@memtensor/memos-local-openclaw-plugin 1.0.4-beta.0 → 1.0.4-beta.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@memtensor/memos-local-openclaw-plugin",
-  "version": "1.0.4-beta.0",
+  "version": "1.0.4-beta.2",
   "description": "MemOS Local memory plugin for OpenClaw — full-write, hybrid-recall, progressive retrieval",
   "type": "module",
   "main": "index.ts",

package/src/client/connector.ts

@@ -59,6 +59,74 @@ export async function getHubStatus(store: SqliteStore, config: MemosLocalConfig)
   const conn = store.getClientHubConnection();
   const hubAddress = conn?.hubUrl || config.sharing?.client?.hubAddress || "";
   const userToken = conn?.userToken || config.sharing?.client?.userToken || "";
+
+  if (conn && conn.userId && (!userToken || userToken === "")) {
+    const teamToken = config.sharing?.client?.teamToken ?? "";
+    if (hubAddress && teamToken) {
+      try {
+        const result = await hubRequestJson(normalizeHubUrl(hubAddress), "", "/api/v1/hub/join", {
+          method: "POST",
+          body: JSON.stringify({ teamToken, username: conn.username || "user" }),
+        }) as any;
+        if (result.status === "pending") {
+          return {
+            connected: false,
+            hubUrl: normalizeHubUrl(hubAddress),
+            user: {
+              id: conn.userId,
+              username: conn.username || "",
+              role: "member",
+              status: "pending",
+              groups: [],
+            },
+          };
+        }
+        if (result.status === "active" && result.userToken) {
+          store.setClientHubConnection({
+            hubUrl: normalizeHubUrl(hubAddress),
+            userId: String(result.userId),
+            username: conn.username || "",
+            userToken: result.userToken,
+            role: "member",
+            connectedAt: Date.now(),
+          });
+          const me = await hubRequestJson(normalizeHubUrl(hubAddress), result.userToken, "/api/v1/hub/me", { method: "GET" }) as any;
+          return {
+            connected: true,
+            hubUrl: normalizeHubUrl(hubAddress),
+            user: {
+              id: String(me.id),
+              username: String(me.username ?? ""),
+              role: String(me.role ?? "member") as UserRole,
+              status: String(me.status ?? "active"),
+              groups: Array.isArray(me.groups)
+                ? me.groups.map((group: any) => ({
+                    id: String(group.id),
+                    name: String(group.name),
+                    description: typeof group.description === "string" ? group.description : undefined,
+                  }))
+                : [],
+            },
+          };
+        }
+        if (result.status === "rejected") {
+          return {
+            connected: false,
+            hubUrl: normalizeHubUrl(hubAddress),
+            user: {
+              id: conn.userId,
+              username: conn.username || "",
+              role: "member",
+              status: "rejected",
+              groups: [],
+            },
+          };
+        }
+      } catch { /* fall through */ }
+    }
+    return { connected: false, user: null };
+  }
+
   if (!hubAddress || !userToken) {
     return { connected: false, user: null };
   }
@@ -107,6 +175,23 @@ export async function autoJoinHub(
     body: JSON.stringify({ teamToken, username, deviceName: hostname }),
   }) as any;
 
+  if (result.status === "pending") {
+    log.info(`Join request submitted, awaiting admin approval. userId=${result.userId}`);
+    store.setClientHubConnection({
+      hubUrl,
+      userId: String(result.userId),
+      username,
+      userToken: "",
+      role: "member",
+      connectedAt: Date.now(),
+    });
+    throw new PendingApprovalError(result.userId);
+  }
+
+  if (result.status === "rejected") {
+    throw new Error(`Join request was rejected by the Hub admin.`);
+  }
+
   if (!result.userToken) {
     throw new Error(`Hub join failed: ${JSON.stringify(result)}`);
   }
@@ -122,3 +207,12 @@ export async function autoJoinHub(
   });
   return store.getClientHubConnection()!;
 }
+
+export class PendingApprovalError extends Error {
+  public readonly userId: string;
+  constructor(userId: string) {
+    super("Awaiting admin approval");
+    this.name = "PendingApprovalError";
+    this.userId = userId;
+  }
+}

package/src/config.ts

@@ -117,22 +117,22 @@ export function resolveConfig(raw: Partial<MemosLocalConfig> | undefined, stateD
           : undefined;
       })(),
     } : undefined,
-    sharing: {
-      enabled: cfg.sharing?.enabled ?? false,
-      role: cfg.sharing?.role ?? "client",
-      hub: {
+    sharing: (() => {
+      const role = cfg.sharing?.role ?? "client";
+      const enabled = cfg.sharing?.enabled ?? false;
+      const hub = role === "hub" ? {
         port: cfg.sharing?.hub?.port ?? 18800,
         teamName: cfg.sharing?.hub?.teamName ?? "",
         teamToken: cfg.sharing?.hub?.teamToken ?? "",
-      },
-      client: {
+      } : { port: 18800, teamName: "", teamToken: "" };
+      const client = role === "client" ? {
         hubAddress: cfg.sharing?.client?.hubAddress ?? "",
         userToken: cfg.sharing?.client?.userToken ?? "",
         teamToken: cfg.sharing?.client?.teamToken ?? "",
         pendingUserId: cfg.sharing?.client?.pendingUserId ?? "",
-      },
-      capabilities: sharingCapabilities,
-    },
+      } : { hubAddress: "", userToken: "", teamToken: "", pendingUserId: "" };
+      return { enabled, role, hub, client, capabilities: sharingCapabilities };
+    })(),
   };
 }
 

package/src/hub/server.ts

@@ -192,17 +192,32 @@ export class HubServer {
         return this.json(res, 403, { error: "invalid_team_token" });
       }
       const username = String(body.username || `user-${randomUUID().slice(0, 8)}`);
+      const existingUsers = this.opts.store.listHubUsers();
+      const existingUser = existingUsers.find(u => u.username === username);
+      if (existingUser) {
+        if (existingUser.status === "active") {
+          const token = issueUserToken(
+            { userId: existingUser.id, username: existingUser.username, role: existingUser.role, status: "active" },
+            this.authSecret,
+          );
+          this.userManager.approveUser(existingUser.id, token);
+          return this.json(res, 200, { status: "active", userId: existingUser.id, userToken: token });
+        }
+        if (existingUser.status === "pending") {
+          return this.json(res, 200, { status: "pending", userId: existingUser.id });
+        }
+        if (existingUser.status === "rejected") {
+          this.userManager.resetToPending(existingUser.id);
+          this.opts.log.info(`Hub: rejected user "${username}" (${existingUser.id}) re-applied, reset to pending`);
+          return this.json(res, 200, { status: "pending", userId: existingUser.id });
+        }
+      }
       const user = this.userManager.createPendingUser({
         username,
         deviceName: typeof body.deviceName === "string" ? body.deviceName : undefined,
       });
-      const token = issueUserToken(
-        { userId: user.id, username, role: "member", status: "active" },
-        this.authSecret,
-      );
-      this.userManager.approveUser(user.id, token);
-      this.opts.log.info(`Hub: auto-approved user "${username}" (${user.id})`);
-      return this.json(res, 200, { status: "active", userId: user.id, userToken: token });
+      this.opts.log.info(`Hub: user "${username}" (${user.id}) registered as pending, awaiting admin approval`);
+      return this.json(res, 200, { status: "pending", userId: user.id });
     }
 
     if (req.method === "POST" && routePath === "/api/v1/hub/registration-status") {
@@ -297,6 +312,7 @@ export class HubServer {
     // ── Group management ──
 
     if (req.method === "GET" && routePath === "/api/v1/hub/groups") {
+      if (auth.role !== "admin") return this.json(res, 403, { error: "forbidden" });
       const groups = this.opts.store.listHubGroups();
       return this.json(res, 200, { groups });
     }
@@ -321,6 +337,7 @@ export class HubServer {
       const groupId = decodeURIComponent(groupDetailMatch[1]);
 
       if (req.method === "GET") {
+        if (auth.role !== "admin") return this.json(res, 403, { error: "forbidden" });
         const group = this.opts.store.getHubGroupById(groupId);
         if (!group) return this.json(res, 404, { error: "not_found" });
         const members = this.opts.store.listHubGroupMembers(groupId);
@@ -408,15 +425,8 @@ export class HubServer {
       if (!sourceChunkId) return this.json(res, 400, { error: "missing_source_chunk_id" });
       const existing = this.opts.store.getHubMemoryBySource(auth.userId, sourceChunkId);
       const memoryId = existing?.id ?? randomUUID();
-      const visibility = m.visibility === "group" ? "group" : "public";
-      let resolvedGroupId: string | null = null;
-      if (visibility === "group") {
-        const gid = String(m.groupId || "");
-        if (!gid) return this.json(res, 400, { error: "missing_group_id" });
-        const group = this.opts.store.getHubGroupById(gid);
-        if (!group) return this.json(res, 404, { error: "group_not_found" });
-        resolvedGroupId = gid;
-      }
+      const visibility = "public";
+      const resolvedGroupId: string | null = null;
       const now = Date.now();
       this.opts.store.upsertHubMemory({
         id: memoryId,
@@ -576,7 +586,7 @@ export class HubServer {
       if (!sourceSkillId) return this.json(res, 400, { error: "missing_skill_id" });
       const existing = this.opts.store.getHubSkillBySource(auth.userId, sourceSkillId);
       const skillId = existing?.id ?? randomUUID();
-      const visibility = body?.visibility === "group" ? "group" : "public";
+      const visibility = "public";
       this.opts.store.upsertHubSkill({
         id: skillId,
         sourceSkillId,
@@ -584,7 +594,7 @@ export class HubServer {
         name: String(metadata.name || sourceSkillId),
         description: String(metadata.description || ""),
         version: Number(metadata.version || 1),
-        groupId: visibility === "group" ? String(body?.groupId || "") || null : null,
+        groupId: null,
         visibility,
         bundle: JSON.stringify(body?.bundle ?? {}),
         qualityScore: metadata.qualityScore == null ? null : Number(metadata.qualityScore),
@@ -598,10 +608,6 @@ export class HubServer {
     if (skillBundleMatch) {
       const skill = this.opts.store.getHubSkillById(decodeURIComponent(skillBundleMatch[1]));
       if (!skill) return this.json(res, 404, { error: "not_found" });
-      const user = this.opts.store.getHubUser(auth.userId);
-      const groups = new Set((user?.groups ?? []).map((group) => group.id));
-      const allowed = skill.visibility === "public" || (skill.groupId != null && groups.has(skill.groupId));
-      if (!allowed) return this.json(res, 403, { error: "forbidden" });
       return this.json(res, 200, {
         skillId: skill.id,
         metadata: {

package/src/hub/user-manager.ts

@@ -123,4 +123,17 @@ export class HubUserManager {
     this.store.upsertHubUser(updated);
     return updated;
   }
+
+  resetToPending(userId: string): ManagedHubUser | null {
+    const user = this.store.getHubUser(userId);
+    if (!user) return null;
+    const updated = {
+      ...user,
+      status: "pending" as const,
+      tokenHash: "",
+      approvedAt: null,
+    };
+    this.store.upsertHubUser(updated);
+    return updated;
+  }
 }

package/src/storage/sqlite.ts

@@ -1874,24 +1874,16 @@ export class SqliteStore {
     const limit = options?.maxResults ?? 10;
     const userId = options?.userId ?? "";
     const rows = this.db.prepare(`
-      SELECT hc.id, hc.content, hc.summary, hc.role, hc.created_at, ht.title as task_title, ht.visibility, hg.name as group_name, hu.username as owner_name,
+      SELECT hc.id, hc.content, hc.summary, hc.role, hc.created_at, ht.title as task_title, ht.visibility, '' as group_name, hu.username as owner_name,
              bm25(hub_chunks_fts) as rank
       FROM hub_chunks_fts f
       JOIN hub_chunks hc ON hc.rowid = f.rowid
       JOIN hub_tasks ht ON ht.id = hc.hub_task_id
-      LEFT JOIN hub_groups hg ON hg.id = ht.group_id
       LEFT JOIN hub_users hu ON hu.id = ht.source_user_id
       WHERE hub_chunks_fts MATCH ?
-        AND (
-          ht.visibility = 'public'
-          OR EXISTS (
-            SELECT 1 FROM hub_group_members gm
-            WHERE gm.group_id = ht.group_id AND gm.user_id = ?
-          )
-        )
       ORDER BY rank
       LIMIT ?
-    `).all(sanitizeFtsQuery(query), userId, limit) as HubSearchRow[];
+    `).all(sanitizeFtsQuery(query), limit) as HubSearchRow[];
     return rows.map((row, idx) => ({ hit: row, rank: idx + 1 }));
   }
 
@@ -1916,12 +1908,7 @@ export class SqliteStore {
       FROM hub_embeddings he
       JOIN hub_chunks hc ON hc.id = he.chunk_id
       JOIN hub_tasks ht ON ht.id = hc.hub_task_id
-      WHERE ht.visibility = 'public'
-         OR EXISTS (
-           SELECT 1 FROM hub_group_members gm
-           WHERE gm.group_id = ht.group_id AND gm.user_id = ?
-         )
-    `).all(userId) as Array<{ chunk_id: string; vector: Buffer; dimensions: number }>;
+    `).all() as Array<{ chunk_id: string; vector: Buffer; dimensions: number }>;
     return rows.map(r => ({
       chunkId: r.chunk_id,
       vector: new Float32Array(r.vector.buffer, r.vector.byteOffset, r.dimensions),
@@ -1930,22 +1917,14 @@ export class SqliteStore {
 
   getVisibleHubSearchHitByChunkId(chunkId: string, userId: string): HubSearchRow | null {
     const row = this.db.prepare(`
-      SELECT hc.id, hc.content, hc.summary, hc.role, hc.created_at, ht.title as task_title, ht.visibility, hg.name as group_name, hu.username as owner_name,
+      SELECT hc.id, hc.content, hc.summary, hc.role, hc.created_at, ht.title as task_title, ht.visibility, '' as group_name, hu.username as owner_name,
              0 as rank
       FROM hub_chunks hc
       JOIN hub_tasks ht ON ht.id = hc.hub_task_id
-      LEFT JOIN hub_groups hg ON hg.id = ht.group_id
       LEFT JOIN hub_users hu ON hu.id = ht.source_user_id
       WHERE hc.id = ?
-        AND (
-          ht.visibility = 'public'
-          OR EXISTS (
-            SELECT 1 FROM hub_group_members gm
-            WHERE gm.group_id = ht.group_id AND gm.user_id = ?
-          )
-        )
       LIMIT 1
-    `).get(chunkId, userId) as HubSearchRow | undefined;
+    `).get(chunkId) as HubSearchRow | undefined;
     return row ?? null;
   }
 
@@ -1961,38 +1940,24 @@ export class SqliteStore {
     let rows: HubSkillSearchRow[];
     if (sanitized) {
       rows = this.db.prepare(`
-        SELECT hs.id, hs.name, hs.description, hs.version, hs.visibility, hg.name AS group_name, hu.username AS owner_name, hs.quality_score,
+        SELECT hs.id, hs.name, hs.description, hs.version, hs.visibility, '' AS group_name, hu.username AS owner_name, hs.quality_score,
                bm25(hub_skills_fts) as rank
         FROM hub_skills_fts f
         JOIN hub_skills hs ON hs.rowid = f.rowid
-        LEFT JOIN hub_groups hg ON hg.id = hs.group_id
         LEFT JOIN hub_users hu ON hu.id = hs.source_user_id
         WHERE hub_skills_fts MATCH ?
-          AND (
-            hs.visibility = 'public'
-            OR EXISTS (
-              SELECT 1 FROM hub_group_members gm
-              WHERE gm.group_id = hs.group_id AND gm.user_id = ?
-            )
-          )
         ORDER BY rank
         LIMIT ?
-      `).all(sanitized, userId, limit) as HubSkillSearchRow[];
+      `).all(sanitized, limit) as HubSkillSearchRow[];
     } else {
       rows = this.db.prepare(`
-        SELECT hs.id, hs.name, hs.description, hs.version, hs.visibility, hg.name AS group_name, hu.username AS owner_name, hs.quality_score,
+        SELECT hs.id, hs.name, hs.description, hs.version, hs.visibility, '' AS group_name, hu.username AS owner_name, hs.quality_score,
                0 as rank
         FROM hub_skills hs
-        LEFT JOIN hub_groups hg ON hg.id = hs.group_id
         LEFT JOIN hub_users hu ON hu.id = hs.source_user_id
-        WHERE hs.visibility = 'public'
-           OR EXISTS (
-             SELECT 1 FROM hub_group_members gm
-             WHERE gm.group_id = hs.group_id AND gm.user_id = ?
-           )
         ORDER BY hs.updated_at DESC
         LIMIT ?
-      `).all(userId, limit) as HubSkillSearchRow[];
+      `).all(limit) as HubSkillSearchRow[];
     }
     return rows.map((row, idx) => ({ hit: row, rank: idx + 1 }));
   }
@@ -2003,19 +1968,13 @@ export class SqliteStore {
 
   listVisibleHubTasks(userId: string, limit = 40): Array<{ id: string; sourceTaskId: string; sourceUserId: string; title: string; summary: string; groupId: string | null; groupName: string | null; visibility: string; ownerName: string; chunkCount: number; createdAt: number; updatedAt: number }> {
     const rows = this.db.prepare(`
-      SELECT t.*, u.username AS owner_name, g.name AS group_name,
+      SELECT t.*, u.username AS owner_name, NULL AS group_name,
         (SELECT COUNT(*) FROM hub_chunks c WHERE c.hub_task_id = t.id) AS chunk_count
       FROM hub_tasks t
       LEFT JOIN hub_users u ON u.id = t.source_user_id
-      LEFT JOIN hub_groups g ON g.id = t.group_id
-      WHERE t.visibility = 'public'
-         OR EXISTS (
-           SELECT 1 FROM hub_group_members gm
-           WHERE gm.group_id = t.group_id AND gm.user_id = ?
-         )
       ORDER BY t.updated_at DESC
       LIMIT ?
-    `).all(userId, limit) as any[];
+    `).all(limit) as any[];
     return rows.map(r => ({
       id: r.id, sourceTaskId: r.source_task_id, sourceUserId: r.source_user_id,
       title: r.title, summary: r.summary, groupId: r.group_id, groupName: r.group_name ?? null,
@@ -2048,18 +2007,12 @@ export class SqliteStore {
 
   listVisibleHubSkills(userId: string, limit = 40): Array<{ id: string; sourceSkillId: string; sourceUserId: string; name: string; description: string; version: number; groupId: string | null; groupName: string | null; visibility: string; ownerName: string; qualityScore: number | null; createdAt: number; updatedAt: number }> {
     const rows = this.db.prepare(`
-      SELECT s.*, u.username AS owner_name, g.name AS group_name
+      SELECT s.*, u.username AS owner_name, NULL AS group_name
       FROM hub_skills s
       LEFT JOIN hub_users u ON u.id = s.source_user_id
-      LEFT JOIN hub_groups g ON g.id = s.group_id
-      WHERE s.visibility = 'public'
-         OR EXISTS (
-           SELECT 1 FROM hub_group_members gm
-           WHERE gm.group_id = s.group_id AND gm.user_id = ?
-         )
       ORDER BY s.updated_at DESC
       LIMIT ?
-    `).all(userId, limit) as any[];
+    `).all(limit) as any[];
     return rows.map(r => ({
       id: r.id, sourceSkillId: r.source_skill_id, sourceUserId: r.source_user_id,
       name: r.name, description: r.description, version: r.version,
@@ -2149,23 +2102,15 @@ export class SqliteStore {
     const sanitized = sanitizeFtsQuery(query);
     if (!sanitized) return [];
     const rows = this.db.prepare(`
-      SELECT hm.id, hm.content, hm.summary, hm.role, hm.created_at, hm.visibility, hg.name as group_name, hu.username as owner_name,
+      SELECT hm.id, hm.content, hm.summary, hm.role, hm.created_at, hm.visibility, '' as group_name, hu.username as owner_name,
              bm25(hub_memories_fts) as rank
       FROM hub_memories_fts f
       JOIN hub_memories hm ON hm.rowid = f.rowid
-      LEFT JOIN hub_groups hg ON hg.id = hm.group_id
       LEFT JOIN hub_users hu ON hu.id = hm.source_user_id
       WHERE hub_memories_fts MATCH ?
-        AND (
-          hm.visibility = 'public'
-          OR EXISTS (
-            SELECT 1 FROM hub_group_members gm
-            WHERE gm.group_id = hm.group_id AND gm.user_id = ?
-          )
-        )
       ORDER BY rank
       LIMIT ?
-    `).all(sanitized, userId, limit) as HubMemorySearchRow[];
+    `).all(sanitized, limit) as HubMemorySearchRow[];
     return rows.map((row, idx) => ({ hit: row, rank: idx + 1 }));
   }
 
@@ -2174,12 +2119,7 @@ export class SqliteStore {
       SELECT hme.memory_id, hme.vector, hme.dimensions
       FROM hub_memory_embeddings hme
       JOIN hub_memories hm ON hm.id = hme.memory_id
-      WHERE hm.visibility = 'public'
-         OR EXISTS (
-           SELECT 1 FROM hub_group_members gm
-           WHERE gm.group_id = hm.group_id AND gm.user_id = ?
-         )
-    `).all(userId) as Array<{ memory_id: string; vector: Buffer; dimensions: number }>;
+    `).all() as Array<{ memory_id: string; vector: Buffer; dimensions: number }>;
     return rows.map(r => ({
       memoryId: r.memory_id,
       vector: new Float32Array(r.vector.buffer, r.vector.byteOffset, r.dimensions),
@@ -2188,38 +2128,24 @@ export class SqliteStore {
 
   getVisibleHubSearchHitByMemoryId(memoryId: string, userId: string): HubMemorySearchRow | null {
     const row = this.db.prepare(`
-      SELECT hm.id, hm.content, hm.summary, hm.role, hm.created_at, hm.visibility, hg.name as group_name, hu.username as owner_name,
+      SELECT hm.id, hm.content, hm.summary, hm.role, hm.created_at, hm.visibility, '' as group_name, hu.username as owner_name,
              0 as rank
       FROM hub_memories hm
-      LEFT JOIN hub_groups hg ON hg.id = hm.group_id
       LEFT JOIN hub_users hu ON hu.id = hm.source_user_id
       WHERE hm.id = ?
-        AND (
-          hm.visibility = 'public'
-          OR EXISTS (
-            SELECT 1 FROM hub_group_members gm
-            WHERE gm.group_id = hm.group_id AND gm.user_id = ?
-          )
-        )
       LIMIT 1
-    `).get(memoryId, userId) as HubMemorySearchRow | undefined;
+    `).get(memoryId) as HubMemorySearchRow | undefined;
     return row ?? null;
   }
 
   listVisibleHubMemories(userId: string, limit = 40): Array<{ id: string; sourceChunkId: string; sourceUserId: string; role: string; summary: string; kind: string; groupId: string | null; groupName: string | null; visibility: string; ownerName: string; createdAt: number; updatedAt: number }> {
     const rows = this.db.prepare(`
-      SELECT m.*, u.username AS owner_name, g.name AS group_name
+      SELECT m.*, u.username AS owner_name, NULL AS group_name
       FROM hub_memories m
       LEFT JOIN hub_users u ON u.id = m.source_user_id
-      LEFT JOIN hub_groups g ON g.id = m.group_id
-      WHERE m.visibility = 'public'
-         OR EXISTS (
-           SELECT 1 FROM hub_group_members gm
-           WHERE gm.group_id = m.group_id AND gm.user_id = ?
-         )
       ORDER BY m.updated_at DESC
       LIMIT ?
-    `).all(userId, limit) as any[];
+    `).all(limit) as any[];
     return rows.map(r => ({
       id: r.id, sourceChunkId: r.source_chunk_id, sourceUserId: r.source_user_id,
       role: r.role, summary: r.summary, kind: r.kind,