@upx-us/shield 0.3.29 → 0.4.36

package/dist/src/inventory.d.ts

@@ -0,0 +1,26 @@
+export interface AgentInfo {
+    id: string;
+    name: string | null;
+    workspace: string;
+    has_identity: boolean;
+    is_bootstrapped: boolean;
+}
+export interface HostInventory {
+    collected_at: string;
+    agents: AgentInfo[];
+    agent_count: number;
+    workspace_count: number;
+}
+export interface InventoryPaths {
+    agentsDir: string;
+    openclawHome: string;
+    vaultPath: string;
+}
+export declare function scanAgents(paths?: Partial<InventoryPaths>): AgentInfo[];
+export declare function readVault(vaultPath?: string): Record<string, unknown>;
+export declare function writeVault(vault: Record<string, unknown>, vaultPath?: string): void;
+export declare function collectInventory(paths?: Partial<InventoryPaths>): HostInventory;
+export declare function loadCachedInventory(paths?: Partial<InventoryPaths>): HostInventory | null;
+export declare function setCachedInventory(inventory: HostInventory): void;
+export declare function resetCachedInventory(): void;
+export declare function detectCrossWorkspace(text: string, currentAgentId: string, inventory?: HostInventory | null): string | null;

package/dist/src/inventory.js

@@ -0,0 +1,191 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scanAgents = scanAgents;
+exports.readVault = readVault;
+exports.writeVault = writeVault;
+exports.collectInventory = collectInventory;
+exports.loadCachedInventory = loadCachedInventory;
+exports.setCachedInventory = setCachedInventory;
+exports.resetCachedInventory = resetCachedInventory;
+exports.detectCrossWorkspace = detectCrossWorkspace;
+const os_1 = require("os");
+const path_1 = require("path");
+const fs_1 = require("fs");
+const safe_io_1 = require("./safe-io");
+const log = __importStar(require("./log"));
+const OPENCLAW_HOME = (0, path_1.join)((0, os_1.homedir)(), '.openclaw');
+const AGENTS_DIR = (0, path_1.join)(OPENCLAW_HOME, 'agents');
+const VAULT_PATH = (0, path_1.join)(OPENCLAW_HOME, 'shield', 'vault.json');
+function defaultPaths() {
+    return { agentsDir: AGENTS_DIR, openclawHome: OPENCLAW_HOME, vaultPath: VAULT_PATH };
+}
+function resolveWorkspace(agentId) {
+    if (agentId === 'main')
+        return 'workspace';
+    return `workspace-${agentId}`;
+}
+function parseIdentityName(identityPath) {
+    try {
+        if (!(0, fs_1.existsSync)(identityPath))
+            return null;
+        const content = (0, fs_1.readFileSync)(identityPath, 'utf8');
+        const match = content.match(/^\s*-\s*\*\*Name:\*\*\s*(.+)$/m);
+        if (match) {
+            const name = match[1].trim();
+            return name || null;
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+function scanAgents(paths) {
+    const p = { ...defaultPaths(), ...paths };
+    const agents = [];
+    if (!(0, fs_1.existsSync)(p.agentsDir)) {
+        log.warn('inventory', `Agents directory not found: ${p.agentsDir}`);
+        return agents;
+    }
+    let entries;
+    try {
+        entries = (0, fs_1.readdirSync)(p.agentsDir);
+    }
+    catch (err) {
+        log.warn('inventory', `Failed to read agents directory: ${err instanceof Error ? err.message : String(err)}`);
+        return agents;
+    }
+    for (const agentId of entries) {
+        try {
+            const workspaceName = resolveWorkspace(agentId);
+            const workspacePath = (0, path_1.join)(p.openclawHome, workspaceName);
+            const identityPath = (0, path_1.join)(workspacePath, 'IDENTITY.md');
+            const bootstrapPath = (0, path_1.join)(workspacePath, 'BOOTSTRAP.md');
+            const name = parseIdentityName(identityPath);
+            const hasIdentity = (0, fs_1.existsSync)(identityPath);
+            const isBootstrapped = !(0, fs_1.existsSync)(bootstrapPath);
+            agents.push({
+                id: agentId,
+                name,
+                workspace: workspaceName,
+                has_identity: hasIdentity,
+                is_bootstrapped: isBootstrapped,
+            });
+        }
+        catch (err) {
+            log.warn('inventory', `Failed to process agent "${agentId}": ${err instanceof Error ? err.message : String(err)}`);
+        }
+    }
+    return agents;
+}
+function readVault(vaultPath) {
+    const path = vaultPath ?? VAULT_PATH;
+    try {
+        if (!(0, fs_1.existsSync)(path))
+            return {};
+        const content = (0, fs_1.readFileSync)(path, 'utf8');
+        const parsed = JSON.parse(content);
+        if (typeof parsed !== 'object' || parsed === null || Array.isArray(parsed)) {
+            log.warn('inventory', 'Vault file has unexpected shape — resetting');
+            return {};
+        }
+        return parsed;
+    }
+    catch (err) {
+        log.warn('inventory', `Failed to read vault (will reset): ${err instanceof Error ? err.message : String(err)}`);
+        return {};
+    }
+}
+function writeVault(vault, vaultPath) {
+    const p = vaultPath ?? VAULT_PATH;
+    try {
+        (0, safe_io_1.writeJsonSafe)(p, vault);
+    }
+    catch (err) {
+        log.warn('inventory', `Failed to write vault: ${err instanceof Error ? err.message : String(err)}`);
+    }
+}
+function collectInventory(paths) {
+    const agents = scanAgents(paths);
+    const workspaces = new Set(agents.map(a => a.workspace));
+    const inventory = {
+        collected_at: new Date().toISOString(),
+        agents,
+        agent_count: agents.length,
+        workspace_count: workspaces.size,
+    };
+    const p = { ...defaultPaths(), ...paths };
+    const vault = readVault(p.vaultPath);
+    vault.host_inventory = inventory;
+    writeVault(vault, p.vaultPath);
+    log.info('inventory', `Collected inventory: ${inventory.agent_count} agents, ${inventory.workspace_count} workspaces`);
+    return inventory;
+}
+function escapeRegex(s) {
+    return s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+let _cachedInventory = null;
+function loadCachedInventory(paths) {
+    if (_cachedInventory)
+        return _cachedInventory;
+    const p = { ...defaultPaths(), ...paths };
+    const vault = readVault(p.vaultPath);
+    if (vault.host_inventory && typeof vault.host_inventory === 'object') {
+        _cachedInventory = vault.host_inventory;
+        return _cachedInventory;
+    }
+    return null;
+}
+function setCachedInventory(inventory) {
+    _cachedInventory = inventory;
+}
+function resetCachedInventory() {
+    _cachedInventory = null;
+}
+function detectCrossWorkspace(text, currentAgentId, inventory) {
+    const inv = inventory ?? _cachedInventory;
+    if (!inv || inv.agents.length === 0)
+        return null;
+    for (const agent of inv.agents) {
+        if (agent.id === currentAgentId)
+            continue;
+        const pattern = new RegExp(`(?:^|[/\\\\])${escapeRegex(agent.workspace)}(?:[/\\\\]|$)`);
+        if (pattern.test(text)) {
+            return agent.workspace;
+        }
+    }
+    return null;
+}

package/dist/src/rpc/client.d.ts

@@ -0,0 +1,12 @@
+export interface PlatformApiConfig {
+    apiUrl: string | null;
+    instanceId: string;
+    hmacSecret: string;
+}
+export interface PlatformApiResponse<T = unknown> {
+    ok: boolean;
+    data?: T;
+    error?: string;
+    upgradeUrl?: string;
+}
+export declare function callPlatformApi<T = unknown>(config: PlatformApiConfig, path: string, params?: Record<string, unknown>, method?: 'GET' | 'POST'): Promise<PlatformApiResponse<T>>;

package/dist/src/rpc/client.js

@@ -0,0 +1,105 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.callPlatformApi = callPlatformApi;
+const crypto = __importStar(require("crypto"));
+const TIMEOUT_MS = 10_000;
+function signRequest(_method, _path, _body, secret, instanceId) {
+    const nonce = `${Date.now()}-${crypto.randomBytes(8).toString('hex')}`;
+    const signature = crypto
+        .createHmac('sha256', secret)
+        .update(`${instanceId}:${nonce}`)
+        .digest('hex');
+    return {
+        'Content-Type': 'application/json',
+        'User-Agent': 'OpenClaw-Shield-Plugin/rpc',
+        'X-Shield-Instance': instanceId,
+        'X-Shield-Nonce': nonce,
+        'X-Shield-Signature': signature,
+    };
+}
+async function callPlatformApi(config, path, params, method) {
+    if (!config.apiUrl) {
+        return {
+            ok: false,
+            error: 'Platform API not configured. This feature requires the Shield platform API which is not yet available for your instance. Check your Shield dashboard for updates.',
+        };
+    }
+    const url = new URL(path, config.apiUrl);
+    const httpMethod = method || (params ? 'POST' : 'GET');
+    if (httpMethod === 'GET' && params) {
+        for (const [k, v] of Object.entries(params)) {
+            if (v != null)
+                url.searchParams.set(k, String(v));
+        }
+    }
+    const body = JSON.stringify(params ?? {});
+    const headers = signRequest(httpMethod, path, body, config.hmacSecret, config.instanceId);
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), TIMEOUT_MS);
+    try {
+        const res = await fetch(url.toString(), {
+            method: httpMethod,
+            headers,
+            body: httpMethod === 'POST' ? body : undefined,
+            signal: controller.signal,
+        });
+        clearTimeout(timer);
+        if (res.status === 403) {
+            const json = (await res.json().catch(() => ({})));
+            return {
+                ok: false,
+                error: json.message ?? 'Your Shield subscription has expired or is inactive.',
+                upgradeUrl: json.upgrade_url || undefined,
+            };
+        }
+        if (!res.ok) {
+            return {
+                ok: false,
+                error: `Platform returned HTTP ${res.status}`,
+            };
+        }
+        const data = (await res.json());
+        return { ok: true, data };
+    }
+    catch (err) {
+        clearTimeout(timer);
+        const message = err instanceof Error ? err.message : String(err);
+        if (message.includes('abort')) {
+            return { ok: false, error: 'Platform API request timed out (10s).' };
+        }
+        return { ok: false, error: `Platform API error: ${message}` };
+    }
+}

package/dist/src/rpc/handlers.d.ts

@@ -0,0 +1,57 @@
+import { type PlatformApiConfig } from './client';
+export interface EventSummary {
+    period: string;
+    totalEvents: number;
+    byCategory: Record<string, number>;
+    topCommands?: Array<{
+        command: string;
+        count: number;
+    }>;
+}
+export interface RecentEvent {
+    id: string;
+    timestamp: string;
+    category: string;
+    toolName: string;
+    summary: string;
+    severity?: 'low' | 'medium' | 'high' | 'critical';
+}
+export interface SubscriptionStatus {
+    active: boolean;
+    tier: string;
+    expiresAt: string | null;
+    features: string[];
+}
+type RespondFn = (ok: boolean, data: unknown) => void;
+export declare function createEventsRecentHandler(_config: PlatformApiConfig): ({ respond, params }: {
+    respond: RespondFn;
+    params?: Record<string, unknown>;
+}) => Promise<void>;
+export declare function createEventsSummaryHandler(_config: PlatformApiConfig): ({ respond, params }: {
+    respond: RespondFn;
+    params?: Record<string, unknown>;
+}) => Promise<void>;
+export declare function createSubscriptionStatusHandler(config: PlatformApiConfig): ({ respond }: {
+    respond: RespondFn;
+}) => Promise<void>;
+export declare const VALID_RESOLUTIONS: readonly ["true_positive", "false_positive", "benign", "duplicate"];
+export declare const VALID_ROOT_CAUSES: readonly ["user_initiated", "misconfiguration", "expected_behavior", "actual_threat", "testing", "unknown"];
+export type CaseResolution = typeof VALID_RESOLUTIONS[number];
+export type CaseRootCause = typeof VALID_ROOT_CAUSES[number];
+export declare function createCasesListHandler(config: PlatformApiConfig): ({ respond, params }: {
+    respond: RespondFn;
+    params?: Record<string, unknown>;
+}) => Promise<void>;
+export declare function createCaseDetailHandler(config: PlatformApiConfig): ({ respond, params }: {
+    respond: RespondFn;
+    params?: Record<string, unknown>;
+}) => Promise<void>;
+export declare function createCaseResolveHandler(config: PlatformApiConfig): ({ respond, params }: {
+    respond: RespondFn;
+    params?: Record<string, unknown>;
+}) => Promise<void>;
+export declare function createCasesAckHandler(): ({ respond, params }: {
+    respond: RespondFn;
+    params?: Record<string, unknown>;
+}) => Promise<void>;
+export {};

package/dist/src/rpc/handlers.js

@@ -0,0 +1,141 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VALID_ROOT_CAUSES = exports.VALID_RESOLUTIONS = void 0;
+exports.createEventsRecentHandler = createEventsRecentHandler;
+exports.createEventsSummaryHandler = createEventsSummaryHandler;
+exports.createSubscriptionStatusHandler = createSubscriptionStatusHandler;
+exports.createCasesListHandler = createCasesListHandler;
+exports.createCaseDetailHandler = createCaseDetailHandler;
+exports.createCaseResolveHandler = createCaseResolveHandler;
+exports.createCasesAckHandler = createCasesAckHandler;
+const event_store_1 = require("../event-store");
+const client_1 = require("./client");
+function formatResponse(result) {
+    if (result.ok) {
+        return { ok: true, data: result.data };
+    }
+    const errorData = { error: result.error };
+    if (result.upgradeUrl) {
+        errorData.upgradeUrl = result.upgradeUrl;
+    }
+    return { ok: false, data: errorData };
+}
+function createEventsRecentHandler(_config) {
+    return async ({ respond, params }) => {
+        const limit = typeof params?.limit === 'number' ? params.limit : 20;
+        const type = typeof params?.type === 'string' ? params.type : undefined;
+        const sinceMs = typeof params?.sinceMs === 'number' ? params.sinceMs : undefined;
+        const events = (0, event_store_1.queryEvents)({ limit, type, sinceMs });
+        respond(true, { events, count: events.length, source: 'local' });
+    };
+}
+function createEventsSummaryHandler(_config) {
+    return async ({ respond, params }) => {
+        const sinceMs = typeof params?.sinceMs === 'number' ? params.sinceMs : undefined;
+        const summary = (0, event_store_1.summarizeEvents)(sinceMs);
+        respond(true, { ...summary, source: 'local' });
+    };
+}
+function createSubscriptionStatusHandler(config) {
+    return async ({ respond }) => {
+        const result = await (0, client_1.callPlatformApi)(config, '/v1/subscription/status');
+        const { ok, data } = formatResponse(result);
+        respond(ok, data);
+    };
+}
+exports.VALID_RESOLUTIONS = ['true_positive', 'false_positive', 'benign', 'duplicate'];
+exports.VALID_ROOT_CAUSES = ['user_initiated', 'misconfiguration', 'expected_behavior', 'actual_threat', 'testing', 'unknown'];
+function createCasesListHandler(config) {
+    return async ({ respond, params }) => {
+        const { getPendingCases, formatCaseNotification } = require('../case-monitor');
+        const pending = getPendingCases();
+        if (!config.apiUrl) {
+            respond(true, {
+                cases: pending,
+                total: pending.length,
+                has_more: false,
+                pending_count: pending.length,
+                pending_notifications: pending.map((c) => ({
+                    ...c,
+                    formatted_message: formatCaseNotification(c),
+                })),
+                source: 'local_cache',
+            });
+            return;
+        }
+        const queryParams = {
+            status: typeof params?.status === 'string' ? params.status : 'open',
+            limit: typeof params?.limit === 'number' ? params.limit : 20,
+        };
+        if (typeof params?.since === 'string') {
+            queryParams.since = params.since;
+        }
+        const result = await (0, client_1.callPlatformApi)(config, '/v1/agent/cases', queryParams);
+        const { ok, data } = formatResponse(result);
+        if (ok && data && typeof data === 'object') {
+            data.pending_count = pending.length;
+            data.pending_notifications = pending.map((c) => ({
+                ...c,
+                formatted_message: formatCaseNotification(c),
+            }));
+        }
+        respond(ok, data);
+    };
+}
+function createCaseDetailHandler(config) {
+    return async ({ respond, params }) => {
+        const caseId = typeof params?.id === 'string' ? params.id : null;
+        if (!caseId) {
+            respond(false, { error: 'Missing required parameter: id' });
+            return;
+        }
+        const result = await (0, client_1.callPlatformApi)(config, `/v1/agent/cases/${caseId}`);
+        const { ok, data } = formatResponse(result);
+        respond(ok, data);
+    };
+}
+function createCaseResolveHandler(config) {
+    return async ({ respond, params }) => {
+        const caseId = typeof params?.id === 'string' ? params.id : null;
+        if (!caseId) {
+            respond(false, { error: 'Missing required parameter: id' });
+            return;
+        }
+        const resolution = params?.resolution;
+        const rootCause = params?.root_cause;
+        const comment = typeof params?.comment === 'string' ? params.comment : '';
+        if (!resolution || !exports.VALID_RESOLUTIONS.includes(resolution)) {
+            respond(false, {
+                error: `Invalid resolution. Must be one of: ${exports.VALID_RESOLUTIONS.join(', ')}`,
+                valid_resolutions: exports.VALID_RESOLUTIONS,
+            });
+            return;
+        }
+        if (!rootCause || !exports.VALID_ROOT_CAUSES.includes(rootCause)) {
+            respond(false, {
+                error: `Invalid root_cause. Must be one of: ${exports.VALID_ROOT_CAUSES.join(', ')}`,
+                valid_root_causes: exports.VALID_ROOT_CAUSES,
+            });
+            return;
+        }
+        const result = await (0, client_1.callPlatformApi)(config, `/v1/agent/cases/${caseId}/resolve`, {
+            resolution,
+            root_cause: rootCause,
+            comment,
+        });
+        const { ok, data } = formatResponse(result);
+        respond(ok, data);
+    };
+}
+function createCasesAckHandler() {
+    return async ({ respond, params }) => {
+        const { acknowledgeCases } = require('../case-monitor');
+        const ids = Array.isArray(params?.ids) ? params.ids : [];
+        if (ids.length === 0) {
+            respond(false, { error: 'Missing required parameter: ids (array of case IDs)' });
+            return;
+        }
+        acknowledgeCases(ids);
+        respond(true, { acknowledged: ids.length });
+    };
+}

package/dist/src/rpc/index.d.ts

@@ -0,0 +1,10 @@
+import type { PlatformApiConfig } from './client';
+interface PluginAPI {
+    registerGatewayMethod(method: string, handler: (ctx: {
+        respond: (ok: boolean, data: unknown) => void;
+        params?: Record<string, unknown>;
+    }) => void): void;
+}
+export declare function registerAllRpcs(api: PluginAPI, config: PlatformApiConfig): void;
+export type { PlatformApiConfig } from './client';
+export type { EventSummary, RecentEvent, SubscriptionStatus } from './handlers';

package/dist/src/rpc/index.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerAllRpcs = registerAllRpcs;
+const handlers_1 = require("./handlers");
+function registerAllRpcs(api, config) {
+    api.registerGatewayMethod('shield.events_recent', (0, handlers_1.createEventsRecentHandler)(config));
+    api.registerGatewayMethod('shield.events_summary', (0, handlers_1.createEventsSummaryHandler)(config));
+    api.registerGatewayMethod('shield.subscription_status', (0, handlers_1.createSubscriptionStatusHandler)(config));
+    api.registerGatewayMethod('shield.cases_list', (0, handlers_1.createCasesListHandler)(config));
+    api.registerGatewayMethod('shield.case_detail', (0, handlers_1.createCaseDetailHandler)(config));
+    api.registerGatewayMethod('shield.case_resolve', (0, handlers_1.createCaseResolveHandler)(config));
+    api.registerGatewayMethod('shield.cases_ack', (0, handlers_1.createCasesAckHandler)());
+}

package/dist/src/safe-io.d.ts

@@ -0,0 +1,2 @@
+export declare function writeJsonSafe(filePath: string, data: unknown): void;
+export declare function readJsonSafe<T>(filePath: string, fallback: T, label?: string): T;

package/dist/src/safe-io.js

@@ -0,0 +1,78 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.writeJsonSafe = writeJsonSafe;
+exports.readJsonSafe = readJsonSafe;
+const fs_1 = require("fs");
+const path_1 = require("path");
+const log = __importStar(require("./log"));
+function writeJsonSafe(filePath, data) {
+    const dir = (0, path_1.dirname)(filePath);
+    if (!(0, fs_1.existsSync)(dir))
+        (0, fs_1.mkdirSync)(dir, { recursive: true });
+    const tmp = filePath + '.tmp';
+    try {
+        (0, fs_1.writeFileSync)(tmp, JSON.stringify(data, null, 2) + '\n');
+        (0, fs_1.renameSync)(tmp, filePath);
+    }
+    catch (err) {
+        try {
+            (0, fs_1.unlinkSync)(tmp);
+        }
+        catch { }
+        throw err;
+    }
+}
+function readJsonSafe(filePath, fallback, label) {
+    if (!(0, fs_1.existsSync)(filePath))
+        return fallback;
+    try {
+        const raw = (0, fs_1.readFileSync)(filePath, 'utf8').trim();
+        if (!raw)
+            return fallback;
+        return JSON.parse(raw);
+    }
+    catch (err) {
+        const tag = label || filePath;
+        log.warn('safe-io', `Corrupt JSON in ${tag} — using defaults: ${err instanceof Error ? err.message : String(err)}`);
+        try {
+            const backup = filePath + '.corrupt.' + Date.now();
+            (0, fs_1.renameSync)(filePath, backup);
+            log.warn('safe-io', `Corrupt file preserved as ${backup}`);
+        }
+        catch { }
+        return fallback;
+    }
+}

package/dist/src/transformer.d.ts

@@ -9,6 +9,7 @@ export interface IngestPayload {
     entries: EnvelopeEvent[];
 }
 export declare function resolveOpenClawVersion(): string;
+export declare function _resetCachedOpenClawVersion(): void;
 export declare function resolveAgentLabel(agentId: string): string;
 export declare function getCachedPublicIp(): string | null;
 export declare function resolveOutboundIp(): Promise<string | null>;