npm - clawmoney - Versions diffs - 0.17.16 → 0.17.18 - Mend

clawmoney 0.17.16 → 0.17.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/hub/executor.js +126 -4
package/package.json +1 -1

package/dist/hub/executor.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import { spawn } from "node:child_process";
+import { existsSync, statSync } from "node:fs";
 import { isProcessed, markProcessed } from "./dedup.js";
 import { replaceLocalPaths, uploadFile } from "./media.js";
 import { logger } from "./logger.js";
@@ -20,13 +21,108 @@ function buildPrompt(call, config) {
         `Input: ${JSON.stringify(call.input, null, 2)}`,
         "",
     ];
-    // Category-specific instructions
+    // Category-specific instructions. Skill names differ per CLI runtime —
+    // openclaw exposes nano-banana-pro, codex exposes built-in imagegen,
+    // claude/gemini surface image generation via their own tools. We pick
+    // the right hint so the model goes straight to the real tool instead
+    // of trying to "be helpful" by writing PIL code or hallucinating a path.
     if (call.category?.startsWith("generation/image")) {
-        lines.push("IMPORTANT: Use the nano-banana-pro skill (or any image generation tool) to generate a real PNG/JPG image.", "Do NOT write SVG, HTML, or any code to fake an image.", "If no image generation tool is available, return {\"success\": false, \"error\": \"No image generation tool available\"}.", "Save the generated image and include the file path in your output.");
+        const cli = config.provider.cli_command;
+        const skillHint = cli === "codex"
+            ? "Use the imagegen skill (the built-in image_gen tool — do NOT use shell/python to draw an image)"
+            : cli === "openclaw"
+                ? "Use the nano-banana-pro skill"
+                : "Use your native image generation tool";
+        lines.push(`IMPORTANT: ${skillHint} to generate a real PNG/JPG image.`, "Do NOT write SVG, HTML, Python (PIL), or any code to fake an image.", "If no image generation tool is available in this environment, return {\"success\": false, \"error\": \"No image generation tool available\"}.", "Save the generated image and include the absolute file path in your JSON output as \"image_path\".");
     }
     lines.push("Execute this task and return the result as JSON.", "If you generate any files (images, videos, etc.), save them and include their file paths in the output.", "Return ONLY the JSON result, no other text.");
     return lines.join("\n");
 }
+// ── Image-output validation ──
+//
+// Codex / Gemini / generic-claude paths don't have a structured response
+// schema like OpenClaw, so providers using those CLIs can return
+// `{"image_path":"/tmp/whatever.png"}` even when the model never actually
+// generated an image — either by writing Python that fakes a bitmap, or
+// (worse) by hallucinating the path entirely without spawning any tool.
+//
+// `extractClaimedPaths` walks an output object and collects every local
+// file path the provider is claiming to have produced. Used so we can
+// physically verify each file exists before we deliver to the buyer.
+const FILE_PATH_KEYS = ["image_path", "video_path", "audio_path", "file_path", "primary_file"];
+const IMAGE_EXT_RE = /\.(png|jpg|jpeg|webp|gif)$/i;
+const CDN_URL_RE = /^https?:\/\//i;
+function extractClaimedPaths(output) {
+    const out = [];
+    const visit = (node) => {
+        if (!node || typeof node !== "object")
+            return;
+        const obj = node;
+        for (const key of FILE_PATH_KEYS) {
+            const v = obj[key];
+            if (typeof v === "string" && v.startsWith("/"))
+                out.push(v);
+        }
+        const files = obj.files;
+        if (Array.isArray(files)) {
+            for (const f of files) {
+                if (typeof f === "string" && f.startsWith("/"))
+                    out.push(f);
+            }
+        }
+        // Recurse into nested .result so providers wrapping output in
+        // { result: { image_path: ... } } don't bypass the check.
+        if (obj.result && typeof obj.result === "object")
+            visit(obj.result);
+    };
+    visit(output);
+    return Array.from(new Set(out));
+}
+/**
+ * After `replaceLocalPaths` has run, every successful image upload is
+ * promoted from `image_path` (local) to `image_url` (CDN). If the upload
+ * silently failed (file didn't exist), `image_path` stays in the output
+ * and we deliver a broken result — UNLESS we catch it here.
+ *
+ * Returns null when the delivery is OK for a `generation/image` call,
+ * otherwise an error string explaining why it isn't.
+ */
+function validateImageDelivery(output) {
+    // CDN URL anywhere in the output? Then a real file got uploaded.
+    const top = output;
+    if (typeof top.image_url === "string" && CDN_URL_RE.test(top.image_url))
+        return null;
+    if (Array.isArray(top.files)) {
+        const hasCdnImage = top.files.some((f) => typeof f === "string" && CDN_URL_RE.test(f) && IMAGE_EXT_RE.test(f));
+        if (hasCdnImage)
+            return null;
+    }
+    // No real image URL delivered. Why?
+    const claimedPaths = extractClaimedPaths(output);
+    if (claimedPaths.length === 0) {
+        return "Provider returned no image (model likely lacks an image-generation tool).";
+    }
+    const missing = claimedPaths.filter((p) => !existsSync(p));
+    if (missing.length > 0) {
+        return `Provider claimed image at ${missing[0]} but the file does not exist (hallucinated path).`;
+    }
+    // Files exist but none are images, or upload failed for a different reason.
+    const hasImagePath = claimedPaths.some((p) => IMAGE_EXT_RE.test(p));
+    if (!hasImagePath) {
+        return "Provider produced non-image files only for a generation/image task.";
+    }
+    // File exists and is .png/.jpg/.webp/.gif but upload still failed.
+    // Most likely cause: file is empty or permission denied. Surface bytes.
+    try {
+        const stats = claimedPaths
+            .filter((p) => IMAGE_EXT_RE.test(p))
+            .map((p) => `${p} (${statSync(p).size}B)`);
+        return `Image file exists but R2 upload failed: ${stats.join(", ")}`;
+    }
+    catch {
+        return "Image upload to R2 failed.";
+    }
+}
 // ── CLI execution (openclaw agent / claude -p) ──
 function runCli(command, prompt, timeoutMs, orderId) {
     return new Promise((resolve) => {
@@ -37,8 +133,15 @@ function runCli(command, prompt, timeoutMs, orderId) {
             args = ["agent", "--message", prompt, "--session-id", orderId || "hub-task", "--json"];
         }
         else if (command === "codex") {
-            // codex exec "..." --json --skip-git-repo-check
-            args = ["exec", prompt, "--json", "--skip-git-repo-check"];
+            // -s workspace-write is required so the built-in image_gen tool can
+            // write files under $CODEX_HOME/generated_images and so the model
+            // can mv/cp the result to the user-named path. With the default
+            // read-only sandbox, image_gen silently degrades — the model falls
+            // back to either drawing the image with Python in /tmp (slow, ugly)
+            // or hallucinating an image_path with no file behind it (worst
+            // case, since the buyer pays for a nonexistent file). Verified on
+            // codex 0.128.0 + gpt-5.5 xhigh, 2026-05-12.
+            args = ["exec", "-s", "workspace-write", prompt, "--json", "--skip-git-repo-check"];
         }
         else if (command === "gemini") {
             // gemini -p "..." -o json --yolo
@@ -501,6 +604,25 @@ export class Executor {
                 // Upload local files via generic path replacement
                 output = await replaceLocalPaths(output, this.config);
             }
+            // Image-output validation. The OpenClaw branch above does this inline
+            // (using its richer parseOpenClawResponse files list); for everything
+            // else we re-run the check on the post-upload output so the buyer
+            // never gets `{image_path: "/tmp/elon.png"}` when the file doesn't
+            // exist and uploadFile silently returned null. Skip the check for the
+            // OpenClaw branch — it already validated and may have set _meta etc.
+            if (command !== "openclaw" &&
+                call.category?.startsWith("generation/image")) {
+                const reason = validateImageDelivery(output);
+                if (reason) {
+                    logger.error(`Image validation failed for order=${call.order_id} (${command}): ${reason}`);
+                    this.send({
+                        event: "deliver",
+                        order_id: call.order_id,
+                        error: reason,
+                    });
+                    return;
+                }
+            }
             const sent = this.send({
                 event: "deliver",
                 order_id: call.order_id,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "clawmoney",
-  "version": "0.17.16",
+  "version": "0.17.18",
   "description": "ClawMoney CLI -- Earn rewards with your AI agent",
   "type": "module",
   "bin": {