npm - @nextclaw/server - Versions diffs - 0.3.6 → 0.4.0 - Mend

@nextclaw/server 0.3.6 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -54,7 +54,6 @@ type ConfigView = {
     tools?: Record<string, unknown>;
     gateway?: Record<string, unknown>;
     ui?: Record<string, unknown>;
-    plugins?: Record<string, unknown>;
 };
 type ProviderSpecView = {
     name: string;
@@ -86,6 +85,7 @@ type ConfigUiHint = {
     advanced?: boolean;
     sensitive?: boolean;
     placeholder?: string;
+    readOnly?: boolean;
 };
 type ConfigUiHints = Record<string, ConfigUiHint>;
 type ConfigSchemaResponse = {
@@ -136,7 +136,7 @@ declare function createUiRouter(options: UiRouterOptions): Hono;
 declare function buildConfigView(config: Config): ConfigView;
 declare function buildConfigMeta(config: Config): ConfigMetaView;
-declare function buildConfigSchemaView(config: Config): ConfigSchemaResponse;
+declare function buildConfigSchemaView(_config: Config): ConfigSchemaResponse;
 declare function loadConfigOrDefault(configPath: string): Config;
 declare function updateModel(configPath: string, model: string): ConfigView;
 declare function updateProvider(configPath: string, providerName: string, patch: ProviderConfigUpdate): ProviderConfigView | null;

package/dist/index.js CHANGED Viewed

@@ -19,10 +19,70 @@ import {
   buildConfigSchema,
   findProviderByName,
   getPackageVersion,
-  getWorkspacePathFromConfig
+  isSensitiveConfigPath
 } from "@nextclaw/core";
-import { loadOpenClawPlugins, getPluginUiMetadataFromRegistry } from "@nextclaw/openclaw-compat";
 var MASK_MIN_LENGTH = 8;
+var EXTRA_SENSITIVE_PATH_PATTERNS = [/authorization/i, /cookie/i, /session/i, /bearer/i];
+function matchesExtraSensitivePath(path) {
+  return EXTRA_SENSITIVE_PATH_PATTERNS.some((pattern) => pattern.test(path));
+}
+function matchHint(path, hints) {
+  const direct = hints[path];
+  if (direct) {
+    return direct;
+  }
+  const segments = path.split(".");
+  for (const [hintKey, hint] of Object.entries(hints)) {
+    if (!hintKey.includes("*")) {
+      continue;
+    }
+    const hintSegments = hintKey.split(".");
+    if (hintSegments.length !== segments.length) {
+      continue;
+    }
+    let match = true;
+    for (let index = 0; index < segments.length; index += 1) {
+      if (hintSegments[index] !== "*" && hintSegments[index] !== segments[index]) {
+        match = false;
+        break;
+      }
+    }
+    if (match) {
+      return hint;
+    }
+  }
+  return void 0;
+}
+function isSensitivePath(path, hints) {
+  if (hints) {
+    const hint = matchHint(path, hints);
+    if (hint?.sensitive !== void 0) {
+      return Boolean(hint.sensitive);
+    }
+  }
+  return isSensitiveConfigPath(path) || matchesExtraSensitivePath(path);
+}
+function sanitizePublicConfigValue(value, prefix, hints) {
+  if (Array.isArray(value)) {
+    const nextPath = prefix ? `${prefix}[]` : "[]";
+    return value.map((entry) => sanitizePublicConfigValue(entry, nextPath, hints));
+  }
+  if (!value || typeof value !== "object") {
+    return value;
+  }
+  const output = {};
+  for (const [key, val] of Object.entries(value)) {
+    const nextPath = prefix ? `${prefix}.${key}` : key;
+    if (isSensitivePath(nextPath, hints)) {
+      continue;
+    }
+    output[key] = sanitizePublicConfigValue(val, nextPath, hints);
+  }
+  return output;
+}
+function buildUiHints(config) {
+  return buildConfigSchemaView(config).uiHints;
+}
 function maskApiKey(value) {
   if (!value) {
     return { apiKeySet: false };
@@ -35,13 +95,18 @@ function maskApiKey(value) {
     apiKeyMasked: `${value.slice(0, 2)}****${value.slice(-4)}`
   };
 }
-function toProviderView(provider, spec) {
+function toProviderView(provider, providerName, uiHints, spec) {
   const masked = maskApiKey(provider.apiKey);
+  const extraHeaders = provider.extraHeaders && Object.keys(provider.extraHeaders).length > 0 ? sanitizePublicConfigValue(
+    provider.extraHeaders,
+    `providers.${providerName}.extraHeaders`,
+    uiHints
+  ) : null;
   const view = {
     apiKeySet: masked.apiKeySet,
     apiKeyMasked: masked.apiKeyMasked,
     apiBase: provider.apiBase ?? null,
-    extraHeaders: provider.extraHeaders ?? null
+    extraHeaders: extraHeaders && Object.keys(extraHeaders).length > 0 ? extraHeaders : null
   };
   if (spec?.supportsWireApi) {
     view.wireApi = provider.wireApi ?? spec.defaultWireApi ?? "auto";
@@ -49,19 +114,23 @@ function toProviderView(provider, spec) {
   return view;
 }
 function buildConfigView(config) {
+  const uiHints = buildUiHints(config);
   const providers = {};
   for (const [name, provider] of Object.entries(config.providers)) {
     const spec = findProviderByName(name);
-    providers[name] = toProviderView(provider, spec);
+    providers[name] = toProviderView(provider, name, uiHints, spec);
   }
   return {
     agents: config.agents,
     providers,
-    channels: config.channels,
-    tools: config.tools,
-    gateway: config.gateway,
-    ui: config.ui,
-    plugins: config.plugins
+    channels: sanitizePublicConfigValue(
+      config.channels,
+      "channels",
+      uiHints
+    ),
+    tools: sanitizePublicConfigValue(config.tools, "tools", uiHints),
+    gateway: sanitizePublicConfigValue(config.gateway, "gateway", uiHints),
+    ui: sanitizePublicConfigValue(config.ui, "ui", uiHints)
   };
 }
 function buildConfigMeta(config) {
@@ -84,17 +153,8 @@ function buildConfigMeta(config) {
   }));
   return { providers, channels };
 }
-function buildConfigSchemaView(config) {
-  const workspaceDir = getWorkspacePathFromConfig(config);
-  const registry = loadOpenClawPlugins({
-    config,
-    workspaceDir,
-    mode: "full",
-    reservedChannelIds: Object.keys(config.channels),
-    reservedProviderIds: PROVIDERS.map((provider) => provider.name)
-  });
-  const plugins = getPluginUiMetadataFromRegistry(registry);
-  return buildConfigSchema({ version: getPackageVersion(), plugins });
+function buildConfigSchemaView(_config) {
+  return buildConfigSchema({ version: getPackageVersion() });
 }
 function loadConfigOrDefault(configPath) {
   return loadConfig(configPath);
@@ -127,8 +187,9 @@ function updateProvider(configPath, providerName, patch) {
   }
   const next = ConfigSchema.parse(config);
   saveConfig(next, configPath);
+  const uiHints = buildUiHints(next);
   const updated = next.providers[providerName];
-  return toProviderView(updated, spec ?? void 0);
+  return toProviderView(updated, providerName, uiHints, spec ?? void 0);
 }
 function updateChannel(configPath, channelName, patch) {
   const config = loadConfigOrDefault(configPath);
@@ -139,7 +200,12 @@ function updateChannel(configPath, channelName, patch) {
   config.channels[channelName] = { ...channel, ...patch };
   const next = ConfigSchema.parse(config);
   saveConfig(next, configPath);
-  return next.channels[channelName];
+  const uiHints = buildUiHints(next);
+  return sanitizePublicConfigValue(
+    next.channels[channelName],
+    `channels.${channelName}`,
+    uiHints
+  );
 }
 // src/ui/router.ts

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@nextclaw/server",
-  "version": "0.3.6",
+  "version": "0.4.0",
   "private": false,
   "description": "Nextclaw UI/API server.",
   "type": "module",
@@ -17,8 +17,7 @@
     "@hono/node-server": "^1.13.3",
     "hono": "^4.6.2",
     "ws": "^8.18.0",
-    "@nextclaw/core": "^0.5.0",
-    "@nextclaw/openclaw-compat": "^0.1.3"
+    "@nextclaw/core": "^0.6.0"
   },
   "devDependencies": {
     "@types/node": "^20.17.6",