@nordsym/apiclaw 2.2.0 → 2.2.1

package/src/http-api.ts

@@ -1,286 +0,0 @@
-/**
- * APIClaw HTTP API Server
- * Provides REST endpoints for headless agents (Hivr bees, webhooks, etc)
- * 
- * Endpoints:
- * - GET  /api/discover?query=...&agentId=...
- * - POST /api/call_api { provider, action, params, agentId }
- * - GET  /health
- * 
- * Auth: Whitelist-based for Hivr bees
- */
-
-import { createServer, IncomingMessage, ServerResponse } from 'http';
-import { URL } from 'url';
-import { discoverAPIs } from './discovery.js';
-import { isOpenAPI, executeOpenAPI } from './open-apis.js';
-import { executeMetered } from './metered.js';
-import { logAPICall } from './mcp-analytics.js';
-import { getMachineFingerprint } from './session.js';
-import { isAuthorized, getProduct } from './product-whitelist.js';
-
-interface APIRequest {
-  provider: string;
-  action: string;
-  params: Record<string, any>;
-  agentId: string;
-}
-
-/**
- * Parse JSON body from request
- */
-async function parseBody<T>(req: IncomingMessage): Promise<T> {
-  return new Promise((resolve, reject) => {
-    let body = '';
-    req.on('data', chunk => body += chunk.toString());
-    req.on('end', () => {
-      try {
-        resolve(JSON.parse(body));
-      } catch (e) {
-        reject(new Error('Invalid JSON'));
-      }
-    });
-    req.on('error', reject);
-  });
-}
-
-/**
- * Send JSON response
- */
-function sendJSON(res: ServerResponse, status: number, data: any): void {
-  res.writeHead(status, {
-    'Content-Type': 'application/json',
-    'Access-Control-Allow-Origin': '*',
-    'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
-    'Access-Control-Allow-Headers': 'Content-Type, X-Agent-Id',
-  });
-  res.end(JSON.stringify(data));
-}
-
-/**
- * Handle /api/discover
- * GET /api/discover?query=web+search&agentId=bytebee&category=Search&maxResults=5
- */
-async function handleDiscover(req: IncomingMessage, res: ServerResponse, url: URL): Promise<void> {
-  const query = url.searchParams.get('query');
-  const agentId = url.searchParams.get('agentId');
-  const category = url.searchParams.get('category') || undefined;
-  const maxResults = parseInt(url.searchParams.get('maxResults') || '5');
-  
-  if (!query) {
-    sendJSON(res, 400, { error: 'Missing query parameter' });
-    return;
-  }
-  
-  if (!(await isAuthorized(agentId || undefined))) {
-    sendJSON(res, 403, { 
-      error: 'Unauthorized', 
-      message: 'This endpoint is restricted to Hivr bees. Contact admin@nordsym.com for access.',
-    });
-    return;
-  }
-  
-  const startTime = Date.now();
-  const results = discoverAPIs(query, { category, maxResults });
-  const responseTimeMs = Date.now() - startTime;
-  
-  // Log to analytics with product info
-  const product = agentId ? getProduct(agentId) : null;
-  logAPICall({
-    timestamp: new Date().toISOString(),
-    provider: 'apiclaw_discovery',
-    action: 'discover',
-    type: 'open',
-    userId: agentId || 'unknown',
-    success: true,
-    latencyMs: responseTimeMs,
-    metadata: product ? { product } : undefined,
-  });
-  
-  sendJSON(res, 200, {
-    success: true,
-    query,
-    results: results.map(r => ({
-      provider: r.provider,
-      score: r.relevance_score,
-      reasons: r.match_reasons,
-    })),
-    count: results.length,
-    responseTimeMs,
-  });
-}
-
-/**
- * Handle /api/call_api
- * POST /api/call_api
- * Body: { provider: "brave_search", action: "search", params: { query: "AI news" }, agentId: "bytebee" }
- */
-async function handleCallAPI(req: IncomingMessage, res: ServerResponse): Promise<void> {
-  let body: APIRequest;
-  
-  try {
-    body = await parseBody<APIRequest>(req);
-  } catch (e) {
-    sendJSON(res, 400, { error: 'Invalid JSON body' });
-    return;
-  }
-  
-  const { provider, action, params, agentId } = body;
-  
-  if (!provider || !action || !params || !agentId) {
-    sendJSON(res, 400, { 
-      error: 'Missing required fields', 
-      required: ['provider', 'action', 'params', 'agentId'] 
-    });
-    return;
-  }
-  
-  // Check whitelist + access control
-  const { isAllowed } = await import('./access-control.js');
-  const accessCheck = await isAllowed(agentId, provider);
-  
-  if (!accessCheck.allowed) {
-    sendJSON(res, 403, { 
-      error: 'Access Denied', 
-      message: accessCheck.reason || 'Not authorized',
-      hint: 'Contact admin@nordsym.com for access',
-    });
-    return;
-  }
-  
-  const startTime = Date.now();
-  let result: any;
-  let apiType: 'open' | 'direct';
-  let success = true;
-  let error: string | undefined;
-  
-  try {
-    if (isOpenAPI(provider)) {
-      apiType = 'open';
-      result = await executeOpenAPI(provider, action, params);
-      success = result.success;
-      error = result.error;
-    } else {
-      apiType = 'direct';
-      // For Direct Call APIs, use Hivr's workspace/credentials
-      // TODO: Get Hivr workspace token from env or config
-      const customerKey = process.env.APICLAW_HIVR_CUSTOMER_KEY;
-      const stripeCustomerId = process.env.APICLAW_HIVR_STRIPE_CUSTOMER;
-      
-      result = await executeMetered(provider, action, params, {
-        customerId: stripeCustomerId,
-        customerKey,
-        userId: `hivr:${agentId}`,
-      });
-      success = result.success;
-      error = result.error;
-    }
-  } catch (e: any) {
-    success = false;
-    error = e.message;
-    result = { success: false, error: error };
-  }
-  
-  const latencyMs = Date.now() - startTime;
-  
-  // Log to analytics with product info
-  const product = getProduct(agentId);
-  logAPICall({
-    timestamp: new Date().toISOString(),
-    provider,
-    action,
-    type: apiType!,
-    userId: agentId,
-    success,
-    latencyMs,
-    error,
-    metadata: product ? { product } : undefined,
-  });
-  
-  sendJSON(res, success ? 200 : 500, {
-    success,
-    provider,
-    action,
-    agentId,
-    data: result.data,
-    error: result.error,
-    latencyMs,
-  });
-}
-
-/**
- * Handle OPTIONS (CORS preflight)
- */
-function handleOptions(res: ServerResponse): void {
-  res.writeHead(204, {
-    'Access-Control-Allow-Origin': '*',
-    'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
-    'Access-Control-Allow-Headers': 'Content-Type, X-Agent-Id',
-    'Access-Control-Max-Age': '86400',
-  });
-  res.end();
-}
-
-/**
- * Main request handler
- */
-async function handleRequest(req: IncomingMessage, res: ServerResponse): Promise<void> {
-  const url = new URL(req.url || '/', `http://${req.headers.host}`);
-  
-  console.log(`[APIClaw HTTP] ${req.method} ${url.pathname}`);
-  
-  // CORS preflight
-  if (req.method === 'OPTIONS') {
-    handleOptions(res);
-    return;
-  }
-  
-  // Health check
-  if (url.pathname === '/health') {
-    sendJSON(res, 200, { status: 'ok', service: 'apiclaw-http-api' });
-    return;
-  }
-  
-  // Route requests
-  if (url.pathname === '/api/discover' && req.method === 'GET') {
-    await handleDiscover(req, res, url);
-    return;
-  }
-  
-  if (url.pathname === '/api/call_api' && req.method === 'POST') {
-    await handleCallAPI(req, res);
-    return;
-  }
-  
-  // 404
-  sendJSON(res, 404, { error: 'Not found' });
-}
-
-/**
- * Start HTTP server
- */
-export function startHTTPServer(port: number = 3000): void {
-  const server = createServer(async (req, res) => {
-    try {
-      await handleRequest(req, res);
-    } catch (error: any) {
-      console.error('[APIClaw HTTP] Error:', error);
-      sendJSON(res, 500, { error: 'Internal server error', message: error.message });
-    }
-  });
-  
-  server.listen(port, () => {
-    console.log(`\n🦞 APIClaw HTTP API running on http://localhost:${port}`);
-    console.log(`   GET  /api/discover?query=...&agentId=...`);
-    console.log(`   POST /api/call_api`);
-    console.log(`   GET  /health\n`);
-  });
-  
-  server.on('error', (error: any) => {
-    if (error.code === 'EADDRINUSE') {
-      console.error(`[APIClaw HTTP] Port ${port} is already in use`);
-    } else {
-      console.error('[APIClaw HTTP] Server error:', error);
-    }
-  });
-}

package/src/http-server-minimal.ts

@@ -1,154 +0,0 @@
-#!/usr/bin/env node
-/**
- * Minimal HTTP API Server for APIClaw
- * Bypasses chain executor imports
- */
-
-import { createServer } from 'http';
-import { URL } from 'url';
-
-const PORT = parseInt(process.env.PORT || '3001');
-
-// Import whitelist directly
-import { isAuthorized, getProduct } from './product-whitelist.js';
-
-interface APIRequest {
-  provider: string;
-  action: string;
-  params: Record<string, any>;
-  agentId: string;
-}
-
-function sendJSON(res: any, status: number, data: any): void {
-  res.writeHead(status, {
-    'Content-Type': 'application/json',
-    'Access-Control-Allow-Origin': '*',
-  });
-  res.end(JSON.stringify(data));
-}
-
-async function parseBody<T>(req: any): Promise<T> {
-  return new Promise((resolve, reject) => {
-    let body = '';
-    req.on('data', (chunk: any) => body += chunk.toString());
-    req.on('end', () => {
-      try {
-        resolve(JSON.parse(body));
-      } catch (e) {
-        reject(new Error('Invalid JSON'));
-      }
-    });
-  });
-}
-
-const server = createServer(async (req, res) => {
-  const url = new URL(req.url || '/', `http://${req.headers.host}`);
-  
-  console.log(`[APIClaw] ${req.method} ${url.pathname}`);
-  
-  // CORS
-  if (req.method === 'OPTIONS') {
-    res.writeHead(204, {
-      'Access-Control-Allow-Origin': '*',
-      'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
-      'Access-Control-Allow-Headers': 'Content-Type',
-    });
-    res.end();
-    return;
-  }
-  
-  // Health check
-  if (url.pathname === '/health') {
-    sendJSON(res, 200, { 
-      status: 'ok', 
-      service: 'apiclaw-http-api',
-      version: '2.0.0',
-      whitelist: 'multi-product',
-    });
-    return;
-  }
-  
-  // Discovery endpoint
-  if (url.pathname === '/api/discover' && req.method === 'GET') {
-    const query = url.searchParams.get('query');
-    const agentId = url.searchParams.get('agentId');
-    
-    if (!query) {
-      sendJSON(res, 400, { error: 'Missing query parameter' });
-      return;
-    }
-    
-    const authorized = await isAuthorized(agentId || undefined);
-    
-    if (!authorized) {
-      sendJSON(res, 403, {
-        error: 'Unauthorized',
-        message: 'This endpoint is restricted. Contact admin@nordsym.com',
-      });
-      return;
-    }
-    
-    const product = agentId ? getProduct(agentId) : null;
-    
-    sendJSON(res, 200, {
-      success: true,
-      query,
-      agentId,
-      product,
-      message: 'Whitelist v2.0 active - discovery endpoint placeholder',
-    });
-    return;
-  }
-  
-  // Call API endpoint
-  if (url.pathname === '/api/call_api' && req.method === 'POST') {
-    try {
-      const body = await parseBody<APIRequest>(req);
-      const { provider, action, params, agentId } = body;
-      
-      if (!provider || !action || !agentId) {
-        sendJSON(res, 400, {
-          error: 'Missing required fields',
-          required: ['provider', 'action', 'agentId', 'params'],
-        });
-        return;
-      }
-      
-      const authorized = await isAuthorized(agentId);
-      
-      if (!authorized) {
-        sendJSON(res, 403, {
-          error: 'Unauthorized',
-          message: 'Agent not whitelisted',
-        });
-        return;
-      }
-      
-      const product = getProduct(agentId);
-      
-      sendJSON(res, 200, {
-        success: true,
-        agentId,
-        provider,
-        action,
-        product,
-        message: 'Whitelist v2.0 active - execution placeholder',
-      });
-      
-    } catch (e: any) {
-      sendJSON(res, 400, { error: e.message });
-    }
-    return;
-  }
-  
-  // 404
-  sendJSON(res, 404, { error: 'Not found' });
-});
-
-server.listen(PORT, () => {
-  console.log(`\n🦞 APIClaw HTTP API (Whitelist v2.0)`);
-  console.log(`   Running on http://localhost:${PORT}`);
-  console.log(`   GET  /health`);
-  console.log(`   GET  /api/discover?query=...&agentId=...`);
-  console.log(`   POST /api/call_api\n`);
-});