agent-relay 3.1.7 → 3.1.9

package/packages/openclaw/src/setup.ts

@@ -5,6 +5,7 @@ import { existsSync } from 'node:fs';
 import { hostname } from 'node:os';
 import { fileURLToPath } from 'node:url';
 import { spawn as spawnProcess, execFileSync } from 'node:child_process';
+import { randomBytes } from 'node:crypto';
 
 import { RelayCast } from '@relaycast/sdk';
 
@@ -25,6 +26,30 @@ function extractNestedValue(obj: unknown, path: string): unknown {
   return current;
 }
 
+/**
+ * Set a deeply nested value in an object by dot-separated path, creating
+ * intermediate objects as needed.
+ */
+const DANGEROUS_KEYS = new Set(['__proto__', 'prototype', 'constructor']);
+
+function setNestedValue(obj: Record<string, unknown>, path: string, value: unknown): void {
+  const keys = path.split('.');
+  for (const key of keys) {
+    if (DANGEROUS_KEYS.has(key)) {
+      throw new Error(`Refusing to set dangerous key "${key}" in path "${path}"`);
+    }
+  }
+  let current: Record<string, unknown> = obj;
+  for (let i = 0; i < keys.length - 1; i++) {
+    const key = keys[i];
+    if (current[key] == null || typeof current[key] !== 'object') {
+      current[key] = {};
+    }
+    current = current[key] as Record<string, unknown>;
+  }
+  current[keys[keys.length - 1]] = value;
+}
+
 /**
  * Resolve how to invoke mcporter. Prefers a global binary, falls back to npx.
  */
@@ -98,14 +123,18 @@ export async function setup(options: SetupOptions): Promise<SetupResult> {
   const baseUrl = options.baseUrl ?? 'https://api.relaycast.dev';
   const channels = options.channels ?? ['general'];
 
+  // CLI name for restart reminder messages (based on detected variant)
+  const cliName = detection.variant === 'clawdbot' ? 'clawdbot' : 'openclaw';
+  const serviceName = detection.variant === 'clawdbot' ? 'clawdbot' : 'openclaw';
+
   if (!detection.installed) {
     // Auto-create ~/.openclaw/ if OpenClaw binary is available but the config dir
     // doesn't exist yet (common in Docker images before onboarding).
     try {
       await mkdir(detection.homeDir, { recursive: true });
       await mkdir(join(detection.homeDir, 'workspace'), { recursive: true });
-      // Write a minimal openclaw.json so MCP servers can be registered
-      const configPath = join(detection.homeDir, 'openclaw.json');
+      // Write a minimal config file so MCP servers can be registered
+      const configPath = join(detection.homeDir, detection.configFilename);
       if (!existsSync(configPath)) {
         await writeFile(configPath, JSON.stringify({ mcpServers: {} }, null, 2) + '\n', 'utf-8');
       }
@@ -126,14 +155,48 @@ export async function setup(options: SetupOptions): Promise<SetupResult> {
 
   // Enable the OpenResponses HTTP API so the inbound gateway can inject
   // messages via POST /v1/responses on the local OpenClaw gateway.
-  try {
-    execFileSync('openclaw', [
+  // Try CLI names in order: openclaw, clawdbot, clawdbot-cli.sh.
+  // If all CLI calls fail, mutate the config JSON directly.
+  let configMutated = false;
+  {
+    const httpEndpointArgs = [
       'config', 'set',
       'gateway.http.endpoints.responses.enabled', 'true',
-    ], { stdio: 'pipe' });
-  } catch {
-    console.warn('Could not enable OpenResponses API (non-fatal). Enable manually:');
-    console.warn('  openclaw config set gateway.http.endpoints.responses.enabled true');
+    ];
+    const cliCandidates = ['openclaw', 'clawdbot', 'clawdbot-cli.sh'];
+    let cliSuccess = false;
+
+    for (const cli of cliCandidates) {
+      try {
+        execFileSync(cli, httpEndpointArgs, { stdio: 'pipe' });
+        cliSuccess = true;
+        break;
+      } catch {
+        // Try next candidate
+      }
+    }
+
+    if (!cliSuccess) {
+      // Fall back to direct JSON config file mutation
+      if (detection.configFile) {
+        try {
+          const raw = await readFile(detection.configFile, 'utf-8');
+          const cfg = JSON.parse(raw) as Record<string, unknown>;
+          setNestedValue(cfg, 'gateway.http.endpoints.responses.enabled', true);
+          await writeFile(detection.configFile, JSON.stringify(cfg, null, 2) + '\n', 'utf-8');
+          // Reload config in detection
+          detection.config = cfg;
+          configMutated = true;
+          console.log('[setup] Enabled gateway.http.endpoints.responses.enabled via config file.');
+        } catch (writeErr) {
+          console.warn('Could not enable OpenResponses API (non-fatal). Enable manually:');
+          console.warn(`  ${cliName} config set gateway.http.endpoints.responses.enabled true`);
+        }
+      } else {
+        console.warn('Could not enable OpenResponses API (non-fatal). Enable manually:');
+        console.warn(`  ${cliName} config set gateway.http.endpoints.responses.enabled true`);
+      }
+    }
   }
 
   // Resolve API key: use provided key or create a new workspace
@@ -220,19 +283,63 @@ export async function setup(options: SetupOptions): Promise<SetupResult> {
     );
   }
 
-  // Extract gateway auth from openclaw.json (if available)
-  const openclawGatewayToken =
+  // Extract gateway auth from config (if available). Auto-generate if missing.
+  let openclawGatewayToken: string | undefined =
     process.env.OPENCLAW_GATEWAY_TOKEN ??
     (extractNestedValue(detection.config, 'gateway.auth.token') as string | undefined);
+
   const openclawGatewayPortRaw =
     process.env.OPENCLAW_GATEWAY_PORT ??
     (extractNestedValue(detection.config, 'gateway.port') as number | string | undefined);
   const openclawGatewayPort = openclawGatewayPortRaw ? Number(openclawGatewayPortRaw) : undefined;
 
   if (!openclawGatewayToken) {
-    console.warn('[setup] No gateway token found in openclaw.json or OPENCLAW_GATEWAY_TOKEN env.');
-    console.warn('[setup] Inbound gateway may fail to pair. Set it manually:');
-    console.warn('[setup]   export OPENCLAW_GATEWAY_TOKEN=$(cat ~/.openclaw/openclaw.json | jq -r .gateway.auth.token)');
+    // Generate a random token and persist it to the config file
+    const generated = randomBytes(16).toString('hex');
+    openclawGatewayToken = generated;
+    console.log('[setup] No gateway token found — generating one and writing to config file.');
+
+    if (detection.configFile) {
+      try {
+        const raw = await readFile(detection.configFile, 'utf-8');
+        const cfg = JSON.parse(raw) as Record<string, unknown>;
+        setNestedValue(cfg, 'gateway.auth.token', generated);
+        await writeFile(detection.configFile, JSON.stringify(cfg, null, 2) + '\n', 'utf-8');
+        detection.config = cfg;
+        configMutated = true;
+      } catch (writeErr) {
+        console.warn(`[setup] Could not write generated token to config file: ${writeErr instanceof Error ? writeErr.message : String(writeErr)}`);
+      }
+    } else {
+      console.warn('[setup] No config file available to persist generated token. Set manually:');
+      console.warn(`[setup]   export OPENCLAW_GATEWAY_TOKEN=${generated}`);
+    }
+  }
+
+  // Print restart reminder if any config mutations were made
+  if (configMutated) {
+    console.log('');
+    console.log('Config changes detected. Restart the gateway to apply:');
+    console.log(`  systemctl restart ${serviceName}`);
+    if (serviceName !== 'openclaw') {
+      console.log(`  # or: systemctl restart openclaw`);
+    }
+    console.log(`  # or restart manually if not using systemd`);
+    console.log('');
+  }
+
+  // Exec policy preflight warning — warn when security is missing OR not 'full'
+  {
+    const execSecurity = extractNestedValue(detection.config, 'tools.exec.security') as string | undefined;
+    if (execSecurity !== 'full') {
+      console.warn('');
+      console.warn('Warning: Execution policies may be locked down. If the agent can only chat:');
+      console.warn(`  ${cliName} config set tools.exec.host gateway`);
+      console.warn(`  ${cliName} config set tools.exec.ask off`);
+      console.warn(`  ${cliName} config set tools.exec.security full`);
+      console.warn(`  systemctl restart ${serviceName}`);
+      console.warn('');
+    }
   }
 
   // Save gateway config (.env)

package/packages/policy/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agent-relay/policy",
-  "version": "3.1.7",
+  "version": "3.1.9",
   "description": "Agent policy management with multi-level fallback (repo, local PRPM, cloud workspace)",
   "type": "module",
   "main": "dist/index.js",
@@ -22,7 +22,7 @@
     "test:watch": "vitest"
   },
   "dependencies": {
-    "@agent-relay/config": "3.1.7"
+    "@agent-relay/config": "3.1.9"
   },
   "devDependencies": {
     "@types/node": "^22.19.3",

package/packages/sdk/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agent-relay/sdk",
-  "version": "3.1.7",
+  "version": "3.1.9",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -81,7 +81,7 @@
     "typescript": "^5.7.3"
   },
   "dependencies": {
-    "@agent-relay/config": "3.1.7",
+    "@agent-relay/config": "3.1.9",
     "@relaycast/sdk": "^0.4.0",
     "yaml": "^2.7.0"
   }

package/packages/sdk-py/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "agent-relay-sdk"
-version = "3.1.7"
+version = "3.1.9"
 description = "Python SDK for Agent Relay workflows"
 readme = "README.md"
 license = "Apache-2.0"

package/packages/telemetry/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agent-relay/telemetry",
-  "version": "3.1.7",
+  "version": "3.1.9",
   "description": "Anonymous telemetry for Agent Relay usage analytics",
   "type": "module",
   "main": "dist/index.js",

package/packages/trajectory/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agent-relay/trajectory",
-  "version": "3.1.7",
+  "version": "3.1.9",
   "description": "Trajectory integration utilities (trail/PDERO) for Relay",
   "type": "module",
   "main": "dist/index.js",
@@ -22,7 +22,7 @@
     "test:watch": "vitest"
   },
   "dependencies": {
-    "@agent-relay/config": "3.1.7"
+    "@agent-relay/config": "3.1.9"
   },
   "devDependencies": {
     "@types/node": "^22.19.3",

package/packages/user-directory/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agent-relay/user-directory",
-  "version": "3.1.7",
+  "version": "3.1.9",
   "description": "User directory service for agent-relay (per-user credential storage)",
   "type": "module",
   "main": "dist/index.js",
@@ -22,7 +22,7 @@
     "test:watch": "vitest"
   },
   "dependencies": {
-    "@agent-relay/utils": "3.1.7"
+    "@agent-relay/utils": "3.1.9"
   },
   "devDependencies": {
     "@types/node": "^22.19.3",

package/packages/utils/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agent-relay/utils",
-  "version": "3.1.7",
+  "version": "3.1.9",
   "description": "Shared utilities for agent-relay: logging, name generation, command resolution, update checking",
   "type": "module",
   "main": "dist/cjs/index.js",
@@ -112,7 +112,7 @@
     "vitest": "^3.2.4"
   },
   "dependencies": {
-    "@agent-relay/config": "3.1.7",
+    "@agent-relay/config": "3.1.9",
     "compare-versions": "^6.1.1"
   },
   "publishConfig": {