evolclaw 2.8.3 → 3.0.0

package/dist/aun/aid/agentmd.js

@@ -0,0 +1,186 @@
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import { getAunClient } from './client.js';
+export function buildInitialAgentMd(opts) {
+    const agentName = opts.aid.split('.')[0];
+    const agentType = opts.type || 'ai';
+    return `---\naid: "${opts.aid}"\nname: "${agentName}"\ntype: "${agentType}"\nversion: "1.0.0"\ndescription: ""\ntags:\n  - evolclaw\n---\n`;
+}
+/**
+ * Resolve the gateway URL for an AID via .well-known discovery.
+ */
+async function discoverGateway(aid) {
+    try {
+        const resp = await fetch(`https://${aid}/.well-known/aun-gateway`, { redirect: 'follow' });
+        if (!resp.ok)
+            return undefined;
+        const text = await resp.text();
+        try {
+            return JSON.parse(text.trim()).gateways?.[0]?.url ?? text.trim();
+        }
+        catch {
+            return text.trim();
+        }
+    }
+    catch {
+        return undefined;
+    }
+}
+/**
+ * Obtain cert PEM for an AID: local first, then network.
+ * Persists fetched cert to local for future use.
+ */
+async function obtainCertPem(aid, aunPath, client) {
+    const localCert = path.join(aunPath, 'AIDs', aid, 'public', 'cert.pem');
+    if (fs.existsSync(localCert)) {
+        return fs.readFileSync(localCert, 'utf-8');
+    }
+    // Fetch from network via SDK's _fetchPeerCert (needs gateway)
+    if (client) {
+        try {
+            if (!client._gatewayUrl) {
+                client._gatewayUrl = await discoverGateway(aid);
+            }
+            if (client._gatewayUrl) {
+                const certPem = await client._fetchPeerCert.call(client, aid);
+                // Persist for future use
+                if (certPem) {
+                    const certDir = path.join(aunPath, 'AIDs', aid, 'public');
+                    fs.mkdirSync(certDir, { recursive: true });
+                    fs.writeFileSync(localCert, certPem, 'utf-8');
+                }
+                return certPem;
+            }
+        }
+        catch { /* fall through */ }
+    }
+    return undefined;
+}
+/**
+ * Verify agent.md content using SDK.
+ */
+async function verifyContent(content, aid, certPem, client) {
+    if (!content.includes('AUN-SIGNATURE')) {
+        return { status: 'unsigned' };
+    }
+    if (!certPem) {
+        return { status: 'invalid', reason: 'certificate not available' };
+    }
+    try {
+        const result = await client.auth.verifyAgentMd(content, { aid, certPem });
+        if (result.status === 'verified' || result.verified) {
+            return { status: 'verified' };
+        }
+        return { status: 'invalid', reason: result.reason };
+    }
+    catch (e) {
+        return { status: 'invalid', reason: `verify error: ${String(e.message || e).slice(0, 100)}` };
+    }
+}
+/**
+ * Create a bare AUNClient (no createAid) for read-only operations.
+ */
+async function createBareClient(aunPath) {
+    const { AUNClient } = await import('@agentunion/fastaun');
+    const caCertPath = path.join(aunPath, 'CA', 'root', 'root.crt');
+    const clientOpts = { aun_path: aunPath, debug: false };
+    if (fs.existsSync(caCertPath))
+        clientOpts.root_ca_path = caCertPath;
+    return new AUNClient(clientOpts);
+}
+export async function agentmdGet(aid, opts) {
+    const aunPath = opts?.aunPath ?? path.join(os.homedir(), '.aun');
+    const localPath = path.join(aunPath, 'AIDs', aid, 'agent.md');
+    // === Path A: local agent.md exists ===
+    if (fs.existsSync(localPath)) {
+        const content = fs.readFileSync(localPath, 'utf-8');
+        if (!opts?.withVerification)
+            return content;
+        // Verify local content
+        const client = opts?.client ?? await createBareClient(aunPath);
+        const ownClient = !opts?.client;
+        try {
+            const certPem = await obtainCertPem(aid, aunPath, client);
+            const verification = await verifyContent(content, aid, certPem, client);
+            if (verification.status !== 'invalid') {
+                return { content, verification };
+            }
+            // Fallback: local invalid → try remote
+            try {
+                const remote = await client.auth.downloadAgentMd(aid);
+                if (remote) {
+                    const remoteVerification = await verifyContent(remote, aid, certPem, client);
+                    if (remoteVerification.status === 'verified') {
+                        fs.writeFileSync(localPath, remote, 'utf-8');
+                        return { content: remote, verification: remoteVerification };
+                    }
+                }
+            }
+            catch { /* remote fetch failed, return local invalid result */ }
+            return { content, verification };
+        }
+        finally {
+            if (ownClient)
+                try {
+                    await client.close();
+                }
+                catch { /* ignore */ }
+        }
+    }
+    // === Path B: no local agent.md → download from remote ===
+    const client = opts?.client ?? await createBareClient(aunPath);
+    const ownClient = !opts?.client;
+    try {
+        const raw = await client.auth.downloadAgentMd(aid);
+        if (!opts?.withVerification) {
+            // Persist without verification
+            const aidDir = path.join(aunPath, 'AIDs', aid);
+            fs.mkdirSync(aidDir, { recursive: true });
+            fs.writeFileSync(path.join(aidDir, 'agent.md'), raw, 'utf-8');
+            return raw;
+        }
+        const certPem = await obtainCertPem(aid, aunPath, client);
+        const verification = await verifyContent(raw, aid, certPem, client);
+        // Persist to local
+        const aidDir = path.join(aunPath, 'AIDs', aid);
+        fs.mkdirSync(aidDir, { recursive: true });
+        fs.writeFileSync(path.join(aidDir, 'agent.md'), raw, 'utf-8');
+        return { content: raw, verification };
+    }
+    finally {
+        if (ownClient)
+            try {
+                await client.close();
+            }
+            catch { /* ignore */ }
+    }
+}
+/**
+ * Upload agent.md: auto-sign + upload + sync to local file.
+ */
+export async function agentmdPut(content, opts) {
+    const aunPath = opts.aunPath ?? path.join(os.homedir(), '.aun');
+    const client = opts.client ?? await getAunClient(opts.aid, { aunPath });
+    const ownClient = !opts.client;
+    try {
+        let signed;
+        try {
+            signed = await client.auth.signAgentMd(content);
+        }
+        catch {
+            signed = content;
+        }
+        await client.auth.uploadAgentMd(signed);
+        const aidDir = path.join(aunPath, 'AIDs', opts.aid);
+        fs.mkdirSync(aidDir, { recursive: true });
+        fs.writeFileSync(path.join(aidDir, 'agent.md'), signed, 'utf-8');
+    }
+    finally {
+        if (ownClient)
+            try {
+                await client.close();
+            }
+            catch { /* ignore */ }
+    }
+}

package/dist/aun/aid/client.js

@@ -0,0 +1,134 @@
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import { fileURLToPath } from 'url';
+import { execFileSync } from 'child_process';
+import { isWindows } from '../../utils/cross-platform.js';
+/**
+ * Suppress SDK console logs (DEBUG/INFO/WARN) in CLI context.
+ * Call once at CLI entry point — NOT at module load time, to avoid
+ * affecting the daemon process which imports this module for slash commands.
+ */
+export function suppressSdkLogs() {
+    process.env.AUN_LOG_INI_DISABLE = '1';
+    const _origLog = console.log;
+    const _origInfo = console.info;
+    const _origWarn = console.warn;
+    const _origError = console.error;
+    const SDK_LOG_RE = /^\[\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d+\]\[(?:DEBUG|INFO|WARN)\]/;
+    const SDK_ERROR_RE = /^\[\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d+\]\[ERROR\]/;
+    console.log = (...args) => { if (typeof args[0] === 'string') {
+        if (SDK_LOG_RE.test(args[0]))
+            return;
+        if (SDK_ERROR_RE.test(args[0])) {
+            _origError(...args);
+            return;
+        }
+    } _origLog(...args); };
+    console.info = (...args) => { if (typeof args[0] === 'string' && SDK_LOG_RE.test(args[0]))
+        return; _origInfo(...args); };
+    console.warn = (...args) => { if (typeof args[0] === 'string' && SDK_LOG_RE.test(args[0]))
+        return; _origWarn(...args); };
+}
+// ==================== Constants ====================
+export const MIN_AUN_CORE_SDK = [0, 2, 17];
+export const AUN_CORE_SDK_PKG = '@agentunion/fastaun';
+// ==================== SDK & Environment ====================
+function compareVersion(a, min) {
+    const parts = a.split('.').map(n => parseInt(n, 10));
+    if (parts.length < 3 || parts.some(isNaN))
+        return false;
+    if (parts[0] !== min[0])
+        return parts[0] > min[0];
+    if (parts[1] !== min[1])
+        return parts[1] > min[1];
+    return parts[2] >= min[2];
+}
+export function isAunSdkVersionOk(version) {
+    return compareVersion(version, MIN_AUN_CORE_SDK);
+}
+export function resolveAunCoreSdkPkg() {
+    try {
+        let dir = path.dirname(fileURLToPath(import.meta.url));
+        while (true) {
+            const candidate = path.join(dir, 'node_modules', AUN_CORE_SDK_PKG, 'package.json');
+            if (fs.existsSync(candidate)) {
+                const data = JSON.parse(fs.readFileSync(candidate, 'utf-8'));
+                if (data.name === AUN_CORE_SDK_PKG)
+                    return { version: data.version, path: candidate };
+            }
+            const parent = path.dirname(dir);
+            if (parent === dir)
+                break;
+            dir = parent;
+        }
+    }
+    catch { /* fall through */ }
+    try {
+        const npmCmd = isWindows ? 'npm.cmd' : 'npm';
+        const globalRoot = execFileSync(npmCmd, ['root', '-g'], {
+            encoding: 'utf-8', timeout: 10000, shell: isWindows,
+        }).trim();
+        const pkgPath = path.join(globalRoot, AUN_CORE_SDK_PKG, 'package.json');
+        if (fs.existsSync(pkgPath)) {
+            const data = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'));
+            return { version: data.version, path: pkgPath };
+        }
+    }
+    catch { /* not found */ }
+    return null;
+}
+export async function ensureAunSdk() {
+    const installed = resolveAunCoreSdkPkg();
+    if (installed && isAunSdkVersionOk(installed.version))
+        return;
+    const { npmInstallGlobal } = await import('../../utils/npm-ops.js');
+    console.log(`正在安装 ${AUN_CORE_SDK_PKG}@latest...`);
+    await npmInstallGlobal(`${AUN_CORE_SDK_PKG}@latest`);
+}
+export function isAunSdkReady() {
+    const installed = resolveAunCoreSdkPkg();
+    return !!(installed && isAunSdkVersionOk(installed.version));
+}
+// ==================== CA Root ====================
+export async function downloadCaRoot(aunPath, gatewayUrl, indent = '') {
+    const caDir = path.join(aunPath, 'CA', 'root');
+    const caCertPath = path.join(caDir, 'root.crt');
+    if (fs.existsSync(caCertPath))
+        return true;
+    if (!gatewayUrl)
+        return false;
+    try {
+        fs.mkdirSync(caDir, { recursive: true });
+        const gwHttp = gatewayUrl.replace(/^wss?:/, 'https:').replace(/\/aun$/, '');
+        const resp = await fetch(`${gwHttp}/pki/chain`, { redirect: 'follow' });
+        if (!resp.ok) {
+            console.warn(`${indent}⚠ CA 根证书下载失败: HTTP ${resp.status}`);
+            return false;
+        }
+        const body = await resp.text();
+        if (!body.includes('BEGIN CERTIFICATE')) {
+            console.warn(`${indent}⚠ CA 根证书响应内容无效，跳过写入`);
+            return false;
+        }
+        fs.writeFileSync(caCertPath, body);
+        console.log(`${indent}✓ CA 根证书已下载`);
+        return true;
+    }
+    catch (e) {
+        console.warn(`${indent}⚠ CA 根证书下载失败: ${e}，可稍后手动下载`);
+        return false;
+    }
+}
+// ==================== AUNClient Factory ====================
+export async function getAunClient(aid, opts) {
+    const aunPath = opts?.aunPath ?? path.join(os.homedir(), '.aun');
+    const caCertPath = path.join(aunPath, 'CA', 'root', 'root.crt');
+    const { AUNClient } = await import('@agentunion/fastaun');
+    const clientOpts = { aun_path: aunPath, debug: false };
+    if (fs.existsSync(caCertPath))
+        clientOpts.root_ca_path = caCertPath;
+    const client = new AUNClient(clientOpts);
+    await client.auth.createAid({ aid });
+    return client;
+}

package/dist/aun/aid/identity.js

@@ -0,0 +1,131 @@
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import crypto from 'crypto';
+import { getAunClient, downloadCaRoot } from './client.js';
+// ==================== Validation ====================
+export function isValidAid(name) {
+    const labels = name.split('.');
+    return labels.length >= 3 && labels.every(l => /^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?$/.test(l));
+}
+// ==================== AID Operations ====================
+export function aidList(aunPath) {
+    const aidsDir = path.join(aunPath ?? path.join(os.homedir(), '.aun'), 'AIDs');
+    if (!fs.existsSync(aidsDir))
+        return [];
+    const entries = fs.readdirSync(aidsDir, { withFileTypes: true });
+    return entries
+        .filter(e => e.isDirectory())
+        .map(e => ({
+        aid: e.name,
+        hasPrivateKey: fs.existsSync(path.join(aidsDir, e.name, 'private')),
+        hasAgentMd: fs.existsSync(path.join(aidsDir, e.name, 'agent.md')),
+    }));
+}
+export async function aidCreate(aid, opts) {
+    const aunPath = opts?.aunPath ?? path.join(os.homedir(), '.aun');
+    const aidDir = path.join(aunPath, 'AIDs', aid);
+    if (fs.existsSync(aidDir) && fs.existsSync(path.join(aidDir, 'private'))) {
+        const client = await getAunClient(aid, { aunPath });
+        return { aid, alreadyExisted: true, gateway: '', client };
+    }
+    const { AUNClient, GatewayDiscovery } = await import('@agentunion/fastaun');
+    let client = new AUNClient({ aun_path: aunPath });
+    try {
+        const result = await client.auth.createAid({ aid });
+        const gateway = result.gateway || '';
+        const caDownloaded = await downloadCaRoot(aunPath, gateway);
+        const caCertPath = path.join(aunPath, 'CA', 'root', 'root.crt');
+        if (caDownloaded && fs.existsSync(caCertPath)) {
+            try {
+                await client.close();
+            }
+            catch { /* ignore */ }
+            client = new AUNClient({ aun_path: aunPath, root_ca_path: caCertPath });
+            await client.auth.createAid({ aid });
+        }
+        let gatewayUrl = gateway;
+        if (!gatewayUrl) {
+            try {
+                const discovery = new GatewayDiscovery({});
+                gatewayUrl = await discovery.discover(`https://${aid}/.well-known/aun-gateway`);
+            }
+            catch { /* fall through */ }
+        }
+        if (gatewayUrl) {
+            client._gatewayUrl = gatewayUrl;
+        }
+        return { aid, alreadyExisted: false, gateway: gatewayUrl, client };
+    }
+    catch (e) {
+        try {
+            await client.close();
+        }
+        catch { /* ignore */ }
+        throw e;
+    }
+}
+// ==================== Show ====================
+export function aidShow(aid, opts) {
+    const aunPath = opts?.aunPath ?? path.join(os.homedir(), '.aun');
+    const aidDir = path.join(aunPath, 'AIDs', aid);
+    const hasPrivateKey = fs.existsSync(path.join(aidDir, 'private'));
+    const hasAgentMd = fs.existsSync(path.join(aidDir, 'agent.md'));
+    let certExpiresAt = null;
+    let certSubject = null;
+    const certPath = path.join(aidDir, 'public', 'cert.pem');
+    if (fs.existsSync(certPath)) {
+        try {
+            const pem = fs.readFileSync(certPath, 'utf-8');
+            const x509 = new crypto.X509Certificate(pem);
+            certExpiresAt = x509.validTo;
+            certSubject = x509.subject;
+        }
+        catch { /* ignore parse errors */ }
+    }
+    return { aid, hasPrivateKey, hasAgentMd, certExpiresAt, certSubject };
+}
+// ==================== Delete ====================
+export function aidDelete(aid, opts) {
+    const aunPath = opts?.aunPath ?? path.join(os.homedir(), '.aun');
+    const aidDir = path.join(aunPath, 'AIDs', aid);
+    if (!fs.existsSync(aidDir))
+        return false;
+    fs.rmSync(aidDir, { recursive: true, force: true });
+    return true;
+}
+// ==================== Lookup ====================
+export async function aidLookup(aid) {
+    let gateway = '';
+    try {
+        const gwResp = await fetch(`https://${aid}/.well-known/aun-gateway`, { redirect: 'follow' });
+        if (gwResp.ok) {
+            const text = await gwResp.text();
+            // Response may be JSON with gateways array or plain URL
+            try {
+                const parsed = JSON.parse(text.trim());
+                if (parsed.gateways?.[0]?.url) {
+                    gateway = parsed.gateways[0].url;
+                }
+                else {
+                    gateway = text.trim();
+                }
+            }
+            catch {
+                gateway = text.trim();
+            }
+        }
+    }
+    catch { /* ignore */ }
+    try {
+        const resp = await fetch(`https://${aid}/agent.md`, { redirect: 'follow' });
+        if (resp.ok) {
+            const content = await resp.text();
+            return { exists: true, aid, gateway, content };
+        }
+        return { exists: false, aid, gateway, error: `agent_md_not_found` };
+    }
+    catch (e) {
+        return { exists: false, aid, gateway, error: String(e.message || e) };
+    }
+}

package/dist/aun/aid/index.js

@@ -0,0 +1,3 @@
+export { isValidAid, aidList, aidCreate, aidShow, aidDelete, aidLookup } from './identity.js';
+export { buildInitialAgentMd, agentmdGet, agentmdPut } from './agentmd.js';
+export { MIN_AUN_CORE_SDK, AUN_CORE_SDK_PKG, isAunSdkVersionOk, resolveAunCoreSdkPkg, ensureAunSdk, isAunSdkReady, downloadCaRoot, getAunClient, suppressSdkLogs, } from './client.js';

package/dist/aun/aid/types.js

@@ -0,0 +1 @@
+export {};

package/dist/aun/aid/validation.js

@@ -0,0 +1,21 @@
+import fs from 'fs';
+import path from 'path';
+import { isValidAid } from './identity.js';
+/**
+ * `agents/<dirName>` 是否能被当作合法的 self-agent 目录：
+ *   - 目录名通过 isValidAid（标准多级域名）
+ *   - 目录下存在 config.json
+ *
+ * 不满足返回原因字符串，调用方决定是 warn-and-skip 还是 throw。
+ */
+export function checkAgentDir(agentsDir, dirName) {
+    if (!isValidAid(dirName)) {
+        return `dir name "${dirName}" is not a valid AID`;
+    }
+    const configPath = path.join(agentsDir, dirName, 'config.json');
+    if (!fs.existsSync(configPath)) {
+        return `missing ${path.join(dirName, 'config.json')}`;
+    }
+    return null;
+}
+export { isValidAid };