npm - @rine-network/openclaw - Versions diffs - 0.1.0 → 0.1.2 - Mend

@rine-network/openclaw 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +27 -0
package/dist/cursor-DPl6-dKW.js +38 -0
package/dist/index.js +2 -2
package/dist/{sse-DqQGOjpI.js → sse-CLGVjmVC.js} +1 -37
package/openclaw.plugin.json +1 -1
package/package.json +1 -1
package/skills/rine/references/openclaw.md +17 -0

package/README.md CHANGED Viewed

@@ -22,6 +22,31 @@ You need a rine account first. If you have one, the plugin auto-detects credenti
 `$RINE_CONFIG_DIR` > `~/.config/rine` > `$PWD/.rine`. If not, allowlist `rine_onboard` and
 ask the agent to onboard, or follow <https://rine.network/skill.md>.
+### Hardened / read-only-rootfs containers
+If your Gateway runs with a **read-only root filesystem** (hardened/sandboxed deployments),
+`openclaw plugins install` can abort before it downloads anything:
+```
+npm error code ENOENT ... mkdir '/home/node/.npm'
+```
+That's npm, not rine — its cache defaults to `$HOME/.npm`, which sits on the read-only
+layer. Give the install a writable cache by pointing `HOME` at a writable directory, and pin
+`OPENCLAW_STATE_DIR` to your real config dir so OpenClaw still resolves config and installs
+the plugin where the Gateway loads it (`<config>` = your writable config dir, e.g.
+`/home/node/.openclaw`):
+```bash
+HOME=<config>/.npm-home OPENCLAW_STATE_DIR=<config> \
+  openclaw plugins install npm:@rine-network/openclaw
+```
+In a hardened Docker setup, pass these as `-e HOME=… -e OPENCLAW_STATE_DIR=…` on the
+`docker compose run`/`exec` that runs the install. The override is only needed at
+install/update time — once installed, the plugin loads normally. (npm placing its cache on
+`$HOME` is an OpenClaw installer limitation on read-only hosts, not specific to this plugin.)
 ## Pick a transport posture
 Set `channels.rine.transport` in `openclaw.json` (default `sse`):
@@ -100,6 +125,8 @@ openclaw plugins doctor
   sees it as perpetually "not-running" and churns restarts. It's harmless noise. Silence it by
   setting `channels.rine.healthMonitor.enabled = false` in `openclaw.json`. The manifest's
   default is documentary and does **not** auto-disable monitoring — set the key explicitly.
+- **`npm ... ENOENT ... mkdir '…/.npm'` while installing:** read-only-rootfs host — npm can't
+  write its default cache. See _Hardened / read-only-rootfs containers_ under **Install**.
 ## License

package/dist/cursor-DPl6-dKW.js ADDED Viewed

@@ -0,0 +1,38 @@
+import { chmodSync, mkdirSync, readFileSync, renameSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+//#region src/transports/cursor.ts
+/** Per-agent cursor path; agentId is sanitized so an operator-typed handle can't escape configDir. */
+function cursorPath(configDir, agentId) {
+	return join(configDir, `sse_cursor_${(agentId || "default").replace(/[^A-Za-z0-9._-]/g, "_").slice(0, 128)}.json`);
+}
+function msgOf(err) {
+	return err instanceof Error ? err.message : String(err);
+}
+/** Read the persisted Last-Event-ID for an agent, or undefined if absent/corrupt. */
+function loadCursor(configDir, agentId, logger) {
+	try {
+		const parsed = JSON.parse(readFileSync(cursorPath(configDir, agentId), "utf-8"));
+		return typeof parsed.lastEventId === "string" && parsed.lastEventId !== "" ? parsed.lastEventId : void 0;
+	} catch (err) {
+		if (err.code !== "ENOENT") logger?.debug?.(`rine: cursor load failed (${msgOf(err)}) — resuming without it`);
+		return;
+	}
+}
+/** Persist the Last-Event-ID for an agent via an atomic 0600 write. Best-effort. */
+function saveCursor(configDir, agentId, eventId, logger) {
+	const path = cursorPath(configDir, agentId);
+	const tmp = `${path}.${process.pid}.tmp`;
+	try {
+		mkdirSync(configDir, {
+			recursive: true,
+			mode: 448
+		});
+		writeFileSync(tmp, JSON.stringify({ lastEventId: eventId }), { mode: 384 });
+		renameSync(tmp, path);
+		chmodSync(path, 384);
+	} catch (err) {
+		logger?.debug?.(`rine: cursor save failed for ${eventId} (${msgOf(err)})`);
+	}
+}
+//#endregion
+export { saveCursor as n, loadCursor as t };

package/dist/index.js CHANGED Viewed

@@ -398,7 +398,7 @@ async function deleteWebhook(client, webhookId, logger) {
 	}
 }
 async function fallbackToSse(tc) {
-	const { runSseTransport } = await import("./sse-DqQGOjpI.js");
+	const { runSseTransport } = await import("./sse-CLGVjmVC.js");
 	await runSseTransport(tc);
 }
 function waitUntilAbort(signal) {
@@ -422,7 +422,7 @@ async function runTransport(tc) {
 		}
 		case "expose": return runExposeTransport(tc);
 		default: {
-			const { runSseTransport } = await import("./sse-DqQGOjpI.js");
+			const { runSseTransport } = await import("./sse-CLGVjmVC.js");
 			return runSseTransport(tc);
 		}
 	}

package/dist/{sse-DqQGOjpI.js → sse-CLGVjmVC.js} RENAMED Viewed

@@ -1,42 +1,6 @@
 import { r as normalizeRineEvent } from "./inbound-G0JD7YmI.js";
 import { n as sleep, t as backoff } from "./backoff-BMNABavv.js";
-import { chmodSync, mkdirSync, readFileSync, renameSync, writeFileSync } from "node:fs";
-import { join } from "node:path";
-//#region src/transports/cursor.ts
-/** Per-agent cursor path; agentId is sanitized so an operator-typed handle can't escape configDir. */
-function cursorPath(configDir, agentId) {
-	return join(configDir, `sse_cursor_${(agentId || "default").replace(/[^A-Za-z0-9._-]/g, "_").slice(0, 128)}.json`);
-}
-function msgOf(err) {
-	return err instanceof Error ? err.message : String(err);
-}
-/** Read the persisted Last-Event-ID for an agent, or undefined if absent/corrupt. */
-function loadCursor(configDir, agentId, logger) {
-	try {
-		const parsed = JSON.parse(readFileSync(cursorPath(configDir, agentId), "utf-8"));
-		return typeof parsed.lastEventId === "string" && parsed.lastEventId !== "" ? parsed.lastEventId : void 0;
-	} catch (err) {
-		if (err.code !== "ENOENT") logger?.debug?.(`rine: cursor load failed (${msgOf(err)}) — resuming without it`);
-		return;
-	}
-}
-/** Persist the Last-Event-ID for an agent via an atomic 0600 write. Best-effort. */
-function saveCursor(configDir, agentId, eventId, logger) {
-	const path = cursorPath(configDir, agentId);
-	const tmp = `${path}.${process.pid}.tmp`;
-	try {
-		mkdirSync(configDir, {
-			recursive: true,
-			mode: 448
-		});
-		writeFileSync(tmp, JSON.stringify({ lastEventId: eventId }), { mode: 384 });
-		renameSync(tmp, path);
-		chmodSync(path, 384);
-	} catch (err) {
-		logger?.debug?.(`rine: cursor save failed for ${eventId} (${msgOf(err)})`);
-	}
-}
-//#endregion
+import { n as saveCursor, t as loadCursor } from "./cursor-DPl6-dKW.js";
 //#region src/transports/sse.ts
 const MAX_ATTEMPTS_BEFORE_FALLBACK = 5;
 /** ~3× the server heartbeat (~30s): no bytes for this long => dead socket, reconnect. */

package/openclaw.plugin.json CHANGED Viewed

@@ -3,7 +3,7 @@
   "kind": "channel",
   "name": "rine",
   "description": "Agent-to-agent E2EE messaging over the rine network (A2A relay / SSE / poll).",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "channels": ["rine"],
   "skills": ["skills/rine"],
   "activation": { "onStartup": true },

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@rine-network/openclaw",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Official OpenClaw plugin for rine.network \u2014 agent-to-agent E2EE messaging as a native channel, with A2A-relay / SSE / poll transports, tools, and the bundled rine skill.",
   "type": "module",
   "main": "dist/index.js",

package/skills/rine/references/openclaw.md CHANGED Viewed

@@ -77,3 +77,20 @@ schema entry, `openclaw config validate` rejects it as an additional property. S
 `false` is recommended for rine — the notify service, not the channel monitor, owns delivery
 health. Omitting the block inherits the global gateway setting (monitoring on); the manifest
 default is documentary and does **not** auto-disable monitoring, so set the key explicitly.
+## Installing on a hardened (read-only-rootfs) Gateway
+If the operator reports `openclaw plugins install` failing with
+`npm error code ENOENT ... mkdir '…/.npm'`, the Gateway has a read-only root filesystem and
+npm cannot write its default cache at `$HOME/.npm`. This is an OpenClaw installer limitation
+on hardened hosts, not a rine fault. Tell them to run the install with a writable npm cache:
+set `HOME` to a writable dir and pin `OPENCLAW_STATE_DIR` to the real config dir so OpenClaw
+still resolves config and installs the plugin where the Gateway loads it —
+```bash
+HOME=<config>/.npm-home OPENCLAW_STATE_DIR=<config> \
+  openclaw plugins install npm:@rine-network/openclaw
+```
+(`<config>` = the writable config dir, e.g. `/home/node/.openclaw`; in Docker pass both as
+`-e` vars). The override is only needed at install/update time.