@syengup/friday-channel-next 0.1.39 → 1.0.0

package/dist/src/http/handlers/approvals.js

@@ -0,0 +1,54 @@
+import { resolveApprovalOverGateway } from "openclaw/plugin-sdk/approval-gateway-runtime";
+import { readJsonBody } from "../middleware/body.js";
+import { extractBearerToken } from "../middleware/auth.js";
+import { getHostOpenClawConfigSnapshot } from "../../host-config.js";
+import { getFridayNextRuntime } from "../../runtime.js";
+import { createFridayNextLogger } from "../../logging.js";
+const VALID_DECISIONS = new Set(["allow-once", "allow-always", "deny"]);
+/**
+ * POST /friday-next/approvals/{approvalId}
+ * Body: { decision: "allow-once" | "allow-always" | "deny", deviceId?: string }
+ *
+ * Submits the app user's decision for a pending exec/plugin approval back to the gateway. The bearer
+ * token gates auth (the device owner is the approver); the gateway then resumes / aborts the run.
+ */
+export async function handleApprovalDecision(req, res, approvalId) {
+    const log = createFridayNextLogger("approvals");
+    const json = (status, body) => {
+        res.statusCode = status;
+        res.setHeader("Content-Type", "application/json");
+        res.end(JSON.stringify(body));
+        return true;
+    };
+    if (req.method !== "POST")
+        return json(405, { error: "Method Not Allowed" });
+    if (!extractBearerToken(req))
+        return json(401, { error: "Unauthorized: bearer token mismatch" });
+    if (!approvalId.trim())
+        return json(400, { error: "Missing approvalId" });
+    const body = await readJsonBody(req);
+    if (!body)
+        return json(400, { error: "Invalid JSON body" });
+    const decision = typeof body.decision === "string" ? body.decision.trim() : "";
+    if (!VALID_DECISIONS.has(decision)) {
+        return json(400, { error: "decision must be allow-once | allow-always | deny" });
+    }
+    const deviceId = typeof body.deviceId === "string" ? body.deviceId.trim().toUpperCase() : "";
+    const cfg = getHostOpenClawConfigSnapshot(getFridayNextRuntime().config);
+    try {
+        await resolveApprovalOverGateway({
+            cfg: cfg,
+            approvalId: approvalId.trim(),
+            decision: decision,
+            senderId: deviceId || null,
+            allowPluginFallback: true,
+            clientDisplayName: deviceId ? `Friday Next (${deviceId})` : "Friday Next",
+        });
+    }
+    catch (err) {
+        log.error(`resolveApprovalOverGateway failed: ${err instanceof Error ? err.message : String(err)}`);
+        return json(502, { error: "Approval resolution failed", detail: String(err) });
+    }
+    log.info(`approval ${approvalId} resolved decision=${decision} device=${deviceId || "(none)"}`);
+    return json(200, { ok: true, approvalId: approvalId.trim(), decision });
+}

package/dist/src/http/handlers/messages.js

@@ -17,7 +17,7 @@ import { resolveAgentDefaults, setSessionSettings, splitModelRef, toSessionStore
 import { sseEmitter } from "../../sse/emitter.js";
 import { extractBearerToken } from "../middleware/auth.js";
 import { readJsonBody } from "../middleware/body.js";
-import { registerFridaySessionDeviceMapping } from "../../friday-session.js";
+import { forwardAgentEventRaw, isCodexRun, registerFridaySessionDeviceMapping, } from "../../friday-session.js";
 import { touchFridayInbound } from "../../friday-inbound-stats.js";
 import { fridayAttachmentLookupKey, fridayFilesPublicUrl, readFile, rememberInboundMediaName, resolveMediaAttachment, resolveMediaUrl, } from "./files.js";
 import { runFridayDispatch } from "../../agent/dispatch-bridge.js";
@@ -467,6 +467,12 @@ export async function handleMessages(req, res) {
                     runId,
                     suppressTyping: true,
                     disableBlockStreaming: true,
+                    // A1: feed the chosen thinking level into the run as a one-shot override so the model
+                    // request asks for a reasoning summary. The session-stored `thinkingLevel` alone is NOT
+                    // honored by the reply dispatch; `thinkingLevelOverride` has top priority in OpenClaw's
+                    // resolution chain (get-reply-directives). Required for Codex (openai-chatgpt-responses)
+                    // to emit any reasoning at all.
+                    ...(thinkingLevel ? { thinkingLevelOverride: thinkingLevel } : {}),
                     onModelSelected: (sel) => {
                         const name = typeof sel.model === "string" ? sel.model.trim() : "";
                         if (name) {
@@ -481,6 +487,18 @@ export async function handleMessages(req, res) {
                             : undefined;
                         const text = typeof rawText === "string" ? rawText : "";
                         log("REASONING_STREAM", normalizedDeviceId, runId, `textLen=${text.length}`);
+                        // A2: the embedded runner already emits `stream: "thinking"` on the agent-event bus, so
+                        // forwarding here would double it. The Codex app-server backend does NOT — reasoning text
+                        // only arrives via this callback (cumulative snapshot). Forward it as a thinking event
+                        // (reusing forwardAgentEventRaw's cumulative→delta rewrite) ONLY for Codex runs.
+                        if (text && isCodexRun(runId)) {
+                            forwardAgentEventRaw({
+                                runId,
+                                stream: "thinking",
+                                data: { text },
+                                sessionKey: baseSessionKey,
+                            });
+                        }
                     },
                     onReasoningEnd: async () => {
                         log("REASONING_STREAM_END", normalizedDeviceId, runId);

package/dist/src/http/server.js

@@ -11,6 +11,7 @@ import { handleFilesDownload } from "./handlers/files-download.js";
 import { handleCancel } from "./handlers/cancel.js";
 import { handleDeviceApprove } from "./handlers/device-approve.js";
 import { handleNodesApprove } from "./handlers/nodes-approve.js";
+import { handleApprovalDecision } from "./handlers/approvals.js";
 import { handleSessionsSettings } from "./handlers/sessions-settings.js";
 import { handleModelsList } from "./handlers/models-list.js";
 import { handleAgentsList } from "./handlers/agents-list.js";
@@ -65,6 +66,11 @@ async function handleFridayNextRoute(req, res) {
     if (req.method === "POST" && pathname === "/friday-next/nodes-approve") {
         return await handleNodesApprove(req, res);
     }
+    // Route: POST /friday-next/approvals/{approvalId} (submit exec/plugin approval decision)
+    if (req.method === "POST" && pathname.startsWith("/friday-next/approvals/")) {
+        const approvalId = decodeURIComponent(pathname.slice("/friday-next/approvals/".length));
+        return await handleApprovalDecision(req, res, approvalId);
+    }
     if ((req.method === "PUT" || req.method === "GET") &&
         pathname === "/friday-next/sessions/settings") {
         return await handleSessionsSettings(req, res);

package/dist/src/http 2/middleware/auth.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Bearer token authentication middleware for Friday HTTP routes.
+ *
+ * Validates that the bearer token matches the gateway's configured auth token.
+ * This ensures plugin HTTP endpoints use the same token as gateway WS connections.
+ */
+import type { IncomingMessage } from "node:http";
+/**
+ * Extract and validate bearer token from Authorization header.
+ * Returns the token only if it matches the gateway's configured auth token.
+ * Returns null if token is missing, malformed, or doesn't match.
+ */
+export declare function extractBearerToken(req: IncomingMessage): string | null;

package/dist/src/http 2/middleware/auth.js

@@ -0,0 +1,29 @@
+/**
+ * Bearer token authentication middleware for Friday HTTP routes.
+ *
+ * Validates that the bearer token matches the gateway's configured auth token.
+ * This ensures plugin HTTP endpoints use the same token as gateway WS connections.
+ */
+import { resolveFridayNextConfig } from "../../config.js";
+import { getHostOpenClawConfigSnapshot } from "../../host-config.js";
+import { getFridayNextRuntime } from "../../runtime.js";
+/**
+ * Extract and validate bearer token from Authorization header.
+ * Returns the token only if it matches the gateway's configured auth token.
+ * Returns null if token is missing, malformed, or doesn't match.
+ */
+export function extractBearerToken(req) {
+    const auth = req.headers.authorization;
+    if (!auth || typeof auth !== "string")
+        return null;
+    const parts = auth.trim().split(/\s+/);
+    if (parts.length !== 2 || parts[0].toLowerCase() !== "bearer")
+        return null;
+    const token = parts[1];
+    // Validate token matches the gateway's configured auth token.
+    const cfg = getHostOpenClawConfigSnapshot(getFridayNextRuntime().config);
+    const runtimeConfig = resolveFridayNextConfig(cfg);
+    if (!runtimeConfig.authToken || token !== runtimeConfig.authToken)
+        return null;
+    return token;
+}

package/dist/src/http 2/middleware/body.d.ts

@@ -0,0 +1,2 @@
+import type { IncomingMessage } from "node:http";
+export declare function readJsonBody(req: IncomingMessage, maxBytes?: number): Promise<Record<string, unknown> | null>;

package/dist/src/http 2/middleware/body.js

@@ -0,0 +1,24 @@
+export async function readJsonBody(req, maxBytes = 2 * 1024 * 1024) {
+    return await new Promise((resolve) => {
+        const chunks = [];
+        let total = 0;
+        req.on("data", (chunk) => {
+            total += chunk.length;
+            if (total > maxBytes) {
+                resolve(null);
+                req.destroy();
+                return;
+            }
+            chunks.push(chunk);
+        });
+        req.on("end", () => {
+            try {
+                resolve(JSON.parse(Buffer.concat(chunks).toString("utf-8")));
+            }
+            catch {
+                resolve(null);
+            }
+        });
+        req.on("error", () => resolve(null));
+    });
+}

package/dist/src/http 2/middleware/cors.d.ts

@@ -0,0 +1,2 @@
+import type { ServerResponse } from "node:http";
+export declare function applyCorsHeaders(res: ServerResponse): void;

package/dist/src/http 2/middleware/cors.js

@@ -0,0 +1,11 @@
+import { resolveFridayNextConfig } from "../../config.js";
+import { getHostOpenClawConfigSnapshot } from "../../host-config.js";
+import { getFridayNextRuntime } from "../../runtime.js";
+export function applyCorsHeaders(res) {
+    const cfg = resolveFridayNextConfig(getHostOpenClawConfigSnapshot(getFridayNextRuntime().config));
+    if (!cfg.corsEnabled)
+        return;
+    res.setHeader("Access-Control-Allow-Origin", cfg.corsAllowOrigin || "*");
+    res.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, Last-Event-ID");
+    res.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS");
+}

package/dist/src/sse/emitter.d.ts

@@ -1,5 +1,5 @@
 import type { ServerResponse } from "node:http";
-export type SseEventType = "connected" | "agent" | "deliver" | "tool-hook" | "outbound" | "ping" | "subagent";
+export type SseEventType = "connected" | "agent" | "deliver" | "tool-hook" | "outbound" | "ping" | "subagent" | "approval";
 export interface SseEvent {
     type: SseEventType;
     data: Record<string, unknown>;

package/index.ts

@@ -15,6 +15,7 @@ import { sseEmitter } from "./src/sse/emitter.js";
 import {
   forwardAgentEventRaw,
   getLastRegisteredFridayDeviceId,
+  isCodexRun,
   resolveFridayDeviceIdForSessionKey,
 } from "./src/friday-session.js";
 import { setFridayAgentForwardRuntime } from "./src/agent-forward-runtime.js";
@@ -22,6 +23,7 @@ import { setUpgradeRuntime } from "./src/upgrade-runtime.js";
 import { getOpenClawAgentRunContext } from "./src/agent-run-context-bridge.js";
 import { accumulateRunUsage } from "./src/agent/run-usage-accumulator.js";
 import { createFridayNextLogger } from "./src/logging.js";
+import { ensureCodexReasoningSummary } from "./src/codex-reasoning-config.js";
 
 const hookLogger = createFridayNextLogger("hook");
 
@@ -63,6 +65,38 @@ function isFridaySessionKey(sk: string): boolean {
   return /^friday-next-/i.test(sk) || /^agent:main:friday-next-/i.test(sk);
 }
 
+/** Shell/exec-style tools whose stdout the app renders as a `command_output` row (A3). */
+const COMMAND_TOOL_NAMES = new Set([
+  "exec",
+  "bash",
+  "shell",
+  "local_shell",
+  "command",
+  "process",
+  "run_terminal_cmd",
+]);
+
+function isCommandTool(toolName: unknown): boolean {
+  return typeof toolName === "string" && COMMAND_TOOL_NAMES.has(toolName.trim().toLowerCase());
+}
+
+/** Best-effort flatten of an after-hook tool result into the stdout string the app expects. */
+function coerceCommandOutput(result: unknown): string {
+  if (typeof result === "string") return result;
+  if (result && typeof result === "object") {
+    const r = result as Record<string, unknown>;
+    for (const key of ["output", "stdout", "text"]) {
+      if (typeof r[key] === "string") return r[key] as string;
+    }
+    try {
+      return JSON.stringify(result);
+    } catch {
+      return "";
+    }
+  }
+  return result == null ? "" : String(result);
+}
+
 function shouldForwardToolEventToFriday(ctx: PluginHookToolContext): boolean {
   if (ctx.runId) {
     if (sseEmitter.getDeviceIdByRunId(ctx.runId)) return true;
@@ -134,6 +168,10 @@ export default defineChannelPluginEntry({
     }
     fridayNextToolHooksRegistered = true;
 
+    // Make Codex (ChatGPT/OAuth) models emit reasoning summary text so the app can stream
+    // "thinking". OpenClaw never sets this; we assert it on the plugin side. Best-effort.
+    ensureCodexReasoningSummary((msg) => hookLogger.info(msg));
+
     api.on("subagent_delivery_target", (event: any) => {
       if (!event.expectsCompletionMessage) return;
       const ch = event.requesterOrigin?.channel?.trim().toLowerCase();
@@ -219,6 +257,29 @@ export default defineChannelPluginEntry({
           ts: Date.now(),
         },
       });
+
+      // A3: the Codex app-server backend never puts exec stdout on the `command_output` stream
+      // (its tool result carries only exitCode/duration), so the app shows the command row with no
+      // output. The after-hook DOES carry the full stdout — synthesize a `command_output` end event
+      // keyed by toolCallId (== the forwarded `item kind:command` itemId) so the app attaches it.
+      // Codex-only: embedded runs already stream `command_output` on the bus.
+      if (isCodexRun(runId) && event.toolCallId && isCommandTool(event.toolName)) {
+        const output = coerceCommandOutput(event.result);
+        if (output) {
+          forwardAgentEventRaw({
+            runId,
+            stream: "command_output",
+            data: {
+              itemId: event.toolCallId,
+              phase: "end",
+              output,
+              status: event.error ? "failed" : "completed",
+              durationMs: event.durationMs ?? null,
+            },
+            sessionKey: ctx.sessionKey,
+          });
+        }
+      }
     });
   },
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@syengup/friday-channel-next",
-  "version": "0.1.39",
+  "version": "1.0.0",
   "description": "OpenClaw Friday Next Apple channel plugin",
   "license": "MIT",
   "type": "module",
@@ -12,6 +12,19 @@
     "tsconfig.json",
     "openclaw.plugin.json"
   ],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "lint": "eslint .",
+    "lint:fix": "eslint . --fix",
+    "format": "prettier --write .",
+    "format:check": "prettier --check .",
+    "prepublishOnly": "pnpm build && rm -rf dist/attachments",
+    "test": "npm run test:unit && npm run test:e2e",
+    "test:unit": "vitest run",
+    "test:e2e": "vitest run --config vitest.e2e.config.ts",
+    "test:smoke": "node scripts/e2e-smoke.mjs",
+    "test:msg-live": "node scripts/message-roundtrip-live.mjs"
+  },
   "bin": {
     "friday-channel-next": "install.js"
   },
@@ -62,17 +75,5 @@
     "typescript-eslint": "^8.61.1",
     "vitest": "^4.1.5",
     "zod": "^4.3.6"
-  },
-  "scripts": {
-    "build": "tsc -p tsconfig.json",
-    "lint": "eslint .",
-    "lint:fix": "eslint . --fix",
-    "format": "prettier --write .",
-    "format:check": "prettier --check .",
-    "test": "npm run test:unit && npm run test:e2e",
-    "test:unit": "vitest run",
-    "test:e2e": "vitest run --config vitest.e2e.config.ts",
-    "test:smoke": "node scripts/e2e-smoke.mjs",
-    "test:msg-live": "node scripts/message-roundtrip-live.mjs"
   }
-}
+}

package/src/agent/subagent-registry.ts

@@ -48,7 +48,9 @@ export function registerSessionKeyForRun(sessionKey: string, runId: string): voi
  */
 const ANNOUNCE_RUN_ID_RE = /^announce:v\d+:(agent:.+?):([^:]+)$/;
 
-function parseAnnounceRunId(runId: string): { childSessionKey: string; bareRunId: string } | null {
+export function parseAnnounceRunId(
+  runId: string,
+): { childSessionKey: string; bareRunId: string } | null {
   const m = runId.match(ANNOUNCE_RUN_ID_RE);
   if (!m) return null;
   return { childSessionKey: m[1] ?? "", bareRunId: m[2] ?? "" };

package/src/approval/friday-approval-capability.test.ts

@@ -0,0 +1,78 @@
+import { describe, expect, it } from "vitest";
+import { buildPayload } from "./friday-approval-capability.js";
+
+const execView = {
+  approvalId: "exec:abc",
+  approvalKind: "exec",
+  title: "Codex command approval",
+  commandText: "curl -sS https://example.com",
+  commandPreview: "curl ...",
+  cwd: "/ws",
+  host: "sandbox",
+  metadata: [{ label: "Severity", value: "Warning" }],
+  actions: [
+    { decision: "allow-once", label: "Allow Once", style: "primary" },
+    { decision: "deny", label: "Deny", style: "danger" },
+  ],
+  expiresAtMs: 123,
+};
+
+const pluginView = {
+  approvalId: "plugin:xyz",
+  approvalKind: "plugin",
+  title: "Codex app-server command approval",
+  description: "Command: curl ...",
+  toolName: "codex_command_approval",
+  severity: "warning",
+  metadata: [{ label: "Tool", value: "codex_command_approval" }],
+  actions: [{ decision: "allow-always", label: "Allow Always", style: "secondary" }],
+  expiresAtMs: 456,
+};
+
+const reqWith = (sessionKey: string) => ({ request: { sessionKey } });
+
+describe("buildPayload", () => {
+  it("maps an exec approval view (command/cwd/host + actions)", () => {
+    const p = buildPayload({
+      op: "request",
+      view: execView,
+      request: reqWith("agent:main:fridaynext:s1"),
+      deviceId: "DEV1",
+    });
+    expect(p.op).toBe("request");
+    expect(p.kind).toBe("exec");
+    expect(p.approvalId).toBe("exec:abc");
+    expect(p.commandText).toBe("curl -sS https://example.com");
+    expect(p.cwd).toBe("/ws");
+    expect(p.host).toBe("sandbox");
+    expect(p.actions.map((a) => a.decision)).toEqual(["allow-once", "deny"]);
+    expect(p.sessionKey).toBe("agent:main:fridaynext:s1");
+    expect(p.deviceId).toBe("DEV1");
+    expect(p.expiresAtMs).toBe(123);
+  });
+
+  it("maps a plugin approval view (toolName/severity/description)", () => {
+    const p = buildPayload({
+      op: "request",
+      view: pluginView,
+      request: reqWith("agent:main:fridaynext:s2"),
+      deviceId: "DEV2",
+    });
+    expect(p.kind).toBe("plugin");
+    expect(p.toolName).toBe("codex_command_approval");
+    expect(p.severity).toBe("warning");
+    expect(p.description).toBe("Command: curl ...");
+    expect(p.actions[0].decision).toBe("allow-always");
+    expect(p.commandText).toBeNull();
+  });
+
+  it("defaults missing fields without throwing", () => {
+    const p = buildPayload({ op: "expired", view: {}, request: {}, deviceId: "D" });
+    expect(p.op).toBe("expired");
+    expect(p.kind).toBe("exec");
+    expect(p.approvalId).toBe("");
+    expect(p.actions).toEqual([]);
+    expect(p.metadata).toEqual([]);
+    expect(p.sessionKey).toBeNull();
+  });
+});