aamp-openclaw-plugin 0.1.19-alpha.0 → 0.1.20

package/bin/aamp-openclaw-plugin.mjs

@@ -11,6 +11,36 @@ import { fileURLToPath } from 'node:url'
 const PLUGIN_ID = 'aamp-openclaw-plugin'
 const DEFAULT_AAMP_HOST = 'https://meshmail.ai'
 const DEFAULT_CREDENTIALS_FILE = '~/.openclaw/extensions/aamp-openclaw-plugin/.credentials.json'
+const CODING_TOOL_ALLOWLIST = [
+  'read',
+  'write',
+  'edit',
+  'apply_patch',
+  'exec',
+  'process',
+  'web_search',
+  'web_fetch',
+  'memory_search',
+  'memory_get',
+  'sessions_list',
+  'sessions_history',
+  'sessions_send',
+  'sessions_spawn',
+  'sessions_yield',
+  'subagents',
+  'session_status',
+  'cron',
+  'image',
+  'image_generate',
+]
+const AAMP_PLUGIN_TOOL_ALLOWLIST = [
+  'aamp_send_result',
+  'aamp_send_help',
+  'aamp_pending_tasks',
+  'aamp_dispatch_task',
+  'aamp_check_protocol',
+  'aamp_download_attachment',
+]
 
 function resolveOpenClawHome() {
   return process.env.OPENCLAW_HOME?.trim() || join(homedir(), '.openclaw')
@@ -46,12 +76,11 @@ function normalizeBaseUrl(url) {
   return `https://${url.replace(/\/$/, '')}`
 }
 
-function ensurePluginConfig(config, pluginConfig, installRecord) {
+function ensurePluginConfig(config, pluginConfig, options = {}) {
   const next = config && typeof config === 'object' ? structuredClone(config) : {}
   if (!next.plugins || typeof next.plugins !== 'object') next.plugins = {}
   if (!Array.isArray(next.plugins.allow)) next.plugins.allow = []
   if (!next.plugins.entries || typeof next.plugins.entries !== 'object') next.plugins.entries = {}
-  if (!next.plugins.installs || typeof next.plugins.installs !== 'object') next.plugins.installs = {}
 
   if (!next.plugins.allow.includes(PLUGIN_ID)) {
     next.plugins.allow.push(PLUGIN_ID)
@@ -77,17 +106,65 @@ function ensurePluginConfig(config, pluginConfig, installRecord) {
     delete next.plugins.entries.aamp
   }
 
-  if (next.plugins.installs.aamp) {
-    delete next.plugins.installs.aamp
-  }
+  next.tools = ensureAampToolAllowlist(next.tools, options)
 
-  if (installRecord) {
-    next.plugins.installs[PLUGIN_ID] = installRecord
-  }
+  return next
+}
+
+function ensureAampToolAllowlist(toolsConfig, options = {}) {
+  const next = toolsConfig && typeof toolsConfig === 'object' ? structuredClone(toolsConfig) : {}
+  const existingAllow = Array.isArray(next.allow) ? next.allow.filter((value) => typeof value === 'string' && value.trim()) : []
+  const includeCodingBaseline = options.includeCodingBaseline === true
+
+  const mergedAllow = [
+    ...existingAllow,
+    ...(includeCodingBaseline ? CODING_TOOL_ALLOWLIST : []),
+    ...AAMP_PLUGIN_TOOL_ALLOWLIST,
+  ]
+
+  next.allow = Array.from(new Set(mergedAllow))
 
   return next
 }
 
+function planToolPolicyUpdate(toolsConfig, options = {}) {
+  const current = toolsConfig && typeof toolsConfig === 'object' ? structuredClone(toolsConfig) : {}
+  const existingAllow = Array.isArray(current.allow) ? current.allow.filter((value) => typeof value === 'string' && value.trim()) : []
+  const includeCodingBaseline = options.includeCodingBaseline === true
+  const missingAampTools = AAMP_PLUGIN_TOOL_ALLOWLIST.filter((tool) => !existingAllow.includes(tool))
+  const currentProfile = typeof current.profile === 'string' ? current.profile : undefined
+  const missingCodingTools = includeCodingBaseline
+    ? CODING_TOOL_ALLOWLIST.filter((tool) => !existingAllow.includes(tool))
+    : []
+
+  return {
+    current,
+    missingAampTools,
+    missingCodingTools,
+    needsAnyChange: missingAampTools.length > 0 || missingCodingTools.length > 0,
+    needsNonPluginChange: missingCodingTools.length > 0,
+    currentProfile,
+    next: ensureAampToolAllowlist(current, { includeCodingBaseline }),
+  }
+}
+
+function currentToolPolicySummary(plan) {
+  const lines = []
+  if (plan.currentProfile) {
+    lines.push(`  current tools.profile: ${plan.currentProfile}`)
+  } else {
+    lines.push(`  current tools.profile: (none)`)
+  }
+  lines.push(`  current tools.allow count: ${Array.isArray(plan.current.allow) ? plan.current.allow.length : 0}`)
+  if (plan.missingAampTools.length > 0) {
+    lines.push(`  missing AAMP tools: ${plan.missingAampTools.join(', ')}`)
+  }
+  if (plan.needsNonPluginChange) {
+    lines.push(`  additional core tools to add: ${plan.missingCodingTools.join(', ')}`)
+  }
+  return lines.join('\n')
+}
+
 function parseDispatchContextRules(raw) {
   const trimmed = raw.trim()
   if (!trimmed) return undefined
@@ -130,9 +207,34 @@ function copyIntoDir(src, dest) {
   cpSync(src, dest, { recursive: true, force: true })
 }
 
+function ensureBuiltArtifacts(packageRoot) {
+  const entryFile = join(packageRoot, 'dist', 'index.js')
+  if (existsSync(entryFile)) return
+
+  const result = spawnSync('npm', ['run', 'build'], {
+    cwd: packageRoot,
+    encoding: 'utf-8',
+  })
+
+  if (result.error) {
+    throw new Error(`Failed to build plugin artifacts: ${result.error.message}`)
+  }
+
+  if (result.status !== 0) {
+    throw new Error(
+      `Failed to build plugin artifacts: ${(result.stderr || result.stdout || `exit code ${result.status}`).trim()}`,
+    )
+  }
+
+  if (!existsSync(entryFile)) {
+    throw new Error(`Plugin build completed but ${entryFile} is still missing`)
+  }
+}
+
 function installPluginFiles(credentialsFile = DEFAULT_CREDENTIALS_FILE) {
   const extensionDir = resolveExtensionDir()
   const packageRoot = packageRootFromEntry(fileURLToPath(import.meta.url))
+  ensureBuiltArtifacts(packageRoot)
   const packageJson = readJsonFile(join(packageRoot, 'package.json'))
   const credentialsPath = expandHome(credentialsFile)
   const existingCredentials = existsSync(credentialsPath)
@@ -151,12 +253,24 @@ function installPluginFiles(credentialsFile = DEFAULT_CREDENTIALS_FILE) {
 
   writeJsonFile(join(extensionDir, 'package.json'), packageJson)
 
+  const dependencyPackages = ['aamp-sdk', 'ws', 'nodemailer']
+  const nodeModulesDir = join(extensionDir, 'node_modules')
+  mkdirSync(nodeModulesDir, { recursive: true })
+
+  for (const dep of dependencyPackages) {
+    const depRoot = join(packageRoot, 'node_modules', dep)
+    if (!existsSync(depRoot)) {
+      throw new Error(`Missing dependency directory: ${depRoot}`)
+    }
+    copyIntoDir(depRoot, join(nodeModulesDir, dep))
+  }
+
   if (existingCredentials) {
     mkdirSync(dirname(credentialsPath), { recursive: true })
     writeFileSync(credentialsPath, existingCredentials)
   }
 
-  return { extensionDir, packageJson, packageRoot }
+  return extensionDir
 }
 
 function restartGateway() {
@@ -184,28 +298,6 @@ function restartGateway() {
   }
 }
 
-async function fetchJson(url, init, stepLabel) {
-  let res
-  try {
-    res = await fetch(url, init)
-  } catch (error) {
-    const message = error instanceof Error ? error.message : String(error)
-    throw new Error(`${stepLabel} failed for ${url}: ${message}`)
-  }
-
-  if (!res.ok) {
-    const text = await res.text().catch(() => '')
-    throw new Error(`${stepLabel} failed (${res.status}) for ${url}: ${text || res.statusText}`)
-  }
-
-  try {
-    return await res.json()
-  } catch (error) {
-    const message = error instanceof Error ? error.message : String(error)
-    throw new Error(`${stepLabel} returned invalid JSON for ${url}: ${message}`)
-  }
-}
-
 async function ensureMailboxIdentity({ aampHost, slug, credentialsFile }) {
   const resolvedCreds = expandHome(credentialsFile)
   if (existsSync(resolvedCreds)) {
@@ -213,30 +305,33 @@ async function ensureMailboxIdentity({ aampHost, slug, credentialsFile }) {
   }
 
   const base = normalizeBaseUrl(aampHost)
-  const registerUrl = `${base}/api/nodes/self-register`
-  const registerData = await fetchJson(
-    registerUrl,
-    {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({
-        slug,
-        description: 'OpenClaw AAMP agent node',
-      }),
-    },
-    'AAMP self-register',
-  )
+  const registerRes = await fetch(`${base}/api/nodes/self-register`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({
+      slug,
+      description: 'OpenClaw AAMP agent node',
+    }),
+  })
+
+  if (!registerRes.ok) {
+    const text = await registerRes.text().catch(() => '')
+    throw new Error(`AAMP self-register failed (${registerRes.status}): ${text || registerRes.statusText}`)
+  }
+
+  const registerData = await registerRes.json()
   const code = registerData?.registrationCode
   if (!code) {
     throw new Error('AAMP self-register succeeded but no registrationCode was returned')
   }
 
-  const credUrl = `${base}/api/nodes/credentials?code=${encodeURIComponent(code)}`
-  const credData = await fetchJson(
-    credUrl,
-    undefined,
-    'AAMP credential exchange',
-  )
+  const credRes = await fetch(`${base}/api/nodes/credentials?code=${encodeURIComponent(code)}`)
+  if (!credRes.ok) {
+    const text = await credRes.text().catch(() => '')
+    throw new Error(`AAMP credential exchange failed (${credRes.status}): ${text || credRes.statusText}`)
+  }
+
+  const credData = await credRes.json()
   const identity = {
     email: credData?.email,
     jmapToken: credData?.jmap?.token,
@@ -278,6 +373,7 @@ async function runInit() {
   let senderPolicies = previousConfig?.senderPolicies
   let slug = previousSlug
   let reuseExistingConfig = Boolean(previousConfig)
+  let includeCodingBaseline = false
 
   if (input.isTTY) {
     const rl = createInterface({ input, output })
@@ -319,6 +415,28 @@ async function runInit() {
           senderPolicies = undefined
         }
       }
+
+      const codingPromptPlan = planToolPolicyUpdate(existing?.tools, { includeCodingBaseline: true })
+      const shouldOfferCodingBaseline =
+        codingPromptPlan.missingCodingTools.length > 0 &&
+        !Array.isArray(existing?.tools?.allow) &&
+        !(typeof existing?.tools?.profile === 'string' && existing.tools.profile.trim())
+
+      if (shouldOfferCodingBaseline) {
+        output.write(
+          [
+            '',
+            'Optional tool policy upgrade:',
+            '  Default init only adds the AAMP plugin tools needed for mailbox-style task receive/reply.',
+            '  If this agent also needs file/shell/web coding workflows, you can additionally add',
+            '  the coding baseline tool set now.',
+            currentToolPolicySummary(codingPromptPlan),
+            '',
+          ].join('\n'),
+        )
+        const toolAnswer = await rl.question('Also add coding baseline tools? [y/N]: ')
+        includeCodingBaseline = isYes(toolAnswer, false)
+      }
     } finally {
       rl.close()
     }
@@ -340,27 +458,17 @@ async function runInit() {
   }
 
   output.write('\nInstalling OpenClaw plugin files...\n')
-  const { extensionDir, packageJson, packageRoot } = installPluginFiles(previousCredentialsFile)
-  const nowIso = new Date().toISOString()
-  const installRecord = {
-    source: 'npm',
-    spec: packageJson.name,
-    sourcePath: packageRoot,
-    installPath: extensionDir,
-    version: packageJson.version,
-    resolvedName: packageJson.name,
-    resolvedVersion: packageJson.version,
-    resolvedSpec: `${packageJson.name}@${packageJson.version}`,
-    installedAt: nowIso,
-    resolvedAt: nowIso,
-  }
+  const extensionDir = installPluginFiles(previousCredentialsFile)
 
+  const toolPolicyPlan = planToolPolicyUpdate(existing?.tools, { includeCodingBaseline })
   const next = ensurePluginConfig(existing, {
     aampHost,
     slug,
     credentialsFile: DEFAULT_CREDENTIALS_FILE,
     ...(senderPolicies ? { senderPolicies } : {}),
-  }, installRecord)
+  }, {
+    includeCodingBaseline,
+  })
 
   writeJsonFile(configPath, next)
 
@@ -383,6 +491,8 @@ async function runInit() {
       `  aampHost: ${aampHost}`,
       `  credentialsFile: ${DEFAULT_CREDENTIALS_FILE}`,
       `  senderPolicies: ${senderPolicies ? JSON.stringify(senderPolicies) : '(allow all)'}`,
+      `  tools.allow: ${JSON.stringify(next.tools?.allow ?? [])}`,
+      `  codingBaselineAdded: ${toolPolicyPlan.missingCodingTools.length > 0 && includeCodingBaseline ? 'yes' : 'no'}`,
       identityResult.created
         ? `  mailbox: ${identityResult.email} (registered and saved to ${identityResult.credentialsPath})`
         : `  mailbox: existing credentials reused from ${identityResult.credentialsPath}`,

package/dist/file-store.js

@@ -1,12 +1,38 @@
-import { createRequire as __aampCreateRequire } from "module"; const require = __aampCreateRequire(import.meta.url);
-import {
-  defaultCredentialsPath,
-  ensureDir,
-  loadCachedIdentity,
-  readBinaryFile,
-  saveCachedIdentity,
-  writeBinaryFile
-} from "./chunk-ORTVVAMV.js";
+// src/file-store.ts
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { homedir } from "node:os";
+function defaultCredentialsPath() {
+  return join(homedir(), ".openclaw", "extensions", "aamp-openclaw-plugin", ".credentials.json");
+}
+function loadCachedIdentity(file) {
+  const resolved = file ?? defaultCredentialsPath();
+  if (!existsSync(resolved))
+    return null;
+  try {
+    const parsed = JSON.parse(readFileSync(resolved, "utf-8"));
+    if (!parsed.email || !parsed.jmapToken || !parsed.smtpPassword)
+      return null;
+    return parsed;
+  } catch {
+    return null;
+  }
+}
+function saveCachedIdentity(identity, file) {
+  const resolved = file ?? defaultCredentialsPath();
+  mkdirSync(dirname(resolved), { recursive: true });
+  writeFileSync(resolved, JSON.stringify(identity, null, 2), "utf-8");
+}
+function ensureDir(dir) {
+  mkdirSync(dir, { recursive: true });
+}
+function readBinaryFile(path) {
+  return readFileSync(path);
+}
+function writeBinaryFile(path, content) {
+  mkdirSync(dirname(path), { recursive: true });
+  writeFileSync(path, content);
+}
 export {
   defaultCredentialsPath,
   ensureDir,

package/dist/file-store.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
-  "sources": [],
-  "sourcesContent": [],
-  "mappings": "",
+  "sources": ["../src/file-store.ts"],
+  "sourcesContent": ["import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs'\nimport { dirname, join } from 'node:path'\nimport { homedir } from 'node:os'\n\nexport interface Identity {\n  email: string\n  jmapToken: string\n  smtpPassword: string\n}\n\nexport function defaultCredentialsPath(): string {\n  return join(homedir(), '.openclaw', 'extensions', 'aamp-openclaw-plugin', '.credentials.json')\n}\n\nexport function loadCachedIdentity(file?: string): Identity | null {\n  const resolved = file ?? defaultCredentialsPath()\n  if (!existsSync(resolved)) return null\n  try {\n    const parsed = JSON.parse(readFileSync(resolved, 'utf-8')) as Partial<Identity>\n    if (!parsed.email || !parsed.jmapToken || !parsed.smtpPassword) return null\n    return parsed as Identity\n  } catch {\n    return null\n  }\n}\n\nexport function saveCachedIdentity(identity: Identity, file?: string): void {\n  const resolved = file ?? defaultCredentialsPath()\n  mkdirSync(dirname(resolved), { recursive: true })\n  writeFileSync(resolved, JSON.stringify(identity, null, 2), 'utf-8')\n}\n\nexport function ensureDir(dir: string): void {\n  mkdirSync(dir, { recursive: true })\n}\n\nexport function readBinaryFile(path: string): Buffer {\n  return readFileSync(path)\n}\n\nexport function writeBinaryFile(path: string, content: Uint8Array | Buffer): void {\n  mkdirSync(dirname(path), { recursive: true })\n  writeFileSync(path, content)\n}\n"],
+  "mappings": ";AAAA,SAAS,YAAY,WAAW,cAAc,qBAAqB;AACnE,SAAS,SAAS,YAAY;AAC9B,SAAS,eAAe;AAQjB,SAAS,yBAAiC;AAC/C,SAAO,KAAK,QAAQ,GAAG,aAAa,cAAc,wBAAwB,mBAAmB;AAC/F;AAEO,SAAS,mBAAmB,MAAgC;AACjE,QAAM,WAAW,QAAQ,uBAAuB;AAChD,MAAI,CAAC,WAAW,QAAQ;AAAG,WAAO;AAClC,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,aAAa,UAAU,OAAO,CAAC;AACzD,QAAI,CAAC,OAAO,SAAS,CAAC,OAAO,aAAa,CAAC,OAAO;AAAc,aAAO;AACvE,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,mBAAmB,UAAoB,MAAqB;AAC1E,QAAM,WAAW,QAAQ,uBAAuB;AAChD,YAAU,QAAQ,QAAQ,GAAG,EAAE,WAAW,KAAK,CAAC;AAChD,gBAAc,UAAU,KAAK,UAAU,UAAU,MAAM,CAAC,GAAG,OAAO;AACpE;AAEO,SAAS,UAAU,KAAmB;AAC3C,YAAU,KAAK,EAAE,WAAW,KAAK,CAAC;AACpC;AAEO,SAAS,eAAe,MAAsB;AACnD,SAAO,aAAa,IAAI;AAC1B;AAEO,SAAS,gBAAgB,MAAc,SAAoC;AAChF,YAAU,QAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC5C,gBAAc,MAAM,OAAO;AAC7B;",
   "names": []
 }