evolclaw 3.1.4 → 3.1.5

package/dist/cli/watch-web/server.js

@@ -0,0 +1,306 @@
+/**
+ * Watch Web 服务 — 本地浏览器监控面板的后端。
+ *
+ * - HTTP: 静态资源 + 配对 API
+ * - WebSocket: 订阅式实时推送（aid / msg / session）
+ * - 鉴权: 6 位配对码（5 分钟有效）→ token（24h，有访问自动续期），持久化到磁盘
+ * - 安全: 绑定 0.0.0.0（支持远程访问），token 校验，只读
+ *
+ * 借鉴 Kite 控制台：配对码换 token、首消息鉴权、订阅式推送、访问日志。
+ */
+import http from 'http';
+import fs from 'fs';
+import path from 'path';
+import crypto from 'crypto';
+import { fileURLToPath } from 'url';
+import { WebSocketServer } from 'ws';
+import { resolvePaths } from '../../paths.js';
+import { setDebugLog } from './debug-log.js';
+import { aidSource } from './sources/aid.js';
+import { msgSource } from './sources/msg.js';
+import { sessionSource } from './sources/session.js';
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const STATIC_DIR = path.join(__dirname, 'static');
+const TOKEN_TTL_MS = 24 * 60 * 60 * 1000; // 24 小时
+const PAIRING_TTL_MS = 5 * 60 * 1000; // 配对码 5 分钟
+const DEFAULT_PORT = 20030;
+const SOURCES = {
+    aid: aidSource,
+    msg: msgSource,
+    session: sessionSource,
+};
+// ── Token 持久化 ──
+function tokenStorePath() {
+    return path.join(resolvePaths().instanceDir, 'watch-web-tokens.json');
+}
+function loadTokens() {
+    try {
+        const raw = fs.readFileSync(tokenStorePath(), 'utf-8');
+        const store = JSON.parse(raw);
+        if (Array.isArray(store.tokens))
+            return store;
+    }
+    catch { /* missing or corrupt */ }
+    return { tokens: [] };
+}
+function saveTokens(store) {
+    try {
+        fs.mkdirSync(resolvePaths().instanceDir, { recursive: true });
+        const tmp = tokenStorePath() + '.tmp';
+        fs.writeFileSync(tmp, JSON.stringify(store, null, 2));
+        fs.renameSync(tmp, tokenStorePath());
+    }
+    catch { /* best effort */ }
+}
+function pruneExpired(store, now) {
+    const before = store.tokens.length;
+    store.tokens = store.tokens.filter(t => now - t.lastActive < TOKEN_TTL_MS);
+    return store.tokens.length !== before;
+}
+/** 校验 token，命中则续期（更新 lastActive）并持久化 */
+function validateAndRenew(token, now) {
+    if (!token)
+        return false;
+    const store = loadTokens();
+    const changed = pruneExpired(store, now);
+    const rec = store.tokens.find(t => t.token === token);
+    if (rec) {
+        rec.lastActive = now;
+        saveTokens(store);
+        return true;
+    }
+    if (changed)
+        saveTokens(store);
+    return false;
+}
+// ── 静态资源 ──
+const MIME = {
+    '.html': 'text/html; charset=utf-8',
+    '.js': 'text/javascript; charset=utf-8',
+    '.css': 'text/css; charset=utf-8',
+    '.json': 'application/json; charset=utf-8',
+    '.svg': 'image/svg+xml',
+};
+function serveStatic(req, res) {
+    let urlPath = (req.url || '/').split('?')[0];
+    if (urlPath === '/')
+        urlPath = '/index.html';
+    // 防目录穿越
+    const safe = path.normalize(urlPath).replace(/^(\.\.[/\\])+/, '');
+    const file = path.join(STATIC_DIR, safe);
+    if (!file.startsWith(STATIC_DIR)) {
+        res.writeHead(403).end('Forbidden');
+        return;
+    }
+    fs.readFile(file, (err, data) => {
+        if (err) {
+            res.writeHead(404).end('Not Found');
+            return;
+        }
+        res.writeHead(200, { 'Content-Type': MIME[path.extname(file)] || 'application/octet-stream' });
+        res.end(data);
+    });
+}
+function genPairingCode() {
+    return String(crypto.randomInt(0, 1000000)).padStart(6, '0');
+}
+function clientIp(req) {
+    const fwd = req.headers['x-forwarded-for'];
+    if (typeof fwd === 'string' && fwd)
+        return fwd.split(',')[0].trim();
+    return req.socket.remoteAddress || '?';
+}
+export async function startWatchWebServer(opts = {}) {
+    const log = opts.log || (() => { });
+    setDebugLog(log); // 把日志 writer 注入各 source，建立调试闭环
+    const pairingCode = genPairingCode();
+    const pairingExpiry = Date.now() + PAIRING_TTL_MS;
+    const server = http.createServer((req, res) => {
+        const url = req.url || '/';
+        if (req.method === 'POST' && url === '/api/pair') {
+            handlePair(req, res, pairingCode, pairingExpiry, log);
+            return;
+        }
+        serveStatic(req, res);
+    });
+    const wss = new WebSocketServer({ noServer: true });
+    server.on('upgrade', (req, socket, head) => {
+        const { query } = parseUrl(req.url || '');
+        const token = query.token || '';
+        if (!validateAndRenew(token, Date.now())) {
+            socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
+            socket.destroy();
+            log(`✗ WS 拒绝（无效 token） from ${req.socket.remoteAddress}`);
+            return;
+        }
+        wss.handleUpgrade(req, socket, head, (ws) => {
+            handleConnection(ws, req, log);
+        });
+    });
+    const port = await bindPort(server, opts.port ?? DEFAULT_PORT);
+    const url = `http://0.0.0.0:${port}`;
+    return {
+        url,
+        port,
+        pairingCode,
+        close() {
+            return new Promise((resolve) => {
+                for (const client of wss.clients) {
+                    try {
+                        client.close();
+                    }
+                    catch { /* ignore */ }
+                }
+                wss.close();
+                server.close(() => resolve());
+            });
+        },
+    };
+}
+// ── 配对 ──
+function handlePair(req, res, pairingCode, pairingExpiry, log) {
+    let body = '';
+    req.on('data', (chunk) => {
+        body += chunk;
+        if (body.length > 4096)
+            req.destroy();
+    });
+    req.on('end', () => {
+        const ip = clientIp(req);
+        let code = '';
+        try {
+            code = String(JSON.parse(body).code || '');
+        }
+        catch { /* bad json */ }
+        if (Date.now() > pairingExpiry) {
+            res.writeHead(403, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ ok: false, reason: '配对码已过期，请重启 watch web' }));
+            log(`✗ 配对失败（码已过期） from ${ip}`);
+            return;
+        }
+        if (code !== pairingCode) {
+            res.writeHead(403, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ ok: false, reason: '配对码错误' }));
+            log(`✗ 配对失败（码错误: ${code}） from ${ip}`);
+            return;
+        }
+        // 配对成功，发放持久 token
+        const now = Date.now();
+        const token = crypto.randomBytes(32).toString('hex');
+        const store = loadTokens();
+        pruneExpired(store, now);
+        store.tokens.push({ token, createdAt: now, lastActive: now, label: ip });
+        saveTokens(store);
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ ok: true, token }));
+        log(`✓ 配对成功 from ${ip}（token 已缓存，24h 有效）`);
+    });
+}
+// ── URL 解析 ──
+function parseUrl(rawUrl) {
+    const qIdx = rawUrl.indexOf('?');
+    if (qIdx === -1)
+        return { path: rawUrl, query: {} };
+    const query = {};
+    for (const pair of rawUrl.slice(qIdx + 1).split('&')) {
+        const [k, v] = pair.split('=');
+        if (k)
+            query[decodeURIComponent(k)] = decodeURIComponent(v || '');
+    }
+    return { path: rawUrl.slice(0, qIdx), query };
+}
+// ── WebSocket 连接 ──
+function handleConnection(ws, req, log) {
+    const ip = clientIp(req);
+    let unsubscribe = null;
+    let currentView = null;
+    log(`◆ WS 连接 from ${ip}`);
+    const send = (obj) => {
+        if (ws.readyState === ws.OPEN) {
+            try {
+                ws.send(JSON.stringify(obj));
+            }
+            catch { /* ignore */ }
+        }
+    };
+    const switchSubscription = async (view, params) => {
+        if (unsubscribe) {
+            unsubscribe();
+            unsubscribe = null;
+        }
+        currentView = view;
+        const source = SOURCES[view];
+        if (!source) {
+            send({ type: 'error', message: `unknown view: ${view}` });
+            return;
+        }
+        try {
+            const snap = await source.snapshot(params);
+            send({ type: 'snapshot', view, data: snap });
+        }
+        catch (e) {
+            send({ type: 'error', message: `snapshot failed: ${e?.message || e}` });
+        }
+        unsubscribe = source.subscribe(params, (data) => {
+            if (currentView === view)
+                send({ type: 'delta', view, data });
+        });
+    };
+    ws.on('message', async (raw) => {
+        let msg;
+        try {
+            msg = JSON.parse(raw.toString());
+        }
+        catch {
+            return;
+        }
+        if (msg.type === 'ping') {
+            send({ type: 'pong' });
+            return;
+        }
+        if (msg.type === 'subscribe' && msg.view) {
+            const params = {};
+            if (msg.aid)
+                params.aid = msg.aid;
+            if (msg.peer)
+                params.peer = msg.peer;
+            if (msg.sessionId)
+                params.sessionId = msg.sessionId;
+            if (msg.project)
+                params.project = msg.project;
+            log(`▸ 订阅 ${msg.view}` +
+                `${msg.project ? ` project=${String(msg.project).slice(-24)}` : ''}` +
+                `${msg.aid ? ` aid=${String(msg.aid).split('.')[0]}` : ''}` +
+                `${msg.peer ? ` peer=${String(msg.peer).split('.')[0]}` : ''}` +
+                `${msg.sessionId ? ` session=${String(msg.sessionId).slice(0, 8)}` : ''} from ${ip}`);
+            await switchSubscription(msg.view, params);
+        }
+    });
+    ws.on('close', () => {
+        if (unsubscribe) {
+            unsubscribe();
+            unsubscribe = null;
+        }
+        log(`◇ WS 断开 from ${ip}`);
+    });
+    ws.on('error', () => { });
+}
+// ── 端口绑定（首选端口被占则 +1，最多尝试 10 次）──
+function bindPort(server, preferred) {
+    return new Promise((resolve, reject) => {
+        let attempt = 0;
+        const tryBind = (port) => {
+            server.once('error', (err) => {
+                if (err.code === 'EADDRINUSE' && attempt < 10) {
+                    attempt++;
+                    tryBind(port + 1);
+                }
+                else {
+                    reject(err);
+                }
+            });
+            server.listen(port, '0.0.0.0', () => resolve(port));
+        };
+        tryBind(preferred);
+    });
+}

package/dist/cli/watch-web/sources/aid.js

@@ -0,0 +1,63 @@
+/**
+ * AID 数据源 — 复用 daemon 的 IPC socket（与 `watch aid` 同源）。
+ *
+ * daemon 运行时：拉 aun-aids / aun-aid-stats / status。
+ * daemon 未运行时：降级到 instance-registry 的 scanInstances()。
+ * IPC 无推送能力，故用 1s 轮询 + JSON diff，仅在变化时 push。
+ */
+import { resolvePaths } from '../../../paths.js';
+import { ipcQuery } from '../../../ipc.js';
+import { scanInstances } from '../../../utils/instance-registry.js';
+async function buildSnapshot() {
+    const p = resolvePaths();
+    const [aidsResp, statsResp, statusResp, agentsResp] = await Promise.all([
+        ipcQuery(p.socket, { type: 'aun-aids' }),
+        ipcQuery(p.socket, { type: 'aun-aid-stats' }),
+        ipcQuery(p.socket, { type: 'status' }),
+        ipcQuery(p.socket, { type: 'evolagent.list' }),
+    ]);
+    const daemonRunning = aidsResp !== null || statusResp !== null;
+    if (!daemonRunning) {
+        // 降级：读 instance-registry，标注 daemon 未运行
+        const inst = scanInstances();
+        const aids = Array.from(inst.aidLastActivity.entries()).map(([aid, info]) => ({
+            aid,
+            status: info.event === 'disconnected' ? 'disconnected' : 'offline',
+            lastActivity: info.ts,
+            lastEvent: info.event,
+        }));
+        return { daemonRunning: false, aids, stats: [], agents: [] };
+    }
+    return {
+        daemonRunning: true,
+        aids: aidsResp?.aids ?? [],
+        stats: statsResp?.stats ?? [],
+        status: statusResp ?? null,
+        agents: agentsResp?.agents ?? [],
+    };
+}
+export const aidSource = {
+    kind: 'aid',
+    async snapshot() {
+        return buildSnapshot();
+    },
+    subscribe(_params, push) {
+        let lastJson = '';
+        let stopped = false;
+        const tick = async () => {
+            if (stopped)
+                return;
+            try {
+                const snap = await buildSnapshot();
+                const json = JSON.stringify(snap);
+                if (json !== lastJson) {
+                    lastJson = json;
+                    push(snap);
+                }
+            }
+            catch { /* ignore transient IPC errors */ }
+        };
+        const timer = setInterval(tick, 1000);
+        return () => { stopped = true; clearInterval(timer); };
+    },
+};

package/dist/cli/watch-web/sources/msg.js

@@ -0,0 +1,70 @@
+/**
+ * 消息数据源 — 复用 watch-msg.ts 的数据层函数 + fs.watch 文件监听。
+ *
+ * snapshot:
+ *   - 无 aid: 返回本地 AID 列表（含收发统计）
+ *   - 有 aid 无 peer: 返回该 AID 的对端列表 + 全部消息
+ *   - 有 aid 有 peer: 返回该对端的消息
+ * subscribe: fs.watch(sessions/aun, recursive)，messages.jsonl 变化时防抖 150ms 后重推。
+ */
+import fs from 'fs';
+import { getSessionsAunDir, listLocalAids, loadAidInfo, loadPeerInfos, loadAllMessages, readMessages, } from '../../watch-msg.js';
+function buildSnapshot(params) {
+    const aunDir = getSessionsAunDir();
+    if (!fs.existsSync(aunDir)) {
+        return { aids: [], peers: [], messages: [], aid: null, peer: null };
+    }
+    const aid = params.aid || null;
+    const peer = params.peer || null;
+    const aids = listLocalAids(aunDir)
+        .map(a => loadAidInfo(aunDir, a))
+        .sort((a, b) => (b.totalIn + b.totalOut) - (a.totalIn + a.totalOut));
+    if (!aid) {
+        return { aids, peers: [], messages: [], aid: null, peer: null };
+    }
+    const peers = loadPeerInfos(aunDir, aid);
+    let messages;
+    if (peer) {
+        messages = readMessages(aunDir, aid, peer);
+        if (messages.length > 1000)
+            messages = messages.slice(-1000);
+    }
+    else {
+        messages = loadAllMessages(aunDir, aid);
+    }
+    return { aids, peers, messages, aid, peer };
+}
+export const msgSource = {
+    kind: 'msg',
+    async snapshot(params = {}) {
+        return buildSnapshot(params);
+    },
+    subscribe(params, push) {
+        const aunDir = getSessionsAunDir();
+        let watcher = null;
+        let debounce = null;
+        const fire = () => {
+            if (debounce)
+                clearTimeout(debounce);
+            debounce = setTimeout(() => {
+                try {
+                    push(buildSnapshot(params));
+                }
+                catch { /* ignore */ }
+            }, 150);
+        };
+        try {
+            watcher = fs.watch(aunDir, { recursive: true }, (_evt, filename) => {
+                if (filename && String(filename).endsWith('messages.jsonl'))
+                    fire();
+            });
+        }
+        catch { /* aunDir may not exist yet */ }
+        return () => {
+            if (watcher)
+                watcher.close();
+            if (debounce)
+                clearTimeout(debounce);
+        };
+    },
+};