npm - evolclaw-web - Versions diffs - 1.0.0 - Mend

evolclaw-web 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/server.js ADDED Viewed

@@ -0,0 +1,300 @@
+/**
+ * Watch Web 服务 — 本地浏览器监控面板后端。
+ *
+ * - HTTP: 静态资源 + 配对 API
+ * - WebSocket: 订阅式实时推送（aid / msg / session）
+ * - 鉴权: 6 位配对码（5 分钟有效）→ token（24h，有访问自动续期），持久化到磁盘
+ * - 安全: 绑定 0.0.0.0（支持远程访问），token 校验，只读
+ *
+ * 与 evolclaw 的唯一通信：启动时发 ping 检查 protocolVersion（soft 校验）。
+ */
+import http from 'http';
+import fs from 'fs';
+import path from 'path';
+import crypto from 'crypto';
+import { fileURLToPath } from 'url';
+import { WebSocketServer } from 'ws';
+import { resolvePaths } from './paths.js';
+import { ipcQuery } from './ipc-client.js';
+import { setDebugLog, dlog } from './debug-log.js';
+import { aidSource } from './sources/aid.js';
+import { msgSource } from './sources/msg.js';
+import { sessionSource } from './sources/session.js';
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const STATIC_DIR = path.join(__dirname, 'static');
+const TOKEN_TTL_MS = 24 * 60 * 60 * 1000; // 24h
+const PAIRING_TTL_MS = 5 * 60 * 1000; // 5min
+const DEFAULT_PORT = 20030;
+const PROTOCOL_VERSION = 1; // 与 evolclaw ping response 对齐的软校验版本
+const SOURCES = { aid: aidSource, msg: msgSource, session: sessionSource };
+const MIME = {
+    '.html': 'text/html; charset=utf-8',
+    '.js': 'text/javascript; charset=utf-8',
+    '.css': 'text/css; charset=utf-8',
+    '.json': 'application/json; charset=utf-8',
+    '.svg': 'image/svg+xml',
+};
+function tokenStorePath() {
+    return path.join(resolvePaths().instanceDir, 'watch-web-tokens.json');
+}
+function loadTokens() {
+    try {
+        const store = JSON.parse(fs.readFileSync(tokenStorePath(), 'utf-8'));
+        if (Array.isArray(store.tokens))
+            return store;
+    }
+    catch { }
+    return { tokens: [] };
+}
+function saveTokens(store) {
+    try {
+        fs.mkdirSync(resolvePaths().instanceDir, { recursive: true });
+        const tmp = tokenStorePath() + '.tmp';
+        fs.writeFileSync(tmp, JSON.stringify(store, null, 2));
+        fs.renameSync(tmp, tokenStorePath());
+    }
+    catch { }
+}
+function pruneExpired(store, now) {
+    const before = store.tokens.length;
+    store.tokens = store.tokens.filter(t => now - t.lastActive < TOKEN_TTL_MS);
+    return store.tokens.length !== before;
+}
+function validateAndRenew(token, now) {
+    if (!token)
+        return false;
+    const store = loadTokens();
+    const changed = pruneExpired(store, now);
+    const rec = store.tokens.find(t => t.token === token);
+    if (rec) {
+        rec.lastActive = now;
+        saveTokens(store);
+        return true;
+    }
+    if (changed)
+        saveTokens(store);
+    return false;
+}
+// ── Static ──
+function serveStatic(req, res) {
+    let urlPath = (req.url || '/').split('?')[0];
+    if (urlPath === '/')
+        urlPath = '/index.html';
+    const safe = path.normalize(urlPath).replace(/^(\.\.[/\\])+/, '');
+    const file = path.join(STATIC_DIR, safe);
+    if (!file.startsWith(STATIC_DIR)) {
+        res.writeHead(403).end('Forbidden');
+        return;
+    }
+    fs.readFile(file, (err, data) => {
+        if (err) {
+            res.writeHead(404).end('Not Found');
+            return;
+        }
+        res.writeHead(200, { 'Content-Type': MIME[path.extname(file)] || 'application/octet-stream' });
+        res.end(data);
+    });
+}
+// ── Helpers ──
+function parseUrl(rawUrl) {
+    const qIdx = rawUrl.indexOf('?');
+    if (qIdx === -1)
+        return { path: rawUrl, query: {} };
+    const query = {};
+    for (const pair of rawUrl.slice(qIdx + 1).split('&')) {
+        const [k, v] = pair.split('=');
+        if (k)
+            query[decodeURIComponent(k)] = decodeURIComponent(v || '');
+    }
+    return { path: rawUrl.slice(0, qIdx), query };
+}
+function clientIp(req) {
+    const fwd = req.headers['x-forwarded-for'];
+    if (typeof fwd === 'string' && fwd)
+        return fwd.split(',')[0].trim();
+    return req.socket.remoteAddress || '?';
+}
+function genPairingCode() {
+    return String(crypto.randomInt(0, 1000000)).padStart(6, '0');
+}
+// ── Pair handler ──
+function handlePair(req, res, pairingCode, pairingExpiry, log) {
+    let body = '';
+    req.on('data', (chunk) => { body += chunk; if (body.length > 4096)
+        req.destroy(); });
+    req.on('end', () => {
+        const ip = clientIp(req);
+        let code = '';
+        try {
+            code = String(JSON.parse(body).code || '');
+        }
+        catch { }
+        if (Date.now() > pairingExpiry) {
+            res.writeHead(403, { 'Content-Type': 'application/json' }).end(JSON.stringify({ ok: false, reason: '配对码已过期，请重启 watch' }));
+            log(`✗ 配对失败（码已过期） from ${ip}`);
+            return;
+        }
+        if (code !== pairingCode) {
+            res.writeHead(403, { 'Content-Type': 'application/json' }).end(JSON.stringify({ ok: false, reason: '配对码错误' }));
+            log(`✗ 配对失败（码错误: ${code}） from ${ip}`);
+            return;
+        }
+        const now = Date.now();
+        const token = crypto.randomBytes(32).toString('hex');
+        const store = loadTokens();
+        pruneExpired(store, now);
+        store.tokens.push({ token, createdAt: now, lastActive: now, label: ip });
+        saveTokens(store);
+        res.writeHead(200, { 'Content-Type': 'application/json' }).end(JSON.stringify({ ok: true, token }));
+        log(`✓ 配对成功 from ${ip}（token 缓存 24h）`);
+    });
+}
+// ── WebSocket connection ──
+function handleConnection(ws, req, log) {
+    const ip = clientIp(req);
+    let unsubscribe = null;
+    let currentView = null;
+    log(`◆ WS 连接 from ${ip}`);
+    const send = (obj) => {
+        if (ws.readyState === ws.OPEN)
+            try {
+                ws.send(JSON.stringify(obj));
+            }
+            catch { }
+    };
+    const switchSubscription = async (view, params) => {
+        if (unsubscribe) {
+            unsubscribe();
+            unsubscribe = null;
+        }
+        currentView = view;
+        const source = SOURCES[view];
+        if (!source) {
+            send({ type: 'error', message: `unknown view: ${view}` });
+            return;
+        }
+        try {
+            send({ type: 'snapshot', view, data: await source.snapshot(params) });
+        }
+        catch (e) {
+            send({ type: 'error', message: `snapshot failed: ${e?.message || e}` });
+        }
+        unsubscribe = source.subscribe(params, (data) => {
+            if (currentView === view)
+                send({ type: 'delta', view, data });
+        });
+    };
+    ws.on('message', async (raw) => {
+        let msg;
+        try {
+            msg = JSON.parse(raw.toString());
+        }
+        catch {
+            return;
+        }
+        if (msg.type === 'ping') {
+            send({ type: 'pong' });
+            return;
+        }
+        if (msg.type === 'subscribe' && msg.view) {
+            const params = {};
+            if (msg.aid)
+                params.aid = msg.aid;
+            if (msg.peer)
+                params.peer = msg.peer;
+            if (msg.sessionId)
+                params.sessionId = msg.sessionId;
+            if (msg.project)
+                params.project = msg.project;
+            dlog(`▸ 订阅 ${msg.view}${msg.aid ? ` aid=${String(msg.aid).split('.')[0]}` : ''}${msg.peer ? ` peer=${String(msg.peer).split('.')[0]}` : ''}${msg.sessionId ? ` session=${String(msg.sessionId).slice(0, 8)}` : ''} from ${ip}`);
+            await switchSubscription(msg.view, params);
+        }
+    });
+    ws.on('close', () => { if (unsubscribe) {
+        unsubscribe();
+        unsubscribe = null;
+    } log(`◇ WS 断开 from ${ip}`); });
+    ws.on('error', () => { });
+}
+// ── Port binding ──
+function bindPort(server, preferred) {
+    return new Promise((resolve, reject) => {
+        let attempt = 0;
+        const tryBind = (port) => {
+            server.once('error', (err) => {
+                if (err.code === 'EADDRINUSE' && attempt < 10) {
+                    attempt++;
+                    tryBind(port + 1);
+                }
+                else
+                    reject(err);
+            });
+            server.listen(port, '0.0.0.0', () => resolve({ port, displaced: port !== preferred }));
+        };
+        tryBind(preferred);
+    });
+}
+export async function startWatchWebServer(opts = {}) {
+    const log = opts.log || (() => { });
+    setDebugLog(log);
+    // soft 版本校验：ping daemon 检查 protocolVersion
+    const p = resolvePaths();
+    const pingResp = await ipcQuery(p.socket, { type: 'ping' }, 1000);
+    if (pingResp && pingResp.protocolVersion !== undefined && pingResp.protocolVersion < PROTOCOL_VERSION) {
+        log(`⚠️  evolclaw protocolVersion=${pingResp.protocolVersion}，watch 期望 >=${PROTOCOL_VERSION}，部分功能可能异常`);
+    }
+    let pairingCode = genPairingCode();
+    let pairingExpiry = Date.now() + PAIRING_TTL_MS;
+    function freshPairing() {
+        if (Date.now() > pairingExpiry) {
+            pairingCode = genPairingCode();
+            pairingExpiry = Date.now() + PAIRING_TTL_MS;
+            log(`↺ 配对码已刷新：${pairingCode}（5 分钟有效）`);
+        }
+        return { code: pairingCode, expiresAt: pairingExpiry };
+    }
+    const server = http.createServer((req, res) => {
+        if (req.method === 'GET' && (req.url || '') === '/api/pair-code') {
+            const { code, expiresAt } = freshPairing();
+            res.writeHead(200, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ code, expiresAt }));
+        }
+        else if (req.method === 'POST' && (req.url || '').startsWith('/api/pair')) {
+            handlePair(req, res, pairingCode, pairingExpiry, log);
+        }
+        else {
+            serveStatic(req, res);
+        }
+    });
+    const wss = new WebSocketServer({ noServer: true });
+    server.on('upgrade', (req, socket, head) => {
+        const { query } = parseUrl(req.url || '');
+        const authed = validateAndRenew(query.token || '', Date.now());
+        wss.handleUpgrade(req, socket, head, (ws) => {
+            if (!authed) {
+                log(`✗ WS 拒绝（无效 token） from ${clientIp(req)}`);
+                ws.close(4001, 'invalid-token');
+                return;
+            }
+            handleConnection(ws, req, log);
+        });
+    });
+    const { port, displaced } = await bindPort(server, opts.port ?? DEFAULT_PORT);
+    return {
+        url: `http://0.0.0.0:${port}`,
+        port,
+        displaced,
+        pairingCode,
+        close() {
+            return new Promise((resolve) => {
+                for (const client of wss.clients)
+                    try {
+                        client.close();
+                    }
+                    catch { }
+                wss.close();
+                server.close(() => resolve());
+            });
+        },
+    };
+}

package/dist/sources/aid.js ADDED Viewed

@@ -0,0 +1,118 @@
+/**
+ * AID 数据源 — 复用 daemon 的 IPC socket（与 evolclaw `watch aid` 同源）。
+ *
+ * daemon 运行时：拉 aun-aids / aun-aid-stats / status / evolagent.list。
+ * daemon 未运行时：降级到读 instance/ 目录的 aid-*.jsonl（精简版 scanInstances）。
+ * IPC 无推送能力，故 1s 轮询 + JSON diff，仅在变化时 push。
+ */
+import fs from 'fs';
+import path from 'path';
+import { resolvePaths } from '../paths.js';
+import { ipcQuery } from '../ipc-client.js';
+/** 精简版实例扫描：仅在 daemon 离线时降级用，读各 alive main 进程的 aid 活动日志 */
+function scanAidActivity() {
+    const result = new Map();
+    const dir = resolvePaths().instanceDir;
+    let files;
+    try {
+        files = fs.readdirSync(dir);
+    }
+    catch {
+        return result;
+    }
+    for (const file of files) {
+        if (!file.startsWith('main-') || !file.endsWith('.json'))
+            continue;
+        let rec;
+        try {
+            rec = JSON.parse(fs.readFileSync(path.join(dir, file), 'utf-8'));
+        }
+        catch {
+            continue;
+        }
+        if (!rec?.pid)
+            continue;
+        // 进程存活检测（轻量：signal 0）
+        try {
+            process.kill(rec.pid, 0);
+        }
+        catch {
+            continue;
+        }
+        // 读该 pid 的 aid-<pid>.jsonl，按 aid 取最后活动
+        const aidLog = path.join(dir, `aid-${rec.pid}.jsonl`);
+        let content;
+        try {
+            content = fs.readFileSync(aidLog, 'utf-8');
+        }
+        catch {
+            continue;
+        }
+        for (const line of content.trim().split('\n')) {
+            if (!line)
+                continue;
+            try {
+                const ev = JSON.parse(line);
+                if (ev.aid && ev.ts) {
+                    const prev = result.get(ev.aid);
+                    if (!prev || ev.ts > prev.ts)
+                        result.set(ev.aid, { ts: ev.ts, event: ev.event });
+                }
+            }
+            catch { /* skip */ }
+        }
+    }
+    return result;
+}
+async function buildSnapshot() {
+    const p = resolvePaths();
+    const [aidsResp, statsResp, statusResp, agentsResp] = await Promise.all([
+        ipcQuery(p.socket, { type: 'aun-aids' }),
+        ipcQuery(p.socket, { type: 'aun-aid-stats' }),
+        ipcQuery(p.socket, { type: 'status' }),
+        ipcQuery(p.socket, { type: 'evolagent.list' }),
+    ]);
+    const daemonRunning = aidsResp !== null || statusResp !== null;
+    if (!daemonRunning) {
+        const activity = scanAidActivity();
+        const aids = Array.from(activity.entries()).map(([aid, info]) => ({
+            aid,
+            status: info.event === 'disconnected' ? 'disconnected' : 'offline',
+            lastActivity: info.ts,
+            lastEvent: info.event,
+        }));
+        return { daemonRunning: false, aids, stats: [], agents: [] };
+    }
+    return {
+        daemonRunning: true,
+        aids: aidsResp?.aids ?? [],
+        stats: statsResp?.stats ?? [],
+        status: statusResp ?? null,
+        agents: agentsResp?.agents ?? [],
+    };
+}
+export const aidSource = {
+    kind: 'aid',
+    async snapshot() {
+        return buildSnapshot();
+    },
+    subscribe(_params, push) {
+        let lastJson = '';
+        let stopped = false;
+        const tick = async () => {
+            if (stopped)
+                return;
+            try {
+                const snap = await buildSnapshot();
+                const json = JSON.stringify(snap);
+                if (json !== lastJson) {
+                    lastJson = json;
+                    push(snap);
+                }
+            }
+            catch { /* ignore transient IPC errors */ }
+        };
+        const timer = setInterval(tick, 1000);
+        return () => { stopped = true; clearInterval(timer); };
+    },
+};

package/dist/sources/msg.js ADDED Viewed

@@ -0,0 +1,70 @@
+/**
+ * 消息数据源 — fs-utils 的数据层函数 + fs.watch 文件监听。
+ *
+ * snapshot:
+ *   - 无 aid: 本地 AID 列表（含收发统计）
+ *   - 有 aid 无 peer: 该 AID 的对端列表 + 全部消息
+ *   - 有 aid 有 peer: 该对端的消息
+ * subscribe: fs.watch(sessions/aun, recursive)，messages.jsonl 变化时防抖 150ms 后重推。
+ */
+import fs from 'fs';
+import { getSessionsAunDir, listLocalAids, loadAidInfo, loadPeerInfos, loadAllMessages, readMessages, } from '../fs-utils.js';
+function buildSnapshot(params) {
+    const aunDir = getSessionsAunDir();
+    if (!fs.existsSync(aunDir)) {
+        return { aids: [], peers: [], messages: [], aid: null, peer: null };
+    }
+    const aid = params.aid || null;
+    const peer = params.peer || null;
+    const aids = listLocalAids(aunDir)
+        .map(a => loadAidInfo(aunDir, a))
+        .sort((a, b) => (b.totalIn + b.totalOut) - (a.totalIn + a.totalOut));
+    if (!aid) {
+        return { aids, peers: [], messages: [], aid: null, peer: null };
+    }
+    const peers = loadPeerInfos(aunDir, aid);
+    let messages;
+    if (peer) {
+        messages = readMessages(aunDir, aid, peer);
+        if (messages.length > 1000)
+            messages = messages.slice(-1000);
+    }
+    else {
+        messages = loadAllMessages(aunDir, aid);
+    }
+    return { aids, peers, messages, aid, peer };
+}
+export const msgSource = {
+    kind: 'msg',
+    async snapshot(params = {}) {
+        return buildSnapshot(params);
+    },
+    subscribe(params, push) {
+        const aunDir = getSessionsAunDir();
+        let watcher = null;
+        let debounce = null;
+        const fire = () => {
+            if (debounce)
+                clearTimeout(debounce);
+            debounce = setTimeout(() => {
+                try {
+                    push(buildSnapshot(params));
+                }
+                catch { /* ignore */ }
+            }, 150);
+        };
+        try {
+            watcher = fs.watch(aunDir, { recursive: true }, (_evt, filename) => {
+                if (filename && String(filename).endsWith('messages.jsonl'))
+                    fire();
+            });
+        }
+        catch { /* aunDir may not exist yet */ }
+        return () => {
+            if (watcher)
+                watcher.close();
+            if (debounce)
+                clearTimeout(debounce);
+        };
+    },
+};