@nextclaw/server 0.5.17 → 0.5.19

package/dist/index.d.ts

@@ -147,6 +147,49 @@ type RuntimeConfigUpdate = {
     bindings?: AgentBindingView[];
     session?: SessionConfigView;
 };
+type SecretSourceView = "env" | "file" | "exec";
+type SecretRefView = {
+    source: SecretSourceView;
+    provider?: string;
+    id: string;
+};
+type SecretProviderEnvView = {
+    source: "env";
+    prefix?: string;
+};
+type SecretProviderFileView = {
+    source: "file";
+    path: string;
+    format?: "json";
+};
+type SecretProviderExecView = {
+    source: "exec";
+    command: string;
+    args?: string[];
+    cwd?: string;
+    timeoutMs?: number;
+};
+type SecretProviderView = SecretProviderEnvView | SecretProviderFileView | SecretProviderExecView;
+type SecretsView = {
+    enabled: boolean;
+    defaults: {
+        env?: string;
+        file?: string;
+        exec?: string;
+    };
+    providers: Record<string, SecretProviderView>;
+    refs: Record<string, SecretRefView>;
+};
+type SecretsConfigUpdate = {
+    enabled?: boolean;
+    defaults?: {
+        env?: string | null;
+        file?: string | null;
+        exec?: string | null;
+    };
+    providers?: Record<string, SecretProviderView> | null;
+    refs?: Record<string, SecretRefView> | null;
+};
 type ChatTurnRequest = {
     message: string;
     sessionKey?: string;
@@ -163,6 +206,16 @@ type ChatTurnResult = {
     model?: string;
     metadata?: Record<string, unknown>;
 };
+type ChatTurnStreamEvent = {
+    type: "delta";
+    delta: string;
+} | {
+    type: "final";
+    result: ChatTurnResult;
+} | {
+    type: "error";
+    error: string;
+};
 type ChatTurnView = {
     reply: string;
     sessionKey: string;
@@ -174,6 +227,7 @@ type ChatTurnView = {
 };
 type UiChatRuntime = {
     processTurn: (params: ChatTurnRequest) => Promise<ChatTurnResult>;
+    processTurnStream?: (params: ChatTurnRequest) => AsyncGenerator<ChatTurnStreamEvent>;
 };
 type ConfigView = {
     agents: {
@@ -206,6 +260,7 @@ type ConfigView = {
     tools?: Record<string, unknown>;
     gateway?: Record<string, unknown>;
     ui?: Record<string, unknown>;
+    secrets?: SecretsView;
 };
 type ProviderSpecView = {
     name: string;
@@ -522,5 +577,6 @@ declare function getSessionHistory(configPath: string, key: string, limit?: numb
 declare function patchSession(configPath: string, key: string, patch: SessionPatchUpdate): SessionHistoryView | null;
 declare function deleteSession(configPath: string, key: string): boolean;
 declare function updateRuntime(configPath: string, patch: RuntimeConfigUpdate): Pick<ConfigView, "agents" | "bindings" | "session">;
+declare function updateSecrets(configPath: string, patch: SecretsConfigUpdate): SecretsView;
 
-export { type AgentBindingView, type AgentProfileView, type ApiError, type ApiResponse, type BindingPeerView, type ChannelSpecView, type ChatTurnRequest, type ChatTurnResult, type ChatTurnView, type ConfigActionExecuteRequest, type ConfigActionExecuteResult, type ConfigActionManifest, type ConfigActionType, type ConfigMetaView, type ConfigSchemaResponse, type ConfigUiHint, type ConfigUiHints, type ConfigView, type CronActionResult, type CronEnableRequest, type CronJobStateView, type CronJobView, type CronListView, type CronPayloadView, type CronRunRequest, type CronScheduleView, type MarketplaceApiConfig, type MarketplaceInstallKind, type MarketplaceInstallSkillParams, type MarketplaceInstallSpec, type MarketplaceInstalledRecord, type MarketplaceInstalledView, type MarketplaceInstaller, type MarketplaceItemSummary, type MarketplaceItemType, type MarketplaceItemView, type MarketplaceListView, type MarketplacePluginInstallRequest, type MarketplacePluginInstallResult, type MarketplacePluginManageAction, type MarketplacePluginManageRequest, type MarketplacePluginManageResult, type MarketplaceRecommendationView, type MarketplaceSkillInstallRequest, type MarketplaceSkillInstallResult, type MarketplaceSkillManageAction, type MarketplaceSkillManageRequest, type MarketplaceSkillManageResult, type MarketplaceSort, type ProviderConfigUpdate, type ProviderConfigView, type ProviderSpecView, type RuntimeConfigUpdate, type SessionConfigView, type SessionEntryView, type SessionHistoryView, type SessionMessageView, type SessionPatchUpdate, type SessionsListView, type UiChatRuntime, type UiServerEvent, type UiServerHandle, type UiServerOptions, buildConfigMeta, buildConfigSchemaView, buildConfigView, createUiRouter, deleteSession, executeConfigAction, getSessionHistory, listSessions, loadConfigOrDefault, patchSession, startUiServer, updateChannel, updateModel, updateProvider, updateRuntime };
+export { type AgentBindingView, type AgentProfileView, type ApiError, type ApiResponse, type BindingPeerView, type ChannelSpecView, type ChatTurnRequest, type ChatTurnResult, type ChatTurnStreamEvent, type ChatTurnView, type ConfigActionExecuteRequest, type ConfigActionExecuteResult, type ConfigActionManifest, type ConfigActionType, type ConfigMetaView, type ConfigSchemaResponse, type ConfigUiHint, type ConfigUiHints, type ConfigView, type CronActionResult, type CronEnableRequest, type CronJobStateView, type CronJobView, type CronListView, type CronPayloadView, type CronRunRequest, type CronScheduleView, type MarketplaceApiConfig, type MarketplaceInstallKind, type MarketplaceInstallSkillParams, type MarketplaceInstallSpec, type MarketplaceInstalledRecord, type MarketplaceInstalledView, type MarketplaceInstaller, type MarketplaceItemSummary, type MarketplaceItemType, type MarketplaceItemView, type MarketplaceListView, type MarketplacePluginInstallRequest, type MarketplacePluginInstallResult, type MarketplacePluginManageAction, type MarketplacePluginManageRequest, type MarketplacePluginManageResult, type MarketplaceRecommendationView, type MarketplaceSkillInstallRequest, type MarketplaceSkillInstallResult, type MarketplaceSkillManageAction, type MarketplaceSkillManageRequest, type MarketplaceSkillManageResult, type MarketplaceSort, type ProviderConfigUpdate, type ProviderConfigView, type ProviderSpecView, type RuntimeConfigUpdate, type SecretProviderEnvView, type SecretProviderExecView, type SecretProviderFileView, type SecretProviderView, type SecretRefView, type SecretSourceView, type SecretsConfigUpdate, type SecretsView, type SessionConfigView, type SessionEntryView, type SessionHistoryView, type SessionMessageView, type SessionPatchUpdate, type SessionsListView, type UiChatRuntime, type UiServerEvent, type UiServerHandle, type UiServerOptions, buildConfigMeta, buildConfigSchemaView, buildConfigView, createUiRouter, deleteSession, executeConfigAction, getSessionHistory, listSessions, loadConfigOrDefault, patchSession, startUiServer, updateChannel, updateModel, updateProvider, updateRuntime, updateSecrets };

package/dist/index.js

@@ -23,6 +23,7 @@ import {
   buildConfigSchema,
   findProviderByName,
   getPackageVersion,
+  hasSecretRef,
   isSensitiveConfigPath,
   SessionManager,
   getWorkspacePathFromConfig
@@ -230,7 +231,9 @@ function maskApiKey(value) {
     apiKeyMasked: `${value.slice(0, 2)}****${value.slice(-4)}`
   };
 }
-function toProviderView(provider, providerName, uiHints, spec) {
+function toProviderView(config, provider, providerName, uiHints, spec) {
+  const apiKeyPath = `providers.${providerName}.apiKey`;
+  const apiKeyRefSet = hasSecretRef(config, apiKeyPath);
   const masked = maskApiKey(provider.apiKey);
   const extraHeaders = provider.extraHeaders && Object.keys(provider.extraHeaders).length > 0 ? sanitizePublicConfigValue(
     provider.extraHeaders,
@@ -238,8 +241,8 @@ function toProviderView(provider, providerName, uiHints, spec) {
     uiHints
   ) : null;
   const view = {
-    apiKeySet: masked.apiKeySet,
-    apiKeyMasked: masked.apiKeyMasked,
+    apiKeySet: masked.apiKeySet || apiKeyRefSet,
+    apiKeyMasked: masked.apiKeyMasked ?? (apiKeyRefSet ? "****" : void 0),
     apiBase: provider.apiBase ?? null,
     extraHeaders: extraHeaders && Object.keys(extraHeaders).length > 0 ? extraHeaders : null
   };
@@ -253,7 +256,7 @@ function buildConfigView(config) {
   const providers = {};
   for (const [name, provider] of Object.entries(config.providers)) {
     const spec = findProviderByName(name);
-    providers[name] = toProviderView(provider, name, uiHints, spec);
+    providers[name] = toProviderView(config, provider, name, uiHints, spec);
   }
   return {
     agents: config.agents,
@@ -267,9 +270,20 @@ function buildConfigView(config) {
     session: sanitizePublicConfigValue(config.session, "session", uiHints),
     tools: sanitizePublicConfigValue(config.tools, "tools", uiHints),
     gateway: sanitizePublicConfigValue(config.gateway, "gateway", uiHints),
-    ui: sanitizePublicConfigValue(config.ui, "ui", uiHints)
+    ui: sanitizePublicConfigValue(config.ui, "ui", uiHints),
+    secrets: {
+      enabled: config.secrets.enabled,
+      defaults: { ...config.secrets.defaults },
+      providers: { ...config.secrets.providers },
+      refs: { ...config.secrets.refs }
+    }
   };
 }
+function clearSecretRef(config, path) {
+  if (config.secrets.refs[path]) {
+    delete config.secrets.refs[path];
+  }
+}
 function buildConfigMeta(config) {
   const providers = PROVIDERS.map((spec) => ({
     name: spec.name,
@@ -369,6 +383,7 @@ function updateProvider(configPath, providerName, patch) {
   const spec = findProviderByName(providerName);
   if (Object.prototype.hasOwnProperty.call(patch, "apiKey")) {
     provider.apiKey = patch.apiKey ?? "";
+    clearSecretRef(config, `providers.${providerName}.apiKey`);
   }
   if (Object.prototype.hasOwnProperty.call(patch, "apiBase")) {
     provider.apiBase = patch.apiBase ?? null;
@@ -383,7 +398,7 @@ function updateProvider(configPath, providerName, patch) {
   saveConfig(next, configPath);
   const uiHints = buildUiHints(next);
   const updated = next.providers[providerName];
-  return toProviderView(updated, providerName, uiHints, spec ?? void 0);
+  return toProviderView(next, updated, providerName, uiHints, spec ?? void 0);
 }
 function updateChannel(configPath, channelName, patch) {
   const config = loadConfigOrDefault(configPath);
@@ -391,6 +406,12 @@ function updateChannel(configPath, channelName, patch) {
   if (!channel) {
     return null;
   }
+  for (const key of Object.keys(patch)) {
+    const path = `channels.${channelName}.${key}`;
+    if (isSensitivePath(path)) {
+      clearSecretRef(config, path);
+    }
+  }
   config.channels[channelName] = { ...channel, ...patch };
   const next = ConfigSchema.parse(config);
   saveConfig(next, configPath);
@@ -575,6 +596,41 @@ function updateRuntime(configPath, patch) {
     session: view.session ?? {}
   };
 }
+function updateSecrets(configPath, patch) {
+  const config = loadConfigOrDefault(configPath);
+  if (Object.prototype.hasOwnProperty.call(patch, "enabled")) {
+    config.secrets.enabled = Boolean(patch.enabled);
+  }
+  if (patch.defaults) {
+    const nextDefaults = { ...config.secrets.defaults };
+    for (const source of ["env", "file", "exec"]) {
+      if (!Object.prototype.hasOwnProperty.call(patch.defaults, source)) {
+        continue;
+      }
+      const value = patch.defaults[source];
+      if (typeof value === "string" && value.trim()) {
+        nextDefaults[source] = value.trim();
+      } else {
+        delete nextDefaults[source];
+      }
+    }
+    config.secrets.defaults = nextDefaults;
+  }
+  if (Object.prototype.hasOwnProperty.call(patch, "providers")) {
+    config.secrets.providers = patch.providers ?? {};
+  }
+  if (Object.prototype.hasOwnProperty.call(patch, "refs")) {
+    config.secrets.refs = patch.refs ?? {};
+  }
+  const next = ConfigSchema.parse(config);
+  saveConfig(next, configPath);
+  return {
+    enabled: next.secrets.enabled,
+    defaults: { ...next.secrets.defaults },
+    providers: { ...next.secrets.providers },
+    refs: { ...next.secrets.refs }
+  };
+}
 
 // src/ui/router.ts
 var DEFAULT_MARKETPLACE_API_BASE = "https://marketplace-api.nextclaw.io";
@@ -763,6 +819,24 @@ function resolveAgentIdFromSessionKey(sessionKey) {
   const agentId = readNonEmptyString(parsed?.agentId);
   return agentId;
 }
+function buildChatTurnView(params) {
+  const completedAt = /* @__PURE__ */ new Date();
+  return {
+    reply: String(params.result.reply ?? ""),
+    sessionKey: readNonEmptyString(params.result.sessionKey) ?? params.fallbackSessionKey,
+    ...readNonEmptyString(params.result.agentId) || params.requestedAgentId ? { agentId: readNonEmptyString(params.result.agentId) ?? params.requestedAgentId } : {},
+    ...readNonEmptyString(params.result.model) || params.requestedModel ? { model: readNonEmptyString(params.result.model) ?? params.requestedModel } : {},
+    requestedAt: params.requestedAt.toISOString(),
+    completedAt: completedAt.toISOString(),
+    durationMs: Math.max(0, completedAt.getTime() - params.startedAtMs)
+  };
+}
+function toSseFrame(event, data) {
+  return `event: ${event}
+data: ${JSON.stringify(data)}
+
+`;
+}
 function normalizeMarketplaceBaseUrl(options) {
   const fromOptions = options.marketplace?.apiBaseUrl?.trim();
   const fromEnv = process.env.NEXTCLAW_MARKETPLACE_API_BASE?.trim();
@@ -1506,6 +1580,15 @@ function createUiRouter(options) {
     options.publish({ type: "config.updated", payload: { path: `channels.${channel}` } });
     return c.json(ok(result));
   });
+  app.put("/api/config/secrets", async (c) => {
+    const body = await readJson(c.req.raw);
+    if (!body.ok) {
+      return c.json(err("INVALID_BODY", "invalid json body"), 400);
+    }
+    const result = updateSecrets(options.configPath, body.data);
+    options.publish({ type: "config.updated", payload: { path: "secrets" } });
+    return c.json(ok(result));
+  });
   app.post("/api/chat/turn", async (c) => {
     if (!options.chatRuntime) {
       return c.json(err("NOT_AVAILABLE", "chat runtime unavailable"), 503);
@@ -1535,22 +1618,134 @@ function createUiRouter(options) {
     };
     try {
       const result = await options.chatRuntime.processTurn(request);
-      const completedAt = /* @__PURE__ */ new Date();
-      const response = {
-        reply: String(result.reply ?? ""),
-        sessionKey: readNonEmptyString(result.sessionKey) ?? sessionKey,
-        ...readNonEmptyString(result.agentId) || requestedAgentId ? { agentId: readNonEmptyString(result.agentId) ?? requestedAgentId } : {},
-        ...readNonEmptyString(result.model) || requestedModel ? { model: readNonEmptyString(result.model) ?? requestedModel } : {},
-        requestedAt: requestedAt.toISOString(),
-        completedAt: completedAt.toISOString(),
-        durationMs: Math.max(0, completedAt.getTime() - startedAtMs)
-      };
+      const response = buildChatTurnView({
+        result,
+        fallbackSessionKey: sessionKey,
+        requestedAgentId,
+        requestedModel,
+        requestedAt,
+        startedAtMs
+      });
       options.publish({ type: "config.updated", payload: { path: "session" } });
       return c.json(ok(response));
     } catch (error) {
       return c.json(err("CHAT_TURN_FAILED", String(error)), 500);
     }
   });
+  app.post("/api/chat/turn/stream", async (c) => {
+    const chatRuntime = options.chatRuntime;
+    if (!chatRuntime) {
+      return c.json(err("NOT_AVAILABLE", "chat runtime unavailable"), 503);
+    }
+    const body = await readJson(c.req.raw);
+    if (!body.ok) {
+      return c.json(err("INVALID_BODY", "invalid json body"), 400);
+    }
+    const message = readNonEmptyString(body.data.message);
+    if (!message) {
+      return c.json(err("INVALID_BODY", "message is required"), 400);
+    }
+    const sessionKey = readNonEmptyString(body.data.sessionKey) ?? `ui:${Date.now().toString(36)}:${Math.random().toString(36).slice(2, 8)}`;
+    const requestedAt = /* @__PURE__ */ new Date();
+    const startedAtMs = requestedAt.getTime();
+    const metadata = isRecord(body.data.metadata) ? body.data.metadata : void 0;
+    const requestedAgentId = readNonEmptyString(body.data.agentId) ?? resolveAgentIdFromSessionKey(sessionKey);
+    const requestedModel = readNonEmptyString(body.data.model);
+    const request = {
+      message,
+      sessionKey,
+      channel: readNonEmptyString(body.data.channel) ?? "ui",
+      chatId: readNonEmptyString(body.data.chatId) ?? "web-ui",
+      ...requestedAgentId ? { agentId: requestedAgentId } : {},
+      ...requestedModel ? { model: requestedModel } : {},
+      ...metadata ? { metadata } : {}
+    };
+    const encoder = new TextEncoder();
+    const stream = new ReadableStream({
+      start: async (controller) => {
+        const push = (event, data) => {
+          controller.enqueue(encoder.encode(toSseFrame(event, data)));
+        };
+        try {
+          push("ready", {
+            sessionKey,
+            requestedAt: requestedAt.toISOString()
+          });
+          const streamTurn = chatRuntime.processTurnStream;
+          if (!streamTurn) {
+            const result = await chatRuntime.processTurn(request);
+            const response = buildChatTurnView({
+              result,
+              fallbackSessionKey: sessionKey,
+              requestedAgentId,
+              requestedModel,
+              requestedAt,
+              startedAtMs
+            });
+            push("final", response);
+            options.publish({ type: "config.updated", payload: { path: "session" } });
+            push("done", { ok: true });
+            return;
+          }
+          let hasFinal = false;
+          for await (const event of streamTurn(request)) {
+            const typed = event;
+            if (typed.type === "delta") {
+              if (typed.delta) {
+                push("delta", { delta: typed.delta });
+              }
+              continue;
+            }
+            if (typed.type === "final") {
+              const response = buildChatTurnView({
+                result: typed.result,
+                fallbackSessionKey: sessionKey,
+                requestedAgentId,
+                requestedModel,
+                requestedAt,
+                startedAtMs
+              });
+              hasFinal = true;
+              push("final", response);
+              options.publish({ type: "config.updated", payload: { path: "session" } });
+              continue;
+            }
+            if (typed.type === "error") {
+              push("error", {
+                code: "CHAT_TURN_FAILED",
+                message: typed.error
+              });
+              return;
+            }
+          }
+          if (!hasFinal) {
+            push("error", {
+              code: "CHAT_TURN_FAILED",
+              message: "stream ended without a final result"
+            });
+            return;
+          }
+          push("done", { ok: true });
+        } catch (error) {
+          push("error", {
+            code: "CHAT_TURN_FAILED",
+            message: String(error)
+          });
+        } finally {
+          controller.close();
+        }
+      }
+    });
+    return new Response(stream, {
+      status: 200,
+      headers: {
+        "Content-Type": "text/event-stream; charset=utf-8",
+        "Cache-Control": "no-cache, no-transform",
+        "Connection": "keep-alive",
+        "X-Accel-Buffering": "no"
+      }
+    });
+  });
   app.get("/api/sessions", (c) => {
     const query = c.req.query();
     const q = typeof query.q === "string" ? query.q : void 0;
@@ -1791,5 +1986,6 @@ export {
   updateChannel,
   updateModel,
   updateProvider,
-  updateRuntime
+  updateRuntime,
+  updateSecrets
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nextclaw/server",
-  "version": "0.5.17",
+  "version": "0.5.19",
   "private": false,
   "description": "Nextclaw UI/API server.",
   "type": "module",
@@ -18,7 +18,7 @@
     "@nextclaw/openclaw-compat": "^0.1.28",
     "hono": "^4.6.2",
     "ws": "^8.18.0",
-    "@nextclaw/core": "^0.6.34"
+    "@nextclaw/core": "^0.6.36"
   },
   "devDependencies": {
     "@types/node": "^20.17.6",