@useorgx/openclaw-plugin 0.4.6 → 0.4.9

package/dist/auth/flows.d.ts

@@ -0,0 +1,47 @@
+import { type ResolvedConfig } from "../config/resolution.js";
+import type { OnboardingState } from "../types.js";
+type LoggerLike = {
+    info?: (msg: string, meta?: Record<string, unknown>) => void;
+    warn?: (msg: string, meta?: Record<string, unknown>) => void;
+    debug?: (msg: string, meta?: Record<string, unknown>) => void;
+};
+type RuntimeConfigState = Pick<ResolvedConfig, "apiKey" | "apiKeySource" | "userId" | "baseUrl" | "installationId">;
+export declare function applyRuntimeApiKey(input: {
+    config: RuntimeConfigState;
+    apiKey: string;
+    source: "manual" | "browser_pairing";
+    workspaceName?: string | null;
+    keyPrefix?: string | null;
+    userId?: string | null;
+    currentWorkspaceName: string | null;
+    updateOnboardingState: (updates: Partial<OnboardingState>) => unknown;
+    setCredentials: (credentials: {
+        apiKey: string;
+        userId: string;
+        baseUrl: string;
+    }) => void;
+    logger?: LoggerLike;
+}): void;
+export declare function isAuthRequiredError(result: {
+    status: number;
+    error: string;
+}): boolean;
+export declare function buildManualKeyConnectUrl(baseApiUrl: string): string;
+export declare function fetchOrgxJson<T>(input: {
+    baseApiUrl: string;
+    method: "GET" | "POST";
+    path: string;
+    body?: unknown;
+    options?: {
+        timeoutMs?: number;
+    };
+    toErrorMessage: (err: unknown) => string;
+}): Promise<{
+    ok: true;
+    data: T;
+} | {
+    ok: false;
+    status: number;
+    error: string;
+}>;
+export {};

package/dist/auth/flows.js

@@ -0,0 +1,169 @@
+import { saveAuthStore } from "../auth-store.js";
+import { resolveRuntimeUserId, } from "../config/resolution.js";
+import { autoConfigureDetectedMcpClients } from "../mcp-client-setup.js";
+import { readOpenClawGatewayPort, readOpenClawSettingsSnapshot, } from "../openclaw-settings.js";
+export function applyRuntimeApiKey(input) {
+    const nextApiKey = input.apiKey.trim();
+    input.config.apiKey = nextApiKey;
+    input.config.apiKeySource = "persisted";
+    input.config.userId = resolveRuntimeUserId(nextApiKey, [input.userId, input.config.userId]);
+    input.setCredentials({
+        apiKey: input.config.apiKey,
+        userId: input.config.userId,
+        baseUrl: input.config.baseUrl,
+    });
+    saveAuthStore({
+        installationId: input.config.installationId,
+        apiKey: nextApiKey,
+        userId: input.config.userId || null,
+        workspaceName: input.workspaceName ?? null,
+        keyPrefix: input.keyPrefix ?? null,
+        source: input.source,
+    });
+    input.updateOnboardingState({
+        hasApiKey: true,
+        keySource: "persisted",
+        installationId: input.config.installationId,
+        workspaceName: input.workspaceName ?? input.currentWorkspaceName,
+    });
+    if (input.source === "browser_pairing" &&
+        process.env.ORGX_DISABLE_MCP_CLIENT_AUTOCONFIG !== "1") {
+        try {
+            const snapshot = readOpenClawSettingsSnapshot();
+            const port = readOpenClawGatewayPort(snapshot.raw);
+            const localMcpUrl = `http://127.0.0.1:${port}/orgx/mcp`;
+            void autoConfigureDetectedMcpClients({
+                localMcpUrl,
+                logger: input.logger ?? {},
+            }).catch(() => {
+                // best effort
+            });
+        }
+        catch {
+            // best effort
+        }
+    }
+}
+export function isAuthRequiredError(result) {
+    if (result.status !== 401) {
+        return false;
+    }
+    return /auth|unauthorized|token/i.test(result.error);
+}
+export function buildManualKeyConnectUrl(baseApiUrl) {
+    try {
+        // Deep-link into the Security section where API keys live.
+        return new URL("/settings#security", baseApiUrl).toString();
+    }
+    catch {
+        return "https://www.useorgx.com/settings#security";
+    }
+}
+export async function fetchOrgxJson(input) {
+    try {
+        const controller = new AbortController();
+        const timeoutMs = typeof input.options?.timeoutMs === "number" &&
+            Number.isFinite(input.options.timeoutMs)
+            ? Math.max(1_000, Math.floor(input.options.timeoutMs))
+            : 12_000;
+        const timeout = setTimeout(() => controller.abort(), timeoutMs);
+        let response;
+        let rawText = "";
+        try {
+            response = await fetch(`${input.baseApiUrl}${input.path}`, {
+                method: input.method,
+                signal: controller.signal,
+                headers: {
+                    Accept: "application/json",
+                    "Content-Type": "application/json",
+                },
+                body: input.body ? JSON.stringify(input.body) : undefined,
+            });
+            rawText = await response.text().catch(() => "");
+        }
+        finally {
+            clearTimeout(timeout);
+        }
+        const payload = (() => {
+            if (!rawText)
+                return null;
+            try {
+                return JSON.parse(rawText);
+            }
+            catch {
+                return null;
+            }
+        })();
+        if (!response.ok) {
+            const rawError = payload?.error ?? payload?.message;
+            let errorMessage;
+            if (typeof rawError === "string") {
+                errorMessage = rawError;
+            }
+            else if (rawError &&
+                typeof rawError === "object" &&
+                "message" in rawError &&
+                typeof rawError.message === "string") {
+                errorMessage = rawError.message;
+            }
+            else if (rawText && rawText.trim().length > 0) {
+                // Avoid dumping HTML (Cloudflare / Next.js error pages) into UI; keep it short.
+                const sanitized = rawText
+                    .replace(/\s+/g, " ")
+                    .replace(/<[^>]+>/g, "")
+                    .trim();
+                errorMessage =
+                    sanitized.length > 0
+                        ? sanitized.slice(0, 180)
+                        : `OrgX request failed (${response.status})`;
+            }
+            else {
+                errorMessage = `OrgX request failed (${response.status})`;
+            }
+            const statusToken = `HTTP ${response.status}`;
+            if (response.status &&
+                !errorMessage.toLowerCase().includes(statusToken.toLowerCase()) &&
+                !errorMessage.includes(`(${response.status})`)) {
+                errorMessage = `${errorMessage} (HTTP ${response.status})`;
+            }
+            const debugParts = [];
+            const requestId = response.headers.get("x-request-id");
+            const vercelId = response.headers.get("x-vercel-id");
+            const cfRay = response.headers.get("cf-ray");
+            const clerkStatus = response.headers.get("x-clerk-auth-status");
+            const clerkReason = response.headers.get("x-clerk-auth-reason");
+            if (requestId)
+                debugParts.push(`req=${requestId}`);
+            if (vercelId && vercelId !== requestId)
+                debugParts.push(`vercel=${vercelId}`);
+            if (cfRay)
+                debugParts.push(`cf-ray=${cfRay}`);
+            if (clerkStatus)
+                debugParts.push(`clerk=${clerkStatus}`);
+            if (clerkReason)
+                debugParts.push(`clerk_reason=${clerkReason}`);
+            const debugSuffix = debugParts.length > 0 ? ` (${debugParts.join(", ")})` : "";
+            return {
+                ok: false,
+                status: response.status,
+                error: `${errorMessage}${debugSuffix}`,
+            };
+        }
+        if (payload?.data !== undefined) {
+            return { ok: true, data: payload.data };
+        }
+        if (payload !== null) {
+            return { ok: true, data: payload };
+        }
+        return { ok: true, data: rawText };
+    }
+    catch (err) {
+        const message = err &&
+            typeof err === "object" &&
+            "name" in err &&
+            err.name === "AbortError"
+            ? `OrgX request timed out (method=${input.method}, path=${input.path})`
+            : input.toErrorMessage(err);
+        return { ok: false, status: 0, error: message };
+    }
+}

package/dist/auth-store.js

@@ -1,7 +1,8 @@
-import { mkdirSync, readFileSync, chmodSync, existsSync, rmSync } from 'node:fs';
+import { existsSync, readFileSync } from "node:fs";
 import { randomUUID } from 'node:crypto';
 import { getOrgxPluginConfigDir, getOrgxPluginConfigPath } from './paths.js';
 import { backupCorruptFileSync, writeJsonFileAtomicSync } from './fs-utils.js';
+import { clearStoreFileSync, ensureStoreDirSync, parseJsonSafe, } from "./stores/json-store.js";
 function authDir() {
     return getOrgxPluginConfigDir();
 }
@@ -14,23 +15,11 @@ function installationFile() {
 function isUserScopedApiKey(apiKey) {
     return apiKey.trim().toLowerCase().startsWith('oxk_');
 }
-function ensureAuthDir() {
-    const dir = authDir();
-    mkdirSync(dir, { recursive: true, mode: 0o700 });
-    try {
-        chmodSync(dir, 0o700);
-    }
-    catch {
-        // best effort
-    }
+function isUuid(value) {
+    return /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i.test(value);
 }
-function parseJson(value) {
-    try {
-        return JSON.parse(value);
-    }
-    catch {
-        return null;
-    }
+function ensureAuthDir() {
+    ensureStoreDirSync(authDir());
 }
 export function getAuthFilePath() {
     return authFile();
@@ -41,7 +30,7 @@ export function readPersistedAuth() {
         if (!existsSync(file))
             return null;
         const raw = readFileSync(file, 'utf8');
-        const parsed = parseJson(raw);
+        const parsed = parseJsonSafe(raw);
         if (!parsed) {
             backupCorruptFileSync(file);
             return null;
@@ -49,17 +38,6 @@ export function readPersistedAuth() {
         if (!parsed || typeof parsed.apiKey !== 'string' || parsed.apiKey.trim().length === 0) {
             return null;
         }
-        if (isUserScopedApiKey(parsed.apiKey) &&
-            typeof parsed.userId === 'string' &&
-            parsed.userId.trim().length > 0) {
-            const sanitized = {
-                ...parsed,
-                userId: null,
-                updatedAt: new Date().toISOString(),
-            };
-            writeJsonFileAtomicSync(file, sanitized, 0o600);
-            return sanitized;
-        }
         return parsed;
     }
     catch {
@@ -70,9 +48,12 @@ export function writePersistedAuth(input) {
     ensureAuthDir();
     const now = new Date().toISOString();
     const existing = readPersistedAuth();
-    const normalizedUserId = isUserScopedApiKey(input.apiKey)
+    const rawUserId = typeof input.userId === 'string' ? input.userId.trim() : '';
+    const normalizedUserId = rawUserId.length === 0
         ? null
-        : input.userId ?? null;
+        : isUserScopedApiKey(input.apiKey)
+            ? (isUuid(rawUserId) ? rawUserId : null)
+            : rawUserId;
     const next = {
         apiKey: input.apiKey,
         source: input.source,
@@ -88,13 +69,7 @@ export function writePersistedAuth(input) {
     return next;
 }
 export function clearPersistedAuth() {
-    const file = authFile();
-    try {
-        rmSync(file, { force: true });
-    }
-    catch {
-        // best effort
-    }
+    clearStoreFileSync(authFile());
 }
 function readInstallationRecord() {
     const file = installationFile();
@@ -102,7 +77,7 @@ function readInstallationRecord() {
         if (!existsSync(file))
             return null;
         const raw = readFileSync(file, 'utf8');
-        const parsed = parseJson(raw);
+        const parsed = parseJsonSafe(raw);
         if (!parsed) {
             backupCorruptFileSync(file);
             return null;

package/dist/byok-store.js

@@ -1,7 +1,8 @@
-import { chmodSync, existsSync, mkdirSync, readFileSync, statSync } from "node:fs";
+import { existsSync, readFileSync, statSync } from "node:fs";
 import { join } from "node:path";
 import { getOpenClawDir } from "./paths.js";
 import { backupCorruptFileSync, writeJsonFileAtomicSync } from "./fs-utils.js";
+import { ensureStoreDirSync, parseJsonSafe, } from "./stores/json-store.js";
 const PROVIDER_PROFILE_MAP = {
     openaiApiKey: { profileId: "openai-codex", provider: "openai-codex" },
     anthropicApiKey: { profileId: "anthropic", provider: "anthropic" },
@@ -18,14 +19,6 @@ function isSafePathSegment(value) {
         return false;
     return true;
 }
-function parseJson(value) {
-    try {
-        return JSON.parse(value);
-    }
-    catch {
-        return null;
-    }
-}
 function readObject(value) {
     return value && typeof value === "object" && !Array.isArray(value)
         ? value
@@ -36,7 +29,7 @@ function resolveDefaultAgentId() {
         const configPath = join(getOpenClawDir(), "openclaw.json");
         if (!existsSync(configPath))
             return "main";
-        const raw = parseJson(readFileSync(configPath, "utf8"));
+        const raw = parseJsonSafe(readFileSync(configPath, "utf8"));
         const agents = readObject(raw?.agents);
         const list = Array.isArray(agents.list) ? agents.list : [];
         for (const entry of list) {
@@ -70,14 +63,7 @@ function authProfilesFile() {
     return join(authProfilesDir(), "auth-profiles.json");
 }
 function ensureAuthProfilesDir() {
-    const dir = authProfilesDir();
-    mkdirSync(dir, { recursive: true, mode: 0o700 });
-    try {
-        chmodSync(dir, 0o700);
-    }
-    catch {
-        // best effort
-    }
+    ensureStoreDirSync(authProfilesDir());
 }
 function normalizeAuthProfileEntry(value) {
     if (!value || typeof value !== "object")
@@ -96,7 +82,7 @@ function readAuthProfiles() {
         if (!existsSync(file))
             return { file, parsed: null };
         const raw = readFileSync(file, "utf8");
-        const parsed = parseJson(raw);
+        const parsed = parseJsonSafe(raw);
         if (!parsed || typeof parsed !== "object") {
             backupCorruptFileSync(file);
             return { file, parsed: null };

package/dist/cli/orgx.d.ts

@@ -0,0 +1,66 @@
+import type { OrgXClient } from "../api.js";
+import type { OnboardingState, OrgSnapshot } from "../types.js";
+import type { ResolvedConfig } from "../config/resolution.js";
+type DoctorCheckStatus = "pass" | "warn" | "fail";
+type ReplayStatus = "idle" | "running" | "success" | "error";
+interface DoctorCheck {
+    id: string;
+    status: DoctorCheckStatus;
+    message: string;
+}
+export interface HealthReport {
+    ok: boolean;
+    status: "ok" | "degraded" | "error";
+    generatedAt: string;
+    checks: DoctorCheck[];
+    plugin: {
+        version: string;
+        installationId: string;
+        enabled: boolean;
+        dashboardEnabled: boolean;
+        baseUrl: string;
+    };
+    auth: {
+        hasApiKey: boolean;
+        keySource: ResolvedConfig["apiKeySource"];
+        userIdConfigured: boolean;
+        onboardingStatus: OnboardingState["status"];
+    };
+    sync: {
+        serviceRunning: boolean;
+        inFlight: boolean;
+        lastSnapshotAt: string | null;
+    };
+    outbox: {
+        pendingTotal: number;
+        pendingByQueue: Record<string, number>;
+        oldestEventAt: string | null;
+        newestEventAt: string | null;
+        replayStatus: ReplayStatus;
+        lastReplayAttemptAt: string | null;
+        lastReplaySuccessAt: string | null;
+        lastReplayFailureAt: string | null;
+        lastReplayError: string | null;
+    };
+    remote: {
+        enabled: boolean;
+        reachable: boolean | null;
+        latencyMs: number | null;
+        error: string | null;
+    };
+}
+export interface RegisterOrgxCliDeps {
+    registerCli: (fn: (ctx: {
+        program: any;
+    }) => void, options?: {
+        commands?: string[];
+    }) => void;
+    client: OrgXClient;
+    formatSnapshot: (snapshot: OrgSnapshot) => string;
+    buildHealthReport: (input?: {
+        probeRemote?: boolean;
+    }) => Promise<HealthReport>;
+    apiKeySourceLabel: (source: ResolvedConfig["apiKeySource"]) => string;
+}
+export declare function registerOrgxCli(deps: RegisterOrgxCliDeps): void;
+export {};

package/dist/cli/orgx.js

@@ -0,0 +1,91 @@
+export function registerOrgxCli(deps) {
+    deps.registerCli(({ program }) => {
+        const cmd = program.command("orgx").description("OrgX integration commands");
+        cmd
+            .command("status")
+            .description("Show current OrgX org status")
+            .action(async () => {
+            try {
+                const snap = await deps.client.getOrgSnapshot();
+                console.log(deps.formatSnapshot(snap));
+            }
+            catch (err) {
+                console.error(`Error: ${err instanceof Error ? err.message : err}`);
+                process.exit(1);
+            }
+        });
+        cmd
+            .command("sync")
+            .description("Trigger manual memory sync")
+            .option("--memory <text>", "Memory to push")
+            .option("--daily-log <text>", "Daily log to push")
+            .action(async (opts = {}) => {
+            try {
+                const resp = await deps.client.syncMemory({
+                    memory: opts.memory,
+                    dailyLog: opts.dailyLog,
+                });
+                console.log("Sync complete:");
+                console.log(`  Initiatives: ${resp.initiatives?.length ?? 0}`);
+                console.log(`  Active tasks: ${resp.activeTasks?.length ?? 0}`);
+                console.log(`  Pending decisions: ${resp.pendingDecisions?.length ?? 0}`);
+            }
+            catch (err) {
+                console.error(`Sync failed: ${err instanceof Error ? err.message : err}`);
+                process.exit(1);
+            }
+        });
+        cmd
+            .command("doctor")
+            .description("Run plugin diagnostics and connectivity checks")
+            .option("--json", "Print the report as JSON")
+            .option("--no-remote", "Skip remote OrgX API reachability probe")
+            .action(async (opts = {}) => {
+            try {
+                const report = await deps.buildHealthReport({
+                    probeRemote: opts.remote !== false,
+                });
+                if (opts.json) {
+                    console.log(JSON.stringify(report, null, 2));
+                    if (!report.ok)
+                        process.exit(1);
+                    return;
+                }
+                console.log("OrgX Doctor");
+                console.log(`  Status: ${report.status.toUpperCase()}`);
+                console.log(`  Plugin: v${report.plugin.version}`);
+                console.log(`  Base URL: ${report.plugin.baseUrl}`);
+                console.log(`  API Key Source: ${deps.apiKeySourceLabel(report.auth.keySource)}`);
+                console.log(`  Outbox Pending: ${report.outbox.pendingTotal}`);
+                console.log("");
+                console.log("Checks:");
+                for (const check of report.checks) {
+                    const prefix = check.status === "pass"
+                        ? "[PASS]"
+                        : check.status === "warn"
+                            ? "[WARN]"
+                            : "[FAIL]";
+                    console.log(`  ${prefix} ${check.message}`);
+                }
+                if (report.remote.enabled) {
+                    if (report.remote.reachable === true) {
+                        console.log(`  Remote probe latency: ${report.remote.latencyMs ?? "?"}ms`);
+                    }
+                    else if (report.remote.reachable === false) {
+                        console.log(`  Remote probe error: ${report.remote.error ?? "Unknown error"}`);
+                    }
+                    else {
+                        console.log("  Remote probe: skipped");
+                    }
+                }
+                if (!report.ok) {
+                    process.exit(1);
+                }
+            }
+            catch (err) {
+                console.error(`Doctor failed: ${err instanceof Error ? err.message : err}`);
+                process.exit(1);
+            }
+        });
+    }, { commands: ["orgx"] });
+}

package/dist/config/refresh.d.ts

@@ -0,0 +1,32 @@
+import type { OnboardingState } from "../types.js";
+import type { PluginApiLike, ResolvedConfig } from "./resolution.js";
+type AuthStoreState = {
+    apiKey?: string | null;
+    userId?: string | null;
+} | null;
+type RefreshInput = {
+    reason?: string;
+    allowApiKeyChanges?: boolean;
+};
+type RefreshDeps = {
+    api: PluginApiLike;
+    config: ResolvedConfig;
+    loadAuthStore: () => AuthStoreState;
+    resolveConfig: (api: PluginApiLike, input: {
+        installationId: string;
+        persistedApiKey: string | null;
+        persistedUserId: string | null;
+    }) => ResolvedConfig;
+    updateOnboardingState: (updates: Partial<OnboardingState>) => unknown;
+    setCredentials: (input: {
+        apiKey: string;
+        userId: string;
+        baseUrl: string;
+    }) => void;
+    logInfo?: (message: string, meta?: Record<string, unknown>) => void;
+};
+export declare function refreshResolvedConfig(deps: RefreshDeps, input?: RefreshInput): {
+    changed: boolean;
+    baseApiUrl: string;
+};
+export {};

package/dist/config/refresh.js

@@ -0,0 +1,55 @@
+export function refreshResolvedConfig(deps, input) {
+    const allowApiKeyChanges = input?.allowApiKeyChanges !== false;
+    const previousApiKey = deps.config.apiKey;
+    const previousBaseUrl = deps.config.baseUrl;
+    const previousUserId = deps.config.userId;
+    const previousDocsUrl = deps.config.docsUrl;
+    const previousKeySource = deps.config.apiKeySource;
+    const latestPersisted = deps.loadAuthStore();
+    const next = deps.resolveConfig(deps.api, {
+        installationId: deps.config.installationId,
+        persistedApiKey: latestPersisted?.apiKey ?? null,
+        persistedUserId: latestPersisted?.userId ?? null,
+    });
+    const nextApiKey = allowApiKeyChanges ? next.apiKey : previousApiKey;
+    const nextUserId = allowApiKeyChanges ? next.userId : previousUserId;
+    const changed = nextApiKey !== previousApiKey ||
+        next.baseUrl !== previousBaseUrl ||
+        nextUserId !== previousUserId ||
+        next.docsUrl !== previousDocsUrl ||
+        next.apiKeySource !== previousKeySource;
+    if (!changed) {
+        return {
+            changed: false,
+            baseApiUrl: deps.config.baseUrl.replace(/\/+$/, ""),
+        };
+    }
+    if (allowApiKeyChanges) {
+        deps.config.apiKey = nextApiKey;
+        deps.config.userId = nextUserId;
+        deps.config.apiKeySource = next.apiKeySource;
+    }
+    deps.config.baseUrl = next.baseUrl;
+    deps.config.docsUrl = next.docsUrl;
+    deps.setCredentials({
+        apiKey: deps.config.apiKey,
+        userId: deps.config.userId,
+        baseUrl: deps.config.baseUrl,
+    });
+    deps.updateOnboardingState({
+        hasApiKey: Boolean(deps.config.apiKey),
+        keySource: deps.config.apiKeySource,
+        docsUrl: deps.config.docsUrl,
+        installationId: deps.config.installationId,
+    });
+    deps.logInfo?.("[orgx] Config refreshed", {
+        reason: input?.reason ?? "runtime_refresh",
+        baseUrl: deps.config.baseUrl,
+        hasApiKey: Boolean(deps.config.apiKey),
+        apiKeySource: deps.config.apiKeySource,
+    });
+    return {
+        changed: true,
+        baseApiUrl: deps.config.baseUrl.replace(/\/+$/, ""),
+    };
+}

package/dist/config/resolution.d.ts

@@ -0,0 +1,37 @@
+import type { OrgXConfig } from "../types.js";
+export interface ResolvedConfig extends OrgXConfig {
+    dashboardEnabled: boolean;
+    installationId: string;
+    pluginVersion: string;
+    docsUrl: string;
+    apiKeySource: "config" | "environment" | "persisted" | "openclaw-config-file" | "legacy-dev" | "none";
+}
+export interface PluginApiLike {
+    config?: {
+        plugins?: {
+            entries?: {
+                orgx?: {
+                    config?: Partial<OrgXConfig & {
+                        dashboardEnabled: boolean;
+                    }>;
+                };
+            };
+        };
+    };
+}
+export declare function isUserScopedApiKey(apiKey: string): boolean;
+export declare function resolveRuntimeUserId(apiKey: string, candidates: Array<string | null | undefined>): string;
+export declare function normalizeBaseUrl(raw: string | undefined): string;
+export declare function readLegacyEnvValue(keyPattern: RegExp): string;
+export declare function readOpenClawOrgxConfig(): {
+    apiKey: string;
+    userId: string;
+    baseUrl: string;
+};
+export declare function resolvePluginVersion(): string;
+export declare function resolveDocsUrl(baseUrl: string): string;
+export declare function resolveConfig(api: PluginApiLike, input: {
+    installationId: string;
+    persistedApiKey: string | null;
+    persistedUserId: string | null;
+}): ResolvedConfig;