npm - gigaclaw - Versions diffs - 1.4.0 - Mend

gigaclaw 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (249) hide show

package/LICENSE +26 -0
package/README.md +237 -0
package/api/CLAUDE.md +19 -0
package/api/index.js +265 -0
package/bin/cli.js +823 -0
package/bin/local.sh +85 -0
package/bin/postinstall.js +63 -0
package/config/index.js +26 -0
package/config/instrumentation.js +62 -0
package/drizzle/0000_initial.sql +52 -0
package/drizzle/0001_nostalgic_sersi.sql +11 -0
package/drizzle/0002_black_daimon_hellstrom.sql +19 -0
package/drizzle/0003_rename_code_workspaces.sql +5 -0
package/drizzle/meta/0000_snapshot.json +321 -0
package/drizzle/meta/0001_snapshot.json +390 -0
package/drizzle/meta/0002_snapshot.json +411 -0
package/drizzle/meta/0003_snapshot.json +419 -0
package/drizzle/meta/_journal.json +34 -0
package/lib/actions.js +44 -0
package/lib/ai/agent.js +86 -0
package/lib/ai/index.js +342 -0
package/lib/ai/model.js +180 -0
package/lib/ai/tools.js +269 -0
package/lib/ai/web-search.js +42 -0
package/lib/auth/actions.js +28 -0
package/lib/auth/config.js +27 -0
package/lib/auth/edge-config.js +27 -0
package/lib/auth/index.js +27 -0
package/lib/auth/middleware.js +62 -0
package/lib/channels/base.js +56 -0
package/lib/channels/index.js +15 -0
package/lib/channels/telegram.js +148 -0
package/lib/chat/actions.js +579 -0
package/lib/chat/api.js +140 -0
package/lib/chat/components/app-sidebar.js +213 -0
package/lib/chat/components/app-sidebar.jsx +279 -0
package/lib/chat/components/chat-header.js +192 -0
package/lib/chat/components/chat-header.jsx +223 -0
package/lib/chat/components/chat-input.js +236 -0
package/lib/chat/components/chat-input.jsx +249 -0
package/lib/chat/components/chat-nav-context.js +11 -0
package/lib/chat/components/chat-nav-context.jsx +11 -0
package/lib/chat/components/chat-page.js +99 -0
package/lib/chat/components/chat-page.jsx +121 -0
package/lib/chat/components/chat.js +153 -0
package/lib/chat/components/chat.jsx +199 -0
package/lib/chat/components/chats-page.js +367 -0
package/lib/chat/components/chats-page.jsx +394 -0
package/lib/chat/components/code-mode-toggle.js +132 -0
package/lib/chat/components/code-mode-toggle.jsx +163 -0
package/lib/chat/components/crons-page.js +172 -0
package/lib/chat/components/crons-page.jsx +244 -0
package/lib/chat/components/greeting.js +11 -0
package/lib/chat/components/greeting.jsx +16 -0
package/lib/chat/components/icons.js +805 -0
package/lib/chat/components/icons.jsx +751 -0
package/lib/chat/components/index.js +20 -0
package/lib/chat/components/message.js +363 -0
package/lib/chat/components/message.jsx +422 -0
package/lib/chat/components/messages.js +65 -0
package/lib/chat/components/messages.jsx +74 -0
package/lib/chat/components/notifications-page.js +56 -0
package/lib/chat/components/notifications-page.jsx +87 -0
package/lib/chat/components/page-layout.js +21 -0
package/lib/chat/components/page-layout.jsx +28 -0
package/lib/chat/components/pull-requests-page.js +103 -0
package/lib/chat/components/pull-requests-page.jsx +113 -0
package/lib/chat/components/settings-layout.js +39 -0
package/lib/chat/components/settings-layout.jsx +53 -0
package/lib/chat/components/settings-secrets-page.js +216 -0
package/lib/chat/components/settings-secrets-page.jsx +264 -0
package/lib/chat/components/sidebar-history-item.js +138 -0
package/lib/chat/components/sidebar-history-item.jsx +119 -0
package/lib/chat/components/sidebar-history.js +167 -0
package/lib/chat/components/sidebar-history.jsx +220 -0
package/lib/chat/components/sidebar-user-nav.js +61 -0
package/lib/chat/components/sidebar-user-nav.jsx +77 -0
package/lib/chat/components/swarm-page.js +157 -0
package/lib/chat/components/swarm-page.jsx +210 -0
package/lib/chat/components/tool-call.js +89 -0
package/lib/chat/components/tool-call.jsx +107 -0
package/lib/chat/components/triggers-page.js +153 -0
package/lib/chat/components/triggers-page.jsx +221 -0
package/lib/chat/components/ui/combobox.js +98 -0
package/lib/chat/components/ui/combobox.jsx +114 -0
package/lib/chat/components/ui/confirm-dialog.js +53 -0
package/lib/chat/components/ui/confirm-dialog.jsx +57 -0
package/lib/chat/components/ui/dropdown-menu.js +194 -0
package/lib/chat/components/ui/dropdown-menu.jsx +215 -0
package/lib/chat/components/ui/rename-dialog.js +78 -0
package/lib/chat/components/ui/rename-dialog.jsx +74 -0
package/lib/chat/components/ui/scroll-area.js +13 -0
package/lib/chat/components/ui/scroll-area.jsx +17 -0
package/lib/chat/components/ui/separator.js +21 -0
package/lib/chat/components/ui/separator.jsx +18 -0
package/lib/chat/components/ui/sheet.js +75 -0
package/lib/chat/components/ui/sheet.jsx +95 -0
package/lib/chat/components/ui/sidebar.js +228 -0
package/lib/chat/components/ui/sidebar.jsx +246 -0
package/lib/chat/components/ui/tooltip.js +56 -0
package/lib/chat/components/ui/tooltip.jsx +66 -0
package/lib/chat/components/upgrade-dialog.js +151 -0
package/lib/chat/components/upgrade-dialog.jsx +170 -0
package/lib/chat/utils.js +11 -0
package/lib/code/actions.js +153 -0
package/lib/code/code-page.js +22 -0
package/lib/code/code-page.jsx +25 -0
package/lib/code/index.js +1 -0
package/lib/code/terminal-view.js +201 -0
package/lib/code/terminal-view.jsx +224 -0
package/lib/code/ws-proxy.js +80 -0
package/lib/cron.js +246 -0
package/lib/db/api-keys.js +163 -0
package/lib/db/chats.js +168 -0
package/lib/db/code-workspaces.js +110 -0
package/lib/db/index.js +52 -0
package/lib/db/notifications.js +99 -0
package/lib/db/schema.js +66 -0
package/lib/db/update-check.js +96 -0
package/lib/db/users.js +89 -0
package/lib/paths.js +42 -0
package/lib/tools/create-job.js +97 -0
package/lib/tools/docker.js +146 -0
package/lib/tools/github.js +271 -0
package/lib/tools/openai.js +35 -0
package/lib/tools/telegram.js +292 -0
package/lib/triggers.js +104 -0
package/lib/utils/render-md.js +111 -0
package/package.json +118 -0
package/setup/lib/auth.mjs +81 -0
package/setup/lib/env.mjs +21 -0
package/setup/lib/fs-utils.mjs +20 -0
package/setup/lib/github.mjs +149 -0
package/setup/lib/prerequisites.mjs +155 -0
package/setup/lib/prompts.mjs +267 -0
package/setup/lib/providers.mjs +105 -0
package/setup/lib/sync.mjs +125 -0
package/setup/lib/targets.mjs +45 -0
package/setup/lib/telegram-verify.mjs +63 -0
package/setup/lib/telegram.mjs +76 -0
package/setup/setup-cloud.mjs +833 -0
package/setup/setup-local.mjs +377 -0
package/setup/setup-telegram.mjs +265 -0
package/setup/setup.mjs +87 -0
package/templates/.dockerignore +5 -0
package/templates/.env.example +104 -0
package/templates/.github/workflows/auto-merge.yml +117 -0
package/templates/.github/workflows/notify-job-failed.yml +64 -0
package/templates/.github/workflows/notify-pr-complete.yml +119 -0
package/templates/.github/workflows/rebuild-event-handler.yml +121 -0
package/templates/.github/workflows/run-job.yml +89 -0
package/templates/.github/workflows/upgrade-event-handler.yml +62 -0
package/templates/.gitignore.template +45 -0
package/templates/.pi/extensions/env-sanitizer/index.ts +48 -0
package/templates/.pi/extensions/env-sanitizer/package.json +5 -0
package/templates/CLAUDE.md +29 -0
package/templates/CLAUDE.md.template +308 -0
package/templates/app/api/[...gigaclaw]/route.js +1 -0
package/templates/app/api/auth/[...nextauth]/route.js +1 -0
package/templates/app/chat/[chatId]/page.js +9 -0
package/templates/app/chats/page.js +7 -0
package/templates/app/code/[codeWorkspaceId]/page.js +9 -0
package/templates/app/components/ascii-logo.jsx +12 -0
package/templates/app/components/login-form.jsx +92 -0
package/templates/app/components/setup-form.jsx +82 -0
package/templates/app/components/theme-provider.jsx +11 -0
package/templates/app/components/theme-toggle.jsx +38 -0
package/templates/app/components/ui/button.jsx +21 -0
package/templates/app/components/ui/card.jsx +23 -0
package/templates/app/components/ui/input.jsx +10 -0
package/templates/app/components/ui/label.jsx +10 -0
package/templates/app/crons/page.js +5 -0
package/templates/app/globals.css +90 -0
package/templates/app/layout.js +33 -0
package/templates/app/login/page.js +15 -0
package/templates/app/notifications/page.js +7 -0
package/templates/app/page.js +7 -0
package/templates/app/pull-requests/page.js +7 -0
package/templates/app/settings/crons/page.js +5 -0
package/templates/app/settings/layout.js +7 -0
package/templates/app/settings/page.js +5 -0
package/templates/app/settings/secrets/page.js +5 -0
package/templates/app/settings/triggers/page.js +5 -0
package/templates/app/stream/chat/route.js +1 -0
package/templates/app/swarm/page.js +7 -0
package/templates/app/triggers/page.js +5 -0
package/templates/config/CODE_PLANNING.md +14 -0
package/templates/config/CRONS.json +56 -0
package/templates/config/HEARTBEAT.md +3 -0
package/templates/config/JOB_AGENT.md +30 -0
package/templates/config/JOB_PLANNING.md +240 -0
package/templates/config/JOB_SUMMARY.md +130 -0
package/templates/config/SKILL_BUILDING_GUIDE.md +96 -0
package/templates/config/SOUL.md +48 -0
package/templates/config/TRIGGERS.json +58 -0
package/templates/config/WEB_SEARCH_AVAILABLE.md +5 -0
package/templates/config/WEB_SEARCH_UNAVAILABLE.md +3 -0
package/templates/docker/claude-code-job/Dockerfile +34 -0
package/templates/docker/claude-code-job/entrypoint.sh +149 -0
package/templates/docker/claude-code-workspace/.tmux.conf +5 -0
package/templates/docker/claude-code-workspace/Dockerfile +61 -0
package/templates/docker/claude-code-workspace/entrypoint.sh +51 -0
package/templates/docker/event-handler/Dockerfile +20 -0
package/templates/docker/event-handler/ecosystem.config.cjs +7 -0
package/templates/docker/pi-coding-agent-job/Dockerfile +51 -0
package/templates/docker/pi-coding-agent-job/entrypoint.sh +164 -0
package/templates/docker-compose.local.yml +78 -0
package/templates/docker-compose.yml +64 -0
package/templates/instrumentation.js +6 -0
package/templates/middleware.js +23 -0
package/templates/next.config.mjs +3 -0
package/templates/postcss.config.mjs +5 -0
package/templates/public/favicon.ico +0 -0
package/templates/server.js +25 -0
package/templates/skills/LICENSE +21 -0
package/templates/skills/README.md +119 -0
package/templates/skills/brave-search/SKILL.md +79 -0
package/templates/skills/brave-search/content.js +86 -0
package/templates/skills/brave-search/package-lock.json +621 -0
package/templates/skills/brave-search/package.json +14 -0
package/templates/skills/brave-search/search.js +199 -0
package/templates/skills/browser-tools/SKILL.md +196 -0
package/templates/skills/browser-tools/browser-content.js +103 -0
package/templates/skills/browser-tools/browser-cookies.js +35 -0
package/templates/skills/browser-tools/browser-eval.js +53 -0
package/templates/skills/browser-tools/browser-hn-scraper.js +108 -0
package/templates/skills/browser-tools/browser-nav.js +44 -0
package/templates/skills/browser-tools/browser-pick.js +162 -0
package/templates/skills/browser-tools/browser-screenshot.js +34 -0
package/templates/skills/browser-tools/browser-start.js +87 -0
package/templates/skills/browser-tools/package-lock.json +2556 -0
package/templates/skills/browser-tools/package.json +19 -0
package/templates/skills/google-docs/SKILL.md +23 -0
package/templates/skills/google-docs/create.sh +69 -0
package/templates/skills/google-drive/SKILL.md +47 -0
package/templates/skills/google-drive/delete.sh +47 -0
package/templates/skills/google-drive/download.sh +50 -0
package/templates/skills/google-drive/list.sh +41 -0
package/templates/skills/google-drive/upload.sh +76 -0
package/templates/skills/kie-ai/SKILL.md +38 -0
package/templates/skills/kie-ai/generate-image.sh +77 -0
package/templates/skills/kie-ai/generate-video.sh +69 -0
package/templates/skills/llm-secrets/SKILL.md +34 -0
package/templates/skills/llm-secrets/llm-secrets.js +33 -0
package/templates/skills/modify-self/SKILL.md +12 -0
package/templates/skills/youtube-transcript/SKILL.md +41 -0
package/templates/skills/youtube-transcript/package-lock.json +24 -0
package/templates/skills/youtube-transcript/package.json +8 -0
package/templates/skills/youtube-transcript/transcript.js +84 -0

package/setup/setup.mjs ADDED Viewed

@@ -0,0 +1,87 @@
+#!/usr/bin/env node
+/**
+ * TTY Guard — second line of defence against curl|bash stdin hijacking.
+ *
+ * When `npm run setup` is invoked from a script whose stdin is a pipe
+ * (e.g. curl | bash), process.stdin.isTTY is undefined and @clack/prompts
+ * exits immediately on the first keypress event (which is EOF).
+ *
+ * If /dev/tty is accessible we re-open it and reassign process.stdin so
+ * that @clack/prompts gets a real terminal regardless of how this script
+ * was launched. The primary fix lives in install.sh (exec < /dev/tty),
+ * but this guard handles cases where setup.mjs is called directly without
+ * going through install.sh.
+ */
+import fs from 'fs';
+import { Readable } from 'stream';
+if (!process.stdin.isTTY) {
+  try {
+    const ttyFd = fs.openSync('/dev/tty', 'r+');
+    const ttyStream = new fs.ReadStream(null, { fd: ttyFd, autoClose: true });
+    // Monkey-patch the TTY flag so @clack/prompts enables raw mode
+    ttyStream.isTTY = true;
+    ttyStream.setRawMode = (mode) => {
+      try { fs.fstatSync(ttyFd); require('tty').ReadStream.prototype.setRawMode.call(ttyStream, mode); } catch (_) {}
+    };
+    process.stdin = ttyStream;
+  } catch (_) {
+    // /dev/tty not available (CI, Docker without TTY, etc.) — fall through;
+    // the prompts will still render but keyboard input may not work.
+    // In that case the user should run `npm run setup` directly in a terminal.
+  }
+}
+import chalk from 'chalk';
+import * as clack from '@clack/prompts';
+const logo = `
+   _______             ____        __
+  / ____(_)___ _____ _/ __ )____  / /_
+ / / __/ / __ \`/ __ \`/ __  / __ \\/ __/
+/ /_/ / / /_/ / /_/ / /_/ / /_/ / /_
+\\____/_/\\__, /\\__,_/_____/\\____/\\__/
+        /____/
+  India's Autonomous AI Agent · Powered by Gignaati
+`;
+async function main() {
+  console.log(chalk.cyan(logo));
+  clack.intro('GigaBot Setup Wizard');
+  const mode = await clack.select({
+    message: 'How do you want to run GigaBot?',
+    options: [
+      {
+        value: 'cloud',
+        label: 'Cloud Mode',
+        hint: 'GitHub + ngrok + Telegram — full features, internet required',
+      },
+      {
+        value: 'local',
+        label: 'Local Mode',
+        hint: 'Ollama only — 100% offline, no Telegram or GitHub needed',
+      },
+    ],
+  });
+  if (clack.isCancel(mode)) {
+    clack.cancel('Setup cancelled.');
+    process.exit(0);
+  }
+  if (mode === 'cloud') {
+    const { run } = await import('./setup-cloud.mjs');
+    await run();
+  } else {
+    const { run } = await import('./setup-local.mjs');
+    await run();
+  }
+}
+main().catch((error) => {
+  clack.log.error(`Setup failed: ${error.message}`);
+  process.exit(1);
+});

package/templates/.dockerignore ADDED Viewed

@@ -0,0 +1,5 @@
+node_modules
+.env
+data/
+logs/
+.git

package/templates/.env.example ADDED Viewed

@@ -0,0 +1,104 @@
+# ============================================================
+# Giga Bot Configuration — Powered by Gignaati
+# ============================================================
+# Copy this file to .env and fill in your values.
+# NEVER commit the actual .env file with real secrets!
+# Run the setup wizard to auto-fill most of these:
+#   npx gigabot setup
+# ============================================================
+# ─── Authentication ──────────────────────────────────────────
+# Auth.js secret for session encryption (auto-generated by setup wizard)
+# To generate manually: openssl rand -base64 32
+AUTH_SECRET=
+AUTH_TRUST_HOST=true
+# ─── App URL ─────────────────────────────────────────────────
+# Public URL for webhooks, Telegram, and Traefik hostname
+# e.g., https://mybot.example.com or https://abc123.ngrok.io
+APP_URL=
+APP_HOSTNAME=
+# ─── GitHub ──────────────────────────────────────────────────
+# GitHub Personal Access Token (needs repo + workflow scopes)
+# Create at: https://github.com/settings/tokens/new
+GH_TOKEN=ghp_your_token_here
+GH_OWNER=your_github_username
+GH_REPO=your_repo_name
+GH_WEBHOOK_SECRET=
+# ─── Telegram (Optional) ─────────────────────────────────────
+# Bot token from @BotFather
+TELEGRAM_BOT_TOKEN=
+# Secret for validating Telegram webhooks: openssl rand -hex 32
+TELEGRAM_WEBHOOK_SECRET=
+# Verification code for getting your chat ID
+TELEGRAM_VERIFICATION=
+# Default Telegram chat ID for scheduled notifications
+TELEGRAM_CHAT_ID=
+# ─── LLM Provider ────────────────────────────────────────────
+# Choose your AI provider. Options:
+#   anthropic   — Claude (Anthropic)         [default]
+#   openai      — GPT (OpenAI)
+#   google      — Gemini (Google)
+#   pragatigpt  — PragatiGPT (Gignaati — India-first, 100% data privacy)
+#   ollama      — Ollama (Local — zero cloud dependency)
+#   custom      — Any OpenAI-compatible API endpoint
+LLM_PROVIDER=anthropic
+# Model name override (optional — uses provider default if not set)
+# LLM_MODEL=
+# Max tokens for LLM responses (default: 4096)
+# LLM_MAX_TOKENS=4096
+# ─── Anthropic (Claude) ──────────────────────────────────────
+# Required when LLM_PROVIDER=anthropic
+# Get your key at: https://platform.claude.com/settings/keys
+ANTHROPIC_API_KEY=sk-ant-your_key_here
+# ─── OpenAI (GPT) ────────────────────────────────────────────
+# Required when LLM_PROVIDER=openai
+# Also used for Whisper voice transcription (optional)
+# Get your key at: https://platform.openai.com/settings/organization/api-keys
+OPENAI_API_KEY=
+# Optional: Override OpenAI base URL for custom endpoints
+# OPENAI_BASE_URL=
+# ─── Google (Gemini) ─────────────────────────────────────────
+# Required when LLM_PROVIDER=google
+# Get your key at: https://aistudio.google.com/apikey
+GOOGLE_API_KEY=
+# ─── PragatiGPT (Gignaati — India-first) ─────────────────────
+# Required when LLM_PROVIDER=pragatigpt
+# India's indigenous SLM — 100% data privacy, no foreign cloud dependency
+# Get your key at: https://www.gignaati.com/pragatigpt
+PRAGATIGPT_API_KEY=
+# Optional: Override PragatiGPT base URL (for on-premise deployment)
+# PRAGATIGPT_BASE_URL=https://api.pragatigpt.in/v1
+# ─── Ollama (Local — Zero Cloud) ─────────────────────────────
+# Required when LLM_PROVIDER=ollama
+# Install Ollama at: https://ollama.com
+# Then pull a model: ollama pull llama3.2
+# Optional: Override Ollama server URL (default: http://localhost:11434)
+# OLLAMA_BASE_URL=http://localhost:11434
+# ─── Custom OpenAI-Compatible API ────────────────────────────
+# Required when LLM_PROVIDER=custom
+# OPENAI_BASE_URL=http://localhost:11434/v1
+# CUSTOM_API_KEY=your_api_key_here
+# ─── Docker & Deployment ─────────────────────────────────────
+# Let's Encrypt email for automatic SSL (docker-compose only, optional)
+# LETSENCRYPT_EMAIL=
+# Giga Bot version — auto-set by postinstall, used by docker-compose for image tags
+# GIGABOT_VERSION=
+# Custom Docker images (optional, overrides the default gignaati/gigabot images)
+# EVENT_HANDLER_IMAGE_URL=
+# JOB_IMAGE_URL=

package/templates/.github/workflows/auto-merge.yml ADDED Viewed

@@ -0,0 +1,117 @@
+name: Auto-Merge Job PR
+on:
+  pull_request:
+    types: [opened]
+    branches: [main]
+jobs:
+  auto-merge:
+    runs-on: ${{ vars.RUNS_ON || 'ubuntu-latest' }}
+    if: startsWith(github.event.pull_request.head.ref, 'job/')
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Wait for merge check
+        id: merge-check
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          PR_NUMBER="${{ github.event.pull_request.number }}"
+          for i in $(seq 1 30); do
+            sleep 10
+            MERGEABLE=$(gh pr view "$PR_NUMBER" --repo "${{ github.repository }}" --json mergeable -q '.mergeable')
+            if [ "$MERGEABLE" != "" ] && [ "$MERGEABLE" != "UNKNOWN" ]; then
+              echo "mergeable=$MERGEABLE" >> "$GITHUB_OUTPUT"
+              echo "Mergeable: $MERGEABLE"
+              exit 0
+            fi
+            echo "Still computing... (attempt $i/30)"
+          done
+          echo "mergeable=UNKNOWN" >> "$GITHUB_OUTPUT"
+          echo "Timed out waiting for merge check"
+      - name: Check AUTO_MERGE setting
+        if: steps.merge-check.outputs.mergeable == 'MERGEABLE'
+        id: check-setting
+        run: |
+          AUTO_MERGE="${{ vars.AUTO_MERGE }}"
+          if [ "$AUTO_MERGE" = "false" ]; then
+            echo "Auto-merge disabled via AUTO_MERGE=false"
+            echo "enabled=false" >> "$GITHUB_OUTPUT"
+          else
+            echo "Auto-merge enabled"
+            echo "enabled=true" >> "$GITHUB_OUTPUT"
+          fi
+      - name: Check ALLOWED_PATHS
+        if: steps.merge-check.outputs.mergeable == 'MERGEABLE' && steps.check-setting.outputs.enabled == 'true'
+        id: check-paths
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          ALLOWED_PATHS="${{ vars.ALLOWED_PATHS }}"
+          PR_NUMBER="${{ github.event.pull_request.number }}"
+          # Default: only logs allowed
+          if [ -z "$ALLOWED_PATHS" ]; then
+            ALLOWED_PATHS="/logs"
+          fi
+          # Normalize: ensure each prefix starts with /
+          IFS=',' read -ra RAW_PREFIXES <<< "$ALLOWED_PATHS"
+          PREFIXES=()
+          for p in "${RAW_PREFIXES[@]}"; do
+            trimmed=$(echo "$p" | xargs)
+            [ -z "$trimmed" ] && continue
+            # Ensure leading /
+            [[ "$trimmed" != /* ]] && trimmed="/$trimmed"
+            PREFIXES+=("$trimmed")
+          done
+          # "/" means everything allowed
+          for p in "${PREFIXES[@]}"; do
+            if [ "$p" = "/" ]; then
+              echo "All paths allowed (ALLOWED_PATHS contains /)"
+              echo "allowed=true" >> "$GITHUB_OUTPUT"
+              exit 0
+            fi
+          done
+          # Get changed files
+          CHANGED_FILES=$(gh pr diff "$PR_NUMBER" --name-only --repo "${{ github.repository }}")
+          if [ -z "$CHANGED_FILES" ]; then
+            echo "No changed files"
+            echo "allowed=true" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+          # Check each file against prefixes
+          # Strip leading / from prefixes for comparison (git paths are relative)
+          ALL_OK=true
+          while IFS= read -r file; do
+            [ -z "$file" ] && continue
+            FILE_OK=false
+            for prefix in "${PREFIXES[@]}"; do
+              compare="${prefix#/}"
+              if [[ "$file" == "$compare"* ]]; then
+                FILE_OK=true
+                break
+              fi
+            done
+            if [ "$FILE_OK" = "false" ]; then
+              echo "BLOCKED: $file"
+              ALL_OK=false
+            fi
+          done <<< "$CHANGED_FILES"
+          echo "allowed=$ALL_OK" >> "$GITHUB_OUTPUT"
+      - name: Merge PR
+        if: steps.merge-check.outputs.mergeable == 'MERGEABLE' && steps.check-setting.outputs.enabled == 'true' && steps.check-paths.outputs.allowed == 'true'
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          gh pr merge ${{ github.event.pull_request.number }} --squash --delete-branch --repo "${{ github.repository }}"

package/templates/.github/workflows/notify-job-failed.yml ADDED Viewed

@@ -0,0 +1,64 @@
+name: Notify Job Failed
+on:
+  workflow_run:
+    workflows: ["Agent Job"]
+    types: [completed]
+jobs:
+  notify-failure:
+    runs-on: ${{ vars.RUNS_ON || 'ubuntu-latest' }}
+    if: >
+      github.event.workflow_run.conclusion != 'success' &&
+      startsWith(github.event.workflow_run.head_branch, 'job/')
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout job branch
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.workflow_run.head_branch }}
+      - name: Send failure notification
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          BRANCH="${{ github.event.workflow_run.head_branch }}"
+          JOB_ID="${BRANCH#job/}"
+          RUN_ID="${{ github.event.workflow_run.id }}"
+          RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${RUN_ID}"
+          # Read job description from job.config.json (exists on branch from job creation)
+          JOB_CONTENT=""
+          if [ -f "logs/${JOB_ID}/job.config.json" ]; then
+            JOB_CONTENT=$(jq -r '.job // empty' "logs/${JOB_ID}/job.config.json")
+          fi
+          COMMIT_SHA=$(git rev-parse HEAD)
+          STATUS="${{ github.event.workflow_run.conclusion }}"
+          jq -n \
+            --arg job_id "$JOB_ID" \
+            --arg branch "$BRANCH" \
+            --arg status "$STATUS" \
+            --arg job "$JOB_CONTENT" \
+            --arg run_url "$RUN_URL" \
+            --arg commit_sha "$COMMIT_SHA" \
+            '{
+              job_id: $job_id,
+              branch: $branch,
+              status: $status,
+              job: $job,
+              run_url: $run_url,
+              pr_url: "",
+              changed_files: [],
+              commit_message: "",
+              commit_sha: $commit_sha,
+              merge_result: ""
+            }' > /tmp/payload.json
+          curl -s -X POST "${{ vars.APP_URL }}/api/github/webhook" \
+            -H "Content-Type: application/json" \
+            -H "X-GitHub-Webhook-Secret-Token: ${{ secrets.GH_WEBHOOK_SECRET }}" \
+            -d @/tmp/payload.json

package/templates/.github/workflows/notify-pr-complete.yml ADDED Viewed

@@ -0,0 +1,119 @@
+name: Notify Event Handler
+on:
+  workflow_run:
+    workflows: ["Auto-Merge Job PR"]
+    types: [completed]
+jobs:
+  notify:
+    runs-on: ${{ vars.RUNS_ON || 'ubuntu-latest' }}
+    if: startsWith(github.event.workflow_run.head_branch, 'job/')
+    permissions:
+      contents: read
+      pull-requests: read
+    steps:
+      - name: Get PR number
+        id: pr
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          BRANCH="${{ github.event.workflow_run.head_branch }}"
+          # Try workflow_run.pull_requests first
+          PR_NUMBER=$(echo '${{ toJson(github.event.workflow_run.pull_requests) }}' | jq -r '.[0].number // empty')
+          # Fallback: look up PR by head branch
+          if [ -z "$PR_NUMBER" ]; then
+            PR_NUMBER=$(gh pr list --head "$BRANCH" --state all --repo "${{ github.repository }}" --json number -q '.[0].number')
+          fi
+          if [ -z "$PR_NUMBER" ]; then
+            echo "No PR found for branch $BRANCH"
+            exit 1
+          fi
+          PR_URL=$(gh pr view "$PR_NUMBER" --repo "${{ github.repository }}" --json url -q '.url')
+          echo "number=$PR_NUMBER" >> "$GITHUB_OUTPUT"
+          echo "url=$PR_URL" >> "$GITHUB_OUTPUT"
+          echo "Found PR #$PR_NUMBER"
+      - name: Checkout PR branch
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.workflow_run.head_sha }}
+      - name: Gather job results and notify
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          PR_NUMBER="${{ steps.pr.outputs.number }}"
+          BRANCH="${{ github.event.workflow_run.head_branch }}"
+          JOB_ID="${BRANCH#job/}"
+          RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.event.workflow_run.id }}"
+          # Check actual PR merge state
+          PR_MERGED=$(gh pr view "$PR_NUMBER" --repo "${{ github.repository }}" --json mergedAt -q '.mergedAt')
+          if [ -n "$PR_MERGED" ] && [ "$PR_MERGED" != "null" ]; then
+            MERGE_RESULT="merged"
+          else
+            MERGE_RESULT="not_merged"
+          fi
+          # 1. Read job description from job.config.json (on disk after checkout)
+          JOB_CONTENT=""
+          if [ -f "logs/${JOB_ID}/job.config.json" ]; then
+            JOB_CONTENT=$(jq -r '.job // empty' "logs/${JOB_ID}/job.config.json")
+          fi
+          # 2. Get last commit message via gh CLI
+          COMMIT_MSG=$(gh pr view "$PR_NUMBER" --json commits --jq '.commits[-1].messageHeadline' --repo "${{ github.repository }}" 2>/dev/null || echo "")
+          # 3. Get changed files (names only)
+          CHANGED_FILES=$(gh pr diff "$PR_NUMBER" --name-only --repo "${{ github.repository }}" 2>/dev/null || echo "")
+          # 4. Get PR status
+          PR_STATUS=$(gh pr view "$PR_NUMBER" --json state --jq '.state' --repo "${{ github.repository }}" 2>/dev/null || echo "open")
+          # 5. Commit SHA for server-side log fetching
+          COMMIT_SHA="${{ github.event.workflow_run.head_sha }}"
+          # Determine status based on merge result and PR state
+          if [ "$MERGE_RESULT" = "merged" ]; then
+            STATUS="completed"
+          else
+            STATUS="$PR_STATUS"
+          fi
+          # 6. Build flat JSON payload
+          jq -n \
+            --arg job_id "$JOB_ID" \
+            --arg branch "$BRANCH" \
+            --arg status "$STATUS" \
+            --arg job "$JOB_CONTENT" \
+            --arg run_url "$RUN_URL" \
+            --arg pr_url "${{ steps.pr.outputs.url }}" \
+            --arg commit_message "$COMMIT_MSG" \
+            --arg changed_files "$CHANGED_FILES" \
+            --arg commit_sha "$COMMIT_SHA" \
+            --arg merge_result "$MERGE_RESULT" \
+            '{
+              job_id: $job_id,
+              branch: $branch,
+              status: $status,
+              job: $job,
+              run_url: $run_url,
+              pr_url: $pr_url,
+              changed_files: ($changed_files | split("\n") | map(select(length > 0))),
+              commit_message: $commit_message,
+              commit_sha: $commit_sha,
+              merge_result: $merge_result
+            }' > /tmp/payload.json
+          # 7. Send to event handler
+          curl -s -X POST "${{ vars.APP_URL }}/api/github/webhook" \
+            -H "Content-Type: application/json" \
+            -H "X-GitHub-Webhook-Secret-Token: ${{ secrets.GH_WEBHOOK_SECRET }}" \
+            -d @/tmp/payload.json

package/templates/.github/workflows/rebuild-event-handler.yml ADDED Viewed

@@ -0,0 +1,121 @@
+name: Rebuild Event Handler
+on:
+  push:
+    branches: [main]
+concurrency:
+  group: event-handler-deploy
+  cancel-in-progress: false
+jobs:
+  deploy:
+    runs-on: self-hosted
+    timeout-minutes: 20
+    steps:
+      - name: Pull latest and detect version change
+        id: pull
+        run: |
+          docker exec gigaclaw-event-handler bash -c '
+            export GH_TOKEN=$(grep "^GH_TOKEN=" /app/.env | cut -d= -f2-)
+            echo "${GH_TOKEN}" | gh auth login --with-token
+            gh auth setup-git
+            git fetch origin main
+            CHANGED=$(git diff --name-only HEAD origin/main)
+            if ! echo "$CHANGED" | grep -qv "^logs/"; then
+              echo "SKIP" > /app/.rebuild-status
+              git reset --hard origin/main
+              exit 0
+            fi
+            # Detect gigaclaw version change from package-lock.json in git
+            git show HEAD:package-lock.json > /tmp/old-lock.json 2>/dev/null || echo "{}" > /tmp/old-lock.json
+            git show origin/main:package-lock.json > /tmp/new-lock.json
+            OLD_TPB=$(node -p "try{require(\"/tmp/old-lock.json\").packages[\"node_modules/gigaclaw\"]?.version||\"\"}catch(e){\"\"}")
+            NEW_TPB=$(node -p "try{require(\"/tmp/new-lock.json\").packages[\"node_modules/gigaclaw\"]?.version||\"\"}catch(e){\"\"}")
+            rm -f /tmp/old-lock.json /tmp/new-lock.json
+            git reset --hard origin/main
+            if [ -n "$OLD_TPB" ] && [ "$OLD_TPB" != "$NEW_TPB" ]; then
+              # Version changed — run gigaclaw init to scaffold new templates
+              if echo "$NEW_TPB" | grep -q "-"; then
+                npx --yes "gigaclaw@${NEW_TPB}" init
+              else
+                npx --yes gigaclaw@latest init
+              fi
+              # Commit any template changes from init
+              git add -A
+              if ! git diff --cached --quiet; then
+                git commit -m "chore: apply gigaclaw init after upgrade"
+                git push origin main
+              fi
+              # Update GIGACLAW_VERSION in .env so docker compose pulls the right image
+              if grep -q "^GIGACLAW_VERSION=" /app/.env; then
+                sed -i "s/^GIGACLAW_VERSION=.*/GIGACLAW_VERSION=$NEW_TPB/" /app/.env
+              else
+                echo "GIGACLAW_VERSION=$NEW_TPB" >> /app/.env
+              fi
+              echo "VERSION_CHANGED" > /app/.rebuild-status
+            else
+              npm install --omit=dev
+              echo "REBUILD" > /app/.rebuild-status
+            fi
+          '
+          STATUS=$(docker exec gigaclaw-event-handler cat /app/.rebuild-status)
+          docker exec gigaclaw-event-handler rm -f /app/.rebuild-status
+          echo "status=$STATUS" >> $GITHUB_OUTPUT
+      - name: Rebuild (no version change)
+        if: steps.pull.outputs.status == 'REBUILD'
+        run: |
+          docker exec gigaclaw-event-handler bash -c '
+            rm -rf .next-new .next-old
+            NEXT_BUILD_DIR=.next-new npm run build
+            mv .next .next-old 2>/dev/null || true
+            mv .next-new .next
+            echo "Rebuild complete, reloading Next.js..."
+            npx pm2 reload all
+            rm -rf .next-old
+          '
+      - name: Pull new image and restart container
+        if: steps.pull.outputs.status == 'VERSION_CHANGED'
+        run: |
+          HOST_DIR=$(docker inspect gigaclaw-event-handler --format '{{index .Config.Labels "com.docker.compose.project.working_dir"}}')
+          docker compose -f /project/docker-compose.yml --project-directory "$HOST_DIR" --env-file /project/.env pull event-handler
+          docker stop gigaclaw-event-handler || true
+          docker rm gigaclaw-event-handler || true
+          docker compose -f /project/docker-compose.yml --project-directory "$HOST_DIR" --env-file /project/.env up -d event-handler
+      - name: Rebuild in new container
+        if: steps.pull.outputs.status == 'VERSION_CHANGED'
+        run: |
+          echo "Waiting for new container..."
+          for i in $(seq 1 30); do
+            if docker exec gigaclaw-event-handler echo "ready" 2>/dev/null; then
+              break
+            fi
+            sleep 2
+          done
+          docker exec gigaclaw-event-handler bash -c '
+            npm install --omit=dev
+            rm -rf .next-new .next-old
+            NEXT_BUILD_DIR=.next-new npm run build
+            mv .next .next-old 2>/dev/null || true
+            mv .next-new .next
+            npx pm2 restart all
+            rm -rf .next-old
+          '