aquaman-plugin 0.11.2 → 0.11.4

package/src/plugin.ts

@@ -1,281 +0,0 @@
-/**
- * OpenClaw Plugin Entry Point
- *
- * This is the main plugin that implements the OpenClaw plugin interface.
- * It provides credential isolation through proxy mode:
- * credentials are held in a separate process and never enter the Gateway.
- */
-
-import { type PluginConfig, mergeConfig, defaultConfig } from './config-schema.js';
-import { createProxyManager, type ProxyManager, type ProxyConnectionInfo } from './proxy-manager.js';
-import { executeCommand, type CommandContext, type CommandResult, getAvailableCommands, type PluginCommand } from './commands.js';
-import { HttpInterceptor, createHttpInterceptor } from './http-interceptor.js';
-
-/**
- * OpenClaw Plugin Interface (simplified for standalone use)
- *
- * When used with actual OpenClaw, this would implement their ToolPlugin interface.
- */
-export interface AquamanPluginOptions {
-  config?: Partial<PluginConfig>;
-}
-
-export class AquamanPlugin {
-  /**
-   * Plugin name - required by OpenClaw ToolPlugin interface
-   */
-  readonly name = 'aquaman-plugin';
-
-  private config: PluginConfig;
-  private proxyManager: ProxyManager | null = null;
-  private httpInterceptor: HttpInterceptor | null = null;
-  private initialized = false;
-  private environmentVariables: Record<string, string> = {};
-
-  constructor(options: AquamanPluginOptions = {}) {
-    this.config = mergeConfig(options.config || {});
-  }
-
-  /**
-   * Plugin lifecycle: onLoad
-   * Called when the plugin is loaded by OpenClaw
-   *
-   * @param config - Configuration passed from openclaw.json
-   */
-  async onLoad(config?: Partial<PluginConfig>): Promise<void> {
-    if (this.initialized) {
-      return;
-    }
-
-    // Merge any runtime config with defaults
-    if (config) {
-      this.config = mergeConfig({ ...this.config, ...config });
-    }
-
-    // Validate config
-    this.validateConfig();
-
-    console.log('[aquaman] Initializing plugin...');
-
-    await this.initProxyMode();
-
-    this.initialized = true;
-    console.log('[aquaman] Plugin initialized in proxy mode');
-  }
-
-  /**
-   * Validate configuration
-   */
-  private validateConfig(): void {
-    // Vault backend requires address
-    if (this.config.backend === 'vault' && !this.config.vaultAddress) {
-      throw new Error('Vault backend requires vaultAddress configuration');
-    }
-  }
-
-  /**
-   * Plugin lifecycle: onUnload
-   * Called when the plugin is unloaded
-   */
-  async onUnload(): Promise<void> {
-    console.log('[aquaman] Unloading plugin...');
-
-    if (this.httpInterceptor) {
-      this.httpInterceptor.deactivate();
-      this.httpInterceptor = null;
-    }
-
-    if (this.proxyManager) {
-      await this.proxyManager.stop();
-      this.proxyManager = null;
-    }
-
-    this.initialized = false;
-
-    console.log('[aquaman] Plugin unloaded');
-  }
-
-  /**
-   * Initialize proxy mode
-   */
-  private async initProxyMode(): Promise<void> {
-    this.proxyManager = createProxyManager({
-      config: this.config,
-      onReady: (info) => {
-        console.log(`[aquaman] Proxy ready on ${info.socketPath}`);
-        this.configureEnvironmentForProxy();
-      },
-      onError: (error) => {
-        console.error('[aquaman] Proxy error:', error);
-      },
-      onExit: (code) => {
-        console.log(`[aquaman] Proxy exited with code ${code}`);
-      }
-    });
-
-    // Start proxy
-    try {
-      const info = await this.proxyManager.start();
-      this.configureEnvironmentForProxy();
-      this.activateHttpInterceptor(info.socketPath);
-    } catch (error) {
-      console.error('[aquaman] Failed to start proxy:', error);
-    }
-  }
-
-  /**
-   * Activate HTTP interceptor for channel credential isolation.
-   */
-  private activateHttpInterceptor(proxySocketPath: string): void {
-    // Build host map from the service registry's host patterns
-    const hostMap = new Map<string, string>([
-      ['api.anthropic.com', 'anthropic'],
-      ['api.openai.com', 'openai'],
-      ['api.github.com', 'github'],
-      ['slack.com', 'slack'],
-      ['*.slack.com', 'slack'],
-      ['discord.com', 'discord'],
-      ['*.discord.com', 'discord'],
-      ['api.telegram.org', 'telegram'],
-      ['matrix.org', 'matrix'],
-      ['*.matrix.org', 'matrix'],
-      ['api.line.me', 'line'],
-      ['api-data.line.me', 'line'],
-      ['api.twitch.tv', 'twitch'],
-      ['id.twitch.tv', 'twitch'],
-      ['api.twilio.com', 'twilio'],
-      ['*.twilio.com', 'twilio'],
-      ['api.telnyx.com', 'telnyx'],
-      ['api.elevenlabs.io', 'elevenlabs'],
-      ['openapi.zalo.me', 'zalo'],
-      ['graph.microsoft.com', 'ms-teams'],
-      ['open.feishu.cn', 'feishu'],
-      ['open.larksuite.com', 'feishu'],
-      ['chat.googleapis.com', 'google-chat'],
-    ]);
-
-    this.httpInterceptor = createHttpInterceptor({
-      socketPath: proxySocketPath,
-      hostMap,
-      log: (msg) => console.log(msg),
-    });
-
-    this.httpInterceptor.activate();
-  }
-
-  /**
-   * Configure environment variables using sentinel hostname
-   */
-  private configureEnvironmentForProxy(): void {
-    const services = this.config.services || defaultConfig.services;
-    for (const service of services!) {
-      const serviceUrl = `http://aquaman.local/${service}`;
-
-      switch (service) {
-        case 'anthropic':
-          this.setEnvVar('ANTHROPIC_BASE_URL', serviceUrl);
-          break;
-        case 'openai':
-          this.setEnvVar('OPENAI_BASE_URL', serviceUrl);
-          break;
-        case 'github':
-          this.setEnvVar('GITHUB_API_URL', serviceUrl);
-          break;
-        default: {
-          const envKey = `${service.toUpperCase().replace(/-/g, '_')}_BASE_URL`;
-          this.setEnvVar(envKey, serviceUrl);
-        }
-      }
-    }
-  }
-
-  /**
-   * Set an environment variable and track it
-   */
-  private setEnvVar(key: string, value: string): void {
-    process.env[key] = value;
-    this.environmentVariables[key] = value;
-    console.log(`[aquaman] Set ${key}=${value}`);
-  }
-
-  /**
-   * Execute a slash command
-   */
-  async executeCommand(command: string, args: string[] = []): Promise<CommandResult> {
-    const ctx: CommandContext = {
-      config: this.config,
-      proxyManager: this.proxyManager || undefined
-    };
-
-    return executeCommand(ctx, command, args);
-  }
-
-  /**
-   * Get plugin status
-   */
-  getStatus(): {
-    initialized: boolean;
-    backend: string;
-    proxyRunning: boolean;
-    services: string[];
-  } {
-    return {
-      initialized: this.initialized,
-      backend: this.config.backend || 'keychain',
-      proxyRunning: this.proxyManager?.isRunning() || false,
-      services: this.config.services || []
-    };
-  }
-
-  /**
-   * Get configured backend
-   */
-  getBackend(): string {
-    return this.config.backend || 'keychain';
-  }
-
-  /**
-   * Check if plugin is ready
-   */
-  isReady(): boolean {
-    return this.initialized;
-  }
-
-  /**
-   * Get environment variables set by the plugin
-   */
-  getEnvironmentVariables(): Record<string, string> {
-    return { ...this.environmentVariables };
-  }
-
-  /**
-   * Get available slash commands
-   */
-  getCommands(): PluginCommand[] {
-    const ctx: CommandContext = {
-      config: this.config,
-      proxyManager: this.proxyManager || undefined
-    };
-
-    return getAvailableCommands(ctx);
-  }
-
-  /**
-   * Check if proxy is healthy
-   */
-  async isProxyHealthy(): Promise<boolean> {
-    return this.proxyManager?.isRunning() || false;
-  }
-}
-
-/**
- * Create plugin instance
- */
-export function createAquamanPlugin(options?: AquamanPluginOptions): AquamanPlugin {
-  return new AquamanPlugin(options);
-}
-
-/**
- * Default export for OpenClaw plugin loading
- */
-export default AquamanPlugin;

package/src/proxy-health.ts

@@ -1,67 +0,0 @@
-/**
- * Proxy health and discovery utilities.
- *
- * Separated from index.ts to avoid co-locating network calls with env reads
- * (triggers OpenClaw code safety scanner env-harvesting false positive).
- *
- * Uses http.request with socketPath for UDS communication.
- */
-
-import * as http from 'node:http';
-
-/**
- * Make an HTTP request over a Unix domain socket.
- */
-function udsRequest(socketPath: string, urlPath: string, timeoutMs: number = 3000): Promise<{ ok: boolean; data: any }> {
-  return new Promise((resolve) => {
-    const req = http.request(
-      { socketPath, path: urlPath, method: 'GET' },
-      (res) => {
-        let body = '';
-        res.on('data', (chunk) => { body += chunk; });
-        res.on('end', () => {
-          try {
-            resolve({ ok: res.statusCode === 200, data: JSON.parse(body) });
-          } catch {
-            resolve({ ok: false, data: null });
-          }
-        });
-      }
-    );
-    req.on('error', () => resolve({ ok: false, data: null }));
-    req.setTimeout(timeoutMs, () => { req.destroy(); resolve({ ok: false, data: null }); });
-    req.end();
-  });
-}
-
-/**
- * Request host map from proxy's /_hostmap endpoint via UDS.
- * Returns an empty map if the endpoint is unavailable (caller handles fallback).
- */
-export async function loadHostMap(socketPath: string): Promise<Map<string, string>> {
-  const result = await udsRequest(socketPath, '/_hostmap');
-  if (result.ok && result.data) {
-    return new Map(Object.entries(result.data as Record<string, string>));
-  }
-  return new Map();
-}
-
-/**
- * Check if a proxy is running on the given socket path.
- */
-export async function isProxyRunning(socketPath: string): Promise<boolean> {
-  const result = await udsRequest(socketPath, '/_health');
-  return result.ok;
-}
-
-/**
- * Get the version of a running proxy from its /_health endpoint via UDS.
- * Returns null if the proxy is not running or doesn't report version.
- */
-export async function getProxyVersion(socketPath: string): Promise<string | null> {
-  const result = await udsRequest(socketPath, '/_health');
-  if (result.ok && result.data?.version) {
-    return result.data.version;
-  }
-  return null;
-}

package/src/proxy-manager.ts

@@ -1,309 +0,0 @@
-/**
- * Proxy process lifecycle manager
- *
- * Spawns and manages the aquaman proxy daemon as a separate process
- * for maximum credential isolation. Communicates via Unix domain socket.
- */
-
-import { spawn, type ChildProcess } from 'node:child_process';
-import * as path from 'node:path';
-import * as fs from 'node:fs';
-import * as os from 'node:os';
-import { fileURLToPath } from 'node:url';
-import type { PluginConfig } from './config-schema.js';
-
-/**
- * Find the aquaman proxy binary.
- *
- * Search order:
- * 1. Plugin's own node_modules/.bin/aquaman (bundled dep — version-matched)
- * 2. PATH (global install via npm install -g aquaman-proxy)
- */
-export function findAquamanProxyBinary(): string | null {
-  // 1. Resolve from this file's location → plugin package root → node_modules/.bin/
-  const thisDir = path.dirname(fileURLToPath(import.meta.url));
-  const pluginRoot = path.resolve(thisDir, '..');
-  const localBin = path.join(pluginRoot, 'node_modules', '.bin', 'aquaman');
-  if (fs.existsSync(localBin)) {
-    return localBin;
-  }
-
-  // 2. Search PATH
-  const pathEnv = process.env.PATH || '';
-  const dirs = pathEnv.split(path.delimiter);
-  for (const dir of dirs) {
-    const candidate = path.join(dir, 'aquaman');
-    try {
-      fs.accessSync(candidate, fs.constants.X_OK);
-      return candidate;
-    } catch {
-      // Not found in this dir
-    }
-  }
-
-  return null;
-}
-
-/**
- * Execute an aquaman proxy CLI command (non-interactive).
- * Captures stdout/stderr and returns them.
- */
-export function execAquamanProxyCli(
-  args: string[],
-  options?: { timeoutMs?: number },
-): Promise<{ stdout: string; stderr: string; exitCode: number }> {
-  return new Promise((resolve, reject) => {
-    const binary = findAquamanProxyBinary();
-    if (!binary) {
-      reject(new Error('aquaman proxy binary not found. Install with: npm install -g aquaman-proxy'));
-      return;
-    }
-
-    const proc = spawn(binary, args, {
-      stdio: ['ignore', 'pipe', 'pipe'],
-      env: process.env,
-    });
-
-    let stdout = '';
-    let stderr = '';
-
-    proc.stdout?.on('data', (d: Buffer) => { stdout += d.toString(); });
-    proc.stderr?.on('data', (d: Buffer) => { stderr += d.toString(); });
-
-    proc.on('error', reject);
-    proc.on('close', (code) => {
-      resolve({ stdout, stderr, exitCode: code ?? 1 });
-    });
-
-    const timeout = options?.timeoutMs ?? 30_000;
-    const timer = setTimeout(() => {
-      proc.kill('SIGTERM');
-      reject(new Error(`aquaman CLI timed out after ${timeout}ms`));
-    }, timeout);
-
-    proc.on('close', () => clearTimeout(timer));
-  });
-}
-
-/**
- * Execute an aquaman proxy CLI command interactively (stdio: inherit).
- * Used for commands that need TTY input (setup, credentials add).
- */
-export function execAquamanProxyInteractive(
-  args: string[],
-): Promise<number> {
-  return new Promise((resolve, reject) => {
-    const binary = findAquamanProxyBinary();
-    if (!binary) {
-      reject(new Error('aquaman proxy binary not found. Install with: npm install -g aquaman-proxy'));
-      return;
-    }
-
-    const proc = spawn(binary, args, {
-      stdio: 'inherit',
-      env: process.env,
-    });
-
-    proc.on('error', reject);
-    proc.on('close', (code) => resolve(code ?? 1));
-  });
-}
-
-export interface ProxyConnectionInfo {
-  ready: boolean;
-  socketPath: string;
-  services: string[];
-  backend: string;
-  hostMap?: Record<string, string>;
-}
-
-export interface ProxyManagerOptions {
-  config: PluginConfig;
-  onReady?: (info: ProxyConnectionInfo) => void;
-  onError?: (error: Error) => void;
-  onExit?: (code: number | null) => void;
-}
-
-export class ProxyManager {
-  private process: ChildProcess | null = null;
-  private options: ProxyManagerOptions;
-  private connectionInfo: ProxyConnectionInfo | null = null;
-  private starting = false;
-  private startPromise: Promise<ProxyConnectionInfo> | null = null;
-
-  constructor(options: ProxyManagerOptions) {
-    this.options = options;
-  }
-
-  /**
-   * Start the proxy process
-   */
-  async start(): Promise<ProxyConnectionInfo> {
-    if (this.process && this.connectionInfo) {
-      return this.connectionInfo;
-    }
-
-    if (this.starting && this.startPromise) {
-      return this.startPromise;
-    }
-
-    this.starting = true;
-    this.startPromise = this.doStart();
-
-    try {
-      const result = await this.startPromise;
-      return result;
-    } finally {
-      this.starting = false;
-      this.startPromise = null;
-    }
-  }
-
-  private async doStart(): Promise<ProxyConnectionInfo> {
-    return new Promise((resolve, reject) => {
-      const config = this.options.config;
-
-      // Find aquaman binary
-      const binaryPath = this.findBinary();
-
-      if (!binaryPath) {
-        const error = new Error(
-          'aquaman proxy binary not found. Install with: npm install -g aquaman-proxy'
-        );
-        this.options.onError?.(error);
-        reject(error);
-        return;
-      }
-
-      // Build arguments — UDS is the default, no --port needed
-      const args = ['plugin-mode'];
-
-      // Spawn proxy process
-      this.process = spawn(binaryPath, args, {
-        stdio: ['ignore', 'pipe', 'pipe'],
-        env: {
-          ...process.env,
-          // Pass config through environment
-          AQUAMAN_BACKEND: config.backend,
-          AQUAMAN_VAULT_ADDRESS: config.vaultAddress,
-          AQUAMAN_VAULT_TOKEN: config.vaultToken,
-          AQUAMAN_VAULT_NAMESPACE: config.vaultNamespace,
-          AQUAMAN_VAULT_MOUNT_PATH: config.vaultMountPath,
-          AQUAMAN_1PASSWORD_VAULT: config.onePasswordVault,
-          AQUAMAN_1PASSWORD_ACCOUNT: config.onePasswordAccount
-        }
-      });
-
-      let stdout = '';
-      let stderr = '';
-
-      this.process.stdout?.on('data', (data) => {
-        stdout += data.toString();
-
-        // Try to parse connection info from first line
-        const firstLine = stdout.split('\n')[0];
-        if (firstLine && !this.connectionInfo) {
-          try {
-            const info = JSON.parse(firstLine) as ProxyConnectionInfo;
-            if (info.ready) {
-              this.connectionInfo = info;
-              this.options.onReady?.(info);
-              resolve(info);
-            }
-          } catch {
-            // Not JSON yet, keep buffering
-          }
-        }
-      });
-
-      this.process.stderr?.on('data', (data) => {
-        stderr += data.toString();
-        console.error('[aquaman-proxy]', data.toString().trim());
-      });
-
-      this.process.on('error', (error) => {
-        this.options.onError?.(error);
-        reject(error);
-      });
-
-      this.process.on('exit', (code) => {
-        this.process = null;
-        this.connectionInfo = null;
-        this.options.onExit?.(code);
-
-        if (!this.connectionInfo) {
-          const stderrText = stderr || stdout;
-          const error = new Error(`Proxy exited with code ${code}: ${stderrText}`);
-          reject(error);
-        }
-      });
-
-      // Timeout after 10 seconds
-      setTimeout(() => {
-        if (!this.connectionInfo) {
-          const error = new Error('Proxy startup timeout');
-          this.stop();
-          reject(error);
-        }
-      }, 10000);
-    });
-  }
-
-  /**
-   * Stop the proxy process
-   */
-  async stop(): Promise<void> {
-    if (!this.process) {
-      return;
-    }
-
-    return new Promise((resolve) => {
-      const proc = this.process!;
-
-      const timeout = setTimeout(() => {
-        proc.kill('SIGKILL');
-      }, 5000);
-
-      proc.on('exit', () => {
-        clearTimeout(timeout);
-        this.process = null;
-        this.connectionInfo = null;
-        resolve();
-      });
-
-      proc.kill('SIGTERM');
-    });
-  }
-
-  /**
-   * Check if proxy is running
-   */
-  isRunning(): boolean {
-    return this.process !== null && this.connectionInfo !== null;
-  }
-
-  /**
-   * Get connection info
-   */
-  getConnectionInfo(): ProxyConnectionInfo | null {
-    return this.connectionInfo;
-  }
-
-  /**
-   * Get socket path
-   */
-  getSocketPath(): string | null {
-    return this.connectionInfo?.socketPath || null;
-  }
-
-  /**
-   * Find the aquaman proxy binary
-   */
-  private findBinary(): string | null {
-    return findAquamanProxyBinary();
-  }
-}
-
-export function createProxyManager(options: ProxyManagerOptions): ProxyManager {
-  return new ProxyManager(options);
-}