@swarmclawai/swarmclaw 0.2.0

package/src/lib/providers/openclaw.ts

@@ -0,0 +1,330 @@
+import { WebSocket } from 'ws'
+import crypto, { randomUUID } from 'crypto'
+import fs from 'fs'
+import path from 'path'
+import type { StreamChatOptions } from './index'
+
+// --- Device Identity (Ed25519 keypair for gateway auth) ---
+
+const ED25519_SPKI_PREFIX = Buffer.from('302a300506032b6570032100', 'hex')
+
+function base64UrlEncode(buf: Buffer): string {
+  return buf.toString('base64').replaceAll('+', '-').replaceAll('/', '_').replace(/=+$/g, '')
+}
+
+function derivePublicKeyRaw(publicKeyPem: string): Buffer {
+  const spki = crypto.createPublicKey(publicKeyPem).export({ type: 'spki', format: 'der' })
+  if (spki.length === ED25519_SPKI_PREFIX.length + 32 && spki.subarray(0, ED25519_SPKI_PREFIX.length).equals(ED25519_SPKI_PREFIX)) {
+    return spki.subarray(ED25519_SPKI_PREFIX.length)
+  }
+  return spki
+}
+
+function fingerprintPublicKey(publicKeyPem: string): string {
+  return crypto.createHash('sha256').update(derivePublicKeyRaw(publicKeyPem)).digest('hex')
+}
+
+interface DeviceIdentity {
+  deviceId: string
+  publicKeyPem: string
+  privateKeyPem: string
+}
+
+function getIdentityPath(): string {
+  const dataDir = path.join(process.cwd(), 'data')
+  if (!fs.existsSync(dataDir)) fs.mkdirSync(dataDir, { recursive: true })
+  return path.join(dataDir, 'openclaw-device.json')
+}
+
+function loadOrCreateDeviceIdentity(): DeviceIdentity {
+  const filePath = getIdentityPath()
+  try {
+    if (fs.existsSync(filePath)) {
+      const parsed = JSON.parse(fs.readFileSync(filePath, 'utf8'))
+      if (parsed?.deviceId && parsed?.publicKeyPem && parsed?.privateKeyPem) {
+        return parsed
+      }
+    }
+  } catch {}
+
+  const { publicKey, privateKey } = crypto.generateKeyPairSync('ed25519')
+  const publicKeyPem = publicKey.export({ type: 'spki', format: 'pem' }) as string
+  const privateKeyPem = privateKey.export({ type: 'pkcs8', format: 'pem' }) as string
+  const identity: DeviceIdentity = {
+    deviceId: fingerprintPublicKey(publicKeyPem),
+    publicKeyPem,
+    privateKeyPem,
+  }
+  fs.writeFileSync(filePath, JSON.stringify({ version: 1, ...identity }, null, 2) + '\n', { mode: 0o600 })
+  return identity
+}
+
+/** Get the device ID that SwarmClaw would use for pairing. */
+export function getDeviceId(): string {
+  return loadOrCreateDeviceIdentity().deviceId
+}
+
+// --- Protocol helpers ---
+
+function normalizeWsUrl(raw: string): string {
+  let url = raw.replace(/\/+$/, '').replace(/\/v1$/i, '')
+  if (!/^(https?|wss?):\/\//i.test(url)) url = `http://${url}`
+  url = url.replace(/^ws:/i, 'http:').replace(/^wss:/i, 'https:')
+  return url.replace(/^http:/i, 'ws:').replace(/^https:/i, 'wss:')
+}
+
+/**
+ * Build connect params for the OpenClaw gateway protocol.
+ *
+ * The gateway allows operators with a valid token to skip device identity
+ * (roleCanSkipDeviceIdentity). When useDeviceAuth is true, includes an
+ * Ed25519-signed device identity for gateways that require device pairing.
+ */
+export function buildOpenClawConnectParams(
+  token: string | undefined,
+  nonce: string | undefined,
+  opts?: { useDeviceAuth?: boolean },
+) {
+  const clientId = 'gateway-client'
+  const clientMode = 'backend'
+  const platform = process.platform
+  const role = 'operator'
+  const scopes = ['operator.admin']
+
+  const params: Record<string, unknown> = {
+    minProtocol: 1,
+    maxProtocol: 3,
+    auth: token ? { token } : undefined,
+    client: {
+      id: clientId,
+      version: '1.0.0',
+      platform,
+      mode: clientMode,
+      instanceId: randomUUID(),
+    },
+    caps: [],
+    role,
+    scopes,
+  }
+
+  if (opts?.useDeviceAuth) {
+    const identity = loadOrCreateDeviceIdentity()
+    const signedAtMs = Date.now()
+
+    const payload = [
+      'v3', identity.deviceId, clientId, clientMode, role,
+      scopes.join(','), String(signedAtMs), token ?? '', nonce ?? '',
+      platform, '', // deviceFamily
+    ].join('|')
+    const signature = base64UrlEncode(
+      crypto.sign(null, Buffer.from(payload, 'utf8'), crypto.createPrivateKey(identity.privateKeyPem)),
+    )
+
+    params.device = {
+      id: identity.deviceId,
+      publicKey: base64UrlEncode(derivePublicKeyRaw(identity.publicKeyPem)),
+      signature,
+      signedAt: signedAtMs,
+      nonce: nonce ?? '',
+    }
+  }
+
+  return params
+}
+
+// --- Gateway connection ---
+
+interface ConnectResult {
+  ok: boolean
+  message: string
+  errorCode?: string
+  ws?: InstanceType<typeof WebSocket>
+}
+
+/**
+ * Open a WebSocket and complete the connect handshake.
+ * Resolves with { ok, ws } on success or { ok: false, message, errorCode } on failure.
+ */
+function wsConnect(
+  wsUrl: string,
+  token: string | undefined,
+  useDeviceAuth: boolean,
+  timeoutMs = 15_000,
+): Promise<ConnectResult> {
+  return new Promise((resolve) => {
+    let settled = false
+    const done = (result: ConnectResult) => {
+      if (settled) return
+      settled = true
+      clearTimeout(timer)
+      if (!result.ok) try { ws.close() } catch {}
+      resolve(result)
+    }
+
+    const timer = setTimeout(() => {
+      done({ ok: false, message: 'Connection timed out. Verify the gateway URL and network access.' })
+    }, timeoutMs)
+
+    const ws = new WebSocket(wsUrl)
+    let connectId: string | null = null
+
+    ws.on('message', (data) => {
+      try {
+        const msg = JSON.parse(data.toString())
+        if (msg.event === 'connect.challenge') {
+          connectId = randomUUID()
+          ws.send(JSON.stringify({
+            type: 'req',
+            id: connectId,
+            method: 'connect',
+            params: buildOpenClawConnectParams(token, msg.payload?.nonce, { useDeviceAuth }),
+          }))
+          return
+        }
+        if (msg.type === 'res' && msg.id === connectId) {
+          if (msg.ok) {
+            done({ ok: true, message: 'Connected.', ws })
+          } else {
+            done({
+              ok: false,
+              message: msg.error?.message || 'Gateway connect failed.',
+              errorCode: msg.error?.details?.code as string | undefined,
+            })
+          }
+        }
+      } catch {
+        done({ ok: false, message: 'Unexpected response from gateway.' })
+      }
+    })
+
+    ws.on('error', (err) => {
+      done({ ok: false, message: `Connection failed: ${err.message}` })
+    })
+
+    ws.on('close', (code, reason) => {
+      if (code === 1008) {
+        done({ ok: false, message: `Unauthorized: ${reason?.toString() || 'invalid token'}` })
+      } else {
+        done({ ok: false, message: `Connection closed unexpectedly (${code})` })
+      }
+    })
+  })
+}
+
+/**
+ * Connect to the gateway with device identity.
+ *
+ * Always includes Ed25519 device auth — the gateway may accept the initial
+ * connect handshake with token-only but still require device identity for
+ * agent operations. Sending device auth unconditionally avoids that mismatch.
+ */
+async function connectToGateway(
+  wsUrl: string,
+  token: string | undefined,
+  timeoutMs = 15_000,
+): Promise<ConnectResult> {
+  return wsConnect(wsUrl, token, true, timeoutMs)
+}
+
+// --- Provider ---
+
+export function streamOpenClawChat({ session, message, imagePath, write, active }: StreamChatOptions): Promise<string> {
+  let prompt = message
+  if (imagePath) {
+    prompt = `[The user has shared an image at: ${imagePath}]\n\n${message}`
+  }
+
+  const wsUrl = session.apiEndpoint ? normalizeWsUrl(session.apiEndpoint) : 'ws://127.0.0.1:18789'
+  const token = session.apiKey || undefined
+
+  return new Promise((resolve) => {
+    let fullResponse = ''
+    let settled = false
+
+    const finish = (errMsg?: string) => {
+      if (settled) return
+      settled = true
+      active.delete(session.id)
+      if (errMsg && !fullResponse.trim()) {
+        write(`data: ${JSON.stringify({ t: 'err', text: errMsg })}\n\n`)
+      }
+      resolve(fullResponse)
+    }
+
+    connectToGateway(wsUrl, token).then((result) => {
+      if (!result.ok || !result.ws) {
+        finish(result.message)
+        return
+      }
+
+      const ws = result.ws
+      const timeout = setTimeout(() => {
+        ws.close()
+        finish('OpenClaw gateway timed out after 120s.')
+      }, 120_000)
+
+      active.set(session.id, { kill: () => { ws.close(); clearTimeout(timeout); finish('Aborted.') } })
+
+      const agentReqId = randomUUID()
+      ws.send(JSON.stringify({
+        type: 'req',
+        id: agentReqId,
+        method: 'agent',
+        params: {
+          message: prompt,
+          agentId: 'main',
+          timeout: 120,
+          idempotencyKey: randomUUID(),
+        },
+      }))
+
+      ws.on('message', (data) => {
+        try {
+          const msg = JSON.parse(data.toString())
+          if (msg.type === 'res' && msg.id === agentReqId) {
+            if (!msg.ok) {
+              ws.close()
+              clearTimeout(timeout)
+              finish(msg.error?.message || 'Agent request failed.')
+              return
+            }
+            if (msg.payload?.status === 'accepted') return
+
+            const payloads = msg.payload?.result?.payloads ?? []
+            for (const p of payloads) {
+              const text = typeof p.text === 'string' ? p.text.trimEnd() : ''
+              if (text) {
+                fullResponse += text
+                write(`data: ${JSON.stringify({ t: 'd', text })}\n\n`)
+              }
+            }
+            if (!fullResponse && msg.payload?.summary) {
+              const text = String(msg.payload.summary)
+              fullResponse = text
+              write(`data: ${JSON.stringify({ t: 'd', text })}\n\n`)
+            }
+            ws.close()
+            clearTimeout(timeout)
+            finish()
+          }
+        } catch {}
+      })
+
+      ws.on('error', (err) => {
+        clearTimeout(timeout)
+        finish(`OpenClaw connection failed: ${err.message}`)
+      })
+
+      ws.on('close', (code, reason) => {
+        clearTimeout(timeout)
+        if (code === 1008) {
+          finish(`Unauthorized: ${reason?.toString() || 'invalid token'}`)
+        } else {
+          finish()
+        }
+      })
+    }).catch((err) => {
+      finish(`OpenClaw error: ${err?.message || 'unknown error'}`)
+    })
+  })
+}

package/src/lib/providers/opencode-cli.ts

@@ -0,0 +1,164 @@
+import fs from 'fs'
+import os from 'os'
+import path from 'path'
+import { spawn } from 'child_process'
+import type { StreamChatOptions } from './index'
+import { log } from '../server/logger'
+import { loadRuntimeSettings } from '../server/runtime-settings'
+
+function findOpencode(): string {
+  const locations = [
+    path.join(os.homedir(), '.local/bin/opencode'),
+    '/usr/local/bin/opencode',
+    '/opt/homebrew/bin/opencode',
+  ]
+  // Check nvm paths
+  const nvmDir = process.env.NVM_DIR || path.join(os.homedir(), '.nvm')
+  try {
+    const versions = fs.readdirSync(path.join(nvmDir, 'versions/node'))
+    for (const v of versions) {
+      locations.push(path.join(nvmDir, 'versions/node', v, 'bin/opencode'))
+    }
+  } catch { /* nvm not installed */ }
+  for (const loc of locations) {
+    if (fs.existsSync(loc)) {
+      log.info('opencode-cli', `Found opencode at: ${loc}`)
+      return loc
+    }
+  }
+  log.warn('opencode-cli', 'opencode binary not found in known locations, falling back to PATH')
+  return 'opencode'
+}
+
+const OPENCODE = findOpencode()
+
+function extractSessionId(raw: unknown): string | null {
+  if (!raw) return null
+  const text = String(raw).trim()
+  return text ? text : null
+}
+
+/**
+ * OpenCode CLI provider — spawns `opencode run <message> --format json` for non-interactive usage.
+ * Tracks `session.opencodeSessionId` from streamed JSON events to support multi-turn continuity.
+ */
+export function streamOpenCodeCliChat({ session, message, imagePath, systemPrompt, write, active }: StreamChatOptions): Promise<string> {
+  const processTimeoutMs = loadRuntimeSettings().cliProcessTimeoutMs
+  const cwd = session.cwd || process.cwd()
+  const promptParts: string[] = []
+  if (systemPrompt && !session.opencodeSessionId) {
+    promptParts.push(`[System instructions]\n${systemPrompt}`)
+  }
+  promptParts.push(message)
+  const prompt = promptParts.join('\n\n')
+
+  const env: NodeJS.ProcessEnv = {
+    ...process.env,
+    TERM: 'dumb',
+    NO_COLOR: '1',
+  }
+  // Set model via env if specified
+  if (session.model) {
+    env.OPENCODE_MODEL = session.model
+  }
+
+  const args = ['run', prompt, '--format', 'json']
+  if (session.opencodeSessionId) args.push('--session', session.opencodeSessionId)
+  if (session.model) args.push('--model', session.model)
+  if (imagePath) args.push('--file', imagePath)
+
+  log.info('opencode-cli', `Spawning: ${OPENCODE}`, {
+    args: args.map((a, i) => {
+      if (i === 1) return `(${prompt.length} chars)`
+      if (a.length > 120) return `${a.slice(0, 120)}...`
+      return a
+    }),
+    cwd,
+    hasSystemPrompt: !!systemPrompt,
+    hasImage: !!imagePath,
+    resumeSessionId: session.opencodeSessionId || null,
+  })
+
+  const proc = spawn(OPENCODE, args, {
+    cwd,
+    env,
+    stdio: ['pipe', 'pipe', 'pipe'],
+    timeout: processTimeoutMs,
+  })
+
+  log.info('opencode-cli', `Process spawned: pid=${proc.pid}`)
+  active.set(session.id, proc)
+
+  let fullResponse = ''
+  let stderrText = ''
+  let stdoutBuf = ''
+  let eventCount = 0
+  const eventErrors: string[] = []
+
+  proc.stdout!.on('data', (chunk: Buffer) => {
+    const text = chunk.toString()
+    stdoutBuf += text
+    const lines = stdoutBuf.split('\n')
+    stdoutBuf = lines.pop() || ''
+
+    for (const line of lines) {
+      const trimmed = line.trim()
+      if (!trimmed) continue
+      try {
+        const ev = JSON.parse(trimmed) as any
+        eventCount += 1
+        const discoveredSessionId = extractSessionId(ev?.sessionID ?? ev?.sessionId)
+        if (discoveredSessionId) session.opencodeSessionId = discoveredSessionId
+
+        if (ev?.type === 'text' && typeof ev?.part?.text === 'string') {
+          fullResponse += ev.part.text
+          write(`data: ${JSON.stringify({ t: 'd', text: ev.part.text })}\n\n`)
+          continue
+        }
+
+        if (ev?.type === 'error') {
+          const msg = typeof ev?.error === 'string'
+            ? ev.error
+            : typeof ev?.message === 'string'
+              ? ev.message
+              : 'Unknown OpenCode event error'
+          eventErrors.push(msg)
+          write(`data: ${JSON.stringify({ t: 'err', text: msg })}\n\n`)
+          continue
+        }
+      } catch {
+        // Raw fallback line from the CLI.
+        fullResponse += `${line}\n`
+        write(`data: ${JSON.stringify({ t: 'd', text: `${line}\n` })}\n\n`)
+      }
+    }
+  })
+
+  proc.stderr!.on('data', (chunk: Buffer) => {
+    const text = chunk.toString()
+    stderrText += text
+    if (stderrText.length > 16_000) stderrText = stderrText.slice(-16_000)
+    log.warn('opencode-cli', `stderr [${session.id}]`, text.slice(0, 500))
+  })
+
+  return new Promise((resolve) => {
+    proc.on('close', (code, signal) => {
+      log.info('opencode-cli', `Process closed: code=${code} signal=${signal} events=${eventCount} response=${fullResponse.length}chars`)
+      active.delete(session.id)
+      if ((code ?? 0) !== 0 && !fullResponse.trim() && eventErrors.length === 0) {
+        const msg = stderrText.trim()
+          ? `OpenCode CLI exited with code ${code ?? 'unknown'}${signal ? ` (${signal})` : ''}: ${stderrText.trim().slice(0, 1200)}`
+          : `OpenCode CLI exited with code ${code ?? 'unknown'}${signal ? ` (${signal})` : ''} and returned no output.`
+        write(`data: ${JSON.stringify({ t: 'err', text: msg })}\n\n`)
+      }
+      resolve(fullResponse.trim())
+    })
+
+    proc.on('error', (e) => {
+      log.error('opencode-cli', `Process error: ${e.message}`)
+      active.delete(session.id)
+      write(`data: ${JSON.stringify({ t: 'err', text: e.message })}\n\n`)
+      resolve(fullResponse)
+    })
+  })
+}

package/src/lib/runtime-loop.ts

@@ -0,0 +1,15 @@
+import type { LoopMode } from '@/types'
+
+export const DEFAULT_LOOP_MODE: LoopMode = 'bounded'
+
+// Loop limits
+export const DEFAULT_AGENT_LOOP_RECURSION_LIMIT = 15
+export const DEFAULT_ORCHESTRATOR_LOOP_RECURSION_LIMIT = 25
+export const DEFAULT_LEGACY_ORCHESTRATOR_MAX_TURNS = 10
+export const DEFAULT_ONGOING_LOOP_MAX_ITERATIONS = 250
+export const DEFAULT_ONGOING_LOOP_MAX_RUNTIME_MINUTES = 60
+
+// Tool/process timeouts
+export const DEFAULT_SHELL_COMMAND_TIMEOUT_SEC = 30
+export const DEFAULT_CLAUDE_CODE_TIMEOUT_SEC = 120
+export const DEFAULT_CLI_PROCESS_TIMEOUT_SEC = 300

package/src/lib/schedule-dedupe.test.ts

@@ -0,0 +1,84 @@
+import assert from 'node:assert/strict'
+import { test } from 'node:test'
+import { findDuplicateSchedule, getScheduleSignatureKey, type ScheduleLike } from './schedule-dedupe.ts'
+
+test('findDuplicateSchedule matches active interval schedules with normalized prompts', () => {
+  const schedules: Record<string, ScheduleLike> = {
+    a1: {
+      id: 'a1',
+      agentId: 'assistant',
+      taskPrompt: 'Take   a screenshot of Wikipedia homepage',
+      scheduleType: 'interval',
+      intervalMs: 60_000,
+      status: 'active',
+      createdAt: 1,
+    },
+  }
+
+  const duplicate = findDuplicateSchedule(schedules, {
+    agentId: 'assistant',
+    taskPrompt: 'take a screenshot of wikipedia homepage',
+    scheduleType: 'interval',
+    intervalMs: 60_000,
+  })
+
+  assert.ok(duplicate)
+  assert.equal(duplicate?.id, 'a1')
+})
+
+test('findDuplicateSchedule ignores completed/failed schedules by default', () => {
+  const schedules: Record<string, ScheduleLike> = {
+    done1: {
+      id: 'done1',
+      agentId: 'assistant',
+      taskPrompt: 'Run report',
+      scheduleType: 'interval',
+      intervalMs: 300_000,
+      status: 'completed',
+      createdAt: 1,
+    },
+    fail1: {
+      id: 'fail1',
+      agentId: 'assistant',
+      taskPrompt: 'Run report',
+      scheduleType: 'interval',
+      intervalMs: 300_000,
+      status: 'failed',
+      createdAt: 2,
+    },
+  }
+
+  const duplicate = findDuplicateSchedule(schedules, {
+    agentId: 'assistant',
+    taskPrompt: 'run report',
+    scheduleType: 'interval',
+    intervalMs: 300_000,
+  })
+
+  assert.equal(duplicate, null)
+})
+
+test('getScheduleSignatureKey is stable for equivalent schedules', () => {
+  const keyA = getScheduleSignatureKey({
+    agentId: 'assistant',
+    taskPrompt: '  Check  status ',
+    scheduleType: 'cron',
+    cron: '*/5 * * * *',
+  })
+  const keyB = getScheduleSignatureKey({
+    agentId: 'assistant',
+    taskPrompt: 'check status',
+    scheduleType: 'cron',
+    cron: '*/5 * * * *',
+  })
+  const keyC = getScheduleSignatureKey({
+    agentId: 'assistant',
+    taskPrompt: 'check status',
+    scheduleType: 'cron',
+    cron: '*/10 * * * *',
+  })
+
+  assert.ok(keyA)
+  assert.equal(keyA, keyB)
+  assert.notEqual(keyA, keyC)
+})