@nordbyte/nordrelay 0.3.1 → 0.4.0

package/dist/config.js

@@ -1,7 +1,7 @@
 import { existsSync, readFileSync } from "node:fs";
 import path from "node:path";
 import { createBuiltinLaunchProfiles, createDefaultLaunchProfile, findLaunchProfile, isCodexApprovalPolicy, isCodexSandboxMode, parseLaunchProfilesJson, } from "./codex-launch.js";
-import { isAgentId, PI_THINKING_LEVELS } from "./agent.js";
+import { CLAUDE_CODE_EFFORT_LEVELS, HERMES_REASONING_EFFORTS, OPENCLAW_THINKING_LEVELS, isAgentId, PI_THINKING_LEVELS, } from "./agent.js";
 import { parseRolePoliciesJson, } from "./access-control.js";
 import { parseMirrorMode, parseNotifyMode, parseQuietHours, parseVoiceBackendPreference, } from "./bot-preferences.js";
 export function loadConfig() {
@@ -53,12 +53,40 @@ export function loadConfig() {
     const launchProfiles = parseLaunchProfiles(optionalString(process.env.CODEX_LAUNCH_PROFILES_JSON), codexSandboxMode, codexApprovalPolicy, enableUnsafeLaunchProfiles);
     const defaultLaunchProfileId = parseDefaultLaunchProfileId(optionalString(process.env.CODEX_DEFAULT_LAUNCH_PROFILE), launchProfiles);
     const piEnabled = parseBooleanEnv(optionalString(process.env.NORDRELAY_PI_ENABLED), false);
-    ensureAtLeastOneAgentEnabled(codexEnabled, piEnabled);
     const piCliPath = optionalString(process.env.PI_CLI_PATH);
     const piSessionDir = optionalString(process.env.PI_SESSION_DIR);
     const piDefaultModel = optionalString(process.env.PI_DEFAULT_MODEL);
     const piDefaultThinking = parsePiThinkingLevel(optionalString(process.env.PI_DEFAULT_THINKING));
-    const defaultAgent = parseDefaultAgent(optionalString(process.env.NORDRELAY_DEFAULT_AGENT), codexEnabled, piEnabled);
+    const piDefaultLaunchProfileId = optionalString(process.env.PI_DEFAULT_PROFILE) ?? "default";
+    const hermesEnabled = parseBooleanEnv(optionalString(process.env.NORDRELAY_HERMES_ENABLED), false);
+    const hermesCliPath = optionalString(process.env.HERMES_CLI_PATH);
+    const hermesHome = optionalString(process.env.HERMES_HOME);
+    const hermesStateDbPath = optionalString(process.env.HERMES_STATE_DB_PATH);
+    const hermesApiBaseUrl = optionalString(process.env.HERMES_API_BASE_URL) ?? "http://127.0.0.1:8642";
+    const hermesApiKey = optionalString(process.env.HERMES_API_KEY);
+    const hermesDefaultModel = optionalString(process.env.HERMES_DEFAULT_MODEL);
+    const hermesDefaultReasoning = parseHermesReasoningEffort(optionalString(process.env.HERMES_DEFAULT_REASONING));
+    const hermesDefaultLaunchProfileId = optionalString(process.env.HERMES_DEFAULT_PROFILE) ?? "default";
+    const openClawEnabled = parseBooleanEnv(optionalString(process.env.NORDRELAY_OPENCLAW_ENABLED), false);
+    const openClawCliPath = optionalString(process.env.OPENCLAW_CLI_PATH);
+    const openClawGatewayUrl = optionalString(process.env.OPENCLAW_GATEWAY_URL) ?? "ws://127.0.0.1:18789";
+    const openClawGatewayToken = optionalString(process.env.OPENCLAW_GATEWAY_TOKEN);
+    const openClawGatewayPassword = optionalString(process.env.OPENCLAW_GATEWAY_PASSWORD);
+    const openClawAgentId = optionalString(process.env.OPENCLAW_AGENT_ID) ?? "main";
+    const openClawHome = optionalString(process.env.OPENCLAW_HOME);
+    const openClawStateDir = optionalString(process.env.OPENCLAW_STATE_DIR);
+    const openClawDefaultModel = optionalString(process.env.OPENCLAW_DEFAULT_MODEL);
+    const openClawDefaultThinking = parseOpenClawThinkingLevel(optionalString(process.env.OPENCLAW_DEFAULT_THINKING));
+    const openClawDefaultLaunchProfileId = optionalString(process.env.OPENCLAW_DEFAULT_PROFILE) ?? "default";
+    const claudeCodeEnabled = parseBooleanEnv(optionalString(process.env.NORDRELAY_CLAUDE_CODE_ENABLED), false);
+    ensureAtLeastOneAgentEnabled(codexEnabled, piEnabled, hermesEnabled, openClawEnabled, claudeCodeEnabled);
+    const claudeCodeCliPath = optionalString(process.env.CLAUDE_CODE_CLI_PATH);
+    const claudeCodeConfigDir = optionalString(process.env.CLAUDE_CONFIG_DIR);
+    const claudeCodeDefaultModel = optionalString(process.env.CLAUDE_CODE_DEFAULT_MODEL);
+    const claudeCodeDefaultEffort = parseClaudeCodeEffort(optionalString(process.env.CLAUDE_CODE_DEFAULT_EFFORT));
+    const claudeCodeDefaultLaunchProfileId = optionalString(process.env.CLAUDE_CODE_DEFAULT_PROFILE) ?? "default";
+    const claudeCodeMaxTurns = parsePositiveIntegerEnv(optionalString(process.env.CLAUDE_CODE_MAX_TURNS), 100, "CLAUDE_CODE_MAX_TURNS");
+    const defaultAgent = parseDefaultAgent(optionalString(process.env.NORDRELAY_DEFAULT_AGENT), codexEnabled, piEnabled, hermesEnabled, openClawEnabled, claudeCodeEnabled);
     const toolVerbosity = parseToolVerbosity(optionalString(process.env.TOOL_VERBOSITY));
     const logFormat = parseLogFormat(optionalString(process.env.CONNECTOR_LOG_FORMAT));
     const showTurnTokenUsage = parseBooleanEnv(optionalString(process.env.SHOW_TURN_TOKEN_USAGE), false);
@@ -124,6 +152,34 @@ export function loadConfig() {
         piSessionDir,
         piDefaultModel,
         piDefaultThinking,
+        piDefaultLaunchProfileId,
+        hermesEnabled,
+        hermesCliPath,
+        hermesHome,
+        hermesStateDbPath,
+        hermesApiBaseUrl,
+        hermesApiKey,
+        hermesDefaultModel,
+        hermesDefaultReasoning,
+        hermesDefaultLaunchProfileId,
+        openClawEnabled,
+        openClawCliPath,
+        openClawGatewayUrl,
+        openClawGatewayToken,
+        openClawGatewayPassword,
+        openClawAgentId,
+        openClawHome,
+        openClawStateDir,
+        openClawDefaultModel,
+        openClawDefaultThinking,
+        openClawDefaultLaunchProfileId,
+        claudeCodeEnabled,
+        claudeCodeCliPath,
+        claudeCodeConfigDir,
+        claudeCodeDefaultModel,
+        claudeCodeDefaultEffort,
+        claudeCodeDefaultLaunchProfileId,
+        claudeCodeMaxTurns,
         defaultAgent,
         toolVerbosity,
         logFormat,
@@ -400,17 +456,25 @@ function parseDefaultLaunchProfileId(raw, launchProfiles) {
     }
     return profile.id;
 }
-function ensureAtLeastOneAgentEnabled(codexEnabled, piEnabled) {
-    if (!codexEnabled && !piEnabled) {
-        throw new Error("At least one agent must be enabled: set NORDRELAY_CODEX_ENABLED=true or NORDRELAY_PI_ENABLED=true");
+function ensureAtLeastOneAgentEnabled(codexEnabled, piEnabled, hermesEnabled = false, openClawEnabled = false, claudeCodeEnabled = false) {
+    if (!codexEnabled && !piEnabled && !hermesEnabled && !openClawEnabled && !claudeCodeEnabled) {
+        throw new Error("At least one agent must be enabled: set NORDRELAY_CODEX_ENABLED=true, NORDRELAY_PI_ENABLED=true, NORDRELAY_HERMES_ENABLED=true, NORDRELAY_OPENCLAW_ENABLED=true, or NORDRELAY_CLAUDE_CODE_ENABLED=true");
     }
 }
-function parseDefaultAgent(raw, codexEnabled, piEnabled) {
+function parseDefaultAgent(raw, codexEnabled, piEnabled, hermesEnabled, openClawEnabled, claudeCodeEnabled) {
     if (!raw) {
-        return codexEnabled ? "codex" : "pi";
+        if (codexEnabled)
+            return "codex";
+        if (piEnabled)
+            return "pi";
+        if (hermesEnabled)
+            return "hermes";
+        if (openClawEnabled)
+            return "openclaw";
+        return "claude-code";
     }
     if (!isAgentId(raw)) {
-        throw new Error(`Invalid NORDRELAY_DEFAULT_AGENT: ${raw}. Expected codex or pi`);
+        throw new Error(`Invalid NORDRELAY_DEFAULT_AGENT: ${raw}. Expected codex, pi, hermes, openclaw, or claude-code`);
     }
     if (raw === "codex" && !codexEnabled) {
         throw new Error("NORDRELAY_DEFAULT_AGENT=codex requires NORDRELAY_CODEX_ENABLED=true");
@@ -418,6 +482,15 @@ function parseDefaultAgent(raw, codexEnabled, piEnabled) {
     if (raw === "pi" && !piEnabled) {
         throw new Error("NORDRELAY_DEFAULT_AGENT=pi requires NORDRELAY_PI_ENABLED=true");
     }
+    if (raw === "hermes" && !hermesEnabled) {
+        throw new Error("NORDRELAY_DEFAULT_AGENT=hermes requires NORDRELAY_HERMES_ENABLED=true");
+    }
+    if (raw === "openclaw" && !openClawEnabled) {
+        throw new Error("NORDRELAY_DEFAULT_AGENT=openclaw requires NORDRELAY_OPENCLAW_ENABLED=true");
+    }
+    if (raw === "claude-code" && !claudeCodeEnabled) {
+        throw new Error("NORDRELAY_DEFAULT_AGENT=claude-code requires NORDRELAY_CLAUDE_CODE_ENABLED=true");
+    }
     return raw;
 }
 function parsePiThinkingLevel(raw) {
@@ -430,3 +503,34 @@ function parsePiThinkingLevel(raw) {
     console.warn(`Invalid PI_DEFAULT_THINKING value: "${raw}". Expected one of: ${PI_THINKING_LEVELS.join(", ")}. Falling back to "medium".`);
     return "medium";
 }
+function parseHermesReasoningEffort(raw) {
+    if (!raw) {
+        return undefined;
+    }
+    const normalized = raw === "off" ? "none" : raw;
+    if (HERMES_REASONING_EFFORTS.includes(normalized)) {
+        return normalized;
+    }
+    console.warn(`Invalid HERMES_DEFAULT_REASONING value: "${raw}". Expected one of: ${HERMES_REASONING_EFFORTS.join(", ")}. Falling back to model default.`);
+    return undefined;
+}
+function parseOpenClawThinkingLevel(raw) {
+    if (!raw) {
+        return undefined;
+    }
+    if (OPENCLAW_THINKING_LEVELS.includes(raw)) {
+        return raw;
+    }
+    console.warn(`Invalid OPENCLAW_DEFAULT_THINKING value: "${raw}". Expected one of: ${OPENCLAW_THINKING_LEVELS.join(", ")}. Falling back to OpenClaw default.`);
+    return undefined;
+}
+function parseClaudeCodeEffort(raw) {
+    if (!raw) {
+        return undefined;
+    }
+    if (CLAUDE_CODE_EFFORT_LEVELS.includes(raw)) {
+        return raw;
+    }
+    console.warn(`Invalid CLAUDE_CODE_DEFAULT_EFFORT value: "${raw}". Expected one of: ${CLAUDE_CODE_EFFORT_LEVELS.join(", ")}. Falling back to Claude Code default.`);
+    return undefined;
+}

package/dist/hermes-api.js

@@ -0,0 +1,150 @@
+export class HermesApiClient {
+    options;
+    fetchImpl;
+    baseUrl;
+    constructor(options) {
+        this.options = options;
+        this.fetchImpl = options.fetchImpl ?? fetch;
+        this.baseUrl = options.baseUrl.replace(/\/+$/, "");
+    }
+    async health() {
+        return this.getJson("/health");
+    }
+    async detailedHealth() {
+        return this.getJson("/health/detailed");
+    }
+    async capabilities() {
+        return this.getJson("/v1/capabilities", true);
+    }
+    async models() {
+        const payload = await this.getJson("/v1/models", true);
+        return (payload.data ?? [])
+            .map((model) => ({
+            id: typeof model.id === "string" ? model.id : "",
+            ownedBy: typeof model.owned_by === "string" ? model.owned_by : undefined,
+        }))
+            .filter((model) => model.id);
+    }
+    async startRun(request, sessionKey) {
+        return this.postJson("/v1/runs", request, { sessionKey, expectStatus: [202] });
+    }
+    async getRun(runId) {
+        return this.getJson(`/v1/runs/${encodeURIComponent(runId)}`, true);
+    }
+    async stopRun(runId) {
+        await this.postJson(`/v1/runs/${encodeURIComponent(runId)}/stop`, {}, { expectStatus: [200, 202, 404] });
+    }
+    async approveRun(runId, choice) {
+        await this.postJson(`/v1/runs/${encodeURIComponent(runId)}/approval`, { choice }, { expectStatus: [200, 409, 404] });
+    }
+    async streamRunEvents(runId, onEvent, signal) {
+        const response = await this.fetchImpl(`${this.baseUrl}/v1/runs/${encodeURIComponent(runId)}/events`, {
+            method: "GET",
+            headers: this.headers(true),
+            signal,
+        });
+        if (!response.ok) {
+            throw new Error(await this.formatHttpError(response));
+        }
+        if (!response.body) {
+            throw new Error("Hermes run event stream is empty");
+        }
+        const reader = response.body.getReader();
+        const decoder = new TextDecoder();
+        let buffer = "";
+        try {
+            while (true) {
+                const { done, value } = await reader.read();
+                if (done) {
+                    break;
+                }
+                buffer += decoder.decode(value, { stream: true });
+                const parts = buffer.split(/\n\n/);
+                buffer = parts.pop() ?? "";
+                for (const part of parts) {
+                    const event = parseSseEvent(part);
+                    if (event) {
+                        onEvent(event);
+                    }
+                }
+            }
+            buffer += decoder.decode();
+            const trailing = parseSseEvent(buffer);
+            if (trailing) {
+                onEvent(trailing);
+            }
+        }
+        finally {
+            reader.releaseLock();
+        }
+    }
+    async getJson(path, authenticated = false) {
+        const response = await this.fetchImpl(`${this.baseUrl}${path}`, {
+            method: "GET",
+            headers: this.headers(authenticated),
+        });
+        if (!response.ok) {
+            throw new Error(await this.formatHttpError(response));
+        }
+        return response.json();
+    }
+    async postJson(path, payload, options = {}) {
+        const response = await this.fetchImpl(`${this.baseUrl}${path}`, {
+            method: "POST",
+            headers: this.headers(true, options.sessionKey),
+            body: JSON.stringify(payload),
+        });
+        const expected = options.expectStatus ?? [200];
+        if (!expected.includes(response.status)) {
+            throw new Error(await this.formatHttpError(response));
+        }
+        const text = await response.text();
+        return text.trim() ? JSON.parse(text) : {};
+    }
+    headers(authenticated, sessionKey) {
+        const headers = {
+            accept: "application/json",
+            "content-type": "application/json",
+        };
+        if (authenticated && this.options.apiKey) {
+            headers.authorization = `Bearer ${this.options.apiKey}`;
+        }
+        if (sessionKey) {
+            headers["x-hermes-session-key"] = sessionKey;
+        }
+        return headers;
+    }
+    async formatHttpError(response) {
+        const text = await response.text().catch(() => "");
+        if (!text.trim()) {
+            return `Hermes API request failed: HTTP ${response.status}`;
+        }
+        try {
+            const parsed = JSON.parse(text);
+            const message = typeof parsed.error?.message === "string" ? parsed.error.message : text;
+            const code = typeof parsed.error?.code === "string" ? ` (${parsed.error.code})` : "";
+            return `Hermes API request failed: ${message}${code}`;
+        }
+        catch {
+            return `Hermes API request failed: ${text}`;
+        }
+    }
+}
+function parseSseEvent(raw) {
+    const data = raw
+        .split(/\r?\n/)
+        .filter((line) => line.startsWith("data:"))
+        .map((line) => line.slice(5).trimStart())
+        .join("\n")
+        .trim();
+    if (!data) {
+        return null;
+    }
+    try {
+        const parsed = JSON.parse(data);
+        return parsed && typeof parsed === "object" ? parsed : null;
+    }
+    catch {
+        return null;
+    }
+}

package/dist/hermes-auth.js

@@ -0,0 +1,96 @@
+import { execFile } from "node:child_process";
+import { HermesApiClient } from "./hermes-api.js";
+const COMMAND_TIMEOUT_MS = 10_000;
+const LOGIN_TIMEOUT_MS = 5 * 60_000;
+export async function checkHermesAuthStatus(options) {
+    const client = new HermesApiClient(options);
+    try {
+        await client.capabilities();
+        return {
+            authenticated: true,
+            method: options.apiKey ? "api-key" : "local-api",
+            detail: `Hermes API server reachable at ${options.baseUrl}`,
+        };
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+            authenticated: false,
+            method: options.apiKey ? "api-key" : "local-api",
+            detail: message,
+        };
+    }
+}
+export async function startHermesLogin(cliPath) {
+    try {
+        const { stdout, stderr } = await runHermesCommand(cliPath ?? "hermes", ["login", "--no-browser"], LOGIN_TIMEOUT_MS);
+        const output = [stdout, stderr].filter(Boolean).join("\n").trim();
+        return {
+            success: true,
+            message: output || "Hermes login completed.",
+        };
+    }
+    catch (error) {
+        return {
+            success: false,
+            message: extractCommandError(error) || "Hermes login failed. Run 'hermes login --no-browser' on the host.",
+        };
+    }
+}
+export async function startHermesLogout(cliPath) {
+    try {
+        const { stdout, stderr } = await runHermesCommand(cliPath ?? "hermes", ["logout"], COMMAND_TIMEOUT_MS);
+        const output = [stdout, stderr].filter(Boolean).join("\n").trim();
+        return {
+            success: true,
+            message: output || "Logged out from Hermes.",
+        };
+    }
+    catch (error) {
+        return {
+            success: false,
+            message: extractCommandError(error) || "Hermes logout failed. Run 'hermes logout' on the host.",
+        };
+    }
+}
+function runHermesCommand(command, args, timeout) {
+    return new Promise((resolve, reject) => {
+        execFile(command, args, {
+            encoding: "utf8",
+            timeout,
+            windowsHide: true,
+            env: { ...process.env },
+            maxBuffer: 1024 * 1024,
+        }, (error, stdout, stderr) => {
+            if (error) {
+                const enriched = error;
+                enriched.stdout = typeof stdout === "string" ? stdout : "";
+                enriched.stderr = typeof stderr === "string" ? stderr : "";
+                reject(enriched);
+                return;
+            }
+            resolve({
+                stdout: typeof stdout === "string" ? stdout : "",
+                stderr: typeof stderr === "string" ? stderr : "",
+            });
+        });
+    });
+}
+function extractCommandError(error) {
+    if (typeof error === "object" && error !== null) {
+        const enriched = error;
+        const stderr = enriched.stderr?.trim();
+        if (stderr)
+            return stderr;
+        const stdout = enriched.stdout?.trim();
+        if (stdout)
+            return stdout;
+        if (enriched.code === "ENOENT")
+            return "Hermes CLI not found. Install Hermes or set HERMES_CLI_PATH.";
+        if (enriched.signal)
+            return `Command terminated with signal ${enriched.signal}.`;
+        if (enriched.message)
+            return enriched.message;
+    }
+    return error instanceof Error ? error.message : String(error);
+}

package/dist/hermes-cli.js

@@ -0,0 +1,19 @@
+import { findExecutableOnPath } from "./codex-cli.js";
+export function resolveHermesCli(env = process.env, explicitPath) {
+    const configuredPath = optionalString(explicitPath) ?? optionalString(env.HERMES_CLI_PATH);
+    if (configuredPath) {
+        return { path: configuredPath, source: "env" };
+    }
+    const pathMatch = findExecutableOnPath("hermes", env.PATH);
+    return pathMatch ? { path: pathMatch, source: "path" } : { source: "missing" };
+}
+export function describeHermesCli(resolution) {
+    if (resolution.path) {
+        return `${resolution.source} (${resolution.path})`;
+    }
+    return "missing";
+}
+function optionalString(value) {
+    const trimmed = value?.trim();
+    return trimmed ? trimmed : undefined;
+}

package/dist/hermes-launch.js

@@ -0,0 +1,57 @@
+import { createLaunchProfile } from "./codex-launch.js";
+export const HERMES_LAUNCH_PROFILES = [
+    {
+        id: "default",
+        label: "Default",
+        behavior: "Hermes API server defaults / auto-approve once",
+        unsafe: false,
+        approvalChoice: "once",
+    },
+    {
+        id: "safe",
+        label: "Safe",
+        behavior: "normal tools / deny dangerous approvals",
+        unsafe: false,
+        approvalChoice: "deny",
+        instructions: "Do not perform destructive operations. If a dangerous action requires approval, stop and explain what needs approval.",
+    },
+    {
+        id: "readonly",
+        label: "Read Only",
+        behavior: "read-only intent / deny dangerous approvals",
+        unsafe: false,
+        approvalChoice: "deny",
+        instructions: "Treat this run as read-only. Inspect, explain, and plan, but do not modify files or execute destructive commands.",
+    },
+    {
+        id: "yolo",
+        label: "YOLO",
+        behavior: "auto-approve for session",
+        unsafe: true,
+        approvalChoice: "session",
+        instructions: "Proceed autonomously within the configured Hermes API-server runtime.",
+    },
+];
+export function listHermesLaunchProfiles() {
+    return HERMES_LAUNCH_PROFILES.map((profile) => ({
+        id: profile.id,
+        label: profile.label,
+        behavior: profile.behavior,
+        unsafe: profile.unsafe,
+    }));
+}
+export function findHermesLaunchProfile(profileId) {
+    const profile = HERMES_LAUNCH_PROFILES.find((candidate) => candidate.id === profileId);
+    if (profile) {
+        return profile;
+    }
+    return HERMES_LAUNCH_PROFILES[0];
+}
+export function hermesProfileAsLaunchProfile(profile) {
+    return createLaunchProfile({
+        id: profile.id,
+        label: profile.label,
+        sandboxMode: profile.unsafe ? "danger-full-access" : "workspace-write",
+        approvalPolicy: profile.unsafe ? "never" : "on-request",
+    });
+}