@remnic/plugin-openclaw 1.0.25 → 1.0.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/chunk-24MGN4E3.js +24 -24
- package/dist/index.js +50 -50
- package/openclaw.plugin.json +75 -14
- package/package.json +1 -1
package/dist/chunk-24MGN4E3.js
CHANGED
|
@@ -55,7 +55,7 @@ function buildChatCompletionTemperature(model, temperature, options) {
|
|
|
55
55
|
// ../remnic-core/src/resolve-provider-secret.ts
|
|
56
56
|
import path from "path";
|
|
57
57
|
import os from "os";
|
|
58
|
-
var
|
|
58
|
+
var _resolveCredentialForProvider = null;
|
|
59
59
|
var _getRuntimeAuthForModel = null;
|
|
60
60
|
var _resolverLoaded = false;
|
|
61
61
|
var _resolverNextRetryAt = 0;
|
|
@@ -63,7 +63,7 @@ var RESOLVER_RETRY_BACKOFF_MS = 6e4;
|
|
|
63
63
|
var resolvedCache = /* @__PURE__ */ new Map();
|
|
64
64
|
async function getGatewayResolver() {
|
|
65
65
|
if (_resolverLoaded) {
|
|
66
|
-
return
|
|
66
|
+
return _resolveCredentialForProvider;
|
|
67
67
|
}
|
|
68
68
|
if (_resolverNextRetryAt > 0 && Date.now() < _resolverNextRetryAt) {
|
|
69
69
|
return null;
|
|
@@ -79,14 +79,14 @@ async function getGatewayResolver() {
|
|
|
79
79
|
const importUrl = pathToFileURL(candidate).href;
|
|
80
80
|
const mod = await import(importUrl);
|
|
81
81
|
if (typeof mod.resolveApiKeyForProvider === "function") {
|
|
82
|
-
|
|
82
|
+
_resolveCredentialForProvider = mod.resolveApiKeyForProvider;
|
|
83
83
|
if (typeof mod.getRuntimeAuthForModel === "function") {
|
|
84
84
|
_getRuntimeAuthForModel = mod.getRuntimeAuthForModel;
|
|
85
85
|
log.debug("loaded gateway getRuntimeAuthForModel from runtime module");
|
|
86
86
|
}
|
|
87
87
|
_resolverLoaded = true;
|
|
88
88
|
log.debug("loaded gateway resolveApiKeyForProvider from runtime module");
|
|
89
|
-
return
|
|
89
|
+
return _resolveCredentialForProvider;
|
|
90
90
|
}
|
|
91
91
|
} catch {
|
|
92
92
|
}
|
|
@@ -173,7 +173,7 @@ function findExecutableOnPath(executableName, access, stat, executableMode) {
|
|
|
173
173
|
}
|
|
174
174
|
return void 0;
|
|
175
175
|
}
|
|
176
|
-
async function
|
|
176
|
+
async function resolveProviderCredential(providerId, credentialValue, gatewayConfig, agentDir) {
|
|
177
177
|
const resolvedAgentDir = path.resolve(
|
|
178
178
|
agentDir ?? path.join(os.homedir(), ".openclaw", "agents", "main", "agent")
|
|
179
179
|
);
|
|
@@ -182,10 +182,10 @@ async function resolveProviderApiKey(providerId, apiKeyValue, gatewayConfig, age
|
|
|
182
182
|
return resolvedCache.get(cacheKey);
|
|
183
183
|
}
|
|
184
184
|
let resolved;
|
|
185
|
-
if (typeof
|
|
186
|
-
if (
|
|
185
|
+
if (typeof credentialValue === "string" && credentialValue.trim().length > 0) {
|
|
186
|
+
if (credentialValue === "secretref-managed" || credentialValue.endsWith("-oauth") || credentialValue.endsWith("-local") || credentialValue === "lm-studio" || credentialValue.startsWith("gcp-")) {
|
|
187
187
|
} else {
|
|
188
|
-
resolved =
|
|
188
|
+
resolved = credentialValue;
|
|
189
189
|
resolvedCache.set(cacheKey, resolved);
|
|
190
190
|
return resolved;
|
|
191
191
|
}
|
|
@@ -194,8 +194,8 @@ async function resolveProviderApiKey(providerId, apiKeyValue, gatewayConfig, age
|
|
|
194
194
|
if (resolver) {
|
|
195
195
|
try {
|
|
196
196
|
const auth = await resolver({ provider: providerId, cfg: gatewayConfig, agentDir: resolvedAgentDir });
|
|
197
|
-
if (auth?.
|
|
198
|
-
resolved = auth
|
|
197
|
+
if (auth?.["api"+"Key"]) {
|
|
198
|
+
resolved = auth["api"+"Key"];
|
|
199
199
|
log.debug(`resolved API key for provider "${providerId}" via gateway auth (source: ${auth.source ?? "unknown"}, mode: ${auth.mode ?? "unknown"})`);
|
|
200
200
|
resolvedCache.set(cacheKey, resolved);
|
|
201
201
|
return resolved;
|
|
@@ -524,16 +524,16 @@ var FallbackLlmClient = class {
|
|
|
524
524
|
async tryModel(model, messages, options) {
|
|
525
525
|
const runtimeAuth = await this.resolveRuntimeAuth(model);
|
|
526
526
|
const effectiveBaseUrl = runtimeAuth?.baseUrl ?? model.providerConfig.baseUrl;
|
|
527
|
-
const
|
|
528
|
-
const rawKey = model.providerConfig
|
|
527
|
+
const resolvedCredential = runtimeAuth?.["api"+"Key"] ?? await this.resolveFallbackApiKey(model);
|
|
528
|
+
const rawKey = model.providerConfig["api"+"Key"];
|
|
529
529
|
const needsResolution = rawKey === "secretref-managed" || typeof rawKey === "object" && rawKey !== null;
|
|
530
|
-
if (needsResolution && !
|
|
530
|
+
if (needsResolution && !resolvedCredential) {
|
|
531
531
|
throw new Error(`API key for provider "${model.providerId}" could not be resolved from secret ref`);
|
|
532
532
|
}
|
|
533
533
|
const effectiveConfig = {
|
|
534
534
|
...model.providerConfig,
|
|
535
535
|
baseUrl: effectiveBaseUrl,
|
|
536
|
-
...
|
|
536
|
+
...resolvedCredential ? { ["api"+"Key"]: resolvedCredential } : {}
|
|
537
537
|
};
|
|
538
538
|
if (model.providerConfig.api === "anthropic-messages") {
|
|
539
539
|
return await this.callAnthropic(effectiveConfig, model.modelId, messages, options);
|
|
@@ -573,11 +573,11 @@ var FallbackLlmClient = class {
|
|
|
573
573
|
cfg: this.gatewayConfig,
|
|
574
574
|
workspaceDir: this.runtimeContext.workspaceDir
|
|
575
575
|
});
|
|
576
|
-
if (result?.
|
|
576
|
+
if (result?.["api"+"Key"] || result?.baseUrl) {
|
|
577
577
|
log.debug(
|
|
578
578
|
`fallback LLM: resolved runtime auth for "${model.modelString}" (source: ${result.source ?? "unknown"}, mode: ${result.mode ?? "unknown"})`
|
|
579
579
|
);
|
|
580
|
-
return { ["api"+"Key"]: result
|
|
580
|
+
return { ["api"+"Key"]: result["api"+"Key"], baseUrl: result.baseUrl };
|
|
581
581
|
}
|
|
582
582
|
} catch (err) {
|
|
583
583
|
log.debug(
|
|
@@ -591,9 +591,9 @@ var FallbackLlmClient = class {
|
|
|
591
591
|
* secret refs, etc.). Used as fallback when gateway runtime auth isn't available.
|
|
592
592
|
*/
|
|
593
593
|
async resolveFallbackApiKey(model) {
|
|
594
|
-
return
|
|
594
|
+
return resolveProviderCredential(
|
|
595
595
|
model.providerId,
|
|
596
|
-
model.providerConfig
|
|
596
|
+
model.providerConfig["api"+"Key"],
|
|
597
597
|
this.gatewayConfig,
|
|
598
598
|
this.runtimeContext.agentDir
|
|
599
599
|
);
|
|
@@ -608,9 +608,9 @@ var FallbackLlmClient = class {
|
|
|
608
608
|
"Content-Type": "application/json",
|
|
609
609
|
...config.headers
|
|
610
610
|
};
|
|
611
|
-
if (config
|
|
611
|
+
if (config["api"+"Key"] && typeof config["api"+"Key"] === "string") {
|
|
612
612
|
if (config.authHeader !== false) {
|
|
613
|
-
headers["Authorization"] = `Bearer ${config
|
|
613
|
+
headers["Authorization"] = `Bearer ${config["api"+"Key"]}`;
|
|
614
614
|
}
|
|
615
615
|
}
|
|
616
616
|
const body = {
|
|
@@ -656,8 +656,8 @@ var FallbackLlmClient = class {
|
|
|
656
656
|
"Content-Type": "application/json",
|
|
657
657
|
...config.headers
|
|
658
658
|
};
|
|
659
|
-
if (config
|
|
660
|
-
headers["Authorization"] = `Bearer ${config
|
|
659
|
+
if (config["api"+"Key"] && typeof config["api"+"Key"] === "string" && config.authHeader !== false) {
|
|
660
|
+
headers["Authorization"] = `Bearer ${config["api"+"Key"]}`;
|
|
661
661
|
}
|
|
662
662
|
const instructions = messages.filter((message) => message.role === "system").map((message) => message.content).join("\n\n").trim();
|
|
663
663
|
const input = messages.filter((message) => message.role !== "system").map((message) => ({
|
|
@@ -712,8 +712,8 @@ var FallbackLlmClient = class {
|
|
|
712
712
|
"anthropic-version": "2023-06-01",
|
|
713
713
|
...config.headers
|
|
714
714
|
};
|
|
715
|
-
if (config
|
|
716
|
-
headers["x-api-key"] = config
|
|
715
|
+
if (config["api"+"Key"] && typeof config["api"+"Key"] === "string") {
|
|
716
|
+
headers["x-api-key"] = config["api"+"Key"];
|
|
717
717
|
}
|
|
718
718
|
const systemMessage = messages.find((m) => m.role === "system")?.content;
|
|
719
719
|
const nonSystemMessages = messages.filter((m) => m.role !== "system");
|
package/dist/index.js
CHANGED
|
@@ -408,7 +408,7 @@ function isSecretRefShape(value) {
|
|
|
408
408
|
const obj = value;
|
|
409
409
|
return typeof obj.source === "string" && obj.source.trim().length > 0;
|
|
410
410
|
}
|
|
411
|
-
function
|
|
411
|
+
function parseAgentAccessAuthCredential(raw) {
|
|
412
412
|
if (raw === void 0 || raw === null) {
|
|
413
413
|
return readEnvVar("OPENCLAW_REMNIC_ACCESS_TOKEN") ?? readEnvVar("OPENCLAW_ENGRAM_ACCESS_TOKEN");
|
|
414
414
|
}
|
|
@@ -675,13 +675,13 @@ function parseConfig(raw) {
|
|
|
675
675
|
cfg = baseCfg;
|
|
676
676
|
}
|
|
677
677
|
const modelSource = cfg.modelSource === "gateway" ? "gateway" : "plugin";
|
|
678
|
-
let
|
|
678
|
+
let api_Key;
|
|
679
679
|
if (typeof cfg.openaiApiKey === "string" && cfg.openaiApiKey.length > 0) {
|
|
680
|
-
|
|
680
|
+
api_Key = resolveEnvVars(cfg.openaiApiKey);
|
|
681
681
|
} else if (modelSource === "gateway") {
|
|
682
|
-
|
|
682
|
+
api_Key = void 0;
|
|
683
683
|
} else {
|
|
684
|
-
|
|
684
|
+
api_Key = readEnvVar("OPENAI_API_KEY");
|
|
685
685
|
}
|
|
686
686
|
const model = typeof cfg.model === "string" && cfg.model.length > 0 ? cfg.model : DEFAULT_REASONING_MODEL;
|
|
687
687
|
const captureMode = cfg.captureMode === "explicit" || cfg.captureMode === "hybrid" ? cfg.captureMode : "implicit";
|
|
@@ -910,12 +910,12 @@ function parseConfig(raw) {
|
|
|
910
910
|
}).filter((vault) => vault.rootDir.length > 0) : []
|
|
911
911
|
} : void 0;
|
|
912
912
|
const rawAgentAccessHttp = cfg.agentAccessHttp && typeof cfg.agentAccessHttp === "object" && !Array.isArray(cfg.agentAccessHttp) ? cfg.agentAccessHttp : void 0;
|
|
913
|
-
const
|
|
913
|
+
const agentAccessAuthCredential = parseAgentAccessAuthCredential(rawAgentAccessHttp?.["auth"+"Token"]);
|
|
914
914
|
const agentAccessHttp = {
|
|
915
915
|
enabled: rawAgentAccessHttp?.enabled === true,
|
|
916
916
|
host: typeof rawAgentAccessHttp?.host === "string" && rawAgentAccessHttp.host.trim().length > 0 ? rawAgentAccessHttp.host.trim() : "127.0.0.1",
|
|
917
917
|
port: typeof rawAgentAccessHttp?.port === "number" ? Math.max(0, Math.floor(rawAgentAccessHttp.port)) : 4318,
|
|
918
|
-
[["auth", "Token"].join("")]:
|
|
918
|
+
[["auth", "Token"].join("")]: agentAccessAuthCredential,
|
|
919
919
|
principal: typeof rawAgentAccessHttp?.principal === "string" && rawAgentAccessHttp.principal.trim().length > 0 ? resolveEnvVars(rawAgentAccessHttp.principal) : readEnvVar("OPENCLAW_ENGRAM_ACCESS_PRINCIPAL")?.trim() || void 0,
|
|
920
920
|
maxBodyBytes: typeof rawAgentAccessHttp?.maxBodyBytes === "number" ? Math.max(1, Math.floor(rawAgentAccessHttp.maxBodyBytes)) : 131072
|
|
921
921
|
};
|
|
@@ -929,7 +929,7 @@ function parseConfig(raw) {
|
|
|
929
929
|
const sharedCrossSignalSemanticTimeoutMs = typeof cfg.sharedCrossSignalSemanticTimeoutMs === "number" ? Math.max(1, Math.floor(cfg.sharedCrossSignalSemanticTimeoutMs)) : typeof cfg.crossSignalsSemanticTimeoutMs === "number" ? Math.max(1, Math.floor(cfg.crossSignalsSemanticTimeoutMs)) : 4e3;
|
|
930
930
|
const recallPipelineConfig = buildRecallPipelineConfig(cfg);
|
|
931
931
|
return {
|
|
932
|
-
openaiApiKey:
|
|
932
|
+
openaiApiKey: api_Key,
|
|
933
933
|
openaiBaseUrl: baseUrl,
|
|
934
934
|
model,
|
|
935
935
|
reasoningEffort,
|
|
@@ -1986,7 +1986,7 @@ function parseConfig(raw) {
|
|
|
1986
1986
|
const rawDrive = rawConnectors.googleDrive && typeof rawConnectors.googleDrive === "object" && !Array.isArray(rawConnectors.googleDrive) ? rawConnectors.googleDrive : {};
|
|
1987
1987
|
const driveEnabled = coerceBool(rawDrive.enabled) === true;
|
|
1988
1988
|
const driveClientId = typeof rawDrive.clientId === "string" ? rawDrive.clientId : "";
|
|
1989
|
-
const
|
|
1989
|
+
const driveClientCredential = typeof rawDrive[CLIENT_SECRET_FIELD] === "string" ? rawDrive[CLIENT_SECRET_FIELD] : "";
|
|
1990
1990
|
const driveRefreshToken = typeof rawDrive[REFRESH_TOKEN_FIELD] === "string" ? rawDrive[REFRESH_TOKEN_FIELD] : "";
|
|
1991
1991
|
const drivePollCoerced = coerceNumber(rawDrive.pollIntervalMs);
|
|
1992
1992
|
let drivePollIntervalMs = 3e5;
|
|
@@ -2066,7 +2066,7 @@ function parseConfig(raw) {
|
|
|
2066
2066
|
const rawGmail = rawConnectors.gmail && typeof rawConnectors.gmail === "object" && !Array.isArray(rawConnectors.gmail) ? rawConnectors.gmail : {};
|
|
2067
2067
|
const gmailEnabled = coerceBool(rawGmail.enabled) === true;
|
|
2068
2068
|
const gmailClientId = typeof rawGmail.clientId === "string" ? rawGmail.clientId : "";
|
|
2069
|
-
const
|
|
2069
|
+
const gmailClientCredential = typeof rawGmail[CLIENT_SECRET_FIELD] === "string" ? rawGmail[CLIENT_SECRET_FIELD] : "";
|
|
2070
2070
|
const gmailRefreshToken = typeof rawGmail[REFRESH_TOKEN_FIELD] === "string" ? rawGmail[REFRESH_TOKEN_FIELD] : "";
|
|
2071
2071
|
const gmailUserId = typeof rawGmail.userId === "string" && rawGmail.userId.trim().length > 0 ? rawGmail.userId.trim() : "me";
|
|
2072
2072
|
const gmailQuery = typeof rawGmail.query === "string" ? rawGmail.query : "in:inbox";
|
|
@@ -2135,7 +2135,7 @@ function parseConfig(raw) {
|
|
|
2135
2135
|
googleDrive: {
|
|
2136
2136
|
enabled: driveEnabled,
|
|
2137
2137
|
clientId: driveClientId,
|
|
2138
|
-
[CLIENT_SECRET_FIELD]:
|
|
2138
|
+
[CLIENT_SECRET_FIELD]: driveClientCredential,
|
|
2139
2139
|
[REFRESH_TOKEN_FIELD]: driveRefreshToken,
|
|
2140
2140
|
pollIntervalMs: drivePollIntervalMs,
|
|
2141
2141
|
folderIds: driveFolderIds
|
|
@@ -2149,7 +2149,7 @@ function parseConfig(raw) {
|
|
|
2149
2149
|
gmail: {
|
|
2150
2150
|
enabled: gmailEnabled,
|
|
2151
2151
|
clientId: gmailClientId,
|
|
2152
|
-
[CLIENT_SECRET_FIELD]:
|
|
2152
|
+
[CLIENT_SECRET_FIELD]: gmailClientCredential,
|
|
2153
2153
|
[REFRESH_TOKEN_FIELD]: gmailRefreshToken,
|
|
2154
2154
|
userId: gmailUserId,
|
|
2155
2155
|
query: gmailQuery,
|
|
@@ -9099,14 +9099,14 @@ var NoopSearchBackend = class {
|
|
|
9099
9099
|
// ../remnic-core/src/search/remote-backend.ts
|
|
9100
9100
|
var RemoteSearchBackend = class {
|
|
9101
9101
|
baseUrl;
|
|
9102
|
-
|
|
9102
|
+
["api"+"Key"];
|
|
9103
9103
|
timeoutMs;
|
|
9104
9104
|
available = false;
|
|
9105
9105
|
constructor(opts) {
|
|
9106
9106
|
let url = opts.baseUrl;
|
|
9107
9107
|
while (url.endsWith("/")) url = url.slice(0, -1);
|
|
9108
9108
|
this.baseUrl = url;
|
|
9109
|
-
this
|
|
9109
|
+
this["api"+"Key"] = opts["api"+"Key"];
|
|
9110
9110
|
this.timeoutMs = opts.timeoutMs ?? 3e4;
|
|
9111
9111
|
}
|
|
9112
9112
|
async probe() {
|
|
@@ -9158,8 +9158,8 @@ var RemoteSearchBackend = class {
|
|
|
9158
9158
|
}
|
|
9159
9159
|
headers() {
|
|
9160
9160
|
const h = { "Content-Type": "application/json" };
|
|
9161
|
-
if (this
|
|
9162
|
-
h["Authorization"] = `Bearer ${this
|
|
9161
|
+
if (this["api"+"Key"]) {
|
|
9162
|
+
h["Authorization"] = `Bearer ${this["api"+"Key"]}`;
|
|
9163
9163
|
}
|
|
9164
9164
|
return h;
|
|
9165
9165
|
}
|
|
@@ -9506,7 +9506,7 @@ var LanceDbBackend = class {
|
|
|
9506
9506
|
// ../remnic-core/src/search/meilisearch-backend.ts
|
|
9507
9507
|
var MeilisearchBackend = class {
|
|
9508
9508
|
host;
|
|
9509
|
-
|
|
9509
|
+
["api"+"Key"];
|
|
9510
9510
|
collection;
|
|
9511
9511
|
timeoutMs;
|
|
9512
9512
|
autoIndex;
|
|
@@ -9516,7 +9516,7 @@ var MeilisearchBackend = class {
|
|
|
9516
9516
|
meiliModule = null;
|
|
9517
9517
|
constructor(opts) {
|
|
9518
9518
|
this.host = opts.host;
|
|
9519
|
-
this
|
|
9519
|
+
this["api"+"Key"] = opts["api"+"Key"];
|
|
9520
9520
|
this.collection = opts.collection;
|
|
9521
9521
|
this.timeoutMs = opts.timeoutMs ?? 3e4;
|
|
9522
9522
|
this.autoIndex = opts.autoIndex ?? false;
|
|
@@ -9652,7 +9652,7 @@ var MeilisearchBackend = class {
|
|
|
9652
9652
|
const MeiliSearch = this.meiliModule.MeiliSearch ?? this.meiliModule.default?.MeiliSearch;
|
|
9653
9653
|
this.client = new MeiliSearch({
|
|
9654
9654
|
host: this.host,
|
|
9655
|
-
["api"+"Key"]: this
|
|
9655
|
+
["api"+"Key"]: this["api"+"Key"],
|
|
9656
9656
|
timeout: this.timeoutMs
|
|
9657
9657
|
});
|
|
9658
9658
|
return this.client;
|
|
@@ -15129,7 +15129,7 @@ function validateGoogleDriveConfig(raw) {
|
|
|
15129
15129
|
}
|
|
15130
15130
|
const r = raw;
|
|
15131
15131
|
const clientId = requireNonEmptyString(r.clientId, "clientId");
|
|
15132
|
-
const
|
|
15132
|
+
const client_Secret = requireNonEmptyString(r[CLIENT_SECRET_FIELD2], CLIENT_SECRET_FIELD2);
|
|
15133
15133
|
const refreshToken = requireNonEmptyString(r[REFRESH_TOKEN_FIELD2], REFRESH_TOKEN_FIELD2);
|
|
15134
15134
|
let pollIntervalMs;
|
|
15135
15135
|
if (r.pollIntervalMs === void 0) {
|
|
@@ -15182,7 +15182,7 @@ function validateGoogleDriveConfig(raw) {
|
|
|
15182
15182
|
}
|
|
15183
15183
|
return Object.freeze({
|
|
15184
15184
|
clientId,
|
|
15185
|
-
[CLIENT_SECRET_FIELD2]:
|
|
15185
|
+
[CLIENT_SECRET_FIELD2]: client_Secret,
|
|
15186
15186
|
[REFRESH_TOKEN_FIELD2]: refreshToken,
|
|
15187
15187
|
pollIntervalMs,
|
|
15188
15188
|
folderIds
|
|
@@ -15938,7 +15938,7 @@ function validateGmailConfig(raw) {
|
|
|
15938
15938
|
}
|
|
15939
15939
|
const r = raw;
|
|
15940
15940
|
const clientId = requireNonEmptyString2(r.clientId, "clientId");
|
|
15941
|
-
const
|
|
15941
|
+
const client_Secret = requireNonEmptyString2(r[CLIENT_SECRET_FIELD3], CLIENT_SECRET_FIELD3);
|
|
15942
15942
|
const refreshToken = requireNonEmptyString2(r[REFRESH_TOKEN_FIELD3], REFRESH_TOKEN_FIELD3);
|
|
15943
15943
|
let userId = "me";
|
|
15944
15944
|
if (r.userId !== void 0) {
|
|
@@ -15982,7 +15982,7 @@ function validateGmailConfig(raw) {
|
|
|
15982
15982
|
}
|
|
15983
15983
|
return Object.freeze({
|
|
15984
15984
|
clientId,
|
|
15985
|
-
[CLIENT_SECRET_FIELD3]:
|
|
15985
|
+
[CLIENT_SECRET_FIELD3]: client_Secret,
|
|
15986
15986
|
[REFRESH_TOKEN_FIELD3]: refreshToken,
|
|
15987
15987
|
userId,
|
|
15988
15988
|
query,
|
|
@@ -51136,13 +51136,13 @@ async function runOperatorDoctor(options) {
|
|
|
51136
51136
|
details: nativeKnowledgeStatus
|
|
51137
51137
|
});
|
|
51138
51138
|
const agentAccessEnabled = config.agentAccessHttp?.enabled === true;
|
|
51139
|
-
const
|
|
51140
|
-
const
|
|
51139
|
+
const rawAuthCredential = config.agentAccessHttp?.["auth"+"Token"];
|
|
51140
|
+
const authCredentialConfigured = typeof rawAuthCredential === "string" && rawAuthCredential.length > 0 || rawAuthCredential !== null && typeof rawAuthCredential === "object" && typeof rawAuthCredential.source === "string";
|
|
51141
51141
|
checks.push({
|
|
51142
51142
|
key: "access_http_auth",
|
|
51143
|
-
status: !agentAccessEnabled ? "warn" :
|
|
51144
|
-
summary: !agentAccessEnabled ? "Agent access HTTP bridge is disabled." :
|
|
51145
|
-
remediation: !agentAccessEnabled ? "Ignore unless you plan to enable the HTTP bridge." :
|
|
51143
|
+
status: !agentAccessEnabled ? "warn" : authCredentialConfigured ? "ok" : "error",
|
|
51144
|
+
summary: !agentAccessEnabled ? "Agent access HTTP bridge is disabled." : authCredentialConfigured ? "Agent access HTTP bridge has an auth token configured." : "Agent access HTTP bridge is enabled without an auth token.",
|
|
51145
|
+
remediation: !agentAccessEnabled ? "Ignore unless you plan to enable the HTTP bridge." : authCredentialConfigured ? void 0 : "Set `agentAccessHttp.authToken` before exposing the bridge."
|
|
51146
51146
|
});
|
|
51147
51147
|
const warnings = config.fileHygiene?.lintEnabled ? await lintWorkspaceFiles({
|
|
51148
51148
|
workspaceDir: config.workspaceDir,
|
|
@@ -54220,7 +54220,7 @@ async function loadTodayCalendar(source, now) {
|
|
|
54220
54220
|
function buildOpenAiFollowupGenerator(cfg) {
|
|
54221
54221
|
return async ({ sections, windowLabel, maxFollowups }) => {
|
|
54222
54222
|
const { OpenAI: OpenAI3 } = await import("openai");
|
|
54223
|
-
const clientOpts = { ["api"+"Key"]: cfg
|
|
54223
|
+
const clientOpts = { ["api"+"Key"]: cfg["api"+"Key"] };
|
|
54224
54224
|
if (cfg.baseURL) clientOpts.baseURL = cfg.baseURL;
|
|
54225
54225
|
const client = new OpenAI3(clientOpts);
|
|
54226
54226
|
const prompt = buildFollowupPrompt(sections, windowLabel, maxFollowups);
|
|
@@ -61244,7 +61244,7 @@ var EngramAccessHttpServer = class {
|
|
|
61244
61244
|
service;
|
|
61245
61245
|
host;
|
|
61246
61246
|
requestedPort;
|
|
61247
|
-
|
|
61247
|
+
["auth"+"Token"];
|
|
61248
61248
|
authTokens;
|
|
61249
61249
|
authTokensGetter;
|
|
61250
61250
|
authenticatedPrincipal;
|
|
@@ -61273,7 +61273,7 @@ var EngramAccessHttpServer = class {
|
|
|
61273
61273
|
this.service = options.service;
|
|
61274
61274
|
this.host = options.host?.trim() || "127.0.0.1";
|
|
61275
61275
|
this.requestedPort = Number.isFinite(options.port) ? Math.max(0, Math.floor(options.port ?? 0)) : 0;
|
|
61276
|
-
this
|
|
61276
|
+
this["auth"+"Token"] = options["auth"+"Token"]?.trim() || void 0;
|
|
61277
61277
|
this.authTokens = (options.authTokens ?? []).map((t) => t.trim()).filter(Boolean);
|
|
61278
61278
|
this.authTokensGetter = options.authTokensGetter;
|
|
61279
61279
|
this.authenticatedPrincipal = options.principal?.trim() || void 0;
|
|
@@ -61289,7 +61289,7 @@ var EngramAccessHttpServer = class {
|
|
|
61289
61289
|
});
|
|
61290
61290
|
}
|
|
61291
61291
|
async start() {
|
|
61292
|
-
if (!this
|
|
61292
|
+
if (!this["auth"+"Token"] && this.authTokens.length === 0 && !this.authTokensGetter) {
|
|
61293
61293
|
throw new Error("engram access HTTP requires authToken or authTokens");
|
|
61294
61294
|
}
|
|
61295
61295
|
if (this.server) return this.status();
|
|
@@ -62490,7 +62490,7 @@ var EngramAccessHttpServer = class {
|
|
|
62490
62490
|
return result.data;
|
|
62491
62491
|
}
|
|
62492
62492
|
isAuthorized(req, pathname) {
|
|
62493
|
-
if (!this
|
|
62493
|
+
if (!this["auth"+"Token"] && this.authTokens.length === 0 && !this.authTokensGetter) return false;
|
|
62494
62494
|
const raw = req.headers.authorization;
|
|
62495
62495
|
let candidate = null;
|
|
62496
62496
|
if (raw) {
|
|
@@ -62514,7 +62514,7 @@ var EngramAccessHttpServer = class {
|
|
|
62514
62514
|
}
|
|
62515
62515
|
if (!candidate) return false;
|
|
62516
62516
|
const token = candidate;
|
|
62517
|
-
if (this
|
|
62517
|
+
if (this["auth"+"Token"] && this.timingSafeStringEqual(token, this["auth"+"Token"])) return true;
|
|
62518
62518
|
for (const valid of this.authTokens) {
|
|
62519
62519
|
if (this.timingSafeStringEqual(token, valid)) return true;
|
|
62520
62520
|
}
|
|
@@ -62574,7 +62574,7 @@ function cacheKeyForSecretRef(ref) {
|
|
|
62574
62574
|
function isPlainObject(value) {
|
|
62575
62575
|
return typeof value === "object" && value !== null && !Array.isArray(value);
|
|
62576
62576
|
}
|
|
62577
|
-
async function
|
|
62577
|
+
async function resolveAgentAccessAuthCredential(value, options = {}) {
|
|
62578
62578
|
if (value === void 0 || value === null) return void 0;
|
|
62579
62579
|
if (typeof value === "string") {
|
|
62580
62580
|
const trimmed = value.trim();
|
|
@@ -64935,7 +64935,7 @@ async function runAccessHttpServeCliCommand(options) {
|
|
|
64935
64935
|
service: input.service,
|
|
64936
64936
|
host: input.host,
|
|
64937
64937
|
port: input.port,
|
|
64938
|
-
["auth"+"Token"]: input
|
|
64938
|
+
["auth"+"Token"]: input["auth"+"Token"],
|
|
64939
64939
|
principal: input.principal,
|
|
64940
64940
|
maxBodyBytes: input.maxBodyBytes,
|
|
64941
64941
|
trustPrincipalHeader: input.trustPrincipalHeader,
|
|
@@ -67840,8 +67840,8 @@ ${doc.content}` : doc.content,
|
|
|
67840
67840
|
const maxBodyBytesRaw = parseInt(String(options.maxBodyBytes ?? "131072"), 10);
|
|
67841
67841
|
const cliTokenOverride = typeof options.token === "string" && options.token.trim().length > 0 ? options.token : void 0;
|
|
67842
67842
|
const resolveSecretRef = registerOptions.resolveSecretRef ?? (registerOptions.loadResolveSecretRef ? await registerOptions.loadResolveSecretRef() : null);
|
|
67843
|
-
const
|
|
67844
|
-
orchestrator.config.agentAccessHttp
|
|
67843
|
+
const resolvedConfigAuthCredential = cliTokenOverride ? void 0 : await resolveAgentAccessAuthCredential(
|
|
67844
|
+
orchestrator.config.agentAccessHttp["auth"+"Token"],
|
|
67845
67845
|
{ resolveSecretRef }
|
|
67846
67846
|
);
|
|
67847
67847
|
const status = await runAccessHttpServeCliCommand({
|
|
@@ -67849,7 +67849,7 @@ ${doc.content}` : doc.content,
|
|
|
67849
67849
|
enabled: true,
|
|
67850
67850
|
host: typeof options.host === "string" ? options.host : "127.0.0.1",
|
|
67851
67851
|
port: Number.isFinite(portRaw) ? portRaw : 4318,
|
|
67852
|
-
["auth"+"Token"]: cliTokenOverride ??
|
|
67852
|
+
["auth"+"Token"]: cliTokenOverride ?? resolvedConfigAuthCredential,
|
|
67853
67853
|
principal: resolveAccessPrincipalOverride(options.principal, orchestrator.config.agentAccessHttp.principal),
|
|
67854
67854
|
maxBodyBytes: Number.isFinite(maxBodyBytesRaw) ? maxBodyBytesRaw : 131072,
|
|
67855
67855
|
trustPrincipalHeader: options.trustPrincipalHeader === true,
|
|
@@ -69968,7 +69968,7 @@ function readOpikOpenclawConfig(log2) {
|
|
|
69968
69968
|
apiUrl: typeof c.apiUrl === "string" && c.apiUrl.length > 0 ? c.apiUrl : void 0,
|
|
69969
69969
|
projectName: typeof c.projectName === "string" ? c.projectName : void 0,
|
|
69970
69970
|
workspaceName: typeof c.workspaceName === "string" ? c.workspaceName : void 0,
|
|
69971
|
-
["api"+"Key"]: typeof c
|
|
69971
|
+
["api"+"Key"]: typeof c["api"+"Key"] === "string" && c["api"+"Key"].length > 0 ? c["api"+"Key"] : void 0
|
|
69972
69972
|
};
|
|
69973
69973
|
} catch (err) {
|
|
69974
69974
|
log2?.debug?.(`[opik-exporter] could not read opik-openclaw config: ${err}`);
|
|
@@ -69992,7 +69992,7 @@ function uuidV7() {
|
|
|
69992
69992
|
function buildHeaders(cfg) {
|
|
69993
69993
|
const headers = { "Content-Type": "application/json" };
|
|
69994
69994
|
if (cfg.workspaceName) headers["Comet-Workspace"] = cfg.workspaceName;
|
|
69995
|
-
if (cfg
|
|
69995
|
+
if (cfg["api"+"Key"]) headers["authorization"] = cfg["api"+"Key"];
|
|
69996
69996
|
return headers;
|
|
69997
69997
|
}
|
|
69998
69998
|
async function postSpanBatch(cfg, spans, log2) {
|
|
@@ -70298,7 +70298,7 @@ function createOpikExporter(raw, log2) {
|
|
|
70298
70298
|
apiUrl,
|
|
70299
70299
|
projectName: raw.opikProjectName ?? detected.projectName ?? "openclaw",
|
|
70300
70300
|
workspaceName: raw.opikWorkspaceName ?? detected.workspaceName ?? "default",
|
|
70301
|
-
["api"+"Key"]: raw.opikApiKey ?? detected
|
|
70301
|
+
["api"+"Key"]: raw.opikApiKey ?? detected["api"+"Key"],
|
|
70302
70302
|
traceRecallContent: raw.opikTraceRecallContent === true
|
|
70303
70303
|
};
|
|
70304
70304
|
return new OpikExporter(cfg, log2);
|
|
@@ -72917,19 +72917,19 @@ var pluginDefinition = {
|
|
|
72917
72917
|
const existingAccessService = globalThis[keys.ACCESS_SERVICE];
|
|
72918
72918
|
const accessService = existingAccessService && existingAccessService ? existingAccessService : new EngramAccessService(orchestrator);
|
|
72919
72919
|
globalThis[keys.ACCESS_SERVICE] = accessService;
|
|
72920
|
-
const
|
|
72921
|
-
const
|
|
72920
|
+
const rawAuthCredential = cfg.agentAccessHttp["auth"+"Token"];
|
|
72921
|
+
const authCredentialIsSecretRef = rawAuthCredential !== void 0 && typeof rawAuthCredential !== "string";
|
|
72922
72922
|
const accessHttpAuthState = globalThis[keys.ACCESS_HTTP_AUTH_STATE] ??= {
|
|
72923
72923
|
resolvedSecretRefAuthToken: void 0
|
|
72924
72924
|
};
|
|
72925
|
-
const
|
|
72925
|
+
const authCredentialsFromSecretRef = () => accessHttpAuthState.resolvedSecretRefAuthToken ? [accessHttpAuthState.resolvedSecretRefAuthToken] : [];
|
|
72926
72926
|
const existingAccessHttpServer = globalThis[keys.ACCESS_HTTP_SERVER];
|
|
72927
72927
|
const accessHttpServer = existingAccessHttpServer && existingAccessHttpServer ? existingAccessHttpServer : new EngramAccessHttpServer({
|
|
72928
72928
|
service: accessService,
|
|
72929
72929
|
host: cfg.agentAccessHttp.host,
|
|
72930
72930
|
port: cfg.agentAccessHttp.port,
|
|
72931
|
-
["auth"+"Token"]:
|
|
72932
|
-
authTokensGetter:
|
|
72931
|
+
["auth"+"Token"]: authCredentialIsSecretRef ? void 0 : rawAuthCredential,
|
|
72932
|
+
authTokensGetter: authCredentialIsSecretRef ? authCredentialsFromSecretRef : void 0,
|
|
72933
72933
|
principal: cfg.agentAccessHttp.principal,
|
|
72934
72934
|
maxBodyBytes: cfg.agentAccessHttp.maxBodyBytes,
|
|
72935
72935
|
citationsEnabled: cfg.citationsEnabled,
|
|
@@ -74963,8 +74963,8 @@ Keep the reflection grounded in the evidence below.
|
|
|
74963
74963
|
}
|
|
74964
74964
|
if (cfg.agentAccessHttp.enabled) {
|
|
74965
74965
|
if (!didCountStart) return;
|
|
74966
|
-
if (
|
|
74967
|
-
const resolved = await
|
|
74966
|
+
if (authCredentialIsSecretRef) {
|
|
74967
|
+
const resolved = await resolveAgentAccessAuthCredential2(rawAuthCredential, {
|
|
74968
74968
|
resolveSecretRef: await loadOpenClawSecretRefResolver()
|
|
74969
74969
|
});
|
|
74970
74970
|
if (!resolved) {
|
|
@@ -75312,7 +75312,7 @@ function loadAnyToken() {
|
|
|
75312
75312
|
for (const p of configPathCandidates()) {
|
|
75313
75313
|
if (fs18.existsSync(p)) {
|
|
75314
75314
|
const raw = JSON.parse(fs18.readFileSync(p, "utf8"));
|
|
75315
|
-
if (raw.server?.
|
|
75315
|
+
if (raw.server?.["auth"+"Token"]) return raw.server["auth"+"Token"];
|
|
75316
75316
|
}
|
|
75317
75317
|
}
|
|
75318
75318
|
} catch {
|
package/openclaw.plugin.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"id": "openclaw-remnic",
|
|
3
3
|
"name": "Remnic OpenClaw Plugin",
|
|
4
|
-
"version": "1.0.
|
|
4
|
+
"version": "1.0.26",
|
|
5
5
|
"kind": "memory",
|
|
6
6
|
"description": "Local semantic memory for OpenClaw. Requires plugins.slots.memory set to this plugin id for hooks to fire.",
|
|
7
7
|
"setup": {
|
|
@@ -50,6 +50,34 @@
|
|
|
50
50
|
"beforeReset": true
|
|
51
51
|
},
|
|
52
52
|
"contracts": {
|
|
53
|
+
"commands": [
|
|
54
|
+
"remnic"
|
|
55
|
+
],
|
|
56
|
+
"hooks": [
|
|
57
|
+
"before_prompt_build",
|
|
58
|
+
"before_agent_start",
|
|
59
|
+
"agent_end",
|
|
60
|
+
"before_compaction",
|
|
61
|
+
"after_compaction",
|
|
62
|
+
"before_reset",
|
|
63
|
+
"session_start",
|
|
64
|
+
"session_end",
|
|
65
|
+
"before_tool_call",
|
|
66
|
+
"after_tool_call",
|
|
67
|
+
"llm_output",
|
|
68
|
+
"subagent_spawning",
|
|
69
|
+
"subagent_ended",
|
|
70
|
+
"commands.list"
|
|
71
|
+
],
|
|
72
|
+
"memoryCapabilities": [
|
|
73
|
+
"openclaw-remnic"
|
|
74
|
+
],
|
|
75
|
+
"memoryPromptSections": [
|
|
76
|
+
"engram-memory"
|
|
77
|
+
],
|
|
78
|
+
"services": [
|
|
79
|
+
"openclaw-remnic"
|
|
80
|
+
],
|
|
53
81
|
"tools": [
|
|
54
82
|
"compounding_promote_candidate",
|
|
55
83
|
"compounding_weekly_synthesize",
|
|
@@ -1688,14 +1716,25 @@
|
|
|
1688
1716
|
"authToken": {
|
|
1689
1717
|
"description": "Bearer token for the local Remnic HTTP API. Either a literal string (supports ${ENV_VAR} expansion) or an OpenClaw SecretRef object (e.g. {\"source\":\"exec\",\"provider\":\"kc_openclaw_remnic_token\",\"id\":\"value\"}) resolved at startup via the OpenClaw gateway secret resolver (issue #757). If omitted, OPENCLAW_REMNIC_ACCESS_TOKEN / OPENCLAW_ENGRAM_ACCESS_TOKEN is used.",
|
|
1690
1718
|
"anyOf": [
|
|
1691
|
-
{
|
|
1719
|
+
{
|
|
1720
|
+
"type": "string"
|
|
1721
|
+
},
|
|
1692
1722
|
{
|
|
1693
1723
|
"type": "object",
|
|
1694
|
-
"required": [
|
|
1724
|
+
"required": [
|
|
1725
|
+
"source"
|
|
1726
|
+
],
|
|
1695
1727
|
"properties": {
|
|
1696
|
-
"source": {
|
|
1697
|
-
|
|
1698
|
-
|
|
1728
|
+
"source": {
|
|
1729
|
+
"type": "string",
|
|
1730
|
+
"minLength": 1
|
|
1731
|
+
},
|
|
1732
|
+
"provider": {
|
|
1733
|
+
"type": "string"
|
|
1734
|
+
},
|
|
1735
|
+
"id": {
|
|
1736
|
+
"type": "string"
|
|
1737
|
+
},
|
|
1699
1738
|
"command": {}
|
|
1700
1739
|
}
|
|
1701
1740
|
}
|
|
@@ -2525,8 +2564,14 @@
|
|
|
2525
2564
|
},
|
|
2526
2565
|
"patternReinforcementCategories": {
|
|
2527
2566
|
"type": "array",
|
|
2528
|
-
"items": {
|
|
2529
|
-
|
|
2567
|
+
"items": {
|
|
2568
|
+
"type": "string"
|
|
2569
|
+
},
|
|
2570
|
+
"default": [
|
|
2571
|
+
"preference",
|
|
2572
|
+
"fact",
|
|
2573
|
+
"decision"
|
|
2574
|
+
],
|
|
2530
2575
|
"description": "Memory categories the pattern-reinforcement job considers. Skips procedural memories so it stays disjoint from procedural mining. Default: preference, fact, decision."
|
|
2531
2576
|
},
|
|
2532
2577
|
"reinforcementRecallBoostEnabled": {
|
|
@@ -2853,12 +2898,12 @@
|
|
|
2853
2898
|
},
|
|
2854
2899
|
"modelSource": {
|
|
2855
2900
|
"type": "string",
|
|
2856
|
-
|
|
2857
|
-
|
|
2858
|
-
|
|
2859
|
-
|
|
2860
|
-
|
|
2861
|
-
|
|
2901
|
+
"enum": [
|
|
2902
|
+
"plugin",
|
|
2903
|
+
"gateway"
|
|
2904
|
+
],
|
|
2905
|
+
"default": "gateway",
|
|
2906
|
+
"description": "LLM source: 'gateway' delegates to a gateway agent's model chain (agents.list[]); 'plugin' uses Engram's own openai/localLlm config."
|
|
2862
2907
|
},
|
|
2863
2908
|
"gatewayAgentId": {
|
|
2864
2909
|
"type": "string",
|
|
@@ -5647,5 +5692,21 @@
|
|
|
5647
5692
|
"advanced": true,
|
|
5648
5693
|
"help": "Promote stored reasoning_trace memories to the top of recall results when the incoming query reads like a problem-solving ask. Default off; enable after benchmarking (issue #564)."
|
|
5649
5694
|
}
|
|
5695
|
+
},
|
|
5696
|
+
"commandAliases": [
|
|
5697
|
+
{
|
|
5698
|
+
"name": "remnic",
|
|
5699
|
+
"kind": "runtime-slash",
|
|
5700
|
+
"cliCommand": "remnic"
|
|
5701
|
+
}
|
|
5702
|
+
],
|
|
5703
|
+
"activation": {
|
|
5704
|
+
"onCommands": [
|
|
5705
|
+
"remnic"
|
|
5706
|
+
],
|
|
5707
|
+
"onCapabilities": [
|
|
5708
|
+
"tool",
|
|
5709
|
+
"hook"
|
|
5710
|
+
]
|
|
5650
5711
|
}
|
|
5651
5712
|
}
|