npm - @sahu-01/openpaw - Versions diffs - 1.0.6 → 1.0.8 - Mend

@sahu-01/openpaw 1.0.6 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +66 -58
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -9,7 +9,7 @@ var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __esm = (fn, res) => function __init() {
   return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
 };
-var __commonJS = (cb, mod) => function __require2() {
+var __commonJS = (cb, mod) => function __require() {
   return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
 };
 var __copyProps = (to, from, except, desc) => {
@@ -230786,14 +230786,14 @@ var OpenClawAuthProfilesSchema = import_zod4.z.object({
 });
 var WORKSPACE_FILES = ["AGENTS.md", "SOUL.md", ".cursorrules", "CLAUDE.md"];
 async function copyWorkspaceFiles(sourceDir, destDir) {
-  const { readdir: readdir4, copyFile: copyFile2, mkdir: mkdir4 } = await import("fs/promises");
+  const { readdir: readdir4, copyFile, mkdir: mkdir4 } = await import("fs/promises");
   const { join: join5 } = await import("path");
   await mkdir4(destDir, { recursive: true });
   const files = await readdir4(sourceDir);
   const copied = [];
   for (const file of files) {
     if (WORKSPACE_FILES.includes(file)) {
-      await copyFile2(join5(sourceDir, file), join5(destDir, file));
+      await copyFile(join5(sourceDir, file), join5(destDir, file));
       copied.push(file);
     }
   }
@@ -230818,7 +230818,7 @@ function mapProviderToCredentialType(type) {
   return "api_key";
 }
 async function migrateCredentials(openclawDir, vault) {
-  const { readFile: readFile5, writeFile: writeFile4, copyFile: copyFile2, readdir: readdir4, stat: stat3 } = await import("fs/promises");
+  const { readFile: readFile5, writeFile: writeFile4, copyFile, readdir: readdir4, stat: stat3 } = await import("fs/promises");
   const { join: join5 } = await import("path");
   const result = {
     profilesProcessed: 0,
@@ -230852,7 +230852,7 @@ async function migrateCredentials(openclawDir, vault) {
       const parsed = JSON.parse(content);
       const authProfiles = OpenClawAuthProfilesSchema.parse(parsed);
       const backupPath = `${authProfilesPath}.bak`;
-      await copyFile2(authProfilesPath, backupPath);
+      await copyFile(authProfilesPath, backupPath);
       result.filesBackedUp.push(backupPath);
       const updatedProfiles = {};
       for (const [profileName, profile] of Object.entries(authProfiles.profiles)) {
@@ -230892,12 +230892,6 @@ var import_child_process = require("child_process");
 var import_fs = require("fs");
 var import_zod5 = require("zod");
 init_dist();
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
-}) : x)(function(x) {
-  if (typeof require !== "undefined") return require.apply(this, arguments);
-  throw Error('Dynamic require of "' + x + '" is not supported');
-});
 var DEFAULT_PORT = 18789;
 var SessionSchema = import_zod5.z.object({
   id: import_zod5.z.string(),
@@ -230912,6 +230906,17 @@ var MessageSchema = import_zod5.z.object({
   content: import_zod5.z.string(),
   metadata: import_zod5.z.record(import_zod5.z.unknown()).optional()
 });
+var PROVIDER_ENV_VARS = {
+  google: ["GOOGLE_API_KEY", "GEMINI_API_KEY"],
+  openrouter: ["OPENROUTER_API_KEY"],
+  openai: ["OPENAI_API_KEY"],
+  anthropic: ["ANTHROPIC_API_KEY"],
+  cohere: ["COHERE_API_KEY"],
+  mistral: ["MISTRAL_API_KEY"],
+  groq: ["GROQ_API_KEY"],
+  together: ["TOGETHER_API_KEY"],
+  perplexity: ["PERPLEXITY_API_KEY"]
+};
 async function findOpenClawBinary(openclawDir) {
   const pathBinary = process.platform === "win32" ? "openclaw.cmd" : "openclaw";
   const pathDirs = (process.env["PATH"] ?? "").split(process.platform === "win32" ? ";" : ":");
@@ -230943,35 +230948,37 @@ async function findAuthProfileFiles(openclawDir) {
   }
   return profileFiles;
 }
-async function processAuthProfiles(profilePath, vault, backupSuffix) {
+function credIdToEnvVar(credId) {
+  return "OPENPAW_" + credId.toUpperCase().replace(/[^A-Z0-9]/g, "_");
+}
+async function processAuthProfiles(profilePath, vault) {
   const content = await (0, import_promises3.readFile)(profilePath, "utf8");
   const data = JSON.parse(content);
+  const envVarMap = /* @__PURE__ */ new Map();
   let modified = false;
   if (data.profiles) {
     for (const profileName of Object.keys(data.profiles)) {
       const profile = data.profiles[profileName];
-      if (profile && typeof profile.key === "string" && profile.key.startsWith("openpaw:vault:")) {
-        const credId = profile.key.replace("openpaw:vault:", "");
-        const result = vault.get(credId);
-        if (result) {
-          profile.key = result.value;
+      if (profile && typeof profile.key === "string") {
+        const provider = typeof profile.provider === "string" ? profile.provider : void 0;
+        if (profile.key.startsWith("openpaw:vault:")) {
+          const credId = profile.key.replace("openpaw:vault:", "");
+          const envVarName = credIdToEnvVar(credId);
+          envVarMap.set(envVarName, { credId, provider });
+          profile.key = "${" + envVarName + "}";
           modified = true;
+        } else if (profile.key.startsWith("${OPENPAW_") && profile.key.endsWith("}")) {
+          const envVarName = profile.key.slice(2, -1);
+          const credId = envVarName.replace("OPENPAW_", "").toLowerCase();
+          envVarMap.set(envVarName, { credId, provider });
         }
       }
     }
   }
   if (modified) {
-    await (0, import_promises3.copyFile)(profilePath, `${profilePath}${backupSuffix}`);
     await (0, import_promises3.writeFile)(profilePath, JSON.stringify(data, null, 2), { mode: 384 });
   }
-  return { original: content, processed: modified };
-}
-async function restoreAuthProfiles(profilePath, backupSuffix) {
-  const backupPath = `${profilePath}${backupSuffix}`;
-  if ((0, import_fs.existsSync)(backupPath)) {
-    await (0, import_promises3.copyFile)(backupPath, profilePath);
-    await (0, import_promises3.unlink)(backupPath);
-  }
+  return envVarMap;
 }
 async function startGateway(config = {}) {
   const openpawDir = config.openpawDir ?? (0, import_path3.join)((0, import_os2.homedir)(), ".openpaw");
@@ -230997,47 +231004,51 @@ async function startGateway(config = {}) {
     throw error;
   }
   const profileFiles = await findAuthProfileFiles(openclawDir);
-  const backupSuffix = ".openpaw-backup";
-  const processedFiles = [];
+  const allEnvVars = /* @__PURE__ */ new Map();
   for (const profilePath of profileFiles) {
-    const result = await processAuthProfiles(profilePath, vault, backupSuffix);
-    if (result.processed) {
-      processedFiles.push(profilePath);
+    const envVars = await processAuthProfiles(profilePath, vault);
+    for (const [envVarName, credInfo] of envVars) {
+      allEnvVars.set(envVarName, credInfo);
     }
   }
+  const childEnv = { ...process.env };
+  let credentialsLoaded = 0;
+  let providerEnvVarsSet = 0;
+  for (const [envVarName, credInfo] of allEnvVars) {
+    const result = vault.get(credInfo.credId);
+    if (result) {
+      childEnv[envVarName] = result.value;
+      credentialsLoaded++;
+      console.log(`  ${envVarName} \u2192 [secured]`);
+      if (credInfo.provider) {
+        const providerEnvVars = PROVIDER_ENV_VARS[credInfo.provider.toLowerCase()];
+        if (providerEnvVars) {
+          for (const providerEnvVar of providerEnvVars) {
+            childEnv[providerEnvVar] = result.value;
+            providerEnvVarsSet++;
+            console.log(`  ${providerEnvVar} \u2192 [secured] (${credInfo.provider})`);
+          }
+        }
+      }
+    } else {
+      console.warn(`  Warning: Credential ${credInfo.credId} not found in vault`);
+    }
+  }
+  console.log(`Loaded ${credentialsLoaded} credential(s), set ${providerEnvVarsSet} provider env var(s)`);
   let cleanedUp = false;
   let openclawProcess = null;
   const cleanup = async () => {
     if (cleanedUp) return;
     cleanedUp = true;
-    console.log("\nRe-encrypting credentials...");
-    for (const profilePath of processedFiles) {
-      try {
-        await restoreAuthProfiles(profilePath, backupSuffix);
-        console.log(`  Restored: ${profilePath}`);
-      } catch (err) {
-        console.error(`  Failed to restore ${profilePath}: ${err.message}`);
-      }
-    }
+    console.log("\nShutting down...");
     if (openclawProcess && !openclawProcess.killed) {
       openclawProcess.kill("SIGTERM");
     }
-    console.log("Credentials secured.");
+    console.log("Gateway stopped.");
   };
   const cleanupSync = () => {
     if (cleanedUp) return;
     cleanedUp = true;
-    const fs = __require("fs");
-    for (const profilePath of processedFiles) {
-      try {
-        const backupPath = `${profilePath}${backupSuffix}`;
-        if (fs.existsSync(backupPath)) {
-          fs.copyFileSync(backupPath, profilePath);
-          fs.unlinkSync(backupPath);
-        }
-      } catch {
-      }
-    }
     if (openclawProcess && !openclawProcess.killed) {
       openclawProcess.kill("SIGTERM");
     }
@@ -231062,21 +231073,18 @@ async function startGateway(config = {}) {
     process.exit(1);
   });
   const openclawBinary = await findOpenClawBinary(openclawDir);
-  console.log(`Gateway running on port ${port}. Credentials decrypted in memory. Press Ctrl+C to stop and re-encrypt.`);
-  if (processedFiles.length > 0) {
-    console.log(`Decrypted ${processedFiles.length} auth-profiles.json file(s)`);
-  }
+  console.log(`Gateway running. Credentials secured via environment variables. Press Ctrl+C to stop.`);
   const isWindows = process.platform === "win32";
   const spawnOpenClaw = (command, args = []) => {
     if (isWindows) {
       return (0, import_child_process.spawn)("cmd.exe", ["/c", command, ...args], {
         stdio: "inherit",
-        env: { ...process.env }
+        env: childEnv
       });
     } else {
       return (0, import_child_process.spawn)(command, args, {
         stdio: "inherit",
-        env: { ...process.env },
+        env: childEnv,
         shell: true
       });
     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sahu-01/openpaw",
-  "version": "1.0.6",
+  "version": "1.0.8",
   "description": "OpenPaw CLI - Security-first wrapper for AI agents",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",