npm - @sapienx/agentos - Versions diffs - 0.6.8 → 0.6.9 - Mend

@sapienx/agentos 0.6.8 → 0.6.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (203) hide show

package/bundle/.next/server/chunks/1718.js CHANGED Viewed

@@ -1,4 +1,4 @@
-"use strict";exports.id=1718,exports.ids=[1718],exports.modules={1718:(a,b,c)=>{c.d(b,{MG:()=>C,MQ:()=>D,PR:()=>A,Vg:()=>z,W6:()=>B,f5:()=>I});var d=c(77598),e=c(51455),f=c(48161),g=c(76760),h=c(58500),i=c(14805),j=c(39503),k=c(8533),l=c(35456),m=c(95141),n=c(7565),o=c(78446),p=c(96972);let q="gateway.remote.url",r=".env.local",s="AGENTOS_OPENCLAW_GATEWAY_TOKEN",t="AGENTOS_OPENCLAW_GATEWAY_PASSWORD",u="gateway.auth.mode",v="gateway.auth.token",w=[0,500,1e3,1500,2500,3500],x=["operator.admin","operator.read","operator.write","operator.approvals","operator.pairing","operator.talk.secrets"];function y(){(0,k.ZZ)(),(0,k.b7)()}async function z(a){let b=(0,l.Zm)(a.gatewayUrl);return b?await (0,j.rw)().setConfig(q,b):await (0,j.rw)().hasConfig(q)&&await (0,j.rw)().unsetConfig(q),y(),(0,k.GM)({force:!0})}async function A(a){let b=(0,l.FU)(a.workspaceRoot),c={...await (0,l.tl)(),...b?{workspaceRoot:b}:{}};return b||delete c.workspaceRoot,await (0,l.wi)(c),y(),(0,k.GM)({force:!0})}async function B(a={}){let b,c=a.env??process.env,d=a.cwd??process.cwd(),e=(a.now??(()=>new Date))().toISOString(),f=(0,j.rw)(),g=await K(f),h=g.snapshot,[i,k,l,n,o]=h?["string"==typeof(b=L(h,"gateway.auth.mode"))&&b.trim()?b.trim():null,R(L(h,"gateway.auth.token")),R(L(h,"gateway.auth.password")),R(L(h,"gateway.remote.token")),R(L(h,"gateway.remote.password"))]:g.invalidConfig?[null,"unknown","unknown","unknown","unknown"]:await Promise.all([y("gateway.auth.mode"),z("gateway.auth.token"),z("gateway.auth.password"),z("gateway.remote.token"),z("gateway.remote.password")]),q=(a.isNativeDisabled??m.JG)(),r=!!(c.AGENTOS_OPENCLAW_GATEWAY_TOKEN?.trim()||c.OPENCLAW_GATEWAY_TOKEN?.trim()),s=!!(c.AGENTOS_OPENCLAW_GATEWAY_PASSWORD?.trim()||c.OPENCLAW_GATEWAY_PASSWORD?.trim()),t={authToken:k,authPassword:l,remoteToken:n,remotePassword:o},u=await O(d);if(q)return{mode:i,env:{token:r,password:s},config:t,native:{ok:!1,checkedAt:e,kind:"disabled",issue:"Native OpenClaw Gateway WS is disabled by environment configuration.",disabledByEnv:!0},envFile:u,recommendation:"Unset AGENTOS_OPENCLAW_GATEWAY_CLIENT/OPENCLAW_GATEWAY_CLIENT=cli or AGENTOS_OPENCLAW_NATIVE_WS=0, then restart AgentOS."};try{return await (a.nativeProbe??(()=>new m.gH().callNative("status",{},{timeoutMs:2500})))(),{mode:i,env:{token:r,password:s},config:t,native:{ok:!0,checkedAt:e,kind:null,issue:null,disabledByEnv:!1},envFile:u,recommendation:"Native OpenClaw Gateway WS auth is ready."}}catch(g){var v,w,x;let a,b,c,d=(0,p.n3)(g,"Native Gateway auth check failed."),f=(v=g,w=d,"auth"===(a=v?.kind)||"malformed-response"===a||"rate-limited"===a||"scope-limited"===a||"timeout"===a||"unreachable"===a||"unknown"===a?a:/auth|token|password|unauthorized|forbidden/i.test(w)?"auth":/scope|permission|not allowed/i.test(w)?"scope-limited":/(^|[^a-z])rate limit(?:ed)?\b|retry after|too many requests/i.test(w)?"rate-limited":/invalid json|malformed|schema|payload/i.test(w)?"malformed-response":/timed out|timeout/i.test(w)?"timeout":/connect|closed|unreachable|websocket/i.test(w)?"unreachable":"unknown");return{mode:i,env:{token:r,password:s},config:t,native:{ok:!1,checkedAt:e,kind:f,issue:d,disabledByEnv:!1},envFile:u,recommendation:(b=Object.values((x={kind:f,envToken:r,envPassword:s,config:t}).config).includes("redacted"),c=x.envToken||x.envPassword,"auth"===x.kind&&b&&!c?"Set AGENTOS_OPENCLAW_GATEWAY_TOKEN/PASSWORD or OPENCLAW_GATEWAY_TOKEN/PASSWORD in the AgentOS process environment, then restart AgentOS.":"auth"===x.kind?"Verify the Gateway token/password exported to the AgentOS process, then restart AgentOS.":"unreachable"===x.kind||"timeout"===x.kind?"Start or restart the OpenClaw Gateway, then test native auth again.":"rate-limited"===x.kind?"Wait for the Gateway cooldown to expire, then test native auth again.":"scope-limited"===x.kind?"Repair the local AgentOS device access request so native Gateway WS can use operator scopes. No manual secret entry is required.":"malformed-response"===x.kind?"Update OpenClaw or continue using CLI fallback until the Gateway contract matches AgentOS.":"Review Gateway diagnostics and continue using CLI fallback until native WS can authenticate.")}}async function y(a){try{let b=await f.getConfig(a,{timeoutMs:2500});return"string"==typeof b&&b.trim()?b.trim():null}catch{return null}}async function z(a){try{let b=await f.getConfig(a,{timeoutMs:2500});return R(b)}catch{return"unknown"}}}async function C(a){let b=a.value.trim();if(!b)throw Error("Gateway token/password is required.");if(b.length>4096)throw Error("Gateway token/password is too long.");let c=i.fh;if((0,i.eG)()||process.env[i.tj]?.trim()?await (0,i.Wy)({kind:a.kind,value:b}):c=r,!(0,i.eG)()){let d=(0,g.join)(a.cwd??process.cwd(),r),f=function(a,b,c){let d="token"===b?s:t,e="token"===b?t:s,f=`${d}=${JSON.stringify(c)}`,g=a.split(/\r?\n/),h=[],i=!1;for(let a of g){if(!a.trim()){h.push(a);continue}let b=a.match(/^\s*([A-Za-z_][A-Za-z0-9_]*)\s*=/)?.[1];if(b===d){i||(h.push(f),i=!0);continue}b!==e&&h.push(a)}return i||(h.some(a=>a.trim())&&h.at(-1)?.trim()&&h.push(""),h.push("# OpenClaw Gateway native WebSocket auth for AgentOS"),h.push(f)),`${h.join("\n").replace(/\n+$/,"")}
-`}(await P(d),a.kind,b);await (0,e.writeFile)(d,f,{encoding:"utf8",mode:384}),await (0,e.chmod)(d,384),c=r}return"token"===a.kind?(process.env[s]=b,delete process.env[t]):(process.env[t]=b,delete process.env[s]),(0,n.QL)("gateway auth credential updated"),{envFile:c,activeEnvName:"token"===a.kind?s:t,restartRecommended:!0}}async function D(a={}){let b=(0,d.randomBytes)(32).toString("base64url"),c=await (0,j.rw)().setConfig(u,"token",{timeoutMs:2500}),e=await (0,j.rw)().setConfig(v,b,{timeoutMs:2500}),f=await C({kind:"token",value:b,cwd:a.cwd}),g=!1,h=null,i=!1,k=null,l=function(a){let b=!1;for(let[e,f]of a){var c,d;if((c=e)===u||c===v)return!0;let a=function(a){let b=a.metadata?.openClawConfig;if(b&&"object"==typeof b&&!Array.isArray(b)){let a=b.reloadKind;if("restart"===a||"hot"===a||"none"===a)return a}try{let b=JSON.parse(a.stdout||"{}"),c=b.configMutation?.reloadKind;if("restart"===c||"hot"===c||"none"===c)return c}catch{}return"unknown"}(f);if("restart"===a)return!0;"unknown"===a&&("gateway.mode"===(d=e)||/^gateway\./.test(d)&&!/^gateway\.remote\./.test(d))&&(b=!0)}return b}([[u,c],[v,e]]);if(l){let a=await E();g=a.restarted,h=a.issue}if((k=await H(b,a.verifyNativeAuth,a.verifyDelaysMs))&&l){let c=await F();g=g||c.restarted,h=G(h,c.issue),c.restarted&&(k=await H(b,a.verifyNativeAuth,a.verifyDelaysMs))}return i=!k,y(),{envFile:f.envFile,activeEnvName:f.activeEnvName,restartRequired:l,restarted:g,restartIssue:h,verified:i,verificationIssue:k}}async function E(){try{return await (0,j.rw)().controlGateway("restart",{timeoutMs:2e4,force:!0}),(0,n.QL)("gateway auth token rotated"),await (0,h.setTimeout)(1250),{restarted:!0,issue:null}}catch(a){return{restarted:!1,issue:(0,p.n3)(a,"Gateway forced restart failed.")}}}async function F(){let a=null;try{await (0,j.rw)().controlGateway("stop",{timeoutMs:2e4}),await (0,h.setTimeout)(750)}catch(b){a=(0,p.n3)(b,"Gateway stop after token rotation failed.")}try{return await (0,j.rw)().controlGateway("start",{timeoutMs:2e4}),(0,n.QL)("gateway auth token rotation stop/start completed"),await (0,h.setTimeout)(1250),{restarted:!0,issue:a}}catch(b){return{restarted:!1,issue:G(a,(0,p.n3)(b,"Gateway start after token rotation failed."))}}}function G(a,b){return b?.trim()?a?`${a}
-${b}`:b:a}async function H(a,b,c=w){let d=null,e=b??(a=>new m.gH({token:a}).callNative("status",{},{timeoutMs:2500}));for(let b of c.length>0?c:[0]){b>0&&await (0,h.setTimeout)(b);try{return await e(a),null}catch(a){d=(0,p.n3)(a,"Gateway auth verification failed.")}}return d}async function I(a={}){let b,c=a.readDeviceAuthToken??S,d=(b=Y(a.requiredScopes).filter(a=>/^operator\./.test(a))).length>0?Array.from(new Set(b)).sort():x,e=!1;try{await (a.nativeProbe??(()=>new m.gH().callNative("status",{},{timeoutMs:2500})))(),e=!0}catch{}let f=null,g=null,h={approved:!1,requestId:null,deviceId:null,scopes:[],envSynced:!1,activeEnvName:null,approvalIssue:null};try{var i;let b,e;b=(i=await (a.approveLatest??J)(d))&&"object"==typeof i?i.device:null,e=Y(b?.approvedScopes).length?Y(b?.approvedScopes):Y(b?.scopes),h={approved:!!b,requestId:X(i?.requestId),deviceId:X(b?.deviceId),scopes:e,envSynced:!1,activeEnvName:null,approvalIssue:null},g=await T()??await c()}catch(a){if(f=(0,p.n3)(a,"OpenClaw device approval failed."),g=await T()??await c(),!g?.token||!W(g.scopes,d))throw a;h={...h,approved:!0,scopes:g.scopes}}if(!h.approved&&e&&W(g?.scopes??[],d)&&(h={...h,approved:!0,scopes:g?.scopes??h.scopes}),h.approved&&W(g?.scopes??[],d)&&(h={...h,scopes:g?.scopes??h.scopes}),h.approved&&!W(g?.scopes??h.scopes,d))throw Error("OpenClaw device access was approved, but the local CLI device token was not updated with the required operator scopes.");return(0,n.QL)("gateway device access repaired"),y(),{...h,envSynced:!1,activeEnvName:null,approvalIssue:f}}async function J(a){return(0,j.rw)().approveDeviceAccess({latest:!0,scopes:a},{timeoutMs:1e4})}async function K(a){try{let b=await a.call("config.get",{},{timeoutMs:2500});return{snapshot:function(a){if(!N(a))return null;let b=N(a.config)?a.config:null,c=N(a.resolved)?a.resolved:null;return b||c?{config:b??{},resolved:c??{}}:null}(b),invalidConfig:!1}}catch(a){return{snapshot:null,invalidConfig:(0,o.D)(a)}}}function L(a,b){let c=M(a.config,b)??M(a.resolved,b);return void 0===c?null:c}function M(a,b){if(Object.hasOwn(a,b))return a[b];let c=a;for(let a of b.split(".")){if(!N(c)||!Object.hasOwn(c,a))return;c=c[a]}return c}function N(a){return!!a&&"object"==typeof a&&!Array.isArray(a)}async function O(a){if((0,i.eG)()){let a=await (0,i.lk)();return{path:(0,i.kz)(),token:a?.kind==="token",password:a?.kind==="password",gitignored:!0}}let b=(0,g.join)(a,r),c=await P(b),d=await P((0,g.join)(a,".gitignore"));return{path:r,token:Q(c,s),password:Q(c,t),gitignored:/^\.env\*?\.local$/m.test(d)||/^\.env\.local$/m.test(d)}}async function P(a){try{return await (0,e.readFile)(a,"utf8")}catch{return""}}function Q(a,b){return RegExp(`^\\s*${b}\\s*=`,"m").test(a)}function R(a){if(null==a)return"missing";if("string"!=typeof a)return"present";let b=a.trim();return b?"__OPENCLAW_REDACTED__"===b?"redacted":"present":"missing"}async function S(){let a=await P((0,g.join)(V(),"identity","device-auth.json"));if(!a.trim())return null;try{let b=JSON.parse(a),c=X(b.tokens?.operator?.token);if(!c)return null;return{token:c,scopes:Y(b.tokens?.operator?.scopes)}}catch{return null}}async function T(){let a=V(),b=await U((0,g.join)(a,"identity","device.json")),c=X(b?.deviceId);if(!c)return null;let d=await U((0,g.join)(a,"devices","paired.json")),f=d?.[c]?.tokens?.operator,h=X(f?.token),i=Y(f?.scopes);if(!h)return null;let j=(0,g.join)(a,"identity","device-auth.json"),k=await U(j),l=k?.deviceId===c&&k.tokens&&"object"==typeof k.tokens?{...k.tokens}:{};return l.operator={token:h,role:X(f?.role)??"operator",scopes:i,updatedAtMs:Date.now()},await (0,e.mkdir)((0,g.dirname)(j),{recursive:!0}),await (0,e.writeFile)(j,`${JSON.stringify({version:1,deviceId:c,tokens:l},null,2)}
-`,{encoding:"utf8",mode:384}),await (0,e.chmod)(j,384),{token:h,scopes:i}}async function U(a){let b=await P(a);if(!b.trim())return null;try{return JSON.parse(b)}catch{return null}}function V(){let a=process.env.OPENCLAW_STATE_DIR?.trim();return a?a.startsWith("~")?(0,g.join)((0,f.homedir)(),a.slice(1)):a:(0,g.join)((0,f.homedir)(),".openclaw")}function W(a,b=x){let c=new Set(a);return b.every(a=>c.has(a))}function X(a){return"string"==typeof a&&a.trim()?a.trim():null}function Y(a){return Array.isArray(a)?a.filter(a=>"string"==typeof a&&!!a.trim()):[]}}};
+"use strict";exports.id=1718,exports.ids=[1718],exports.modules={1718:(a,b,c)=>{c.d(b,{MG:()=>C,MQ:()=>D,PR:()=>A,Vg:()=>z,W6:()=>B,f5:()=>I});var d=c(77598),e=c(51455),f=c(48161),g=c(76760),h=c(58500),i=c(14805),j=c(39503),k=c(4020),l=c(35456),m=c(95141),n=c(7565),o=c(78446),p=c(96972);let q="gateway.remote.url",r=".env.local",s="AGENTOS_OPENCLAW_GATEWAY_TOKEN",t="AGENTOS_OPENCLAW_GATEWAY_PASSWORD",u="gateway.auth.mode",v="gateway.auth.token",w=[0,500,1e3,1500,2500,3500],x=["operator.admin","operator.read","operator.write","operator.approvals","operator.pairing","operator.talk.secrets"];function y(){(0,k.ZZ)(),(0,k.b7)()}async function z(a){let b=(0,l.Zm)(a.gatewayUrl);return b?await (0,j.rw)().setConfig(q,b):await (0,j.rw)().hasConfig(q)&&await (0,j.rw)().unsetConfig(q),y(),(0,k.GM)({force:!0})}async function A(a){let b=(0,l.FU)(a.workspaceRoot),c={...await (0,l.tl)(),...b?{workspaceRoot:b}:{}};return b||delete c.workspaceRoot,await (0,l.wi)(c),y(),(0,k.GM)({force:!0})}async function B(a={}){let b,c=a.env??process.env,d=a.cwd??process.cwd(),e=(a.now??(()=>new Date))().toISOString(),f=(0,j.rw)(),g=await L(f),h=g.snapshot,[i,k,l,n,o]=h?["string"==typeof(b=M(h,"gateway.auth.mode"))&&b.trim()?b.trim():null,S(M(h,"gateway.auth.token")),S(M(h,"gateway.auth.password")),S(M(h,"gateway.remote.token")),S(M(h,"gateway.remote.password"))]:g.invalidConfig?[null,"unknown","unknown","unknown","unknown"]:await Promise.all([y("gateway.auth.mode"),z("gateway.auth.token"),z("gateway.auth.password"),z("gateway.remote.token"),z("gateway.remote.password")]),q=(a.isNativeDisabled??m.JG)(),r=!!(c.AGENTOS_OPENCLAW_GATEWAY_TOKEN?.trim()||c.OPENCLAW_GATEWAY_TOKEN?.trim()),s=!!(c.AGENTOS_OPENCLAW_GATEWAY_PASSWORD?.trim()||c.OPENCLAW_GATEWAY_PASSWORD?.trim()),t={authToken:k,authPassword:l,remoteToken:n,remotePassword:o},u=await P(d);if(q)return{mode:i,env:{token:r,password:s},config:t,native:{ok:!1,checkedAt:e,kind:"disabled",issue:"Native OpenClaw Gateway WS is disabled by environment configuration.",disabledByEnv:!0},envFile:u,recommendation:"Unset AGENTOS_OPENCLAW_GATEWAY_CLIENT/OPENCLAW_GATEWAY_CLIENT=cli or AGENTOS_OPENCLAW_NATIVE_WS=0, then restart AgentOS."};try{return await (a.nativeProbe??(()=>new m.gH().callNative("status",{},{timeoutMs:2500})))(),{mode:i,env:{token:r,password:s},config:t,native:{ok:!0,checkedAt:e,kind:null,issue:null,disabledByEnv:!1},envFile:u,recommendation:"Native OpenClaw Gateway WS auth is ready."}}catch(g){var v,w,x;let a,b,c,d=(0,p.n3)(g,"Native Gateway auth check failed."),f=(v=g,w=d,"auth"===(a=v?.kind)||"malformed-response"===a||"rate-limited"===a||"scope-limited"===a||"timeout"===a||"unreachable"===a||"unknown"===a?a:/auth|token|password|unauthorized|forbidden/i.test(w)?"auth":/scope|permission|not allowed/i.test(w)?"scope-limited":/(^|[^a-z])rate limit(?:ed)?\b|retry after|too many requests/i.test(w)?"rate-limited":/invalid json|malformed|schema|payload/i.test(w)?"malformed-response":/timed out|timeout/i.test(w)?"timeout":/connect|closed|unreachable|websocket/i.test(w)?"unreachable":"unknown");return{mode:i,env:{token:r,password:s},config:t,native:{ok:!1,checkedAt:e,kind:f,issue:d,disabledByEnv:!1},envFile:u,recommendation:(b=Object.values((x={kind:f,envToken:r,envPassword:s,config:t}).config).includes("redacted"),c=x.envToken||x.envPassword,"auth"===x.kind&&b&&!c?"Set AGENTOS_OPENCLAW_GATEWAY_TOKEN/PASSWORD or OPENCLAW_GATEWAY_TOKEN/PASSWORD in the AgentOS process environment, then restart AgentOS.":"auth"===x.kind?"Verify the Gateway token/password exported to the AgentOS process, then restart AgentOS.":"unreachable"===x.kind||"timeout"===x.kind?"Start or restart the OpenClaw Gateway, then test native auth again.":"rate-limited"===x.kind?"Wait for the Gateway cooldown to expire, then test native auth again.":"scope-limited"===x.kind?"Repair the local AgentOS device access request so native Gateway WS can use operator scopes. No manual secret entry is required.":"malformed-response"===x.kind?"Update OpenClaw or continue using CLI fallback until the Gateway contract matches AgentOS.":"Review Gateway diagnostics and continue using CLI fallback until native WS can authenticate.")}}async function y(a){try{let b=await f.getConfig(a,{timeoutMs:2500});return"string"==typeof b&&b.trim()?b.trim():null}catch{return null}}async function z(a){try{let b=await f.getConfig(a,{timeoutMs:2500});return S(b)}catch{return"unknown"}}}async function C(a){let b=a.value.trim();if(!b)throw Error("Gateway token/password is required.");if(b.length>4096)throw Error("Gateway token/password is too long.");let c=i.fh;if((0,i.eG)()||process.env[i.tj]?.trim()?await (0,i.Wy)({kind:a.kind,value:b}):c=r,!(0,i.eG)()){let d=(0,g.join)(a.cwd??process.cwd(),r),f=function(a,b,c){let d="token"===b?s:t,e="token"===b?t:s,f=`${d}=${JSON.stringify(c)}`,g=a.split(/\r?\n/),h=[],i=!1;for(let a of g){if(!a.trim()){h.push(a);continue}let b=a.match(/^\s*([A-Za-z_][A-Za-z0-9_]*)\s*=/)?.[1];if(b===d){i||(h.push(f),i=!0);continue}b!==e&&h.push(a)}return i||(h.some(a=>a.trim())&&h.at(-1)?.trim()&&h.push(""),h.push("# OpenClaw Gateway native WebSocket auth for AgentOS"),h.push(f)),`${h.join("\n").replace(/\n+$/,"")}
+`}(await Q(d),a.kind,b);await (0,e.writeFile)(d,f,{encoding:"utf8",mode:384}),await (0,e.chmod)(d,384),c=r}return"token"===a.kind?(process.env[s]=b,delete process.env[t]):(process.env[t]=b,delete process.env[s]),(0,n.QL)("gateway auth credential updated"),{envFile:c,activeEnvName:"token"===a.kind?s:t,restartRecommended:!0}}async function D(a={}){let b=(0,d.randomBytes)(32).toString("base64url"),c=await (0,j.rw)().setConfig(u,"token",{timeoutMs:2500}),e=await (0,j.rw)().setConfig(v,b,{timeoutMs:2500}),f=await C({kind:"token",value:b,cwd:a.cwd}),g=!1,h=null,i=!1,k=null,l=function(a){let b=!1;for(let[e,f]of a){var c,d;if((c=e)===u||c===v)return!0;let a=function(a){let b=a.metadata?.openClawConfig;if(b&&"object"==typeof b&&!Array.isArray(b)){let a=b.reloadKind;if("restart"===a||"hot"===a||"none"===a)return a}try{let b=JSON.parse(a.stdout||"{}"),c=b.configMutation?.reloadKind;if("restart"===c||"hot"===c||"none"===c)return c}catch{}return"unknown"}(f);if("restart"===a)return!0;"unknown"===a&&("gateway.mode"===(d=e)||/^gateway\./.test(d)&&!/^gateway\.remote\./.test(d))&&(b=!0)}return b}([[u,c],[v,e]]);if(l){let a=await E();g=a.restarted,h=a.issue}if((k=await H(b,a.verifyNativeAuth,a.verifyDelaysMs))&&l){let c=await F();g=g||c.restarted,h=G(h,c.issue),c.restarted&&(k=await H(b,a.verifyNativeAuth,a.verifyDelaysMs))}return i=!k,y(),{envFile:f.envFile,activeEnvName:f.activeEnvName,restartRequired:l,restarted:g,restartIssue:h,verified:i,verificationIssue:k}}async function E(){try{return await (0,j.rw)().controlGateway("restart",{timeoutMs:2e4,force:!0}),(0,n.QL)("gateway auth token rotated"),await (0,h.setTimeout)(1250),{restarted:!0,issue:null}}catch(a){return{restarted:!1,issue:(0,p.n3)(a,"Gateway forced restart failed.")}}}async function F(){let a=null;try{await (0,j.rw)().controlGateway("stop",{timeoutMs:2e4}),await (0,h.setTimeout)(750)}catch(b){a=(0,p.n3)(b,"Gateway stop after token rotation failed.")}try{return await (0,j.rw)().controlGateway("start",{timeoutMs:2e4}),(0,n.QL)("gateway auth token rotation stop/start completed"),await (0,h.setTimeout)(1250),{restarted:!0,issue:a}}catch(b){return{restarted:!1,issue:G(a,(0,p.n3)(b,"Gateway start after token rotation failed."))}}}function G(a,b){return b?.trim()?a?`${a}
+${b}`:b:a}async function H(a,b,c=w){let d=null,e=b??(a=>new m.gH({token:a}).callNative("status",{},{timeoutMs:2500}));for(let b of c.length>0?c:[0]){b>0&&await (0,h.setTimeout)(b);try{return await e(a),null}catch(a){d=(0,p.n3)(a,"Gateway auth verification failed.")}}return d}async function I(a={}){let b,c=a.readDeviceAuthToken??T,d=(b=Z(a.requiredScopes).filter(a=>/^operator\./.test(a))).length>0?Array.from(new Set(b)).sort():x,e=a.nativeProbe??K,f=!1;try{await e(),f=!0}catch{}let g=null,h=null,i={approved:!1,requestId:null,deviceId:null,scopes:[],envSynced:!1,activeEnvName:null,approvalIssue:null};try{var j;let b,e;b=(j=await (a.approveLatest??J)(d))&&"object"==typeof j?j.device:null,e=Z(b?.approvedScopes).length?Z(b?.approvedScopes):Z(b?.scopes),i={approved:!!b,requestId:Y(j?.requestId),deviceId:Y(b?.deviceId),scopes:e,envSynced:!1,activeEnvName:null,approvalIssue:null},h=await U()??await c()}catch(a){if(g=(0,p.n3)(a,"OpenClaw device approval failed."),h=await U()??await c(),h?.token&&X(h.scopes,d))i={...i,approved:!0,scopes:h.scopes};else{if(!f)throw a;i={...i,approved:!0,scopes:d}}}if(!i.approved&&f&&X(h?.scopes??[],d)&&(i={...i,approved:!0,scopes:h?.scopes??i.scopes}),i.approved&&X(h?.scopes??[],d)&&(i={...i,scopes:h?.scopes??i.scopes}),i.approved&&!X(h?.scopes??i.scopes,d)){let a=f;if(!a)try{await e(),a=!0}catch{a=!1}if(!a)throw Error("OpenClaw device access was approved, but the local CLI device token was not updated with the required operator scopes.");i={...i,scopes:d},g??="OpenClaw approved native Gateway access, but the local CLI device token has not reported every requested operator scope yet."}return(0,n.QL)("gateway device access repaired"),y(),{...i,envSynced:!1,activeEnvName:null,approvalIssue:g}}async function J(a){return(0,j.rw)().approveDeviceAccess({latest:!0,scopes:a},{timeoutMs:1e4})}async function K(){let a=new m.gH;try{return await a.callNative("status",{},{timeoutMs:2500})}finally{a.close("gateway device access repair probe completed")}}async function L(a){try{let b=await a.call("config.get",{},{timeoutMs:2500});return{snapshot:function(a){if(!O(a))return null;let b=O(a.config)?a.config:null,c=O(a.resolved)?a.resolved:null;return b||c?{config:b??{},resolved:c??{}}:null}(b),invalidConfig:!1}}catch(a){return{snapshot:null,invalidConfig:(0,o.D)(a)}}}function M(a,b){let c=N(a.config,b)??N(a.resolved,b);return void 0===c?null:c}function N(a,b){if(Object.hasOwn(a,b))return a[b];let c=a;for(let a of b.split(".")){if(!O(c)||!Object.hasOwn(c,a))return;c=c[a]}return c}function O(a){return!!a&&"object"==typeof a&&!Array.isArray(a)}async function P(a){if((0,i.eG)()){let a=await (0,i.lk)();return{path:(0,i.kz)(),token:a?.kind==="token",password:a?.kind==="password",gitignored:!0}}let b=(0,g.join)(a,r),c=await Q(b),d=await Q((0,g.join)(a,".gitignore"));return{path:r,token:R(c,s),password:R(c,t),gitignored:/^\.env\*?\.local$/m.test(d)||/^\.env\.local$/m.test(d)}}async function Q(a){try{return await (0,e.readFile)(a,"utf8")}catch{return""}}function R(a,b){return RegExp(`^\\s*${b}\\s*=`,"m").test(a)}function S(a){if(null==a)return"missing";if("string"!=typeof a)return"present";let b=a.trim();return b?"__OPENCLAW_REDACTED__"===b?"redacted":"present":"missing"}async function T(){let a=await Q((0,g.join)(W(),"identity","device-auth.json"));if(!a.trim())return null;try{let b=JSON.parse(a),c=Y(b.tokens?.operator?.token);if(!c)return null;return{token:c,scopes:Z(b.tokens?.operator?.scopes)}}catch{return null}}async function U(){let a=W(),b=await V((0,g.join)(a,"identity","device.json")),c=Y(b?.deviceId);if(!c)return null;let d=await V((0,g.join)(a,"devices","paired.json")),f=d?.[c]?.tokens?.operator,h=Y(f?.token),i=Z(f?.scopes);if(!h)return null;let j=(0,g.join)(a,"identity","device-auth.json"),k=await V(j),l=k?.deviceId===c&&k.tokens&&"object"==typeof k.tokens?{...k.tokens}:{};return l.operator={token:h,role:Y(f?.role)??"operator",scopes:i,updatedAtMs:Date.now()},await (0,e.mkdir)((0,g.dirname)(j),{recursive:!0}),await (0,e.writeFile)(j,`${JSON.stringify({version:1,deviceId:c,tokens:l},null,2)}
+`,{encoding:"utf8",mode:384}),await (0,e.chmod)(j,384),{token:h,scopes:i}}async function V(a){let b=await Q(a);if(!b.trim())return null;try{return JSON.parse(b)}catch{return null}}function W(){let a=process.env.OPENCLAW_STATE_DIR?.trim();return a?a.startsWith("~")?(0,g.join)((0,f.homedir)(),a.slice(1)):a:(0,g.join)((0,f.homedir)(),".openclaw")}function X(a,b=x){let c=new Set(a);return b.every(a=>c.has(a))}function Y(a){return"string"==typeof a&&a.trim()?a.trim():null}function Z(a){return Array.isArray(a)?a.filter(a=>"string"==typeof a&&!!a.trim()):[]}}};