@useorgx/openclaw-plugin 0.4.5 → 0.4.8

package/dist/local-openclaw.js

@@ -580,6 +580,10 @@ function turnToActivity(turn, session, cachedSummary, index) {
         description: modelAlias,
         agentId: session.agentId,
         agentName: session.agentName,
+        requesterAgentId: session.agentId ?? null,
+        requesterAgentName: session.agentName ?? null,
+        executorAgentId: session.agentId ?? null,
+        executorAgentName: session.agentName ?? null,
         runId: session.sessionId ?? session.key,
         initiativeId: session.agentId ? `agent:${session.agentId}` : null,
         timestamp: turn.timestamp,
@@ -747,6 +751,10 @@ function makeSessionSummaryItem(session) {
         description: modelAlias ? `Local session (${modelAlias})` : "Local session",
         agentId: session.agentId,
         agentName: session.agentName,
+        requesterAgentId: session.agentId ?? null,
+        requesterAgentName: session.agentName ?? null,
+        executorAgentId: session.agentId ?? null,
+        executorAgentName: session.agentName ?? null,
         runId: session.sessionId ?? session.key,
         initiativeId: session.agentId ? `agent:${session.agentId}` : null,
         timestamp: session.updatedAt ?? new Date().toISOString(),

package/dist/mcp-client-setup.js

@@ -3,6 +3,11 @@ import { homedir } from "node:os";
 import { join } from "node:path";
 import { randomUUID } from "node:crypto";
 import { writeFileAtomicSync, writeJsonFileAtomicSync } from "./fs-utils.js";
+const ORGX_LOCAL_MCP_KEY = "orgx-openclaw";
+const ORGX_HOSTED_MCP_URL = "https://mcp.useorgx.com/mcp";
+function escapeRegExp(value) {
+    return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
 function isRecord(value) {
     return Boolean(value && typeof value === "object" && !Array.isArray(value));
 }
@@ -38,53 +43,90 @@ function backupFileSync(path, mode) {
         return null;
     }
 }
+function removeLegacyScopedMcpServers(servers) {
+    const next = { ...servers };
+    let updated = false;
+    const scopedPrefix = `${ORGX_LOCAL_MCP_KEY}-`;
+    for (const key of Object.keys(next)) {
+        if (key === ORGX_LOCAL_MCP_KEY)
+            continue;
+        if (!key.startsWith(scopedPrefix))
+            continue;
+        delete next[key];
+        updated = true;
+    }
+    return { updated, next };
+}
 export function patchClaudeMcpConfig(input) {
     const currentServers = isRecord(input.current.mcpServers) ? input.current.mcpServers : {};
-    const currentOrgx = isRecord(currentServers.orgx) ? currentServers.orgx : {};
-    const priorUrl = typeof currentOrgx.url === "string" ? currentOrgx.url : "";
-    const priorType = typeof currentOrgx.type === "string" ? currentOrgx.type : "";
-    const nextOrgx = {
-        ...currentOrgx,
+    const existingOrgx = isRecord(currentServers.orgx) ? currentServers.orgx : {};
+    const existingOrgxUrl = typeof existingOrgx.url === "string" ? existingOrgx.url : "";
+    const existingOrgxType = typeof existingOrgx.type === "string" ? existingOrgx.type : "";
+    const existing = isRecord(currentServers[ORGX_LOCAL_MCP_KEY]) ? currentServers[ORGX_LOCAL_MCP_KEY] : {};
+    const priorUrl = typeof existing.url === "string" ? existing.url : "";
+    const priorType = typeof existing.type === "string" ? existing.type : "";
+    // Ensure hosted OrgX is available alongside the local proxy. Avoid overwriting
+    // custom `orgx` entries unless it's clearly redundant (pointing at the same
+    // local proxy URL we install under `orgx-openclaw`).
+    const shouldSetHostedOrgx = !isRecord(currentServers.orgx) ||
+        (existingOrgxUrl === input.localMcpUrl && existingOrgxType === "http");
+    const nextOrgxEntry = {
+        ...existingOrgx,
+        type: "http",
+        url: ORGX_HOSTED_MCP_URL,
+        description: typeof existingOrgx.description === "string" && existingOrgx.description.trim().length > 0
+            ? existingOrgx.description
+            : "OrgX cloud MCP (OAuth)",
+    };
+    const nextEntry = {
+        ...existing,
         type: "http",
         url: input.localMcpUrl,
-        description: typeof currentOrgx.description === "string" && currentOrgx.description.trim().length > 0
-            ? currentOrgx.description
+        description: typeof existing.description === "string" && existing.description.trim().length > 0
+            ? existing.description
             : "OrgX platform via local OpenClaw plugin (no OAuth)",
     };
-    const nextServers = {
+    const mergedServers = {
         ...currentServers,
-        orgx: nextOrgx,
+        ...(shouldSetHostedOrgx ? { orgx: nextOrgxEntry } : {}),
+        [ORGX_LOCAL_MCP_KEY]: nextEntry,
     };
+    const scopedCleanup = removeLegacyScopedMcpServers(mergedServers);
     const next = {
         ...input.current,
-        mcpServers: nextServers,
+        mcpServers: scopedCleanup.next,
     };
-    const updated = priorUrl !== input.localMcpUrl || priorType !== "http";
+    const updatedLocal = priorUrl !== input.localMcpUrl || priorType !== "http";
+    const updatedHosted = shouldSetHostedOrgx &&
+        (existingOrgxUrl !== ORGX_HOSTED_MCP_URL || existingOrgxType !== "http");
+    const updated = updatedLocal || updatedHosted || scopedCleanup.updated;
     return { updated, next };
 }
 export function patchCursorMcpConfig(input) {
     const currentServers = isRecord(input.current.mcpServers) ? input.current.mcpServers : {};
-    const key = "orgx-openclaw";
-    const existing = isRecord(currentServers[key]) ? currentServers[key] : {};
+    const existing = isRecord(currentServers[ORGX_LOCAL_MCP_KEY]) ? currentServers[ORGX_LOCAL_MCP_KEY] : {};
     const priorUrl = typeof existing.url === "string" ? existing.url : "";
     const nextEntry = {
         ...existing,
         url: input.localMcpUrl,
     };
-    const nextServers = {
+    const mergedServers = {
         ...currentServers,
-        [key]: nextEntry,
+        [ORGX_LOCAL_MCP_KEY]: nextEntry,
     };
+    const scopedCleanup = removeLegacyScopedMcpServers(mergedServers);
     const next = {
         ...input.current,
-        mcpServers: nextServers,
+        mcpServers: scopedCleanup.next,
     };
-    const updated = priorUrl !== input.localMcpUrl;
+    const updated = priorUrl !== input.localMcpUrl || scopedCleanup.updated;
     return { updated, next };
 }
-export function patchCodexConfigToml(input) {
-    const lines = input.current.split(/\r?\n/);
-    const headerRegex = /^\[mcp_servers\.(?:orgx|"orgx")\]\s*$/;
+function upsertCodexMcpServerSection(input) {
+    const currentText = input.current;
+    const lines = currentText.split(/\r?\n/);
+    const escapedKey = escapeRegExp(input.key);
+    const headerRegex = new RegExp(`^\\[mcp_servers\\.(?:"${escapedKey}"|${escapedKey})\\]\\s*$`);
     let headerIndex = -1;
     for (let i = 0; i < lines.length; i += 1) {
         if (headerRegex.test(lines[i].trim())) {
@@ -92,15 +134,12 @@ export function patchCodexConfigToml(input) {
             break;
         }
     }
-    const urlLine = `url = "${input.localMcpUrl}"`;
+    const urlLine = `url = "${input.url}"`;
     if (headerIndex === -1) {
-        const suffix = [
-            "",
-            "[mcp_servers.orgx]",
-            urlLine,
-            "",
-        ].join("\n");
-        const normalized = input.current.endsWith("\n") ? input.current : `${input.current}\n`;
+        const needsQuote = /[^A-Za-z0-9_]/.test(input.key);
+        const keyLiteral = needsQuote ? `"${input.key}"` : input.key;
+        const suffix = ["", `[mcp_servers.${keyLiteral}]`, urlLine, ""].join("\n");
+        const normalized = currentText.endsWith("\n") ? currentText : `${currentText}\n`;
         return { updated: true, next: `${normalized}${suffix}` };
     }
     let sectionEnd = lines.length;
@@ -127,9 +166,87 @@ export function patchCodexConfigToml(input) {
     else {
         lines.splice(headerIndex + 1, 0, urlLine);
         updated = true;
+        // Recalculate sectionEnd after splice
+        sectionEnd = lines.length;
+        for (let i = headerIndex + 1; i < lines.length; i += 1) {
+            if (lines[i].trim().startsWith("[")) {
+                sectionEnd = i;
+                break;
+            }
+        }
+    }
+    // Strip stale stdio-transport fields that conflict with url-only entries.
+    // Codex rejects `url` when `command`/`args` are present (stdio transport).
+    const staleFieldRegex = /^\s*(command|args|startup_timeout_sec)\s*=/;
+    for (let i = sectionEnd - 1; i > headerIndex; i -= 1) {
+        if (staleFieldRegex.test(lines[i])) {
+            lines.splice(i, 1);
+            updated = true;
+        }
+    }
+    return { updated, next: `${lines.join("\n")}\n` };
+}
+function removeCodexLegacyScopedMcpSections(input) {
+    const lines = input.current.split(/\r?\n/);
+    const scopedPrefix = `${input.baseKey}-`;
+    let updated = false;
+    let index = 0;
+    while (index < lines.length) {
+        const trimmed = lines[index].trim();
+        const headerMatch = trimmed.match(/^\[mcp_servers\.(?:"([^"]+)"|([A-Za-z0-9_]+))\]\s*$/);
+        if (!headerMatch) {
+            index += 1;
+            continue;
+        }
+        const key = (headerMatch[1] ?? headerMatch[2] ?? "").trim();
+        const isLegacyScoped = key !== input.baseKey &&
+            key.startsWith(scopedPrefix);
+        if (!isLegacyScoped) {
+            index += 1;
+            continue;
+        }
+        let sectionEnd = lines.length;
+        for (let i = index + 1; i < lines.length; i += 1) {
+            if (lines[i].trim().startsWith("[")) {
+                sectionEnd = i;
+                break;
+            }
+        }
+        const start = index > 0 && lines[index - 1].trim() === "" ? index - 1 : index;
+        lines.splice(start, sectionEnd - start);
+        updated = true;
+        index = Math.max(0, start);
     }
     return { updated, next: `${lines.join("\n")}\n` };
 }
+export function patchCodexConfigToml(input) {
+    let current = input.current;
+    let updated = false;
+    // Ensure the hosted OrgX entry uses a direct `url` (streamable HTTP) so that
+    // `codex mcp login orgx` can perform OAuth.  Route through upsertCodexMcpServerSection
+    // so stale stdio-transport fields (command/args) are stripped automatically.
+    const hosted = upsertCodexMcpServerSection({
+        current,
+        key: "orgx",
+        url: ORGX_HOSTED_MCP_URL,
+    });
+    updated = updated || hosted.updated;
+    current = hosted.next;
+    const base = upsertCodexMcpServerSection({
+        current,
+        key: ORGX_LOCAL_MCP_KEY,
+        url: input.localMcpUrl,
+    });
+    updated = updated || base.updated;
+    current = base.next;
+    const removedScoped = removeCodexLegacyScopedMcpSections({
+        current,
+        baseKey: ORGX_LOCAL_MCP_KEY,
+    });
+    updated = updated || removedScoped.updated;
+    current = removedScoped.next;
+    return { updated, next: current };
+}
 export async function autoConfigureDetectedMcpClients(input) {
     const logger = input.logger ?? {};
     const home = input.homeDir ?? homedir();

package/dist/mcp-http-handler.d.ts

@@ -30,9 +30,26 @@ export type RegisteredTool = {
     parameters: Record<string, unknown>;
     execute: (callId: string, params?: unknown) => Promise<ToolResult>;
 };
+type PromptRole = "system" | "user" | "assistant";
+type PromptMessage = {
+    role: PromptRole;
+    content: string;
+};
+export type RegisteredPrompt = {
+    name: string;
+    description?: string;
+    arguments?: Array<{
+        name: string;
+        description?: string;
+        required?: boolean;
+    }>;
+    messages: PromptMessage[];
+};
 export declare function createMcpHttpHandler(input: {
     tools: Map<string, RegisteredTool>;
+    prompts?: Map<string, RegisteredPrompt>;
     logger?: Logger;
     serverName: string;
     serverVersion: string;
 }): (req: PluginRequest, res: PluginResponse) => Promise<boolean>;
+export {};

package/dist/mcp-http-handler.js

@@ -1,5 +1,79 @@
 import { randomUUID } from "node:crypto";
 const DEFAULT_PROTOCOL_VERSION = "2024-11-05";
+// Domain-scoped MCP servers are meant to be "default safe". The unscoped
+// `/orgx/mcp` endpoint remains available for power users / debugging.
+//
+// NOTE: This scopes only the tools exposed by this plugin (OrgX reporting + mutation).
+// It cannot restrict OpenClaw-native tools (filesystem, shell, etc).
+const ORGX_MCP_ALLOWED_TOOLS_BY_SCOPE = {
+    engineering: [
+        "orgx_status",
+        "orgx_sync",
+        "orgx_emit_activity",
+        "orgx_report_progress",
+        "orgx_register_artifact",
+        "orgx_request_decision",
+        "orgx_spawn_check",
+    ],
+    product: [
+        "orgx_status",
+        "orgx_sync",
+        "orgx_emit_activity",
+        "orgx_report_progress",
+        "orgx_register_artifact",
+        "orgx_request_decision",
+        "orgx_spawn_check",
+    ],
+    design: [
+        "orgx_status",
+        "orgx_sync",
+        "orgx_emit_activity",
+        "orgx_report_progress",
+        "orgx_register_artifact",
+        "orgx_request_decision",
+        "orgx_spawn_check",
+    ],
+    marketing: [
+        "orgx_status",
+        "orgx_sync",
+        "orgx_emit_activity",
+        "orgx_report_progress",
+        "orgx_register_artifact",
+        "orgx_request_decision",
+        "orgx_spawn_check",
+    ],
+    sales: [
+        "orgx_status",
+        "orgx_sync",
+        "orgx_emit_activity",
+        "orgx_report_progress",
+        "orgx_register_artifact",
+        "orgx_request_decision",
+        "orgx_spawn_check",
+    ],
+    operations: [
+        "orgx_status",
+        "orgx_sync",
+        "orgx_emit_activity",
+        "orgx_report_progress",
+        "orgx_register_artifact",
+        "orgx_request_decision",
+        "orgx_spawn_check",
+        // Operations is allowed to do explicit changesets for remediation/runbooks.
+        "orgx_apply_changeset",
+    ],
+    orchestration: [
+        "orgx_status",
+        "orgx_sync",
+        "orgx_emit_activity",
+        "orgx_report_progress",
+        "orgx_register_artifact",
+        "orgx_request_decision",
+        "orgx_spawn_check",
+        // Orchestrator is the primary mutation surface by design.
+        "orgx_apply_changeset",
+    ],
+};
 function isRecord(value) {
     return Boolean(value && typeof value === "object" && !Array.isArray(value));
 }
@@ -38,6 +112,28 @@ function normalizePath(rawUrl) {
     const [path] = rawUrl.split("?", 2);
     return path || "/";
 }
+function parseScopeKey(url) {
+    // Supported paths:
+    // - /orgx/mcp (unscoped)
+    // - /orgx/mcp/<scope> (domain-scoped)
+    if (!url.startsWith("/orgx/mcp/"))
+        return null;
+    const rest = url.slice("/orgx/mcp/".length);
+    const key = rest.split("/", 1)[0]?.trim() ?? "";
+    if (!key)
+        return null;
+    if (!Object.prototype.hasOwnProperty.call(ORGX_MCP_ALLOWED_TOOLS_BY_SCOPE, key))
+        return null;
+    return key;
+}
+function resolveToolScope(scopeKey) {
+    if (!scopeKey)
+        return null;
+    return {
+        key: scopeKey,
+        allowedTools: new Set(ORGX_MCP_ALLOWED_TOOLS_BY_SCOPE[scopeKey]),
+    };
+}
 async function readRequestBodyBuffer(req) {
     const body = req.body;
     if (typeof body === "string")
@@ -131,13 +227,15 @@ async function handleRpcMessage(input) {
     if (method === "initialize") {
         const requestedProtocol = typeof params.protocolVersion === "string" ? params.protocolVersion : null;
         const protocolVersion = requestedProtocol?.trim() || DEFAULT_PROTOCOL_VERSION;
+        const scopedServerName = input.toolScope ? `${input.serverName}/${input.toolScope.key}` : input.serverName;
         return jsonRpcResult(id, {
             protocolVersion,
             capabilities: {
                 tools: {},
+                prompts: {},
             },
             serverInfo: {
-                name: input.serverName,
+                name: scopedServerName,
                 version: input.serverVersion,
             },
         });
@@ -146,6 +244,15 @@ async function handleRpcMessage(input) {
         return jsonRpcResult(id, { ok: true });
     }
     if (method === "tools/list") {
+        if (input.toolScope) {
+            const scopedTools = new Map();
+            for (const name of input.toolScope.allowedTools) {
+                const tool = input.tools.get(name);
+                if (tool)
+                    scopedTools.set(name, tool);
+            }
+            return jsonRpcResult(id, { tools: buildToolsList(scopedTools) });
+        }
         return jsonRpcResult(id, {
             tools: buildToolsList(input.tools),
         });
@@ -155,6 +262,9 @@ async function handleRpcMessage(input) {
         if (!toolName) {
             return jsonRpcError(id, -32602, "Missing tool name");
         }
+        if (input.toolScope && !input.toolScope.allowedTools.has(toolName)) {
+            return jsonRpcError(id, -32601, `Tool not available in scope '${input.toolScope.key}': ${toolName}`);
+        }
         const tool = input.tools.get(toolName) ?? null;
         if (!tool) {
             return jsonRpcError(id, -32601, `Tool not found: ${toolName}`);
@@ -188,7 +298,28 @@ async function handleRpcMessage(input) {
         return jsonRpcResult(id, { resources: [] });
     }
     if (method === "prompts/list") {
-        return jsonRpcResult(id, { prompts: [] });
+        const prompts = Array.from(input.prompts.values())
+            .sort((a, b) => a.name.localeCompare(b.name))
+            .map((prompt) => ({
+            name: prompt.name,
+            description: prompt.description ?? "",
+            arguments: Array.isArray(prompt.arguments) ? prompt.arguments : [],
+        }));
+        return jsonRpcResult(id, { prompts });
+    }
+    if (method === "prompts/get") {
+        const promptName = typeof params.name === "string" ? params.name.trim() : "";
+        if (!promptName) {
+            return jsonRpcError(id, -32602, "Missing prompt name");
+        }
+        const prompt = input.prompts.get(promptName) ?? null;
+        if (!prompt) {
+            return jsonRpcError(id, -32601, `Prompt not found: ${promptName}`);
+        }
+        return jsonRpcResult(id, {
+            description: prompt.description ?? "",
+            messages: prompt.messages,
+        });
     }
     if (method.startsWith("notifications/")) {
         return null;
@@ -197,6 +328,7 @@ async function handleRpcMessage(input) {
 }
 export function createMcpHttpHandler(input) {
     const logger = input.logger ?? {};
+    const prompts = input.prompts ?? new Map();
     return async function handler(req, res) {
         const method = (req.method ?? "GET").toUpperCase();
         const rawUrl = req.url ?? "/";
@@ -204,6 +336,12 @@ export function createMcpHttpHandler(input) {
         if (!(url === "/orgx/mcp" || url.startsWith("/orgx/mcp/"))) {
             return false;
         }
+        const scopeKey = parseScopeKey(url);
+        const toolScope = resolveToolScope(scopeKey);
+        if (url.startsWith("/orgx/mcp/") && !scopeKey) {
+            sendText(res, 404, `Unknown OrgX MCP scope. Supported: ${Object.keys(ORGX_MCP_ALLOWED_TOOLS_BY_SCOPE).join(", ")}\n`);
+            return true;
+        }
         if (method === "OPTIONS") {
             res.writeHead(204, {
                 "cache-control": "no-store",
@@ -212,7 +350,8 @@ export function createMcpHttpHandler(input) {
             return true;
         }
         if (method === "GET") {
-            sendText(res, 200, "OrgX Local MCP bridge is running.\n");
+            const suffix = toolScope ? ` (scope: ${toolScope.key})` : "";
+            sendText(res, 200, `OrgX Local MCP bridge is running${suffix}.\n`);
             return true;
         }
         if (method !== "POST") {
@@ -234,9 +373,11 @@ export function createMcpHttpHandler(input) {
             const response = await handleRpcMessage({
                 message,
                 tools: input.tools,
+                prompts,
                 logger,
                 serverName: input.serverName,
                 serverVersion: input.serverVersion,
+                toolScope,
             });
             if (response)
                 responses.push(response);

package/dist/next-up-queue-store.d.ts

@@ -0,0 +1,31 @@
+export type NextUpPinnedEntry = {
+    initiativeId: string;
+    workstreamId: string;
+    preferredTaskId: string | null;
+    preferredMilestoneId: string | null;
+    createdAt: string;
+    updatedAt: string;
+};
+type PersistedNextUpQueue = {
+    version: 1;
+    updatedAt: string;
+    pins: NextUpPinnedEntry[];
+};
+export declare function readNextUpQueuePins(): PersistedNextUpQueue;
+export declare function upsertNextUpQueuePin(input: {
+    initiativeId: string;
+    workstreamId: string;
+    preferredTaskId?: string | null;
+    preferredMilestoneId?: string | null;
+}): PersistedNextUpQueue;
+export declare function removeNextUpQueuePin(input: {
+    initiativeId: string;
+    workstreamId: string;
+}): PersistedNextUpQueue;
+export declare function setNextUpQueuePinOrder(input: {
+    order: Array<{
+        initiativeId: string;
+        workstreamId: string;
+    }>;
+}): PersistedNextUpQueue;
+export {};