@nordbyte/nordrelay 0.4.0 → 0.5.0

package/dist/relay-runtime.js

@@ -6,6 +6,7 @@ import { buildFileInstructions, outboxPath, stageFile, } from "./attachments.js"
 import { CODEX_AGENT_CAPABILITIES, agentLabel, agentReasoningLabel, agentReasoningOptions, } from "./agent.js";
 import { getAgentDiagnostics, getExternalSnapshotForSession, } from "./agent-activity.js";
 import { listAgentAdapterDescriptors } from "./agent-adapter.js";
+import { AgentUpdateManager } from "./agent-updates.js";
 import { createAgentSessionService, enabledAgents } from "./agent-factory.js";
 import { AuditLogStore } from "./audit-log.js";
 import { checkAuthStatus, startLogin as startCodexLogin, startLogout as startCodexLogout } from "./codex-auth.js";
@@ -13,10 +14,10 @@ import { checkClaudeCodeAuthStatus, startClaudeCodeLogin, startClaudeCodeLogout
 import { friendlyErrorText } from "./error-messages.js";
 import { checkHermesAuthStatus, startHermesLogin, startHermesLogout } from "./hermes-auth.js";
 import { checkOpenClawAuthStatus } from "./openclaw-auth.js";
-import { getConnectorHealth, getVersionChecks, readConnectorState, readFormattedLogTail, spawnConnectorRestart, spawnSelfUpdate } from "./operations.js";
+import { clearLogFile, getAgentUpdateLogPath, getConnectorHealth, getConnectorLogPath, getPackageVersion, getUpdateLogPath, getVersionChecks, readConnectorState, readFormattedLogTail, spawnConnectorRestart, spawnSelfUpdate } from "./operations.js";
 import { checkPiAuthStatus } from "./pi-auth.js";
 import { PromptStore, toPromptEnvelope } from "./prompt-store.js";
-import { renderSessionInfoPlain } from "./session-format.js";
+import { renderSessionInfoPlain, renderSessionUsageRows } from "./session-format.js";
 import { SessionLockStore } from "./session-locks.js";
 import { SessionRegistry } from "./session-registry.js";
 import { transcribeAudio } from "./voice.js";
@@ -34,9 +35,11 @@ export class RelayRuntime {
     activityStore;
     auditStore;
     lockStore;
+    agentUpdates;
     subscribers = new Set();
     externalMonitor;
     draining = false;
+    externalMonitorRunning = false;
     currentTurnId = null;
     accumulatedText = "";
     currentTurnStartedAt = 0;
@@ -53,9 +56,12 @@ export class RelayRuntime {
         this.activityStore = new WebActivityStore(config.workspace, config.stateBackend, config.auditMaxEvents);
         this.auditStore = new AuditLogStore(config.workspace, config.stateBackend, config.auditMaxEvents);
         this.lockStore = new SessionLockStore(config.workspace, config.stateBackend);
+        this.agentUpdates = new AgentUpdateManager({
+            onUpdate: (job) => this.broadcast({ type: "agent_update", job }),
+        });
         if (config.codexExternalBusyCheckMs > 0) {
             this.externalMonitor = setInterval(() => {
-                void this.monitorExternalActivity().catch((error) => this.broadcastStatus(friendlyErrorText(error), "error"));
+                void this.monitorExternalActivitySafe();
             }, config.codexExternalBusyCheckMs);
             this.externalMonitor.unref?.();
         }
@@ -87,6 +93,15 @@ export class RelayRuntime {
             snapshot: await this.snapshot(),
         };
     }
+    async bootstrapStatus() {
+        return {
+            health: {
+                version: await getPackageVersion(),
+                state: await readConnectorState(),
+            },
+            snapshot: await this.snapshot(),
+        };
+    }
     async version() {
         return {
             health: await getConnectorHealth({ piCliPath: this.config.piCliPath, hermesCliPath: this.config.hermesCliPath, openClawCliPath: this.config.openClawCliPath, claudeCodeCliPath: this.config.claudeCodeCliPath }),
@@ -114,6 +129,57 @@ export class RelayRuntime {
         });
         return update;
     }
+    agentUpdateJobs() {
+        return this.agentUpdates.list();
+    }
+    startAgentUpdate(agentId) {
+        const job = this.agentUpdates.start(agentId, {
+            piCliPath: this.config.piCliPath,
+            hermesCliPath: this.config.hermesCliPath,
+            openClawCliPath: this.config.openClawCliPath,
+            claudeCodeCliPath: this.config.claudeCodeCliPath,
+        });
+        this.broadcastStatus(`${job.agentLabel} update started. Log: ${job.logPath}`, "warn");
+        this.appendActivity({
+            source: "web",
+            status: "info",
+            type: "agent_update_started",
+            agentId,
+            threadId: null,
+            workspace: this.config.workspace,
+            detail: `${job.method}: ${job.summary}`,
+        });
+        this.appendAudit({
+            action: "command",
+            status: "ok",
+            contextKey: WEB_CONTEXT_KEY,
+            agentId,
+            description: `update ${agentId}`,
+            detail: job.summary,
+        });
+        return job;
+    }
+    agentUpdateLog(id) {
+        return this.agentUpdates.readLog(id);
+    }
+    deleteAgentUpdateLog(id) {
+        const job = this.agentUpdates.deleteLog(id);
+        this.appendAudit({
+            action: "command",
+            status: "ok",
+            contextKey: WEB_CONTEXT_KEY,
+            agentId: job.agentId,
+            description: `delete update log ${id}`,
+            detail: job.logPath,
+        });
+        return job;
+    }
+    sendAgentUpdateInput(id, input) {
+        return this.agentUpdates.sendInput(id, input);
+    }
+    cancelAgentUpdate(id) {
+        return this.agentUpdates.cancel(id);
+    }
     async diagnostics() {
         return {
             health: await getConnectorHealth({ piCliPath: this.config.piCliPath, hermesCliPath: this.config.hermesCliPath, openClawCliPath: this.config.openClawCliPath, claudeCodeCliPath: this.config.claudeCodeCliPath }),
@@ -171,12 +237,8 @@ export class RelayRuntime {
     }
     permissions() {
         return {
-            telegramAllowAnyChat: this.config.telegramAllowAnyChat,
-            telegramAdminUserIds: this.config.telegramAdminUserIds,
-            telegramAllowedUserIds: this.config.telegramAllowedUserIds,
-            telegramReadOnlyUserIds: this.config.telegramReadOnlyUserIds,
-            telegramAllowedChatIds: this.config.telegramAllowedChatIds,
-            telegramRolePolicies: this.config.telegramRolePolicies,
+            mode: "users",
+            message: "Access is managed by NordRelay users, groups, Telegram identities, and Telegram chat access records.",
         };
     }
     tasks() {
@@ -380,9 +442,11 @@ export class RelayRuntime {
     async sessionDetail(threadId) {
         const session = await this.getSession(true);
         const record = session.getSessionRecord(threadId);
+        const active = this.publicInfo(session);
         return {
             record,
-            active: this.publicInfo(session),
+            active,
+            usageRows: active.threadId === threadId ? renderSessionUsageRows(active) : [],
             messages: this.chatStore.list(threadId, 100),
             activity: this.activity({ limit: 100 }).filter((event) => event.threadId === threadId),
         };
@@ -395,7 +459,8 @@ export class RelayRuntime {
         return { removed, messages };
     }
     activity(options = {}) {
-        return this.activityStore.list(options);
+        const currentInfo = this.registry.get(WEB_CONTEXT_KEY)?.getInfo();
+        return this.activityStore.list(options).map((event) => this.enrichActivityEvent(event, currentInfo));
     }
     async retry() {
         const cached = this.promptStore.getLastPrompt(WEB_CONTEXT_KEY);
@@ -442,25 +507,40 @@ export class RelayRuntime {
         });
         return result;
     }
-    async listSessions(limit = 80, query = "") {
-        return this.filteredSessions(await this.getSession(true), query, Math.max(1, limit * 3)).slice(0, limit);
+    async listSessions(limit = 80, query = "", agentId) {
+        const { session, dispose } = await this.getControlSession(agentId);
+        try {
+            return this.filteredSessions(session, query, Math.max(1, limit * 3)).slice(0, limit);
+        }
+        finally {
+            if (dispose) {
+                session.dispose();
+            }
+        }
     }
-    async listSessionsPage(page = 1, pageSize = MAX_WEB_SESSION_PAGE_SIZE, query = "") {
-        const session = await this.getSession(true);
-        const effectivePage = Math.max(1, Math.floor(page));
-        const effectivePageSize = Math.min(MAX_WEB_SESSION_PAGE_SIZE, Math.max(1, Math.floor(pageSize)));
-        const offset = (effectivePage - 1) * effectivePageSize;
-        const requested = Math.min(5_000, Math.max(100, (offset + effectivePageSize + 1) * 3));
-        const records = this.filteredSessions(session, query, requested);
-        return {
-            sessions: records.slice(offset, offset + effectivePageSize),
-            pagination: {
-                page: effectivePage,
-                pageSize: effectivePageSize,
-                hasPrevious: effectivePage > 1,
-                hasNext: records.length > offset + effectivePageSize,
-            },
-        };
+    async listSessionsPage(page = 1, pageSize = MAX_WEB_SESSION_PAGE_SIZE, query = "", agentId) {
+        const { session, dispose } = await this.getControlSession(agentId);
+        try {
+            const effectivePage = Math.max(1, Math.floor(page));
+            const effectivePageSize = Math.min(MAX_WEB_SESSION_PAGE_SIZE, Math.max(1, Math.floor(pageSize)));
+            const offset = (effectivePage - 1) * effectivePageSize;
+            const requested = Math.min(5_000, Math.max(100, (offset + effectivePageSize + 1) * 3));
+            const records = this.filteredSessions(session, query, requested);
+            return {
+                sessions: records.slice(offset, offset + effectivePageSize),
+                pagination: {
+                    page: effectivePage,
+                    pageSize: effectivePageSize,
+                    hasPrevious: effectivePage > 1,
+                    hasNext: records.length > offset + effectivePageSize,
+                },
+            };
+        }
+        finally {
+            if (dispose) {
+                session.dispose();
+            }
+        }
     }
     filteredSessions(session, query, limit) {
         const normalized = query.trim().toLowerCase();
@@ -814,11 +894,25 @@ export class RelayRuntime {
     }
     async logs(target = "connector", lines = 100) {
         if (target === "update") {
-            const { getUpdateLogPath } = await import("./operations.js");
             return readFormattedLogTail(lines, getUpdateLogPath());
         }
+        if (target === "agent-updates") {
+            return readFormattedLogTail(lines, getAgentUpdateLogPath());
+        }
         return readFormattedLogTail(lines);
     }
+    clearLogs(target = "connector") {
+        const result = clearLogFile(target === "update" ? getUpdateLogPath() : target === "agent-updates" ? getAgentUpdateLogPath() : getConnectorLogPath());
+        this.appendActivity({
+            source: "web",
+            status: "info",
+            type: "logs_cleared",
+            threadId: null,
+            workspace: this.config.workspace,
+            detail: `Cleared ${target} log.`,
+        });
+        return { ok: true, filePath: result.filePath, clearedAt: result.clearedAt.toISOString() };
+    }
     restartConnector() {
         spawnConnectorRestart();
         this.broadcastStatus("Restart requested. The dashboard may disconnect briefly.", "warn");
@@ -836,6 +930,7 @@ export class RelayRuntime {
         if (this.externalMonitor) {
             clearInterval(this.externalMonitor);
         }
+        this.agentUpdates.cancelAll();
         this.registry.disposeAll();
         this.subscribers.clear();
     }
@@ -923,6 +1018,21 @@ export class RelayRuntime {
         }
         mirror.lastLine = Math.max(mirror.lastLine, snapshot.lineCount);
     }
+    async monitorExternalActivitySafe() {
+        if (this.externalMonitorRunning) {
+            return;
+        }
+        this.externalMonitorRunning = true;
+        try {
+            await this.monitorExternalActivity();
+        }
+        catch (error) {
+            this.broadcastStatus(friendlyErrorText(error), "error");
+        }
+        finally {
+            this.externalMonitorRunning = false;
+        }
+    }
     startExternalTurn(snapshot) {
         const prompt = snapshot.latestUserMessage ?? `${snapshot.agentLabel} CLI task`;
         this.chatStore.append({
@@ -1254,10 +1364,28 @@ export class RelayRuntime {
         this.broadcast({ type: "session_update", session: this.publicInfo(session) });
     }
     appendActivity(input) {
-        const event = this.activityStore.append(input);
+        const event = this.activityStore.append(this.enrichActivityInput(input));
         this.broadcast({ type: "activity_update", events: this.activity({ limit: 50 }) });
         return event;
     }
+    enrichActivityInput(input) {
+        return this.enrichActivityFields(input);
+    }
+    enrichActivityEvent(event, info) {
+        return this.enrichActivityFields(event, info);
+    }
+    enrichActivityFields(event, info) {
+        if (!info) {
+            return !event.threadId && !event.workspace ? { ...event, workspace: this.config.workspace } : event;
+        }
+        if (event.threadId && info.threadId && event.threadId === info.threadId) {
+            return { ...event, workspace: event.workspace ?? info.workspace, agentId: event.agentId ?? info.agentId };
+        }
+        if (!event.threadId && !event.workspace) {
+            return { ...event, workspace: this.config.workspace };
+        }
+        return event;
+    }
     appendAudit(input) {
         return this.auditStore.append({ ...input, channelId: "web" });
     }

package/dist/session-format.js

@@ -17,13 +17,27 @@ export function renderSessionInfoPlain(info) {
         capabilities.fastMode
             ? `Reasoning/Fast: ${info.reasoningEffort ?? "(model default)"} / ${info.fastMode ? "on" : "off"}`
             : `${agentReasoningLabel(agentId)}: ${info.reasoningEffort ?? "(model default)"}`,
-        ...renderCodexUsagePlain(info, capabilities),
-        ...renderAgentUsagePlain(info, capabilities),
-        info.sessionTokens ? formatSessionTokensPlain(info.sessionTokens) : undefined,
+        ...renderSessionUsageRowsPlain(info),
     ]
         .filter((line) => Boolean(line))
         .join("\n");
 }
+export function renderSessionUsageRowsPlain(info) {
+    const capabilities = info.capabilities ?? CODEX_AGENT_CAPABILITIES;
+    return [
+        ...renderCodexUsagePlain(info, capabilities),
+        ...renderAgentUsagePlain(info, capabilities),
+        info.sessionTokens ? formatSessionTokensPlain(info.sessionTokens) : undefined,
+    ].filter((line) => Boolean(line));
+}
+export function renderSessionUsageRows(info) {
+    const capabilities = info.capabilities ?? CODEX_AGENT_CAPABILITIES;
+    return [
+        ...renderCodexUsageRows(info, capabilities),
+        ...renderAgentUsageRows(info, capabilities),
+        info.sessionTokens ? ["Session tokens", formatSessionTokensValue(info.sessionTokens)] : undefined,
+    ].filter((row) => Boolean(row));
+}
 export function renderSessionInfoHTML(info) {
     const capabilities = info.capabilities ?? CODEX_AGENT_CAPABILITIES;
     const agentId = info.agentId ?? "codex";
@@ -117,6 +131,37 @@ function renderCodexUsageHTML(info, capabilities) {
     }
     return lines;
 }
+function renderCodexUsageRows(info, capabilities) {
+    const usage = info.codexUsage;
+    if (!usage) {
+        return [];
+    }
+    const rows = [];
+    if (capabilities.usageStats && usage.contextUsedPercent !== null && usage.contextWindow !== null && usage.lastTokenUsage) {
+        rows.push([
+            "Context used",
+            `${formatPercent(usage.contextUsedPercent)} (${formatCompactTokenCount(usage.lastTokenUsage.totalTokens)} / ${formatCompactTokenCount(usage.contextWindow)})`,
+        ]);
+    }
+    if (capabilities.usageStats && usage.totalTokenUsage) {
+        rows.push([
+            "Tokens",
+            [
+                `in ${formatCompactTokenCount(usage.totalTokenUsage.inputTokens)}`,
+                `cached ${formatCompactTokenCount(usage.totalTokenUsage.cachedInputTokens)}`,
+                `out ${formatCompactTokenCount(usage.totalTokenUsage.outputTokens)}`,
+                `reasoning out ${formatCompactTokenCount(usage.totalTokenUsage.reasoningOutputTokens)}`,
+            ].join(" · "),
+        ]);
+    }
+    if (capabilities.subscriptionLimits) {
+        const limits = formatLimitsLeft(usage);
+        if (limits) {
+            rows.push(["Limits left", limits]);
+        }
+    }
+    return rows;
+}
 function renderAgentUsagePlain(info, capabilities) {
     if (!capabilities.usageStats) {
         return [];
@@ -159,6 +204,30 @@ function renderAgentUsageHTML(info, capabilities) {
     }
     return lines;
 }
+function renderAgentUsageRows(info, capabilities) {
+    if (!capabilities.usageStats) {
+        return [];
+    }
+    const rows = [];
+    if (info.contextUsage?.percent !== undefined && info.contextUsage.percent !== null) {
+        const contextWindow = info.contextUsage.contextWindow !== null && info.contextUsage.contextWindow !== undefined
+            ? ` (${formatCompactTokenCount(info.contextUsage.tokens ?? 0)} / ${formatCompactTokenCount(info.contextUsage.contextWindow)})`
+            : "";
+        rows.push(["Context used", `${formatPercent(info.contextUsage.percent)}${contextWindow}`]);
+    }
+    if (info.sessionUsage) {
+        rows.push([
+            "Tokens",
+            [
+                `in ${formatCompactTokenCount(info.sessionUsage.input)}`,
+                `cache read ${formatCompactTokenCount(info.sessionUsage.cacheRead)}`,
+                `cache write ${formatCompactTokenCount(info.sessionUsage.cacheWrite)}`,
+                `out ${formatCompactTokenCount(info.sessionUsage.output)}`,
+            ].join(" · "),
+        ]);
+    }
+    return rows;
+}
 function formatLimitsLeft(usage) {
     const parts = [];
     if (usage.rateLimits?.primary) {

package/dist/settings-service.js

@@ -1,119 +1,7 @@
 import { mkdir, readFile, writeFile } from "node:fs/promises";
 import path from "node:path";
-const SECRET_KEYS = new Set([
-    "TELEGRAM_BOT_TOKEN",
-    "CODEX_API_KEY",
-    "HERMES_API_KEY",
-    "OPENCLAW_GATEWAY_TOKEN",
-    "OPENCLAW_GATEWAY_PASSWORD",
-    "OPENAI_API_KEY",
-    "TELEGRAM_WEBHOOK_SECRET",
-    "NORDRELAY_DASHBOARD_TOKEN",
-    "NORDRELAY_DASHBOARD_PASSWORD",
-]);
-export const SETTING_DEFINITIONS = [
-    setting("TELEGRAM_BOT_TOKEN", "Telegram bot token", "Telegram", "secret", "BotFather token.", true),
-    setting("TELEGRAM_ADMIN_USER_IDS", "Telegram admin user IDs", "Telegram", "list", "Comma-separated Telegram users allowed to administer and use the bot.", true),
-    setting("TELEGRAM_ALLOWED_USER_IDS", "Allowed operator user IDs", "Telegram", "list", "Optional non-admin operators.", true),
-    setting("TELEGRAM_READONLY_USER_IDS", "Readonly user IDs", "Telegram", "list", "Users allowed to inspect but not mutate.", true),
-    setting("TELEGRAM_ALLOWED_CHAT_IDS", "Allowed chat IDs", "Telegram", "list", "Optional chat allowlist.", true),
-    setting("TELEGRAM_ALLOW_ANY_CHAT", "Allow any Telegram chat", "Telegram", "boolean", "Unsafe override; keep off for normal use.", true),
-    setting("TELEGRAM_ROLE_POLICIES_JSON", "Role policy JSON", "Telegram", "json", "Granular Telegram permission policy.", true),
-    setting("TELEGRAM_TRANSPORT", "Telegram transport", "Telegram", "string", "polling or webhook.", true, ["polling", "webhook"]),
-    setting("TELEGRAM_WEBHOOK_URL", "Webhook public URL", "Telegram", "string", "Public base URL for webhook mode.", true),
-    setting("TELEGRAM_WEBHOOK_HOST", "Webhook bind host", "Telegram", "string", "Local webhook bind host.", true),
-    setting("TELEGRAM_WEBHOOK_PORT", "Webhook bind port", "Telegram", "number", "Local webhook bind port.", true),
-    setting("TELEGRAM_WEBHOOK_PATH", "Webhook path", "Telegram", "string", "Webhook request path.", true),
-    setting("TELEGRAM_WEBHOOK_SECRET", "Webhook secret", "Telegram", "secret", "Optional Telegram webhook secret token.", true),
-    setting("NORDRELAY_CODEX_ENABLED", "Enable Codex", "Agents", "boolean", "Allow Codex sessions.", true),
-    setting("NORDRELAY_PI_ENABLED", "Enable Pi", "Agents", "boolean", "Allow Pi sessions.", true),
-    setting("NORDRELAY_HERMES_ENABLED", "Enable Hermes", "Agents", "boolean", "Allow Hermes sessions through the Hermes API Server.", true),
-    setting("NORDRELAY_OPENCLAW_ENABLED", "Enable OpenClaw", "Agents", "boolean", "Allow OpenClaw sessions through the OpenClaw Gateway.", true),
-    setting("NORDRELAY_CLAUDE_CODE_ENABLED", "Enable Claude Code", "Agents", "boolean", "Allow Claude Code sessions through the Claude Agent SDK.", true),
-    setting("NORDRELAY_DEFAULT_AGENT", "Default agent", "Agents", "string", "codex, pi, hermes, openclaw, or claude-code.", true, ["codex", "pi", "hermes", "openclaw", "claude-code"]),
-    setting("CODEX_API_KEY", "Codex API key", "Codex", "secret", "Optional Codex SDK API key.", true),
-    setting("CODEX_CLI_PATH", "Codex CLI path", "Codex", "string", "Optional explicit Codex executable path.", true),
-    setting("CODEX_USE_BUNDLED_CLI", "Use bundled Codex CLI", "Codex", "boolean", "Force SDK-bundled CLI instead of host CLI.", true),
-    setting("CODEX_MODEL", "Default Codex model", "Codex", "string", "Default model for new Codex threads.", false),
-    setting("CODEX_SYNC_INTERVAL_MS", "Codex sync interval", "Codex", "number", "Local state sync interval.", true),
-    setting("CODEX_EXTERNAL_BUSY_CHECK_MS", "External busy check", "Codex", "number", "External CLI busy polling interval.", true),
-    setting("CODEX_EXTERNAL_BUSY_STALE_MS", "External busy stale timeout", "Codex", "number", "External CLI stale timeout.", true),
-    setting("CODEX_SANDBOX_MODE", "Codex sandbox mode", "Codex", "string", "read-only, workspace-write, or danger-full-access.", true, ["read-only", "workspace-write", "danger-full-access"]),
-    setting("CODEX_APPROVAL_POLICY", "Codex approval policy", "Codex", "string", "never, on-request, on-failure, or untrusted.", true, ["never", "on-request", "on-failure", "untrusted"]),
-    setting("CODEX_LAUNCH_PROFILES_JSON", "Launch profiles JSON", "Codex", "json", "Additional launch profile definitions.", true),
-    setting("CODEX_DEFAULT_LAUNCH_PROFILE", "Default launch profile", "Codex", "string", "Launch profile ID used by default.", true),
-    setting("ENABLE_UNSAFE_LAUNCH_PROFILES", "Enable unsafe profiles", "Codex", "boolean", "Expose danger-full-access profiles.", true),
-    setting("PI_CLI_PATH", "Pi CLI path", "Pi", "string", "Optional Pi executable path.", true),
-    setting("PI_SESSION_DIR", "Pi session dir", "Pi", "string", "Optional Pi session directory.", true),
-    setting("PI_DEFAULT_MODEL", "Default Pi model", "Pi", "string", "Default Pi model slug.", false),
-    setting("PI_DEFAULT_THINKING", "Default Pi thinking", "Pi", "string", "off, minimal, low, medium, high, or xhigh.", false, ["off", "minimal", "low", "medium", "high", "xhigh"]),
-    setting("PI_DEFAULT_PROFILE", "Default Pi profile", "Pi", "string", "default, readonly, no-tools, offline, or safe-offline.", true, ["default", "readonly", "no-tools", "offline", "safe-offline"]),
-    setting("HERMES_CLI_PATH", "Hermes CLI path", "Hermes", "string", "Optional Hermes executable path.", true),
-    setting("HERMES_HOME", "Hermes home", "Hermes", "string", "Optional Hermes home directory. Defaults to ~/.hermes.", true),
-    setting("HERMES_STATE_DB_PATH", "Hermes state DB path", "Hermes", "string", "Optional explicit Hermes state.db path.", true),
-    setting("HERMES_API_BASE_URL", "Hermes API base URL", "Hermes", "string", "Hermes API Server base URL.", true),
-    setting("HERMES_API_KEY", "Hermes API key", "Hermes", "secret", "Bearer token for the Hermes API Server.", true),
-    setting("HERMES_DEFAULT_MODEL", "Default Hermes model", "Hermes", "string", "Default model label sent to Hermes API runs.", false),
-    setting("HERMES_DEFAULT_REASONING", "Default Hermes reasoning", "Hermes", "string", "none, minimal, low, medium, high, or xhigh.", false, ["none", "minimal", "low", "medium", "high", "xhigh"]),
-    setting("HERMES_DEFAULT_PROFILE", "Default Hermes profile", "Hermes", "string", "default, safe, readonly, or yolo.", true, ["default", "safe", "readonly", "yolo"]),
-    setting("OPENCLAW_CLI_PATH", "OpenClaw CLI path", "OpenClaw", "string", "Optional OpenClaw executable path.", true),
-    setting("OPENCLAW_GATEWAY_URL", "OpenClaw Gateway URL", "OpenClaw", "string", "OpenClaw Gateway WebSocket URL.", true),
-    setting("OPENCLAW_GATEWAY_TOKEN", "OpenClaw Gateway token", "OpenClaw", "secret", "Shared-secret token for the OpenClaw Gateway.", true),
-    setting("OPENCLAW_GATEWAY_PASSWORD", "OpenClaw Gateway password", "OpenClaw", "secret", "Shared-secret password for the OpenClaw Gateway.", true),
-    setting("OPENCLAW_AGENT_ID", "OpenClaw agent ID", "OpenClaw", "string", "Configured OpenClaw agent id, for example main or work.", false),
-    setting("OPENCLAW_HOME", "OpenClaw home", "OpenClaw", "string", "Optional OpenClaw home directory. Defaults to ~/.openclaw.", true),
-    setting("OPENCLAW_STATE_DIR", "OpenClaw state dir", "OpenClaw", "string", "Optional OpenClaw state directory.", true),
-    setting("OPENCLAW_DEFAULT_MODEL", "Default OpenClaw model", "OpenClaw", "string", "Default OpenClaw model id.", false),
-    setting("OPENCLAW_DEFAULT_THINKING", "Default OpenClaw thinking", "OpenClaw", "string", "off, minimal, low, medium, high, or xhigh.", false, ["off", "minimal", "low", "medium", "high", "xhigh"]),
-    setting("OPENCLAW_DEFAULT_PROFILE", "Default OpenClaw profile", "OpenClaw", "string", "default, safe, readonly, local, or deliver.", true, ["default", "safe", "readonly", "local", "deliver"]),
-    setting("CLAUDE_CODE_CLI_PATH", "Claude Code CLI path", "Claude Code", "string", "Optional Claude Code executable path. Defaults to claude on PATH or the SDK bundled runtime.", true),
-    setting("CLAUDE_CONFIG_DIR", "Claude config dir", "Claude Code", "string", "Optional Claude config directory. Defaults to ~/.claude.", true),
-    setting("CLAUDE_CODE_DEFAULT_MODEL", "Default Claude Code model", "Claude Code", "string", "Default Claude Code model alias or model id.", false),
-    setting("CLAUDE_CODE_DEFAULT_EFFORT", "Default Claude Code effort", "Claude Code", "string", "off, low, medium, high, or xhigh.", false, ["off", "low", "medium", "high", "xhigh"]),
-    setting("CLAUDE_CODE_DEFAULT_PROFILE", "Default Claude Code profile", "Claude Code", "string", "default, accept-edits, plan, readonly, no-tools, or bypass-permissions.", true, ["default", "accept-edits", "plan", "readonly", "no-tools", "bypass-permissions"]),
-    setting("CLAUDE_CODE_MAX_TURNS", "Claude Code max turns", "Claude Code", "number", "Maximum agentic turns for each Claude Code prompt.", false),
-    setting("CONNECTOR_LOG_FORMAT", "Log format", "Operations", "string", "text or json.", true, ["text", "json"]),
-    setting("TOOL_VERBOSITY", "Tool verbosity", "Operations", "string", "all, summary, errors-only, or none.", false, ["all", "summary", "errors-only", "none"]),
-    setting("SHOW_TURN_TOKEN_USAGE", "Show turn token usage", "Operations", "boolean", "Append per-turn token usage.", false),
-    setting("ENABLE_TELEGRAM_LOGIN", "Enable Telegram login", "Operations", "boolean", "Allow /login and /logout.", true),
-    setting("ENABLE_TELEGRAM_REACTIONS", "Enable Telegram reactions", "Operations", "boolean", "Send Telegram reactions.", true),
-    setting("TELEGRAM_RATE_LIMIT_MIN_INTERVAL_MS", "Telegram send interval", "Operations", "number", "Minimum send interval.", true),
-    setting("TELEGRAM_EDIT_MIN_INTERVAL_MS", "Telegram edit interval", "Operations", "number", "Minimum edit interval.", true),
-    setting("TELEGRAM_CLI_MIRROR_MODE", "CLI mirror mode", "Operations", "string", "off, status, final, or full.", false, ["off", "status", "final", "full"]),
-    setting("TELEGRAM_CLI_MIRROR_MIN_UPDATE_MS", "CLI mirror update interval", "Operations", "number", "Minimum mirrored edit interval.", true),
-    setting("TELEGRAM_NOTIFY_MODE", "Notify mode", "Operations", "string", "off, minimal, or all.", false, ["off", "minimal", "all"]),
-    setting("TELEGRAM_QUIET_HOURS", "Quiet hours", "Operations", "string", "HH-HH or blank.", false),
-    setting("TELEGRAM_REDACT_PATTERNS", "Redaction patterns", "Operations", "list", "Additional comma-separated regex patterns.", true),
-    setting("NORDRELAY_UPDATE_METHOD", "Update method", "Operations", "string", "auto, npm, or git.", true, ["auto", "npm", "git"]),
-    setting("MAX_FILE_SIZE", "Max file size", "Artifacts", "number", "Max inbound/outbound file size.", true),
-    setting("ARTIFACT_RETENTION_DAYS", "Artifact retention days", "Artifacts", "number", "Days before pruning.", true),
-    setting("ARTIFACT_MAX_TURNS", "Max artifact turns", "Artifacts", "number", "Maximum artifact turns retained.", true),
-    setting("ARTIFACT_MAX_INBOX_DIRS", "Max inbox dirs", "Artifacts", "number", "Maximum inbox dirs retained.", true),
-    setting("ARTIFACT_IGNORE_DIRS", "Artifact ignore dirs", "Artifacts", "list", "Extra ignored dirs or relative paths.", true),
-    setting("ARTIFACT_IGNORE_GLOBS", "Artifact ignore globs", "Artifacts", "list", "Extra ignored glob patterns.", true),
-    setting("TELEGRAM_AUTO_SEND_ARTIFACTS", "Auto-send artifacts", "Artifacts", "boolean", "Automatically send artifact files.", false),
-    setting("WORKSPACE_ALLOWED_ROOTS", "Workspace allowed roots", "Workspace", "list", "Restrict selectable workspaces.", true),
-    setting("WORKSPACE_WARN_ROOTS", "Workspace warn roots", "Workspace", "list", "Warn for broad workspace roots.", true),
-    setting("NORDRELAY_STATE_BACKEND", "State backend", "Workspace", "string", "json or sqlite.", true, ["json", "sqlite"]),
-    setting("NORDRELAY_AUDIT_MAX_EVENTS", "Audit max events", "Workspace", "number", "Retained audit events.", true),
-    setting("NORDRELAY_SESSION_LOCK_TTL_MS", "Session lock TTL", "Workspace", "number", "Write-lock TTL.", true),
-    setting("NORDRELAY_VERSION_CACHE_TTL_MS", "Version cache TTL", "Workspace", "number", "NPM version cache TTL.", true),
-    setting("OPENAI_API_KEY", "OpenAI API key", "Voice", "secret", "Whisper fallback API key.", true),
-    setting("VOICE_PREFERRED_BACKEND", "Voice backend", "Voice", "string", "auto, parakeet, faster-whisper, or openai.", false, ["auto", "parakeet", "faster-whisper", "openai"]),
-    setting("VOICE_DEFAULT_LANGUAGE", "Voice language", "Voice", "string", "Default transcription language.", false),
-    setting("VOICE_TRANSCRIBE_ONLY", "Voice transcribe only", "Voice", "boolean", "Do not send voice transcripts as prompts.", false),
-    setting("FASTER_WHISPER_PYTHON", "faster-whisper Python", "Voice", "string", "Python executable.", true),
-    setting("FASTER_WHISPER_MODEL", "faster-whisper model", "Voice", "string", "Model name.", true),
-    setting("FASTER_WHISPER_DEVICE", "faster-whisper device", "Voice", "string", "cpu, cuda, etc.", true),
-    setting("FASTER_WHISPER_COMPUTE_TYPE", "faster-whisper compute type", "Voice", "string", "int8, float16, etc.", true),
-    setting("FASTER_WHISPER_LANGUAGE", "faster-whisper language", "Voice", "string", "Fixed transcription language.", true),
-    setting("FASTER_WHISPER_TIMEOUT_MS", "faster-whisper timeout", "Voice", "number", "Transcription timeout.", true),
-    setting("NORDRELAY_DASHBOARD_TOKEN", "Dashboard token", "Dashboard", "secret", "Bearer/login token for WebUI.", true),
-    setting("NORDRELAY_DASHBOARD_USER", "Dashboard user", "Dashboard", "string", "Optional Basic Auth user.", true),
-    setting("NORDRELAY_DASHBOARD_PASSWORD", "Dashboard password", "Dashboard", "secret", "Optional Basic Auth password.", true),
-    setting("NORDRELAY_DASHBOARD_HOST", "Dashboard host", "Dashboard", "string", "WebUI bind host.", true),
-    setting("NORDRELAY_DASHBOARD_PORT", "Dashboard port", "Dashboard", "number", "WebUI bind port.", true),
-];
+import { SECRET_KEYS, SETTING_DEFINITIONS } from "./config-metadata.js";
+export { SETTING_DEFINITIONS } from "./config-metadata.js";
 export class SettingsService {
     envPath;
     constructor(envPath) {
@@ -193,9 +81,6 @@ export function maskSecret(value) {
     }
     return `${value.slice(0, 4)}...${value.slice(-4)}`;
 }
-function setting(key, label, group, kind, description, restartRequired, options) {
-    return { key, label, group, kind, description, restartRequired, options };
-}
 function validateSettingValue(definition, value) {
     if (definition.kind === "number" && !Number.isFinite(Number(value))) {
         return "Must be a number.";