@taptapai/taptapai-openclaw 0.0.1

package/src/requestHandler.ts

@@ -0,0 +1,366 @@
+import * as fs from "fs";
+import * as os from "os";
+import * as path from "path";
+import type { LoggerLike } from "./types";
+import type { RpcRequest } from "./types";
+import { sanitizePathComponent, ensurePathWithin } from "./sanitize";
+import { sendBackendResponse, type BackendWsState } from "./backendWs";
+import { callGatewayHttp } from "./gatewayHttp";
+import { dispatchViaGateway, type GatewayWsState } from "./gatewayWs";
+import {
+  listTapTapAiSessions,
+  purgeSession,
+  readSessionStore,
+  readTranscript,
+  resolveSessionFromStore,
+  isTapTapAiSessionKey,
+} from "./sessions";
+import { readOpenClawConfig } from "./openclawConfig";
+import { getTranscriptPath } from "./paths";
+
+export type RequestHandlerDeps = {
+  backendState: BackendWsState;
+  gatewayState: GatewayWsState;
+  runtime: any;
+  pluginConfig: any;
+  logger: LoggerLike;
+};
+
+/** Allowed RPC methods. Requests with unknown methods are rejected. */
+const ALLOWED_METHODS = new Set([
+  "agent.send",
+  "agent.cancel",
+  "conversations.list",
+  "conversations.get",
+  "conversations.delete",
+  "agents.list",
+  "agents.get",
+  "identity.link",
+  "identity.unlink",
+  "identity.list",
+  "sessions.list",
+  "taptapai.sessions.list",
+  "taptapai.sessions.delete",
+  "health",
+  "memory.search",
+  "memory.get",
+]);
+
+export async function handleBackendRequest(deps: RequestHandlerDeps, req: RpcRequest): Promise<void> {
+  const { backendState, gatewayState, runtime, pluginConfig, logger } = deps;
+  const { id, method, params } = req;
+
+  // Validate request structure
+  if (!id || typeof id !== "string") {
+    logger.warn?.("[taptapai] Rejected request: missing or invalid id");
+    return;
+  }
+  if (!method || typeof method !== "string") {
+    sendBackendResponse(backendState, id, "error", undefined, { message: "Invalid method", code: 400 });
+    return;
+  }
+  if (!ALLOWED_METHODS.has(method)) {
+    sendBackendResponse(backendState, id, "error", undefined, { message: `Unknown method: ${method}`, code: 404 });
+    return;
+  }
+
+  logger.info?.(`[taptapai] handleRequest: method=${method} id=${id}`);
+
+  const send = (type: string, data?: any, extra?: Record<string, any>) =>
+    sendBackendResponse(backendState, id, type, data, extra);
+
+  try {
+    switch (method) {
+      // ================================================================
+      // Agent
+      // ================================================================
+      case "agent.send": {
+        const { session, text } = params as any;
+        const t0 = Date.now();
+        logger.info?.(`[taptapai] agent.send: session=${session} text="${String(text).substring(0, 80)}"`);
+        send("ack");
+
+        try {
+          if (gatewayState.connected) {
+            logger.info?.(`[taptapai] Dispatching via gateway WS (chat.send) [ack sent in ${Date.now() - t0}ms]`);
+            const responseText = await dispatchViaGateway({ state: gatewayState, logger, text: String(text), session: String(session) });
+            const t1 = Date.now();
+            logger.info?.(`[taptapai] ⏱️ agent.send DONE: total=${t1 - t0}ms | Gateway WS response: "${responseText.substring(0, 80)}..."`);
+            send("stream", { text: responseText }, { event: "done" });
+          } else {
+            logger.info?.("[taptapai] Gateway WS not connected — falling back to HTTP");
+            const responseText = await callGatewayHttp({
+              text: String(text),
+              session: String(session),
+              runtime,
+              pluginConfig,
+              readOpenClawConfig: () => readOpenClawConfig(logger),
+              logger,
+            });
+            const t1 = Date.now();
+            logger.info?.(`[taptapai] ⏱️ agent.send HTTP fallback DONE: total=${t1 - t0}ms`);
+            send("stream", { text: responseText }, { event: "done" });
+          }
+        } catch (e: any) {
+          logger.error?.(`[taptapai] agent.send error after ${Date.now() - t0}ms: ${e?.message || e}`);
+          send("stream", { text: `Error: ${e?.message || e}` }, { event: "done" });
+        }
+
+        break;
+      }
+
+      case "agent.cancel": {
+        send("result", { ok: true });
+        break;
+      }
+
+      // ================================================================
+      // Conversations
+      // ================================================================
+      case "conversations.list": {
+        const agentId = sanitizePathComponent(String((params as any).agent || "main"), "agent");
+        const limit = Number((params as any).limit || 50);
+        const offset = Number((params as any).offset || 0);
+
+        const store = readSessionStore(agentId);
+        const entries = Object.entries(store)
+          .map(([key, val]: [string, any]) => ({
+            id: val.sessionId || key,
+            key,
+            channel: val.channel || key.split(":")[2] || "unknown",
+            updatedAt: val.updatedAt || val.lastMessageAt,
+            title: val.title || key,
+          }))
+          .sort((a, b) => new Date(b.updatedAt || 0).getTime() - new Date(a.updatedAt || 0).getTime())
+          .slice(offset, offset + limit);
+
+        send("result", entries);
+        break;
+      }
+
+      case "conversations.get": {
+        const sessionId = sanitizePathComponent(String((params as any).id || ""), "sessionId");
+        const agentId = sanitizePathComponent(String((params as any).agent || "main"), "agent");
+
+        const store = readSessionStore(agentId);
+        let resolvedSessionId = sessionId;
+        if (store[sessionId]) resolvedSessionId = store[sessionId].sessionId || sessionId;
+
+        const transcript = readTranscript(agentId, resolvedSessionId);
+        const metadata = store[sessionId] || {};
+
+        send("result", { id: resolvedSessionId, metadata, messages: transcript });
+        break;
+      }
+
+      case "conversations.delete": {
+        const sessionId = sanitizePathComponent(String((params as any).id || ""), "sessionId");
+        const agentId = sanitizePathComponent(String((params as any).agent || "main"), "agent");
+        try {
+          const transcriptPath = getTranscriptPath(agentId, sessionId);
+          if (fs.existsSync(transcriptPath)) fs.unlinkSync(transcriptPath);
+          send("result", { ok: true });
+        } catch (e: any) {
+          send("error", undefined, { message: `Failed to delete: ${e?.message || e}` , code: 500 });
+        }
+        break;
+      }
+
+      // ================================================================
+      // Agents
+      // ================================================================
+      case "agents.list": {
+        const config = readOpenClawConfig(logger);
+        const agents = config?.agents?.list || [];
+        const defaults = config?.agents?.defaults || {};
+
+        const result = agents.map((a: any) => ({
+          id: a.id,
+          name: a.identity?.name || a.id,
+          model: a.model?.primary || defaults.model?.primary || "unknown",
+          workspace: a.workspace || defaults.workspace,
+          isDefault: !!a.default,
+        }));
+
+        send("result", result);
+        break;
+      }
+
+      case "agents.get": {
+        const agentId = sanitizePathComponent(String((params as any).id || ""), "agentId");
+        const config = readOpenClawConfig(logger);
+        const agents = config?.agents?.list || [];
+        const agent = agents.find((a: any) => a.id === agentId);
+
+        if (agent) send("result", agent);
+        else send("error", undefined, { message: `Agent '${agentId}' not found`, code: 404 });
+        break;
+      }
+
+      // ================================================================
+      // Identity links (deprecated/no-op)
+      // ================================================================
+      case "identity.link":
+      case "identity.unlink": {
+        send("result", { ok: true, message: "identity links deprecated" });
+        break;
+      }
+
+      case "identity.list": {
+        send("result", { links: {} });
+        break;
+      }
+
+      // ================================================================
+      // Sessions
+      // ================================================================
+      case "sessions.list": {
+        const agentId = sanitizePathComponent(String((params as any).agent || "main"), "agent");
+        const store = readSessionStore(agentId);
+        const entries = Object.entries(store).map(([key, val]: [string, any]) => ({
+          key,
+          sessionId: val.sessionId || key,
+          channel: val.channel || "unknown",
+          updatedAt: val.updatedAt,
+        }));
+        send("result", entries);
+        break;
+      }
+
+      // ================================================================
+      // TapTapAI session maintenance
+      // ================================================================
+      case "taptapai.sessions.list": {
+        const agentId = sanitizePathComponent(String((params as any).agent || "main"), "agent");
+        const limit = Number((params as any).limit || 100);
+        const offset = Number((params as any).offset || 0);
+
+        const all = listTapTapAiSessions(agentId);
+        send("result", { agent: agentId, total: all.length, offset, limit, sessions: all.slice(offset, offset + limit) });
+        break;
+      }
+
+      case "taptapai.sessions.delete": {
+        const agentId = sanitizePathComponent(String((params as any).agent || "main"), "agent");
+        const idParam = String((params as any)?.id || "").trim();
+        const all = Boolean((params as any)?.all);
+        const confirm = Boolean((params as any)?.confirm);
+        const dryRun = Boolean((params as any)?.dryRun);
+
+        if (all && !confirm && !dryRun) {
+          send("error", undefined, { message: "Refusing to delete all sessions without confirm=true (or dryRun=true)", code: 400 });
+          break;
+        }
+
+        const targets = all
+          ? listTapTapAiSessions(agentId).map((s) => ({ key: s.key, sessionId: s.sessionId }))
+          : (() => {
+              if (!idParam) return [];
+              const resolved = resolveSessionFromStore(agentId, idParam);
+              if (!resolved) return [];
+              if (!isTapTapAiSessionKey(resolved.key)) return [];
+              return [resolved];
+            })();
+
+        if (!targets.length) {
+          send("result", {
+            ok: true,
+            agent: agentId,
+            dryRun,
+            deleted: [],
+            deletedCount: 0,
+            message: all ? "No TapTapAI sessions found" : "Session not found (or not a TapTapAI session)",
+          });
+          break;
+        }
+
+        const deleted = targets.map((t) => purgeSession(agentId, t.key, t.sessionId, { dryRun }));
+        send("result", { ok: true, agent: agentId, dryRun, deletedCount: deleted.length, deleted });
+        break;
+      }
+
+      // ================================================================
+      // System
+      // ================================================================
+      case "health": {
+        const config = readOpenClawConfig(logger);
+        const agents = config?.agents?.list || [];
+        const channels = Object.keys(config?.channels || {}).filter((k) => config.channels[k]?.dmPolicy && config.channels[k].dmPolicy !== "disabled");
+
+        send("result", {
+          status: "healthy",
+          version: runtime?.version ?? "unknown",
+          agents: agents.length,
+          channels: channels.length,
+          channelNames: channels,
+          wsConnected: true,
+          gatewayWsConnected: gatewayState.connected,
+        });
+        break;
+      }
+
+      case "memory.search": {
+        const query = String((params as any).query || "");
+        const limit = Number((params as any).limit || 5);
+
+        const workspacePath = runtime?.config?.loadConfig?.()?.agents?.defaults?.workspace || path.join(os.homedir(), ".openclaw", "workspace");
+        const memoryDir = path.join(workspacePath, "memory");
+
+        const results: any[] = [];
+        try {
+          if (fs.existsSync(memoryDir)) {
+            const files = fs.readdirSync(memoryDir).filter((f: string) => f.endsWith(".md"));
+            const queryLower = query.toLowerCase();
+            for (const file of files) {
+              const safePath = ensurePathWithin(memoryDir, file, "memory file");
+              const content = fs.readFileSync(safePath, "utf-8");
+              if (content.toLowerCase().includes(queryLower)) {
+                results.push({ source: `memory/${file}`, text: content.substring(0, 500), score: 1.0 });
+                if (results.length >= limit) break;
+              }
+            }
+          }
+        } catch (e: any) {
+          logger.error?.(`[taptapai] Memory search error: ${e?.message || e}`);
+        }
+
+        send("result", results);
+        break;
+      }
+
+      case "memory.get": {
+        const memPath = (params as any).path as string | undefined;
+
+        const workspacePath = runtime?.config?.loadConfig?.()?.agents?.defaults?.workspace || path.join(os.homedir(), ".openclaw", "workspace");
+        let filePath: string;
+        try {
+          filePath = memPath
+            ? ensurePathWithin(workspacePath, memPath, "memory path")
+            : path.join(workspacePath, "MEMORY.md");
+        } catch (e: any) {
+          send("error", undefined, { message: "Invalid path", code: 400 });
+          break;
+        }
+
+        try {
+          if (fs.existsSync(filePath)) {
+            const content = fs.readFileSync(filePath, "utf-8");
+            send("result", { path: filePath, content });
+          } else {
+            send("error", undefined, { message: "File not found", code: 404 });
+          }
+        } catch (e: any) {
+          send("error", undefined, { message: "Read error", code: 500 });
+        }
+
+        break;
+      }
+
+      default:
+        send("error", undefined, { message: `Unknown method: ${method}`, code: 404 });
+    }
+  } catch (e: any) {
+    logger.error?.(`[taptapai] Handler error for ${method}: ${e?.stack || e?.message || e}`);
+    send("error", undefined, { message: "Internal handler error", code: 500 });
+  }
+}

package/src/sanitize.ts

@@ -0,0 +1,57 @@
+import * as path from "path";
+
+/**
+ * Validates that a path component (agentId, sessionId, filename) is safe
+ * to use in filesystem operations. Rejects traversal attempts, slashes,
+ * null bytes, and other dangerous characters.
+ *
+ * @throws Error if the component is invalid
+ */
+export function sanitizePathComponent(value: string, label: string = "value"): string {
+  const trimmed = String(value ?? "").trim();
+
+  if (!trimmed) {
+    throw new Error(`${label} must not be empty`);
+  }
+
+  // Reject null bytes
+  if (trimmed.includes("\0")) {
+    throw new Error(`${label} contains null bytes`);
+  }
+
+  // Reject path separators
+  if (trimmed.includes("/") || trimmed.includes("\\")) {
+    throw new Error(`${label} must not contain path separators`);
+  }
+
+  // Reject traversal patterns
+  if (trimmed === "." || trimmed === ".." || trimmed.includes("..")) {
+    throw new Error(`${label} must not contain path traversal sequences`);
+  }
+
+  // Reject control characters (U+0000 to U+001F, U+007F)
+  if (/[\x00-\x1f\x7f]/.test(trimmed)) {
+    throw new Error(`${label} must not contain control characters`);
+  }
+
+  return trimmed;
+}
+
+/**
+ * Ensures that a resolved file path stays within a given base directory.
+ * Prevents path traversal via symlinks or encoded components.
+ *
+ * @returns The resolved absolute path
+ * @throws Error if the path escapes the base directory
+ */
+export function ensurePathWithin(basePath: string, untrustedPath: string, label: string = "path"): string {
+  const resolvedBase = path.resolve(basePath);
+  const resolvedFull = path.resolve(basePath, untrustedPath);
+
+  // Ensure the resolved path starts with the base path + separator (or is exactly the base)
+  if (resolvedFull !== resolvedBase && !resolvedFull.startsWith(resolvedBase + path.sep)) {
+    throw new Error(`${label} escapes the allowed directory`);
+  }
+
+  return resolvedFull;
+}

package/src/secrets.ts

@@ -0,0 +1,93 @@
+import * as crypto from "crypto";
+import * as fs from "fs";
+import process from "process";
+import type { StoredSecret } from "./types";
+import { getSecretCachePath, getUuidCachePath, getPluginDataDir } from "./paths";
+
+/** Write data atomically: write to temp file, then rename. */
+function atomicWriteFileSync(filePath: string, data: string, mode: number = 0o600): void {
+  const tmpPath = filePath + ".tmp." + process.pid;
+  fs.writeFileSync(tmpPath, data, { encoding: "utf8", mode });
+  try { fs.chmodSync(tmpPath, mode); } catch {}
+  fs.renameSync(tmpPath, filePath);
+}
+
+function sha256Hex(value: string): string {
+  return crypto.createHash("sha256").update(value, "utf8").digest("hex");
+}
+
+/**
+ * @deprecated Kept only for backward compatibility with existing tokens.
+ * New tokens should use computeScryptHash() instead.
+ */
+export function computeDoubleSha256Hex(password: string): string {
+  return sha256Hex(sha256Hex(password));
+}
+
+/**
+ * Derives a password hash using scrypt with a random salt.
+ * Returns { hash, salt } where both are hex strings.
+ */
+export function computeScryptHash(password: string, existingSalt?: string): { hash: string; salt: string } {
+  const salt = existingSalt || crypto.randomBytes(32).toString("hex");
+  const derived = crypto.scryptSync(password, salt, 64, { N: 16384, r: 8, p: 1 });
+  return { hash: derived.toString("hex"), salt };
+}
+
+export function sha256HexPrefix(value: string, length: number): string {
+  return sha256Hex(value).slice(0, length);
+}
+
+export function encodeSecretToken(versionByte: number, uuidHex: string, passwordHashHex: string, n: number): string {
+  const uuidBuf = Buffer.from(uuidHex, "hex");
+  const passBuf = Buffer.from(passwordHashHex, "hex");
+  const verBuf = Buffer.from([versionByte & 0xff]);
+  const nBuf = Buffer.allocUnsafe(4);
+  nBuf.writeUInt32BE(n >>> 0, 0);
+  const raw = Buffer.concat([verBuf, uuidBuf, passBuf, nBuf]);
+  return `tta1_${raw.toString("base64url")}`;
+}
+
+export function ensurePluginDataDir(): void {
+  fs.mkdirSync(getPluginDataDir(), { recursive: true });
+}
+
+export function loadOrCreateUuidHex(): string {
+  ensurePluginDataDir();
+  const p = getUuidCachePath();
+  try {
+    const parsed = JSON.parse(fs.readFileSync(p, "utf8"));
+    const uuidHex = String(parsed?.uuidHex || "").trim();
+    if (/^[0-9a-f]{64}$/i.test(uuidHex)) return uuidHex.toLowerCase();
+  } catch (e: any) {
+    // First run or corrupted file — will regenerate below
+  }
+
+  const uuidHex = crypto.randomBytes(32).toString("hex");
+  atomicWriteFileSync(p, JSON.stringify({ uuidHex, createdAt: new Date().toISOString() }, null, 2));
+  return uuidHex;
+}
+
+export function loadStoredSecret(): StoredSecret | null {
+  try {
+    const p = getSecretCachePath();
+    const parsed = JSON.parse(fs.readFileSync(p, "utf8"));
+    if (!parsed?.token || !parsed?.uuidHex) return null;
+    return {
+      version: Number(parsed.version ?? 0),
+      uuidHex: String(parsed.uuidHex),
+      n: Number(parsed.n ?? 1),
+      token: String(parsed.token),
+      salt: parsed.salt ? String(parsed.salt) : undefined,
+      generatedAt: String(parsed.generatedAt ?? new Date().toISOString()),
+    };
+  } catch {
+    return null;
+  }
+}
+
+export function saveStoredSecret(secret: StoredSecret): void {
+  ensurePluginDataDir();
+  const p = getSecretCachePath();
+  atomicWriteFileSync(p, JSON.stringify(secret, null, 2));
+}

package/src/sessions.ts

@@ -0,0 +1,117 @@
+import * as fs from "fs";
+import * as path from "path";
+import process from "process";
+import { getSessionStorePath, getTranscriptPath } from "./paths";
+
+export function readSessionStore(agentId: string = "main"): Record<string, any> {
+  try {
+    const raw = fs.readFileSync(getSessionStorePath(agentId), "utf-8");
+    return JSON.parse(raw);
+  } catch {
+    return {};
+  }
+}
+
+export function writeSessionStore(agentId: string, store: Record<string, any>): void {
+  const p = getSessionStorePath(agentId);
+  try {
+    fs.mkdirSync(path.dirname(p), { recursive: true });
+  } catch {}
+  // Atomic write: write to temp then rename to prevent partial writes
+  const tmpPath = p + ".tmp." + process.pid;
+  fs.writeFileSync(tmpPath, JSON.stringify(store, null, 2), "utf-8");
+  fs.renameSync(tmpPath, p);
+}
+
+export function isTapTapAiSessionKey(key: string): boolean {
+  return String(key || "").trim().startsWith("taptapai:");
+}
+
+export function resolveSessionFromStore(agentId: string, keyOrId: string): { key: string; sessionId: string } | null {
+  const id = String(keyOrId || "").trim();
+  if (!id) return null;
+
+  const store = readSessionStore(agentId);
+
+  if (store[id]) {
+    const sessionId = String(store[id]?.sessionId || id);
+    return { key: id, sessionId };
+  }
+
+  for (const [key, val] of Object.entries(store)) {
+    const sid = String((val as any)?.sessionId || "");
+    if (sid && sid === id) return { key, sessionId: sid };
+  }
+
+  return null;
+}
+
+export function listTapTapAiSessions(agentId: string): Array<{ key: string; sessionId: string; updatedAt: any; title: any }> {
+  const store = readSessionStore(agentId);
+  return Object.entries(store)
+    .filter(([key]) => isTapTapAiSessionKey(key))
+    .map(([key, val]: [string, any]) => ({
+      key,
+      sessionId: String(val?.sessionId || key),
+      updatedAt: val?.updatedAt || val?.lastMessageAt,
+      title: val?.title || key,
+    }))
+    .sort((a, b) => new Date(b.updatedAt || 0).getTime() - new Date(a.updatedAt || 0).getTime());
+}
+
+export function purgeSession(
+  agentId: string,
+  key: string,
+  sessionId: string,
+  opts?: { deleteTranscript?: boolean; deleteStoreEntry?: boolean; dryRun?: boolean },
+): {
+  key: string;
+  sessionId: string;
+  storeEntryDeleted: boolean;
+  transcriptDeleted: boolean;
+} {
+  const dryRun = !!opts?.dryRun;
+  const deleteTranscript = opts?.deleteTranscript !== false;
+  const deleteStoreEntry = opts?.deleteStoreEntry !== false;
+
+  let storeEntryDeleted = false;
+  let transcriptDeleted = false;
+
+  if (deleteStoreEntry) {
+    const store = readSessionStore(agentId);
+    if (store[key] !== undefined) {
+      if (!dryRun) {
+        delete store[key];
+        writeSessionStore(agentId, store);
+      }
+      storeEntryDeleted = true;
+    }
+  }
+
+  if (deleteTranscript) {
+    const transcriptPath = getTranscriptPath(agentId, sessionId);
+    if (fs.existsSync(transcriptPath)) {
+      if (!dryRun) {
+        try { fs.unlinkSync(transcriptPath); } catch {}
+      }
+      transcriptDeleted = true;
+    }
+  }
+
+  return { key, sessionId, storeEntryDeleted, transcriptDeleted };
+}
+
+export function readTranscript(agentId: string, sessionId: string): any[] {
+  try {
+    const raw = fs.readFileSync(getTranscriptPath(agentId, sessionId), "utf-8");
+    return raw
+      .split("\n")
+      .filter((line: string) => line.trim())
+      .map((line: string) => {
+        try { return JSON.parse(line); } catch { return null; }
+      })
+      .filter(Boolean);
+  } catch {
+    return [];
+  }
+}