = [];
+    let skipping = false;
+    for (const line of lines) {
+        if (line.trim() === begin) {
+            skipping = true;
+            continue;
+        }
+        if (line.trim() === end) {
+            skipping = false;
+            continue;
+        }
+        if (!skipping)
+            kept.push(line);
+    }
+    return kept.join('\n');
+}
+function execCommand(command, args, input) {
+    return new Promise((resolve, reject) => {
+        const child = (0, node_child_process_1.spawn)(command, args, { stdio: ['pipe', 'pipe', 'pipe'] });
+        let settled = false;
+        const finish = (fn) => {
+            if (settled)
+                return;
+            settled = true;
+            clearTimeout(timeout);
+            fn();
+        };
+        const timeout = setTimeout(() => {
+            child.kill('SIGTERM');
+            finish(() => reject(new Error(`${command} ${args.join(' ')} timed out after 10000ms`)));
+        }, 10000);
+        let stdout = '';
+        let stderr = '';
+        child.stdout.on('data', (chunk) => {
+            stdout += chunk.toString();
+        });
+        child.stderr.on('data', (chunk) => {
+            stderr += chunk.toString();
+        });
+        child.on('error', (err) => {
+            finish(() => reject(err));
+        });
+        child.on('close', (code) => {
+            if (code === 0) {
+                finish(() => resolve({ stdout, stderr }));
+                return;
+            }
+            finish(() => reject(new Error(`${command} ${args.join(' ')} failed with exit code ${code}: ${stderr || stdout}`.trim())));
+        });
+        if (input)
+            child.stdin.write(input);
+        child.stdin.end();
+    });
+}
 async function removeOpenClawCronJobs(jobs, gateway) {
     for (const job of jobs) {
         if (!job.id)
@@ -114,15 +471,27 @@ function openClawGatewayRequest(method, params, options = {}) {
     if (options.request) {
         return options.request(method, params);
     }
+    const host = options.host ?? '127.0.0.1';
+    const port = options.port ?? 18789;
+    const label = options.label ?? 'OpenClaw Gateway';
+    const timeoutMs = options.timeoutMs ?? 5000;
+    if (options.url) {
+        return openClawGatewayWebSocketRequest({ url: options.url, method, params, label, timeoutMs });
+    }
+    return openClawGatewayHttpRequest({ host, port, method, params, label, timeoutMs }).catch((err) => {
+        if (err instanceof GatewayHttpFallbackError) {
+            return openClawGatewayWebSocketRequest({ url: `ws://${host}:${port}`, method, params, label, timeoutMs });
+        }
+        throw err;
+    });
+}
+function openClawGatewayHttpRequest(options) {
     const payload = JSON.stringify({
         jsonrpc: '2.0',
-        method,
-        params,
+        method: options.method,
+        params: legacyGatewayParams(options.method, options.params),
         id: 1,
     });
-    const host = options.host ?? '127.0.0.1';
-    const port = options.port ?? 18789;
-    const timeoutMs = options.timeoutMs ?? 5000;
     return new Promise((resolve, reject) => {
         let settled = false;
         const fail = (err) => {
@@ -138,8 +507,8 @@ function openClawGatewayRequest(method, params, options = {}) {
             resolve(value);
         };
         const req = node_http_1.default.request({
-            hostname: host,
-            port,
+            hostname: options.host,
+            port: options.port,
             path: '/',
             method: 'POST',
             headers: {
@@ -150,7 +519,7 @@ function openClawGatewayRequest(method, params, options = {}) {
             let data = '';
             res.setEncoding('utf8');
             res.on('error', (err) => {
-                fail(new Error(`OpenClaw Gateway ${method} response failed: ${err.message}`));
+                fail(new Error(`${options.label} ${options.method} response failed: ${err.message}`));
             });
             res.on('data', (chunk) => {
                 data += chunk;
@@ -161,25 +530,25 @@ function openClawGatewayRequest(method, params, options = {}) {
                     parsed = data ? JSON.parse(data) : null;
                 }
                 catch {
-                    fail(new Error(`OpenClaw Gateway returned non-JSON response: ${data}`));
+                    fail(new GatewayHttpFallbackError(`${options.label} returned non-JSON response: ${data}`));
                     return;
                 }
-                if (parsed?.error) {
-                    fail(new Error(`OpenClaw Gateway ${method} failed: ${parsed.error.message ?? JSON.stringify(parsed.error)}`));
+                if (res.statusCode && res.statusCode >= 400) {
+                    fail(new GatewayHttpFallbackError(`${options.label} ${options.method} failed with HTTP ${res.statusCode}`));
                     return;
                 }
-                if (res.statusCode && res.statusCode >= 400) {
-                    fail(new Error(`OpenClaw Gateway ${method} failed with HTTP ${res.statusCode}`));
+                if (parsed?.error) {
+                    fail(new Error(`${options.label} ${options.method} failed: ${parsed.error.message ?? JSON.stringify(parsed.error)}`));
                     return;
                 }
                 succeed(parsed?.result ?? parsed);
             });
         });
         req.on('error', (err) => {
-            fail(new Error(`Could not reach OpenClaw Gateway at ${host}:${port}: ${err.message}`));
+            fail(new GatewayHttpFallbackError(`Could not reach ${options.label} at ${options.host}:${options.port}: ${err.message}`));
         });
-        req.setTimeout(timeoutMs, () => {
-            const err = new Error(`OpenClaw Gateway ${method} request timed out after ${timeoutMs}ms`);
+        req.setTimeout(options.timeoutMs, () => {
+            const err = new GatewayHttpFallbackError(`${options.label} ${options.method} request timed out after ${options.timeoutMs}ms`);
             fail(err);
             req.destroy(err);
         });
@@ -187,4 +556,302 @@ function openClawGatewayRequest(method, params, options = {}) {
         req.end();
     });
 }
+function legacyGatewayParams(method, params) {
+    if (method === 'cron.add' && !Array.isArray(params))
+        return [params];
+    return params;
+}
+function openClawGatewayWebSocketRequest(options) {
+    const endpoint = parseGatewayWebSocketUrl(options.url, options.label);
+    return new Promise((resolve, reject) => {
+        const connectRequestId = (0, node_crypto_1.randomUUID)();
+        const methodRequestId = (0, node_crypto_1.randomUUID)();
+        const websocketKey = (0, node_crypto_1.randomBytes)(16).toString('base64');
+        let handshakeComplete = false;
+        let connected = false;
+        let settled = false;
+        let buffer = Buffer.alloc(0);
+        let fragmentedText = null;
+        const fail = (err) => {
+            if (settled)
+                return;
+            settled = true;
+            clearTimeout(timeout);
+            socket.destroy();
+            reject(err);
+        };
+        const succeed = (value) => {
+            if (settled)
+                return;
+            settled = true;
+            clearTimeout(timeout);
+            socket.end();
+            resolve(value);
+        };
+        const socket = node_net_1.default.createConnection({ host: endpoint.hostname, port: endpoint.port }, () => {
+            socket.write(buildWebSocketHandshake(endpoint, websocketKey));
+        });
+        const timeout = setTimeout(() => {
+            fail(new Error(`${options.label} ${options.method} request timed out after ${options.timeoutMs}ms`));
+        }, options.timeoutMs);
+        socket.on('error', (err) => {
+            fail(new Error(`Could not reach ${options.label} at ${endpoint.hostname}:${endpoint.port}: ${err.message}`));
+        });
+        socket.on('data', (chunk) => {
+            buffer = Buffer.concat([buffer, chunk]);
+            if (!handshakeComplete) {
+                const headerEnd = buffer.indexOf('\r\n\r\n');
+                if (headerEnd === -1)
+                    return;
+                const header = buffer.subarray(0, headerEnd + 4).toString('utf8');
+                buffer = buffer.subarray(headerEnd + 4);
+                try {
+                    validateWebSocketHandshake(header, websocketKey, options.label);
+                }
+                catch (err) {
+                    fail(err);
+                    return;
+                }
+                handshakeComplete = true;
+            }
+            while (true) {
+                let parsed;
+                try {
+                    parsed = readWebSocketFrame(buffer);
+                }
+                catch (err) {
+                    fail(err);
+                    return;
+                }
+                if (!parsed)
+                    break;
+                buffer = parsed.rest;
+                if (parsed.opcode === 0x8) {
+                    fail(new Error(`${options.label} closed the WebSocket before ${options.method} completed`));
+                    return;
+                }
+                if (parsed.opcode === 0x9) {
+                    socket.write(encodeWebSocketFrame(parsed.payload.toString('utf8'), 0xA));
+                    continue;
+                }
+                if (parsed.opcode === 0xA)
+                    continue;
+                if (parsed.opcode === 0x1) {
+                    if (fragmentedText) {
+                        fail(new Error(`${options.label} started a new WebSocket text message before completing the previous one`));
+                        return;
+                    }
+                    if (parsed.fin) {
+                        handleGatewayFrame(parsed.payload.toString('utf8'));
+                    }
+                    else {
+                        fragmentedText = [parsed.payload];
+                    }
+                    continue;
+                }
+                if (parsed.opcode === 0x0) {
+                    if (!fragmentedText) {
+                        fail(new Error(`${options.label} returned an unexpected WebSocket continuation frame`));
+                        return;
+                    }
+                    fragmentedText.push(parsed.payload);
+                    if (parsed.fin) {
+                        const complete = Buffer.concat(fragmentedText);
+                        fragmentedText = null;
+                        handleGatewayFrame(complete.toString('utf8'));
+                    }
+                }
+            }
+        });
+        function handleGatewayFrame(raw) {
+            let frame;
+            try {
+                frame = JSON.parse(raw);
+            }
+            catch {
+                fail(new Error(`${options.label} returned non-JSON WebSocket frame: ${raw}`));
+                return;
+            }
+            if (frame?.type === 'event' && frame.event === 'connect.challenge') {
+                socket.write(encodeWebSocketFrame(JSON.stringify({
+                    type: 'req',
+                    id: connectRequestId,
+                    method: 'connect',
+                    params: openClawConnectParams(),
+                })));
+                return;
+            }
+            if (frame?.type !== 'res')
+                return;
+            if (frame.id === connectRequestId) {
+                if (!frame.ok) {
+                    fail(new Error(`${options.label} connect failed: ${gatewayFrameErrorMessage(frame)}`));
+                    return;
+                }
+                connected = true;
+                socket.write(encodeWebSocketFrame(JSON.stringify({
+                    type: 'req',
+                    id: methodRequestId,
+                    method: options.method,
+                    params: options.params,
+                })));
+                return;
+            }
+            if (connected && frame.id === methodRequestId) {
+                if (!frame.ok) {
+                    fail(new Error(`${options.label} ${options.method} failed: ${gatewayFrameErrorMessage(frame)}`));
+                    return;
+                }
+                succeed(frame.payload);
+            }
+        }
+    });
+}
+function parseGatewayWebSocketUrl(raw, label) {
+    let parsed;
+    try {
+        parsed = new URL(raw);
+    }
+    catch {
+        throw new Error(`${label} URL is invalid: ${raw}`);
+    }
+    if (parsed.protocol !== 'ws:') {
+        throw new Error(`${label} URL must use ws:// for Gateway WebSocket RPC.`);
+    }
+    const port = parsed.port ? Number(parsed.port) : 80;
+    if (!Number.isInteger(port) || port <= 0 || port > 65535) {
+        throw new Error(`${label} URL has an invalid port: ${raw}`);
+    }
+    const path = `${parsed.pathname || '/'}${parsed.search}`;
+    const hostname = parsed.hostname;
+    const hostHeader = parsed.port ? parsed.host : `${parsed.hostname}:${port}`;
+    return { hostname, port, path, hostHeader };
+}
+function buildWebSocketHandshake(endpoint, key) {
+    return [
+        `GET ${endpoint.path || '/'} HTTP/1.1`,
+        `Host: ${endpoint.hostHeader}`,
+        'Upgrade: websocket',
+        'Connection: Upgrade',
+        `Sec-WebSocket-Key: ${key}`,
+        'Sec-WebSocket-Version: 13',
+        '',
+        '',
+    ].join('\r\n');
+}
+function validateWebSocketHandshake(header, key, label) {
+    const [statusLine, ...lines] = header.split(/\r\n/);
+    if (!/^HTTP\/1\.[01] 101\b/.test(statusLine ?? '')) {
+        throw new Error(`${label} WebSocket upgrade failed: ${statusLine || 'empty response'}`);
+    }
+    const headers = new Map();
+    for (const line of lines) {
+        const index = line.indexOf(':');
+        if (index === -1)
+            continue;
+        headers.set(line.slice(0, index).trim().toLowerCase(), line.slice(index + 1).trim());
+    }
+    const expected = (0, node_crypto_1.createHash)('sha1')
+        .update(`${key}258EAFA5-E914-47DA-95CA-C5AB0DC85B11`)
+        .digest('base64');
+    if (headers.get('sec-websocket-accept') !== expected) {
+        throw new Error(`${label} WebSocket upgrade returned an invalid accept key.`);
+    }
+}
+function readWebSocketFrame(buffer) {
+    if (buffer.length < 2)
+        return null;
+    const first = buffer[0];
+    const second = buffer[1];
+    const fin = (first & 0x80) !== 0;
+    const opcode = first & 0x0f;
+    const masked = (second & 0x80) !== 0;
+    if (masked) {
+        throw new Error('WebSocket server frames must not be masked.');
+    }
+    if (opcode >= 0x8 && !fin) {
+        throw new Error('WebSocket control frames must not be fragmented.');
+    }
+    let length = second & 0x7f;
+    let offset = 2;
+    if (length === 126) {
+        if (buffer.length < offset + 2)
+            return null;
+        length = buffer.readUInt16BE(offset);
+        offset += 2;
+    }
+    else if (length === 127) {
+        if (buffer.length < offset + 8)
+            return null;
+        const longLength = buffer.readBigUInt64BE(offset);
+        if (longLength > BigInt(Number.MAX_SAFE_INTEGER)) {
+            throw new Error('WebSocket frame is too large.');
+        }
+        length = Number(longLength);
+        offset += 8;
+    }
+    if (opcode >= 0x8 && length > 125) {
+        throw new Error('WebSocket control frames must not exceed 125 bytes.');
+    }
+    const mask = masked ? buffer.subarray(offset, offset + 4) : null;
+    if (masked)
+        offset += 4;
+    if (buffer.length < offset + length)
+        return null;
+    const payload = Buffer.from(buffer.subarray(offset, offset + length));
+    if (mask) {
+        for (let i = 0; i < payload.length; i += 1) {
+            payload[i] = payload[i] ^ mask[i % 4];
+        }
+    }
+    return { fin, opcode, payload, rest: buffer.subarray(offset + length) };
+}
+function encodeWebSocketFrame(text, opcode = 0x1) {
+    const payload = Buffer.from(text, 'utf8');
+    const mask = (0, node_crypto_1.randomBytes)(4);
+    const headerLength = payload.length < 126 ? 2 : payload.length <= 0xffff ? 4 : 10;
+    const header = Buffer.alloc(headerLength);
+    header[0] = 0x80 | opcode;
+    if (payload.length < 126) {
+        header[1] = 0x80 | payload.length;
+    }
+    else if (payload.length <= 0xffff) {
+        header[1] = 0x80 | 126;
+        header.writeUInt16BE(payload.length, 2);
+    }
+    else {
+        header[1] = 0x80 | 127;
+        header.writeBigUInt64BE(BigInt(payload.length), 2);
+    }
+    const masked = Buffer.from(payload);
+    for (let i = 0; i < masked.length; i += 1) {
+        masked[i] = masked[i] ^ mask[i % 4];
+    }
+    return Buffer.concat([header, mask, masked]);
+}
+function openClawConnectParams() {
+    return {
+        minProtocol: 3,
+        maxProtocol: 3,
+        client: {
+            id: 'cli',
+            version: 'agentguard',
+            platform: process.platform,
+            mode: 'cli',
+        },
+        caps: [],
+        role: 'operator',
+        scopes: [
+            'operator.admin',
+            'operator.read',
+            'operator.write',
+            'operator.approvals',
+            'operator.pairing',
+            'operator.talk.secrets',
+        ],
+    };
+}
+function gatewayFrameErrorMessage(frame) {
+    return frame?.error?.message ?? JSON.stringify(frame?.error ?? frame);
+}
 //# sourceMappingURL=cron.js.map