@keychat-io/keychat 0.1.20 → 0.1.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +28 -7
  2. package/package.json +1 -1
  3. package/src/channel.ts +1 -1
  4. package/src/paths.ts +1 -1
package/README.md CHANGED
@@ -19,23 +19,34 @@ That's it. The plugin automatically downloads the bridge binary and initializes
19
19
 
20
20
  Supported platforms: macOS (ARM/x64), Linux (x64/ARM64).
21
21
 
22
+ ### Security Warnings
23
+
24
+ During installation, OpenClaw will show two security warnings. **Both are expected and required:**
25
+
26
+ | Warning | File | Why it's needed |
27
+ |---------|------|----------------|
28
+ | Shell command execution (child_process) | `bridge-client.ts` | Spawns the Rust sidecar process for Signal Protocol & MLS encryption. Keychat's cryptography runs in Rust and must be bridged to Node.js. |
29
+ | Shell command execution (child_process) | `keychain.ts` | Stores the agent's identity mnemonic in the OS keychain (macOS Keychain / Linux libsecret) instead of plain-text files. |
30
+
31
+ These warnings cannot be removed without sacrificing core functionality or security. The plugin does **not** execute arbitrary commands — it only spawns the bundled bridge binary and accesses the system keychain.
32
+
22
33
  Alternatively, install via shell script:
23
34
 
24
35
  ```bash
25
- curl -fsSL https://raw.githubusercontent.com/keychat-io/keychat/main/scripts/install.sh | bash
36
+ curl -fsSL https://raw.githubusercontent.com/keychat-io/keychat-openclaw/main/scripts/install.sh | bash
26
37
  ```
27
38
 
28
39
  ### Security Warnings
29
40
 
30
41
  During installation, OpenClaw's security scanner may show three warnings. All are expected:
31
42
 
32
- | Warning | Reason |
33
- |---------|--------|
34
- | Shell command execution (bridge-client.ts) | Spawns a Rust sidecar for Signal Protocol and MLS encryption. |
35
- | Shell command execution (keychain.ts) | Stores identity mnemonics in the OS keychain (macOS Keychain / Linux libsecret). |
36
- | Shell command execution (notify.ts) | Notifies the agent on startup so it can send the Keychat ID and QR code to the user. |
43
+ | Warning | Reason |
44
+ | ------------------------------------------ | ------------------------------------------------------------------------------------ |
45
+ | Shell command execution (bridge-client.ts) | Spawns a Rust sidecar for Signal Protocol and MLS encryption. |
46
+ | Shell command execution (keychain.ts) | Stores identity mnemonics in the OS keychain (macOS Keychain / Linux libsecret). |
47
+ | Shell command execution (notify.ts) | Notifies the agent on startup so it can send the Keychat ID and QR code to the user. |
37
48
 
38
- Source code is fully open: [github.com/keychat-io/keychat](https://github.com/keychat-io/keychat)
49
+ Source code is fully open: [github.com/keychat-io/keychat-openclaw](https://github.com/keychat-io/keychat-openclaw)
39
50
 
40
51
  ### Upgrade
41
52
 
@@ -58,6 +69,16 @@ After `openclaw gateway restart`, the agent will send you its **Keychat ID**, **
58
69
 
59
70
  Open the [Keychat app](https://keychat.io) → tap the link, paste the npub, or scan the QR code to add as contact. If `dmPolicy` is `open` (default after auto-init), the agent accepts immediately.
60
71
 
72
+ **Can't find the public key?** Check your config file or gateway logs:
73
+
74
+ ```bash
75
+ # View the agent's npub in config
76
+ cat ~/.openclaw/openclaw.json | grep npub
77
+
78
+ # Or watch the gateway logs for the Keychat ID
79
+ openclaw logs --follow
80
+ ```
81
+
61
82
  ## Configuration
62
83
 
63
84
  All options go under `channels.keychat` in your OpenClaw config (`~/.openclaw/openclaw.json`):
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@keychat-io/keychat",
3
- "version": "0.1.20",
3
+ "version": "0.1.23",
4
4
  "description": "Keychat — E2E encrypted chat + Lightning wallet for OpenClaw agents",
5
5
  "license": "AGPL-3.0",
6
6
  "repository": {
package/src/channel.ts CHANGED
@@ -714,7 +714,7 @@ export const keychatPlugin: ChannelPlugin<ResolvedKeychatAccount> = {
714
714
  ctx.log?.info(`[${account.accountId}] Bridge sidecar started`);
715
715
 
716
716
  // 2. Initialize Signal Protocol DB
717
- const dbPath = `~/.openclaw/keychat-signal-${account.accountId}.db`;
717
+ const dbPath = `~/.openclaw/keychat/signal-${account.accountId}.db`;
718
718
  await bridge.init(dbPath);
719
719
  ctx.log?.info(`[${account.accountId}] Signal DB initialized`);
720
720
 
package/src/paths.ts CHANGED
@@ -19,7 +19,7 @@ export const WORKSPACE_KEYCHAT_DIR = join(HOME, ".openclaw", "workspace", "keych
19
19
 
20
20
  /** Signal DB path for a given account */
21
21
  export function signalDbPath(accountId: string): string {
22
- return join(HOME, ".openclaw", `keychat-signal-${accountId}.db`);
22
+ return join(KEYCHAT_DIR, `signal-${accountId}.db`);
23
23
  }
24
24
 
25
25
  /** QR code image path for a given account */