adp-openclaw 0.0.2

package/server/main.go

@@ -0,0 +1,786 @@
+// Simple Go channel server for OpenClaw (WebSocket version)
+// Supports: API Token auth, multiple clients, multi-turn conversations, real-time WebSocket communication
+package main
+
+import (
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"log"
+	"net/http"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/gorilla/websocket"
+)
+
+// WebSocket message types
+const (
+	MsgTypeAuth         = "auth"          // Client authentication
+	MsgTypeAuthResult   = "auth_result"   // Authentication result
+	MsgTypePing         = "ping"          // Heartbeat ping
+	MsgTypePong         = "pong"          // Heartbeat pong
+	MsgTypeInbound      = "inbound"       // User message to bot
+	MsgTypeOutbound     = "outbound"      // Bot reply to user
+	MsgTypeAck          = "ack"           // Message acknowledgment
+	MsgTypeError        = "error"         // Error message
+	MsgTypeConvHistory  = "conv_history"  // Request conversation history
+	MsgTypeConvResponse = "conv_response" // Conversation history response
+)
+
+// WSMessage is the base WebSocket message structure
+type WSMessage struct {
+	Type      string          `json:"type"`                // Message type
+	RequestID string          `json:"requestId,omitempty"` // Optional request ID for correlation
+	Payload   json.RawMessage `json:"payload,omitempty"`   // Message payload
+	Timestamp int64           `json:"timestamp"`           // Unix milliseconds
+}
+
+// AuthPayload for authentication request
+type AuthPayload struct {
+	Token     string `json:"token"`               // API token
+	ClientID  string `json:"clientId,omitempty"`  // Optional client ID for reconnection
+	Signature string `json:"signature,omitempty"` // HMAC signature for extra security
+	Nonce     string `json:"nonce,omitempty"`     // Random nonce for signature
+}
+
+// AuthResultPayload for authentication response
+type AuthResultPayload struct {
+	Success  bool   `json:"success"`
+	ClientID string `json:"clientId,omitempty"`
+	Message  string `json:"message,omitempty"`
+}
+
+// UserInfo represents user identity information (like Feishu multi-user support)
+type UserInfo struct {
+	UserID      string            `json:"userId"`                // Unique user identifier
+	Username    string            `json:"username,omitempty"`    // Display name
+	Avatar      string            `json:"avatar,omitempty"`      // Avatar URL
+	Email       string            `json:"email,omitempty"`       // User email
+	TenantID    string            `json:"tenantId,omitempty"`    // Tenant/Organization ID for multi-tenant
+	Source      string            `json:"source,omitempty"`      // Source platform (e.g., "web", "app", "api")
+	Extra       map[string]string `json:"extra,omitempty"`       // Additional user metadata
+}
+
+// Message represents a chat message
+type Message struct {
+	ID             string    `json:"id"`
+	ConversationID string    `json:"conversationId"` // Groups messages into conversations
+	ClientID       string    `json:"clientId"`       // Which OpenClaw client handles this
+	From           string    `json:"from"`
+	To             string    `json:"to"`
+	Text           string    `json:"text"`
+	Timestamp      int64     `json:"timestamp"`
+	User           *UserInfo `json:"user,omitempty"` // Full user identity information
+}
+
+// Conversation tracks multi-turn dialogue state
+type Conversation struct {
+	ID        string    `json:"id"`
+	UserID    string    `json:"userId"`
+	ClientID  string    `json:"clientId"` // Assigned OpenClaw client
+	Messages  []Message `json:"messages"` // Conversation history
+	CreatedAt int64     `json:"createdAt"`
+	UpdatedAt int64     `json:"updatedAt"`
+	User      *UserInfo `json:"user,omitempty"` // Associated user information
+}
+
+// Client represents a connected OpenClaw instance
+type Client struct {
+	ID         string          `json:"id"`
+	Token      string          `json:"-"` // API token (not exposed in JSON)
+	Name       string          `json:"name"`
+	LastSeenAt int64           `json:"lastSeenAt"`
+	Conn       *websocket.Conn `json:"-"` // WebSocket connection
+	ConnMu     sync.Mutex      `json:"-"` // Mutex for connection writes
+}
+
+// Server holds all state
+type Server struct {
+	mu            sync.RWMutex
+	clients       map[string]*Client       // clientID -> Client
+	tokens        map[string]string        // token -> clientID
+	conversations map[string]*Conversation // conversationID -> Conversation
+	outbound      []Message                // All outbound messages (for debug)
+	lastID        int
+	adminToken    string // Admin token for client registration
+	upgrader      websocket.Upgrader
+}
+
+func NewServer(adminToken string) *Server {
+	return &Server{
+		clients:       make(map[string]*Client),
+		tokens:        make(map[string]string),
+		conversations: make(map[string]*Conversation),
+		outbound:      make([]Message, 0),
+		adminToken:    adminToken,
+		upgrader: websocket.Upgrader{
+			CheckOrigin: func(r *http.Request) bool {
+				return true // Allow all origins for demo
+			},
+			ReadBufferSize:  1024,
+			WriteBufferSize: 1024,
+		},
+	}
+}
+
+func generateID(prefix string) string {
+	bytes := make([]byte, 8)
+	rand.Read(bytes)
+	return fmt.Sprintf("%s-%s", prefix, hex.EncodeToString(bytes))
+}
+
+func generateToken() string {
+	bytes := make([]byte, 32)
+	rand.Read(bytes)
+	return hex.EncodeToString(bytes)
+}
+
+// verifySignature verifies HMAC-SHA256 signature
+func verifySignature(token, nonce, signature string) bool {
+	if nonce == "" || signature == "" {
+		return true // Signature is optional
+	}
+	h := sha256.New()
+	h.Write([]byte(token + ":" + nonce))
+	expected := hex.EncodeToString(h.Sum(nil))
+	return expected == signature
+}
+
+// sendWSMessage sends a WebSocket message to a client
+func (c *Client) sendWSMessage(msg WSMessage) error {
+	c.ConnMu.Lock()
+	defer c.ConnMu.Unlock()
+	if c.Conn == nil {
+		return fmt.Errorf("connection closed")
+	}
+	msg.Timestamp = time.Now().UnixMilli()
+	return c.Conn.WriteJSON(msg)
+}
+
+// WebSocket handler for client connections
+func (s *Server) handleWebSocket(w http.ResponseWriter, r *http.Request) {
+	conn, err := s.upgrader.Upgrade(w, r, nil)
+	if err != nil {
+		log.Printf("[WS] Upgrade error: %v", err)
+		return
+	}
+
+	log.Printf("[WS] New connection from %s", conn.RemoteAddr())
+
+	// Set up ping/pong handlers
+	conn.SetPongHandler(func(string) error {
+		conn.SetReadDeadline(time.Now().Add(60 * time.Second))
+		return nil
+	})
+
+	// Wait for authentication message
+	conn.SetReadDeadline(time.Now().Add(30 * time.Second))
+
+	var authMsg WSMessage
+	if err := conn.ReadJSON(&authMsg); err != nil {
+		log.Printf("[WS] Auth read error: %v", err)
+		s.sendError(conn, "", "auth_timeout", "Authentication timeout")
+		conn.Close()
+		return
+	}
+
+	if authMsg.Type != MsgTypeAuth {
+		s.sendError(conn, authMsg.RequestID, "invalid_auth", "First message must be auth")
+		conn.Close()
+		return
+	}
+
+	var authPayload AuthPayload
+	if err := json.Unmarshal(authMsg.Payload, &authPayload); err != nil {
+		s.sendError(conn, authMsg.RequestID, "invalid_payload", "Invalid auth payload")
+		conn.Close()
+		return
+	}
+
+	// Verify token
+	s.mu.RLock()
+	clientID, ok := s.tokens[authPayload.Token]
+	s.mu.RUnlock()
+
+	if !ok {
+		log.Printf("[WS] Invalid token from %s", conn.RemoteAddr())
+		s.sendAuthResult(conn, authMsg.RequestID, false, "", "Invalid token")
+		conn.Close()
+		return
+	}
+
+	// Verify signature if provided
+	if !verifySignature(authPayload.Token, authPayload.Nonce, authPayload.Signature) {
+		log.Printf("[WS] Invalid signature from %s", conn.RemoteAddr())
+		s.sendAuthResult(conn, authMsg.RequestID, false, "", "Invalid signature")
+		conn.Close()
+		return
+	}
+
+	// Update client connection
+	s.mu.Lock()
+	client := s.clients[clientID]
+	if client.Conn != nil {
+		// Close old connection
+		client.Conn.Close()
+	}
+	client.Conn = conn
+	client.LastSeenAt = time.Now().UnixMilli()
+	s.mu.Unlock()
+
+	log.Printf("[WS] Client %s authenticated (%s)", clientID, client.Name)
+	s.sendAuthResult(conn, authMsg.RequestID, true, clientID, "Authentication successful")
+
+	// Reset read deadline and start message loop
+	conn.SetReadDeadline(time.Time{})
+
+	// Start ping ticker
+	go s.pingClient(client)
+
+	// Message handling loop
+	s.handleClientMessages(client)
+}
+
+// pingClient sends periodic pings to keep connection alive
+func (s *Server) pingClient(client *Client) {
+	ticker := time.NewTicker(30 * time.Second)
+	defer ticker.Stop()
+
+	for range ticker.C {
+		client.ConnMu.Lock()
+		if client.Conn == nil {
+			client.ConnMu.Unlock()
+			return
+		}
+		err := client.Conn.WriteMessage(websocket.PingMessage, nil)
+		client.ConnMu.Unlock()
+
+		if err != nil {
+			log.Printf("[WS] Ping error for client %s: %v", client.ID, err)
+			return
+		}
+	}
+}
+
+// handleClientMessages processes incoming messages from a client
+func (s *Server) handleClientMessages(client *Client) {
+	defer func() {
+		client.ConnMu.Lock()
+		if client.Conn != nil {
+			client.Conn.Close()
+			client.Conn = nil
+		}
+		client.ConnMu.Unlock()
+		log.Printf("[WS] Client %s disconnected", client.ID)
+	}()
+
+	for {
+		var msg WSMessage
+		if err := client.Conn.ReadJSON(&msg); err != nil {
+			if websocket.IsUnexpectedCloseError(err, websocket.CloseGoingAway, websocket.CloseAbnormalClosure) {
+				log.Printf("[WS] Read error for client %s: %v", client.ID, err)
+			}
+			return
+		}
+
+		s.mu.Lock()
+		client.LastSeenAt = time.Now().UnixMilli()
+		s.mu.Unlock()
+
+		switch msg.Type {
+		case MsgTypePing:
+			client.sendWSMessage(WSMessage{Type: MsgTypePong, RequestID: msg.RequestID})
+
+		case MsgTypeOutbound:
+			s.handleOutboundMessage(client, msg)
+
+		case MsgTypeConvHistory:
+			s.handleConvHistoryRequest(client, msg)
+
+		default:
+			log.Printf("[WS] Unknown message type from client %s: %s", client.ID, msg.Type)
+		}
+	}
+}
+
+// handleOutboundMessage processes outbound messages from bot to user
+func (s *Server) handleOutboundMessage(client *Client, wsMsg WSMessage) {
+	var payload struct {
+		To             string `json:"to"`
+		Text           string `json:"text"`
+		ConversationID string `json:"conversationId"`
+	}
+	if err := json.Unmarshal(wsMsg.Payload, &payload); err != nil {
+		client.sendWSMessage(WSMessage{
+			Type:      MsgTypeError,
+			RequestID: wsMsg.RequestID,
+			Payload:   mustMarshal(map[string]string{"error": "invalid_payload", "message": err.Error()}),
+		})
+		return
+	}
+
+	s.mu.Lock()
+	s.lastID++
+	msg := Message{
+		ID:             fmt.Sprintf("msg-%d", s.lastID),
+		ConversationID: payload.ConversationID,
+		ClientID:       client.ID,
+		From:           "bot",
+		To:             payload.To,
+		Text:           payload.Text,
+		Timestamp:      time.Now().UnixMilli(),
+	}
+
+	// Add to conversation history
+	if conv, ok := s.conversations[payload.ConversationID]; ok {
+		conv.Messages = append(conv.Messages, msg)
+		conv.UpdatedAt = msg.Timestamp
+	}
+
+	s.outbound = append(s.outbound, msg)
+	s.mu.Unlock()
+
+	log.Printf("[OUTBOUND] %s → %s: %s (conv=%s)", client.ID, msg.To, msg.Text, payload.ConversationID)
+
+	// Send acknowledgment
+	client.sendWSMessage(WSMessage{
+		Type:      MsgTypeAck,
+		RequestID: wsMsg.RequestID,
+		Payload:   mustMarshal(map[string]any{"ok": true, "message": msg}),
+	})
+}
+
+// handleConvHistoryRequest returns conversation history
+func (s *Server) handleConvHistoryRequest(client *Client, wsMsg WSMessage) {
+	var payload struct {
+		ConversationID string `json:"conversationId"`
+	}
+	if err := json.Unmarshal(wsMsg.Payload, &payload); err != nil {
+		return
+	}
+
+	s.mu.RLock()
+	conv, ok := s.conversations[payload.ConversationID]
+	s.mu.RUnlock()
+
+	if !ok {
+		client.sendWSMessage(WSMessage{
+			Type:      MsgTypeError,
+			RequestID: wsMsg.RequestID,
+			Payload:   mustMarshal(map[string]string{"error": "not_found", "message": "Conversation not found"}),
+		})
+		return
+	}
+
+	client.sendWSMessage(WSMessage{
+		Type:      MsgTypeConvResponse,
+		RequestID: wsMsg.RequestID,
+		Payload:   mustMarshal(conv),
+	})
+}
+
+// sendError sends an error message over WebSocket
+func (s *Server) sendError(conn *websocket.Conn, requestID, code, message string) {
+	msg := WSMessage{
+		Type:      MsgTypeError,
+		RequestID: requestID,
+		Payload:   mustMarshal(map[string]string{"error": code, "message": message}),
+		Timestamp: time.Now().UnixMilli(),
+	}
+	conn.WriteJSON(msg)
+}
+
+// sendAuthResult sends authentication result
+func (s *Server) sendAuthResult(conn *websocket.Conn, requestID string, success bool, clientID, message string) {
+	payload := AuthResultPayload{
+		Success:  success,
+		ClientID: clientID,
+		Message:  message,
+	}
+	msg := WSMessage{
+		Type:      MsgTypeAuthResult,
+		RequestID: requestID,
+		Payload:   mustMarshal(payload),
+		Timestamp: time.Now().UnixMilli(),
+	}
+	conn.WriteJSON(msg)
+}
+
+// pushMessageToClient sends an inbound message to the assigned client via WebSocket
+func (s *Server) pushMessageToClient(msg Message) bool {
+	s.mu.RLock()
+	client, ok := s.clients[msg.ClientID]
+	s.mu.RUnlock()
+
+	if !ok || client.Conn == nil {
+		log.Printf("[WS] Client %s not connected, message queued", msg.ClientID)
+		return false
+	}
+
+	err := client.sendWSMessage(WSMessage{
+		Type:    MsgTypeInbound,
+		Payload: mustMarshal(msg),
+	})
+
+	if err != nil {
+		log.Printf("[WS] Failed to push message to client %s: %v", msg.ClientID, err)
+		return false
+	}
+
+	return true
+}
+
+func mustMarshal(v any) json.RawMessage {
+	data, _ := json.Marshal(v)
+	return data
+}
+
+// Admin auth middleware
+func (s *Server) adminAuth(next http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		token := strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ")
+		if token != s.adminToken {
+			http.Error(w, "Invalid admin token", http.StatusUnauthorized)
+			return
+		}
+		next(w, r)
+	}
+}
+
+// POST /clients - Register a new OpenClaw client (admin only)
+func (s *Server) handleRegisterClient(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	var req struct {
+		Name string `json:"name"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	clientID := generateID("client")
+	token := generateToken()
+
+	client := &Client{
+		ID:         clientID,
+		Token:      token,
+		Name:       req.Name,
+		LastSeenAt: time.Now().UnixMilli(),
+	}
+
+	s.mu.Lock()
+	s.clients[clientID] = client
+	s.tokens[token] = clientID
+	s.mu.Unlock()
+
+	log.Printf("[CLIENT] Registered: %s (%s)", client.Name, clientID)
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]any{
+		"clientId": clientID,
+		"token":    token,
+		"name":     req.Name,
+	})
+}
+
+// GET /clients - List all clients (admin only)
+func (s *Server) handleListClients(w http.ResponseWriter, r *http.Request) {
+	s.mu.RLock()
+	clients := make([]map[string]any, 0, len(s.clients))
+	for _, c := range s.clients {
+		clients = append(clients, map[string]any{
+			"id":         c.ID,
+			"name":       c.Name,
+			"lastSeenAt": c.LastSeenAt,
+			"connected":  c.Conn != nil,
+		})
+	}
+	s.mu.RUnlock()
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]any{
+		"clients": clients,
+	})
+}
+
+// Find or create conversation for a user, assign to least-busy client
+func (s *Server) getOrCreateConversation(userID string, userInfo *UserInfo) *Conversation {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	// Find existing active conversation for this user
+	for _, conv := range s.conversations {
+		if conv.UserID == userID {
+			conv.UpdatedAt = time.Now().UnixMilli()
+			// Update user info if provided
+			if userInfo != nil {
+				conv.User = userInfo
+			}
+			return conv
+		}
+	}
+
+	// Assign to client with active connection (prefer connected clients)
+	var assignedClientID string
+
+	for clientID, client := range s.clients {
+		if client.Conn != nil {
+			assignedClientID = clientID
+			break
+		}
+	}
+
+	if assignedClientID == "" {
+		// No clients connected, use first available or unassigned
+		for clientID := range s.clients {
+			assignedClientID = clientID
+			break
+		}
+		if assignedClientID == "" {
+			assignedClientID = "unassigned"
+		}
+	}
+
+	conv := &Conversation{
+		ID:        generateID("conv"),
+		UserID:    userID,
+		ClientID:  assignedClientID,
+		Messages:  make([]Message, 0),
+		CreatedAt: time.Now().UnixMilli(),
+		UpdatedAt: time.Now().UnixMilli(),
+		User:      userInfo,
+	}
+	s.conversations[conv.ID] = conv
+
+	log.Printf("[CONV] Created %s for user %s → client %s", conv.ID, userID, assignedClientID)
+	return conv
+}
+
+// POST /inbound - User sends a message (pushed via WebSocket to client)
+// Supports full user identity for multi-user scenarios (like Feishu)
+func (s *Server) handleInbound(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	var req struct {
+		From     string    `json:"from"`               // User ID (required)
+		Text     string    `json:"text"`               // Query text (required)
+		Query    string    `json:"query"`              // Alias for text
+		UserID   string    `json:"userId"`             // Alias for from
+		User     *UserInfo `json:"user"`               // Full user info (optional)
+		Username string    `json:"username,omitempty"` // Quick username field
+		TenantID string    `json:"tenantId,omitempty"` // Multi-tenant support
+		Source   string    `json:"source,omitempty"`   // Request source
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	// Resolve user ID from various fields
+	userID := req.From
+	if userID == "" {
+		userID = req.UserID
+	}
+	if userID == "" && req.User != nil {
+		userID = req.User.UserID
+	}
+	if userID == "" {
+		http.Error(w, "Missing user identifier (from, userId, or user.userId required)", http.StatusBadRequest)
+		return
+	}
+
+	// Resolve query text
+	queryText := req.Text
+	if queryText == "" {
+		queryText = req.Query
+	}
+	if queryText == "" {
+		http.Error(w, "Missing query text (text or query required)", http.StatusBadRequest)
+		return
+	}
+
+	// Build UserInfo if not provided but quick fields are available
+	userInfo := req.User
+	if userInfo == nil && (req.Username != "" || req.TenantID != "" || req.Source != "") {
+		userInfo = &UserInfo{
+			UserID:   userID,
+			Username: req.Username,
+			TenantID: req.TenantID,
+			Source:   req.Source,
+		}
+	}
+
+	conv := s.getOrCreateConversation(userID, userInfo)
+
+	s.mu.Lock()
+	s.lastID++
+	msg := Message{
+		ID:             fmt.Sprintf("msg-%d", s.lastID),
+		ConversationID: conv.ID,
+		ClientID:       conv.ClientID,
+		From:           userID,
+		To:             "bot",
+		Text:           queryText,
+		Timestamp:      time.Now().UnixMilli(),
+		User:           userInfo,
+	}
+
+	// Add to conversation history
+	conv.Messages = append(conv.Messages, msg)
+	conv.UpdatedAt = msg.Timestamp
+	s.mu.Unlock()
+
+	log.Printf("[INBOUND] %s → %s: %s (conv=%s, user=%+v)", msg.From, conv.ClientID, msg.Text, conv.ID, userInfo)
+
+	// Push to client via WebSocket
+	pushed := s.pushMessageToClient(msg)
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]any{
+		"message":        msg,
+		"delivered":      pushed,
+		"websocket":      true,
+		"conversationId": conv.ID,
+		"userId":         userID,
+	})
+}
+
+// GET /conversations/:id - Get conversation history
+func (s *Server) handleGetConversation(w http.ResponseWriter, r *http.Request) {
+	convID := strings.TrimPrefix(r.URL.Path, "/conversations/")
+	if convID == "" {
+		http.Error(w, "Missing conversation ID", http.StatusBadRequest)
+		return
+	}
+
+	s.mu.RLock()
+	conv, ok := s.conversations[convID]
+	s.mu.RUnlock()
+
+	if !ok {
+		http.Error(w, "Conversation not found", http.StatusNotFound)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(conv)
+}
+
+// GET /conversations - List all conversations (admin)
+func (s *Server) handleListConversations(w http.ResponseWriter, r *http.Request) {
+	s.mu.RLock()
+	convs := make([]*Conversation, 0, len(s.conversations))
+	for _, c := range s.conversations {
+		convs = append(convs, c)
+	}
+	s.mu.RUnlock()
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]any{
+		"conversations": convs,
+	})
+}
+
+// GET /outbox - View sent messages (debug)
+func (s *Server) handleOutbox(w http.ResponseWriter, r *http.Request) {
+	s.mu.RLock()
+	messages := s.outbound
+	s.mu.RUnlock()
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]any{
+		"messages": messages,
+	})
+}
+
+// GET /health - Health check (no auth required)
+func (s *Server) handleHealth(w http.ResponseWriter, r *http.Request) {
+	s.mu.RLock()
+	clientCount := len(s.clients)
+	connectedCount := 0
+	for _, c := range s.clients {
+		if c.Conn != nil {
+			connectedCount++
+		}
+	}
+	convCount := len(s.conversations)
+	s.mu.RUnlock()
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]any{
+		"ok":               true,
+		"server":           "simplego-ws",
+		"clients":          clientCount,
+		"connectedClients": connectedCount,
+		"conversations":    convCount,
+	})
+}
+
+func main() {
+	port := flag.Int("port", 9876, "Server port")
+	adminToken := flag.String("admin-token", "", "Admin token (auto-generated if empty)")
+	flag.Parse()
+
+	if *adminToken == "" {
+		*adminToken = generateToken()
+		log.Printf("Generated admin token: %s", *adminToken)
+	}
+
+	server := NewServer(*adminToken)
+
+	// Public endpoints
+	http.HandleFunc("/health", server.handleHealth)
+
+	// WebSocket endpoint
+	http.HandleFunc("/ws", server.handleWebSocket)
+
+	// Admin endpoints
+	http.HandleFunc("/clients", func(w http.ResponseWriter, r *http.Request) {
+		if r.Method == http.MethodPost {
+			server.adminAuth(server.handleRegisterClient)(w, r)
+		} else {
+			server.adminAuth(server.handleListClients)(w, r)
+		}
+	})
+	http.HandleFunc("/conversations", server.adminAuth(server.handleListConversations))
+
+	// User endpoints (no auth - simulating external users)
+	http.HandleFunc("/inbound", server.handleInbound)
+	http.HandleFunc("/outbox", server.handleOutbox)
+
+	// Conversation lookup
+	http.HandleFunc("/conversations/", server.handleGetConversation)
+
+	addr := fmt.Sprintf(":%d", *port)
+	log.Printf("Simple Go WebSocket channel server starting on http://localhost%s", addr)
+	log.Printf("")
+	log.Printf("WebSocket endpoint:")
+	log.Printf("  ws://localhost%s/ws - Client WebSocket connection", addr)
+	log.Printf("")
+	log.Printf("Admin endpoints (use admin token):")
+	log.Printf("  POST /clients        - Register OpenClaw client")
+	log.Printf("  GET  /clients        - List clients")
+	log.Printf("  GET  /conversations  - List all conversations")
+	log.Printf("")
+	log.Printf("Public endpoints:")
+	log.Printf("  POST /inbound        - User message with identity (pushed via WebSocket)")
+	log.Printf("       Body: {from/userId, text/query, user?: {userId, username, tenantId, ...}}")
+	log.Printf("  GET  /outbox         - View sent messages")
+	log.Printf("  GET  /health         - Health check")
+
+	if err := http.ListenAndServe(addr, nil); err != nil {
+		log.Fatal(err)
+	}
+}