@lobu/gateway 3.0.5 → 3.0.7

package/src/services/platform-helpers.ts

@@ -0,0 +1,287 @@
+/**
+ * Shared platform helpers.
+ * Extracts common logic duplicated across Slack, Telegram, and WhatsApp message handlers.
+ */
+
+import {
+  createLogger,
+  type PluginConfig,
+  type PluginsConfig,
+} from "@lobu/core";
+import type { AgentSettingsStore } from "../auth/settings";
+import { resolveEffectiveModelRef } from "../auth/settings/model-selection";
+import type { ChannelBindingService } from "../channels";
+import { buildMemoryPlugins, getInternalGatewayUrl } from "../config";
+import type { MessagePayload } from "../infrastructure/queue/queue-producer";
+import { getModelProviderModules } from "../modules/module-system";
+import { platformAgentId } from "../spaces";
+
+const logger = createLogger("platform-helpers");
+const OWLETTO_PLUGIN_SOURCE = "@lobu/owletto-openclaw";
+
+function readOwlettoRuntimeDefaults(): PluginConfig | null {
+  const configuredPlugin = buildMemoryPlugins().find(
+    (plugin) =>
+      plugin.source === OWLETTO_PLUGIN_SOURCE && plugin.slot === "memory"
+  );
+  if (configuredPlugin) {
+    return configuredPlugin;
+  }
+
+  const gatewayUrl = getInternalGatewayUrl();
+  return {
+    source: OWLETTO_PLUGIN_SOURCE,
+    slot: "memory",
+    enabled: true,
+    config: {
+      mcpUrl: `${gatewayUrl}/mcp/owletto`,
+      gatewayAuthUrl: gatewayUrl,
+    },
+  };
+}
+
+function normalizeOwlettoPluginConfig(
+  plugin: PluginConfig,
+  runtimeDefault: PluginConfig | null
+): PluginConfig {
+  if (
+    plugin.source !== OWLETTO_PLUGIN_SOURCE ||
+    plugin.slot !== "memory" ||
+    !runtimeDefault?.config ||
+    !plugin.config
+  ) {
+    return plugin;
+  }
+
+  const storedMcpUrl = plugin.config.mcpUrl;
+  const storedGatewayAuthUrl = plugin.config.gatewayAuthUrl;
+  const runtimeMcpUrl = runtimeDefault.config.mcpUrl;
+  const runtimeGatewayAuthUrl = runtimeDefault.config.gatewayAuthUrl;
+
+  const shouldReplaceMcpUrl =
+    typeof storedMcpUrl === "string" &&
+    typeof runtimeMcpUrl === "string" &&
+    runtimeMcpUrl !== storedMcpUrl &&
+    /^https?:\/\/gateway(?::\d+)?\/mcp\/owletto\/?$/.test(storedMcpUrl);
+  const shouldReplaceGatewayAuthUrl =
+    typeof storedGatewayAuthUrl === "string" &&
+    typeof runtimeGatewayAuthUrl === "string" &&
+    runtimeGatewayAuthUrl !== storedGatewayAuthUrl &&
+    /^https?:\/\/gateway(?::\d+)?\/?$/.test(storedGatewayAuthUrl);
+
+  if (!shouldReplaceMcpUrl && !shouldReplaceGatewayAuthUrl) {
+    return plugin;
+  }
+
+  return {
+    ...plugin,
+    config: {
+      ...plugin.config,
+      ...(shouldReplaceMcpUrl ? { mcpUrl: runtimeMcpUrl } : {}),
+      ...(shouldReplaceGatewayAuthUrl
+        ? { gatewayAuthUrl: runtimeGatewayAuthUrl }
+        : {}),
+    },
+  };
+}
+
+function normalizePluginsConfig(
+  pluginsConfig: PluginsConfig | undefined
+): PluginsConfig | undefined {
+  if (!pluginsConfig?.plugins?.length) {
+    return pluginsConfig;
+  }
+
+  const runtimeDefault = readOwlettoRuntimeDefaults();
+  let changed = false;
+  const plugins = pluginsConfig.plugins.map((plugin) => {
+    const normalized = normalizeOwlettoPluginConfig(plugin, runtimeDefault);
+    if (normalized !== plugin) {
+      changed = true;
+    }
+    return normalized;
+  });
+
+  return changed ? { ...pluginsConfig, plugins } : pluginsConfig;
+}
+
+/**
+ * Resolve agent options by merging base options with per-agent settings.
+ * Priority: agent settings > config defaults.
+ */
+export async function resolveAgentOptions(
+  agentId: string,
+  baseOptions: Record<string, any>,
+  agentSettingsStore?: AgentSettingsStore
+): Promise<Record<string, any>> {
+  if (!agentSettingsStore) {
+    return { ...baseOptions };
+  }
+
+  const settings = await agentSettingsStore.getEffectiveSettings(agentId);
+  if (!settings) {
+    return { ...baseOptions };
+  }
+
+  const effectiveProviders = settings.installedProviders || [];
+
+  const mergedOptions: Record<string, any> = { ...baseOptions };
+  const effectiveModelRef = resolveEffectiveModelRef(settings);
+  logger.info(
+    {
+      agentId,
+      configuredModel: settings.model,
+      effectiveModel: effectiveModelRef,
+    },
+    "Applying agent settings"
+  );
+
+  if (effectiveModelRef) {
+    mergedOptions.model = effectiveModelRef;
+  } else if (effectiveProviders.length > 0) {
+    // Auto mode with installed providers: let worker resolve default model.
+    delete mergedOptions.model;
+  }
+
+  if (settings.networkConfig) {
+    mergedOptions.networkConfig = settings.networkConfig;
+  }
+  if (settings.nixConfig) {
+    mergedOptions.nixConfig = settings.nixConfig;
+  }
+  if (settings.toolsConfig) {
+    mergedOptions.toolsConfig = settings.toolsConfig;
+  }
+  if (settings.mcpServers) {
+    mergedOptions.mcpServers = settings.mcpServers;
+  }
+  if (settings.pluginsConfig) {
+    mergedOptions.pluginsConfig = normalizePluginsConfig(
+      settings.pluginsConfig
+    );
+  }
+  // Apply default memory plugins if no pluginsConfig from settings or baseOptions
+  if (!mergedOptions.pluginsConfig) {
+    mergedOptions.pluginsConfig = { plugins: buildMemoryPlugins() };
+  }
+  if (settings.verboseLogging !== undefined) {
+    mergedOptions.verboseLogging = settings.verboseLogging;
+  }
+
+  return mergedOptions;
+}
+
+export async function hasConfiguredProvider(
+  agentId: string,
+  agentSettingsStore?: AgentSettingsStore
+): Promise<boolean> {
+  if (!agentSettingsStore) {
+    return true;
+  }
+
+  const settings = await agentSettingsStore.getEffectiveSettings(agentId);
+  const installedProviderIds = new Set(
+    (settings?.installedProviders || []).map((provider) => provider.providerId)
+  );
+
+  if ((settings?.authProfiles?.length || 0) > 0) {
+    return true;
+  }
+
+  const modules = getModelProviderModules();
+  if (installedProviderIds.size > 0) {
+    return modules.some(
+      (module) =>
+        installedProviderIds.has(module.providerId) && module.hasSystemKey()
+    );
+  }
+
+  return modules.some((module) => module.hasSystemKey());
+}
+
+/**
+ * Build a MessagePayload from common fields.
+ * Extracts networkConfig, nixConfig, mcpServers from agentOptions before constructing the payload.
+ */
+export function buildMessagePayload(params: {
+  platform: string;
+  userId: string;
+  botId: string;
+  conversationId: string;
+  teamId: string;
+  agentId: string;
+  messageId: string;
+  messageText: string;
+  channelId: string;
+  platformMetadata: Record<string, any>;
+  agentOptions: Record<string, any>;
+}): MessagePayload {
+  const { networkConfig, nixConfig, mcpServers, ...remainingOptions } =
+    params.agentOptions;
+
+  return {
+    platform: params.platform,
+    userId: params.userId,
+    botId: params.botId,
+    conversationId: params.conversationId,
+    teamId: params.teamId,
+    agentId: params.agentId,
+    messageId: params.messageId,
+    messageText: params.messageText,
+    channelId: params.channelId,
+    platformMetadata: params.platformMetadata,
+    agentOptions: remainingOptions,
+    networkConfig,
+    nixConfig,
+    mcpConfig: mcpServers ? { mcpServers } : undefined,
+  };
+}
+
+/**
+ * Resolve agent ID. Deterministic for all platforms.
+ * Channel binding is checked first for Slack (multi-tenant), then falls back to platformAgentId.
+ */
+export async function resolveAgentId(params: {
+  platform: string;
+  userId: string;
+  channelId: string;
+  isGroup: boolean;
+  teamId?: string;
+  channelBindingService?: ChannelBindingService;
+  sendConfigPrompt?: () => Promise<boolean>;
+}): Promise<{ agentId: string; promptSent: boolean }> {
+  const {
+    platform,
+    userId,
+    channelId,
+    isGroup,
+    teamId,
+    channelBindingService,
+    sendConfigPrompt,
+  } = params;
+
+  // Check channel binding first (Slack multi-tenant)
+  if (channelBindingService) {
+    const binding = await channelBindingService.getBinding(
+      platform,
+      channelId,
+      teamId
+    );
+    if (binding) {
+      logger.info({ agentId: binding.agentId, channelId }, "Using bound agent");
+      return { agentId: binding.agentId, promptSent: false };
+    }
+
+    if (sendConfigPrompt) {
+      const sent = await sendConfigPrompt();
+      if (sent) return { agentId: "", promptSent: true };
+    }
+  }
+
+  const agentId = platformAgentId(platform, userId, channelId, isGroup);
+  logger.info(
+    { agentId, platform, channelId },
+    "Deterministic agent ID resolved"
+  );
+  return { agentId, promptSent: false };
+}

package/src/services/session-manager.ts

@@ -0,0 +1,262 @@
+#!/usr/bin/env bun
+
+import { createLogger, DEFAULTS, REDIS_KEYS } from "@lobu/core";
+import type Redis from "ioredis";
+import type { IMessageQueue } from "../infrastructure/queue";
+import {
+  computeSessionKey,
+  type ISessionManager,
+  type SessionStore,
+  type ThreadSession,
+} from "../session";
+
+const logger = createLogger("session-manager");
+
+/**
+ * Redis-based session storage
+ * Sessions are stored with automatic TTL expiration
+ */
+export class RedisSessionStore implements SessionStore {
+  private readonly SESSION_PREFIX = REDIS_KEYS.SESSION;
+  private readonly THREAD_INDEX_PREFIX = "conversation_index:";
+  private readonly DEFAULT_TTL_SECONDS = DEFAULTS.SESSION_TTL_SECONDS;
+  private redis: Redis;
+
+  constructor(queue: IMessageQueue) {
+    // Get Redis client from queue connection pool
+    this.redis = queue.getRedisClient();
+  }
+
+  private getSessionKey(sessionKey: string): string {
+    return `${this.SESSION_PREFIX}${sessionKey}`;
+  }
+
+  private getThreadIndexKey(channelId: string, threadTs: string): string {
+    return `${this.THREAD_INDEX_PREFIX}${channelId}:${threadTs}`;
+  }
+
+  async get(sessionKey: string): Promise<ThreadSession | null> {
+    try {
+      const key = this.getSessionKey(sessionKey);
+      const data = await this.redis.get(key);
+
+      if (!data) {
+        return null;
+      }
+
+      // Parse JSON
+      return JSON.parse(data) as ThreadSession;
+    } catch (error) {
+      logger.error(`Failed to get session ${sessionKey}:`, error);
+      return null;
+    }
+  }
+
+  async set(sessionKey: string, session: ThreadSession): Promise<void> {
+    try {
+      const key = this.getSessionKey(sessionKey);
+      const indexKey = this.getThreadIndexKey(
+        session.channelId,
+        session.conversationId
+      );
+
+      // Atomically set both session and thread index keys
+      const pipeline = this.redis.pipeline();
+      pipeline.setex(key, this.DEFAULT_TTL_SECONDS, JSON.stringify(session));
+      pipeline.setex(
+        indexKey,
+        this.DEFAULT_TTL_SECONDS,
+        JSON.stringify({ sessionKey })
+      );
+      await pipeline.exec();
+
+      logger.debug(`Stored session ${sessionKey}`);
+    } catch (error) {
+      logger.error(`Failed to set session ${sessionKey}:`, error);
+      throw error;
+    }
+  }
+
+  async delete(sessionKey: string): Promise<void> {
+    try {
+      // Get session first to clean up thread index
+      const session = await this.get(sessionKey);
+
+      const key = this.getSessionKey(sessionKey);
+
+      // Atomically delete both session and thread index keys
+      if (session?.conversationId) {
+        const indexKey = this.getThreadIndexKey(
+          session.channelId,
+          session.conversationId
+        );
+        const pipeline = this.redis.pipeline();
+        pipeline.del(key);
+        pipeline.del(indexKey);
+        await pipeline.exec();
+      } else {
+        await this.redis.del(key);
+      }
+
+      logger.debug(`Deleted session ${sessionKey}`);
+    } catch (error) {
+      logger.error(`Failed to delete session ${sessionKey}:`, error);
+      throw error;
+    }
+  }
+
+  async getByThread(
+    channelId: string,
+    threadTs: string
+  ): Promise<ThreadSession | null> {
+    try {
+      const indexKey = this.getThreadIndexKey(channelId, threadTs);
+      const indexData = await this.redis.get(indexKey);
+
+      if (!indexData) {
+        return null;
+      }
+
+      const index = JSON.parse(indexData) as { sessionKey: string };
+      return await this.get(index.sessionKey);
+    } catch (error) {
+      logger.error(
+        `Failed to get session by thread ${channelId}:${threadTs}:`,
+        error
+      );
+      return null;
+    }
+  }
+
+  /** Optional cleanup - Redis handles this via TTL */
+  async cleanup?(): Promise<number> {
+    logger.debug("Redis TTL handles automatic cleanup");
+    return 0;
+  }
+}
+
+/**
+ * Session manager that abstracts session storage
+ * Provides thread ownership validation and session lifecycle management
+ */
+export class SessionManager implements ISessionManager {
+  private store: SessionStore;
+
+  constructor(store: SessionStore) {
+    this.store = store;
+  }
+
+  /**
+   * Create a new session
+   */
+  async createSession(
+    channelId: string,
+    userId: string,
+    conversationId?: string,
+    threadCreator?: string
+  ): Promise<ThreadSession> {
+    const effectiveConversationId = conversationId || userId;
+    const session: ThreadSession = {
+      conversationId: effectiveConversationId,
+      channelId,
+      userId,
+      threadCreator: threadCreator || userId,
+      lastActivity: Date.now(),
+      createdAt: Date.now(),
+    };
+    const sessionKey = computeSessionKey(session);
+    await this.store.set(sessionKey, session);
+    return session;
+  }
+
+  /**
+   * Update session
+   */
+  async updateSession(
+    sessionKey: string,
+    updates: Partial<ThreadSession>
+  ): Promise<void> {
+    const session = await this.getSession(sessionKey);
+    if (session) {
+      const updated = { ...session, ...updates };
+      await this.store.set(sessionKey, updated);
+    }
+  }
+
+  /**
+   * Get session by session key
+   */
+  async getSession(sessionKey: string): Promise<ThreadSession | null> {
+    return await this.store.get(sessionKey);
+  }
+
+  /**
+   * Create or update a session
+   */
+  async setSession(session: ThreadSession): Promise<void> {
+    const sessionKey = computeSessionKey(session);
+    await this.store.set(sessionKey, session);
+  }
+
+  /**
+   * Delete a session
+   */
+  async deleteSession(sessionKey: string): Promise<void> {
+    await this.store.delete(sessionKey);
+  }
+
+  /**
+   * Find session by thread
+   */
+  async findSessionByThread(
+    channelId: string,
+    threadTs: string
+  ): Promise<ThreadSession | null> {
+    return await this.store.getByThread(channelId, threadTs);
+  }
+
+  /**
+   * Validate thread ownership
+   * Returns true if the user is the thread creator or no session exists
+   */
+  async validateThreadOwnership(
+    channelId: string,
+    threadTs: string,
+    userId: string
+  ): Promise<{ allowed: boolean; owner?: string }> {
+    const session = await this.findSessionByThread(channelId, threadTs);
+
+    if (!session) {
+      return { allowed: true }; // No session, allow creation
+    }
+
+    if (!session.threadCreator) {
+      return { allowed: true }; // No owner set, allow
+    }
+
+    if (session.threadCreator === userId) {
+      return { allowed: true, owner: session.threadCreator };
+    }
+
+    return { allowed: false, owner: session.threadCreator };
+  }
+
+  /**
+   * Update session activity timestamp
+   */
+  async touchSession(sessionKey: string): Promise<void> {
+    const session = await this.getSession(sessionKey);
+    if (session) {
+      session.lastActivity = Date.now();
+      await this.setSession(session);
+    }
+  }
+
+  /**
+   * Cleanup expired sessions (for in-memory stores)
+   * Note: Redis-based stores handle this automatically via TTL
+   */
+  async cleanupExpired(ttl: number): Promise<number> {
+    return (await this.store.cleanup?.(ttl)) || 0;
+  }
+}

package/src/services/settings-resolver.ts

@@ -0,0 +1,74 @@
+/**
+ * SettingsResolver — resolves effective agent settings with template fallback.
+ *
+ * Extracted from the store layer so sub-stores stay single-domain.
+ * Orchestrates across AgentConfigStore (settings + metadata) and
+ * AgentConnectionStore (connections) for template resolution.
+ */
+
+import type {
+  AgentConfigStore,
+  AgentConnectionStore,
+  AgentSettings,
+} from "@lobu/core";
+
+export class SettingsResolver {
+  constructor(
+    private readonly config: AgentConfigStore,
+    private readonly connections: AgentConnectionStore
+  ) {}
+
+  /**
+   * Get effective settings for an agent, with template agent fallback.
+   * For sandbox agents, inherits from the template agent when own settings
+   * are missing or have no providers configured.
+   */
+  async getEffectiveSettings(agentId: string): Promise<AgentSettings | null> {
+    const settings = await this.config.getSettings(agentId);
+
+    // If settings exist and have providers, use them directly
+    if (settings?.installedProviders?.length) return settings;
+
+    // Resolve template agent ID
+    const templateAgentId = await this.resolveTemplateAgentId(
+      agentId,
+      settings
+    );
+    if (!templateAgentId) return settings;
+
+    const templateSettings = await this.config.getSettings(templateAgentId);
+    if (!templateSettings) return settings;
+
+    // Merge: own settings override template, but inherit missing fields
+    if (!settings) {
+      return { ...templateSettings, templateAgentId };
+    }
+
+    return {
+      ...templateSettings,
+      ...Object.fromEntries(
+        Object.entries(settings).filter(([, v]) => v !== undefined)
+      ),
+      templateAgentId,
+    } as AgentSettings;
+  }
+
+  /**
+   * Resolve the template agent ID for a sandbox agent.
+   * Chain: settings.templateAgentId → metadata.parentConnectionId → connection.templateAgentId
+   */
+  private async resolveTemplateAgentId(
+    agentId: string,
+    settings: AgentSettings | null
+  ): Promise<string | undefined> {
+    if (settings?.templateAgentId) return settings.templateAgentId;
+
+    const metadata = await this.config.getMetadata(agentId);
+    if (!metadata?.parentConnectionId) return undefined;
+
+    const conn = await this.connections.getConnection(
+      metadata.parentConnectionId
+    );
+    return conn?.templateAgentId;
+  }
+}

package/src/services/system-config-resolver.ts

@@ -0,0 +1,90 @@
+/**
+ * Resolves system config from system-skills.json.
+ * Handles provider configs and MCP server resolution.
+ *
+ * NOTE: Integration OAuth config resolution (getIntegrationConfig, isOAuthConfigured,
+ * overlayAgentOAuthCredentials, getSkillScopesForIntegration) has been removed.
+ * OAuth for third-party APIs is now handled by Owletto.
+ */
+import type { ProviderConfigEntry } from "@lobu/core";
+import type { SystemSkillsService } from "./system-skills-service";
+
+export interface ResolvedMcpRegistryServer {
+  id: string;
+  name: string;
+  description: string;
+  type: "oauth" | "stdio" | "sse" | "api-key";
+  config: Record<string, unknown>;
+}
+
+export class SystemConfigResolver {
+  constructor(private readonly systemSkillsService: SystemSkillsService) {}
+
+  async getProviderConfigs(): Promise<Record<string, ProviderConfigEntry>> {
+    return this.systemSkillsService.getProviderConfigs();
+  }
+
+  async getGlobalMcpServers(): Promise<
+    Record<string, Record<string, unknown>>
+  > {
+    const systemSkills = await this.systemSkillsService.getSystemSkills();
+    const mcpServers: Record<string, Record<string, unknown>> = {};
+
+    for (const skill of systemSkills) {
+      for (const mcp of skill.mcpServers || []) {
+        if (!mcp?.id || mcpServers[mcp.id]) continue;
+
+        const type = mcp.type || (mcp.command ? "stdio" : "sse");
+        const config: Record<string, unknown> = { type };
+
+        if (mcp.url) config.url = mcp.url;
+        if (mcp.command) config.command = mcp.command;
+        if (Array.isArray(mcp.args) && mcp.args.length > 0) {
+          config.args = [...mcp.args];
+        }
+        if (mcp.oauth) config.oauth = mcp.oauth;
+        if (mcp.resource) config.resource = mcp.resource;
+        if (mcp.inputs) config.inputs = mcp.inputs;
+        if (mcp.headers) config.headers = mcp.headers;
+
+        mcpServers[mcp.id] = config;
+      }
+    }
+
+    return mcpServers;
+  }
+
+  async getMcpRegistryServers(): Promise<ResolvedMcpRegistryServer[]> {
+    const systemSkills = await this.systemSkillsService.getSystemSkills();
+    const entries: ResolvedMcpRegistryServer[] = [];
+    const seenIds = new Set<string>();
+
+    for (const skill of systemSkills) {
+      for (const mcp of skill.mcpServers || []) {
+        if (!mcp?.id || seenIds.has(mcp.id)) continue;
+        seenIds.add(mcp.id);
+
+        const type = mcp.type || (mcp.command ? "stdio" : "sse");
+        const config: Record<string, unknown> = {
+          type,
+        };
+
+        if (mcp.url) config.url = mcp.url;
+        if (mcp.command) config.command = mcp.command;
+        if (Array.isArray(mcp.args) && mcp.args.length > 0) {
+          config.args = [...mcp.args];
+        }
+
+        entries.push({
+          id: mcp.id,
+          name: mcp.name || mcp.id,
+          description: skill.description || `${skill.name} MCP server`,
+          type,
+          config,
+        });
+      }
+    }
+
+    return entries;
+  }
+}