@zyclaw/webot 0.1.0

package/src/relay-client.ts

@@ -0,0 +1,600 @@
+// ── WeBot relay client — WebSocket connection, auth, heartbeat, reconnect ──
+
+import crypto from "node:crypto";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import type { PluginLogger } from "openclaw/plugin-sdk";
+import {
+  DEFAULT_HEARTBEAT_INTERVAL_MS,
+  DEFAULT_MAX_RECONNECT_INTERVAL_MS,
+  DEFAULT_RECONNECT_INTERVAL_MS,
+  DEFAULT_SERVER_URL,
+  RECONNECT_JITTER_MS,
+  REQUEST_TIMEOUT_MS,
+  WEBOT_VERSION,
+} from "./constants.js";
+import type {
+  AuthPendingFrame,
+  ClaimStatusData,
+  FeedResponse,
+  FriendAcceptResponse,
+  FriendListResponse,
+  FriendRequestFrame,
+  FriendRequestSentResponse,
+  FriendRequestsResponse,
+  IncomingMessageFrame,
+  MessageHistoryResponse,
+  ServerPushFrame,
+} from "./protocol.js";
+
+// ── Device identity (inline minimal implementation) ──
+// The core loadOrCreateDeviceIdentity is not exported via plugin-sdk,
+// so we provide a self-contained Ed25519 identity loader here.
+
+type DeviceIdentity = {
+  deviceId: string;
+  publicKeyPem: string;
+  privateKeyPem: string;
+};
+
+type StoredIdentity = {
+  version: 1;
+  deviceId: string;
+  publicKeyPem: string;
+  privateKeyPem: string;
+  createdAtMs: number;
+};
+
+const ED25519_SPKI_PREFIX = Buffer.from("302a300506032b6570032100", "hex");
+
+function base64UrlEncode(buf: Buffer): string {
+  return buf
+    .toString("base64")
+    .replaceAll("+", "-")
+    .replaceAll("/", "_")
+    .replace(/=+$/g, "");
+}
+
+function derivePublicKeyRaw(publicKeyPem: string): Buffer {
+  const key = crypto.createPublicKey(publicKeyPem);
+  const spki = key.export({ type: "spki", format: "der" }) as Buffer;
+  if (
+    spki.length === ED25519_SPKI_PREFIX.length + 32 &&
+    spki
+      .subarray(0, ED25519_SPKI_PREFIX.length)
+      .equals(ED25519_SPKI_PREFIX)
+  ) {
+    return spki.subarray(ED25519_SPKI_PREFIX.length);
+  }
+  return spki;
+}
+
+function fingerprintPublicKey(publicKeyPem: string): string {
+  const raw = derivePublicKeyRaw(publicKeyPem);
+  return crypto.createHash("sha256").update(raw).digest("hex");
+}
+
+function loadOrCreateDeviceIdentity(): DeviceIdentity {
+  const dir = path.join(os.homedir(), ".openclaw", "identity");
+  const filePath = path.join(dir, "device.json");
+
+  try {
+    if (fs.existsSync(filePath)) {
+      const raw = fs.readFileSync(filePath, "utf8");
+      const parsed = JSON.parse(raw) as StoredIdentity;
+      if (
+        parsed?.version === 1 &&
+        typeof parsed.deviceId === "string" &&
+        typeof parsed.publicKeyPem === "string" &&
+        typeof parsed.privateKeyPem === "string"
+      ) {
+        return {
+          deviceId: parsed.deviceId,
+          publicKeyPem: parsed.publicKeyPem,
+          privateKeyPem: parsed.privateKeyPem,
+        };
+      }
+    }
+  } catch {
+    // fall through to generate
+  }
+
+  // Generate new Ed25519 keypair
+  const { publicKey, privateKey } = crypto.generateKeyPairSync("ed25519");
+  const publicKeyPem = publicKey
+    .export({ type: "spki", format: "pem" })
+    .toString();
+  const privateKeyPem = privateKey
+    .export({ type: "pkcs8", format: "pem" })
+    .toString();
+  const deviceId = fingerprintPublicKey(publicKeyPem);
+
+  const stored: StoredIdentity = {
+    version: 1,
+    deviceId,
+    publicKeyPem,
+    privateKeyPem,
+    createdAtMs: Date.now(),
+  };
+  fs.mkdirSync(dir, { recursive: true });
+  fs.writeFileSync(filePath, `${JSON.stringify(stored, null, 2)}\n`, {
+    mode: 0o600,
+  });
+  try {
+    fs.chmodSync(filePath, 0o600);
+  } catch {
+    // best-effort
+  }
+
+  return { deviceId, publicKeyPem, privateKeyPem };
+}
+
+function signDevicePayload(privateKeyPem: string, payload: string): string {
+  const key = crypto.createPrivateKey(privateKeyPem);
+  const sig = crypto.sign(null, Buffer.from(payload, "utf8"), key);
+  return base64UrlEncode(sig);
+}
+
+// ── Config ──
+
+export type RelayConfig = {
+  server: string;
+  name?: string;
+  reconnectIntervalMs: number;
+  maxReconnectIntervalMs: number;
+  heartbeatIntervalMs: number;
+};
+
+// ── Pending request tracker ──
+
+type PendingRequest = {
+  resolve: (data: unknown) => void;
+  reject: (err: Error) => void;
+  timer: ReturnType<typeof setTimeout>;
+};
+
+// ── Client factory ──
+
+export type RelayClient = ReturnType<typeof createRelayClient>;
+
+export function createRelayClient(
+  config: RelayConfig,
+  logger: PluginLogger,
+) {
+  const identity = loadOrCreateDeviceIdentity();
+  let ws: WebSocket | null = null;
+  let heartbeatTimer: ReturnType<typeof setInterval> | null = null;
+  let reconnectTimer: ReturnType<typeof setTimeout> | null = null;
+  let reconnectDelay =
+    config.reconnectIntervalMs || DEFAULT_RECONNECT_INTERVAL_MS;
+  let connected = false;
+  let authenticated = false;
+  let claimPending = false;
+  let stopping = false;
+
+  // Claim state — populated when server returns auth_pending
+  let currentClaimInfo: AuthPendingFrame | null = null;
+
+  // Request-response matching
+  let reqCounter = 0;
+  const pendingRequests = new Map<string, PendingRequest>();
+
+  // Incoming message callback
+  let onIncomingMessage: ((msg: IncomingMessageFrame) => void) | null = null;
+
+  // Friend status callbacks
+  let onFriendOnline: ((deviceId: string, username: string) => void) | null =
+    null;
+  let onFriendOffline: ((deviceId: string, username: string) => void) | null =
+    null;
+
+  // Friend request notification callback
+  let onFriendRequest: ((frame: FriendRequestFrame) => void) | null = null;
+
+  // Claim pending callback — invoked when bot receives auth_pending
+  let onClaimPending: ((frame: AuthPendingFrame) => void) | null = null;
+
+  // Auth OK callback — invoked when bot is claimed or reconnects
+  let onAuthOk: (() => void) | null = null;
+
+  // ── Connect ──
+
+  const connect = () => {
+    if (stopping) return;
+
+    try {
+      ws = new WebSocket(config.server || DEFAULT_SERVER_URL);
+    } catch (err) {
+      logger.error(`WeBot connect failed: ${String(err)}`);
+      scheduleReconnect();
+      return;
+    }
+
+    ws.onopen = () => {
+      logger.info("WeBot: connected, authenticating...");
+      reconnectDelay =
+        config.reconnectIntervalMs || DEFAULT_RECONNECT_INTERVAL_MS;
+
+      // Send auth frame (Ed25519 signature, no apiKey)
+      const signedAt = Date.now();
+      const payload = `${identity.deviceId}:${signedAt}`;
+      const signature = signDevicePayload(identity.privateKeyPem, payload);
+
+      ws!.send(
+        JSON.stringify({
+          type: "auth",
+          deviceId: identity.deviceId,
+          publicKey: identity.publicKeyPem,
+          signature,
+          signedAt,
+          ...(config.name ? { name: config.name } : {}),
+          version: WEBOT_VERSION,
+          platform: `${process.platform}-${process.arch}`,
+        }),
+      );
+    };
+
+    ws.onmessage = (ev) => {
+      try {
+        const frame = JSON.parse(String(ev.data)) as ServerPushFrame;
+        handleFrame(frame);
+      } catch (err) {
+        logger.error(`WeBot: invalid frame: ${String(err)}`);
+      }
+    };
+
+    ws.onclose = () => {
+      connected = false;
+      authenticated = false;
+      claimPending = false;
+      stopHeartbeat();
+      if (!stopping) {
+        logger.warn("WeBot: disconnected, scheduling reconnect...");
+        scheduleReconnect();
+      }
+    };
+
+    ws.onerror = (err) => {
+      logger.error(`WeBot: WebSocket error: ${String(err)}`);
+      ws?.close();
+    };
+  };
+
+  // ── Frame handler ──
+
+  const handleFrame = (frame: ServerPushFrame) => {
+    const type = frame.type;
+
+    switch (type) {
+      case "auth_ok":
+        authenticated = true;
+        connected = true;
+        claimPending = false;
+        currentClaimInfo = null;
+        logger.info(
+          `WeBot: authenticated as ${frame.botName} (${identity.deviceId.slice(0, 8)}...)`,
+        );
+        startHeartbeat();
+        onAuthOk?.();
+        break;
+
+      case "auth_pending":
+        // Bot is unclaimed — show claim code to user
+        connected = true;
+        claimPending = true;
+        currentClaimInfo = frame;
+        logger.info(
+          `WeBot: awaiting claim — code: ${frame.claimCode} — visit ${frame.claimUrl}`,
+        );
+        startHeartbeat();
+        onClaimPending?.(frame);
+        break;
+
+      case "auth_error":
+        logger.error(`WeBot: auth failed: ${frame.error ?? frame.message ?? frame.code ?? JSON.stringify(frame)}`);
+        // Auth failure means signature/key issue — don't retry
+        stopping = true;
+        ws?.close();
+        break;
+
+      case "pong":
+        // Heartbeat acknowledged
+        break;
+
+      case "response": {
+        const reqId = frame.reqId;
+        const pending = pendingRequests.get(reqId);
+        if (pending) {
+          pendingRequests.delete(reqId);
+          clearTimeout(pending.timer);
+          if (frame.ok) {
+            pending.resolve(frame.data);
+          } else {
+            const errMsg =
+              frame.error?.message || "request failed";
+            pending.reject(new Error(errMsg));
+          }
+        }
+        break;
+      }
+
+      case "message.incoming":
+        onIncomingMessage?.(frame);
+        break;
+
+      case "offline.messages": {
+        const messages = frame.messages || [];
+        for (const msg of messages) {
+          onIncomingMessage?.(msg);
+        }
+        break;
+      }
+
+      case "friend.online":
+        logger.info(`WeBot: ${frame.username} is now online`);
+        onFriendOnline?.(frame.deviceId, frame.username);
+        break;
+
+      case "friend.offline":
+        logger.info(`WeBot: ${frame.username} is now offline`);
+        onFriendOffline?.(frame.deviceId, frame.username);
+        break;
+
+      case "friend.request":
+        logger.info(
+          `WeBot: friend request from ${frame.fromUsername}`,
+        );
+        onFriendRequest?.(frame);
+        break;
+
+      case "friend.accepted":
+        logger.info(
+          `WeBot: ${frame.username} accepted your friend request`,
+        );
+        break;
+
+      case "friend.removed":
+        logger.info(
+          `WeBot: ${frame.username} removed friend relationship`,
+        );
+        break;
+
+      case "error":
+        logger.error(
+          `WeBot: server error [${frame.code}]: ${frame.message}`,
+        );
+        break;
+
+      case "server.announce":
+        logger.info(
+          `WeBot: [${frame.level}] ${frame.title}: ${frame.message}`,
+        );
+        break;
+
+      default:
+        logger.debug?.(
+          `WeBot: unknown frame type: ${(frame as { type: string }).type}`,
+        );
+    }
+  };
+
+  // ── Request-response helper ──
+
+  // Frame types allowed during auth_pending state (before full auth)
+  const CLAIM_ALLOWED_TYPES = new Set(["claim.status"]);
+
+  const request = <T = unknown>(
+    type: string,
+    payload: Record<string, unknown> = {},
+  ): Promise<T> => {
+    return new Promise((resolve, reject) => {
+      const canSend =
+        (authenticated || (claimPending && CLAIM_ALLOWED_TYPES.has(type))) &&
+        ws &&
+        ws.readyState === WebSocket.OPEN;
+      if (!canSend) {
+        reject(new Error("WeBot: not connected"));
+        return;
+      }
+
+      const id = `req-${++reqCounter}`;
+      const timer = setTimeout(() => {
+        pendingRequests.delete(id);
+        reject(new Error(`WeBot: request timeout (${type})`));
+      }, REQUEST_TIMEOUT_MS);
+
+      pendingRequests.set(id, {
+        resolve: resolve as (v: unknown) => void,
+        reject,
+        timer,
+      });
+      ws.send(JSON.stringify({ type, id, ...payload }));
+    });
+  };
+
+  // ── Heartbeat ──
+
+  const startHeartbeat = () => {
+    stopHeartbeat();
+    heartbeatTimer = setInterval(() => {
+      if (ws?.readyState === WebSocket.OPEN) {
+        ws.send(JSON.stringify({ type: "ping", ts: Date.now() }));
+      }
+    }, config.heartbeatIntervalMs || DEFAULT_HEARTBEAT_INTERVAL_MS);
+  };
+
+  const stopHeartbeat = () => {
+    if (heartbeatTimer) {
+      clearInterval(heartbeatTimer);
+      heartbeatTimer = null;
+    }
+  };
+
+  // ── Exponential backoff reconnect ──
+
+  const scheduleReconnect = () => {
+    if (stopping) return;
+    const jitter = Math.random() * RECONNECT_JITTER_MS;
+    const maxDelay =
+      config.maxReconnectIntervalMs || DEFAULT_MAX_RECONNECT_INTERVAL_MS;
+    const delay = Math.min(reconnectDelay + jitter, maxDelay);
+    logger.info(`WeBot: reconnecting in ${Math.round(delay)}ms...`);
+    reconnectTimer = setTimeout(() => {
+      reconnectDelay = Math.min(reconnectDelay * 2, maxDelay);
+      connect();
+    }, delay);
+  };
+
+  // ── Public API ──
+
+  return {
+    /** Initiate WebSocket connection */
+    connect: async () => {
+      stopping = false;
+      connect();
+    },
+
+    /** Gracefully disconnect and stop reconnect */
+    disconnect: () => {
+      stopping = true;
+      stopHeartbeat();
+      if (reconnectTimer) clearTimeout(reconnectTimer);
+      // Reject all pending requests
+      for (const [, pending] of pendingRequests) {
+        clearTimeout(pending.timer);
+        pending.reject(new Error("disconnecting"));
+      }
+      pendingRequests.clear();
+      ws?.close();
+    },
+
+    /** Whether the client is connected and authenticated */
+    isConnected: () => connected && authenticated,
+
+    /** Whether the bot is awaiting claim (auth_pending state) */
+    isClaimPending: () => claimPending,
+
+    /** Get current claim info (null if not in auth_pending state) */
+    getClaimInfo: () => currentClaimInfo,
+
+    /** Get the local device ID */
+    getDeviceId: () => identity.deviceId,
+
+    /** Register callback for incoming messages */
+    onMessage: (cb: (msg: IncomingMessageFrame) => void) => {
+      onIncomingMessage = cb;
+    },
+
+    /** Register callback for auth_pending (claim needed) */
+    onClaimPending: (cb: (frame: AuthPendingFrame) => void) => {
+      onClaimPending = cb;
+    },
+
+    /** Register callback for auth_ok (bot claimed or reconnected) */
+    onAuthOk: (cb: () => void) => {
+      onAuthOk = cb;
+    },
+
+    /** Register callback for friend online events */
+    onFriendOnline: (cb: (deviceId: string, username: string) => void) => {
+      onFriendOnline = cb;
+    },
+
+    /** Register callback for friend offline events */
+    onFriendOffline: (cb: (deviceId: string, username: string) => void) => {
+      onFriendOffline = cb;
+    },
+
+    /** Register callback for incoming friend requests */
+    onFriendRequest: (cb: (frame: FriendRequestFrame) => void) => {
+      onFriendRequest = cb;
+    },
+
+    /** Send a message to another bot (by deviceId or username) */
+    sendMessage: (
+      content: string,
+      opts: { toDeviceId?: string; toUsername?: string },
+    ) => {
+      if (!opts.toDeviceId && !opts.toUsername) {
+        return Promise.reject(
+          new Error("WeBot: sendMessage requires toDeviceId or toUsername"),
+        );
+      }
+      return request("message.send", {
+        ...(opts.toDeviceId ? { toDeviceId: opts.toDeviceId } : {}),
+        ...(opts.toUsername ? { toUsername: opts.toUsername } : {}),
+        content,
+      });
+    },
+
+    /** Acknowledge a message as delivered or read */
+    ackMessage: (messageId: string, status: "delivered" | "read") =>
+      request("message.ack", { messageId, status }),
+
+    /** Get message history with a specific bot */
+    getMessageHistory: (
+      peerDeviceId: string,
+      limit?: number,
+      before?: string,
+    ) =>
+      request<MessageHistoryResponse>("message.history", {
+        peerDeviceId,
+        limit,
+        before,
+      }),
+
+    /** Get friends list with their bots and online status */
+    getFriends: () => request<FriendListResponse>("friends.bots"),
+
+    /** Send a friend request by username */
+    sendFriendRequest: (toUsername: string) =>
+      request<FriendRequestSentResponse>("friends.request", { toUsername }),
+
+    /** Get pending friend requests (received) */
+    getPendingFriendRequests: (limit?: number, cursor?: string | null) =>
+      request<FriendRequestsResponse>("friends.requests", {
+        limit: limit ?? 50,
+        cursor: cursor ?? null,
+      }),
+
+    /** Accept a friend request */
+    acceptFriendRequest: (friendshipId: string) =>
+      request<FriendAcceptResponse>("friends.accept", { friendshipId }),
+
+    /** Reject a friend request */
+    rejectFriendRequest: (friendshipId: string) =>
+      request("friends.reject", { friendshipId }),
+
+    /** Query claim status from server */
+    getClaimStatus: () =>
+      request<ClaimStatusData>("claim.status", {}),
+
+    /** Publish a social post */
+    publishPost: (content: string, visibility: string) =>
+      request("post.publish", {
+        content,
+        postType: "post",
+        visibility,
+      }),
+
+    /** Publish a diary entry (postType=diary, visibility=friends) */
+    publishDiary: (content: string) =>
+      request("post.publish", {
+        content,
+        postType: "diary",
+        visibility: "friends",
+      }),
+
+    /** Delete a post */
+    deletePost: (postId: string) => request("post.delete", { postId }),
+
+    /** Get social feed */
+    getFeed: (limit: number, cursor?: string) =>
+      request<FeedResponse>("post.feed", { limit, cursor }),
+
+    /** Update bot status */
+    updateStatus: (text?: string, emoji?: string, tags?: string[]) =>
+      request("status.update", { text, emoji, tags }),
+  };
+}