@nordsym/apiclaw 1.5.9 → 1.5.10

package/landing/src/app/providers/dashboard/layout.tsx

@@ -80,12 +80,12 @@ export default function DashboardLayout({
   };
 
   // Check if current route is API detail page
-  const apiIdMatch = pathname.match(/\/providers\/dashboard\/([^/]+)/);
+  const apiIdMatch = pathname?.match(/\/providers\/dashboard\/([^/]+)/);
   const currentApiId = apiIdMatch ? apiIdMatch[1] : null;
   const isApiDetailPage = currentApiId && currentApiId !== "login" && currentApiId !== "verify";
 
   // Don't show layout for login/verify pages
-  if (pathname.includes("/login") || pathname.includes("/verify")) {
+  if (pathname?.includes("/login") || pathname?.includes("/verify")) {
     return <>{children}</>;
   }
 
@@ -167,7 +167,7 @@ export default function DashboardLayout({
                 key={item.label}
                 href={item.href}
                 className={`flex items-center gap-3 px-3 py-2 rounded-lg transition ${
-                  (item.exact ? pathname === item.href : pathname.startsWith(item.href.split('?')[0])) && !isApiDetailPage
+                  (item.exact ? pathname === item.href : pathname?.startsWith(item.href.split('?')[0])) && !isApiDetailPage
                     ? "bg-accent text-white"
                     : "text-text-secondary hover:bg-surface hover:text-text-primary"
                 }`}
@@ -200,7 +200,7 @@ export default function DashboardLayout({
                 <Link
                   href={`/providers/dashboard/${currentApiId}/direct-call`}
                   className={`flex items-center gap-3 px-3 py-2 rounded-lg transition ${
-                    pathname.includes("/direct-call")
+                    pathname?.includes("/direct-call")
                       ? "bg-accent text-white"
                       : "text-text-secondary hover:bg-surface hover:text-text-primary"
                   }`}
@@ -212,7 +212,7 @@ export default function DashboardLayout({
                 <Link
                   href={`/providers/dashboard/${currentApiId}/actions`}
                   className={`flex items-center gap-3 px-3 py-2 rounded-lg transition ${
-                    pathname.includes("/actions")
+                    pathname?.includes("/actions")
                       ? "bg-accent text-white"
                       : "text-text-secondary hover:bg-surface hover:text-text-primary"
                   }`}
@@ -224,7 +224,7 @@ export default function DashboardLayout({
                 <Link
                   href={`/providers/dashboard/${currentApiId}/test`}
                   className={`flex items-center gap-3 px-3 py-2 rounded-lg transition ${
-                    pathname.includes("/test")
+                    pathname?.includes("/test")
                       ? "bg-accent text-white"
                       : "text-text-secondary hover:bg-surface hover:text-text-primary"
                   }`}

package/landing/src/app/providers/dashboard/verify/page.tsx

@@ -8,6 +8,12 @@ import Link from "next/link";
 function VerifyContent() {
   const router = useRouter();
   const searchParams = useSearchParams();
+  
+  // Handle null searchParams
+  if (!searchParams) {
+    return <div className="min-h-screen flex items-center justify-center">Loading...</div>;
+  }
+  
   const token = searchParams.get("token");
 
   const [status, setStatus] = useState<"verifying" | "success" | "error">("verifying");

package/landing/src/app/upgrade/page.tsx

@@ -40,6 +40,12 @@ async function actionConvex<T>(path: string, args: Record<string, unknown>): Pro
 function UpgradeContent() {
   const searchParams = useSearchParams();
   const router = useRouter();
+  
+  // Handle null searchParams
+  if (!searchParams) {
+    return <div className="min-h-screen flex items-center justify-center">Loading...</div>;
+  }
+  
   const workspaceId = searchParams.get("ws");
   const success = searchParams.get("success");
   

package/landing/src/app/workspace/page.tsx

@@ -184,6 +184,12 @@ function generatePreviewAnalytics(): ProviderAnalytics {
 export default function WorkspacePage() {
   const router = useRouter();
   const searchParams = useSearchParams();
+  
+  // Handle null searchParams
+  if (!searchParams) {
+    return <div className="min-h-screen flex items-center justify-center">Loading...</div>;
+  }
+  
   const tabFromUrl = searchParams.get("tab") as TabType | null;
   const subFromUrl = searchParams.get("sub") as AnalyticsSubtab | null;
   

package/landing/src/lib/stats.json

@@ -4,7 +4,7 @@
   "directCallCount": 18,
   "npmDownloads": 4232,
   "categoryCount": 13,
-  "generatedAt": "2026-03-18T12:30:05.958Z",
+  "generatedAt": "2026-03-19T12:16:00.022Z",
   "categoryBreakdown": {
     "Finance": 1179,
     "Auth & Security": 491,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nordsym/apiclaw",
-  "version": "1.5.9",
+  "version": "1.5.10",
   "description": "The API layer for AI agents. Dashboard + 22K APIs + 18 Direct Call providers. MCP native.",
   "type": "module",
   "main": "dist/index.js",
@@ -16,6 +16,7 @@
     "build": "tsc && cp -r src/registry dist/",
     "dev": "tsx watch src/index.ts",
     "start": "node dist/index.js",
+    "start:http": "tsx src/http-server-minimal.ts",
     "test": "tsx src/test.ts",
     "test:e2e": "tsx src/test.ts",
     "webhook": "tsx src/webhook.ts",
@@ -66,7 +67,7 @@
     "@types/inquirer": "^9.0.9",
     "chalk": "^5.6.2",
     "commander": "^14.0.3",
-    "convex": "^1.32.0",
+    "convex": "^1.33.1",
     "dotenv": "^17.3.1",
     "fs-extra": "^11.3.3",
     "hono": "^4.0.0",
@@ -77,6 +78,7 @@
   "devDependencies": {
     "@types/fs-extra": "^11.0.4",
     "@types/node": "^20.10.0",
+    "@vercel/node": "^5.6.16",
     "tsx": "^4.7.0",
     "typescript": "^5.3.0"
   },

package/scripts/test-whitelist-v2.sh

@@ -0,0 +1,128 @@
+#!/bin/bash
+# Test script for APIClaw Whitelist v2.0
+# Tests whitelist, access control, and analytics
+
+set -e
+
+echo "🧪 APIClaw Whitelist v2.0 Test Suite"
+echo "===================================="
+echo ""
+
+API_URL="${APICLAW_API_URL:-http://localhost:3000}"
+
+# Colors
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+function test_case() {
+  local name=$1
+  local expected=$2
+  local cmd=$3
+  
+  echo -n "Testing: $name ... "
+  
+  response=$(eval "$cmd" 2>&1)
+  status=$?
+  
+  if echo "$response" | grep -q "$expected"; then
+    echo -e "${GREEN}✓ PASS${NC}"
+    return 0
+  else
+    echo -e "${RED}✗ FAIL${NC}"
+    echo "  Expected: $expected"
+    echo "  Got: $response"
+    return 1
+  fi
+}
+
+echo "1. Test Whitelist Authorization"
+echo "--------------------------------"
+
+# Test 1: Whitelisted agent (namespaced)
+test_case \
+  "Namespaced agent (hivr:bytebee) authorized" \
+  "200\|success" \
+  "curl -s '$API_URL/api/discover?query=web&agentId=hivr:bytebee'"
+
+# Test 2: Whitelisted agent (legacy format)
+test_case \
+  "Legacy agent (bytebee) authorized" \
+  "200\|success" \
+  "curl -s '$API_URL/api/discover?query=web&agentId=bytebee'"
+
+# Test 3: Unauthorized agent
+test_case \
+  "Unauthorized agent denied" \
+  "403\|Unauthorized\|Access Denied" \
+  "curl -s '$API_URL/api/discover?query=web&agentId=hacker:evil'"
+
+echo ""
+echo "2. Test Access Control"
+echo "----------------------"
+
+# Test 4: Hivr agent accessing allowed provider
+test_case \
+  "Hivr agent accessing brave_search (allowed)" \
+  "200\|success" \
+  "curl -s -X POST '$API_URL/api/call_api' -H 'Content-Type: application/json' -d '{\"agentId\":\"hivr:bytebee\",\"provider\":\"brave_search\",\"action\":\"search\",\"params\":{\"query\":\"test\"}}'"
+
+# Test 5: Restricted access (if NordSym configured)
+# This will fail if NordSym not configured yet, which is OK
+echo -n "Testing: NordSym agent restricted access ... "
+if curl -s -X POST "$API_URL/api/call_api" \
+  -H "Content-Type: application/json" \
+  -d '{"agentId":"nordsym:test","provider":"restricted_api","action":"call","params":{}}' \
+  | grep -q "403\|Access Denied\|not whitelisted"; then
+  echo -e "${GREEN}✓ PASS${NC} (correctly denied)"
+else
+  echo -e "${YELLOW}⊘ SKIP${NC} (NordSym not configured)"
+fi
+
+echo ""
+echo "3. Test Analytics"
+echo "-----------------"
+
+# Test 6: Product field in logs
+if [ -f ~/.apiclaw/logs/api-calls.jsonl ]; then
+  recent_logs=$(tail -5 ~/.apiclaw/logs/api-calls.jsonl)
+  
+  echo -n "Testing: Product field in logs ... "
+  if echo "$recent_logs" | grep -q '"product":"hivr"'; then
+    echo -e "${GREEN}✓ PASS${NC}"
+  else
+    echo -e "${YELLOW}⊘ WARN${NC} (no recent Hivr calls logged)"
+  fi
+else
+  echo -e "${YELLOW}⊘ SKIP${NC} (no log file yet)"
+fi
+
+echo ""
+echo "4. Test Cache Behavior"
+echo "----------------------"
+
+# Test 7: Multiple requests use cache
+echo -n "Testing: Cache performance ... "
+start=$(date +%s%N)
+for i in {1..5}; do
+  curl -s "$API_URL/api/discover?query=web&agentId=hivr:bytebee" > /dev/null
+done
+end=$(date +%s%N)
+elapsed=$(( (end - start) / 1000000 )) # Convert to ms
+
+if [ $elapsed -lt 1000 ]; then
+  echo -e "${GREEN}✓ PASS${NC} (${elapsed}ms for 5 requests)"
+else
+  echo -e "${YELLOW}⊘ WARN${NC} (${elapsed}ms - cache might not be working)"
+fi
+
+echo ""
+echo "===================================="
+echo "Test suite complete!"
+echo ""
+echo "Next steps:"
+echo "1. Check logs: tail -f ~/.apiclaw/logs/api-calls.jsonl"
+echo "2. Monitor analytics for product field"
+echo "3. Add NordSym product source when ready"
+echo ""

package/src/access-control.ts

@@ -0,0 +1,174 @@
+/**
+ * Access Control System
+ * Controls which products/agents can access which providers
+ * 
+ * Rules format:
+ * - Wildcard: "hivr:*" = all Hivr agents
+ * - Specific: "hivr:bytebee" = only ByteBee
+ * - Product-level: "nordsym:*" = all NordSym agents
+ * 
+ * Provider wildcards:
+ * - "*" = all providers
+ * - "brave_*" = all Brave providers
+ * - Specific: ["brave_search", "groq"]
+ */
+
+interface AccessRule {
+  agentPattern: string;
+  allowedProviders: string[];
+  description?: string;
+}
+
+// Default access rules
+// These can be moved to Convex table for dynamic updates
+const DEFAULT_RULES: AccessRule[] = [
+  {
+    agentPattern: 'hivr:*',
+    allowedProviders: ['*'], // Hivr gets everything
+    description: 'All Hivr bees get full access',
+  },
+  {
+    agentPattern: 'nordsym:*',
+    allowedProviders: ['brave_search', 'groq', 'replicate'],
+    description: 'NordSym team gets selected providers',
+  },
+  // Add more rules as needed
+];
+
+// Cache for compiled rules
+let compiledRules: {
+  pattern: RegExp;
+  providers: string[];
+}[] | null = null;
+
+/**
+ * Compile agentPattern to RegExp
+ */
+function compilePattern(pattern: string): RegExp {
+  // Convert wildcard pattern to regex
+  // "hivr:*" → /^hivr:.+$/
+  // "hivr:byte*" → /^hivr:byte.+$/
+  const escaped = pattern
+    .replace(/[.+^${}()|[\]\\]/g, '\\$&') // Escape regex chars
+    .replace(/\*/g, '.+'); // Replace * with .+
+  
+  return new RegExp(`^${escaped}$`, 'i');
+}
+
+/**
+ * Compile all rules (cache for performance)
+ */
+function compileRules(): void {
+  compiledRules = DEFAULT_RULES.map(rule => ({
+    pattern: compilePattern(rule.agentPattern),
+    providers: rule.allowedProviders,
+  }));
+}
+
+/**
+ * Check if provider matches pattern
+ */
+function matchesProvider(provider: string, pattern: string): boolean {
+  if (pattern === '*') return true;
+  if (pattern.endsWith('*')) {
+    const prefix = pattern.slice(0, -1);
+    return provider.startsWith(prefix);
+  }
+  return provider === pattern;
+}
+
+/**
+ * Check if agentId is allowed to access provider
+ */
+export function canAccessProvider(agentId: string, provider: string): boolean {
+  if (!compiledRules) {
+    compileRules();
+  }
+  
+  const normalized = agentId.toLowerCase().trim();
+  const normalizedProvider = provider.toLowerCase().trim();
+  
+  // Find matching rule
+  for (const rule of compiledRules!) {
+    if (rule.pattern.test(normalized)) {
+      // Check if provider is allowed
+      for (const providerPattern of rule.providers) {
+        if (matchesProvider(normalizedProvider, providerPattern)) {
+          return true;
+        }
+      }
+      // Rule matched but provider not in allowlist
+      return false;
+    }
+  }
+  
+  // No rule matched = deny by default
+  console.warn(`[Access Control] No rule for ${normalized}`);
+  return false;
+}
+
+/**
+ * Get allowed providers for agentId
+ */
+export function getAllowedProviders(agentId: string): string[] {
+  if (!compiledRules) {
+    compileRules();
+  }
+  
+  const normalized = agentId.toLowerCase().trim();
+  
+  // Find matching rule
+  for (const rule of compiledRules!) {
+    if (rule.pattern.test(normalized)) {
+      return rule.providers;
+    }
+  }
+  
+  return [];
+}
+
+/**
+ * Add new access rule (runtime)
+ */
+export function addAccessRule(rule: AccessRule): void {
+  DEFAULT_RULES.push(rule);
+  compiledRules = null; // Force recompile
+  console.log(`[Access Control] Added rule for ${rule.agentPattern}`);
+}
+
+/**
+ * Get all access rules (for debugging/admin)
+ */
+export function getAccessRules(): AccessRule[] {
+  return [...DEFAULT_RULES];
+}
+
+/**
+ * Check if agentId + provider combination is allowed
+ * Combines whitelist check + access control
+ */
+export async function isAllowed(
+  agentId: string | undefined,
+  provider: string
+): Promise<{ allowed: boolean; reason?: string }> {
+  if (!agentId) {
+    return { allowed: false, reason: 'No agentId provided' };
+  }
+  
+  // First check: Is agent whitelisted?
+  const { isAuthorized } = await import('./product-whitelist.js');
+  const whitelisted = await isAuthorized(agentId);
+  
+  if (!whitelisted) {
+    return { allowed: false, reason: 'Agent not whitelisted' };
+  }
+  
+  // Second check: Does agent have access to this provider?
+  const hasAccess = canAccessProvider(agentId, provider);
+  
+  if (!hasAccess) {
+    return { allowed: false, reason: 'Provider not in access list' };
+  }
+  
+  return { allowed: true };
+}

package/src/analytics.ts

@@ -18,6 +18,10 @@ export interface APICallLog {
   success: boolean;
   latencyMs?: number;
   error?: string;
+  metadata?: {
+    product?: string;
+    [key: string]: any;
+  };
 }
 
 // Log directory
@@ -86,6 +90,7 @@ async function sendToConvex(log: APICallLog): Promise<void> {
         latencyMs: log.latencyMs,
         error: log.error,
         timestamp: log.timestamp,
+        ...log.metadata, // Include product and any other metadata
       },
     });
   } catch (e) {

package/src/credentials.ts

@@ -167,6 +167,22 @@ const providers: Record<string, ProviderCredential> = {
       return null;
     },
   },
+
+  apilayer: {
+    type: 'api_key',
+    get(): APICredentials | null {
+      const env = loadEnvFile('apilayer.env');
+      // Return all keys — handler picks the right one per action
+      const keys: Record<string, string> = {};
+      for (const [k, v] of Object.entries(env)) {
+        if (k.startsWith('APILAYER_') && v) {
+          keys[k] = v;
+        }
+      }
+      if (Object.keys(keys).length === 0) return null;
+      return { type: 'api_key', api_key: keys.APILAYER_EXCHANGERATE_KEY || '', ...keys } as any;
+    },
+  },
 };
 
 /**
@@ -215,6 +231,10 @@ export function hasRealCredentials(providerId: string): boolean {
     const env = loadEnvFile('e2b.env');
     return !!(env.E2B_API_KEY || process.env.E2B_API_KEY);
   }
+  if (providerId === 'apilayer') {
+    const env = loadEnvFile('apilayer.env');
+    return !!(env.APILAYER_EXCHANGERATE_KEY || process.env.APILAYER_EXCHANGERATE_KEY);
+  }
   return false;
 }