@syengup/friday-channel-next 0.0.35 → 0.0.38

package/src/http/handlers/device-approve.ts

@@ -4,8 +4,6 @@ import { readJsonBody } from "../middleware/body.js";
 import { extractBearerToken } from "../middleware/auth.js";
 import { createFridayNextLogger } from "../../logging.js";
 
-// macOS LaunchAgent strips Homebrew from PATH; prepend common prefixes so
-// the child process can find openclaw. Windows doesn't need this.
 const EXEC_ENV = process.platform === "win32"
   ? process.env
   : { ...process.env, PATH: `/opt/homebrew/bin:/usr/local/bin:/home/linuxbrew/.linuxbrew/bin:${process.env.PATH ?? ""}` };

package/src/http/handlers/files-download.ts

@@ -8,6 +8,7 @@
  */
 
 import type { IncomingMessage, ServerResponse } from "node:http";
+import { createFridayNextLogger } from "../../logging.js";
 import { extractBearerToken } from "../middleware/auth.js";
 import {
   getExternalFileSourceByUrlToken,
@@ -20,6 +21,8 @@ import path from "node:path";
 import fs from "node:fs";
 import os from "node:os";
 
+const logger = createFridayNextLogger("files-download");
+
 const MIME_FROM_EXT: Record<string, string> = {
   png: "image/png",
   jpg: "image/jpeg",
@@ -232,7 +235,7 @@ export async function handleFilesDownload(
     sendError(res, 404, "File not found");
     return true;
   } catch (err) {
-    console.error(`[Friday-FILES] GET download failed: ${String(err)}`);
+    logger.error(`GET download failed: ${String(err)}`);
     sendError(res, 500, "Internal Server Error");
     return true;
   }

package/src/http/handlers/files.ts

@@ -8,6 +8,7 @@
 import crypto from "node:crypto";
 import fs from "node:fs";
 import os from "node:os";
+import { createFridayNextLogger } from "../../logging.js";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
 
@@ -42,6 +43,8 @@ const fileIndex = new Map<string, StoredFile>();
 const fileTokenIndex = new Map<string, StoredFile>();
 const externalFileSourceIndex = new Map<string, string>();
 
+const logger = createFridayNextLogger("files");
+
 function registerStoredFile(file: StoredFile): void {
   fileIndex.set(file.id, file);
   fileIndex.set(file.urlToken, file);
@@ -115,7 +118,7 @@ function copyLocalFileToAttachments(sourcePath: string): StoredFile | null {
       // Fallback to read+write so attachment persistence still works.
       const raw = fs.readFileSync(resolvedPath);
       fs.writeFileSync(storedPath, raw);
-      console.error(`[files] copyLocalFileToAttachments copy fallback used for "${resolvedPath}": ${String(copyErr)}`);
+      logger.warn(`copyLocalFileToAttachments copy fallback used for "${resolvedPath}": ${String(copyErr)}`);
     }
     const stat = fs.statSync(storedPath);
     const mimeType = guessMimeType(filename);
@@ -131,7 +134,7 @@ function copyLocalFileToAttachments(sourcePath: string): StoredFile | null {
     registerStoredFile(file);
     return file;
   } catch (err) {
-    console.error(`[files] copyLocalFileToAttachments failed for "${resolvedPath}": ${String(err)}`);
+    logger.error(`copyLocalFileToAttachments failed for "${resolvedPath}": ${String(err)}`);
     return null;
   }
 }
@@ -238,10 +241,10 @@ export function resolveMediaUrl(localPath: string): string {
 
   const stored = copyLocalFileToAttachments(localPath);
   if (!stored) {
-    console.error(`[files] resolveMediaUrl: file not found or unreadable: ${localPath}`);
+    logger.error(`resolveMediaUrl: file not found or unreadable: ${localPath}`);
     return localPath;
   }
-  console.log(`[files] resolveMediaUrl: copied "${stored.filename}" → ${stored.urlToken}`);
+  logger.info(`resolveMediaUrl: copied "${stored.filename}" → ${stored.urlToken}`);
   return `/friday-next/files/${encodeURIComponent(stored.urlToken)}`;
 }
 

package/src/http/handlers/messages.ts

@@ -27,7 +27,8 @@ export type FridayReplyPayload = {
 import { resolveFridayNextConfig } from "../../config.js";
 import { getHostOpenClawConfigSnapshot } from "../../host-config.js";
 import { getFridayNextRuntime } from "../../runtime.js";
-import { ensureSessionLevels, toSessionStoreKey } from "../../session/session-manager.js";
+import { getFridayAgentForwardRuntime } from "../../agent-forward-runtime.js";
+import { setSessionSettings, splitModelRef, toSessionStoreKey } from "../../session/session-manager.js";
 import { sseEmitter } from "../../sse/emitter.js";
 import { extractBearerToken } from "../middleware/auth.js";
 import { readJsonBody } from "../middleware/body.js";
@@ -51,12 +52,14 @@ import {
   registerRunRoute,
   setRunMetadata,
 } from "../../run-metadata.js";
+import { createFridayNextLogger } from "../../logging.js";
+
+const logger = createFridayNextLogger("messages");
 
 const log = (action: string, deviceId: string, runId?: string, detail?: string) => {
-  const ts = new Date().toISOString();
   const runPart = runId ? ` runId=${runId}` : "";
   const detailPart = detail ? ` detail=${detail}` : "";
-  console.error(`[Friday-MSG] [${ts}] [${action}] deviceId=${deviceId}${runPart}${detailPart}`);
+  logger.info(`[${action}] deviceId=${deviceId}${runPart}${detailPart}`);
 };
 
 function collectReplyPayloadMediaUrls(pl: { mediaUrls?: string[]; mediaUrl?: string | null }): string[] {
@@ -317,6 +320,9 @@ export interface FridayMessagePayload {
   text: string;
   sessionKey: string;
   attachments?: string[];
+  modelRef?: string;
+  reasoningLevel?: string;
+  thinkingLevel?: string;
 }
 
 async function buildBodyForAgentWithAttachments(text: string, attachmentIds: string[]): Promise<string> {
@@ -413,7 +419,51 @@ export async function handleMessages(req: IncomingMessage, res: ServerResponse):
   );
 
   const cfg = resolveFridayNextConfig(getHostOpenClawConfigSnapshot(runtime.config));
-  ensureSessionLevels(baseSessionKey, "stream", "medium", cfg.historyDir);
+
+  // Resolve defaults from the OpenClaw agent config so settings are never left empty.
+  let defaultModel: string | undefined;
+  let defaultThinking: string | undefined;
+  try {
+    const forwardRt = getFridayAgentForwardRuntime();
+    if (forwardRt) {
+      const ocCfg = (forwardRt.getConfig() ?? {}) as Record<string, unknown>;
+      const agents = ocCfg.agents as Record<string, unknown> | undefined;
+      const agentDefaults = agents?.defaults as Record<string, unknown> | undefined;
+      const model = agentDefaults?.model as Record<string, unknown> | undefined;
+      defaultModel = typeof model?.primary === "string" ? (model.primary as string) : undefined;
+      defaultThinking =
+        typeof agentDefaults?.thinkingDefault === "string"
+          ? (agentDefaults.thinkingDefault as string)
+          : undefined;
+    }
+  } catch {
+    // Config not available (tests) — leave defaults undefined.
+  }
+
+  const modelRef = payload.modelRef ?? defaultModel;
+  const reasoningLevel = payload.reasoningLevel ?? "stream";
+  const thinkingLevel = payload.thinkingLevel ?? defaultThinking;
+
+  const settings: Record<string, string | undefined> = {};
+  if (modelRef) {
+    settings.modelRef = modelRef;
+    const split = splitModelRef(modelRef);
+    settings.providerOverride = split.provider;
+    settings.modelOverride = split.modelId;
+  }
+  if (reasoningLevel) settings.reasoningLevel = reasoningLevel;
+  if (thinkingLevel) settings.thinkingLevel = thinkingLevel;
+
+  if (Object.keys(settings).length > 0) {
+    setSessionSettings(baseSessionKey, settings, cfg.historyDir);
+  }
+
+  log(
+    "SESSION_SETTINGS",
+    normalizedDeviceId,
+    runId,
+    `sessionKey=${baseSessionKey} modelRef=${modelRef ?? "(default)"} reasoning=${reasoningLevel ?? "(default)"} thinking=${thinkingLevel ?? "(default)"}`,
+  );
 
   registerFridaySessionDeviceMapping(appSessionKey, normalizedDeviceId);
   sseEmitter.trackDeviceForRun(normalizedDeviceId, runId);

package/src/http/handlers/models-list.ts

@@ -64,8 +64,30 @@ function resolveConfiguredModels(): ResolvedModels {
     }
   }
 
-  const agentModel = agentDefaults?.model as Record<string, unknown> | undefined;
-  const defaultModel = typeof agentModel?.primary === "string" ? agentModel.primary : "";
+  const agentModel = agentDefaults?.model;
+  let defaultModel =
+    typeof agentModel === "string" && agentModel.trim()
+      ? agentModel.trim()
+      : typeof (agentModel as Record<string, unknown> | undefined)?.primary === "string"
+        ? ((agentModel as Record<string, unknown>).primary as string)
+        : "";
+
+  if (!defaultModel && entries.length > 0) {
+    defaultModel = entries[0].id;
+  }
+
+  if (defaultModel && !seen.has(defaultModel)) {
+    const split = splitModelRef(defaultModel);
+    const meta = providerMeta.get(defaultModel);
+    entries.unshift({
+      id: defaultModel,
+      name: meta?.name ?? split.modelId,
+      provider: split.provider ?? "",
+      reasoning: meta?.reasoning,
+      contextWindow: meta?.contextWindow,
+      maxTokens: meta?.maxTokens,
+    });
+  }
 
   return { models: entries, defaultModel };
 }

package/src/http/handlers/nodes-approve.test.ts

@@ -0,0 +1,288 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { EventEmitter } from "node:events";
+import { PassThrough } from "node:stream";
+import type { IncomingMessage, ServerResponse } from "node:http";
+import { setMockRuntime } from "../../test-support/mock-runtime.js";
+
+const mockExecImpl = vi.hoisted(() => vi.fn());
+vi.mock("node:child_process", () => ({
+  exec: mockExecImpl,
+}));
+
+import { handleNodesApprove } from "./nodes-approve.js";
+
+class MockRes extends EventEmitter {
+  statusCode = 0;
+  headers: Record<string, string> = {};
+  body = "";
+  setHeader(name: string, value: string): void {
+    this.headers[name.toLowerCase()] = value;
+  }
+  end(body?: string): void {
+    if (body) this.body += body;
+  }
+}
+
+function mockReq(method: string, headers: Record<string, string> = {}): PassThrough & { method: string; headers: Record<string, string> } {
+  const stream = new PassThrough() as unknown as PassThrough & { method: string; headers: Record<string, string> };
+  stream.method = method;
+  stream.headers = headers;
+  return stream;
+}
+
+function mockExecSuccess(stdout: string) {
+  const child = new EventEmitter() as EventEmitter & { stdout: EventEmitter; stderr: EventEmitter };
+  child.stdout = new EventEmitter();
+  child.stderr = new EventEmitter();
+  mockExecImpl.mockImplementationOnce((_cmd: string, _opts: unknown, cb: (error: null, stdout: string, stderr: string) => void) => {
+    cb(null, stdout, "");
+    return child;
+  });
+}
+
+function mockExecError(message: string, stderr?: string) {
+  const err = new Error(message) as Error & { stderr: string };
+  err.stderr = stderr ?? "";
+  const child = new EventEmitter() as EventEmitter & { stdout: EventEmitter; stderr: EventEmitter };
+  child.stdout = new EventEmitter();
+  child.stderr = new EventEmitter();
+  mockExecImpl.mockImplementationOnce((_cmd: string, _opts: unknown, cb: (error: Error) => void) => {
+    cb(err);
+    return child;
+  });
+}
+
+function mockExecErrorWithStderr(err: Error & { stderr?: string }) {
+  const child = new EventEmitter() as EventEmitter & { stdout: EventEmitter; stderr: EventEmitter };
+  child.stdout = new EventEmitter();
+  child.stderr = new EventEmitter();
+  mockExecImpl.mockImplementationOnce((_cmd: string, _opts: unknown, cb: (error: Error) => void) => {
+    cb(err);
+    return child;
+  });
+}
+
+const NODE_ID = "a80b8c4b305fb02c5772c409c6dfcbacde691b61557f7779511ad1a5be8fdf06";
+const REQUEST_ID = "12f150e8-b1bc-4688-be23-e3a7fa8b9e51";
+
+describe("handleNodesApprove", () => {
+  beforeEach(() => {
+    setMockRuntime();
+    mockExecImpl.mockReset();
+  });
+
+  it("returns 405 on non-POST", async () => {
+    const req = { method: "GET", headers: {} } as IncomingMessage;
+    const res = new MockRes() as unknown as ServerResponse;
+    await handleNodesApprove(req, res);
+    expect((res as unknown as MockRes).statusCode).toBe(405);
+  });
+
+  it("returns 401 for missing auth", async () => {
+    const req = mockReq("POST");
+    const res = new MockRes() as unknown as ServerResponse;
+    const p = handleNodesApprove(req as unknown as IncomingMessage, res);
+    req.end(JSON.stringify({ nodeId: NODE_ID }));
+    await p;
+    expect((res as unknown as MockRes).statusCode).toBe(401);
+  });
+
+  it("returns 400 for missing body", async () => {
+    const req = mockReq("POST", { authorization: "Bearer test-token" });
+    const res = new MockRes() as unknown as ServerResponse;
+    const p = handleNodesApprove(req as unknown as IncomingMessage, res);
+    req.end("");
+    await p;
+    expect((res as unknown as MockRes).statusCode).toBe(400);
+  });
+
+  it("returns 400 for missing nodeId", async () => {
+    const req = mockReq("POST", { authorization: "Bearer test-token" });
+    const res = new MockRes() as unknown as ServerResponse;
+    const p = handleNodesApprove(req as unknown as IncomingMessage, res);
+    req.end(JSON.stringify({}));
+    await p;
+    expect((res as unknown as MockRes).statusCode).toBe(400);
+    expect(JSON.parse((res as unknown as MockRes).body).error).toContain("nodeId");
+  });
+
+  it("returns 502 when nodes list CLI fails", async () => {
+    mockExecError("ENOENT");
+
+    const req = mockReq("POST", { authorization: "Bearer test-token" });
+    const res = new MockRes() as unknown as ServerResponse;
+    const p = handleNodesApprove(req as unknown as IncomingMessage, res);
+    req.end(JSON.stringify({ nodeId: NODE_ID }));
+    await p;
+    expect((res as unknown as MockRes).statusCode).toBe(502);
+    expect(JSON.parse((res as unknown as MockRes).body).error).toContain("Failed to list nodes");
+  });
+
+  it("returns 502 when nodes list returns invalid JSON", async () => {
+    mockExecSuccess("not valid json {{{");
+
+    const req = mockReq("POST", { authorization: "Bearer test-token" });
+    const res = new MockRes() as unknown as ServerResponse;
+    const p = handleNodesApprove(req as unknown as IncomingMessage, res);
+    req.end(JSON.stringify({ nodeId: NODE_ID }));
+    await p;
+    expect((res as unknown as MockRes).statusCode).toBe(502);
+    expect(JSON.parse((res as unknown as MockRes).body).error).toContain("Unexpected response");
+  });
+
+  it("returns 404 when nodeId not in pending or paired with caps", async () => {
+    mockExecSuccess(JSON.stringify({
+      pending: [{ requestId: "uuid-1", nodeId: "OTHER_NODE" }],
+      paired: [{ nodeId: "ANOTHER", caps: ["canvas"], commands: ["canvas.navigate"] }],
+    }));
+
+    const req = mockReq("POST", { authorization: "Bearer test-token" });
+    const res = new MockRes() as unknown as ServerResponse;
+    const p = handleNodesApprove(req as unknown as IncomingMessage, res);
+    req.end(JSON.stringify({ nodeId: NODE_ID }));
+    await p;
+    expect((res as unknown as MockRes).statusCode).toBe(404);
+    const body = JSON.parse((res as unknown as MockRes).body);
+    expect(body.error).toContain("No pending node found");
+    expect(body.nodeId).toBe(NODE_ID.toUpperCase());
+  });
+
+  it("returns 404 when pending is empty and paired has empty caps/commands", async () => {
+    mockExecSuccess(JSON.stringify({
+      pending: [],
+      paired: [{ nodeId: NODE_ID, approvedAtMs: 1, caps: [], commands: [] }],
+    }));
+
+    const req = mockReq("POST", { authorization: "Bearer test-token" });
+    const res = new MockRes() as unknown as ServerResponse;
+    const p = handleNodesApprove(req as unknown as IncomingMessage, res);
+    req.end(JSON.stringify({ nodeId: NODE_ID }));
+    await p;
+    expect((res as unknown as MockRes).statusCode).toBe(404);
+  });
+
+  it("returns 200 with alreadyApproved when node in paired with caps", async () => {
+    mockExecSuccess(JSON.stringify({
+      pending: [],
+      paired: [{ nodeId: NODE_ID, approvedAtMs: 1778571972361, caps: ["location", "canvas"], commands: ["canvas.navigate"] }],
+    }));
+
+    const req = mockReq("POST", { authorization: "Bearer test-token" });
+    const res = new MockRes() as unknown as ServerResponse;
+    const p = handleNodesApprove(req as unknown as IncomingMessage, res);
+    req.end(JSON.stringify({ nodeId: NODE_ID }));
+    await p;
+
+    expect((res as unknown as MockRes).statusCode).toBe(200);
+    const body = JSON.parse((res as unknown as MockRes).body);
+    expect(body.ok).toBe(true);
+    expect(body.alreadyApproved).toBe(true);
+    expect(body.nodeId).toBe(NODE_ID.toUpperCase());
+    expect(body.approvedAtMs).toBe(1778571972361);
+    expect(body.caps).toEqual(["location", "canvas"]);
+    expect(body.commands).toEqual(["canvas.navigate"]);
+    expect(mockExecImpl).toHaveBeenCalledTimes(1); // no approve call
+  });
+
+  it("returns 502 when approve command fails", async () => {
+    mockExecSuccess(JSON.stringify({
+      pending: [{ requestId: REQUEST_ID, nodeId: NODE_ID }],
+      paired: [],
+    }));
+    const approveErr = new Error("Command failed") as Error & { stderr: string };
+    approveErr.stderr = "unknown requestId";
+    mockExecErrorWithStderr(approveErr);
+
+    const req = mockReq("POST", { authorization: "Bearer test-token" });
+    const res = new MockRes() as unknown as ServerResponse;
+    const p = handleNodesApprove(req as unknown as IncomingMessage, res);
+    req.end(JSON.stringify({ nodeId: NODE_ID }));
+    await p;
+    expect((res as unknown as MockRes).statusCode).toBe(502);
+    const body = JSON.parse((res as unknown as MockRes).body);
+    expect(body.error).toContain("Node approval command failed");
+    expect(body.detail).toBe("unknown requestId");
+  });
+
+  it("returns 502 when approve returns non-JSON", async () => {
+    mockExecSuccess(JSON.stringify({
+      pending: [{ requestId: REQUEST_ID, nodeId: NODE_ID }],
+      paired: [],
+    }));
+    mockExecSuccess("No pending node pairing requests to approve");
+
+    const req = mockReq("POST", { authorization: "Bearer test-token" });
+    const res = new MockRes() as unknown as ServerResponse;
+    const p = handleNodesApprove(req as unknown as IncomingMessage, res);
+    req.end(JSON.stringify({ nodeId: NODE_ID }));
+    await p;
+    expect((res as unknown as MockRes).statusCode).toBe(502);
+    expect(JSON.parse((res as unknown as MockRes).body).error).toContain("Unexpected response from node approval");
+  });
+
+  it("succeeds with complete flow", async () => {
+    mockExecSuccess(JSON.stringify({
+      pending: [{ requestId: REQUEST_ID, nodeId: NODE_ID }],
+      paired: [],
+    }));
+    mockExecSuccess(JSON.stringify({
+      requestId: REQUEST_ID,
+      node: { nodeId: NODE_ID, approvedAtMs: 1778571972361 },
+    }));
+
+    const req = mockReq("POST", { authorization: "Bearer test-token" });
+    const res = new MockRes() as unknown as ServerResponse;
+    const p = handleNodesApprove(req as unknown as IncomingMessage, res);
+    req.end(JSON.stringify({ nodeId: NODE_ID }));
+    await p;
+
+    expect((res as unknown as MockRes).statusCode).toBe(200);
+    const body = JSON.parse((res as unknown as MockRes).body);
+    expect(body.ok).toBe(true);
+    expect(body.alreadyApproved).toBeUndefined();
+    expect(body.nodeId).toBe(NODE_ID.toUpperCase());
+    expect(body.requestId).toBe(REQUEST_ID);
+    expect(body.approvedAtMs).toBe(1778571972361);
+    expect(mockExecImpl).toHaveBeenCalledTimes(2);
+  });
+
+  it("normalizes nodeId case-insensitively in pending", async () => {
+    mockExecSuccess(JSON.stringify({
+      pending: [{ requestId: REQUEST_ID, nodeId: NODE_ID }],
+      paired: [],
+    }));
+    mockExecSuccess(JSON.stringify({
+      requestId: REQUEST_ID,
+      node: { nodeId: NODE_ID, approvedAtMs: 1 },
+    }));
+
+    const req = mockReq("POST", { authorization: "Bearer test-token" });
+    const res = new MockRes() as unknown as ServerResponse;
+    const p = handleNodesApprove(req as unknown as IncomingMessage, res);
+    req.end(JSON.stringify({ nodeId: NODE_ID.toLowerCase() }));
+    await p;
+
+    expect((res as unknown as MockRes).statusCode).toBe(200);
+    const body = JSON.parse((res as unknown as MockRes).body);
+    expect(body.ok).toBe(true);
+    expect(body.nodeId).toBe(NODE_ID.toUpperCase());
+  });
+
+  it("normalizes nodeId case-insensitively in paired", async () => {
+    mockExecSuccess(JSON.stringify({
+      pending: [],
+      paired: [{ nodeId: NODE_ID, approvedAtMs: 1, caps: ["canvas"], commands: [] }],
+    }));
+
+    const req = mockReq("POST", { authorization: "Bearer test-token" });
+    const res = new MockRes() as unknown as ServerResponse;
+    const p = handleNodesApprove(req as unknown as IncomingMessage, res);
+    req.end(JSON.stringify({ nodeId: NODE_ID.toLowerCase() }));
+    await p;
+
+    expect((res as unknown as MockRes).statusCode).toBe(200);
+    const body = JSON.parse((res as unknown as MockRes).body);
+    expect(body.ok).toBe(true);
+    expect(body.alreadyApproved).toBe(true);
+  });
+});

package/src/http/handlers/nodes-approve.ts

@@ -0,0 +1,189 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+import { exec } from "node:child_process";
+import { readJsonBody } from "../middleware/body.js";
+import { extractBearerToken } from "../middleware/auth.js";
+import { createFridayNextLogger } from "../../logging.js";
+
+const EXEC_ENV = process.platform === "win32"
+  ? process.env
+  : { ...process.env, PATH: `/opt/homebrew/bin:/usr/local/bin:/home/linuxbrew/.linuxbrew/bin:${process.env.PATH ?? ""}` };
+
+interface PendingNode {
+  requestId: string;
+  nodeId: string;
+}
+
+interface PairedNode {
+  nodeId: string;
+  approvedAtMs?: number;
+  caps?: string[];
+  commands?: string[];
+}
+
+interface NodeListJson {
+  pending?: PendingNode[];
+  paired?: PairedNode[];
+}
+
+interface ApproveJson {
+  requestId: string;
+  node?: { nodeId: string; approvedAtMs?: number };
+}
+
+function execAsync(command: string, timeoutMs: number): Promise<{ stdout: string; stderr: string }> {
+  return new Promise((resolve, reject) => {
+    const child = exec(command, { encoding: "utf-8", timeout: timeoutMs, maxBuffer: 1024 * 1024, env: EXEC_ENV }, (error, stdout, stderr) => {
+      if (error) {
+        reject(error);
+      } else {
+        resolve({ stdout, stderr });
+      }
+    });
+    child.stdout?.on("data", () => { /* drain */ });
+    child.stderr?.on("data", () => { /* drain */ });
+  });
+}
+
+export async function handleNodesApprove(
+  req: IncomingMessage,
+  res: ServerResponse,
+): Promise<boolean> {
+  const log = createFridayNextLogger("nodes-approve");
+
+  if (req.method !== "POST") {
+    res.statusCode = 405;
+    res.setHeader("Content-Type", "application/json");
+    res.end(JSON.stringify({ error: "Method Not Allowed" }));
+    return true;
+  }
+
+  const token = extractBearerToken(req);
+  if (!token) {
+    res.statusCode = 401;
+    res.setHeader("Content-Type", "application/json");
+    res.end(JSON.stringify({ error: "Unauthorized: bearer token mismatch" }));
+    return true;
+  }
+
+  const body = await readJsonBody(req);
+  if (!body) {
+    res.statusCode = 400;
+    res.setHeader("Content-Type", "application/json");
+    res.end(JSON.stringify({ error: "Invalid JSON body" }));
+    return true;
+  }
+
+  const rawNodeId = typeof body.nodeId === "string" ? body.nodeId : "";
+  if (!rawNodeId.trim()) {
+    res.statusCode = 400;
+    res.setHeader("Content-Type", "application/json");
+    res.end(JSON.stringify({ error: "Missing required field: nodeId" }));
+    return true;
+  }
+
+  const normalizedNodeId = rawNodeId.trim().toUpperCase();
+
+  let listStdout: string;
+  try {
+    const result = await execAsync("openclaw nodes list --json", 15000);
+    listStdout = result.stdout;
+  } catch (err) {
+    const stderr = (err as { stderr?: string })?.stderr?.trim();
+    log.error(`nodes list failed: ${err instanceof Error ? err.message : String(err)}`);
+    res.statusCode = 502;
+    res.setHeader("Content-Type", "application/json");
+    res.end(JSON.stringify({ error: "Failed to list nodes from gateway", detail: stderr || undefined }));
+    return true;
+  }
+
+  let listData: NodeListJson;
+  try {
+    listData = JSON.parse(listStdout) as NodeListJson;
+  } catch {
+    log.error(`nodes list returned invalid JSON: ${listStdout.slice(0, 200)}`);
+    res.statusCode = 502;
+    res.setHeader("Content-Type", "application/json");
+    res.end(JSON.stringify({ error: "Unexpected response from gateway node list" }));
+    return true;
+  }
+
+  const pending = listData.pending ?? [];
+  const pendingMatch = pending.find(
+    (entry) => entry.nodeId.trim().toUpperCase() === normalizedNodeId,
+  );
+
+  if (pendingMatch) {
+    const requestId = pendingMatch.requestId;
+    log.info(`approving nodeId=${normalizedNodeId} requestId=${requestId}`);
+
+    let approveStdout: string;
+    try {
+      const result = await execAsync(`openclaw nodes approve ${requestId} --json`, 15000);
+      approveStdout = result.stdout;
+    } catch (err) {
+      const stderr = (err as { stderr?: string })?.stderr?.trim();
+      log.error(`nodes approve failed: ${err instanceof Error ? err.message : String(err)}`);
+      res.statusCode = 502;
+      res.setHeader("Content-Type", "application/json");
+      res.end(JSON.stringify({
+        error: "Node approval command failed",
+        detail: stderr || (err instanceof Error ? err.message : "Unknown error"),
+      }));
+      return true;
+    }
+
+    let approveData: ApproveJson;
+    try {
+      approveData = JSON.parse(approveStdout) as ApproveJson;
+    } catch {
+      log.error(`nodes approve returned non-JSON: ${approveStdout.slice(0, 200)}`);
+      res.statusCode = 502;
+      res.setHeader("Content-Type", "application/json");
+      res.end(JSON.stringify({ error: "Unexpected response from node approval" }));
+      return true;
+    }
+
+    res.statusCode = 200;
+    res.setHeader("Content-Type", "application/json");
+    res.end(JSON.stringify({
+      ok: true,
+      nodeId: normalizedNodeId,
+      requestId: approveData.requestId,
+      approvedAtMs: approveData.node?.approvedAtMs,
+    }));
+    return true;
+  }
+
+  // Not in pending — check if already paired with non-empty caps/commands
+  const paired = listData.paired ?? [];
+  const pairedMatch = paired.find(
+    (entry) => entry.nodeId.trim().toUpperCase() === normalizedNodeId,
+  );
+
+  if (pairedMatch) {
+    const caps = pairedMatch.caps ?? [];
+    const commands = pairedMatch.commands ?? [];
+    if (caps.length > 0 || commands.length > 0) {
+      log.info(`nodeId=${normalizedNodeId} already paired with caps=${caps.length} commands=${commands.length}`);
+      res.statusCode = 200;
+      res.setHeader("Content-Type", "application/json");
+      res.end(JSON.stringify({
+        ok: true,
+        nodeId: normalizedNodeId,
+        alreadyApproved: true,
+        approvedAtMs: pairedMatch.approvedAtMs,
+        caps,
+        commands,
+      }));
+      return true;
+    }
+  }
+
+  res.statusCode = 404;
+  res.setHeader("Content-Type", "application/json");
+  res.end(JSON.stringify({
+    error: "No pending node found for this nodeId",
+    nodeId: normalizedNodeId,
+  }));
+  return true;
+}