@lobu/worker 6.1.1 → 7.1.0

package/src/openclaw/processor.ts

@@ -0,0 +1,199 @@
+import { createLogger } from "@lobu/core";
+import type { AgentSessionEvent } from "@mariozechner/pi-coding-agent";
+import { formatToolExecution } from "../shared/processor-utils";
+
+const logger = createLogger("openclaw-processor");
+
+/**
+ * Processes Pi agent streaming events and extracts user-friendly content.
+ * Implements chronological display with tool progress and mixed text/tool output.
+ */
+export class OpenClawProgressProcessor {
+  private chronologicalOutput = "";
+  private lastSentContent = "";
+  private currentThinking = "";
+  private verboseLogging = false;
+  private finalResult: { text: string; isFinal: boolean } | null = null;
+  private hasStreamedText = false;
+  private fatalErrorMessage: string | null = null;
+
+  setVerboseLogging(enabled: boolean): void {
+    this.verboseLogging = enabled;
+    logger.info(`Verbose logging ${enabled ? "enabled" : "disabled"}`);
+  }
+
+  /**
+   * Process a Pi agent session event and append to chronological output.
+   * Returns true if new content was appended.
+   */
+  processEvent(event: AgentSessionEvent): boolean {
+    switch (event.type) {
+      case "message_update": {
+        if (event.message.role !== "assistant") {
+          return false;
+        }
+        const assistantEvent = event.assistantMessageEvent;
+        if (!assistantEvent) return false;
+
+        if (assistantEvent.type === "text_delta") {
+          this.hasStreamedText = true;
+          this.chronologicalOutput += assistantEvent.delta;
+          return true;
+        }
+
+        if (assistantEvent.type === "thinking_delta") {
+          this.currentThinking += assistantEvent.delta;
+          if (this.verboseLogging) {
+            this.chronologicalOutput += assistantEvent.delta;
+            return true;
+          }
+          return false;
+        }
+
+        if (assistantEvent.type === "thinking_start" && this.verboseLogging) {
+          this.chronologicalOutput += "\n💭 *Reasoning:*\n";
+          return true;
+        }
+
+        if (assistantEvent.type === "thinking_end" && this.verboseLogging) {
+          this.chronologicalOutput += "\n\n";
+          return true;
+        }
+
+        return false;
+      }
+
+      case "message_end": {
+        if (event.message.role !== "assistant") {
+          return false;
+        }
+        const assistantMessage = event.message;
+        if (
+          assistantMessage.stopReason === "error" &&
+          assistantMessage.errorMessage?.trim()
+        ) {
+          this.fatalErrorMessage = assistantMessage.errorMessage.trim();
+          return false;
+        }
+        // If text was already streamed via deltas, skip extraction
+        if (this.hasStreamedText) {
+          return false;
+        }
+        // Fallback: extract text from final message content
+        let extracted = false;
+        for (const block of assistantMessage.content) {
+          if (block.type === "text" && block.text.trim()) {
+            this.chronologicalOutput += block.text;
+            extracted = true;
+          }
+        }
+        return extracted;
+      }
+
+      case "tool_execution_start": {
+        const params =
+          event.args && typeof event.args === "object"
+            ? (event.args as Record<string, unknown>)
+            : {};
+        const formatted = formatToolExecution(
+          event.toolName,
+          params,
+          this.verboseLogging
+        );
+        if (formatted) {
+          this.chronologicalOutput += `${formatted}\n`;
+          return true;
+        }
+        return false;
+      }
+
+      case "auto_compaction_start": {
+        this.chronologicalOutput += "🗜️ *Compacting context...*\n";
+        return true;
+      }
+
+      case "auto_compaction_end": {
+        if (event.aborted) {
+          this.chronologicalOutput += "🗜️ *Compaction aborted*\n";
+        } else if (event.result) {
+          this.chronologicalOutput += "🗜️ *Context compacted*\n";
+        }
+        return true;
+      }
+
+      case "auto_retry_start": {
+        this.chronologicalOutput += `🔄 *Retrying (attempt ${event.attempt}/${event.maxAttempts})...*\n`;
+        return true;
+      }
+
+      case "auto_retry_end": {
+        if (!event.success && event.finalError) {
+          this.chronologicalOutput += `🔄 *Retry failed: ${event.finalError}*\n`;
+          return true;
+        }
+        return false;
+      }
+
+      default:
+        return false;
+    }
+  }
+
+  /**
+   * Get delta since last sent content.
+   * Returns null if no new content.
+   */
+  getDelta(): string | null {
+    const fullContent = this.chronologicalOutput.trim();
+
+    if (!fullContent) {
+      return null;
+    }
+
+    if (fullContent === this.lastSentContent) {
+      return null;
+    }
+
+    if (this.lastSentContent && fullContent.startsWith(this.lastSentContent)) {
+      const delta = fullContent.slice(this.lastSentContent.length);
+      this.lastSentContent = fullContent;
+      return delta;
+    }
+
+    this.lastSentContent = fullContent;
+    return fullContent;
+  }
+
+  setFinalResult(result: { text: string; isFinal: boolean }): void {
+    this.finalResult = result;
+  }
+
+  getFinalResult(): { text: string; isFinal: boolean } | null {
+    const result = this.finalResult;
+    this.finalResult = null;
+    return result;
+  }
+
+  consumeFatalErrorMessage(): string | null {
+    const result = this.fatalErrorMessage;
+    this.fatalErrorMessage = null;
+    return result;
+  }
+
+  getCurrentThinking(): string | null {
+    return this.currentThinking || null;
+  }
+
+  getOutputSnapshot(): string {
+    return this.chronologicalOutput.trim();
+  }
+
+  reset(): void {
+    this.lastSentContent = "";
+    this.chronologicalOutput = "";
+    this.currentThinking = "";
+    this.finalResult = null;
+    this.hasStreamedText = false;
+    this.fatalErrorMessage = null;
+  }
+}

package/src/openclaw/sandbox-leak.ts

@@ -0,0 +1,100 @@
+/**
+ * Detects and redacts "sandbox leaks" — cases where the agent presents a
+ * local workspace path (or a Claude `sandbox://` URL) as if it were a
+ * user-downloadable artifact, without having actually called
+ * `UploadUserFile`.
+ *
+ * Catches three structural delivery patterns (links, sandbox:// URLs,
+ * HTML attributes) plus a semantic pattern: a workspace path presented as
+ * "the file is at …" or "located at …" — the phrasing that tricks users
+ * into thinking the path is reachable.
+ */
+
+/** Claude's `sandbox://` file-reference scheme — always a delivery claim. */
+const SANDBOX_URL_RE = /\bsandbox:\/{1,2}[^\s)\]}'"<>]+/gi;
+
+/**
+ * Markdown link target pointing at a local workspace path, e.g.
+ * `[report](/app/workspaces/foo/bar.pdf)` or `[x](file:///workspace/y)`.
+ */
+const LOCAL_MD_LINK_RE =
+  /\]\(\s*((?:file:\/\/)?(?:\/app\/workspaces\/|\/workspace\/)[^\s)]+)\s*\)/gi;
+
+/**
+ * HTML `href`/`src` pointing at a local workspace path.
+ * Group 1 = attribute name, group 2 = URL target.
+ */
+const LOCAL_HREF_RE =
+  /\b(href|src)\s*=\s*["']((?:file:\/\/)?(?:\/app\/workspaces\/|\/workspace\/)[^"']+)["']/gi;
+
+/**
+ * A workspace path presented as a file location via delivery-intent phrasing
+ * (e.g. "located at", "saved to", "file is at", "available at").
+ * Only fires when the path has a file extension so directory descriptions
+ * in ls-style probes are not flagged.
+ *
+ * Matches both bare and back-ticked paths:
+ *   "The file is located at: /app/workspaces/.../report.pdf"
+ *   "saved to `/workspace/output/data.csv`"
+ */
+const DELIVERY_PHRASE_RE =
+  /(?:located at|saved (?:to|at|in)|file is (?:at|in)|available at|created (?:at|in)|stored (?:at|in)|written to|exported to|generated (?:at|in))[:\s]+`?((?:\/app\/workspaces\/|\/workspace\/)[^\s`]+\.\w{1,10})`?/gi;
+
+interface LeakCheckResult {
+  /** True if the final message makes an unfulfilled file-delivery claim. */
+  leaked: boolean;
+  /** `finalText` with offending link/URL targets neutralised. Equal to
+   * `finalText` when `leaked` is false. */
+  redactedText: string;
+}
+
+/**
+ * Inspect the agent's final user-facing message for unfulfilled file-delivery
+ * claims. If `sawUploadedFileEvent` is true (the agent actually called
+ * UploadUserFile during this turn), no check is performed — the agent did
+ * deliver something, and any remaining path references are assumed
+ * descriptive.
+ */
+export function checkSandboxLeak(
+  finalText: string,
+  sawUploadedFileEvent: boolean
+): LeakCheckResult {
+  if (sawUploadedFileEvent || !finalText) {
+    return { leaked: false, redactedText: finalText };
+  }
+
+  const hasSandboxUrl = SANDBOX_URL_RE.test(finalText);
+  const hasMdLink = LOCAL_MD_LINK_RE.test(finalText);
+  const hasHref = LOCAL_HREF_RE.test(finalText);
+  const hasDeliveryPhrase = DELIVERY_PHRASE_RE.test(finalText);
+
+  // Reset lastIndex — `test()` on /g regexes advances state.
+  SANDBOX_URL_RE.lastIndex = 0;
+  LOCAL_MD_LINK_RE.lastIndex = 0;
+  LOCAL_HREF_RE.lastIndex = 0;
+  DELIVERY_PHRASE_RE.lastIndex = 0;
+
+  if (!hasSandboxUrl && !hasMdLink && !hasHref && !hasDeliveryPhrase) {
+    return { leaked: false, redactedText: finalText };
+  }
+
+  // Redact: neutralise the link targets so the user doesn't see a broken
+  // "clickable" path, but keep the surrounding prose intact.
+  let redacted = finalText;
+  redacted = redacted.replace(SANDBOX_URL_RE, "[local file, not uploaded]");
+  redacted = redacted.replace(LOCAL_MD_LINK_RE, "](about:blank)");
+  redacted = redacted.replace(
+    LOCAL_HREF_RE,
+    (_match, attr: string) => `${attr}="about:blank"`
+  );
+  redacted = redacted.replace(
+    DELIVERY_PHRASE_RE,
+    "[file was created but not uploaded — use `UploadUserFile` to deliver it]"
+  );
+
+  const note =
+    "\n\n_Note: I referenced a local file but did not actually upload it. " +
+    "Ask me to retry and I will use `UploadUserFile` to deliver it._";
+
+  return { leaked: true, redactedText: `${redacted}${note}` };
+}

package/src/openclaw/session-context.ts

@@ -0,0 +1,323 @@
+import {
+  type ConfigProviderMeta,
+  createLogger,
+  ensureBaseUrl,
+  type McpStatus,
+  type McpToolDef,
+} from "@lobu/core";
+
+const logger = createLogger("openclaw-session-context");
+
+interface ProviderConfig {
+  credentialEnvVarName?: string;
+  defaultProvider?: string;
+  defaultModel?: string;
+  cliBackends?: Array<{
+    providerId: string;
+    name: string;
+    command: string;
+    args?: string[];
+    env?: Record<string, string>;
+    modelArg?: string;
+    sessionArg?: string;
+  }>;
+  providerBaseUrlMappings?: Record<string, string>;
+  /** Dynamic provider metadata from config-driven providers */
+  configProviders?: Record<string, ConfigProviderMeta>;
+  /** Credential env var placeholders for proxy mode (e.g. Z_AI_API_KEY → "lobu-proxy") */
+  credentialPlaceholders?: Record<string, string>;
+}
+
+interface SkillContent {
+  name: string;
+  content: string;
+}
+
+interface SessionContextResponse {
+  agentInstructions: string;
+  platformInstructions: string;
+  networkInstructions: string;
+  skillsInstructions: string;
+  mcpStatus: McpStatus[];
+  mcpTools?: Record<string, McpToolDef[]>;
+  mcpInstructions?: Record<string, string>;
+  mcpContext?: Record<string, string>;
+  providerConfig?: ProviderConfig;
+  skillsConfig?: SkillContent[];
+}
+
+const CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
+
+const DEFAULT_SESSION_CONTEXT = {
+  agentInstructions: "",
+  gatewayInstructions: "",
+  providerConfig: {} as ProviderConfig,
+  skillsConfig: [] as SkillContent[],
+  mcpStatus: [] as McpStatus[],
+  mcpTools: {} as Record<string, McpToolDef[]>,
+  mcpContext: {} as Record<string, string>,
+} as const;
+
+// Module-level cache for session context
+let cachedResult: {
+  agentInstructions: string;
+  gatewayInstructions: string;
+  providerConfig: ProviderConfig;
+  skillsConfig: SkillContent[];
+  mcpStatus: McpStatus[];
+  mcpTools: Record<string, McpToolDef[]>;
+  mcpContext: Record<string, string>;
+  mcpExposure: "tools" | "cli";
+  cachedAt: number;
+} | null = null;
+
+/**
+ * Invalidate the session context cache.
+ * Called by the SSE client when a config_changed event is received.
+ */
+export function invalidateSessionContextCache(): void {
+  cachedResult = null;
+  logger.info("Session context cache invalidated");
+}
+
+function buildMcpInstructions(
+  mcpStatus: McpStatus[],
+  mcpToolIds: Set<string>,
+  mcpExposure: "tools" | "cli" = "tools"
+): string {
+  if (!mcpStatus || mcpStatus.length === 0) {
+    return "";
+  }
+
+  const needsAuthentication = mcpStatus.filter(
+    (mcp) => mcp.requiresAuth && !mcp.authenticated
+  );
+  const needsConfiguration = mcpStatus.filter(
+    (mcp) => mcp.requiresInput && !mcp.configured
+  );
+  const undiscoveredMcps = mcpStatus.filter((mcp) => !mcpToolIds.has(mcp.id));
+
+  if (
+    needsAuthentication.length === 0 &&
+    needsConfiguration.length === 0 &&
+    undiscoveredMcps.length === 0
+  ) {
+    return "";
+  }
+
+  const lines: string[] = ["## MCP Tools Requiring Setup"];
+
+  for (const mcp of needsAuthentication) {
+    const loginCmd =
+      mcpExposure === "cli"
+        ? `run \`${mcp.id} auth login\` in Bash`
+        : `call \`${mcp.id}_login\``;
+    const checkCmd =
+      mcpExposure === "cli"
+        ? `run \`${mcp.id} auth check\``
+        : `call \`${mcp.id}_login_check\``;
+    lines.push(
+      `- ⚠️ **${mcp.name}** (id: ${mcp.id}): Authentication is required. To start login, ${loginCmd}. After the user completes login, ${checkCmd}. Newly available MCP tools will refresh on the next message.`
+    );
+  }
+
+  for (const mcp of needsConfiguration) {
+    lines.push(
+      `- ⚠️ **${mcp.name}** (id: ${mcp.id}): Additional MCP input is required before this server can be used. Tell the user an admin must configure the MCP inputs in settings.`
+    );
+  }
+
+  for (const mcp of undiscoveredMcps) {
+    if (mcp.requiresAuth || mcp.requiresInput) {
+      continue;
+    }
+    lines.push(
+      `- ⚠️ **${mcp.name}** (id: ${mcp.id}): No tools were discovered for this MCP in the current session. Do not assume a login tool exists unless it is actually registered.`
+    );
+  }
+
+  return lines.join("\n");
+}
+
+/**
+ * CLI-mode header introducing the `<server> <tool>` idiom. Appended to gateway
+ * instructions when `mcpExposure === "cli"` so the model understands how to
+ * invoke MCP tools through bash instead of as first-class function calls.
+ */
+function buildMcpCliInstructions(mcpStatus: McpStatus[]): string {
+  if (!mcpStatus || mcpStatus.length === 0) return "";
+  const servers = mcpStatus.map((m) => `- \`${m.id}\` — ${m.name}`).join("\n");
+  return `## Available MCP CLIs
+
+MCP servers are exposed as Bash commands. One command per server. Invoke tools by piping JSON on stdin:
+
+\`\`\`bash
+<server> <tool> <<'EOF'
+{ ...json args... }
+EOF
+\`\`\`
+
+Discovery:
+- \`<server> --help\` — list a server's tools
+- \`<server> <tool> --schema\` — print the JSON Schema for a tool
+- \`<server> auth login|check|logout\` — manage OAuth where required
+
+Servers:
+${servers}`;
+}
+
+function buildMcpServerInstructions(
+  mcpInstructions: Record<string, string>
+): string {
+  const entries = Object.entries(mcpInstructions).filter(([, v]) => v);
+  if (entries.length === 0) return "";
+
+  const lines: string[] = ["## MCP Server Instructions", ""];
+  for (const [mcpId, instructions] of entries) {
+    lines.push(`### ${mcpId}`, "", instructions, "");
+  }
+  return lines.join("\n");
+}
+
+/**
+ * Fetch session context from gateway for OpenClaw worker.
+ * Returns gateway instructions and dynamic provider configuration.
+ * Caches the result until invalidated by a config_changed SSE event.
+ * Skips MCP server config (OpenClaw doesn't use Claude SDK's MCP format).
+ */
+export async function getOpenClawSessionContext(
+  opts: { mcpExposure?: "tools" | "cli" } = {}
+): Promise<{
+  /**
+   * Identity/soul/user instructions for this agent. Returned separately from
+   * `gatewayInstructions` so the worker can prepend identity BEFORE the
+   * pi-coding-agent base prompt (which would otherwise anchor the model with
+   * "You are an expert coding assistant" before the agent's real persona is
+   * declared).
+   */
+  agentInstructions: string;
+  /** Platform / network / skills / MCP setup instructions (no identity). */
+  gatewayInstructions: string;
+  providerConfig: ProviderConfig;
+  skillsConfig: SkillContent[];
+  mcpStatus: McpStatus[];
+  mcpTools: Record<string, McpToolDef[]>;
+  mcpContext: Record<string, string>;
+}> {
+  const mcpExposure: "tools" | "cli" = opts.mcpExposure ?? "tools";
+
+  if (
+    cachedResult &&
+    cachedResult.mcpExposure === mcpExposure &&
+    Date.now() - cachedResult.cachedAt < CACHE_TTL_MS
+  ) {
+    logger.debug("Returning cached session context");
+    return cachedResult;
+  }
+
+  const dispatcherUrl = process.env.DISPATCHER_URL;
+  const workerToken = process.env.WORKER_TOKEN;
+
+  if (!dispatcherUrl || !workerToken) {
+    logger.warn("Missing dispatcher URL or worker token for session context");
+    return { ...DEFAULT_SESSION_CONTEXT };
+  }
+
+  try {
+    const url = new URL(
+      `${ensureBaseUrl(dispatcherUrl)}/worker/session-context`
+    );
+    const response = await fetch(url, {
+      headers: {
+        Authorization: `Bearer ${workerToken}`,
+      },
+      // Session context is fetched once per turn; a stalled gateway here would
+      // otherwise hang the worker before the agent ever sees the prompt.
+      signal: AbortSignal.timeout(30_000),
+    });
+
+    if (!response.ok) {
+      logger.warn("Gateway returned non-success status for session context", {
+        status: response.status,
+      });
+      return { ...DEFAULT_SESSION_CONTEXT };
+    }
+
+    const data = (await response.json()) as SessionContextResponse;
+
+    logger.info(
+      `Received session context: ${data.platformInstructions.length} chars platform instructions, ${data.mcpStatus.length} MCP status entries, provider: ${data.providerConfig?.defaultProvider || "none"}, cliBackends: ${data.providerConfig?.cliBackends?.map((b) => b.name).join(", ") || "none"}`
+    );
+
+    const toolMcpIds = new Set(Object.keys(data.mcpTools || {}));
+    const mcpSetupInstructions = buildMcpInstructions(
+      data.mcpStatus,
+      toolMcpIds,
+      mcpExposure
+    );
+    // Include MCP server instructions for all servers (with or without tools).
+    // These provide workspace context (available connectors, entity schemas, etc.)
+    // that helps the agent use the tools effectively.
+    const mcpServerInstructions = buildMcpServerInstructions(
+      data.mcpInstructions || {}
+    );
+    const mcpCliInstructions =
+      mcpExposure === "cli" ? buildMcpCliInstructions(data.mcpStatus) : "";
+
+    // Identity/soul/user instructions are returned separately so the worker
+    // can prepend them BEFORE the pi-coding-agent base prompt.
+    const agentInstructions = data.agentInstructions || "";
+
+    const gatewayInstructions = [
+      data.platformInstructions,
+      data.networkInstructions,
+      data.skillsInstructions,
+      mcpCliInstructions,
+      mcpSetupInstructions,
+      mcpServerInstructions,
+    ]
+      .filter(Boolean)
+      .join("\n\n");
+
+    const mcpTools = data.mcpTools || {};
+
+    logger.info(
+      `Built gateway instructions: agent (${agentInstructions.length} chars, prepended) + platform (${data.platformInstructions.length} chars) + network (${data.networkInstructions.length} chars) + skills (${(data.skillsInstructions || "").length} chars) + MCP setup (${mcpSetupInstructions.length} chars) + MCP server instructions (${mcpServerInstructions.length} chars), mcpTools: ${Object.keys(mcpTools).length} servers`
+    );
+
+    const mcpContext = data.mcpContext || {};
+
+    const result = {
+      agentInstructions,
+      gatewayInstructions,
+      providerConfig: data.providerConfig || {},
+      skillsConfig: data.skillsConfig || [],
+      mcpStatus: data.mcpStatus || [],
+      mcpTools,
+      mcpContext,
+    };
+
+    // Don't cache if any authenticated MCP returned no tools — likely a
+    // transient upstream failure that should be retried on the next message.
+    const hasEmptyAuthenticatedMcp = data.mcpStatus.some(
+      (mcp) => mcp.authenticated && !toolMcpIds.has(mcp.id)
+    );
+    if (!hasEmptyAuthenticatedMcp) {
+      cachedResult = { ...result, mcpExposure, cachedAt: Date.now() };
+    } else {
+      logger.warn(
+        "Skipping session context cache — authenticated MCP(s) returned no tools",
+        {
+          emptyMcps: data.mcpStatus
+            .filter((mcp) => mcp.authenticated && !toolMcpIds.has(mcp.id))
+            .map((mcp) => mcp.id),
+        }
+      );
+    }
+
+    return result;
+  } catch (error) {
+    logger.error("Failed to fetch session context from gateway", { error });
+    return { ...DEFAULT_SESSION_CONTEXT };
+  }
+}