npm - @qqbrowser/openclaw-qbot - Versions diffs - 0.0.105 → 0.0.107 - Mend

@qqbrowser/openclaw-qbot 0.0.105 → 0.0.107

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (101) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@qqbrowser/openclaw-qbot",
-  "version": "0.0.105",
+  "version": "0.0.107",
   "description": "Multi-channel AI gateway with extensible messaging integrations",
   "keywords": [],
   "homepage": "https://github.com/openclaw/openclaw#readme",

package/preset-config.json CHANGED Viewed

@@ -10,7 +10,7 @@
           {
             "id": "deepseek-v3.2",
             "name": "DeepSeek V3.2",
-            "reasoning": true,
+            "reasoning": false,
             "input": ["text", "image"],
             "cost": {
               "input": 0,
@@ -87,7 +87,7 @@
           {
             "id": "DeepSeek-V3_2",
             "name": "DeepSeek-V3_2",
-            "reasoning": true,
+            "reasoning": false,
             "input": ["text", "image"],
             "cost": {
               "input": 0,

package/skills/srt-sandbox/SKILL.md ADDED Viewed

@@ -0,0 +1,126 @@
+---
+name: srt-sandbox
+description: "SRT 沙箱运行环境认知。模型启动时必须首先读取此 Skill，了解当前沙箱的文件系统、网络、安全边界，避免因不了解环境限制而做出错误判断。"
+disable-model-invocation: true
+metadata: { "openclaw": { "always": true, "emoji": "🔒" } }
+---
+# SRT 沙箱运行环境说明
+> **⚠️ 重要提示：** 你正在 SRT (Sandbox Runtime) 沙箱环境中运行。以下是你**必须了解**的运行环境边界。请在执行任何操作前确认目标路径和域名是否在允许范围内。
+## 一、沙箱概述
+SRT 沙箱通过 macOS Seatbelt（或 Linux bwrap）在操作系统级别强制执行安全策略。所有 bash/exec 命令都在沙箱内执行，文件工具（read/write/edit）通过 fsBridge 访问宿主文件系统。
+**核心原则：沙箱不是你的敌人，它是你的安全边界。遇到权限问题时，先检查是否超出了下面列出的允许范围，而不是简单地告诉用户"沙箱限制"。**
+## 二、文件系统权限
+### ✅ 允许写入的路径（allowWrite）
+以下路径你**可以自由读写**，包括创建文件、目录、修改、删除等操作：
+| 路径                | 说明                                           |
+| ------------------- | ---------------------------------------------- |
+| `.`（当前工作目录） | 你的主要工作区，通常是 `~/.qbotclaw/workspace` |
+| `~/.QBotclaw`       | QBotClaw 应用数据目录                          |
+| `/private/tmp`      | macOS 临时目录                                 |
+| `/var/tmp`          | 系统临时目录                                   |
+| `/tmp`              | 通用临时目录                                   |
+| `~/Desktop`         | 用户桌面                                       |
+| `~/Downloads`       | 用户下载目录                                   |
+| `~/Pictures`        | 用户图片目录                                   |
+**关键认知：**
+- 当用户要求在**桌面 (Desktop)**、**下载目录 (Downloads)**、**图片目录 (Pictures)** 创建文件时，这些操作是**完全允许的**，不要拒绝
+- 当用户要求在 `/tmp` 创建临时文件时，这也是**完全允许的**
+- 如果目标路径不在上述列表中（例如 `/Users/xxx/Documents/`、`/usr/local/`、`/etc/`），写入操作会被沙箱阻止
+### 🚫 禁止读取的路径（denyRead）
+以下路径的读取操作会被沙箱**强制拦截**，即使你有理由也无法访问：
+| 路径                 | 说明                               |
+| -------------------- | ---------------------------------- |
+| `~/.ssh`             | SSH 密钥目录（包含私钥等敏感信息） |
+| `~/.gnupg`           | GPG 密钥目录                       |
+| `~/.aws/credentials` | AWS 凭证文件                       |
+### 🚫 禁止写入的文件（denyWrite）
+以下文件名的写入操作会被**强制拦截**，无论在哪个目录下：
+| 文件名            | 说明             |
+| ----------------- | ---------------- |
+| `.env`            | 环境变量配置文件 |
+| `.env.local`      | 本地环境变量配置 |
+| `.env.production` | 生产环境配置     |
+## 三、网络访问权限
+### ✅ 允许访问的域名（allowedDomains）
+当前配置使用**广泛通配符**，以下顶级域名下的所有子域名都可以访问：
+```
+*.com  *.org  *.net  *.io  *.dev  *.cn  *.ai
+*.cc   *.co   *.me   *.in  *.app  *.sh  *.xyz
+*.info *.edu  *.gov  *.uk  *.jp   *.de
+```
+这意味着**绝大多数常见网站都可以访问**，包括但不限于：
+- GitHub、NPM、PyPI 等开发平台
+- Google、Bing 等搜索引擎
+- 各类 API 服务（OpenAI、Anthropic 等）
+- 腾讯云、阿里云等国内服务
+### 🔒 本地网络绑定
+`allowLocalBinding: true` — 允许绑定本地端口（localhost），可以启动本地开发服务器。
+## 四、操作决策指南
+### 当用户要求写文件时
+```
+1. 确认目标路径是否在 allowWrite 列表中
+2. 确认文件名不在 denyWrite 列表中
+3. 如果都满足 → 直接执行，不要犹豫
+4. 如果不满足 → 向用户说明限制，并建议替代路径
+```
+**常见正确决策示例：**
+| 用户请求                | 正确做法                                              | 原因                             |
+| ----------------------- | ----------------------------------------------------- | -------------------------------- |
+| "在桌面创建一个文件"    | ✅ 直接执行 `touch ~/Desktop/文件名`                  | `~/Desktop` 在 allowWrite 中     |
+| "在下载目录保存文件"    | ✅ 直接执行                                           | `~/Downloads` 在 allowWrite 中   |
+| "在 /tmp 创建临时文件"  | ✅ 直接执行                                           | `/tmp` 在 allowWrite 中          |
+| "在工作目录创建项目"    | ✅ 直接执行                                           | `.`（工作目录）在 allowWrite 中  |
+| "在 Documents 创建文件" | ⚠️ 告知用户该路径不在允许范围，建议使用桌面或下载目录 | `~/Documents` 不在 allowWrite 中 |
+| "修改 /etc/hosts"       | ⚠️ 告知用户系统目录不可写                             | `/etc` 不在 allowWrite 中        |
+| "创建 .env 文件"        | ⚠️ 告知用户 `.env` 文件被安全策略禁止写入             | `.env` 在 denyWrite 中           |
+### 当操作失败并出现权限错误时
+```
+1. 检查 stderr 中的路径是否在 allowWrite 之外 → 沙箱限制
+2. 检查文件名是否匹配 denyWrite → 安全策略限制
+3. 检查路径是否在 denyRead 中 → 敏感路径保护
+4. 如果路径在 allowWrite 内但仍失败 → 这是普通 Unix 权限问题，不是沙箱限制
+```
+### 当用户说"在这里创建"但没指定具体路径时
+优先使用当前工作目录 `.`（始终可写），其次考虑用户最可能期望的位置（桌面、下载目录等）。
+## 五、重要提醒
+1. **不要过度归因于沙箱限制** — 如果操作路径在 allowWrite 列表内，失败原因可能是 Unix 权限、磁盘空间等，与沙箱无关
+2. **不要在不确定时就拒绝操作** — 先看本文档确认路径是否允许，大多数常规操作都是可以的
+3. **桌面、下载、图片三个用户目录是可写的** — 这是最容易被忽略的，不要错误地告诉用户这些路径不可用
+4. **网络几乎不受限** — 当前配置允许绝大多数顶级域名，不要因为"沙箱"就认为网络被封锁
+5. **工作目录始终可用** — 无论什么操作，当前工作目录都是安全的后备选择

package/extensions/acpx/skills/acp-router/SKILL.md DELETED Viewed

@@ -1,219 +0,0 @@
----
-name: acp-router
-description: Route plain-language requests for Pi, Claude Code, Codex, OpenCode, Gemini CLI, or ACP harness work into either OpenClaw ACP runtime sessions or direct acpx-driven sessions ("telephone game" flow). For coding-agent thread requests, read this skill first, then use only `sessions_spawn` for thread creation.
-user-invocable: false
----
-# ACP Harness Router
-When user intent is "run this in Pi/Claude Code/Codex/OpenCode/Gemini/Kimi (ACP harness)", do not use subagent runtime or PTY scraping. Route through ACP-aware flows.
-## Intent detection
-Trigger this skill when the user asks OpenClaw to:
-- run something in Pi / Claude Code / Codex / OpenCode / Gemini
-- continue existing harness work
-- relay instructions to an external coding harness
-- keep an external harness conversation in a thread-like conversation
-Mandatory preflight for coding-agent thread requests:
-- Before creating any thread for Pi/Claude/Codex/OpenCode/Gemini work, read this skill first in the same turn.
-- After reading, follow `OpenClaw ACP runtime path` below; do not use `message(action="thread-create")` for ACP harness thread spawn.
-## Mode selection
-Choose one of these paths:
-1. OpenClaw ACP runtime path (default): use `sessions_spawn` / ACP runtime tools.
-2. Direct `acpx` path (telephone game): use `acpx` CLI through `exec` to drive the harness session directly.
-Use direct `acpx` when one of these is true:
-- user explicitly asks for direct `acpx` driving
-- ACP runtime/plugin path is unavailable or unhealthy
-- the task is "just relay prompts to harness" and no OpenClaw ACP lifecycle features are needed
-Do not use:
-- `subagents` runtime for harness control
-- `/acp` command delegation as a requirement for the user
-- PTY scraping of pi/claude/codex/opencode/gemini/kimi CLIs when `acpx` is available
-## AgentId mapping
-Use these defaults when user names a harness directly:
-- "pi" -> `agentId: "pi"`
-- "claude" or "claude code" -> `agentId: "claude"`
-- "codex" -> `agentId: "codex"`
-- "opencode" -> `agentId: "opencode"`
-- "gemini" or "gemini cli" -> `agentId: "gemini"`
-- "kimi" or "kimi cli" -> `agentId: "kimi"`
-These defaults match current acpx built-in aliases.
-If policy rejects the chosen id, report the policy error clearly and ask for the allowed ACP agent id.
-## OpenClaw ACP runtime path
-Required behavior:
-1. For ACP harness thread spawn requests, read this skill first in the same turn before calling tools.
-2. Use `sessions_spawn` with:
-   - `runtime: "acp"`
-   - `thread: true`
-   - `mode: "session"` (unless user explicitly wants one-shot)
-3. For ACP harness thread creation, do not use `message` with `action=thread-create`; `sessions_spawn` is the only thread-create path.
-4. Put requested work in `task` so the ACP session gets it immediately.
-5. Set `agentId` explicitly unless ACP default agent is known.
-6. Do not ask user to run slash commands or CLI when this path works directly.
-Example:
-User: "spawn a test codex session in thread and tell it to say hi"
-Call:
-```json
-{
-  "task": "Say hi.",
-  "runtime": "acp",
-  "agentId": "codex",
-  "thread": true,
-  "mode": "session"
-}
-```
-## Thread spawn recovery policy
-When the user asks to start a coding harness in a thread (for example "start a codex/claude/pi/kimi thread"), treat that as an ACP runtime request and try to satisfy it end-to-end.
-Required behavior when ACP backend is unavailable:
-1. Do not immediately ask the user to pick an alternate path.
-2. First attempt automatic local repair:
-   - ensure plugin-local pinned acpx is installed in `extensions/acpx`
-   - verify `${ACPX_CMD} --version`
-3. After reinstall/repair, restart the gateway and explicitly offer to run that restart for the user.
-4. Retry ACP thread spawn once after repair.
-5. Only if repair+retry fails, report the concrete error and then offer fallback options.
-When offering fallback, keep ACP first:
-- Option 1: retry ACP spawn after showing exact failing step
-- Option 2: direct acpx telephone-game flow
-Do not default to subagent runtime for these requests.
-## ACPX install and version policy (direct acpx path)
-For this repo, direct `acpx` calls must follow the same pinned policy as the `@openclaw/acpx` extension.
-1. Prefer plugin-local binary, not global PATH:
-   - `./extensions/acpx/node_modules/.bin/acpx`
-2. Resolve pinned version from extension dependency:
-   - `node -e "console.log(require('./extensions/acpx/package.json').dependencies.acpx)"`
-3. If binary is missing or version mismatched, install plugin-local pinned version:
-   - `cd extensions/acpx && npm install --omit=dev --no-save acpx@<pinnedVersion>`
-4. Verify before use:
-   - `./extensions/acpx/node_modules/.bin/acpx --version`
-5. If install/repair changed ACPX artifacts, restart the gateway and offer to run the restart.
-6. Do not run `npm install -g acpx` unless the user explicitly asks for global install.
-Set and reuse:
-```bash
-ACPX_CMD="./extensions/acpx/node_modules/.bin/acpx"
-```
-## Direct acpx path ("telephone game")
-Use this path to drive harness sessions without `/acp` or subagent runtime.
-### Rules
-1. Use `exec` commands that call `${ACPX_CMD}`.
-2. Reuse a stable session name per conversation so follow-up prompts stay in the same harness context.
-3. Prefer `--format quiet` for clean assistant text to relay back to user.
-4. Use `exec` (one-shot) only when the user wants one-shot behavior.
-5. Keep working directory explicit (`--cwd`) when task scope depends on repo context.
-### Session naming
-Use a deterministic name, for example:
-- `oc-<harness>-<conversationId>`
-Where `conversationId` is thread id when available, otherwise channel/conversation id.
-### Command templates
-Persistent session (create if missing, then prompt):
-```bash
-${ACPX_CMD} codex sessions show oc-codex-<conversationId> \
-  || ${ACPX_CMD} codex sessions new --name oc-codex-<conversationId>
-${ACPX_CMD} codex -s oc-codex-<conversationId> --cwd <workspacePath> --format quiet "<prompt>"
-```
-One-shot:
-```bash
-${ACPX_CMD} codex exec --cwd <workspacePath> --format quiet "<prompt>"
-```
-Cancel in-flight turn:
-```bash
-${ACPX_CMD} codex cancel -s oc-codex-<conversationId>
-```
-Close session:
-```bash
-${ACPX_CMD} codex sessions close oc-codex-<conversationId>
-```
-### Harness aliases in acpx
-- `pi`
-- `claude`
-- `codex`
-- `opencode`
-- `gemini`
-- `kimi`
-### Built-in adapter commands in acpx
-Defaults are:
-- `pi -> npx pi-acp`
-- `claude -> npx -y @zed-industries/claude-agent-acp`
-- `codex -> npx @zed-industries/codex-acp`
-- `opencode -> npx -y opencode-ai acp`
-- `gemini -> gemini`
-- `kimi -> kimi acp`
-If `~/.acpx/config.json` overrides `agents`, those overrides replace defaults.
-### Failure handling
-- `acpx: command not found`:
-  - for thread-spawn ACP requests, install plugin-local pinned acpx in `extensions/acpx` immediately
-  - restart gateway after install and offer to run the restart automatically
-  - then retry once
-  - do not ask for install permission first unless policy explicitly requires it
-  - do not install global `acpx` unless explicitly requested
-- adapter command missing (for example `claude-agent-acp` not found):
-  - for thread-spawn ACP requests, first restore built-in defaults by removing broken `~/.acpx/config.json` agent overrides
-  - then retry once before offering fallback
-  - if user wants binary-based overrides, install exactly the configured adapter binary
-- `NO_SESSION`: run `${ACPX_CMD} <agent> sessions new --name <sessionName>` then retry prompt.
-- queue busy: either wait for completion (default) or use `--no-wait` when async behavior is explicitly desired.
-### Output relay
-When relaying to user, return the final assistant text output from `acpx` command result. Avoid relaying raw local tool noise unless user asked for verbose logs.

package/extensions/diffs/skills/diffs/SKILL.md DELETED Viewed

@@ -1,22 +0,0 @@
----
-name: diffs
-description: Use the diffs tool to produce real, shareable diffs (viewer URL, file artifact, or both) instead of manual edit summaries.
----
-When you need to show edits as a real diff, prefer the `diffs` tool instead of writing a manual summary.
-The `diffs` tool accepts either `before` + `after` text, or a unified `patch` string.
-Use `mode=view` when you want an interactive gateway-hosted viewer. After the tool returns, use `details.viewerUrl` with the canvas tool via `canvas present` or `canvas navigate`.
-Use `mode=file` when you need a rendered file artifact. Set `fileFormat=png` (default) or `fileFormat=pdf`. The tool result includes `details.filePath`.
-For large or high-fidelity files, use `fileQuality` (`standard`|`hq`|`print`) and optionally override `fileScale`/`fileMaxWidth`.
-When you need to deliver the rendered file to a user or channel, do not rely on the raw tool-result renderer. Instead, call the `message` tool and pass `details.filePath` through `path` or `filePath`.
-Use `mode=both` when you want both the gateway viewer URL and the rendered artifact.
-If the user has configured diffs plugin defaults, prefer omitting `mode`, `theme`, `layout`, and related presentation options unless you need to override them for this specific diff.
-Include `path` for before/after text when you know the file name.

package/extensions/lobster/SKILL.md DELETED Viewed

@@ -1,97 +0,0 @@
-# Lobster
-Lobster executes multi-step workflows with approval checkpoints. Use it when:
-- User wants a repeatable automation (triage, monitor, sync)
-- Actions need human approval before executing (send, post, delete)
-- Multiple tool calls should run as one deterministic operation
-## When to use Lobster
-| User intent                                            | Use Lobster?                                  |
-| ------------------------------------------------------ | --------------------------------------------- |
-| "Triage my email"                                      | Yes — multi-step, may send replies            |
-| "Send a message"                                       | No — single action, use message tool directly |
-| "Check my email every morning and ask before replying" | Yes — scheduled workflow with approval        |
-| "What's the weather?"                                  | No — simple query                             |
-| "Monitor this PR and notify me of changes"             | Yes — stateful, recurring                     |
-## Basic usage
-### Run a pipeline
-```json
-{
-  "action": "run",
-  "pipeline": "gog.gmail.search --query 'newer_than:1d' --max 20 | email.triage"
-}
-```
-Returns structured result:
-```json
-{
-  "protocolVersion": 1,
-  "ok": true,
-  "status": "ok",
-  "output": [{ "summary": {...}, "items": [...] }],
-  "requiresApproval": null
-}
-```
-### Handle approval
-If the workflow needs approval:
-```json
-{
-  "status": "needs_approval",
-  "output": [],
-  "requiresApproval": {
-    "prompt": "Send 3 draft replies?",
-    "items": [...],
-    "resumeToken": "..."
-  }
-}
-```
-Present the prompt to the user. If they approve:
-```json
-{
-  "action": "resume",
-  "token": "<resumeToken>",
-  "approve": true
-}
-```
-## Example workflows
-### Email triage
-```
-gog.gmail.search --query 'newer_than:1d' --max 20 | email.triage
-```
-Fetches recent emails, classifies into buckets (needs_reply, needs_action, fyi).
-### Email triage with approval gate
-```
-gog.gmail.search --query 'newer_than:1d' | email.triage | approve --prompt 'Process these?'
-```
-Same as above, but halts for approval before returning.
-## Key behaviors
-- **Deterministic**: Same input → same output (no LLM variance in pipeline execution)
-- **Approval gates**: `approve` command halts execution, returns token
-- **Resumable**: Use `resume` action with token to continue
-- **Structured output**: Always returns JSON envelope with `protocolVersion`
-## Don't use Lobster for
-- Simple single-action requests (just use the tool directly)
-- Queries that need LLM interpretation mid-flow
-- One-off tasks that won't be repeated

package/extensions/open-prose/skills/prose/LICENSE DELETED Viewed

@@ -1,21 +0,0 @@
-MIT License
-Copyright (c) 2025 OpenProse
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.