@karmaniverous/jeeves-server-openclaw 0.1.1 → 0.2.1

package/dist/index.js

@@ -160,7 +160,7 @@ function registerServerTools(api, baseUrl) {
             },
             buildRequest: (params) => {
                 const p = normalizePath(params);
-                return ['/api/directory/' + p];
+                return ['/api/path/' + p];
             },
         },
         {
@@ -186,13 +186,14 @@ function registerServerTools(api, baseUrl) {
             },
             buildRequest: (params) => {
                 const p = normalizePath(params);
-                const qs = [];
-                if (params.expiryDays !== undefined)
-                    qs.push('exp=' + String(params.expiryDays));
+                const body = { path: '/' + p };
+                if (params.expiryDays !== undefined) {
+                    const ms = Date.now() + params.expiryDays * 86400000;
+                    body.expiry = String(ms);
+                }
                 if (params.depth !== undefined)
-                    qs.push('d=' + String(params.depth));
-                const query = qs.length > 0 ? '?' + qs.join('&') : '';
-                return ['/api/share/' + p + query];
+                    body.depth = params.depth;
+                return ['/api/share', 'POST', body];
             },
         },
         {
@@ -216,7 +217,7 @@ function registerServerTools(api, baseUrl) {
             buildRequest: (params) => {
                 const p = normalizePath(params);
                 const fmt = String(params.format);
-                return ['/export/' + p + '.' + fmt];
+                return ['/api/export/' + p + '?format=' + fmt];
             },
         },
         {

package/dist/skills/jeeves-server/SKILL.md

@@ -23,17 +23,18 @@ To convert a Windows file path to a browse path:
 
 ## Sharing
 
-- **Insiders** authenticate via Google OAuth — bare URLs work for them
+- **Insiders** authenticate via Google OAuth or key-based auth — bare URLs work for them
 - **Outsiders** need HMAC share links — use `server_share` to generate them
 - Share links have configurable expiry (default 30 days)
 - Directory shares support depth control for recursive access
+- An `outsiderPolicy` can constrain which paths are eligible for outsider sharing
 
 ## Export
 
 Available formats depend on file type and server capabilities:
 - **Markdown files:** PDF (requires Chrome), DOCX
-- **Mermaid diagrams:** SVG, PNG, PDF
-- **PlantUML diagrams:** Formats depend on server configuration
+- **Mermaid diagrams:** SVG, PNG, PDF (Mermaid CLI is bundled)
+- **PlantUML diagrams:** Formats depend on server configuration (jar downloaded automatically via postinstall)
 - **Directories:** ZIP (insider-only)
 
 Use `server_link_info` first to check which formats are available for a path.
@@ -51,8 +52,8 @@ Run `server_status` to check:
 ### Prerequisites
 
 - **Node.js 20+** and npm
-- **Java 8+** (optional, for local PlantUML rendering)
-- **Chrome/Chromium** (optional, for PDF export)
+- **Java 8+** (optional, for local PlantUML rendering — jar downloaded automatically)
+- **Chrome/Chromium** (required for PDF export)
 - **NSSM** (Windows) or **systemd** (Linux) for service management
 - **Caddy** (recommended) or nginx for reverse proxy with automatic TLS
 
@@ -64,49 +65,105 @@ npm install -g @karmaniverous/jeeves-server
 
 ### 2. Create config
 
-Create `jeeves-server.config.json` in the server's working directory:
+Create `jeeves-server.config.json` (or any cosmiconfig-supported format) in the server's working directory:
 
 ```json
 {
   "port": 1934,
-  "roots": {
-    "data": "/path/to/data"
+  "chromePath": "/usr/bin/chromium-browser",
+  "auth": {
+    "modes": ["keys", "google"],
+    "google": {
+      "clientId": "${GOOGLE_CLIENT_ID}",
+      "clientSecret": "${GOOGLE_CLIENT_SECRET}"
+    },
+    "sessionSecret": "${SESSION_SECRET}"
+  },
+  "scopes": {
+    "public-docs": {
+      "allow": ["/d/docs/*"]
+    }
+  },
+  "insiders": {
+    "you@example.com": {},
+    "contractor@example.com": { "scopes": "public-docs" }
   },
   "keys": {
     "_internal": "random-hex-seed-for-puppeteer",
-    "_plugin": "random-hex-seed-for-openclaw-plugin"
+    "_plugin": "random-hex-seed-for-openclaw-plugin",
+    "primary": "random-hex-seed-for-api-access"
   },
-  "insiders": [
-    { "email": "you@example.com" }
-  ],
-  "google": {
-    "clientId": "${GOOGLE_CLIENT_ID}",
-    "clientSecret": "${GOOGLE_CLIENT_SECRET}"
+  "watcherUrl": "http://127.0.0.1:1936",
+  "runnerUrl": "http://127.0.0.1:1937"
+}
+```
+
+**Key fields:**
+- `chromePath` — **required**, path to Chrome/Chromium executable
+- `auth.modes` — **required**, array of `"keys"` and/or `"google"`
+- `scopes` — named scope definitions (allow/deny), referenced by name from insiders and keys
+- `insiders` — map of email → `{ scopes?, allow?, deny? }`
+- `keys._internal` — required for PDF/DOCX export (Puppeteer auth)
+- `keys._plugin` — required for OpenClaw plugin auth
+- `outsiderPolicy` — optional global constraints on outsider sharing (can reference a named scope)
+
+### Named Scope Composition
+
+Define reusable scope policies at the top level, then reference them by name:
+
+```json
+{
+  "scopes": {
+    "standard": { "allow": ["/**"], "deny": ["/secrets/**"] },
+    "no-vc": { "deny": ["/projects/vc/**"] },
+    "no-private": { "deny": ["/projects/jill/**"] }
   },
-  "sessionSecret": "${SESSION_SECRET}",
-  "watcherUrl": "http://127.0.0.1:1936"
+  "insiders": {
+    "dev@example.com": { "scopes": ["standard", "no-vc"] },
+    "jill@example.com": {
+      "scopes": ["standard", "no-private"],
+      "allow": ["/projects/jill/**"]
+    }
+  }
 }
 ```
 
+**Composition rules:**
+- Multiple named scopes are **unioned** — all `allow` and `deny` patterns merge
+- Explicit `allow`/`deny` on the insider or key entry act as **overrides** with highest precedence:
+  1. Explicit `deny` → **DENIED** (overrides named allow)
+  2. Explicit `allow` → **ALLOWED** (overrides named deny)
+  3. Standard named scope `allow AND NOT deny`
+
+This lets you compose broad policies (e.g. `no-private`) and surgically override them for specific users (e.g. Jill gets access to her own project).
+
+Environment variable substitution is supported: `${VAR_NAME}` in string values.
+
+Generate key seeds with:
+```bash
+node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+```
+
 ### 3. Validate config
 
 ```bash
-jeeves-server config validate
-jeeves-server config show
+jeeves-server config validate [--config <path>]
+jeeves-server config show [--config <path>]
 ```
 
 ### 4. Register as system service
 
 **Windows (NSSM):**
 ```bash
-jeeves-server service install
+jeeves-server service install [--config <path>]
 jeeves-server service start
 ```
 
 **Linux (systemd):**
 ```bash
-sudo jeeves-server service install
-sudo jeeves-server service start
+jeeves-server service install [--config <path>]
+sudo systemctl enable jeeves-server
+sudo systemctl start jeeves-server
 ```
 
 ### 5. Configure Caddy reverse proxy
@@ -127,9 +184,9 @@ Caddy handles TLS certificate provisioning automatically. Ensure DNS A/AAAA reco
 npx @karmaniverous/jeeves-server-openclaw install
 ```
 
-Configure the plugin in `openclaw.json` with `apiUrl` and `pluginKey` (matching the `_plugin` key seed from server config). 
+Configure the plugin in `openclaw.json` with `apiUrl` and `pluginKey` (matching the `_plugin` key seed from server config).
 
-**Important:** Add `"jeeves-server-openclaw"` to the `tools.allow` array in `openclaw.json` so the agent can use the plugin's tools.
+**Note:** The installer handles plugin registration in `openclaw.json` automatically. If using `openclaw plugins install` instead (when available), you may need to manually add the plugin entry to `plugins.entries` in `openclaw.json` with `apiUrl` and `pluginKey` config values.
 
 Restart the gateway to load the plugin.
 

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "jeeves-server-openclaw",
   "name": "Jeeves Server",
   "description": "File browsing, document sharing, export, and event gateway tools for jeeves-server.",
-  "version": "0.1.1",
+  "version": "0.2.1",
   "skills": [
     "dist/skills/jeeves-server"
   ],

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@karmaniverous/jeeves-server-openclaw",
-  "version": "0.1.1",
+  "version": "0.2.1",
   "type": "module",
   "main": "dist/index.js",
   "scripts": {