@swarmclawai/swarmclaw 0.4.0 → 0.5.0

package/src/lib/server/openclaw-approvals.ts

@@ -0,0 +1,105 @@
+import fs from 'node:fs'
+import path from 'node:path'
+import net from 'node:net'
+import { resolveOpenClawWorkspace } from './openclaw-sync'
+
+const APPROVAL_TIMEOUT_MS = 30_000
+
+interface ApprovalRequest {
+  toolName: string
+  args: Record<string, unknown>
+  socketPath?: string
+}
+
+interface ApprovalResponse {
+  approved: boolean
+  reason?: string
+}
+
+function resolveSocketPath(): string | null {
+  try {
+    const workspace = resolveOpenClawWorkspace()
+    const socketPath = path.join(workspace, 'exec-approvals.sock')
+    if (fs.existsSync(socketPath)) return socketPath
+  } catch { /* workspace not found */ }
+  return null
+}
+
+function resolveApprovalToken(): string | null {
+  try {
+    const workspace = resolveOpenClawWorkspace()
+    const tokenPath = path.join(workspace, 'exec-approvals.json')
+    if (!fs.existsSync(tokenPath)) return null
+    const raw = JSON.parse(fs.readFileSync(tokenPath, 'utf8'))
+    return typeof raw?.token === 'string' ? raw.token : null
+  } catch {
+    return null
+  }
+}
+
+/**
+ * Forward a tool approval request to OpenClaw's exec-approvals Unix socket.
+ * Returns the approval decision, or null if the socket is unavailable.
+ */
+export async function forwardApprovalToOpenClaw(request: ApprovalRequest): Promise<ApprovalResponse | null> {
+  const socketPath = request.socketPath || resolveSocketPath()
+  if (!socketPath) return null
+
+  const token = resolveApprovalToken()
+
+  return new Promise<ApprovalResponse | null>((resolve) => {
+    const socket = net.createConnection({ path: socketPath }, () => {
+      const payload = JSON.stringify({
+        type: 'approval_request',
+        toolName: request.toolName,
+        args: request.args,
+        token,
+        timestamp: Date.now(),
+      })
+      socket.write(payload + '\n')
+    })
+
+    let data = ''
+    const timer = setTimeout(() => {
+      socket.destroy()
+      resolve(null) // Timeout — fall through to SwarmClaw UI
+    }, APPROVAL_TIMEOUT_MS)
+
+    socket.on('data', (chunk) => {
+      data += chunk.toString()
+      // Try to parse complete JSON response
+      try {
+        const response = JSON.parse(data.trim())
+        clearTimeout(timer)
+        socket.destroy()
+        resolve({
+          approved: response.approved === true,
+          reason: typeof response.reason === 'string' ? response.reason : undefined,
+        })
+      } catch {
+        // Incomplete data, wait for more
+      }
+    })
+
+    socket.on('error', () => {
+      clearTimeout(timer)
+      resolve(null) // Socket error — fall through
+    })
+
+    socket.on('close', () => {
+      clearTimeout(timer)
+      // If we haven't resolved yet, try to parse what we have
+      if (data.trim()) {
+        try {
+          const response = JSON.parse(data.trim())
+          resolve({
+            approved: response.approved === true,
+            reason: typeof response.reason === 'string' ? response.reason : undefined,
+          })
+          return
+        } catch { /* fall through */ }
+      }
+      resolve(null)
+    })
+  })
+}

package/src/lib/server/openclaw-config-sync.ts

@@ -0,0 +1,107 @@
+import { ensureGatewayConnected } from './openclaw-gateway'
+
+export interface ConfigIssue {
+  id: string
+  severity: 'warning' | 'error'
+  title: string
+  description: string
+  repairAction?: string
+}
+
+/** Fetch gateway config and detect common issues */
+export async function detectConfigIssues(): Promise<ConfigIssue[]> {
+  const gw = await ensureGatewayConnected()
+  if (!gw) return [{ id: 'no-connection', severity: 'error', title: 'Not Connected', description: 'Gateway is not connected.' }]
+
+  let config: Record<string, unknown>
+  try {
+    config = (await gw.rpc('config.get')) as Record<string, unknown> ?? {}
+  } catch {
+    return [{ id: 'config-fetch-failed', severity: 'error', title: 'Config Fetch Failed', description: 'Could not retrieve gateway configuration.' }]
+  }
+
+  const issues: ConfigIssue[] = []
+
+  // Check sandbox env allowlist
+  const agentsDefaults = config.agents as Record<string, unknown> | undefined
+  const sandbox = (agentsDefaults?.defaults as Record<string, unknown>)?.sandbox as Record<string, unknown> | undefined
+  const docker = sandbox?.docker as Record<string, unknown> | undefined
+  const envArr = docker?.env as string[] | undefined
+  if (!envArr || envArr.length === 0) {
+    issues.push({
+      id: 'empty-sandbox-env',
+      severity: 'warning',
+      title: 'Empty Sandbox Env',
+      description: 'No environment variables are allowed in the sandbox. Agents may lack API access.',
+      repairAction: 'sandbox-env-defaults',
+    })
+  }
+
+  // Check model defaults
+  const models = config.models as Record<string, unknown> | undefined
+  const defaultModel = models?.default as string | undefined
+  if (!defaultModel) {
+    issues.push({
+      id: 'no-default-model',
+      severity: 'warning',
+      title: 'No Default Model',
+      description: 'No default model is configured. Agents will need explicit model assignment.',
+      repairAction: 'set-default-model',
+    })
+  }
+
+  // Check reload mode
+  const reloadMode = config.reloadMode as string | undefined
+  if (reloadMode === 'full') {
+    issues.push({
+      id: 'full-reload-mode',
+      severity: 'warning',
+      title: 'Full Reload Mode',
+      description: 'Gateway is in full reload mode. This restarts all agents on config change, which may disrupt running sessions.',
+    })
+  }
+
+  return issues
+}
+
+/** Attempt to repair a specific config issue with hash-based retry */
+export async function repairConfigIssue(issueId: string): Promise<{ ok: boolean; error?: string }> {
+  const gw = await ensureGatewayConnected()
+  if (!gw) return { ok: false, error: 'Gateway not connected' }
+
+  const MAX_RETRIES = 3
+  for (let attempt = 0; attempt < MAX_RETRIES; attempt++) {
+    try {
+      const config = (await gw.rpc('config.get')) as Record<string, unknown> & { _hash?: string } ?? {}
+      const baseHash = config._hash as string | undefined
+
+      switch (issueId) {
+        case 'sandbox-env-defaults': {
+          // Set common env vars as defaults
+          const defaultEnvVars = ['${OPENAI_API_KEY}', '${ANTHROPIC_API_KEY}']
+          await gw.rpc('config.set', {
+            path: 'agents.defaults.sandbox.docker.env',
+            value: defaultEnvVars,
+            ...(baseHash ? { baseHash } : {}),
+          })
+          return { ok: true }
+        }
+        case 'set-default-model': {
+          await gw.rpc('config.set', {
+            path: 'models.default',
+            value: 'claude-sonnet-4-20250514',
+            ...(baseHash ? { baseHash } : {}),
+          })
+          return { ok: true }
+        }
+        default:
+          return { ok: false, error: `Unknown issue: ${issueId}` }
+      }
+    } catch (err: unknown) {
+      const msg = err instanceof Error ? err.message : String(err)
+      if (msg.includes('conflict') && attempt < MAX_RETRIES - 1) continue
+      return { ok: false, error: msg }
+    }
+  }
+  return { ok: false, error: 'Max retries exceeded' }
+}

package/src/lib/server/openclaw-exec-config.ts

@@ -0,0 +1,52 @@
+import type { ExecApprovalConfig, ExecApprovalSnapshot } from '@/types'
+import { ensureGatewayConnected } from './openclaw-gateway'
+
+const DEFAULT_CONFIG: ExecApprovalConfig = {
+  security: 'deny',
+  askMode: 'off',
+  patterns: [],
+}
+
+/** Fetch exec approval config from gateway for a given agent */
+export async function getExecConfig(agentId: string): Promise<ExecApprovalSnapshot> {
+  const gw = await ensureGatewayConnected()
+  if (!gw) throw new Error('Gateway not connected')
+
+  const result = await gw.rpc('exec.approvals.get', { agentId }) as ExecApprovalSnapshot | undefined
+  if (!result) {
+    return { path: '', exists: false, hash: '', file: { ...DEFAULT_CONFIG } }
+  }
+  return result
+}
+
+/** Save exec approval config with hash-based conflict retry (up to 3 attempts) */
+export async function setExecConfig(
+  agentId: string,
+  config: ExecApprovalConfig,
+  baseHash: string,
+): Promise<{ ok: boolean; hash: string }> {
+  const gw = await ensureGatewayConnected()
+  if (!gw) throw new Error('Gateway not connected')
+
+  let currentHash = baseHash
+  for (let attempt = 0; attempt < 3; attempt++) {
+    try {
+      const result = await gw.rpc('exec.approvals.set', {
+        agentId,
+        file: config,
+        baseHash: currentHash,
+      }) as { hash?: string } | undefined
+      return { ok: true, hash: result?.hash ?? '' }
+    } catch (err: unknown) {
+      const msg = err instanceof Error ? err.message : String(err)
+      if (msg.includes('conflict') && attempt < 2) {
+        // Re-fetch to get fresh hash
+        const fresh = await getExecConfig(agentId)
+        currentHash = fresh.hash
+        continue
+      }
+      throw err
+    }
+  }
+  throw new Error('Failed after 3 conflict retries')
+}

package/src/lib/server/openclaw-gateway.ts

@@ -0,0 +1,291 @@
+import { WebSocket } from 'ws'
+import { randomUUID } from 'crypto'
+import { wsConnect, buildOpenClawConnectParams } from '../providers/openclaw'
+import { loadAgents, loadCredentials, decryptKey } from './storage'
+import { notify, notifyWithPayload } from './ws-hub'
+
+// --- Types ---
+
+interface PendingRpc {
+  resolve: (value: unknown) => void
+  reject: (err: Error) => void
+  timer: ReturnType<typeof setTimeout>
+}
+
+type EventHandler = (payload: unknown) => void
+
+// --- Singleton (HMR-safe) ---
+
+const GK = '__swarmclaw_ocgateway__' as const
+
+interface GatewayState {
+  instance: OpenClawGateway | null
+}
+
+function getState(): GatewayState {
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  const g = globalThis as any
+  if (!g[GK]) g[GK] = { instance: null }
+  return g[GK] as GatewayState
+}
+
+// --- Helper: resolve gateway config from first OpenClaw agent ---
+
+interface GatewayConfig {
+  wsUrl: string
+  token: string | undefined
+}
+
+function normalizeWsUrl(raw: string): string {
+  let url = raw.replace(/\/+$/, '')
+  if (!/^(https?|wss?):\/\//i.test(url)) url = `http://${url}`
+  url = url.replace(/^ws:/i, 'http:').replace(/^wss:/i, 'https:')
+  return url.replace(/^http:/i, 'ws:').replace(/^https:/i, 'wss:')
+}
+
+export function resolveGatewayConfig(): GatewayConfig | null {
+  const agents = loadAgents({ includeTrashed: true })
+  const creds = loadCredentials()
+  for (const agent of Object.values(agents)) {
+    if (agent?.provider !== 'openclaw') continue
+    const wsUrl = agent.apiEndpoint
+      ? normalizeWsUrl(agent.apiEndpoint)
+      : 'ws://127.0.0.1:18789'
+    let token: string | undefined
+    if (agent.credentialId) {
+      const cred = creds[agent.credentialId]
+      if (cred?.encryptedKey) {
+        try { token = decryptKey(cred.encryptedKey) } catch { /* ignore */ }
+      }
+    }
+    return { wsUrl, token }
+  }
+  return null
+}
+
+export function hasOpenClawAgents(): boolean {
+  const agents = loadAgents({ includeTrashed: true })
+  return Object.values(agents).some((a) => a?.provider === 'openclaw' && !a.trashedAt)
+}
+
+// --- Gateway Client ---
+
+export class OpenClawGateway {
+  private ws: WebSocket | null = null
+  private pending = new Map<string, PendingRpc>()
+  private eventListeners = new Map<string, Set<EventHandler>>()
+  private _connected = false
+  private reconnectTimer: ReturnType<typeof setTimeout> | null = null
+  private reconnectDelay = 800
+  private shouldReconnect = false
+  private wsUrl = ''
+  private token: string | undefined
+
+  get connected(): boolean { return this._connected }
+
+  async connect(wsUrl: string, token: string | undefined): Promise<boolean> {
+    this.wsUrl = wsUrl
+    this.token = token
+    this.shouldReconnect = true
+    return this.doConnect()
+  }
+
+  private async doConnect(): Promise<boolean> {
+    if (this._connected && this.ws?.readyState === WebSocket.OPEN) return true
+
+    try {
+      const result = await wsConnect(this.wsUrl, this.token, true, 15_000)
+      if (!result.ok || !result.ws) {
+        console.error('[openclaw-gateway] Connect failed:', result.message)
+        this.scheduleReconnect()
+        return false
+      }
+
+      this.ws = result.ws
+      this._connected = true
+      this.reconnectDelay = 800
+      console.log('[openclaw-gateway] Connected to gateway')
+
+      this.ws.on('message', (data) => {
+        try {
+          const msg = JSON.parse(data.toString())
+          this.handleMessage(msg)
+        } catch { /* ignore malformed */ }
+      })
+
+      this.ws.on('close', () => {
+        this._connected = false
+        this.ws = null
+        this.rejectAllPending('Gateway connection closed')
+        if (this.shouldReconnect) this.scheduleReconnect()
+      })
+
+      this.ws.on('error', () => {
+        // onclose fires after this
+      })
+
+      return true
+    } catch (err: unknown) {
+      console.error('[openclaw-gateway] Connect error:', err instanceof Error ? err.message : String(err))
+      this.scheduleReconnect()
+      return false
+    }
+  }
+
+  disconnect() {
+    this.shouldReconnect = false
+    if (this.reconnectTimer) {
+      clearTimeout(this.reconnectTimer)
+      this.reconnectTimer = null
+    }
+    this.rejectAllPending('Disconnecting')
+    if (this.ws) {
+      try { this.ws.close() } catch { /* ignore */ }
+      this.ws = null
+    }
+    this._connected = false
+    console.log('[openclaw-gateway] Disconnected')
+  }
+
+  private scheduleReconnect() {
+    if (this.reconnectTimer || !this.shouldReconnect) return
+    this.reconnectTimer = setTimeout(() => {
+      this.reconnectTimer = null
+      if (!this.shouldReconnect) return
+      this.doConnect().catch(() => {})
+    }, this.reconnectDelay)
+    this.reconnectDelay = Math.min(this.reconnectDelay * 2, 15_000)
+  }
+
+  private rejectAllPending(reason: string) {
+    for (const [id, p] of this.pending) {
+      clearTimeout(p.timer)
+      p.reject(new Error(reason))
+    }
+    this.pending.clear()
+  }
+
+  // --- RPC ---
+
+  rpc(method: string, params?: unknown, timeoutMs = 30_000): Promise<unknown> {
+    return new Promise((resolve, reject) => {
+      if (!this.ws || this.ws.readyState !== WebSocket.OPEN) {
+        return reject(new Error('Gateway not connected'))
+      }
+      const id = randomUUID()
+      const timer = setTimeout(() => {
+        this.pending.delete(id)
+        reject(new Error(`RPC ${method} timed out`))
+      }, timeoutMs)
+
+      this.pending.set(id, { resolve, reject, timer })
+      this.ws.send(JSON.stringify({ type: 'req', id, method, params }))
+    })
+  }
+
+  // --- Events ---
+
+  on(event: string, handler: EventHandler) {
+    let set = this.eventListeners.get(event)
+    if (!set) {
+      set = new Set()
+      this.eventListeners.set(event, set)
+    }
+    set.add(handler)
+  }
+
+  off(event: string, handler: EventHandler) {
+    const set = this.eventListeners.get(event)
+    if (!set) return
+    set.delete(handler)
+    if (set.size === 0) this.eventListeners.delete(event)
+  }
+
+  private handleMessage(msg: Record<string, unknown>) {
+    // RPC response
+    if (msg.type === 'res' && typeof msg.id === 'string') {
+      const p = this.pending.get(msg.id)
+      if (p) {
+        this.pending.delete(msg.id)
+        clearTimeout(p.timer)
+        if (msg.ok) {
+          p.resolve(msg.payload)
+        } else {
+          const errMsg = (msg.error as Record<string, unknown>)?.message
+          p.reject(new Error(typeof errMsg === 'string' ? errMsg : 'RPC failed'))
+        }
+      }
+      return
+    }
+
+    // Event dispatch
+    if (msg.type === 'event' || msg.event) {
+      const eventName = (msg.event || msg.type) as string
+      const payload = msg.payload ?? msg.data ?? msg
+
+      // Dispatch to registered listeners
+      const handlers = this.eventListeners.get(eventName)
+      if (handlers) {
+        for (const h of handlers) {
+          try { h(payload) } catch { /* ignore handler errors */ }
+        }
+      }
+
+      // Push to browser clients via ws-hub
+      if (eventName.startsWith('exec.approval')) {
+        notifyWithPayload('openclaw:approvals', { event: eventName, payload })
+      } else if (eventName.startsWith('agent')) {
+        notify('openclaw:agents')
+      } else if (eventName.startsWith('skill')) {
+        notify('openclaw:skills')
+      }
+    }
+  }
+}
+
+// --- Singleton access ---
+
+export function getGateway(): OpenClawGateway | null {
+  return getState().instance
+}
+
+export async function ensureGatewayConnected(): Promise<OpenClawGateway | null> {
+  const state = getState()
+  if (state.instance?.connected) return state.instance
+
+  const config = resolveGatewayConfig()
+  if (!config) return null
+
+  if (!state.instance) {
+    state.instance = new OpenClawGateway()
+  }
+
+  const ok = await state.instance.connect(config.wsUrl, config.token)
+  return ok ? state.instance : null
+}
+
+export function disconnectGateway() {
+  const state = getState()
+  if (state.instance) {
+    state.instance.disconnect()
+    state.instance = null
+  }
+}
+
+/** Manual connect with explicit URL/token (used by gateway connection panel) */
+export async function manualConnect(url?: string, token?: string): Promise<boolean> {
+  const state = getState()
+  if (state.instance?.connected) {
+    state.instance.disconnect()
+  }
+
+  const config = resolveGatewayConfig()
+  const wsUrl = url ? normalizeWsUrl(url) : config?.wsUrl ?? 'ws://127.0.0.1:18789'
+  const resolvedToken = token ?? config?.token
+
+  if (!state.instance) {
+    state.instance = new OpenClawGateway()
+  }
+
+  return state.instance.connect(wsUrl, resolvedToken)
+}

package/src/lib/server/openclaw-history-merge.ts

@@ -0,0 +1,36 @@
+import type { Message, GatewaySessionPreview } from '@/types'
+
+/** Merge gateway history messages into local messages, deduplicating by timestamp */
+export function mergeHistoryMessages(
+  localMessages: Message[],
+  preview: GatewaySessionPreview,
+): Message[] {
+  const localTimestamps = new Set(localMessages.map((m) => m.time))
+
+  const newMessages: Message[] = []
+  for (const gm of preview.messages) {
+    // Skip if we already have a message at this timestamp
+    if (localTimestamps.has(gm.ts)) continue
+
+    const role = gm.role === 'user' ? 'user' as const : 'assistant' as const
+    newMessages.push({
+      role,
+      text: gm.content,
+      time: gm.ts,
+      kind: 'chat',
+    })
+  }
+
+  if (newMessages.length === 0) return localMessages
+
+  // Merge and sort by timestamp
+  const merged = [...localMessages, ...newMessages]
+  merged.sort((a, b) => a.time - b.time)
+
+  return merged
+}
+
+/** Validate a session key matches expected format */
+export function isValidSessionKey(key: string): boolean {
+  return typeof key === 'string' && key.length > 0 && key.length < 256
+}

package/src/lib/server/openclaw-models.ts

@@ -0,0 +1,56 @@
+import { ensureGatewayConnected } from './openclaw-gateway'
+
+interface ModelPolicy {
+  defaultModel?: string
+  allowedModels?: string[]
+  fetchedAt: number
+}
+
+let cachedPolicy: ModelPolicy | null = null
+const CACHE_TTL = 60_000 // 60 seconds
+
+export async function fetchGatewayModelPolicy(): Promise<ModelPolicy | null> {
+  if (cachedPolicy && Date.now() - cachedPolicy.fetchedAt < CACHE_TTL) {
+    return cachedPolicy
+  }
+
+  const gw = await ensureGatewayConnected()
+  if (!gw) return cachedPolicy ?? null
+
+  try {
+    const result = await gw.rpc('config.get') as Record<string, unknown> | undefined
+    if (!result) return null
+
+    const agentDefaults = (result.agents as Record<string, unknown>)?.defaults as Record<string, unknown> | undefined
+    const defaultModel = typeof agentDefaults?.model === 'string' ? agentDefaults.model : undefined
+    const rawModels = agentDefaults?.models
+
+    let allowedModels: string[] | undefined
+    if (Array.isArray(rawModels)) {
+      allowedModels = rawModels.filter((m): m is string => typeof m === 'string')
+    }
+
+    cachedPolicy = {
+      defaultModel,
+      allowedModels,
+      fetchedAt: Date.now(),
+    }
+    return cachedPolicy
+  } catch {
+    return cachedPolicy ?? null
+  }
+}
+
+export function buildAllowedModelKeys(policy: ModelPolicy | null): string[] | null {
+  if (!policy) return null
+  const models = new Set<string>()
+  if (policy.defaultModel) models.add(policy.defaultModel)
+  if (policy.allowedModels) {
+    for (const m of policy.allowedModels) models.add(m)
+  }
+  return models.size > 0 ? Array.from(models) : null
+}
+
+export function invalidateModelPolicyCache() {
+  cachedPolicy = null
+}