@lobu/worker 3.0.5 → 3.0.7

package/src/__tests__/sse-client.test.ts

@@ -0,0 +1,48 @@
+import { afterEach, describe, expect, mock, test } from "bun:test";
+import { GatewayClient } from "../gateway/sse-client";
+
+describe("GatewayClient heartbeat ACKs", () => {
+  const originalFetch = globalThis.fetch;
+
+  afterEach(() => {
+    globalThis.fetch = originalFetch;
+  });
+
+  test("ACKs heartbeat pings over the worker response endpoint", async () => {
+    const fetchMock = mock(
+      async (_url: string | URL | Request, _options?: RequestInit) =>
+        new Response(JSON.stringify({ success: true }), {
+          status: 200,
+          headers: { "Content-Type": "application/json" },
+        })
+    );
+    globalThis.fetch = fetchMock as unknown as typeof fetch;
+
+    const client = new GatewayClient(
+      "https://gateway.example.com",
+      "worker-token",
+      "user-1",
+      "worker-1"
+    );
+
+    await (client as any).handleEvent(
+      "ping",
+      JSON.stringify({ timestamp: Date.now() })
+    );
+
+    expect(fetchMock).toHaveBeenCalledTimes(1);
+    expect(fetchMock.mock.calls[0]?.[0]).toBe(
+      "https://gateway.example.com/worker/response"
+    );
+    expect(fetchMock.mock.calls[0]?.[1]).toMatchObject({
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: "Bearer worker-token",
+      },
+    });
+    expect(fetchMock.mock.calls[0]?.[1]?.body).toBe(
+      JSON.stringify({ received: true, heartbeat: true })
+    );
+  });
+});

package/src/__tests__/tool-policy.test.ts

@@ -0,0 +1,269 @@
+import { describe, expect, test } from "bun:test";
+import {
+  type BashCommandPolicy,
+  buildToolPolicy,
+  enforceBashCommandPolicy,
+  isToolAllowedByPolicy,
+  normalizeToolList,
+} from "../openclaw/tool-policy";
+
+describe("normalizeToolList", () => {
+  test("returns empty array for undefined", () => {
+    expect(normalizeToolList(undefined)).toEqual([]);
+  });
+
+  test("returns empty array for empty string", () => {
+    expect(normalizeToolList("")).toEqual([]);
+  });
+
+  test("splits comma-separated string", () => {
+    expect(normalizeToolList("read,write,edit")).toEqual([
+      "read",
+      "write",
+      "edit",
+    ]);
+  });
+
+  test("splits newline-separated string", () => {
+    expect(normalizeToolList("read\nwrite\nedit")).toEqual([
+      "read",
+      "write",
+      "edit",
+    ]);
+  });
+
+  test("trims whitespace from entries", () => {
+    expect(normalizeToolList(" read , write , edit ")).toEqual([
+      "read",
+      "write",
+      "edit",
+    ]);
+  });
+
+  test("filters empty entries", () => {
+    expect(normalizeToolList("read,,write,,")).toEqual(["read", "write"]);
+  });
+
+  test("passes through arrays", () => {
+    expect(normalizeToolList(["read", "write"])).toEqual(["read", "write"]);
+  });
+});
+
+describe("buildToolPolicy", () => {
+  test("returns default policy with no inputs", () => {
+    const policy = buildToolPolicy({});
+    expect(policy.allowedPatterns).toEqual([]);
+    expect(policy.deniedPatterns).toEqual([]);
+    expect(policy.strictMode).toBe(false);
+    expect(policy.bashPolicy.allowAll).toBe(false);
+    expect(policy.bashPolicy.allowPrefixes).toEqual([]);
+    expect(policy.bashPolicy.denyPrefixes).toContain("apt-get ");
+    expect(policy.bashPolicy.denyPrefixes).toContain("nix-shell ");
+  });
+
+  test("merges toolsConfig with params", () => {
+    const policy = buildToolPolicy({
+      toolsConfig: { allowedTools: ["Read"], deniedTools: ["Write"] },
+      allowedTools: "Edit",
+      disallowedTools: "Bash",
+    });
+    expect(policy.allowedPatterns).toEqual(["Read", "Edit"]);
+    expect(policy.deniedPatterns).toEqual(["Write", "Bash"]);
+  });
+
+  test("sets strictMode from toolsConfig", () => {
+    const policy = buildToolPolicy({
+      toolsConfig: { strictMode: true },
+    });
+    expect(policy.strictMode).toBe(true);
+  });
+
+  test("extracts Bash allow prefixes", () => {
+    const policy = buildToolPolicy({
+      allowedTools: ["Bash(npm:*)", "Bash(git:*)"],
+    });
+    expect(policy.bashPolicy.allowPrefixes).toEqual(["npm", "git"]);
+  });
+
+  test("extracts Bash deny prefixes", () => {
+    const policy = buildToolPolicy({
+      disallowedTools: ["Bash(rm:*)"],
+    });
+    expect(policy.bashPolicy.denyPrefixes).toContain("rm");
+    expect(policy.bashPolicy.denyPrefixes).toContain("apt ");
+  });
+
+  test("detects bash allowAll when Bash is in allowed patterns", () => {
+    const policy = buildToolPolicy({ allowedTools: ["Bash", "Read"] });
+    expect(policy.bashPolicy.allowAll).toBe(true);
+  });
+
+  test("wildcard * enables bash allowAll", () => {
+    const policy = buildToolPolicy({ allowedTools: ["*"] });
+    expect(policy.bashPolicy.allowAll).toBe(true);
+  });
+});
+
+describe("isToolAllowedByPolicy", () => {
+  test("allows all tools in non-strict mode", () => {
+    const policy = buildToolPolicy({});
+    expect(isToolAllowedByPolicy("Read", policy)).toBe(true);
+    expect(isToolAllowedByPolicy("Write", policy)).toBe(true);
+    expect(isToolAllowedByPolicy("CustomTool", policy)).toBe(true);
+  });
+
+  test("denies explicitly denied tools", () => {
+    const policy = buildToolPolicy({ disallowedTools: ["Write"] });
+    expect(isToolAllowedByPolicy("Write", policy)).toBe(false);
+    expect(isToolAllowedByPolicy("Read", policy)).toBe(true);
+  });
+
+  test("allows bash in non-strict mode even without explicit allow", () => {
+    const policy = buildToolPolicy({});
+    expect(isToolAllowedByPolicy("Bash", policy)).toBe(true);
+  });
+
+  test("blocks bash in strict mode without explicit allow", () => {
+    const policy = buildToolPolicy({
+      toolsConfig: { strictMode: true },
+    });
+    expect(isToolAllowedByPolicy("Bash", policy)).toBe(false);
+  });
+
+  test("allows bash in strict mode with explicit allow", () => {
+    const policy = buildToolPolicy({
+      toolsConfig: { strictMode: true, allowedTools: ["Bash"] },
+    });
+    expect(isToolAllowedByPolicy("Bash", policy)).toBe(true);
+  });
+
+  test("allows bash in strict mode with command allowlist", () => {
+    const policy = buildToolPolicy({
+      toolsConfig: { strictMode: true },
+      allowedTools: ["Bash(npm:*)"],
+    });
+    expect(isToolAllowedByPolicy("Bash", policy)).toBe(true);
+  });
+
+  test("blocks non-allowed tools in strict mode", () => {
+    const policy = buildToolPolicy({
+      toolsConfig: { strictMode: true, allowedTools: ["Read"] },
+    });
+    expect(isToolAllowedByPolicy("Read", policy)).toBe(true);
+    expect(isToolAllowedByPolicy("Write", policy)).toBe(false);
+  });
+
+  test("wildcard in allowed patterns allows all tools", () => {
+    const policy = buildToolPolicy({
+      toolsConfig: { strictMode: true, allowedTools: ["*"] },
+    });
+    expect(isToolAllowedByPolicy("AnythingGoes", policy)).toBe(true);
+  });
+
+  test("case-insensitive tool matching", () => {
+    const policy = buildToolPolicy({ disallowedTools: ["write"] });
+    expect(isToolAllowedByPolicy("Write", policy)).toBe(false);
+    expect(isToolAllowedByPolicy("WRITE", policy)).toBe(false);
+  });
+
+  test("Bash filters in deny list do not block non-Bash tool matching", () => {
+    // Bash(rm:*) should only affect bash command filtering, not block the Bash tool itself
+    const policy = buildToolPolicy({ disallowedTools: ["Bash(rm:*)"] });
+    expect(isToolAllowedByPolicy("Bash", policy)).toBe(true);
+  });
+});
+
+describe("enforceBashCommandPolicy", () => {
+  test("allows empty command", () => {
+    const policy: BashCommandPolicy = {
+      allowAll: false,
+      allowPrefixes: [],
+      denyPrefixes: [],
+    };
+    expect(() => enforceBashCommandPolicy("", policy)).not.toThrow();
+    expect(() => enforceBashCommandPolicy("  ", policy)).not.toThrow();
+  });
+
+  test("throws on denied prefix match", () => {
+    const policy: BashCommandPolicy = {
+      allowAll: true,
+      allowPrefixes: [],
+      denyPrefixes: ["rm"],
+    };
+    expect(() => enforceBashCommandPolicy("rm -rf /", policy)).toThrow(
+      "Bash command denied by policy"
+    );
+  });
+
+  test("deny check is case-insensitive", () => {
+    const policy: BashCommandPolicy = {
+      allowAll: true,
+      allowPrefixes: [],
+      denyPrefixes: ["rm"],
+    };
+    expect(() => enforceBashCommandPolicy("RM -rf /", policy)).toThrow(
+      "Bash command denied by policy"
+    );
+  });
+
+  test("package manager commands are blocked", () => {
+    const policy = buildToolPolicy({});
+    expect(() =>
+      enforceBashCommandPolicy("apt-get install -y ffmpeg", policy.bashPolicy)
+    ).toThrow("Bash command denied by policy");
+  });
+
+  test("allows all when allowAll is true", () => {
+    const policy: BashCommandPolicy = {
+      allowAll: true,
+      allowPrefixes: [],
+      denyPrefixes: [],
+    };
+    expect(() =>
+      enforceBashCommandPolicy("any command here", policy)
+    ).not.toThrow();
+  });
+
+  test("allows when no allow prefixes (no filter)", () => {
+    const policy: BashCommandPolicy = {
+      allowAll: false,
+      allowPrefixes: [],
+      denyPrefixes: [],
+    };
+    expect(() =>
+      enforceBashCommandPolicy("some command", policy)
+    ).not.toThrow();
+  });
+
+  test("allows commands matching allow prefixes", () => {
+    const policy: BashCommandPolicy = {
+      allowAll: false,
+      allowPrefixes: ["npm", "git"],
+      denyPrefixes: [],
+    };
+    expect(() => enforceBashCommandPolicy("npm install", policy)).not.toThrow();
+    expect(() => enforceBashCommandPolicy("git status", policy)).not.toThrow();
+  });
+
+  test("rejects commands not matching allow prefixes", () => {
+    const policy: BashCommandPolicy = {
+      allowAll: false,
+      allowPrefixes: ["npm", "git"],
+      denyPrefixes: [],
+    };
+    expect(() =>
+      enforceBashCommandPolicy("curl http://example.com", policy)
+    ).toThrow("Bash command not allowed by policy");
+  });
+
+  test("deny takes priority over allow", () => {
+    const policy: BashCommandPolicy = {
+      allowAll: false,
+      allowPrefixes: ["rm"],
+      denyPrefixes: ["rm"],
+    };
+    expect(() => enforceBashCommandPolicy("rm file.txt", policy)).toThrow(
+      "Bash command denied by policy"
+    );
+  });
+});

package/src/__tests__/worker.test.ts

@@ -0,0 +1,89 @@
+/**
+ * Tests for OpenClawWorker constructor validation and basic setup.
+ * Full execution tests require the OpenClaw runtime and are covered
+ * by integration tests via test-bot.sh.
+ */
+
+import { afterEach, beforeEach, describe, expect, test } from "bun:test";
+import { OpenClawWorker } from "../openclaw/worker";
+import { mockWorkerConfig, TestHelpers } from "./setup";
+
+describe("OpenClawWorker", () => {
+  let restoreFetch: () => void;
+  let originalDispatcherUrl: string | undefined;
+  let originalWorkerToken: string | undefined;
+
+  beforeEach(() => {
+    originalDispatcherUrl = process.env.DISPATCHER_URL;
+    originalWorkerToken = process.env.WORKER_TOKEN;
+    process.env.DISPATCHER_URL = "https://test-dispatcher.example.com";
+    process.env.WORKER_TOKEN = "test-worker-token";
+    restoreFetch = TestHelpers.mockFetch();
+  });
+
+  afterEach(() => {
+    restoreFetch();
+    if (originalDispatcherUrl) {
+      process.env.DISPATCHER_URL = originalDispatcherUrl;
+    } else {
+      delete process.env.DISPATCHER_URL;
+    }
+    if (originalWorkerToken) {
+      process.env.WORKER_TOKEN = originalWorkerToken;
+    } else {
+      delete process.env.WORKER_TOKEN;
+    }
+  });
+
+  test("constructor requires DISPATCHER_URL", () => {
+    const original = process.env.DISPATCHER_URL;
+    delete process.env.DISPATCHER_URL;
+
+    expect(
+      () => new OpenClawWorker({ ...mockWorkerConfig, sessionKey: "missing" })
+    ).toThrow(
+      "DISPATCHER_URL and WORKER_TOKEN environment variables are required"
+    );
+
+    process.env.DISPATCHER_URL = original;
+  });
+
+  test("constructor requires WORKER_TOKEN", () => {
+    const original = process.env.WORKER_TOKEN;
+    delete process.env.WORKER_TOKEN;
+
+    expect(
+      () => new OpenClawWorker({ ...mockWorkerConfig, sessionKey: "missing" })
+    ).toThrow(
+      "DISPATCHER_URL and WORKER_TOKEN environment variables are required"
+    );
+
+    process.env.WORKER_TOKEN = original;
+  });
+
+  test("constructor requires teamId", () => {
+    expect(
+      () => new OpenClawWorker({ ...mockWorkerConfig, teamId: undefined })
+    ).toThrow("teamId is required for worker initialization");
+  });
+
+  test("constructor requires conversationId", () => {
+    expect(
+      () =>
+        new OpenClawWorker({
+          ...mockWorkerConfig,
+          conversationId: undefined as any,
+        })
+    ).toThrow("conversationId is required for worker initialization");
+  });
+
+  test("getWorkerTransport returns transport after construction", () => {
+    const worker = new OpenClawWorker(mockWorkerConfig);
+    expect(worker.getWorkerTransport()).not.toBeNull();
+  });
+
+  test("cleanup completes without error", async () => {
+    const worker = new OpenClawWorker(mockWorkerConfig);
+    await expect(worker.cleanup()).resolves.toBeUndefined();
+  });
+});

package/src/core/error-handler.ts

@@ -0,0 +1,70 @@
+import { createLogger, type WorkerTransport } from "@lobu/core";
+
+const logger = createLogger("worker");
+
+/**
+ * Format error message for display
+ * Generic error formatter that works for any AI agent
+ */
+function formatErrorMessage(error: unknown): string {
+  let errorMsg = `💥 Worker crashed`;
+
+  if (error instanceof Error) {
+    errorMsg += `: ${error.message}`;
+    // Add error type if it's not generic
+    if (
+      error.constructor.name !== "Error" &&
+      error.constructor.name !== "WorkspaceError"
+    ) {
+      errorMsg = `💥 Worker crashed (${error.constructor.name}): ${error.message}`;
+    }
+  } else {
+    errorMsg += ": Unknown error";
+  }
+
+  return errorMsg;
+}
+
+function classifyError(error: unknown): string | undefined {
+  if (!(error instanceof Error)) return undefined;
+  if (
+    error.message.includes("No model configured") ||
+    error.message.includes("No provider specified")
+  )
+    return "NO_MODEL_CONFIGURED";
+  return undefined;
+}
+
+/**
+ * Handle execution error - decides between authentication and generic errors
+ * Generic error handler that works for any AI agent
+ */
+export async function handleExecutionError(
+  error: unknown,
+  transport: WorkerTransport
+): Promise<void> {
+  logger.error("Worker execution failed:", error);
+
+  const code = classifyError(error);
+
+  try {
+    if (code) {
+      // Known error — clean message, no "Worker crashed" text
+      await transport.signalError(
+        error instanceof Error ? error : new Error(String(error)),
+        code
+      );
+    } else {
+      // Unknown error — existing behavior
+      const errorMsg = formatErrorMessage(error);
+      await transport.sendStreamDelta(errorMsg, true, true);
+      await transport.signalError(
+        error instanceof Error ? error : new Error(String(error))
+      );
+    }
+  } catch (gatewayError) {
+    logger.error("Failed to send error via gateway:", gatewayError);
+    // Re-throw the original error
+    throw error;
+  }
+}

package/src/core/project-scanner.ts

@@ -0,0 +1,65 @@
+import fs from "node:fs";
+
+/**
+ * Scan a directory tree and find all project directories
+ * A project directory is one that contains a build config file
+ * (Makefile, package.json, pyproject.toml, etc.)
+ *
+ * Generic utility that works for any AI agent
+ */
+export function listAppDirectories(rootDirectory: string): string[] {
+  const foundDirectories: string[] = [];
+  const ignored = new Set([
+    "node_modules",
+    ".git",
+    ".next",
+    "dist",
+    "build",
+    "vendor",
+    "target",
+    ".venv",
+    "venv",
+  ]);
+
+  const buildConfigFiles = new Set([
+    "Makefile",
+    "makefile",
+    "package.json",
+    "pyproject.toml",
+    "Cargo.toml",
+    "pom.xml",
+    "build.gradle",
+    "build.gradle.kts",
+    "CMakeLists.txt",
+    "go.mod",
+  ]);
+
+  const walk = (dir: string): void => {
+    let entries: fs.Dirent[] = [];
+    try {
+      entries = fs.readdirSync(dir, { withFileTypes: true });
+    } catch {
+      return;
+    }
+
+    // Check if current directory has any build config files
+    const hasConfigFile = entries.some(
+      (entry) => entry.isFile() && buildConfigFiles.has(entry.name)
+    );
+
+    if (hasConfigFile) {
+      foundDirectories.push(dir);
+    }
+
+    // Recursively walk subdirectories
+    for (const entry of entries) {
+      const p = `${dir}/${entry.name}`;
+      if (entry.isDirectory() && !ignored.has(entry.name)) {
+        walk(p);
+      }
+    }
+  };
+
+  walk(rootDirectory);
+  return foundDirectories;
+}

package/src/core/types.ts

@@ -0,0 +1,125 @@
+#!/usr/bin/env bun
+
+/**
+ * Consolidated types for worker package
+ * Merged from: base/types.ts, types.ts, interfaces.ts
+ */
+
+import type { WorkerTransport } from "@lobu/core";
+
+// ============================================================================
+// WORKER INTERFACES
+// ============================================================================
+
+/**
+ * Interface for worker executors
+ * Allows different agent implementations
+ */
+export interface WorkerExecutor {
+  /**
+   * Execute the worker job
+   */
+  execute(): Promise<void>;
+
+  /**
+   * Cleanup worker resources
+   */
+  cleanup(): Promise<void>;
+
+  /**
+   * Get the worker transport for sending updates to gateway
+   */
+  getWorkerTransport(): WorkerTransport | null;
+}
+
+// ============================================================================
+// WORKER CONFIG & WORKSPACE
+// ============================================================================
+
+export interface WorkerConfig {
+  sessionKey: string;
+  userId: string;
+  agentId: string; // Space identifier for multi-tenant isolation
+  channelId: string;
+  conversationId: string;
+  userPrompt: string; // Base64 encoded
+  responseChannel: string; // Platform-agnostic response channel
+  responseId: string; // Platform-agnostic response message ID
+  botResponseId?: string; // Bot's response message ID for updates
+  agentOptions: string; // JSON string
+  teamId?: string; // Platform team/workspace ID (e.g., Slack team ID)
+  platform: string; // Platform identifier (e.g., "slack", "discord")
+  platformMetadata?: any; // Platform-specific metadata (e.g., files, user info)
+  workspace: {
+    baseDirectory: string;
+  };
+}
+
+export interface WorkspaceSetupConfig {
+  baseDirectory: string;
+}
+
+export interface WorkspaceInfo {
+  baseDirectory: string;
+  userDirectory: string;
+}
+
+// ============================================================================
+// PROGRESS & EXECUTION TYPES
+// ============================================================================
+
+/**
+ * Progress update from AI agent execution
+ */
+export type ProgressUpdate =
+  | {
+      type: "output";
+      data: unknown; // Agent-specific message format
+      timestamp: number;
+    }
+  | {
+      type: "completion";
+      data: {
+        exitCode?: number;
+        message?: string;
+        success?: boolean;
+        sessionId?: string;
+      };
+      timestamp: number;
+    }
+  | {
+      type: "error";
+      data: Error | { message?: string; stack?: string; error?: string };
+      timestamp: number;
+    }
+  | {
+      type: "status_update";
+      data: {
+        elapsedSeconds: number;
+        state: string;
+      };
+      timestamp: number;
+    };
+
+/**
+ * Callback for receiving progress updates during AI execution
+ */
+export type ProgressCallback = (update: ProgressUpdate) => Promise<void>;
+
+/**
+ * Session context for AI execution
+ * Contains information about the current session (platform, user, workspace)
+ */
+
+/**
+ * Result from session execution (includes session metadata)
+ */
+export interface SessionExecutionResult {
+  success: boolean;
+  exitCode: number;
+  output: string;
+  error?: string;
+  sessionKey: string;
+  persisted?: boolean;
+  storagePath?: string;
+}

package/src/core/url-utils.ts

@@ -0,0 +1,9 @@
+/**
+ * Ensure URL has http:// or https:// prefix
+ */
+export function ensureBaseUrl(url: string): string {
+  if (!url.startsWith("http://") && !url.startsWith("https://")) {
+    return `http://${url}`;
+  }
+  return url;
+}