@nordsym/apiclaw 1.5.13 → 1.5.15

package/dist/src/credentials.js

@@ -0,0 +1,357 @@
+// Real credential providers for APIClaw Connected tier
+// Reads from environment variables or ~/.secrets/
+import { readFileSync, existsSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+// Load env file helper
+function loadEnvFile(filename) {
+    const paths = [
+        join(homedir(), '.secrets', filename),
+        join(process.cwd(), filename),
+        join(process.cwd(), '.env.local'),
+    ];
+    for (const path of paths) {
+        if (existsSync(path)) {
+            const content = readFileSync(path, 'utf-8');
+            const vars = {};
+            for (const line of content.split('\n')) {
+                const match = line.match(/^([^=]+)=(.*)$/);
+                if (match) {
+                    vars[match[1].trim()] = match[2].trim().replace(/^["']|["']$/g, '');
+                }
+            }
+            return vars;
+        }
+    }
+    return {};
+}
+// Provider credential getters
+const providers = {
+    '46elks': {
+        type: 'basic',
+        get() {
+            const env = loadEnvFile('46elks.env');
+            const user = env.ELKS_API_USER || process.env.ELKS_API_USER;
+            const pass = env.ELKS_API_PASSWORD || process.env.ELKS_API_PASSWORD;
+            if (!user || !pass)
+                return null;
+            return {
+                type: 'basic',
+                username: user,
+                password: pass,
+            };
+        },
+    },
+    twilio: {
+        type: 'basic',
+        get() {
+            const env = loadEnvFile('twilio.env');
+            const sid = env.TWILIO_ACCOUNT_SID || process.env.TWILIO_ACCOUNT_SID;
+            const token = env.TWILIO_AUTH_TOKEN || process.env.TWILIO_AUTH_TOKEN;
+            if (!sid || !token)
+                return null;
+            return {
+                type: 'basic',
+                username: sid,
+                password: token,
+            };
+        },
+    },
+    // Real credential providers
+    resend: {
+        type: 'api_key',
+        get() {
+            const env = loadEnvFile('resend.env');
+            const key = env.RESEND_API_KEY || process.env.RESEND_API_KEY;
+            if (key) {
+                return { type: 'api_key', api_key: key };
+            }
+            return null;
+        },
+    },
+    brave_search: {
+        type: 'api_key',
+        get() {
+            const env = loadEnvFile('brave.env');
+            const key = env.BRAVE_API_KEY || process.env.BRAVE_API_KEY;
+            if (key) {
+                return { type: 'api_key', api_key: key };
+            }
+            return null;
+        },
+    },
+    openrouter: {
+        type: 'bearer',
+        get() {
+            const env = loadEnvFile('openrouter.env');
+            const key = env.OPENROUTER_API_KEY || process.env.OPENROUTER_API_KEY;
+            if (key) {
+                return { type: 'bearer', api_key: key };
+            }
+            return null;
+        },
+    },
+    elevenlabs: {
+        type: 'api_key',
+        get() {
+            const env = loadEnvFile('elevenlabs.env');
+            const key = env.ELEVENLABS_API_KEY || process.env.ELEVENLABS_API_KEY;
+            if (key) {
+                return { type: 'api_key', api_key: key };
+            }
+            return null;
+        },
+    },
+    replicate: {
+        type: 'bearer',
+        get() {
+            const env = loadEnvFile('replicate.env');
+            const key = env.REPLICATE_API_TOKEN || process.env.REPLICATE_API_TOKEN;
+            if (key) {
+                return { type: 'bearer', api_key: key };
+            }
+            return null;
+        },
+    },
+    firecrawl: {
+        type: 'bearer',
+        get() {
+            const env = loadEnvFile('firecrawl.env');
+            const key = env.FIRECRAWL_API_KEY || process.env.FIRECRAWL_API_KEY;
+            if (key) {
+                return { type: 'bearer', api_key: key };
+            }
+            return null;
+        },
+    },
+    github: {
+        type: 'bearer',
+        get() {
+            const env = loadEnvFile('github.env');
+            const key = env.GITHUB_TOKEN || process.env.GITHUB_TOKEN;
+            if (key) {
+                return { type: 'bearer', token: key };
+            }
+            return null;
+        },
+    },
+    e2b: {
+        type: 'api_key',
+        get() {
+            const env = loadEnvFile('e2b.env');
+            const key = env.E2B_API_KEY || process.env.E2B_API_KEY;
+            if (key) {
+                return { type: 'api_key', api_key: key };
+            }
+            return null;
+        },
+    },
+    apilayer: {
+        type: 'api_key',
+        get() {
+            const env = loadEnvFile('apilayer.env');
+            // Return all keys — handler picks the right one per action
+            const keys = {};
+            for (const [k, v] of Object.entries(env)) {
+                if (k.startsWith('APILAYER_') && v) {
+                    keys[k] = v;
+                }
+            }
+            if (Object.keys(keys).length === 0)
+                return null;
+            return { type: 'api_key', api_key: keys.APILAYER_EXCHANGERATE_KEY || '', ...keys };
+        },
+    },
+    groq: {
+        type: 'bearer',
+        get() {
+            const env = loadEnvFile('groq.env');
+            const key = env.GROQ_API_KEY || process.env.GROQ_API_KEY;
+            if (key) {
+                return { type: 'bearer', api_key: key };
+            }
+            return null;
+        },
+    },
+    deepgram: {
+        type: 'bearer',
+        get() {
+            const env = loadEnvFile('deepgram.env');
+            const key = env.DEEPGRAM_API_KEY || process.env.DEEPGRAM_API_KEY;
+            if (key) {
+                return { type: 'bearer', api_key: key };
+            }
+            return null;
+        },
+    },
+    mistral: {
+        type: 'api_key',
+        get() {
+            const env = loadEnvFile('mistral.env');
+            const key = env.MISTRAL_API_KEY || process.env.MISTRAL_API_KEY;
+            if (key) {
+                return { type: 'api_key', api_key: key };
+            }
+            return null;
+        },
+    },
+    cohere: {
+        type: 'api_key',
+        get() {
+            const env = loadEnvFile('cohere.env');
+            const key = env.COHERE_API_KEY || process.env.COHERE_API_KEY;
+            if (key) {
+                return { type: 'api_key', api_key: key };
+            }
+            return null;
+        },
+    },
+    serper: {
+        type: 'api_key',
+        get() {
+            const env = loadEnvFile('serpapi.env');
+            const key = env.SERPAPI_API_KEY || process.env.SERPER_API_KEY || process.env.SERPAPI_API_KEY;
+            if (key) {
+                return { type: 'api_key', api_key: key };
+            }
+            return null;
+        },
+    },
+    stability: {
+        type: 'api_key',
+        get() {
+            const env = loadEnvFile('stability.env');
+            const key = env.STABILITY_API_KEY || process.env.STABILITY_API_KEY;
+            if (key) {
+                return { type: 'api_key', api_key: key };
+            }
+            return null;
+        },
+    },
+    together: {
+        type: 'bearer',
+        get() {
+            const env = loadEnvFile('together.env');
+            const key = env.TOGETHER_API_KEY || process.env.TOGETHER_API_KEY;
+            if (key) {
+                return { type: 'bearer', api_key: key };
+            }
+            return null;
+        },
+    },
+    assemblyai: {
+        type: 'api_key',
+        get() {
+            const env = loadEnvFile('assemblyai.env');
+            const key = env.ASSEMBLYAI_API_KEY || process.env.ASSEMBLYAI_API_KEY;
+            if (key) {
+                return { type: 'api_key', api_key: key };
+            }
+            return null;
+        },
+    },
+};
+/**
+ * Get real credentials for a provider
+ * Returns null if provider not supported
+ */
+export function getCredentials(providerId) {
+    const provider = providers[providerId];
+    if (!provider)
+        return null;
+    return provider.get();
+}
+/**
+ * Check if a provider has real (non-demo) credentials available
+ */
+export function hasRealCredentials(providerId) {
+    if (providerId === '46elks') {
+        const env = loadEnvFile('46elks.env');
+        return !!(env.ELKS_API_USER || process.env.ELKS_API_USER);
+    }
+    if (providerId === 'twilio') {
+        const env = loadEnvFile('twilio.env');
+        return !!(env.TWILIO_ACCOUNT_SID || process.env.TWILIO_ACCOUNT_SID);
+    }
+    if (providerId === 'resend') {
+        const env = loadEnvFile('resend.env');
+        return !!(env.RESEND_API_KEY || process.env.RESEND_API_KEY);
+    }
+    if (providerId === 'brave_search') {
+        const env = loadEnvFile('brave.env');
+        return !!(env.BRAVE_API_KEY || process.env.BRAVE_API_KEY);
+    }
+    if (providerId === 'openrouter') {
+        const env = loadEnvFile('openrouter.env');
+        return !!(env.OPENROUTER_API_KEY || process.env.OPENROUTER_API_KEY);
+    }
+    if (providerId === 'elevenlabs') {
+        const env = loadEnvFile('elevenlabs.env');
+        return !!(env.ELEVENLABS_API_KEY || process.env.ELEVENLABS_API_KEY);
+    }
+    if (providerId === 'replicate') {
+        const env = loadEnvFile('replicate.env');
+        return !!(env.REPLICATE_API_TOKEN || process.env.REPLICATE_API_TOKEN);
+    }
+    if (providerId === 'e2b') {
+        const env = loadEnvFile('e2b.env');
+        return !!(env.E2B_API_KEY || process.env.E2B_API_KEY);
+    }
+    if (providerId === 'firecrawl') {
+        const env = loadEnvFile('firecrawl.env');
+        return !!(env.FIRECRAWL_API_KEY || process.env.FIRECRAWL_API_KEY);
+    }
+    if (providerId === 'github') {
+        const env = loadEnvFile('github.env');
+        return !!(env.GITHUB_TOKEN || process.env.GITHUB_TOKEN);
+    }
+    if (providerId === 'apilayer') {
+        const env = loadEnvFile('apilayer.env');
+        return !!(env.APILAYER_EXCHANGERATE_KEY || process.env.APILAYER_EXCHANGERATE_KEY);
+    }
+    if (providerId === 'groq') {
+        const env = loadEnvFile('groq.env');
+        return !!(env.GROQ_API_KEY || process.env.GROQ_API_KEY);
+    }
+    if (providerId === 'deepgram') {
+        const env = loadEnvFile('deepgram.env');
+        return !!(env.DEEPGRAM_API_KEY || process.env.DEEPGRAM_API_KEY);
+    }
+    if (providerId === 'mistral') {
+        const env = loadEnvFile('mistral.env');
+        return !!(env.MISTRAL_API_KEY || process.env.MISTRAL_API_KEY);
+    }
+    if (providerId === 'cohere') {
+        const env = loadEnvFile('cohere.env');
+        return !!(env.COHERE_API_KEY || process.env.COHERE_API_KEY);
+    }
+    if (providerId === 'serper') {
+        const env = loadEnvFile('serpapi.env');
+        return !!(env.SERPAPI_API_KEY || process.env.SERPER_API_KEY || process.env.SERPAPI_API_KEY);
+    }
+    if (providerId === 'stability') {
+        const env = loadEnvFile('stability.env');
+        return !!(env.STABILITY_API_KEY || process.env.STABILITY_API_KEY);
+    }
+    if (providerId === 'together') {
+        const env = loadEnvFile('together.env');
+        return !!(env.TOGETHER_API_KEY || process.env.TOGETHER_API_KEY);
+    }
+    if (providerId === 'assemblyai') {
+        const env = loadEnvFile('assemblyai.env');
+        return !!(env.ASSEMBLYAI_API_KEY || process.env.ASSEMBLYAI_API_KEY);
+    }
+    return false;
+}
+/**
+ * List all supported providers
+ */
+export function listProviders() {
+    return Object.keys(providers);
+}
+/**
+ * Get credential type for a provider
+ */
+export function getCredentialType(providerId) {
+    return providers[providerId]?.type || null;
+}

package/dist/src/credits.js

@@ -0,0 +1,260 @@
+// Credit system for APIClaw
+// Supports both in-memory (dev) and Convex (production) backends
+import { getCredentials, hasRealCredentials } from './credentials.js';
+import { randomUUID } from 'crypto';
+// Configuration
+const BACKEND = process.env.APICLAW_BACKEND === 'convex' ? 'convex' : 'memory';
+const CONVEX_URL = process.env.CONVEX_URL || '';
+const CONVEX_DEPLOY_KEY = process.env.CONVEX_DEPLOY_KEY || '';
+// In-memory stores (for local development)
+const agentCreditsStore = new Map();
+const purchasesStore = new Map();
+const usageStore = new Map();
+// Provider that have real credentials available
+const REAL_CREDENTIAL_PROVIDERS = ['46elks', 'twilio'];
+// Credits per dollar by provider
+const CREDITS_PER_DOLLAR = {
+    '46elks': 30, // ~30 SMS per dollar
+    'twilio': 25, // ~25 SMS per dollar
+    'resend': 1000, // ~1000 emails per dollar
+    'brave_search': 200, // ~200 searches per dollar
+    'openrouter': 100, // ~100k tokens per dollar (varies by model)
+    'elevenlabs': 3333 // ~3333 characters per dollar
+};
+/**
+ * Calculate credits based on provider pricing
+ */
+function calculateCredits(providerId, amountUsd) {
+    return Math.floor(amountUsd * (CREDITS_PER_DOLLAR[providerId] || 100));
+}
+/**
+ * Generate credentials for a provider
+ * Returns real credentials for supported providers, mock for others
+ */
+function generateCredentials(providerId) {
+    // Try to get real credentials first
+    const realCreds = getCredentials(providerId);
+    if (realCreds && hasRealCredentials(providerId)) {
+        console.log(`[APIClaw] Using REAL credentials for ${providerId}`);
+        return realCreds;
+    }
+    // Fall back to mock credentials
+    console.log(`[APIClaw] Using MOCK credentials for ${providerId}`);
+    return realCreds || {
+        type: 'api_key',
+        api_key: `mock_${providerId}_${randomUUID().slice(0, 8)}`
+    };
+}
+// =============================================================================
+// In-Memory Backend (for development)
+// =============================================================================
+/**
+ * Get or create agent credits account
+ */
+export function getAgentCredits(agentId) {
+    if (!agentCreditsStore.has(agentId)) {
+        agentCreditsStore.set(agentId, {
+            agent_id: agentId,
+            balance_usd: 0,
+            currency: 'USD',
+            created_at: new Date().toISOString(),
+            updated_at: new Date().toISOString()
+        });
+    }
+    return agentCreditsStore.get(agentId);
+}
+/**
+ * Add credits to an agent's account
+ */
+export function addCredits(agentId, amountUsd) {
+    const credits = getAgentCredits(agentId);
+    credits.balance_usd += amountUsd;
+    credits.updated_at = new Date().toISOString();
+    return credits;
+}
+/**
+ * Purchase API access
+ * Returns real credentials for 46elks and Twilio
+ */
+export function purchaseAPIAccess(agentId, providerId, amountUsd) {
+    const credits = getAgentCredits(agentId);
+    // Check balance
+    if (credits.balance_usd < amountUsd) {
+        return {
+            success: false,
+            error: `Insufficient balance. Have $${credits.balance_usd.toFixed(2)}, need $${amountUsd.toFixed(2)}`
+        };
+    }
+    // Check if provider is supported
+    const providerCredentials = getCredentials(providerId);
+    if (!providerCredentials) {
+        return {
+            success: false,
+            error: `Unknown provider: ${providerId}. Supported: ${Object.keys(CREDITS_PER_DOLLAR).join(', ')}`
+        };
+    }
+    // Deduct credits
+    credits.balance_usd -= amountUsd;
+    credits.updated_at = new Date().toISOString();
+    // Generate credentials (real for 46elks/twilio, mock for others)
+    const credentials = generateCredentials(providerId);
+    // Create purchase record
+    const purchaseId = `pur_${randomUUID().slice(0, 12)}`;
+    const purchase = {
+        id: purchaseId,
+        agent_id: agentId,
+        provider_id: providerId,
+        amount_usd: amountUsd,
+        credits_purchased: calculateCredits(providerId, amountUsd),
+        status: 'active',
+        credentials,
+        created_at: new Date().toISOString()
+    };
+    purchasesStore.set(purchaseId, purchase);
+    // Initialize usage tracking
+    usageStore.set(purchaseId, {
+        purchase_id: purchaseId,
+        provider_id: providerId,
+        units_used: 0,
+        units_remaining: purchase.credits_purchased,
+        cost_incurred_usd: 0,
+        last_used_at: new Date().toISOString()
+    });
+    // Flag if using real credentials
+    const isRealCredentials = hasRealCredentials(providerId);
+    console.log(`[APIClaw] Purchase complete: ${providerId} ($${amountUsd}) - Real credentials: ${isRealCredentials}`);
+    return { success: true, purchase };
+}
+/**
+ * Get all purchases for an agent
+ */
+export function getAgentPurchases(agentId) {
+    return Array.from(purchasesStore.values()).filter(p => p.agent_id === agentId);
+}
+/**
+ * Get usage for a purchase
+ */
+export function getUsage(purchaseId) {
+    return usageStore.get(purchaseId) || null;
+}
+/**
+ * Record usage (call this when API is used)
+ */
+export function recordUsage(purchaseId, unitsUsed, costUsd) {
+    const record = usageStore.get(purchaseId);
+    if (!record)
+        return null;
+    record.units_used += unitsUsed;
+    record.units_remaining = Math.max(0, record.units_remaining - unitsUsed);
+    record.cost_incurred_usd += costUsd;
+    record.last_used_at = new Date().toISOString();
+    // Update purchase status if depleted
+    if (record.units_remaining === 0) {
+        const purchase = purchasesStore.get(purchaseId);
+        if (purchase)
+            purchase.status = 'exhausted';
+    }
+    return record;
+}
+/**
+ * Get full balance summary for an agent
+ */
+export function getBalanceSummary(agentId) {
+    const credits = getAgentCredits(agentId);
+    const agentPurchases = getAgentPurchases(agentId);
+    const activePurchases = agentPurchases.filter(p => p.status === 'active');
+    const totalSpent = agentPurchases.reduce((sum, p) => sum + p.amount_usd, 0);
+    // List providers with real credentials
+    const realCredentialProviders = REAL_CREDENTIAL_PROVIDERS.filter(p => hasRealCredentials(p));
+    return {
+        credits,
+        active_purchases: activePurchases,
+        total_spent_usd: totalSpent,
+        real_credentials_available: realCredentialProviders
+    };
+}
+/**
+ * Check which providers have real credentials
+ */
+export function getProvidersWithRealCredentials() {
+    return REAL_CREDENTIAL_PROVIDERS.filter(p => hasRealCredentials(p));
+}
+async function convexQuery(path, args) {
+    if (!CONVEX_URL) {
+        return { error: 'Convex URL not configured' };
+    }
+    try {
+        const response = await fetch(`${CONVEX_URL}/api/query`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                ...(CONVEX_DEPLOY_KEY ? { 'Authorization': `Convex ${CONVEX_DEPLOY_KEY}` } : {}),
+            },
+            body: JSON.stringify({ path, args }),
+        });
+        const result = await response.json();
+        return { data: result };
+    }
+    catch (error) {
+        return { error: error instanceof Error ? error.message : 'Convex query failed' };
+    }
+}
+async function convexMutation(path, args) {
+    if (!CONVEX_URL) {
+        return { error: 'Convex URL not configured' };
+    }
+    try {
+        const response = await fetch(`${CONVEX_URL}/api/mutation`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                ...(CONVEX_DEPLOY_KEY ? { 'Authorization': `Convex ${CONVEX_DEPLOY_KEY}` } : {}),
+            },
+            body: JSON.stringify({ path, args }),
+        });
+        const result = await response.json();
+        return { data: result };
+    }
+    catch (error) {
+        return { error: error instanceof Error ? error.message : 'Convex mutation failed' };
+    }
+}
+// Convex-backed versions (async)
+export async function getAgentCreditsAsync(agentId) {
+    if (BACKEND === 'memory') {
+        return getAgentCredits(agentId);
+    }
+    const result = await convexQuery('credits:getAgentCredits', { agentId });
+    return result.data || null;
+}
+export async function addCreditsAsync(agentId, amountUsd) {
+    if (BACKEND === 'memory') {
+        return addCredits(agentId, amountUsd);
+    }
+    const result = await convexMutation('credits:addCredits', { agentId, amountUsd });
+    return result.data || null;
+}
+export async function purchaseAPIAccessAsync(agentId, providerId, amountUsd) {
+    if (BACKEND === 'memory') {
+        return purchaseAPIAccess(agentId, providerId, amountUsd);
+    }
+    // Generate credentials server-side
+    const credentials = generateCredentials(providerId);
+    const result = await convexMutation('purchases:purchaseAccess', {
+        agentId,
+        providerId,
+        amountUsd,
+        credentials,
+    });
+    if (result.error) {
+        return { success: false, error: result.error };
+    }
+    return { success: true, purchase: result.data };
+}
+// Export backend info
+export function getBackendInfo() {
+    return {
+        type: BACKEND,
+        convexUrl: BACKEND === 'convex' ? CONVEX_URL : null,
+    };
+}

package/dist/src/crypto.js

@@ -0,0 +1,66 @@
+import { createCipheriv, createDecipheriv, randomBytes } from 'crypto';
+const ENCRYPTION_KEY = process.env.APICLAW_KEY_ENCRYPTION_SECRET;
+// Validate key exists and is correct length
+function getKey() {
+    if (!ENCRYPTION_KEY) {
+        throw new Error('APICLAW_KEY_ENCRYPTION_SECRET not set');
+    }
+    // Key should be 32 bytes for AES-256
+    const key = Buffer.from(ENCRYPTION_KEY, 'hex');
+    if (key.length !== 32) {
+        throw new Error('APICLAW_KEY_ENCRYPTION_SECRET must be 64 hex chars (32 bytes)');
+    }
+    return key;
+}
+export function encryptKey(plainKey) {
+    const key = getKey();
+    const iv = randomBytes(16);
+    const cipher = createCipheriv('aes-256-gcm', key, iv);
+    const encrypted = Buffer.concat([cipher.update(plainKey, 'utf8'), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    return `${iv.toString('hex')}:${tag.toString('hex')}:${encrypted.toString('hex')}`;
+}
+export function decryptKey(encryptedKey) {
+    const key = getKey();
+    const [ivHex, tagHex, dataHex] = encryptedKey.split(':');
+    if (!ivHex || !tagHex || !dataHex) {
+        throw new Error('Invalid encrypted key format');
+    }
+    const decipher = createDecipheriv('aes-256-gcm', key, Buffer.from(ivHex, 'hex'));
+    decipher.setAuthTag(Buffer.from(tagHex, 'hex'));
+    const decrypted = Buffer.concat([
+        decipher.update(Buffer.from(dataHex, 'hex')),
+        decipher.final()
+    ]);
+    return decrypted.toString('utf8');
+}
+// SSRF Prevention
+export function validateBaseUrl(url) {
+    try {
+        const parsed = new URL(url);
+        if (parsed.protocol !== 'https:') {
+            return { valid: false, error: 'URL must use HTTPS' };
+        }
+        const host = parsed.hostname.toLowerCase();
+        const blockedPatterns = [
+            /^127\./,
+            /^10\./,
+            /^192\.168\./,
+            /^172\.(1[6-9]|2[0-9]|3[0-1])\./,
+            /^localhost$/,
+            /^0\.0\.0\.0$/,
+            /^::1$/,
+            /\.local$/,
+            /\.internal$/,
+        ];
+        for (const pattern of blockedPatterns) {
+            if (pattern.test(host)) {
+                return { valid: false, error: 'Internal/private URLs not allowed' };
+            }
+        }
+        return { valid: true };
+    }
+    catch {
+        return { valid: false, error: 'Invalid URL format' };
+    }
+}