@upx-us/shield 0.3.16 → 0.4.36

package/dist/src/rpc/handlers.js

@@ -0,0 +1,141 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VALID_ROOT_CAUSES = exports.VALID_RESOLUTIONS = void 0;
+exports.createEventsRecentHandler = createEventsRecentHandler;
+exports.createEventsSummaryHandler = createEventsSummaryHandler;
+exports.createSubscriptionStatusHandler = createSubscriptionStatusHandler;
+exports.createCasesListHandler = createCasesListHandler;
+exports.createCaseDetailHandler = createCaseDetailHandler;
+exports.createCaseResolveHandler = createCaseResolveHandler;
+exports.createCasesAckHandler = createCasesAckHandler;
+const event_store_1 = require("../event-store");
+const client_1 = require("./client");
+function formatResponse(result) {
+    if (result.ok) {
+        return { ok: true, data: result.data };
+    }
+    const errorData = { error: result.error };
+    if (result.upgradeUrl) {
+        errorData.upgradeUrl = result.upgradeUrl;
+    }
+    return { ok: false, data: errorData };
+}
+function createEventsRecentHandler(_config) {
+    return async ({ respond, params }) => {
+        const limit = typeof params?.limit === 'number' ? params.limit : 20;
+        const type = typeof params?.type === 'string' ? params.type : undefined;
+        const sinceMs = typeof params?.sinceMs === 'number' ? params.sinceMs : undefined;
+        const events = (0, event_store_1.queryEvents)({ limit, type, sinceMs });
+        respond(true, { events, count: events.length, source: 'local' });
+    };
+}
+function createEventsSummaryHandler(_config) {
+    return async ({ respond, params }) => {
+        const sinceMs = typeof params?.sinceMs === 'number' ? params.sinceMs : undefined;
+        const summary = (0, event_store_1.summarizeEvents)(sinceMs);
+        respond(true, { ...summary, source: 'local' });
+    };
+}
+function createSubscriptionStatusHandler(config) {
+    return async ({ respond }) => {
+        const result = await (0, client_1.callPlatformApi)(config, '/v1/subscription/status');
+        const { ok, data } = formatResponse(result);
+        respond(ok, data);
+    };
+}
+exports.VALID_RESOLUTIONS = ['true_positive', 'false_positive', 'benign', 'duplicate'];
+exports.VALID_ROOT_CAUSES = ['user_initiated', 'misconfiguration', 'expected_behavior', 'actual_threat', 'testing', 'unknown'];
+function createCasesListHandler(config) {
+    return async ({ respond, params }) => {
+        const { getPendingCases, formatCaseNotification } = require('../case-monitor');
+        const pending = getPendingCases();
+        if (!config.apiUrl) {
+            respond(true, {
+                cases: pending,
+                total: pending.length,
+                has_more: false,
+                pending_count: pending.length,
+                pending_notifications: pending.map((c) => ({
+                    ...c,
+                    formatted_message: formatCaseNotification(c),
+                })),
+                source: 'local_cache',
+            });
+            return;
+        }
+        const queryParams = {
+            status: typeof params?.status === 'string' ? params.status : 'open',
+            limit: typeof params?.limit === 'number' ? params.limit : 20,
+        };
+        if (typeof params?.since === 'string') {
+            queryParams.since = params.since;
+        }
+        const result = await (0, client_1.callPlatformApi)(config, '/v1/agent/cases', queryParams);
+        const { ok, data } = formatResponse(result);
+        if (ok && data && typeof data === 'object') {
+            data.pending_count = pending.length;
+            data.pending_notifications = pending.map((c) => ({
+                ...c,
+                formatted_message: formatCaseNotification(c),
+            }));
+        }
+        respond(ok, data);
+    };
+}
+function createCaseDetailHandler(config) {
+    return async ({ respond, params }) => {
+        const caseId = typeof params?.id === 'string' ? params.id : null;
+        if (!caseId) {
+            respond(false, { error: 'Missing required parameter: id' });
+            return;
+        }
+        const result = await (0, client_1.callPlatformApi)(config, `/v1/agent/cases/${caseId}`);
+        const { ok, data } = formatResponse(result);
+        respond(ok, data);
+    };
+}
+function createCaseResolveHandler(config) {
+    return async ({ respond, params }) => {
+        const caseId = typeof params?.id === 'string' ? params.id : null;
+        if (!caseId) {
+            respond(false, { error: 'Missing required parameter: id' });
+            return;
+        }
+        const resolution = params?.resolution;
+        const rootCause = params?.root_cause;
+        const comment = typeof params?.comment === 'string' ? params.comment : '';
+        if (!resolution || !exports.VALID_RESOLUTIONS.includes(resolution)) {
+            respond(false, {
+                error: `Invalid resolution. Must be one of: ${exports.VALID_RESOLUTIONS.join(', ')}`,
+                valid_resolutions: exports.VALID_RESOLUTIONS,
+            });
+            return;
+        }
+        if (!rootCause || !exports.VALID_ROOT_CAUSES.includes(rootCause)) {
+            respond(false, {
+                error: `Invalid root_cause. Must be one of: ${exports.VALID_ROOT_CAUSES.join(', ')}`,
+                valid_root_causes: exports.VALID_ROOT_CAUSES,
+            });
+            return;
+        }
+        const result = await (0, client_1.callPlatformApi)(config, `/v1/agent/cases/${caseId}/resolve`, {
+            resolution,
+            root_cause: rootCause,
+            comment,
+        });
+        const { ok, data } = formatResponse(result);
+        respond(ok, data);
+    };
+}
+function createCasesAckHandler() {
+    return async ({ respond, params }) => {
+        const { acknowledgeCases } = require('../case-monitor');
+        const ids = Array.isArray(params?.ids) ? params.ids : [];
+        if (ids.length === 0) {
+            respond(false, { error: 'Missing required parameter: ids (array of case IDs)' });
+            return;
+        }
+        acknowledgeCases(ids);
+        respond(true, { acknowledged: ids.length });
+    };
+}

package/dist/src/rpc/index.d.ts

@@ -0,0 +1,10 @@
+import type { PlatformApiConfig } from './client';
+interface PluginAPI {
+    registerGatewayMethod(method: string, handler: (ctx: {
+        respond: (ok: boolean, data: unknown) => void;
+        params?: Record<string, unknown>;
+    }) => void): void;
+}
+export declare function registerAllRpcs(api: PluginAPI, config: PlatformApiConfig): void;
+export type { PlatformApiConfig } from './client';
+export type { EventSummary, RecentEvent, SubscriptionStatus } from './handlers';

package/dist/src/rpc/index.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerAllRpcs = registerAllRpcs;
+const handlers_1 = require("./handlers");
+function registerAllRpcs(api, config) {
+    api.registerGatewayMethod('shield.events_recent', (0, handlers_1.createEventsRecentHandler)(config));
+    api.registerGatewayMethod('shield.events_summary', (0, handlers_1.createEventsSummaryHandler)(config));
+    api.registerGatewayMethod('shield.subscription_status', (0, handlers_1.createSubscriptionStatusHandler)(config));
+    api.registerGatewayMethod('shield.cases_list', (0, handlers_1.createCasesListHandler)(config));
+    api.registerGatewayMethod('shield.case_detail', (0, handlers_1.createCaseDetailHandler)(config));
+    api.registerGatewayMethod('shield.case_resolve', (0, handlers_1.createCaseResolveHandler)(config));
+    api.registerGatewayMethod('shield.cases_ack', (0, handlers_1.createCasesAckHandler)());
+}

package/dist/src/safe-io.d.ts

@@ -0,0 +1,2 @@
+export declare function writeJsonSafe(filePath: string, data: unknown): void;
+export declare function readJsonSafe<T>(filePath: string, fallback: T, label?: string): T;

package/dist/src/safe-io.js

@@ -0,0 +1,78 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.writeJsonSafe = writeJsonSafe;
+exports.readJsonSafe = readJsonSafe;
+const fs_1 = require("fs");
+const path_1 = require("path");
+const log = __importStar(require("./log"));
+function writeJsonSafe(filePath, data) {
+    const dir = (0, path_1.dirname)(filePath);
+    if (!(0, fs_1.existsSync)(dir))
+        (0, fs_1.mkdirSync)(dir, { recursive: true });
+    const tmp = filePath + '.tmp';
+    try {
+        (0, fs_1.writeFileSync)(tmp, JSON.stringify(data, null, 2) + '\n');
+        (0, fs_1.renameSync)(tmp, filePath);
+    }
+    catch (err) {
+        try {
+            (0, fs_1.unlinkSync)(tmp);
+        }
+        catch { }
+        throw err;
+    }
+}
+function readJsonSafe(filePath, fallback, label) {
+    if (!(0, fs_1.existsSync)(filePath))
+        return fallback;
+    try {
+        const raw = (0, fs_1.readFileSync)(filePath, 'utf8').trim();
+        if (!raw)
+            return fallback;
+        return JSON.parse(raw);
+    }
+    catch (err) {
+        const tag = label || filePath;
+        log.warn('safe-io', `Corrupt JSON in ${tag} — using defaults: ${err instanceof Error ? err.message : String(err)}`);
+        try {
+            const backup = filePath + '.corrupt.' + Date.now();
+            (0, fs_1.renameSync)(filePath, backup);
+            log.warn('safe-io', `Corrupt file preserved as ${backup}`);
+        }
+        catch { }
+        return fallback;
+    }
+}

package/dist/src/transformer.d.ts

@@ -9,6 +9,7 @@ export interface IngestPayload {
     entries: EnvelopeEvent[];
 }
 export declare function resolveOpenClawVersion(): string;
+export declare function _resetCachedOpenClawVersion(): void;
 export declare function resolveAgentLabel(agentId: string): string;
 export declare function getCachedPublicIp(): string | null;
 export declare function resolveOutboundIp(): Promise<string | null>;

package/dist/src/transformer.js

@@ -34,6 +34,7 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.resolveOpenClawVersion = resolveOpenClawVersion;
+exports._resetCachedOpenClawVersion = _resetCachedOpenClawVersion;
 exports.resolveAgentLabel = resolveAgentLabel;
 exports.getCachedPublicIp = getCachedPublicIp;
 exports.resolveOutboundIp = resolveOutboundIp;
@@ -41,37 +42,59 @@ exports.transformEntries = transformEntries;
 exports.generateHostTelemetry = generateHostTelemetry;
 const os = __importStar(require("os"));
 const fs = __importStar(require("fs"));
+const safe_io_1 = require("./safe-io");
 const path = __importStar(require("path"));
 const dgram_1 = require("dgram");
 const events_1 = require("./events");
 const log = __importStar(require("./log"));
 const version_1 = require("./version");
 const counters_1 = require("./counters");
+const inventory_1 = require("./inventory");
+let _cachedOpenClawVersion = "";
 function resolveOpenClawVersion() {
-    if (process.env.OPENCLAW_VERSION)
-        return process.env.OPENCLAW_VERSION;
-    const candidates = [
-        '/opt/homebrew/lib/node_modules/openclaw/package.json',
-        '/usr/local/lib/node_modules/openclaw/package.json',
-        path.join(os.homedir(), '.nvm/versions/node/*/lib/node_modules/openclaw/package.json'),
-    ];
-    for (const p of candidates) {
-        try {
-            if (fs.existsSync(p)) {
-                const pkg = JSON.parse(fs.readFileSync(p, 'utf8'));
-                if (pkg.version)
-                    return pkg.version;
-            }
+    if (_cachedOpenClawVersion !== "")
+        return _cachedOpenClawVersion;
+    if (process.env.OPENCLAW_VERSION) {
+        _cachedOpenClawVersion = process.env.OPENCLAW_VERSION;
+        return _cachedOpenClawVersion;
+    }
+    try {
+        const pkgPath = require.resolve('openclaw/package.json');
+        const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+        if (pkg.version) {
+            _cachedOpenClawVersion = pkg.version;
+            return _cachedOpenClawVersion;
         }
-        catch { }
     }
+    catch { }
     try {
-        const cfg = JSON.parse(fs.readFileSync(path.join(os.homedir(), '.openclaw/openclaw.json'), 'utf8'));
-        return cfg?.meta?.lastTouchedVersion || 'unknown';
+        const { execSync } = require('child_process');
+        const output = execSync('openclaw --version', {
+            timeout: 5000,
+            stdio: ['ignore', 'pipe', 'ignore'],
+            encoding: 'utf8',
+        }).trim();
+        const version = output.includes('/') ? output.split('/').pop() : output;
+        if (version && version !== 'unknown') {
+            _cachedOpenClawVersion = version;
+            return _cachedOpenClawVersion;
+        }
     }
-    catch {
-        return 'unknown';
+    catch { }
+    try {
+        const cfg = JSON.parse(fs.readFileSync(path.join(os.homedir(), '.openclaw/openclaw.json'), 'utf8'));
+        const v = cfg?.meta?.lastTouchedVersion;
+        if (v) {
+            _cachedOpenClawVersion = v;
+            return _cachedOpenClawVersion;
+        }
     }
+    catch { }
+    _cachedOpenClawVersion = 'unknown';
+    return _cachedOpenClawVersion;
+}
+function _resetCachedOpenClawVersion() {
+    _cachedOpenClawVersion = "";
 }
 function resolveAgentLabel(agentId) {
     if (process.env.OPENCLAW_AGENT_LABEL)
@@ -113,7 +136,7 @@ function writeIpCache(ip) {
         const dir = path.dirname(IP_CACHE_FILE);
         if (!fs.existsSync(dir))
             fs.mkdirSync(dir, { recursive: true });
-        fs.writeFileSync(IP_CACHE_FILE, JSON.stringify({ ip, resolvedAt: Date.now() }));
+        (0, safe_io_1.writeJsonSafe)(IP_CACHE_FILE, { ip, resolvedAt: Date.now() });
     }
     catch { }
 }
@@ -205,6 +228,8 @@ function isAdministrativeEvent(toolName, args, sessionId) {
             return true;
         if (/openclaw\s+cron\s+(list|log|runs|status)/.test(cmd))
             return true;
+        if (/openclaw\s+shield\s+cases/.test(cmd))
+            return true;
         if (/ps\s+aux.*grep.*(ts-node|bridge|shield)/.test(cmd))
             return true;
         if (/gcloud\s+auth\s+print-access-token/.test(cmd))
@@ -223,6 +248,8 @@ function isAdministrativeEvent(toolName, args, sessionId) {
         return true;
     if (['sessions_list', 'sessions_history', 'session_status'].includes(toolName))
         return true;
+    if (/^shield\.cases_/.test(toolName) || /^shield\.status$/.test(toolName))
+        return true;
     return false;
 }
 function transformEntries(entries) {
@@ -251,6 +278,18 @@ function transformEntries(entries) {
                         event.tool_metadata = {};
                     event.tool_metadata['openclaw.is_administrative'] = 'true';
                 }
+                const crossText = [
+                    args.command || '',
+                    args.file_path || args.path || args.filePath || '',
+                    args.url || '',
+                ].join(' ');
+                const targetWorkspace = (0, inventory_1.detectCrossWorkspace)(crossText, agentId);
+                if (targetWorkspace) {
+                    if (!event.tool_metadata)
+                        event.tool_metadata = {};
+                    event.tool_metadata['openclaw.cross_workspace_access'] = 'true';
+                    event.tool_metadata['openclaw.target_workspace'] = targetWorkspace;
+                }
                 log.debug('transformer', `TOOL_CALL tool=${toolName} session=${entry._sessionId} agent=${agentId} schema=${schema.constructor?.name || 'unknown'} admin=${event.tool_metadata?.['openclaw.is_administrative'] === 'true'}`, log.isDebug ? event : undefined);
                 (0, counters_1.recordEventType)(event.event_type);
                 envelopes.push({ source, event });

package/dist/src/updater.d.ts

@@ -0,0 +1,49 @@
+export type AutoUpdateMode = boolean | 'notify-only';
+export interface UpdateState {
+    lastCheckAt: number;
+    lastUpdateAt: number;
+    currentVersion: string;
+    latestVersion: string | null;
+    updateAvailable: boolean;
+    lastError: string | null;
+    rollbackVersion: string | null;
+    consecutiveFailures: number;
+}
+export interface UpdateCheckResult {
+    updateAvailable: boolean;
+    currentVersion: string;
+    latestVersion: string;
+    isPatch: boolean;
+    isMinor: boolean;
+    isMajor: boolean;
+}
+interface SemVer {
+    major: number;
+    minor: number;
+    patch: number;
+    prerelease: string | null;
+}
+export declare function parseSemVer(version: string): SemVer | null;
+export declare function isNewerVersion(current: string, candidate: string): boolean;
+export declare function classifyUpdate(current: string, candidate: string): {
+    isPatch: boolean;
+    isMinor: boolean;
+    isMajor: boolean;
+};
+export declare function loadUpdateState(): UpdateState;
+export declare function saveUpdateState(state: UpdateState): void;
+export declare function checkNpmVersion(): string | null;
+export declare function checkForUpdate(overrideInterval?: number): UpdateCheckResult | null;
+export declare function backupCurrentVersion(): string | null;
+export declare function restoreFromBackup(backupPath: string): boolean;
+export declare function downloadAndInstall(targetVersion: string): boolean;
+export interface UpdateResult {
+    action: 'none' | 'notify' | 'updated' | 'rollback' | 'error';
+    fromVersion: string;
+    toVersion: string | null;
+    message: string;
+    requiresRestart: boolean;
+}
+export declare function performAutoUpdate(mode: AutoUpdateMode, checkIntervalMs?: number): UpdateResult;
+export declare function requestGatewayRestart(): boolean;
+export {};