@remnic/plugin-openclaw 1.0.10 → 1.0.11

package/dist/chunk-MBIFE6SA.js

@@ -0,0 +1,250 @@
+// ../remnic-core/src/console/state.ts
+import { promises as fs, createReadStream } from "fs";
+import { createInterface } from "readline";
+import path from "path";
+var MAX_LEDGER_TAIL = 50;
+var MAX_VERDICT_TAIL = 25;
+var MAX_DEDUP_TAIL = 10;
+async function gatherConsoleState(orchestrator) {
+  const errors = [];
+  const capturedAt = (/* @__PURE__ */ new Date()).toISOString();
+  const bufferState = readBufferState(orchestrator, errors);
+  const extractionQueue = readExtractionQueue(orchestrator, errors);
+  const dedupRecent = readDedupRecent(orchestrator, errors);
+  const maintenanceLedgerTail = await readMaintenanceLedgerTail(
+    orchestrator,
+    errors
+  );
+  const qmdProbe = readQmdProbe(orchestrator, errors);
+  const daemon = readDaemonInfo(orchestrator, errors);
+  return {
+    capturedAt,
+    bufferState,
+    extractionQueue,
+    dedupRecent,
+    maintenanceLedgerTail,
+    qmdProbe,
+    daemon,
+    errors
+  };
+}
+function readBufferState(orchestrator, errors) {
+  try {
+    const getTurns = orchestrator.buffer?.getTurns;
+    if (typeof getTurns !== "function") {
+      return { turnsCount: 0, byteCount: 0 };
+    }
+    const turns = getTurns.call(orchestrator.buffer) ?? [];
+    let byteCount = 0;
+    for (const turn of turns) {
+      const content = typeof turn?.content === "string" ? turn.content : "";
+      byteCount += Buffer.byteLength(content, "utf8");
+    }
+    return { turnsCount: turns.length, byteCount };
+  } catch (err) {
+    errors.push(`bufferState: ${describeError(err)}`);
+    return { turnsCount: 0, byteCount: 0 };
+  }
+}
+function readExtractionQueue(orchestrator, errors) {
+  try {
+    const depth = typeof orchestrator.getConsoleExtractionQueueDepth === "function" ? orchestrator.getConsoleExtractionQueueDepth() : 0;
+    const verdicts = typeof orchestrator.getConsoleExtractionRecentVerdicts === "function" ? orchestrator.getConsoleExtractionRecentVerdicts() : [];
+    const recentVerdicts = (verdicts ?? []).slice(-MAX_VERDICT_TAIL).map((v) => ({
+      ts: typeof v?.ts === "string" ? v.ts : "",
+      kind: typeof v?.kind === "string" ? v.kind : "unknown",
+      ...typeof v?.reason === "string" ? { reason: v.reason } : {}
+    }));
+    return { depth: Number.isFinite(depth) ? depth : 0, recentVerdicts };
+  } catch (err) {
+    errors.push(`extractionQueue: ${describeError(err)}`);
+    return { depth: 0, recentVerdicts: [] };
+  }
+}
+function readDedupRecent(orchestrator, errors) {
+  try {
+    if (typeof orchestrator.getConsoleDedupRecentDecisions !== "function") return [];
+    const raw = orchestrator.getConsoleDedupRecentDecisions() ?? [];
+    return raw.slice(-MAX_DEDUP_TAIL).map((d) => ({
+      ts: typeof d?.ts === "string" ? d.ts : "",
+      decision: typeof d?.decision === "string" ? d.decision : "unknown",
+      ...typeof d?.fingerprint === "string" ? { fingerprint: d.fingerprint } : {},
+      ...typeof d?.similarity === "number" && Number.isFinite(d.similarity) ? { similarity: d.similarity } : {}
+    }));
+  } catch (err) {
+    errors.push(`dedupRecent: ${describeError(err)}`);
+    return [];
+  }
+}
+async function streamLedgerTopN(ledgerPath, topN, project) {
+  let stream;
+  try {
+    await fs.stat(ledgerPath);
+  } catch (err) {
+    const code = err.code;
+    if (code === "ENOENT") return [];
+    throw err;
+  }
+  try {
+    stream = createReadStream(ledgerPath, { encoding: "utf-8" });
+  } catch (err) {
+    const code = err.code;
+    if (code === "ENOENT") return [];
+    throw err;
+  }
+  const rl = createInterface({ input: stream, crlfDelay: Infinity });
+  const cap = Math.max(1, topN) * 2;
+  const buf = [];
+  const truncate = () => {
+    buf.sort((a, b) => {
+      const aMs = Date.parse(a.ts);
+      const bMs = Date.parse(b.ts);
+      if (Number.isFinite(aMs) && Number.isFinite(bMs)) return bMs - aMs;
+      if (Number.isFinite(aMs)) return -1;
+      if (Number.isFinite(bMs)) return 1;
+      return 0;
+    });
+    if (buf.length > topN) buf.length = topN;
+  };
+  try {
+    for await (const line of rl) {
+      const trimmed = line.trim();
+      if (!trimmed) continue;
+      let parsed;
+      try {
+        parsed = JSON.parse(trimmed);
+      } catch {
+        continue;
+      }
+      if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
+        continue;
+      }
+      const event = project(parsed);
+      if (event === null) continue;
+      if (!event.ts || !Number.isFinite(Date.parse(event.ts))) continue;
+      buf.push(event);
+      if (buf.length >= cap) truncate();
+    }
+  } finally {
+    rl.close();
+    stream.close();
+  }
+  truncate();
+  return buf.reverse();
+}
+function projectLedgerRow(p) {
+  const ts = typeof p.ts === "string" && p.ts.length > 0 ? p.ts : typeof p.hour === "string" && p.hour.length > 0 ? p.hour : typeof p.rebuiltAt === "string" && p.rebuiltAt.length > 0 ? p.rebuiltAt : "";
+  const category = typeof p.category === "string" && p.category.length > 0 ? p.category : typeof p.verdictKind === "string" ? "judge-verdict" : typeof p.turnCount === "number" ? "observation" : "unknown";
+  const summary = summarizeLedgerEvent(p);
+  return { ts, category, summary };
+}
+async function readMaintenanceLedgerTail(orchestrator, errors) {
+  try {
+    const memoryDir = orchestrator.config?.memoryDir;
+    if (!memoryDir || typeof memoryDir !== "string") return [];
+    const ledgerDir = path.join(memoryDir, "state", "observation-ledger");
+    const verdictsTopN = await streamLedgerTopN(
+      path.join(ledgerDir, "extraction-judge-verdicts.jsonl"),
+      MAX_LEDGER_TAIL,
+      projectLedgerRow
+    );
+    const rebuiltTopN = await streamLedgerTopN(
+      path.join(ledgerDir, "rebuilt-observations.jsonl"),
+      MAX_LEDGER_TAIL,
+      projectLedgerRow
+    );
+    const events = [...verdictsTopN, ...rebuiltTopN];
+    if (events.length === 0) return [];
+    events.sort((a, b) => {
+      const aMs = Date.parse(a.ts);
+      const bMs = Date.parse(b.ts);
+      if (Number.isFinite(aMs) && Number.isFinite(bMs)) return bMs - aMs;
+      if (Number.isFinite(aMs)) return -1;
+      if (Number.isFinite(bMs)) return 1;
+      return 0;
+    });
+    const tail = events.slice(0, MAX_LEDGER_TAIL);
+    return tail.reverse();
+  } catch (err) {
+    errors.push(`maintenanceLedgerTail: ${describeError(err)}`);
+    return [];
+  }
+}
+function summarizeLedgerEvent(p) {
+  const parts = [];
+  if (typeof p.verdictKind === "string") parts.push(`verdict=${p.verdictKind}`);
+  if (typeof p.reason === "string" && p.reason.length > 0) {
+    const trimmed = p.reason.length > 80 ? `${p.reason.slice(0, 80)}\u2026` : p.reason;
+    parts.push(`reason=${trimmed}`);
+  }
+  if (typeof p.candidateCategory === "string") {
+    parts.push(`cat=${p.candidateCategory}`);
+  }
+  if (typeof p.sessionKey === "string" && p.sessionKey.length > 0) {
+    parts.push(`session=${p.sessionKey}`);
+  }
+  if (typeof p.turnCount === "number" && Number.isFinite(p.turnCount)) {
+    parts.push(`turns=${p.turnCount}`);
+  }
+  if (typeof p.userTurns === "number" && Number.isFinite(p.userTurns)) {
+    parts.push(`u=${p.userTurns}`);
+  }
+  if (typeof p.assistantTurns === "number" && Number.isFinite(p.assistantTurns)) {
+    parts.push(`a=${p.assistantTurns}`);
+  }
+  if (parts.length === 0) {
+    return typeof p.category === "string" ? p.category : "event";
+  }
+  return parts.join(" ");
+}
+function readQmdProbe(orchestrator, errors) {
+  try {
+    const qmd = orchestrator.qmd;
+    if (!qmd) {
+      return { available: false, daemonMode: false, debug: "qmd unavailable" };
+    }
+    const available = typeof qmd.isAvailable === "function" ? qmd.isAvailable() : false;
+    const daemonMode = typeof qmd.isDaemonMode === "function" ? qmd.isDaemonMode() : false;
+    const debug = typeof qmd.debugStatus === "function" ? qmd.debugStatus() : "";
+    return { available, daemonMode, debug };
+  } catch (err) {
+    errors.push(`qmdProbe: ${describeError(err)}`);
+    return { available: false, daemonMode: false, debug: "" };
+  }
+}
+function readDaemonInfo(orchestrator, errors) {
+  try {
+    if (typeof orchestrator.getConsoleDaemonInfo === "function") {
+      const info = orchestrator.getConsoleDaemonInfo();
+      return {
+        uptimeMs: Number.isFinite(info?.uptimeMs) ? info.uptimeMs : 0,
+        version: typeof info?.version === "string" ? info.version : "unknown"
+      };
+    }
+    const uptimeMs = Math.round((process.uptime?.() ?? 0) * 1e3);
+    return { uptimeMs, version: resolvePackageVersion() };
+  } catch (err) {
+    errors.push(`daemon: ${describeError(err)}`);
+    return { uptimeMs: 0, version: "unknown" };
+  }
+}
+function resolvePackageVersion() {
+  try {
+    const env = process.env?.REMNIC_VERSION;
+    if (typeof env === "string" && env.length > 0) return env;
+  } catch {
+  }
+  return "unknown";
+}
+function describeError(err) {
+  if (err instanceof Error) return err.message;
+  try {
+    return String(err);
+  } catch {
+    return "unknown error";
+  }
+}
+
+export {
+  gatherConsoleState
+};

package/dist/chunk-N7EOZY6F.js

@@ -0,0 +1,400 @@
+import {
+  buildHeaderFromPassphrase,
+  deriveKeyFromHeader,
+  getKey,
+  headerPath,
+  lock,
+  readHeader,
+  secureStoreDir,
+  status,
+  unlock,
+  verifyKey,
+  writeHeader
+} from "./chunk-CXM7EBAO.js";
+import {
+  DEFAULT_ARGON2ID_PARAMS,
+  DEFAULT_SCRYPT_PARAMS,
+  KDF_SALT_LENGTH
+} from "./chunk-6IWEAUN6.js";
+import {
+  migrateMemoryDirToEncrypted
+} from "./chunk-3I7RHWYT.js";
+import {
+  generateSalt
+} from "./chunk-YGGGUTG3.js";
+
+// ../remnic-core/src/secure-store/cli-handlers.ts
+async function runSecureStoreInit(options) {
+  const { memoryDir, readPassphrase } = options;
+  if (typeof memoryDir !== "string" || memoryDir.length === 0) {
+    throw new Error("secure-store init: memoryDir is required");
+  }
+  const existing = await readHeader(memoryDir);
+  if (existing !== null) {
+    throw new Error(
+      `secure-store header already exists at ${headerPath(memoryDir)}. Run 'remnic secure-store status' to inspect, or remove the .secure-store directory explicitly to reinitialize.`
+    );
+  }
+  const passphrase = await readPassphrase("Enter new passphrase: ", { confirm: true });
+  validatePassphrase(passphrase);
+  const algorithm = options.algorithm ?? "argon2id";
+  const params = resolveParams(algorithm, options.params);
+  const salt = options.salt ?? generateSalt();
+  if (salt.length !== KDF_SALT_LENGTH) {
+    throw new Error(`salt must be ${KDF_SALT_LENGTH} bytes, got ${salt.length}`);
+  }
+  const built = buildHeaderFromPassphrase({
+    passphrase,
+    salt,
+    algorithm,
+    params,
+    ...options.note !== void 0 ? { note: options.note } : {},
+    ...options.now ? { createdAt: options.now().toISOString() } : {}
+  });
+  built.derivedKey.fill(0);
+  const writtenPath = await writeHeader(memoryDir, built.header);
+  return {
+    ok: true,
+    headerPath: writtenPath,
+    kdf: built.header.metadata.kdf,
+    createdAt: built.header.createdAt
+  };
+}
+async function runSecureStoreUnlock(options) {
+  const { memoryDir, readPassphrase } = options;
+  const header = await readHeader(memoryDir);
+  if (!header) {
+    return { ok: false, reason: "not-initialized" };
+  }
+  const passphrase = await readPassphrase("Enter passphrase: ");
+  validatePassphrase(passphrase);
+  const candidateKey = deriveKeyFromHeader(header, passphrase);
+  if (!verifyKey(header, candidateKey)) {
+    candidateKey.fill(0);
+    return { ok: false, reason: "wrong-passphrase" };
+  }
+  const id = options.keyringId ?? secureStoreDir(memoryDir);
+  const now = options.now ?? (() => /* @__PURE__ */ new Date());
+  unlock(id, candidateKey, now);
+  const status2 = status(id);
+  return {
+    ok: true,
+    unlockedAt: status2.unlockedAt ?? now().toISOString(),
+    algorithm: header.metadata.kdf.algorithm
+  };
+}
+function runSecureStoreLock(options) {
+  const id = options.keyringId ?? secureStoreDir(options.memoryDir);
+  const cleared = lock(id);
+  return { ok: true, cleared };
+}
+async function runSecureStoreMigrate(options) {
+  const { memoryDir } = options;
+  const header = await readHeader(memoryDir);
+  if (!header) {
+    return {
+      ok: false,
+      reason: "not-initialized",
+      encrypted: 0,
+      skipped: 0,
+      errors: []
+    };
+  }
+  const id = options.keyringId ?? secureStoreDir(memoryDir);
+  const key = getKey(id);
+  if (key === null) {
+    return {
+      ok: false,
+      reason: "locked",
+      encrypted: 0,
+      skipped: 0,
+      errors: []
+    };
+  }
+  const result = await migrateMemoryDirToEncrypted(memoryDir, key);
+  if (result.errors.length > 0) {
+    return { ok: false, reason: "file-errors", ...result };
+  }
+  return { ok: true, ...result };
+}
+async function runSecureStoreStatus(options) {
+  const { memoryDir } = options;
+  const id = options.keyringId ?? secureStoreDir(memoryDir);
+  const header = await readHeader(memoryDir);
+  const ks = status(id);
+  const target = headerPath(memoryDir);
+  if (!header) {
+    return {
+      initialized: false,
+      headerPath: target,
+      locked: !ks.unlocked,
+      unlockedAt: ks.unlockedAt,
+      kdf: null,
+      createdAt: null
+    };
+  }
+  return {
+    initialized: true,
+    headerPath: target,
+    locked: !ks.unlocked,
+    unlockedAt: ks.unlockedAt,
+    kdf: header.metadata.kdf,
+    createdAt: header.createdAt
+  };
+}
+var MIN_PASSPHRASE_LENGTH = 8;
+function validatePassphrase(passphrase) {
+  if (typeof passphrase !== "string") {
+    throw new Error("passphrase must be a string");
+  }
+  if (passphrase.length === 0) {
+    throw new Error("passphrase must not be empty");
+  }
+  if (passphrase.length < MIN_PASSPHRASE_LENGTH) {
+    throw new Error(`passphrase must be at least ${MIN_PASSPHRASE_LENGTH} characters`);
+  }
+}
+function resolveParams(algorithm, override) {
+  if (override !== void 0) return override;
+  if (algorithm === "scrypt") return { ...DEFAULT_SCRYPT_PARAMS };
+  return { ...DEFAULT_ARGON2ID_PARAMS };
+}
+
+// ../remnic-core/src/secure-store/cli-renderer.ts
+function renderInitReport(report) {
+  const lines = [];
+  lines.push("=== Remnic secure-store initialized ===");
+  lines.push("");
+  lines.push(`header: ${report.headerPath}`);
+  lines.push(`createdAt: ${report.createdAt}`);
+  lines.push(...renderKdfLines(report.kdf));
+  lines.push("");
+  lines.push("Note: init does NOT auto-unlock the store. Run");
+  lines.push("  remnic engram secure-store unlock");
+  lines.push("to register the master key with the running daemon.");
+  return lines.join("\n");
+}
+function renderUnlockReport(report) {
+  if (report.ok) {
+    return `OK \u2014 secure-store unlocked at ${report.unlockedAt} (algorithm=${report.algorithm}).`;
+  }
+  if (report.reason === "not-initialized") {
+    return "ERR \u2014 secure-store is not initialized. Run 'remnic engram secure-store init' first.";
+  }
+  return "ERR \u2014 wrong passphrase.";
+}
+function renderLockReport(report) {
+  if (report.cleared) {
+    return "OK \u2014 secure-store key cleared from in-memory keyring.";
+  }
+  return "OK \u2014 secure-store was already locked (no in-memory key to clear).";
+}
+function renderMigrateReport(report) {
+  if (!report.ok && report.reason === "not-initialized") {
+    return "ERR \u2014 secure-store is not initialized. Run 'remnic engram secure-store init' first.";
+  }
+  if (!report.ok && report.reason === "locked") {
+    return "ERR \u2014 secure-store is locked. Run 'remnic engram secure-store unlock' before migrate.";
+  }
+  const lines = [];
+  lines.push(report.ok ? "OK \u2014 secure-store migration complete." : "ERR \u2014 secure-store migration completed with file errors.");
+  lines.push(`encrypted: ${report.encrypted}`);
+  lines.push(`skipped: ${report.skipped}`);
+  lines.push(`errors: ${report.errors.length}`);
+  for (const entry of report.errors.slice(0, 10)) {
+    lines.push(`- ${entry.filePath}: ${entry.error}`);
+  }
+  if (report.errors.length > 10) {
+    lines.push(`- ... ${report.errors.length - 10} more error(s)`);
+  }
+  return lines.join("\n");
+}
+function renderStatusReport(report) {
+  const lines = [];
+  lines.push("=== Remnic secure-store status ===");
+  lines.push("");
+  lines.push(`header: ${report.headerPath}`);
+  lines.push(`initialized: ${report.initialized ? "yes" : "no"}`);
+  if (!report.initialized) {
+    lines.push("");
+    lines.push("Run 'remnic engram secure-store init' to initialize a new store.");
+    return lines.join("\n");
+  }
+  lines.push(`createdAt: ${report.createdAt ?? "n/a"}`);
+  lines.push(`locked: ${report.locked ? "yes" : "no"}`);
+  if (!report.locked) {
+    lines.push(`lastUnlockAt: ${report.unlockedAt ?? "n/a"}`);
+  }
+  if (report.kdf) {
+    lines.push(...renderKdfLines(report.kdf));
+  }
+  return lines.join("\n");
+}
+function renderKdfLines(kdf) {
+  const lines = [];
+  lines.push(`kdf.algorithm: ${kdf.algorithm}`);
+  if (kdf.algorithm === "scrypt") {
+    const { N, r, p, keyLength, maxmem } = kdf.params;
+    lines.push(`kdf.params: N=${N} r=${r} p=${p} keyLength=${keyLength} maxmem=${maxmem}`);
+  } else {
+    const { memoryKiB, iterations, parallelism, keyLength } = kdf.params;
+    lines.push(
+      `kdf.params: memoryKiB=${memoryKiB} iterations=${iterations} parallelism=${parallelism} keyLength=${keyLength}`
+    );
+  }
+  return lines;
+}
+
+// ../remnic-core/src/secure-store/passphrase-reader.ts
+import { createInterface } from "readline";
+import { StringDecoder } from "string_decoder";
+function createPassphraseReader(options = {}) {
+  const input = options.input ?? process.stdin;
+  const output = options.output ?? process.stdout;
+  const errorStream = options.errorStream ?? process.stderr;
+  let nonTtyReader = null;
+  let nonTtyWarned = false;
+  return async function readPassphrase(prompt, readerOptions) {
+    const first = await readSinglePassphrase(prompt);
+    if (readerOptions?.confirm) {
+      const second = await readSinglePassphrase("Confirm passphrase: ");
+      if (first !== second) {
+        throw new Error("passphrases did not match");
+      }
+    }
+    return first;
+  };
+  async function readSinglePassphrase(prompt) {
+    const inputAsAny = input;
+    if (inputAsAny.isTTY && typeof inputAsAny.setRawMode === "function") {
+      return readNoEcho(prompt, inputAsAny, output);
+    }
+    if (!nonTtyWarned) {
+      errorStream.write(
+        "[remnic secure-store] warning: stdin is not a TTY; reading passphrase as a plain line. Take care that the passphrase is not exposed in shell history.\n"
+      );
+      nonTtyWarned = true;
+    }
+    errorStream.write(prompt);
+    if (!nonTtyReader) nonTtyReader = createNonTtyLineReader(input);
+    return nonTtyReader.next();
+  }
+}
+function readNoEcho(prompt, input, output) {
+  return new Promise((resolve, reject) => {
+    output.write(prompt);
+    let buffer = "";
+    let settled = false;
+    const wasRaw = input.isRaw === true;
+    const decoder = new StringDecoder("utf8");
+    if (input.setRawMode) input.setRawMode(true);
+    input.resume();
+    const cleanup = () => {
+      input.pause();
+      input.removeListener("data", onData);
+      decoder.end();
+      if (input.setRawMode) input.setRawMode(wasRaw);
+      output.write("\n");
+    };
+    const onData = (chunk) => {
+      const str = decoder.write(chunk);
+      for (const ch of str) {
+        if (settled) return;
+        const code = ch.charCodeAt(0);
+        if (ch === "\n" || ch === "\r") {
+          settled = true;
+          cleanup();
+          resolve(buffer);
+          return;
+        }
+        if (code === 3) {
+          settled = true;
+          cleanup();
+          reject(new Error("passphrase entry aborted (Ctrl+C)"));
+          return;
+        }
+        if (code === 4) {
+          settled = true;
+          cleanup();
+          if (buffer.length === 0) {
+            reject(new Error("passphrase entry aborted (EOF)"));
+          } else {
+            resolve(buffer);
+          }
+          return;
+        }
+        if (code === 8 || code === 127) {
+          if (buffer.length > 0) {
+            const codePoints = Array.from(buffer);
+            buffer = codePoints.slice(0, -1).join("");
+          }
+          continue;
+        }
+        if (code < 32) {
+          continue;
+        }
+        buffer += ch;
+      }
+    };
+    input.on("data", onData);
+  });
+}
+function createNonTtyLineReader(input) {
+  const rl = createInterface({ input, terminal: false });
+  const lineQueue = [];
+  const waiterQueue = [];
+  const errorQueue = [];
+  let closed = false;
+  let error = null;
+  rl.on("line", (line) => {
+    const waiter = waiterQueue.shift();
+    if (waiter) {
+      waiter(line);
+    } else {
+      lineQueue.push(line);
+    }
+  });
+  rl.on("close", () => {
+    closed = true;
+    while (waiterQueue.length > 0) {
+      const w = waiterQueue.shift();
+      errorQueue.shift();
+      w("");
+    }
+  });
+  rl.on("error", (err) => {
+    error = err;
+    while (errorQueue.length > 0) {
+      const r = errorQueue.shift();
+      waiterQueue.shift();
+      r(err);
+    }
+  });
+  return {
+    next() {
+      if (error) return Promise.reject(error);
+      const queued = lineQueue.shift();
+      if (queued !== void 0) return Promise.resolve(queued);
+      if (closed) return Promise.resolve("");
+      return new Promise((resolve, reject) => {
+        waiterQueue.push(resolve);
+        errorQueue.push(reject);
+      });
+    }
+  };
+}
+
+export {
+  runSecureStoreInit,
+  runSecureStoreUnlock,
+  runSecureStoreLock,
+  runSecureStoreMigrate,
+  runSecureStoreStatus,
+  MIN_PASSPHRASE_LENGTH,
+  renderInitReport,
+  renderUnlockReport,
+  renderLockReport,
+  renderMigrateReport,
+  renderStatusReport,
+  createPassphraseReader
+};