@nordsym/apiclaw 1.5.16 → 1.5.18

package/dist/src/credentials.js

@@ -1,357 +0,0 @@
-// Real credential providers for APIClaw Connected tier
-// Reads from environment variables or ~/.secrets/
-import { readFileSync, existsSync } from 'fs';
-import { join } from 'path';
-import { homedir } from 'os';
-// Load env file helper
-function loadEnvFile(filename) {
-    const paths = [
-        join(homedir(), '.secrets', filename),
-        join(process.cwd(), filename),
-        join(process.cwd(), '.env.local'),
-    ];
-    for (const path of paths) {
-        if (existsSync(path)) {
-            const content = readFileSync(path, 'utf-8');
-            const vars = {};
-            for (const line of content.split('\n')) {
-                const match = line.match(/^([^=]+)=(.*)$/);
-                if (match) {
-                    vars[match[1].trim()] = match[2].trim().replace(/^["']|["']$/g, '');
-                }
-            }
-            return vars;
-        }
-    }
-    return {};
-}
-// Provider credential getters
-const providers = {
-    '46elks': {
-        type: 'basic',
-        get() {
-            const env = loadEnvFile('46elks.env');
-            const user = env.ELKS_API_USER || process.env.ELKS_API_USER;
-            const pass = env.ELKS_API_PASSWORD || process.env.ELKS_API_PASSWORD;
-            if (!user || !pass)
-                return null;
-            return {
-                type: 'basic',
-                username: user,
-                password: pass,
-            };
-        },
-    },
-    twilio: {
-        type: 'basic',
-        get() {
-            const env = loadEnvFile('twilio.env');
-            const sid = env.TWILIO_ACCOUNT_SID || process.env.TWILIO_ACCOUNT_SID;
-            const token = env.TWILIO_AUTH_TOKEN || process.env.TWILIO_AUTH_TOKEN;
-            if (!sid || !token)
-                return null;
-            return {
-                type: 'basic',
-                username: sid,
-                password: token,
-            };
-        },
-    },
-    // Real credential providers
-    resend: {
-        type: 'api_key',
-        get() {
-            const env = loadEnvFile('resend.env');
-            const key = env.RESEND_API_KEY || process.env.RESEND_API_KEY;
-            if (key) {
-                return { type: 'api_key', api_key: key };
-            }
-            return null;
-        },
-    },
-    brave_search: {
-        type: 'api_key',
-        get() {
-            const env = loadEnvFile('brave.env');
-            const key = env.BRAVE_API_KEY || process.env.BRAVE_API_KEY;
-            if (key) {
-                return { type: 'api_key', api_key: key };
-            }
-            return null;
-        },
-    },
-    openrouter: {
-        type: 'bearer',
-        get() {
-            const env = loadEnvFile('openrouter.env');
-            const key = env.OPENROUTER_API_KEY || process.env.OPENROUTER_API_KEY;
-            if (key) {
-                return { type: 'bearer', api_key: key };
-            }
-            return null;
-        },
-    },
-    elevenlabs: {
-        type: 'api_key',
-        get() {
-            const env = loadEnvFile('elevenlabs.env');
-            const key = env.ELEVENLABS_API_KEY || process.env.ELEVENLABS_API_KEY;
-            if (key) {
-                return { type: 'api_key', api_key: key };
-            }
-            return null;
-        },
-    },
-    replicate: {
-        type: 'bearer',
-        get() {
-            const env = loadEnvFile('replicate.env');
-            const key = env.REPLICATE_API_TOKEN || process.env.REPLICATE_API_TOKEN;
-            if (key) {
-                return { type: 'bearer', api_key: key };
-            }
-            return null;
-        },
-    },
-    firecrawl: {
-        type: 'bearer',
-        get() {
-            const env = loadEnvFile('firecrawl.env');
-            const key = env.FIRECRAWL_API_KEY || process.env.FIRECRAWL_API_KEY;
-            if (key) {
-                return { type: 'bearer', api_key: key };
-            }
-            return null;
-        },
-    },
-    github: {
-        type: 'bearer',
-        get() {
-            const env = loadEnvFile('github.env');
-            const key = env.GITHUB_TOKEN || process.env.GITHUB_TOKEN;
-            if (key) {
-                return { type: 'bearer', token: key };
-            }
-            return null;
-        },
-    },
-    e2b: {
-        type: 'api_key',
-        get() {
-            const env = loadEnvFile('e2b.env');
-            const key = env.E2B_API_KEY || process.env.E2B_API_KEY;
-            if (key) {
-                return { type: 'api_key', api_key: key };
-            }
-            return null;
-        },
-    },
-    apilayer: {
-        type: 'api_key',
-        get() {
-            const env = loadEnvFile('apilayer.env');
-            // Return all keys — handler picks the right one per action
-            const keys = {};
-            for (const [k, v] of Object.entries(env)) {
-                if (k.startsWith('APILAYER_') && v) {
-                    keys[k] = v;
-                }
-            }
-            if (Object.keys(keys).length === 0)
-                return null;
-            return { type: 'api_key', api_key: keys.APILAYER_EXCHANGERATE_KEY || '', ...keys };
-        },
-    },
-    groq: {
-        type: 'bearer',
-        get() {
-            const env = loadEnvFile('groq.env');
-            const key = env.GROQ_API_KEY || process.env.GROQ_API_KEY;
-            if (key) {
-                return { type: 'bearer', api_key: key };
-            }
-            return null;
-        },
-    },
-    deepgram: {
-        type: 'bearer',
-        get() {
-            const env = loadEnvFile('deepgram.env');
-            const key = env.DEEPGRAM_API_KEY || process.env.DEEPGRAM_API_KEY;
-            if (key) {
-                return { type: 'bearer', api_key: key };
-            }
-            return null;
-        },
-    },
-    mistral: {
-        type: 'api_key',
-        get() {
-            const env = loadEnvFile('mistral.env');
-            const key = env.MISTRAL_API_KEY || process.env.MISTRAL_API_KEY;
-            if (key) {
-                return { type: 'api_key', api_key: key };
-            }
-            return null;
-        },
-    },
-    cohere: {
-        type: 'api_key',
-        get() {
-            const env = loadEnvFile('cohere.env');
-            const key = env.COHERE_API_KEY || process.env.COHERE_API_KEY;
-            if (key) {
-                return { type: 'api_key', api_key: key };
-            }
-            return null;
-        },
-    },
-    serper: {
-        type: 'api_key',
-        get() {
-            const env = loadEnvFile('serpapi.env');
-            const key = env.SERPAPI_API_KEY || process.env.SERPER_API_KEY || process.env.SERPAPI_API_KEY;
-            if (key) {
-                return { type: 'api_key', api_key: key };
-            }
-            return null;
-        },
-    },
-    stability: {
-        type: 'api_key',
-        get() {
-            const env = loadEnvFile('stability.env');
-            const key = env.STABILITY_API_KEY || process.env.STABILITY_API_KEY;
-            if (key) {
-                return { type: 'api_key', api_key: key };
-            }
-            return null;
-        },
-    },
-    together: {
-        type: 'bearer',
-        get() {
-            const env = loadEnvFile('together.env');
-            const key = env.TOGETHER_API_KEY || process.env.TOGETHER_API_KEY;
-            if (key) {
-                return { type: 'bearer', api_key: key };
-            }
-            return null;
-        },
-    },
-    assemblyai: {
-        type: 'api_key',
-        get() {
-            const env = loadEnvFile('assemblyai.env');
-            const key = env.ASSEMBLYAI_API_KEY || process.env.ASSEMBLYAI_API_KEY;
-            if (key) {
-                return { type: 'api_key', api_key: key };
-            }
-            return null;
-        },
-    },
-};
-/**
- * Get real credentials for a provider
- * Returns null if provider not supported
- */
-export function getCredentials(providerId) {
-    const provider = providers[providerId];
-    if (!provider)
-        return null;
-    return provider.get();
-}
-/**
- * Check if a provider has real (non-demo) credentials available
- */
-export function hasRealCredentials(providerId) {
-    if (providerId === '46elks') {
-        const env = loadEnvFile('46elks.env');
-        return !!(env.ELKS_API_USER || process.env.ELKS_API_USER);
-    }
-    if (providerId === 'twilio') {
-        const env = loadEnvFile('twilio.env');
-        return !!(env.TWILIO_ACCOUNT_SID || process.env.TWILIO_ACCOUNT_SID);
-    }
-    if (providerId === 'resend') {
-        const env = loadEnvFile('resend.env');
-        return !!(env.RESEND_API_KEY || process.env.RESEND_API_KEY);
-    }
-    if (providerId === 'brave_search') {
-        const env = loadEnvFile('brave.env');
-        return !!(env.BRAVE_API_KEY || process.env.BRAVE_API_KEY);
-    }
-    if (providerId === 'openrouter') {
-        const env = loadEnvFile('openrouter.env');
-        return !!(env.OPENROUTER_API_KEY || process.env.OPENROUTER_API_KEY);
-    }
-    if (providerId === 'elevenlabs') {
-        const env = loadEnvFile('elevenlabs.env');
-        return !!(env.ELEVENLABS_API_KEY || process.env.ELEVENLABS_API_KEY);
-    }
-    if (providerId === 'replicate') {
-        const env = loadEnvFile('replicate.env');
-        return !!(env.REPLICATE_API_TOKEN || process.env.REPLICATE_API_TOKEN);
-    }
-    if (providerId === 'e2b') {
-        const env = loadEnvFile('e2b.env');
-        return !!(env.E2B_API_KEY || process.env.E2B_API_KEY);
-    }
-    if (providerId === 'firecrawl') {
-        const env = loadEnvFile('firecrawl.env');
-        return !!(env.FIRECRAWL_API_KEY || process.env.FIRECRAWL_API_KEY);
-    }
-    if (providerId === 'github') {
-        const env = loadEnvFile('github.env');
-        return !!(env.GITHUB_TOKEN || process.env.GITHUB_TOKEN);
-    }
-    if (providerId === 'apilayer') {
-        const env = loadEnvFile('apilayer.env');
-        return !!(env.APILAYER_EXCHANGERATE_KEY || process.env.APILAYER_EXCHANGERATE_KEY);
-    }
-    if (providerId === 'groq') {
-        const env = loadEnvFile('groq.env');
-        return !!(env.GROQ_API_KEY || process.env.GROQ_API_KEY);
-    }
-    if (providerId === 'deepgram') {
-        const env = loadEnvFile('deepgram.env');
-        return !!(env.DEEPGRAM_API_KEY || process.env.DEEPGRAM_API_KEY);
-    }
-    if (providerId === 'mistral') {
-        const env = loadEnvFile('mistral.env');
-        return !!(env.MISTRAL_API_KEY || process.env.MISTRAL_API_KEY);
-    }
-    if (providerId === 'cohere') {
-        const env = loadEnvFile('cohere.env');
-        return !!(env.COHERE_API_KEY || process.env.COHERE_API_KEY);
-    }
-    if (providerId === 'serper') {
-        const env = loadEnvFile('serpapi.env');
-        return !!(env.SERPAPI_API_KEY || process.env.SERPER_API_KEY || process.env.SERPAPI_API_KEY);
-    }
-    if (providerId === 'stability') {
-        const env = loadEnvFile('stability.env');
-        return !!(env.STABILITY_API_KEY || process.env.STABILITY_API_KEY);
-    }
-    if (providerId === 'together') {
-        const env = loadEnvFile('together.env');
-        return !!(env.TOGETHER_API_KEY || process.env.TOGETHER_API_KEY);
-    }
-    if (providerId === 'assemblyai') {
-        const env = loadEnvFile('assemblyai.env');
-        return !!(env.ASSEMBLYAI_API_KEY || process.env.ASSEMBLYAI_API_KEY);
-    }
-    return false;
-}
-/**
- * List all supported providers
- */
-export function listProviders() {
-    return Object.keys(providers);
-}
-/**
- * Get credential type for a provider
- */
-export function getCredentialType(providerId) {
-    return providers[providerId]?.type || null;
-}

package/dist/src/credits.js

@@ -1,260 +0,0 @@
-// Credit system for APIClaw
-// Supports both in-memory (dev) and Convex (production) backends
-import { getCredentials, hasRealCredentials } from './credentials.js';
-import { randomUUID } from 'crypto';
-// Configuration
-const BACKEND = process.env.APICLAW_BACKEND === 'convex' ? 'convex' : 'memory';
-const CONVEX_URL = process.env.CONVEX_URL || '';
-const CONVEX_DEPLOY_KEY = process.env.CONVEX_DEPLOY_KEY || '';
-// In-memory stores (for local development)
-const agentCreditsStore = new Map();
-const purchasesStore = new Map();
-const usageStore = new Map();
-// Provider that have real credentials available
-const REAL_CREDENTIAL_PROVIDERS = ['46elks', 'twilio'];
-// Credits per dollar by provider
-const CREDITS_PER_DOLLAR = {
-    '46elks': 30, // ~30 SMS per dollar
-    'twilio': 25, // ~25 SMS per dollar
-    'resend': 1000, // ~1000 emails per dollar
-    'brave_search': 200, // ~200 searches per dollar
-    'openrouter': 100, // ~100k tokens per dollar (varies by model)
-    'elevenlabs': 3333 // ~3333 characters per dollar
-};
-/**
- * Calculate credits based on provider pricing
- */
-function calculateCredits(providerId, amountUsd) {
-    return Math.floor(amountUsd * (CREDITS_PER_DOLLAR[providerId] || 100));
-}
-/**
- * Generate credentials for a provider
- * Returns real credentials for supported providers, mock for others
- */
-function generateCredentials(providerId) {
-    // Try to get real credentials first
-    const realCreds = getCredentials(providerId);
-    if (realCreds && hasRealCredentials(providerId)) {
-        console.log(`[APIClaw] Using REAL credentials for ${providerId}`);
-        return realCreds;
-    }
-    // Fall back to mock credentials
-    console.log(`[APIClaw] Using MOCK credentials for ${providerId}`);
-    return realCreds || {
-        type: 'api_key',
-        api_key: `mock_${providerId}_${randomUUID().slice(0, 8)}`
-    };
-}
-// =============================================================================
-// In-Memory Backend (for development)
-// =============================================================================
-/**
- * Get or create agent credits account
- */
-export function getAgentCredits(agentId) {
-    if (!agentCreditsStore.has(agentId)) {
-        agentCreditsStore.set(agentId, {
-            agent_id: agentId,
-            balance_usd: 0,
-            currency: 'USD',
-            created_at: new Date().toISOString(),
-            updated_at: new Date().toISOString()
-        });
-    }
-    return agentCreditsStore.get(agentId);
-}
-/**
- * Add credits to an agent's account
- */
-export function addCredits(agentId, amountUsd) {
-    const credits = getAgentCredits(agentId);
-    credits.balance_usd += amountUsd;
-    credits.updated_at = new Date().toISOString();
-    return credits;
-}
-/**
- * Purchase API access
- * Returns real credentials for 46elks and Twilio
- */
-export function purchaseAPIAccess(agentId, providerId, amountUsd) {
-    const credits = getAgentCredits(agentId);
-    // Check balance
-    if (credits.balance_usd < amountUsd) {
-        return {
-            success: false,
-            error: `Insufficient balance. Have $${credits.balance_usd.toFixed(2)}, need $${amountUsd.toFixed(2)}`
-        };
-    }
-    // Check if provider is supported
-    const providerCredentials = getCredentials(providerId);
-    if (!providerCredentials) {
-        return {
-            success: false,
-            error: `Unknown provider: ${providerId}. Supported: ${Object.keys(CREDITS_PER_DOLLAR).join(', ')}`
-        };
-    }
-    // Deduct credits
-    credits.balance_usd -= amountUsd;
-    credits.updated_at = new Date().toISOString();
-    // Generate credentials (real for 46elks/twilio, mock for others)
-    const credentials = generateCredentials(providerId);
-    // Create purchase record
-    const purchaseId = `pur_${randomUUID().slice(0, 12)}`;
-    const purchase = {
-        id: purchaseId,
-        agent_id: agentId,
-        provider_id: providerId,
-        amount_usd: amountUsd,
-        credits_purchased: calculateCredits(providerId, amountUsd),
-        status: 'active',
-        credentials,
-        created_at: new Date().toISOString()
-    };
-    purchasesStore.set(purchaseId, purchase);
-    // Initialize usage tracking
-    usageStore.set(purchaseId, {
-        purchase_id: purchaseId,
-        provider_id: providerId,
-        units_used: 0,
-        units_remaining: purchase.credits_purchased,
-        cost_incurred_usd: 0,
-        last_used_at: new Date().toISOString()
-    });
-    // Flag if using real credentials
-    const isRealCredentials = hasRealCredentials(providerId);
-    console.log(`[APIClaw] Purchase complete: ${providerId} ($${amountUsd}) - Real credentials: ${isRealCredentials}`);
-    return { success: true, purchase };
-}
-/**
- * Get all purchases for an agent
- */
-export function getAgentPurchases(agentId) {
-    return Array.from(purchasesStore.values()).filter(p => p.agent_id === agentId);
-}
-/**
- * Get usage for a purchase
- */
-export function getUsage(purchaseId) {
-    return usageStore.get(purchaseId) || null;
-}
-/**
- * Record usage (call this when API is used)
- */
-export function recordUsage(purchaseId, unitsUsed, costUsd) {
-    const record = usageStore.get(purchaseId);
-    if (!record)
-        return null;
-    record.units_used += unitsUsed;
-    record.units_remaining = Math.max(0, record.units_remaining - unitsUsed);
-    record.cost_incurred_usd += costUsd;
-    record.last_used_at = new Date().toISOString();
-    // Update purchase status if depleted
-    if (record.units_remaining === 0) {
-        const purchase = purchasesStore.get(purchaseId);
-        if (purchase)
-            purchase.status = 'exhausted';
-    }
-    return record;
-}
-/**
- * Get full balance summary for an agent
- */
-export function getBalanceSummary(agentId) {
-    const credits = getAgentCredits(agentId);
-    const agentPurchases = getAgentPurchases(agentId);
-    const activePurchases = agentPurchases.filter(p => p.status === 'active');
-    const totalSpent = agentPurchases.reduce((sum, p) => sum + p.amount_usd, 0);
-    // List providers with real credentials
-    const realCredentialProviders = REAL_CREDENTIAL_PROVIDERS.filter(p => hasRealCredentials(p));
-    return {
-        credits,
-        active_purchases: activePurchases,
-        total_spent_usd: totalSpent,
-        real_credentials_available: realCredentialProviders
-    };
-}
-/**
- * Check which providers have real credentials
- */
-export function getProvidersWithRealCredentials() {
-    return REAL_CREDENTIAL_PROVIDERS.filter(p => hasRealCredentials(p));
-}
-async function convexQuery(path, args) {
-    if (!CONVEX_URL) {
-        return { error: 'Convex URL not configured' };
-    }
-    try {
-        const response = await fetch(`${CONVEX_URL}/api/query`, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-                ...(CONVEX_DEPLOY_KEY ? { 'Authorization': `Convex ${CONVEX_DEPLOY_KEY}` } : {}),
-            },
-            body: JSON.stringify({ path, args }),
-        });
-        const result = await response.json();
-        return { data: result };
-    }
-    catch (error) {
-        return { error: error instanceof Error ? error.message : 'Convex query failed' };
-    }
-}
-async function convexMutation(path, args) {
-    if (!CONVEX_URL) {
-        return { error: 'Convex URL not configured' };
-    }
-    try {
-        const response = await fetch(`${CONVEX_URL}/api/mutation`, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-                ...(CONVEX_DEPLOY_KEY ? { 'Authorization': `Convex ${CONVEX_DEPLOY_KEY}` } : {}),
-            },
-            body: JSON.stringify({ path, args }),
-        });
-        const result = await response.json();
-        return { data: result };
-    }
-    catch (error) {
-        return { error: error instanceof Error ? error.message : 'Convex mutation failed' };
-    }
-}
-// Convex-backed versions (async)
-export async function getAgentCreditsAsync(agentId) {
-    if (BACKEND === 'memory') {
-        return getAgentCredits(agentId);
-    }
-    const result = await convexQuery('credits:getAgentCredits', { agentId });
-    return result.data || null;
-}
-export async function addCreditsAsync(agentId, amountUsd) {
-    if (BACKEND === 'memory') {
-        return addCredits(agentId, amountUsd);
-    }
-    const result = await convexMutation('credits:addCredits', { agentId, amountUsd });
-    return result.data || null;
-}
-export async function purchaseAPIAccessAsync(agentId, providerId, amountUsd) {
-    if (BACKEND === 'memory') {
-        return purchaseAPIAccess(agentId, providerId, amountUsd);
-    }
-    // Generate credentials server-side
-    const credentials = generateCredentials(providerId);
-    const result = await convexMutation('purchases:purchaseAccess', {
-        agentId,
-        providerId,
-        amountUsd,
-        credentials,
-    });
-    if (result.error) {
-        return { success: false, error: result.error };
-    }
-    return { success: true, purchase: result.data };
-}
-// Export backend info
-export function getBackendInfo() {
-    return {
-        type: BACKEND,
-        convexUrl: BACKEND === 'convex' ? CONVEX_URL : null,
-    };
-}

package/dist/src/crypto.js

@@ -1,66 +0,0 @@
-import { createCipheriv, createDecipheriv, randomBytes } from 'crypto';
-const ENCRYPTION_KEY = process.env.APICLAW_KEY_ENCRYPTION_SECRET;
-// Validate key exists and is correct length
-function getKey() {
-    if (!ENCRYPTION_KEY) {
-        throw new Error('APICLAW_KEY_ENCRYPTION_SECRET not set');
-    }
-    // Key should be 32 bytes for AES-256
-    const key = Buffer.from(ENCRYPTION_KEY, 'hex');
-    if (key.length !== 32) {
-        throw new Error('APICLAW_KEY_ENCRYPTION_SECRET must be 64 hex chars (32 bytes)');
-    }
-    return key;
-}
-export function encryptKey(plainKey) {
-    const key = getKey();
-    const iv = randomBytes(16);
-    const cipher = createCipheriv('aes-256-gcm', key, iv);
-    const encrypted = Buffer.concat([cipher.update(plainKey, 'utf8'), cipher.final()]);
-    const tag = cipher.getAuthTag();
-    return `${iv.toString('hex')}:${tag.toString('hex')}:${encrypted.toString('hex')}`;
-}
-export function decryptKey(encryptedKey) {
-    const key = getKey();
-    const [ivHex, tagHex, dataHex] = encryptedKey.split(':');
-    if (!ivHex || !tagHex || !dataHex) {
-        throw new Error('Invalid encrypted key format');
-    }
-    const decipher = createDecipheriv('aes-256-gcm', key, Buffer.from(ivHex, 'hex'));
-    decipher.setAuthTag(Buffer.from(tagHex, 'hex'));
-    const decrypted = Buffer.concat([
-        decipher.update(Buffer.from(dataHex, 'hex')),
-        decipher.final()
-    ]);
-    return decrypted.toString('utf8');
-}
-// SSRF Prevention
-export function validateBaseUrl(url) {
-    try {
-        const parsed = new URL(url);
-        if (parsed.protocol !== 'https:') {
-            return { valid: false, error: 'URL must use HTTPS' };
-        }
-        const host = parsed.hostname.toLowerCase();
-        const blockedPatterns = [
-            /^127\./,
-            /^10\./,
-            /^192\.168\./,
-            /^172\.(1[6-9]|2[0-9]|3[0-1])\./,
-            /^localhost$/,
-            /^0\.0\.0\.0$/,
-            /^::1$/,
-            /\.local$/,
-            /\.internal$/,
-        ];
-        for (const pattern of blockedPatterns) {
-            if (pattern.test(host)) {
-                return { valid: false, error: 'Internal/private URLs not allowed' };
-            }
-        }
-        return { valid: true };
-    }
-    catch {
-        return { valid: false, error: 'Invalid URL format' };
-    }
-}