@soyeht/soyeht 0.1.2 → 0.2.1

package/src/service.ts

@@ -1,3 +1,4 @@
+import { randomBytes } from "node:crypto";
 import { readFile, writeFile, rm } from "node:fs/promises";
 import { join } from "node:path";
 import type { OpenClawPluginApi, OpenClawPluginService, OpenClawPluginServiceContext } from "openclaw/plugin-sdk";
@@ -9,9 +10,13 @@ import {
 } from "./security.js";
 import { loadOrGenerateIdentity, loadPeers, loadSessions, saveSession } from "./identity.js";
 import { zeroBuffer } from "./ratchet.js";
-import { computeFingerprint, type X25519KeyPair } from "./crypto.js";
+import { base64UrlEncode, computeFingerprint, ed25519Sign, type X25519KeyPair } from "./crypto.js";
 import type { IdentityBundle, PeerIdentity } from "./identity.js";
 import type { RatchetState } from "./ratchet.js";
+import { createOutboundQueue, type OutboundQueue } from "./outbound-queue.js";
+import { renderQrTerminal } from "./qr.js";
+import { resolveSoyehtAccount } from "./config.js";
+import { buildPairingQrTranscript, buildPairingQrTranscriptV2 } from "./pairing.js";
 
 const HEARTBEAT_INTERVAL_MS = 60_000; // 60s
 
@@ -27,6 +32,7 @@ export type SecurityV2Deps = {
   pendingHandshakes: Map<string, PendingHandshake>;
   nonceCache: NonceCache;
   rateLimiter: RateLimiter;
+  outboundQueue: OutboundQueue;
   ready: boolean;
   stateDir?: string;
 };
@@ -58,10 +64,99 @@ export function createSecurityV2Deps(): SecurityV2Deps {
     pendingHandshakes: new Map(),
     nonceCache: createNonceCache(),
     rateLimiter: createRateLimiter(),
+    outboundQueue: createOutboundQueue(),
     ready: false,
   };
 }
 
+// ---------------------------------------------------------------------------
+// Auto-pairing QR display (terminal)
+// ---------------------------------------------------------------------------
+
+const AUTO_PAIRING_TTL_MS = 90_000;
+
+async function showPairingQr(api: OpenClawPluginApi, v2deps: SecurityV2Deps): Promise<void> {
+  const identity = v2deps.identity;
+  if (!identity) return;
+
+  const accountId = "default";
+
+  // Clear any stale pairing sessions for this account
+  for (const [token, session] of v2deps.pairingSessions) {
+    if (session.accountId === accountId) {
+      v2deps.pairingSessions.delete(token);
+    }
+  }
+
+  const pairingToken = base64UrlEncode(randomBytes(32));
+  const expiresAt = Date.now() + AUTO_PAIRING_TTL_MS;
+  const fingerprint = computeFingerprint(identity);
+
+  // Resolve gatewayUrl from config or runtime
+  const cfg = await api.runtime.config.loadConfig();
+  const account = resolveSoyehtAccount(cfg, accountId);
+  let gatewayUrl = account.gatewayUrl;
+  if (!gatewayUrl) {
+    const runtime = api.runtime as Record<string, unknown>;
+    if (typeof runtime["gatewayUrl"] === "string" && runtime["gatewayUrl"]) {
+      gatewayUrl = runtime["gatewayUrl"];
+    } else if (typeof runtime["baseUrl"] === "string" && runtime["baseUrl"]) {
+      gatewayUrl = runtime["baseUrl"];
+    }
+  }
+
+  const basePayload = {
+    accountId,
+    pairingToken,
+    expiresAt,
+    allowOverwrite: false,
+    pluginIdentityKey: identity.signKey.publicKeyB64,
+    pluginDhKey: identity.dhKey.publicKeyB64,
+    fingerprint,
+  };
+
+  let qrPayload: Record<string, unknown>;
+
+  if (gatewayUrl) {
+    const transcript = buildPairingQrTranscriptV2({ gatewayUrl, ...basePayload });
+    const signature = base64UrlEncode(ed25519Sign(identity.signKey.privateKey, transcript));
+    qrPayload = {
+      version: 2,
+      type: "soyeht_pairing_qr",
+      gatewayUrl,
+      ...basePayload,
+      signature,
+    };
+  } else {
+    const transcript = buildPairingQrTranscript(basePayload);
+    const signature = base64UrlEncode(ed25519Sign(identity.signKey.privateKey, transcript));
+    qrPayload = {
+      version: 1,
+      type: "soyeht_pairing_qr",
+      ...basePayload,
+      signature,
+    };
+  }
+
+  v2deps.pairingSessions.set(pairingToken, {
+    token: pairingToken,
+    accountId,
+    expiresAt,
+    allowOverwrite: false,
+  });
+
+  const qrText = JSON.stringify(qrPayload);
+  const rendered = renderQrTerminal(qrText);
+
+  if (rendered) {
+    api.logger.info("[soyeht] Scan this QR code with the Soyeht app to pair:\n\n" + rendered);
+    api.logger.info(`[soyeht] Fingerprint: ${fingerprint}`);
+    api.logger.info(`[soyeht] QR expires in ${AUTO_PAIRING_TTL_MS / 1000}s — restart plugin to generate a new one`);
+  } else {
+    api.logger.warn("[soyeht] QR code too large for terminal rendering. Use RPC soyeht.security.pairing.start instead.");
+  }
+}
+
 // ---------------------------------------------------------------------------
 // Service
 // ---------------------------------------------------------------------------
@@ -107,6 +202,15 @@ export function createSoyehtService(
       }
       if (v2deps) v2deps.ready = true;
 
+      // Auto-generate and display pairing QR if no peers are paired
+      if (v2deps?.identity && v2deps.peers.size === 0) {
+        try {
+          await showPairingQr(api, v2deps);
+        } catch (err) {
+          api.logger.error("[soyeht] Failed to auto-generate pairing QR", { err });
+        }
+      }
+
       api.logger.info("[soyeht] Service started");
 
       heartbeatTimer = setInterval(async () => {
@@ -115,6 +219,7 @@ export function createSoyehtService(
           const now = Date.now();
           v2deps.nonceCache.prune();
           v2deps.rateLimiter.prune();
+          v2deps.outboundQueue.prune();
           for (const [token, session] of v2deps.pairingSessions) {
             if (session.expiresAt <= now) {
               v2deps.pairingSessions.delete(token);
@@ -168,6 +273,7 @@ export function createSoyehtService(
         v2deps.peers.clear();
         v2deps.pairingSessions.clear();
         v2deps.pendingHandshakes.clear();
+        v2deps.outboundQueue.clear();
         v2deps.ready = false;
       }
 

package/src/types.ts

@@ -8,6 +8,7 @@ export type SoyehtAccountConfig = {
   enabled?: boolean;
   backendBaseUrl?: string;
   pluginAuthToken?: string;
+  gatewayUrl?: string;
   allowProactive?: boolean;
   audio?: {
     transcribeInbound?: boolean;
@@ -37,6 +38,7 @@ export const SoyehtAccountConfigSchema: JsonSchema = {
     enabled: { type: "boolean" },
     backendBaseUrl: { type: "string" },
     pluginAuthToken: { type: "string" },
+    gatewayUrl: { type: "string" },
     allowProactive: { type: "boolean" },
     audio: {
       type: "object",
@@ -367,6 +369,51 @@ export const PairingQrPayloadSchema: JsonSchema = {
   },
 };
 
+export type PairingQrPayloadV2 = {
+  version: 2;
+  type: "soyeht_pairing_qr";
+  gatewayUrl: string;
+  accountId: string;
+  pairingToken: string;
+  expiresAt: number;
+  allowOverwrite: boolean;
+  pluginIdentityKey: string;
+  pluginDhKey: string;
+  fingerprint: string;
+  signature: string;
+};
+
+export const PairingQrPayloadV2Schema: JsonSchema = {
+  type: "object",
+  additionalProperties: false,
+  required: [
+    "version",
+    "type",
+    "gatewayUrl",
+    "accountId",
+    "pairingToken",
+    "expiresAt",
+    "allowOverwrite",
+    "pluginIdentityKey",
+    "pluginDhKey",
+    "fingerprint",
+    "signature",
+  ],
+  properties: {
+    version: { const: 2 },
+    type: { const: "soyeht_pairing_qr" },
+    gatewayUrl: { type: "string", minLength: 1 },
+    accountId: { type: "string" },
+    pairingToken: { type: "string" },
+    expiresAt: { type: "number" },
+    allowOverwrite: { type: "boolean" },
+    pluginIdentityKey: { type: "string" },
+    pluginDhKey: { type: "string" },
+    fingerprint: { type: "string" },
+    signature: { type: "string" },
+  },
+};
+
 export type HandshakeFinishV2 = {
   version: 2;
   accountId: string;
@@ -397,6 +444,11 @@ export const SOYEHT_CAPABILITIES = {
   voiceContractVersion: 1,
   pipeline: "stt->llm->tts" as const,
   supportedContentTypes: ["text", "audio", "file"] as const,
+  transport: {
+    direct: true,
+    backend: true,
+    defaultMode: "direct" as const,
+  },
   security: {
     version: 2,
     pairingMode: "qr_token" as const,

package/src/version.ts

@@ -1 +1 @@
-export const PLUGIN_VERSION = "0.1.2";
+export const PLUGIN_VERSION = "0.2.1";