npm - aquaman-plugin - Versions diffs - 0.6.0 → 0.7.1 - Mend

aquaman-plugin 0.6.0 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/src/proxy-manager.ts CHANGED Viewed

@@ -2,22 +2,20 @@
  * Proxy process lifecycle manager
  *
  * Spawns and manages the aquaman proxy daemon as a separate process
- * for maximum credential isolation.
+ * for maximum credential isolation. Communicates via Unix domain socket.
  */
 import { spawn, type ChildProcess } from 'node:child_process';
 import * as path from 'node:path';
 import * as fs from 'node:fs';
+import * as os from 'node:os';
 import type { PluginConfig } from './config-schema.js';
 export interface ProxyConnectionInfo {
   ready: boolean;
-  port: number;
-  protocol: 'http' | 'https';
-  baseUrl: string;
+  socketPath: string;
   services: string[];
   backend: string;
-  token?: string;
   hostMap?: Record<string, string>;
 }
@@ -79,11 +77,8 @@ export class ProxyManager {
         return;
       }
-      // Build arguments
-      const args = [
-        'plugin-mode',
-        '--port', String(config.proxyPort || 8081)
-      ];
+      // Build arguments — UDS is the default, no --port needed
+      const args = ['plugin-mode'];
       // Spawn proxy process
       this.process = spawn(binaryPath, args, {
@@ -140,15 +135,7 @@ export class ProxyManager {
         if (!this.connectionInfo) {
           const stderrText = stderr || stdout;
-          let error: Error;
-          if (stderrText.includes('EADDRINUSE') || stderrText.includes('already in use')) {
-            const port = config.proxyPort || 8081;
-            error = new Error(
-              `Proxy port ${port} is in use. Stop the existing instance: aquaman stop`
-            );
-          } else {
-            error = new Error(`Proxy exited with code ${code}: ${stderrText}`);
-          }
+          const error = new Error(`Proxy exited with code ${code}: ${stderrText}`);
           reject(error);
         }
       });
@@ -205,20 +192,10 @@ export class ProxyManager {
   }
   /**
-   * Get client authentication token
-   */
-  getClientToken(): string | null {
-    return this.connectionInfo?.token || null;
-  }
-  /**
-   * Get base URL for a service
+   * Get socket path
    */
-  getServiceUrl(service: string): string | null {
-    if (!this.connectionInfo) {
-      return null;
-    }
-    return `${this.connectionInfo.baseUrl}/${service}`;
+  getSocketPath(): string | null {
+    return this.connectionInfo?.socketPath || null;
   }
   /**

package/src/embedded.ts DELETED Viewed

@@ -1,182 +0,0 @@
-/**
- * Embedded mode - Direct vault access within OpenClaw process
- *
- * This mode provides simpler setup but credentials DO enter the Gateway process memory.
- * Use proxy mode for maximum isolation.
- */
-import {
-  createCredentialStore,
-  createAuditLogger,
-  type CredentialStore,
-  type AuditLogger,
-  type CredentialBackend
-} from 'aquaman-core';
-import type { PluginConfig } from './config-schema.js';
-export interface EmbeddedModeOptions {
-  config: PluginConfig;
-}
-export class EmbeddedMode {
-  private config: PluginConfig;
-  private store: CredentialStore | null = null;
-  private auditLogger: AuditLogger | null = null;
-  private initialized = false;
-  constructor(options: EmbeddedModeOptions) {
-    this.config = options.config;
-  }
-  /**
-   * Initialize the embedded mode
-   */
-  async initialize(): Promise<void> {
-    if (this.initialized) {
-      return;
-    }
-    // Initialize credential store
-    this.store = createCredentialStore({
-      backend: (this.config.backend || 'keychain') as CredentialBackend,
-      vaultAddress: this.config.vaultAddress,
-      vaultToken: this.config.vaultToken,
-      vaultNamespace: this.config.vaultNamespace,
-      vaultMountPath: this.config.vaultMountPath,
-      onePasswordVault: this.config.onePasswordVault,
-      onePasswordAccount: this.config.onePasswordAccount,
-      encryptionPassword: process.env['AQUAMAN_ENCRYPTION_PASSWORD']
-    });
-    // Initialize audit logger
-    if (this.config.auditEnabled !== false) {
-      this.auditLogger = createAuditLogger({
-        logDir: this.config.auditLogDir || '~/.aquaman/audit',
-        enabled: true
-      });
-      await this.auditLogger.initialize();
-    }
-    this.initialized = true;
-  }
-  /**
-   * Get a credential for a service
-   * WARNING: This retrieves the credential into process memory
-   */
-  async getCredential(service: string, key: string): Promise<string | null> {
-    if (!this.store) {
-      throw new Error('Embedded mode not initialized');
-    }
-    const credential = await this.store.get(service, key);
-    // Log access
-    if (this.auditLogger) {
-      await this.auditLogger.logCredentialAccess('embedded', 'openclaw', {
-        service,
-        operation: 'read',
-        success: credential !== null
-      });
-    }
-    return credential;
-  }
-  /**
-   * Set a credential
-   */
-  async setCredential(service: string, key: string, value: string): Promise<void> {
-    if (!this.store) {
-      throw new Error('Embedded mode not initialized');
-    }
-    await this.store.set(service, key, value);
-    // Log access
-    if (this.auditLogger) {
-      await this.auditLogger.logCredentialAccess('embedded', 'openclaw', {
-        service,
-        operation: 'use',
-        success: true
-      });
-    }
-  }
-  /**
-   * Delete a credential
-   */
-  async deleteCredential(service: string, key: string): Promise<boolean> {
-    if (!this.store) {
-      throw new Error('Embedded mode not initialized');
-    }
-    return this.store.delete(service, key);
-  }
-  /**
-   * List credentials
-   */
-  async listCredentials(service?: string): Promise<Array<{ service: string; key: string }>> {
-    if (!this.store) {
-      throw new Error('Embedded mode not initialized');
-    }
-    return this.store.list(service);
-  }
-  /**
-   * Check if a credential exists
-   */
-  async hasCredential(service: string, key: string): Promise<boolean> {
-    if (!this.store) {
-      throw new Error('Embedded mode not initialized');
-    }
-    return this.store.exists(service, key);
-  }
-  /**
-   * Get the audit logger
-   */
-  getAuditLogger(): AuditLogger | null {
-    return this.auditLogger;
-  }
-  /**
-   * Get status info
-   */
-  getStatus(): { initialized: boolean; backend: string; auditEnabled: boolean } {
-    return {
-      initialized: this.initialized,
-      backend: this.config.backend || 'keychain',
-      auditEnabled: this.config.auditEnabled !== false
-    };
-  }
-  /**
-   * Verify audit log integrity
-   */
-  async verifyAuditIntegrity(): Promise<{ valid: boolean; errors: string[] }> {
-    if (!this.auditLogger) {
-      return { valid: true, errors: [] };
-    }
-    return this.auditLogger.verifyIntegrity();
-  }
-  /**
-   * Get recent audit entries
-   */
-  async getRecentAuditEntries(count: number = 10): Promise<any[]> {
-    if (!this.auditLogger) {
-      return [];
-    }
-    return this.auditLogger.tail(count);
-  }
-}
-export function createEmbeddedMode(options: EmbeddedModeOptions): EmbeddedMode {
-  return new EmbeddedMode(options);
-}