@mooncompany/uplink-chat 0.5.0

package/server/routes/agents.js

@@ -0,0 +1,564 @@
+/**
+ * Agents Routes - Direct config file access
+ * 
+ * Reads/writes the OpenClaw config file directly instead of going through
+ * gateway WebSocket RPC. This avoids the device-auth scope requirement
+ * introduced in OpenClaw v2026.2.14.
+ * 
+ * For write operations, sends SIGUSR1 to the gateway process to trigger
+ * a config reload/restart.
+ */
+
+import fs from 'fs/promises';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import { execFile } from 'child_process';
+import crypto from 'crypto';
+import os from 'os';
+import lockfile from 'proper-lockfile';
+import { log } from '../utils.js';
+import { requirePremium } from '../premium/index.js';
+import { internalError, ErrorCodes } from '../../utils/errors.js';
+import { GATEWAY_RESTART_DELAY_MS } from '../config.js';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const AVATARS_DIR = path.join(__dirname, '..', '..', 'public', 'img', 'agents');
+
+// OpenClaw config file path
+const OPENCLAW_STATE_DIR = process.env.OPENCLAW_STATE_DIR || path.join(os.homedir(), '.openclaw');
+const OPENCLAW_CONFIG_PATH = path.join(OPENCLAW_STATE_DIR, 'openclaw.json');
+
+/**
+ * Read the OpenClaw config file and compute a hash for concurrency control.
+ * @returns {{ config: Object, hash: string, raw: string }}
+ */
+async function readGatewayConfig() {
+  const raw = await fs.readFile(OPENCLAW_CONFIG_PATH, 'utf8');
+  const config = JSON.parse(raw);
+  const hash = crypto.createHash('sha256').update(raw).digest('hex').slice(0, 16);
+  return { config, hash, raw };
+}
+
+/**
+ * Write the OpenClaw config file with file locking for safety.
+ * Creates a backup before writing.
+ * @param {Object} config - The full config object to write
+ * @returns {{ hash: string }}
+ */
+async function writeGatewayConfig(config) {
+  let release;
+  try {
+    release = await lockfile.lock(OPENCLAW_CONFIG_PATH, {
+      retries: { retries: 5, minTimeout: 100, maxTimeout: 1000 },
+    });
+
+    // Backup current config
+    try {
+      await fs.copyFile(OPENCLAW_CONFIG_PATH, OPENCLAW_CONFIG_PATH + '.bak');
+    } catch {
+      // Backup failure is non-fatal
+    }
+
+    const raw = JSON.stringify(config, null, 2);
+    await fs.writeFile(OPENCLAW_CONFIG_PATH, raw, 'utf8');
+    const hash = crypto.createHash('sha256').update(raw).digest('hex').slice(0, 16);
+    return { hash };
+  } finally {
+    if (release) await release();
+  }
+}
+
+/**
+ * Signal the gateway to reload config.
+ * Uses `openclaw gateway restart` which sends SIGUSR1 for a graceful reload.
+ */
+function signalGatewayReload() {
+  try {
+    execFile('openclaw', ['gateway', 'restart'], { timeout: 10000 }, (err, stdout, stderr) => {
+      if (err) {
+        log('warn', `[Agents] Gateway restart signal failed: ${err.message}`);
+      } else {
+        log('info', '[Agents] Gateway restart signal sent');
+      }
+    });
+  } catch (err) {
+    log('warn', `[Agents] Failed to signal gateway: ${err.message}`);
+  }
+}
+
+/**
+ * Setup agent routes
+ * @param {Express} app - Express app instance
+ * @param {Object} context - Request context
+ */
+export function setupAgentRoutes(app, context) {
+
+  /**
+   * GET /api/agents
+   * 
+   * Returns the agent list + defaults + bindings from the gateway config file.
+   */
+  app.get('/api/agents', requirePremium('Agent management'), async (req, res) => {
+    try {
+      const { config: gwConfig, hash } = await readGatewayConfig();
+
+      // Extract only agent-related config
+      const agents = gwConfig.agents || {};
+      const gwBindings = gwConfig.bindings || [];
+      const tools = gwConfig.tools || {};
+
+      // Build a clean response
+      const agentList = (agents.list || []).map(agent => ({
+        id: agent.id,
+        name: agent.name || agent.id,
+        default: agent.default || false,
+        workspace: agent.workspace || null,
+        model: agent.model || null,
+        identity: agent.identity || null,
+        groupChat: agent.groupChat || null,
+        sandbox: agent.sandbox || null,
+        tools: agent.tools || null,
+        subagents: agent.subagents || null,
+      }));
+
+      // If no agents in list, there's at least a "main" agent
+      if (agentList.length === 0) {
+        agentList.push({
+          id: 'main',
+          name: 'Main',
+          default: true,
+          workspace: agents.defaults?.workspace || null,
+          model: null,
+          identity: null,
+          groupChat: null,
+          sandbox: null,
+          tools: null,
+          subagents: null,
+        });
+      }
+
+      // Mark the default agent
+      const hasExplicitDefault = agentList.some(a => a.default);
+      if (!hasExplicitDefault && agentList.length > 0) {
+        agentList[0].default = true;
+      }
+
+      // Extract available channels for the binding editor
+      const gwChannels = gwConfig.channels || {};
+      const channelList = Object.keys(gwChannels);
+
+      res.json({
+        ok: true,
+        agents: agentList,
+        defaults: {
+          model: agents.defaults?.model || null,
+          models: agents.defaults?.models ? Object.keys(agents.defaults.models) : [],
+          workspace: agents.defaults?.workspace || null,
+          heartbeat: agents.defaults?.heartbeat || null,
+          subagents: agents.defaults?.subagents || null,
+          sandbox: agents.defaults?.sandbox || null,
+          maxConcurrent: agents.defaults?.maxConcurrent || null,
+        },
+        bindings: (gwBindings || []).map(b => ({
+          agentId: b.agentId,
+          match: b.match || {},
+        })),
+        channels: channelList,
+        globalTools: {
+          allow: tools.allow || null,
+          deny: tools.deny || null,
+          profile: tools.profile || null,
+        },
+        hash,
+      });
+    } catch (err) {
+      log('error', `[Agents] Failed to read agent config: ${err.message}`);
+      return internalError(res, err.message, ErrorCodes.GATEWAY_ERROR);
+    }
+  });
+
+  /**
+   * PATCH /api/agents/:agentId
+   * 
+   * Updates an existing agent's config in the config file.
+   * 
+   * Body: { changes: { model?, identity?, tools?, sandbox?, subagents?, groupChat? }, baseHash: string }
+   */
+  app.patch('/api/agents/:agentId', requirePremium('Agent management'), async (req, res) => {
+    try {
+      const { agentId } = req.params;
+      const { changes, baseHash } = req.body;
+
+      if (!changes || typeof changes !== 'object') {
+        return res.status(400).json({ ok: false, error: 'Missing changes object' });
+      }
+      if (!baseHash) {
+        return res.status(400).json({ ok: false, error: 'Missing baseHash for concurrency safety' });
+      }
+
+      const { config: gwConfig, hash: currentHash } = await readGatewayConfig();
+
+      // Verify hash hasn't changed (someone else edited config)
+      if (currentHash !== baseHash) {
+        return res.status(409).json({ 
+          ok: false, 
+          error: 'Config was modified externally. Please refresh and try again.',
+          currentHash 
+        });
+      }
+
+      const agentsList = gwConfig.agents?.list || [];
+      const agentIndex = agentsList.findIndex(a => a.id === agentId);
+
+      if (agentIndex === -1) {
+        return res.status(404).json({ ok: false, error: `Agent "${agentId}" not found` });
+      }
+
+      // Apply changes to the agent
+      const updatedAgent = { ...agentsList[agentIndex] };
+      if (changes.model !== undefined) updatedAgent.model = changes.model;
+      if (changes.identity !== undefined) updatedAgent.identity = changes.identity;
+      if (changes.tools !== undefined) updatedAgent.tools = changes.tools;
+      if (changes.sandbox !== undefined) updatedAgent.sandbox = changes.sandbox;
+      if (changes.subagents !== undefined) updatedAgent.subagents = changes.subagents;
+      if (changes.groupChat !== undefined) updatedAgent.groupChat = changes.groupChat;
+      if (changes.workspace !== undefined) updatedAgent.workspace = changes.workspace;
+      if (changes.name !== undefined) updatedAgent.name = changes.name;
+
+      // Update the config
+      gwConfig.agents.list[agentIndex] = updatedAgent;
+
+      const { hash: newHash } = await writeGatewayConfig(gwConfig);
+
+      // Signal gateway to reload
+      signalGatewayReload();
+
+      log('info', `[Agents] Patched agent "${agentId}": ${Object.keys(changes).join(', ')}`);
+
+      res.json({
+        ok: true,
+        agent: updatedAgent,
+        hash: newHash,
+      });
+    } catch (err) {
+      log('error', `[Agents] Failed to patch agent "${req.params.agentId}": ${err.message}`);
+      return internalError(res, err.message, ErrorCodes.GATEWAY_ERROR);
+    }
+  });
+
+  /**
+   * POST /api/agents
+   * 
+   * Creates a new agent. Appends to agents.list in the config file.
+   * Requires a gateway restart.
+   * 
+   * Body: { agent: { id, name?, model?, identity?, ... }, baseHash: string }
+   */
+  app.post('/api/agents', requirePremium('Agent management'), async (req, res) => {
+    try {
+      const { agent, baseHash } = req.body;
+
+      if (!agent?.id) {
+        return res.status(400).json({ ok: false, error: 'Missing agent.id' });
+      }
+      if (!baseHash) {
+        return res.status(400).json({ ok: false, error: 'Missing baseHash' });
+      }
+      if (!/^[a-z0-9][a-z0-9-]*$/.test(agent.id)) {
+        return res.status(400).json({ ok: false, error: 'Agent ID must be lowercase alphanumeric + hyphens' });
+      }
+
+      const { config: gwConfig, hash: currentHash } = await readGatewayConfig();
+
+      if (currentHash !== baseHash) {
+        return res.status(409).json({ ok: false, error: 'Config modified externally. Refresh and retry.', currentHash });
+      }
+
+      const agentsList = gwConfig.agents?.list || [];
+
+      // Check for duplicate ID
+      if (agentsList.some(a => a.id === agent.id)) {
+        return res.status(409).json({ ok: false, error: `Agent "${agent.id}" already exists` });
+      }
+
+      // Build the new agent entry (only include defined fields)
+      const newAgent = { id: agent.id };
+      if (agent.name) newAgent.name = agent.name;
+      if (agent.model) newAgent.model = agent.model;
+      if (agent.identity) newAgent.identity = agent.identity;
+      if (agent.workspace) newAgent.workspace = agent.workspace;
+      if (agent.sandbox) newAgent.sandbox = agent.sandbox;
+      if (agent.tools) newAgent.tools = agent.tools;
+      if (agent.subagents) newAgent.subagents = agent.subagents;
+      if (agent.groupChat) newAgent.groupChat = agent.groupChat;
+
+      if (!gwConfig.agents) gwConfig.agents = {};
+      if (!gwConfig.agents.list) gwConfig.agents.list = [];
+      gwConfig.agents.list.push(newAgent);
+
+      const { hash: newHash } = await writeGatewayConfig(gwConfig);
+
+      // Signal gateway to restart (adding agents is a cold change)
+      signalGatewayReload();
+
+      log('info', `[Agents] Created agent "${agent.id}" — gateway restart triggered`);
+
+      res.json({
+        ok: true,
+        agent: newAgent,
+        hash: newHash,
+        requiresRestart: true,
+      });
+    } catch (err) {
+      log('error', `[Agents] Failed to create agent: ${err.message}`);
+      return internalError(res, err.message, ErrorCodes.GATEWAY_ERROR);
+    }
+  });
+
+  /**
+   * DELETE /api/agents/:agentId
+   * 
+   * Removes an agent from agents.list. Requires gateway restart.
+   * Cannot delete the "main" agent or the last remaining agent.
+   */
+  app.delete('/api/agents/:agentId', requirePremium('Agent management'), async (req, res) => {
+    try {
+      const { agentId } = req.params;
+      const { baseHash } = req.body || {};
+
+      if (!baseHash) {
+        return res.status(400).json({ ok: false, error: 'Missing baseHash' });
+      }
+      if (agentId === 'main') {
+        return res.status(400).json({ ok: false, error: 'Cannot delete the main agent' });
+      }
+
+      const { config: gwConfig, hash: currentHash } = await readGatewayConfig();
+
+      if (currentHash !== baseHash) {
+        return res.status(409).json({ ok: false, error: 'Config modified externally. Refresh and retry.', currentHash });
+      }
+
+      const agentsList = gwConfig.agents?.list || [];
+      const agentIndex = agentsList.findIndex(a => a.id === agentId);
+
+      if (agentIndex === -1) {
+        return res.status(404).json({ ok: false, error: `Agent "${agentId}" not found` });
+      }
+
+      // Don't allow deleting if it's the only agent
+      if (agentsList.length <= 1) {
+        return res.status(400).json({ ok: false, error: 'Cannot delete the only agent' });
+      }
+
+      // Remove the agent
+      gwConfig.agents.list = agentsList.filter(a => a.id !== agentId);
+
+      // Also remove any bindings that point to this agent
+      if (gwConfig.bindings) {
+        gwConfig.bindings = gwConfig.bindings.filter(b => b.agentId !== agentId);
+      }
+
+      const { hash: newHash } = await writeGatewayConfig(gwConfig);
+
+      // Signal gateway to restart
+      signalGatewayReload();
+
+      log('info', `[Agents] Deleted agent "${agentId}" — gateway restart triggered`);
+
+      res.json({
+        ok: true,
+        hash: newHash,
+        requiresRestart: true,
+      });
+    } catch (err) {
+      log('error', `[Agents] Failed to delete agent "${req.params.agentId}": ${err.message}`);
+      return internalError(res, err.message, ErrorCodes.GATEWAY_ERROR);
+    }
+  });
+
+  /**
+   * PUT /api/bindings
+   * 
+   * Replaces all bindings in the config file.
+   * 
+   * Body: { bindings: [{ agentId, match: { channel?, accountId?, peer?, guildId?, teamId? } }], baseHash: string }
+   */
+  app.put('/api/bindings', requirePremium('Agent management'), async (req, res) => {
+    try {
+      const { bindings: newBindings, baseHash } = req.body;
+
+      if (!Array.isArray(newBindings)) {
+        return res.status(400).json({ ok: false, error: 'bindings must be an array' });
+      }
+      if (!baseHash) {
+        return res.status(400).json({ ok: false, error: 'Missing baseHash' });
+      }
+
+      // Validate each binding
+      for (const b of newBindings) {
+        if (!b.agentId || typeof b.agentId !== 'string') {
+          return res.status(400).json({ ok: false, error: 'Each binding must have an agentId' });
+        }
+        if (!b.match || typeof b.match !== 'object') {
+          return res.status(400).json({ ok: false, error: 'Each binding must have a match object' });
+        }
+      }
+
+      const { config: gwConfig, hash: currentHash } = await readGatewayConfig();
+
+      if (currentHash !== baseHash) {
+        return res.status(409).json({ ok: false, error: 'Config modified externally. Refresh and retry.', currentHash });
+      }
+
+      // Clean up the bindings — only include valid fields
+      const cleanBindings = newBindings.map(b => {
+        const clean = { agentId: b.agentId, match: {} };
+        if (b.match.channel) clean.match.channel = b.match.channel;
+        if (b.match.accountId) clean.match.accountId = b.match.accountId;
+        if (b.match.peer?.kind && b.match.peer?.id) {
+          clean.match.peer = { kind: b.match.peer.kind, id: b.match.peer.id };
+        }
+        if (b.match.guildId) clean.match.guildId = b.match.guildId;
+        if (b.match.teamId) clean.match.teamId = b.match.teamId;
+        return clean;
+      });
+
+      gwConfig.bindings = cleanBindings;
+
+      const { hash: newHash } = await writeGatewayConfig(gwConfig);
+
+      // Signal gateway to reload (bindings are hot-reloadable)
+      signalGatewayReload();
+
+      log('info', `[Agents] Updated bindings: ${cleanBindings.length} routes`);
+
+      res.json({
+        ok: true,
+        bindings: cleanBindings,
+        hash: newHash,
+      });
+    } catch (err) {
+      log('error', `[Agents] Failed to update bindings: ${err.message}`);
+      return internalError(res, err.message, ErrorCodes.GATEWAY_ERROR);
+    }
+  });
+
+  /**
+   * POST /api/agents/avatar
+   * POST /api/agents/:agentId/avatar
+   * 
+   * Upload an agent avatar image. Saves as /public/img/agents/{agentId}.png.
+   * Accepts multipart form data with 'avatar' file and 'agentId' field.
+   */
+  const handleAvatarUpload = async (req, res) => {
+    try {
+      // Collect body chunks
+      const chunks = [];
+      for await (const chunk of req) {
+        chunks.push(chunk);
+      }
+      const body = Buffer.concat(chunks);
+
+      // Parse multipart boundary from content-type header
+      const contentType = req.headers['content-type'] || '';
+      const boundaryMatch = contentType.match(/boundary=(?:"([^"]+)"|([^\s;]+))/);
+      if (!boundaryMatch) {
+        return res.status(400).json({ ok: false, error: 'Missing multipart boundary' });
+      }
+      const boundary = boundaryMatch[1] || boundaryMatch[2];
+
+      // Split by boundary and find parts
+      const boundaryBuf = Buffer.from(`--${boundary}`);
+      let agentId = req.params.agentId || null; // Get from URL params if present
+      let fileData = null;
+
+      // Simple multipart parser
+      const parts = splitMultipart(body, boundaryBuf);
+      for (const part of parts) {
+        const headerEnd = part.indexOf('\r\n\r\n');
+        if (headerEnd === -1) continue;
+        const headers = part.subarray(0, headerEnd).toString();
+        const content = part.subarray(headerEnd + 4);
+
+        if (headers.includes('name="agentId"')) {
+          // Only override if not already set from URL params
+          if (!agentId) agentId = content.toString().trim();
+        } else if (headers.includes('name="avatar"')) {
+          // Strip trailing \r\n if present
+          fileData = content.at(-2) === 0x0d && content.at(-1) === 0x0a
+            ? content.subarray(0, content.length - 2)
+            : content;
+        }
+      }
+
+      if (!agentId || !fileData) {
+        return res.status(400).json({ ok: false, error: 'Missing agentId or avatar file' });
+      }
+
+      // Sanitize agentId to prevent path traversal
+      const cleanId = agentId.replace(/[^a-z0-9-]/g, '').substring(0, 64);
+      if (!cleanId) {
+        return res.status(400).json({ ok: false, error: 'Invalid agentId' });
+      }
+
+      // Ensure directory exists
+      await fs.mkdir(AVATARS_DIR, { recursive: true });
+
+      // Save as PNG (we accept any image, browser will handle display)
+      const filePath = path.join(AVATARS_DIR, `${cleanId}.png`);
+      const resolved = path.resolve(filePath);
+      if (!resolved.startsWith(path.resolve(AVATARS_DIR))) {
+        return res.status(400).json({ ok: false, error: 'Invalid path' });
+      }
+
+      await fs.writeFile(filePath, fileData);
+
+      // Resize to max 512x512 if ffmpeg is available (preserves aspect ratio)
+      try {
+        const tmpPath = filePath + '.tmp.png';
+        await new Promise((resolve, reject) => {
+          execFile('ffmpeg', ['-y', '-i', filePath, '-vf', 'scale=512:512:force_original_aspect_ratio=decrease', tmpPath], (err) => {
+            if (err) reject(err); else resolve();
+          });
+        });
+        await fs.rename(tmpPath, filePath);
+        const stat = await fs.stat(filePath);
+        log('info', `[Agents] Avatar saved for ${cleanId} (resized to max 512px, ${stat.size} bytes)`);
+      } catch {
+        // ffmpeg not available — keep original
+        log('info', `[Agents] Avatar saved for ${cleanId} (${fileData.length} bytes, no resize)`);
+      }
+
+      res.json({ ok: true, path: `/img/agents/${cleanId}.png` });
+    } catch (err) {
+      log('error', `[Agents] Avatar upload error: ${err.message}`);
+      return internalError(res, 'Upload failed', ErrorCodes.UPLOAD_FAILED);
+    }
+  };
+
+  // Register both route patterns
+  app.post('/api/agents/avatar', handleAvatarUpload);
+  app.post('/api/agents/:agentId/avatar', handleAvatarUpload);
+}
+
+/**
+ * Split a multipart buffer by boundary marker.
+ */
+function splitMultipart(buf, boundary) {
+  const parts = [];
+  let start = 0;
+  while (true) {
+    const idx = buf.indexOf(boundary, start);
+    if (idx === -1) break;
+    if (start > 0) {
+      parts.push(buf.subarray(start, idx));
+    }
+    start = idx + boundary.length;
+    // Skip \r\n after boundary
+    if (buf[start] === 0x0d && buf[start + 1] === 0x0a) start += 2;
+    // Check for -- (end marker)
+    if (buf[start] === 0x2d && buf[start + 1] === 0x2d) break;
+  }
+  return parts;
+}