npm - @nextclaw/server - Versions diffs - 0.10.1 → 0.10.3 - Mend

@nextclaw/server 0.10.1 → 0.10.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -283,6 +283,26 @@ type MarketplaceApiConfig = {
     installer?: MarketplaceInstaller;
 };
+type ChatSessionTypeCtaView = {
+    kind: string;
+    label?: string;
+    href?: string;
+};
+type ChatSessionTypeOptionView = {
+    value: string;
+    label: string;
+    ready?: boolean;
+    reason?: string | null;
+    reasonMessage?: string | null;
+    supportedModels?: string[];
+    recommendedModel?: string | null;
+    cta?: ChatSessionTypeCtaView | null;
+};
+type ChatSessionTypesView = {
+    defaultType: string;
+    options: ChatSessionTypeOptionView[];
+};
 type ApiError = {
     code: string;
     message: string;
@@ -462,6 +482,7 @@ type SessionConfigView = {
         maxPingPongTurns?: number;
     };
 };
 type SessionEntryView = {
     key: string;
     createdAt: string;
@@ -658,14 +679,6 @@ type ChatCapabilitiesView = {
     stopSupported: boolean;
     stopReason?: string;
 };
-type ChatSessionTypeOptionView = {
-    value: string;
-    label: string;
-};
-type ChatSessionTypesView = {
-    defaultType: string;
-    options: ChatSessionTypeOptionView[];
-};
 type ChatCommandOptionView = {
     name: string;
     description: string;
@@ -980,6 +993,7 @@ declare class UiAuthService {
     private clearAllSessions;
     private deleteRequestSession;
     private buildLoginCookie;
+    buildTrustedRequestCookieHeader(): string | null;
     buildLogoutCookie(request: Request): string;
     setup(request: Request, payload: AuthSetupRequest): {
         status: AuthStatusView;
@@ -1057,4 +1071,8 @@ declare function deleteSession(configPath: string, key: string): boolean;
 declare function updateRuntime(configPath: string, patch: RuntimeConfigUpdate): Pick<ConfigView, "agents" | "bindings" | "session">;
 declare function updateSecrets(configPath: string, patch: SecretsConfigUpdate): SecretsView;
-export { type AgentBindingView, type AgentProfileView, type ApiError, type ApiResponse, type AppMetaView, type AuthEnabledUpdateRequest, type AuthLoginRequest, type AuthPasswordUpdateRequest, type AuthSetupRequest, type AuthStatusView, type BindingPeerView, type BochaFreshnessValue, type ChannelSpecView, type ChatCapabilitiesView, type ChatCommandOptionView, type ChatCommandView, type ChatCommandsView, type ChatRunListView, type ChatRunState, type ChatRunView, type ChatSessionTypeOptionView, type ChatSessionTypesView, type ChatTurnRequest, type ChatTurnResult, type ChatTurnStopRequest, type ChatTurnStopResult, type ChatTurnStreamEvent, type ChatTurnView, type ConfigActionExecuteRequest, type ConfigActionExecuteResult, type ConfigActionManifest, type ConfigActionType, type ConfigMetaView, type ConfigSchemaResponse, type ConfigUiHint, type ConfigUiHints, type ConfigView, type CronActionResult, type CronEnableRequest, type CronJobStateView, type CronJobView, type CronListView, type CronPayloadView, type CronRunRequest, type CronScheduleView, DEFAULT_SESSION_TYPE, type MarketplaceApiConfig, type MarketplaceInstallKind, type MarketplaceInstallSkillParams, type MarketplaceInstallSpec, type MarketplaceInstalledRecord, type MarketplaceInstalledView, type MarketplaceInstaller, type MarketplaceItemSummary, type MarketplaceItemType, type MarketplaceItemView, type MarketplaceListView, type MarketplaceLocalizedTextMap, type MarketplaceMcpContentView, type MarketplaceMcpDoctorResult, type MarketplaceMcpInstallKind, type MarketplaceMcpInstallRequest, type MarketplaceMcpInstallResult, type MarketplaceMcpInstallSpec, type MarketplaceMcpManageAction, type MarketplaceMcpManageRequest, type MarketplaceMcpManageResult, type MarketplaceMcpTemplateInput, type MarketplacePluginContentView, type MarketplacePluginInstallKind, type MarketplacePluginInstallRequest, type MarketplacePluginInstallResult, type MarketplacePluginManageAction, type MarketplacePluginManageRequest, type MarketplacePluginManageResult, type MarketplaceRecommendationView, type MarketplaceSkillContentView, type MarketplaceSkillInstallKind, type MarketplaceSkillInstallRequest, type MarketplaceSkillInstallResult, type MarketplaceSkillManageAction, type MarketplaceSkillManageRequest, type MarketplaceSkillManageResult, type MarketplaceSort, type ProviderAuthImportResult, type ProviderAuthPollRequest, type ProviderAuthPollResult, type ProviderAuthStartRequest, type ProviderAuthStartResult, type ProviderConfigUpdate, type ProviderConfigView, type ProviderConnectionTestRequest, type ProviderConnectionTestResult, type ProviderCreateRequest, type ProviderCreateResult, type ProviderDeleteResult, type ProviderSpecView, type RuntimeConfigUpdate, type SearchConfigUpdate, type SearchConfigView, type SearchProviderConfigView, type SearchProviderName, type SearchProviderSpecView, type SecretProviderEnvView, type SecretProviderExecView, type SecretProviderFileView, type SecretProviderView, type SecretRefView, type SecretSourceView, type SecretsConfigUpdate, type SecretsView, type SessionConfigView, type SessionEntryView, type SessionEventView, type SessionHistoryView, type SessionMessageView, type SessionPatchUpdate, SessionPatchValidationError, type SessionsListView, type UiChatRuntime, type UiNcpAgent, type UiNcpSessionListView, type UiNcpSessionMessagesView, type UiServerEvent, type UiServerHandle, type UiServerOptions, buildConfigMeta, buildConfigSchemaView, buildConfigView, createCustomProvider, createUiRouter, deleteCustomProvider, deleteSession, executeConfigAction, getSessionHistory, listSessions, loadConfigOrDefault, patchSession, startUiServer, testProviderConnection, updateChannel, updateModel, updateProvider, updateRuntime, updateSearch, updateSecrets };
+declare function getUiBridgeSecretPath(): string;
+declare function readUiBridgeSecret(): string | null;
+declare function ensureUiBridgeSecret(): string;
+export { type AgentBindingView, type AgentProfileView, type ApiError, type ApiResponse, type AppMetaView, type AuthEnabledUpdateRequest, type AuthLoginRequest, type AuthPasswordUpdateRequest, type AuthSetupRequest, type AuthStatusView, type BindingPeerView, type BochaFreshnessValue, type ChannelSpecView, type ChatCapabilitiesView, type ChatCommandOptionView, type ChatCommandView, type ChatCommandsView, type ChatRunListView, type ChatRunState, type ChatRunView, type ChatSessionTypeCtaView, type ChatSessionTypeOptionView, type ChatSessionTypesView, type ChatTurnRequest, type ChatTurnResult, type ChatTurnStopRequest, type ChatTurnStopResult, type ChatTurnStreamEvent, type ChatTurnView, type ConfigActionExecuteRequest, type ConfigActionExecuteResult, type ConfigActionManifest, type ConfigActionType, type ConfigMetaView, type ConfigSchemaResponse, type ConfigUiHint, type ConfigUiHints, type ConfigView, type CronActionResult, type CronEnableRequest, type CronJobStateView, type CronJobView, type CronListView, type CronPayloadView, type CronRunRequest, type CronScheduleView, DEFAULT_SESSION_TYPE, type MarketplaceApiConfig, type MarketplaceInstallKind, type MarketplaceInstallSkillParams, type MarketplaceInstallSpec, type MarketplaceInstalledRecord, type MarketplaceInstalledView, type MarketplaceInstaller, type MarketplaceItemSummary, type MarketplaceItemType, type MarketplaceItemView, type MarketplaceListView, type MarketplaceLocalizedTextMap, type MarketplaceMcpContentView, type MarketplaceMcpDoctorResult, type MarketplaceMcpInstallKind, type MarketplaceMcpInstallRequest, type MarketplaceMcpInstallResult, type MarketplaceMcpInstallSpec, type MarketplaceMcpManageAction, type MarketplaceMcpManageRequest, type MarketplaceMcpManageResult, type MarketplaceMcpTemplateInput, type MarketplacePluginContentView, type MarketplacePluginInstallKind, type MarketplacePluginInstallRequest, type MarketplacePluginInstallResult, type MarketplacePluginManageAction, type MarketplacePluginManageRequest, type MarketplacePluginManageResult, type MarketplaceRecommendationView, type MarketplaceSkillContentView, type MarketplaceSkillInstallKind, type MarketplaceSkillInstallRequest, type MarketplaceSkillInstallResult, type MarketplaceSkillManageAction, type MarketplaceSkillManageRequest, type MarketplaceSkillManageResult, type MarketplaceSort, type ProviderAuthImportResult, type ProviderAuthPollRequest, type ProviderAuthPollResult, type ProviderAuthStartRequest, type ProviderAuthStartResult, type ProviderConfigUpdate, type ProviderConfigView, type ProviderConnectionTestRequest, type ProviderConnectionTestResult, type ProviderCreateRequest, type ProviderCreateResult, type ProviderDeleteResult, type ProviderSpecView, type RuntimeConfigUpdate, type SearchConfigUpdate, type SearchConfigView, type SearchProviderConfigView, type SearchProviderName, type SearchProviderSpecView, type SecretProviderEnvView, type SecretProviderExecView, type SecretProviderFileView, type SecretProviderView, type SecretRefView, type SecretSourceView, type SecretsConfigUpdate, type SecretsView, type SessionConfigView, type SessionEntryView, type SessionEventView, type SessionHistoryView, type SessionMessageView, type SessionPatchUpdate, SessionPatchValidationError, type SessionsListView, type UiChatRuntime, type UiNcpAgent, type UiNcpSessionListView, type UiNcpSessionMessagesView, type UiServerEvent, type UiServerHandle, type UiServerOptions, buildConfigMeta, buildConfigSchemaView, buildConfigView, createCustomProvider, createUiRouter, deleteCustomProvider, deleteSession, ensureUiBridgeSecret, executeConfigAction, getSessionHistory, getUiBridgeSecretPath, listSessions, loadConfigOrDefault, patchSession, readUiBridgeSecret, startUiServer, testProviderConnection, updateChannel, updateModel, updateProvider, updateRuntime, updateSearch, updateSecrets };

package/dist/index.js CHANGED Viewed

@@ -4,9 +4,9 @@ import { compress } from "hono/compress";
 import { cors } from "hono/cors";
 import { serve } from "@hono/node-server";
 import { WebSocketServer, WebSocket } from "ws";
-import { existsSync, readFileSync } from "fs";
+import { existsSync as existsSync2, readFileSync as readFileSync2 } from "fs";
 import { readFile as readFile2, stat } from "fs/promises";
-import { join } from "path";
+import { join as join2 } from "path";
 // src/ui/auth.service.ts
 import { ConfigSchema, loadConfig, saveConfig } from "@nextclaw/core";
@@ -179,6 +179,18 @@ var UiAuthService = class {
       secure: resolveSecureRequest(request.url, request.headers.get("x-forwarded-proto"))
     });
   }
+  buildTrustedRequestCookieHeader() {
+    const auth = this.readAuthConfig();
+    if (!auth.enabled || !this.isConfigured(auth)) {
+      return null;
+    }
+    const username = normalizeUsername(auth.username);
+    if (!username) {
+      return null;
+    }
+    const sessionId = this.createSession(username);
+    return `${SESSION_COOKIE_NAME}=${encodeURIComponent(sessionId)}`;
+  }
   buildLogoutCookie(request) {
     return buildSetCookie({
       value: "",
@@ -393,6 +405,39 @@ var AppRoutesController = class {
   appMeta = (c) => c.json(ok(buildAppMetaView(this.options)));
 };
+// src/ui/auth-bridge.ts
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { join } from "path";
+import { randomBytes as randomBytes2 } from "crypto";
+import { getDataDir } from "@nextclaw/core";
+var REMOTE_BRIDGE_DIR = join(getDataDir(), "remote");
+var REMOTE_BRIDGE_SECRET_PATH = join(REMOTE_BRIDGE_DIR, "ui-bridge-secret");
+function getUiBridgeSecretPath() {
+  return REMOTE_BRIDGE_SECRET_PATH;
+}
+function readUiBridgeSecret() {
+  if (!existsSync(REMOTE_BRIDGE_SECRET_PATH)) {
+    return null;
+  }
+  try {
+    const raw = readFileSync(REMOTE_BRIDGE_SECRET_PATH, "utf-8").trim();
+    return raw.length > 0 ? raw : null;
+  } catch {
+    return null;
+  }
+}
+function ensureUiBridgeSecret() {
+  const existing = readUiBridgeSecret();
+  if (existing) {
+    return existing;
+  }
+  mkdirSync(REMOTE_BRIDGE_DIR, { recursive: true });
+  const secret = randomBytes2(24).toString("hex");
+  writeFileSync(REMOTE_BRIDGE_SECRET_PATH, `${secret}
+`, "utf-8");
+  return secret;
+}
 // src/ui/router/auth.controller.ts
 function isAuthenticationRequiredError(message) {
   return message === "Authentication required.";
@@ -492,6 +537,16 @@ var AuthRoutesController = class {
       return c.json(err(code, message), status);
     }
   };
+  issueBridgeSession = (c) => {
+    const providedSecret = c.req.header("x-nextclaw-ui-bridge-secret")?.trim();
+    const expectedSecret = ensureUiBridgeSecret();
+    if (!providedSecret || providedSecret !== expectedSecret) {
+      return c.json(err("FORBIDDEN", "Invalid bridge secret."), 403);
+    }
+    return c.json(ok({
+      cookie: this.authService.buildTrustedRequestCookieHeader()
+    }));
+  };
 };
 // src/ui/router/chat.controller.ts
@@ -2441,7 +2496,7 @@ var ChatRoutesController = class {
 };
 // src/ui/provider-auth.ts
-import { createHash, randomBytes as randomBytes2, randomUUID as randomUUID2 } from "crypto";
+import { createHash, randomBytes as randomBytes3, randomUUID as randomUUID2 } from "crypto";
 import { readFile } from "fs/promises";
 import { homedir } from "os";
 import { isAbsolute, resolve } from "path";
@@ -2469,7 +2524,7 @@ function toBase64Url(buffer) {
   return buffer.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
 }
 function buildPkce() {
-  const verifier = toBase64Url(randomBytes2(48));
+  const verifier = toBase64Url(randomBytes3(48));
   const challenge = toBase64Url(createHash("sha256").update(verifier).digest());
   return { verifier, challenge };
 }
@@ -2686,7 +2741,7 @@ async function startProviderAuth(configPath, providerName, options) {
     if (!pkce) {
       throw new Error("MiniMax OAuth requires PKCE");
     }
-    const state = toBase64Url(randomBytes2(16));
+    const state = toBase64Url(randomBytes3(16));
     const body = new URLSearchParams({
       response_type: "code",
       client_id: resolvedMethod.clientId,
@@ -4862,6 +4917,15 @@ var SessionRoutesController = class {
 };
 // src/ui/router.ts
+function registerAuthRoutes(app, authController) {
+  app.get("/api/auth/status", authController.getStatus);
+  app.post("/api/auth/setup", authController.setup);
+  app.post("/api/auth/login", authController.login);
+  app.post("/api/auth/logout", authController.logout);
+  app.put("/api/auth/password", authController.updatePassword);
+  app.put("/api/auth/enabled", authController.updateEnabled);
+  app.post("/api/auth/bridge", authController.issueBridgeSession);
+}
 function createUiRouter(options) {
   const app = new Hono();
   const marketplaceBaseUrl = normalizeMarketplaceBaseUrl(options);
@@ -4892,12 +4956,7 @@ function createUiRouter(options) {
   });
   app.get("/api/health", appController.health);
   app.get("/api/app/meta", appController.appMeta);
-  app.get("/api/auth/status", authController.getStatus);
-  app.post("/api/auth/setup", authController.setup);
-  app.post("/api/auth/login", authController.login);
-  app.post("/api/auth/logout", authController.logout);
-  app.put("/api/auth/password", authController.updatePassword);
-  app.put("/api/auth/enabled", authController.updateEnabled);
+  registerAuthRoutes(app, authController);
   app.get("/api/config", configController.getConfig);
   app.get("/api/config/meta", configController.getConfigMeta);
   app.get("/api/config/schema", configController.getConfigSchema);
@@ -4992,13 +5051,13 @@ function startUiServer(options) {
     })
   );
   const staticDir = options.staticDir;
-  if (staticDir && existsSync(join(staticDir, "index.html"))) {
-    const indexHtml = readFileSync(join(staticDir, "index.html"), "utf-8");
+  if (staticDir && existsSync2(join2(staticDir, "index.html"))) {
+    const indexHtml = readFileSync2(join2(staticDir, "index.html"), "utf-8");
     app.use(
       "/*",
       serveStatic({
         root: staticDir,
-        join,
+        join: join2,
         getContent: async (path) => {
           try {
             return await readFile2(path);
@@ -5073,11 +5132,14 @@ export {
   createUiRouter,
   deleteCustomProvider,
   deleteSession,
+  ensureUiBridgeSecret,
   executeConfigAction,
   getSessionHistory,
+  getUiBridgeSecretPath,
   listSessions,
   loadConfigOrDefault,
   patchSession,
+  readUiBridgeSecret,
   startUiServer,
   testProviderConnection,
   updateChannel,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@nextclaw/server",
-  "version": "0.10.1",
+  "version": "0.10.3",
   "private": false,
   "description": "Nextclaw UI/API server.",
   "type": "module",
@@ -18,12 +18,12 @@
     "@hono/node-server": "^1.13.3",
     "hono": "^4.6.2",
     "ws": "^8.18.0",
-    "@nextclaw/openclaw-compat": "0.3.5",
+    "@nextclaw/mcp": "0.1.3",
     "@nextclaw/ncp": "0.3.1",
+    "@nextclaw/openclaw-compat": "0.3.7",
+    "@nextclaw/core": "0.9.4",
     "@nextclaw/ncp-http-agent-server": "0.3.1",
-    "@nextclaw/runtime": "0.2.2",
-    "@nextclaw/core": "0.9.2",
-    "@nextclaw/mcp": "0.1.2"
+    "@nextclaw/runtime": "0.2.4"
   },
   "devDependencies": {
     "@types/node": "^20.17.6",