aquaman-plugin 0.6.0 → 0.7.1

package/src/config-schema.ts

@@ -6,16 +6,6 @@
 
 import { Type, type Static } from '@sinclair/typebox';
 
-/**
- * Plugin operation mode
- * - embedded: Direct vault access within OpenClaw process (simpler, less isolation)
- * - proxy: Separate proxy process (stronger isolation, credentials never in Gateway)
- */
-export const PluginMode = Type.Union([
-  Type.Literal('embedded'),
-  Type.Literal('proxy')
-], { default: 'embedded' });
-
 /**
  * Credential backend type
  */
@@ -38,19 +28,12 @@ export const ProxiedServices = Type.Array(Type.String(), {
  * Complete plugin configuration schema
  */
 export const ConfigSchema = Type.Object({
-  // Mode selection
-  mode: Type.Optional(PluginMode),
-
   // Credential backend
   backend: Type.Optional(CredentialBackend),
 
   // Services to proxy
   services: Type.Optional(ProxiedServices),
 
-  // Proxy mode options
-  proxyPort: Type.Optional(Type.Number({ default: 8081, minimum: 1024, maximum: 65535 })),
-  proxyAutoStart: Type.Optional(Type.Boolean({ default: true })),
-
   // 1Password options
   onePasswordVault: Type.Optional(Type.String()),
   onePasswordAccount: Type.Optional(Type.String()),
@@ -60,15 +43,6 @@ export const ConfigSchema = Type.Object({
   vaultToken: Type.Optional(Type.String()),
   vaultNamespace: Type.Optional(Type.String()),
   vaultMountPath: Type.Optional(Type.String({ default: 'secret' })),
-
-  // TLS options
-  tlsEnabled: Type.Optional(Type.Boolean({ default: true })),
-  tlsCertPath: Type.Optional(Type.String()),
-  tlsKeyPath: Type.Optional(Type.String()),
-
-  // Audit options
-  auditEnabled: Type.Optional(Type.Boolean({ default: true })),
-  auditLogDir: Type.Optional(Type.String())
 });
 
 export type PluginConfig = Static<typeof ConfigSchema>;
@@ -77,14 +51,9 @@ export type PluginConfig = Static<typeof ConfigSchema>;
  * Default configuration values
  */
 export const defaultConfig: PluginConfig = {
-  mode: 'embedded',
   backend: 'keychain',
   services: ['anthropic', 'openai'],
-  proxyPort: 8081,
-  proxyAutoStart: true,
   vaultMountPath: 'secret',
-  tlsEnabled: true,
-  auditEnabled: true
 };
 
 /**

package/src/http-interceptor.ts

@@ -1,47 +1,44 @@
 /**
- * HTTP fetch interceptor for channel credential isolation.
+ * HTTP interceptor for channel credential isolation.
  *
  * Overrides globalThis.fetch to redirect requests targeting known channel API
- * hosts through the aquaman credential proxy. The proxy injects the real
- * credentials, so the Gateway process never sees them.
+ * hosts through the aquaman credential proxy via Unix domain socket.
+ * The proxy injects the real credentials, so the Gateway process never sees them.
  *
  * OpenClaw channels use globalThis.fetch (backed by undici) for all HTTP calls.
  * Many channel monitor functions also accept a `proxyFetch` parameter that
  * falls back to globalThis.fetch, so overriding it covers both paths.
+ *
+ * Uses sentinel hostname `aquaman.local` — SDK base URLs are set to
+ * `http://aquaman.local/<service>` and the interceptor routes them through UDS.
  */
 
+import { Agent } from 'undici';
+
+/** Sentinel hostname used in SDK base URLs to route through UDS */
+const PROXY_HOST = 'aquaman.local';
+
 export interface HttpInterceptorOptions {
-  /** Base URL of the aquaman proxy, e.g. "http://127.0.0.1:8081" */
-  proxyBaseUrl: string;
+  /** Unix domain socket path for the proxy */
+  socketPath: string;
   /** Map of hostname (or *.domain wildcard) → service name */
   hostMap: Map<string, string>;
-  /** Client authentication token for the proxy */
-  clientToken?: string;
   /** Optional logger */
   log?: (msg: string) => void;
 }
 
 export class HttpInterceptor {
-  private proxyBaseUrl: string;
-  private proxyHost: string;
+  private socketPath: string;
   private hostMap: Map<string, string>;
-  private clientToken: string | null;
   private originalFetch: typeof globalThis.fetch | null = null;
   private active = false;
   private log: (msg: string) => void;
+  private socketAgent: Agent | null = null;
 
   constructor(options: HttpInterceptorOptions) {
-    this.proxyBaseUrl = options.proxyBaseUrl.replace(/\/$/, '');
+    this.socketPath = options.socketPath;
     this.hostMap = options.hostMap;
-    this.clientToken = options.clientToken || null;
     this.log = options.log || (() => {});
-
-    // Extract proxy hostname to avoid intercepting requests to the proxy itself
-    try {
-      this.proxyHost = new URL(this.proxyBaseUrl).hostname;
-    } catch {
-      this.proxyHost = '127.0.0.1';
-    }
   }
 
   /**
@@ -51,15 +48,13 @@ export class HttpInterceptor {
     if (this.active) return;
 
     this.originalFetch = globalThis.fetch;
+    this.socketAgent = new Agent({ connect: { socketPath: this.socketPath } });
 
     const origFetch = this.originalFetch;
-    const proxyBase = this.proxyBaseUrl;
-    const proxyHostname = this.proxyHost;
-    const token = this.clientToken;
+    const socketAgent = this.socketAgent;
     const matchHost = this.matchHost.bind(this);
     const extractUrl = this.extractUrl.bind(this);
     const stripAuthHeaders = this.stripAuthHeaders.bind(this);
-    const injectToken = this.injectTokenHeader.bind(this);
     const logFn = this.log;
 
     (globalThis as any).fetch = (
@@ -71,22 +66,19 @@ export class HttpInterceptor {
         return origFetch.call(globalThis, input, init);
       }
 
-      // Requests to the proxy itself (SDK traffic via env vars) — inject token, pass through
-      if (url.hostname === proxyHostname || url.hostname === 'localhost') {
-        if (token) {
-          const tokenInit = injectToken(init, token);
-          return origFetch.call(globalThis, input, tokenInit);
-        }
-        return origFetch.call(globalThis, input, init);
+      // SDK traffic via env vars (hostname = aquaman.local) — route through UDS
+      if (url.hostname === PROXY_HOST) {
+        return origFetch.call(globalThis, input, { ...init, dispatcher: socketAgent } as any);
       }
 
+      // Channel traffic — match against host map
       const service = matchHost(url.hostname);
       if (!service) {
         return origFetch.call(globalThis, input, init);
       }
 
       // Rewrite the URL to go through the proxy
-      const proxyUrl = `${proxyBase}/${service}${url.pathname}${url.search}`;
+      const proxyUrl = `http://${PROXY_HOST}/${service}${url.pathname}${url.search}`;
       logFn(`[aquaman] Intercepted ${url.hostname}${url.pathname} → ${service}`);
 
       // Strip any existing authorization headers — the proxy will inject the real ones
@@ -96,12 +88,7 @@ export class HttpInterceptor {
         newInit = { ...init, headers: stripped };
       }
 
-      // Inject client token for proxy authentication
-      if (token) {
-        newInit = injectToken(newInit, token);
-      }
-
-      return origFetch.call(globalThis, proxyUrl, { ...newInit, redirect: 'manual' });
+      return origFetch.call(globalThis, proxyUrl, { ...newInit, redirect: 'manual', dispatcher: socketAgent } as any);
     };
 
     this.active = true;
@@ -117,6 +104,12 @@ export class HttpInterceptor {
     globalThis.fetch = this.originalFetch;
     this.originalFetch = null;
     this.active = false;
+
+    if (this.socketAgent) {
+      this.socketAgent.close();
+      this.socketAgent = null;
+    }
+
     this.log('[aquaman] HTTP interceptor deactivated');
   }
 
@@ -153,28 +146,6 @@ export class HttpInterceptor {
     return null;
   }
 
-  private injectTokenHeader(init: RequestInit | undefined, token: string): RequestInit {
-    const base = init || {};
-    const headers = base.headers;
-
-    if (!headers) {
-      return { ...base, headers: { 'x-aquaman-token': token } };
-    }
-
-    if (headers instanceof Headers) {
-      const h = new Headers(headers);
-      h.set('x-aquaman-token', token);
-      return { ...base, headers: h };
-    }
-
-    if (Array.isArray(headers)) {
-      return { ...base, headers: [...headers, ['x-aquaman-token', token]] };
-    }
-
-    // Plain object
-    return { ...base, headers: { ...headers, 'x-aquaman-token': token } };
-  }
-
   private stripAuthHeaders(headers: HeadersInit): HeadersInit {
     if (headers instanceof Headers) {
       const h = new Headers(headers);

package/src/index.ts

@@ -3,9 +3,7 @@
  *
  * This package provides an OpenClaw plugin that enables:
  * - Secure credential storage using enterprise backends (Keychain, 1Password, Vault)
- * - Two operation modes:
- *   - Embedded: Direct vault access (simpler, credentials in Gateway memory)
- *   - Proxy: Separate process (stronger isolation, credentials never in Gateway)
+ * - Proxy mode: Separate process, credentials never in Gateway memory
  * - Hash-chained tamper-evident audit logs
  * - Slash commands for credential management
  *
@@ -16,7 +14,6 @@
  *   {
  *     "plugins": {
  *       "aquaman-plugin": {
- *         "mode": "embedded",
  *         "backend": "keychain",
  *         "services": ["anthropic", "openai"]
  *       }
@@ -34,7 +31,6 @@ export {
 // Config Schema
 export {
   ConfigSchema,
-  PluginMode,
   CredentialBackend,
   ProxiedServices,
   type PluginConfig,
@@ -42,13 +38,6 @@ export {
   mergeConfig
 } from './config-schema.js';
 
-// Embedded Mode
-export {
-  type EmbeddedModeOptions,
-  EmbeddedMode,
-  createEmbeddedMode
-} from './embedded.js';
-
 // Proxy Manager
 export {
   type ProxyConnectionInfo,
@@ -66,7 +55,6 @@ export {
   listCommand,
   logsCommand,
   verifyCommand,
-  modeCommand,
   executeCommand
 } from './commands.js';
 

package/src/plugin.ts

@@ -2,14 +2,11 @@
  * OpenClaw Plugin Entry Point
  *
  * This is the main plugin that implements the OpenClaw plugin interface.
- * It provides credential isolation through two modes:
- *
- * 1. Embedded Mode (default): Direct vault access, simpler setup
- * 2. Proxy Mode: Separate process, stronger credential isolation
+ * It provides credential isolation through proxy mode:
+ * credentials are held in a separate process and never enter the Gateway.
  */
 
 import { type PluginConfig, mergeConfig, defaultConfig } from './config-schema.js';
-import { createEmbeddedMode, type EmbeddedMode } from './embedded.js';
 import { createProxyManager, type ProxyManager, type ProxyConnectionInfo } from './proxy-manager.js';
 import { executeCommand, type CommandContext, type CommandResult, getAvailableCommands, type PluginCommand } from './commands.js';
 import { HttpInterceptor, createHttpInterceptor } from './http-interceptor.js';
@@ -30,7 +27,6 @@ export class AquamanPlugin {
   readonly name = 'aquaman-plugin';
 
   private config: PluginConfig;
-  private embeddedMode: EmbeddedMode | null = null;
   private proxyManager: ProxyManager | null = null;
   private httpInterceptor: HttpInterceptor | null = null;
   private initialized = false;
@@ -61,16 +57,10 @@ export class AquamanPlugin {
 
     console.log('[aquaman] Initializing plugin...');
 
-    if (this.config.mode === 'proxy') {
-      // Proxy mode: Start separate process
-      await this.initProxyMode();
-    } else {
-      // Embedded mode: Direct vault access
-      await this.initEmbeddedMode();
-    }
+    await this.initProxyMode();
 
     this.initialized = true;
-    console.log(`[aquaman] Plugin initialized in ${this.config.mode || 'embedded'} mode`);
+    console.log('[aquaman] Plugin initialized in proxy mode');
   }
 
   /**
@@ -100,40 +90,20 @@ export class AquamanPlugin {
       this.proxyManager = null;
     }
 
-    this.embeddedMode = null;
     this.initialized = false;
 
     console.log('[aquaman] Plugin unloaded');
   }
 
-  /**
-   * Initialize embedded mode
-   */
-  private async initEmbeddedMode(): Promise<void> {
-    this.embeddedMode = createEmbeddedMode({
-      config: this.config
-    });
-
-    await this.embeddedMode.initialize();
-
-    // Set environment variables for OpenClaw
-    this.configureEnvironment();
-  }
-
   /**
    * Initialize proxy mode
    */
   private async initProxyMode(): Promise<void> {
-    if (!this.config.proxyAutoStart) {
-      console.log('[aquaman] Proxy auto-start disabled');
-      return;
-    }
-
     this.proxyManager = createProxyManager({
       config: this.config,
       onReady: (info) => {
-        console.log(`[aquaman] Proxy ready at ${info.baseUrl}`);
-        this.configureEnvironmentForProxy(info);
+        console.log(`[aquaman] Proxy ready on ${info.socketPath}`);
+        this.configureEnvironmentForProxy();
       },
       onError: (error) => {
         console.error('[aquaman] Proxy error:', error);
@@ -143,28 +113,20 @@ export class AquamanPlugin {
       }
     });
 
-    // Also initialize embedded mode for credential management
-    this.embeddedMode = createEmbeddedMode({
-      config: this.config
-    });
-    await this.embeddedMode.initialize();
-
     // Start proxy
     try {
       const info = await this.proxyManager.start();
-      this.configureEnvironmentForProxy(info);
-      this.activateHttpInterceptor(info.baseUrl);
+      this.configureEnvironmentForProxy();
+      this.activateHttpInterceptor(info.socketPath);
     } catch (error) {
       console.error('[aquaman] Failed to start proxy:', error);
-      console.log('[aquaman] Falling back to embedded mode');
-      this.configureEnvironment();
     }
   }
 
   /**
    * Activate HTTP interceptor for channel credential isolation.
    */
-  private activateHttpInterceptor(proxyBaseUrl: string): void {
+  private activateHttpInterceptor(proxySocketPath: string): void {
     // Build host map from the service registry's host patterns
     const hostMap = new Map<string, string>([
       ['api.anthropic.com', 'anthropic'],
@@ -193,7 +155,7 @@ export class AquamanPlugin {
     ]);
 
     this.httpInterceptor = createHttpInterceptor({
-      proxyBaseUrl,
+      socketPath: proxySocketPath,
       hostMap,
       log: (msg) => console.log(msg),
     });
@@ -202,68 +164,27 @@ export class AquamanPlugin {
   }
 
   /**
-   * Configure environment variables for embedded mode
-   * In embedded mode, we still set base URLs pointing to a local proxy
-   * so credential injection works consistently.
-   */
-  private configureEnvironment(): void {
-    const services = this.config.services || defaultConfig.services;
-    const port = this.config.proxyPort || 8081;
-    const baseUrl = `http://127.0.0.1:${port}`;
-
-    this.setServiceEnvironmentVariables(services!, baseUrl);
-    console.log('[aquaman] Embedded mode active - credentials available via plugin');
-  }
-
-  /**
-   * Configure environment variables to route through proxy
+   * Configure environment variables using sentinel hostname
    */
-  private configureEnvironmentForProxy(info: ProxyConnectionInfo): void {
+  private configureEnvironmentForProxy(): void {
     const services = this.config.services || defaultConfig.services;
-    this.setServiceEnvironmentVariables(services!, info.baseUrl);
-
-    // Handle TLS
-    if (info.protocol === 'https') {
-      if (this.config.tlsCertPath) {
-        this.setEnvVar('NODE_EXTRA_CA_CERTS', this.config.tlsCertPath);
-      } else {
-        // Development: disable TLS verification for self-signed certs
-        this.setEnvVar('NODE_TLS_REJECT_UNAUTHORIZED', '0');
-      }
-    }
-  }
-
-  /**
-   * Set environment variables for configured services
-   */
-  private setServiceEnvironmentVariables(services: string[], baseUrl: string): void {
-    for (const service of services) {
-      const serviceUrl = `${baseUrl}/${service}`;
+    for (const service of services!) {
+      const serviceUrl = `http://aquaman.local/${service}`;
 
       switch (service) {
         case 'anthropic':
           this.setEnvVar('ANTHROPIC_BASE_URL', serviceUrl);
-          this.setEnvVar('ANTHROPIC_API_KEY', 'aquaman-proxy-managed');
           break;
         case 'openai':
           this.setEnvVar('OPENAI_BASE_URL', serviceUrl);
-          this.setEnvVar('OPENAI_API_KEY', 'aquaman-proxy-managed');
           break;
         case 'github':
           this.setEnvVar('GITHUB_API_URL', serviceUrl);
-          this.setEnvVar('GITHUB_TOKEN', 'aquaman-proxy-managed');
           break;
-        case 'slack':
-          this.setEnvVar('SLACK_API_URL', serviceUrl);
-          this.setEnvVar('SLACK_BOT_TOKEN', 'aquaman-proxy-managed');
-          break;
-        case 'discord':
-          this.setEnvVar('DISCORD_API_URL', serviceUrl);
-          this.setEnvVar('DISCORD_BOT_TOKEN', 'aquaman-proxy-managed');
-          break;
-        default:
+        default: {
           const envKey = `${service.toUpperCase().replace(/-/g, '_')}_BASE_URL`;
           this.setEnvVar(envKey, serviceUrl);
+        }
       }
     }
   }
@@ -283,69 +204,29 @@ export class AquamanPlugin {
   async executeCommand(command: string, args: string[] = []): Promise<CommandResult> {
     const ctx: CommandContext = {
       config: this.config,
-      embeddedMode: this.embeddedMode || undefined,
       proxyManager: this.proxyManager || undefined
     };
 
     return executeCommand(ctx, command, args);
   }
 
-  /**
-   * Get credential (for embedded mode)
-   */
-  async getCredential(service: string, key: string): Promise<string | null> {
-    if (!this.embeddedMode) {
-      throw new Error('Plugin not initialized');
-    }
-    return this.embeddedMode.getCredential(service, key);
-  }
-
-  /**
-   * Set credential (for embedded mode)
-   */
-  async setCredential(service: string, key: string, value: string): Promise<void> {
-    if (!this.embeddedMode) {
-      throw new Error('Plugin not initialized');
-    }
-    return this.embeddedMode.setCredential(service, key, value);
-  }
-
-  /**
-   * List credentials
-   */
-  async listCredentials(service?: string): Promise<Array<{ service: string; key: string }>> {
-    if (!this.embeddedMode) {
-      throw new Error('Plugin not initialized');
-    }
-    return this.embeddedMode.listCredentials(service);
-  }
-
   /**
    * Get plugin status
    */
   getStatus(): {
     initialized: boolean;
-    mode: string;
     backend: string;
     proxyRunning: boolean;
     services: string[];
   } {
     return {
       initialized: this.initialized,
-      mode: this.config.mode || 'embedded',
       backend: this.config.backend || 'keychain',
       proxyRunning: this.proxyManager?.isRunning() || false,
       services: this.config.services || []
     };
   }
 
-  /**
-   * Get current operating mode
-   */
-  getMode(): 'embedded' | 'proxy' {
-    return (this.config.mode as 'embedded' | 'proxy') || 'embedded';
-  }
-
   /**
    * Get configured backend
    */
@@ -373,20 +254,12 @@ export class AquamanPlugin {
   getCommands(): PluginCommand[] {
     const ctx: CommandContext = {
       config: this.config,
-      embeddedMode: this.embeddedMode || undefined,
       proxyManager: this.proxyManager || undefined
     };
 
     return getAvailableCommands(ctx);
   }
 
-  /**
-   * Get proxy URL for a service (proxy mode only)
-   */
-  getProxyUrl(service: string): string | null {
-    return this.proxyManager?.getServiceUrl(service) || null;
-  }
-
   /**
    * Check if proxy is healthy
    */

package/src/proxy-health.ts

@@ -3,60 +3,65 @@
  *
  * Separated from index.ts to avoid co-locating network calls with env reads
  * (triggers OpenClaw code safety scanner env-harvesting false positive).
+ *
+ * Uses http.request with socketPath for UDS communication.
  */
 
+import * as http from 'node:http';
+
 /**
- * Request host map from proxy's /_hostmap endpoint.
+ * Make an HTTP request over a Unix domain socket.
+ */
+function udsRequest(socketPath: string, urlPath: string, timeoutMs: number = 3000): Promise<{ ok: boolean; data: any }> {
+  return new Promise((resolve) => {
+    const req = http.request(
+      { socketPath, path: urlPath, method: 'GET' },
+      (res) => {
+        let body = '';
+        res.on('data', (chunk) => { body += chunk; });
+        res.on('end', () => {
+          try {
+            resolve({ ok: res.statusCode === 200, data: JSON.parse(body) });
+          } catch {
+            resolve({ ok: false, data: null });
+          }
+        });
+      }
+    );
+    req.on('error', () => resolve({ ok: false, data: null }));
+    req.setTimeout(timeoutMs, () => { req.destroy(); resolve({ ok: false, data: null }); });
+    req.end();
+  });
+}
+
+/**
+ * Request host map from proxy's /_hostmap endpoint via UDS.
  * Returns an empty map if the endpoint is unavailable (caller handles fallback).
  */
-export async function loadHostMap(
-  baseUrl: string,
-  token: string | null,
-): Promise<Map<string, string>> {
-  try {
-    const headers: Record<string, string> = {};
-    if (token) headers['X-Aquaman-Token'] = token;
-    const resp = await fetch(`${baseUrl}/_hostmap`, {
-      headers,
-      signal: AbortSignal.timeout(3000),
-    });
-    if (resp.ok) {
-      const obj = (await resp.json()) as Record<string, string>;
-      return new Map(Object.entries(obj));
-    }
-  } catch {
-    // Proxy may be older version without /_hostmap — caller uses fallback
+export async function loadHostMap(socketPath: string): Promise<Map<string, string>> {
+  const result = await udsRequest(socketPath, '/_hostmap');
+  if (result.ok && result.data) {
+    return new Map(Object.entries(result.data as Record<string, string>));
   }
   return new Map();
 }
 
 /**
- * Check if a proxy is already running on the given port.
+ * Check if a proxy is running on the given socket path.
  */
-export async function isProxyRunning(port: number): Promise<boolean> {
-  try {
-    const resp = await fetch(`http://127.0.0.1:${port}/_health`);
-    return resp.ok;
-  } catch {
-    return false;
-  }
+export async function isProxyRunning(socketPath: string): Promise<boolean> {
+  const result = await udsRequest(socketPath, '/_health');
+  return result.ok;
 }
 
 /**
- * Get the version of a running proxy from its /_health endpoint.
+ * Get the version of a running proxy from its /_health endpoint via UDS.
  * Returns null if the proxy is not running or doesn't report version.
  */
-export async function getProxyVersion(proxyUrl: string): Promise<string | null> {
-  try {
-    const resp = await fetch(`${proxyUrl}/_health`, {
-      signal: AbortSignal.timeout(3000),
-    });
-    if (resp.ok) {
-      const data = (await resp.json()) as { version?: string };
-      return data.version || null;
-    }
-  } catch {
-    // Proxy not reachable
+export async function getProxyVersion(socketPath: string): Promise<string | null> {
+  const result = await udsRequest(socketPath, '/_health');
+  if (result.ok && result.data?.version) {
+    return result.data.version;
   }
   return null;
 }