hajimi-claw 0.1.0

package/Cargo.toml

@@ -0,0 +1,57 @@
+[workspace]
+members = [
+    ".",
+    "crates/hajimi-claw-agent",
+    "crates/hajimi-claw-bot",
+    "crates/hajimi-claw-daemon",
+    "crates/hajimi-claw-exec",
+    "crates/hajimi-claw-gateway",
+    "crates/hajimi-claw-llm",
+    "crates/hajimi-claw-policy",
+    "crates/hajimi-claw-store",
+    "crates/hajimi-claw-tools",
+    "crates/hajimi-claw-types",
+]
+resolver = "2"
+
+[workspace.package]
+version = "0.1.0"
+edition = "2024"
+license = "MIT"
+authors = ["OpenAI Codex"]
+
+[workspace.dependencies]
+aes-gcm = "0.10"
+anyhow = "1.0"
+async-stream = "0.3"
+async-trait = "0.1"
+base64 = "0.22"
+chrono = { version = "0.4", features = ["serde"] }
+futures = "0.3"
+regex = "1.11"
+reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls", "stream"] }
+rusqlite = { version = "0.32", features = ["bundled", "chrono"] }
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+sha2 = "0.10"
+tempfile = "3.13"
+thiserror = "2.0"
+tokio = { version = "1.39", features = ["fs", "io-util", "macros", "process", "rt-multi-thread", "signal", "sync", "time"] }
+tokio-stream = "0.1"
+toml = "0.8"
+tracing = "0.1"
+tracing-subscriber = { version = "0.3", features = ["env-filter", "fmt"] }
+uuid = { version = "1.10", features = ["serde", "v4"] }
+windows = { version = "0.58", features = ["Win32_Foundation", "Win32_Security", "Win32_System_JobObjects", "Win32_System_Threading"] }
+
+[package]
+name = "hajimi-claw"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+authors.workspace = true
+
+[dependencies]
+anyhow.workspace = true
+hajimi-claw-daemon = { path = "crates/hajimi-claw-daemon" }
+tokio.workspace = true

package/README.md

@@ -0,0 +1,73 @@
+# hajimi-claw
+
+Single-user Telegram-first ops agent in Rust.
+
+## Current scope
+
+- Telegram channel -> gateway -> runtime command flow
+- Telegram long polling command surface
+- Single active task gate
+- Structured tools for file access, Docker, and systemd
+- Guarded local command execution with approvals and short-lived elevated lease
+- SQLite audit/task/session persistence
+- Windows-safe execution mode with allowlist checks and Job Object cleanup
+- Telegram onboarding flow for custom providers and chat-level provider binding
+
+## Running
+
+1. Copy `config.example.toml` to `config.toml`.
+2. Fill in the Telegram bot token and admin ids.
+3. Set the provider secret key env var before starting:
+   `set HAJIMI_CLAW_MASTER_KEY=replace-me-with-a-long-random-string`
+4. Optional: fill in the `llm` section to bootstrap a default provider on first start.
+5. Run `cargo run`.
+6. In Telegram, use `/onboard` to add or switch providers interactively.
+
+Set `HAJIMI_CLAW_CONFIG` if you want to load a different config path.
+
+## Install
+
+### Windows
+
+- Build and install to a user directory in `PATH`:
+  `powershell -ExecutionPolicy Bypass -File .\scripts\install.ps1`
+- System-wide install:
+  `powershell -ExecutionPolicy Bypass -File .\scripts\install.ps1 -System`
+
+The installer copies `hajimi-claw.exe` and `config.example.toml`, and updates `PATH`.
+
+### Linux
+
+- User install:
+  `sh ./scripts/install.sh`
+- System-wide install:
+  `sudo sh ./scripts/install.sh --system`
+- System-wide install with systemd unit:
+  `sudo sh ./scripts/install.sh --system --install-service`
+
+The Linux installer copies the binary to `PREFIX/bin` and `config.example.toml` to `PREFIX/share/hajimi-claw`.
+
+### npm
+
+- Global install from the package:
+  `npm install -g hajimi-claw`
+- Global install from the repo:
+  `npm install -g .`
+
+The npm package builds the Rust binary locally during `postinstall`, so `cargo` must already be installed on the target machine.
+
+## Telegram commands
+
+- `/onboard`
+- `/onboard cancel`
+- `/provider list`
+- `/provider current`
+- `/provider use <id>`
+- `/provider bind <id>`
+- `/provider test [id]`
+- `/provider models [id]`
+- `/ask <text>`
+- `/shell open [name]`
+- `/shell exec <cmd>`
+- `/shell close`
+- `/status`

package/bin/hajimi-claw.js

@@ -0,0 +1,28 @@
+#!/usr/bin/env node
+
+const fs = require("fs");
+const path = require("path");
+const { spawn } = require("child_process");
+
+const root = path.resolve(__dirname, "..");
+const binaryName = process.platform === "win32" ? "hajimi-claw.exe" : "hajimi-claw";
+const binaryPath = path.join(root, "npm-dist", binaryName);
+
+if (!fs.existsSync(binaryPath)) {
+  console.error(
+    "hajimi-claw binary is not installed. Reinstall the npm package or run `npm rebuild hajimi-claw`."
+  );
+  process.exit(1);
+}
+
+const child = spawn(binaryPath, process.argv.slice(2), {
+  stdio: "inherit",
+});
+
+child.on("exit", (code, signal) => {
+  if (signal) {
+    process.kill(process.pid, signal);
+    return;
+  }
+  process.exit(code ?? 0);
+});

package/config.example.toml

@@ -0,0 +1,32 @@
+[telegram]
+bot_token = "123456:replace-me"
+poll_timeout_secs = 30
+
+[llm]
+# Optional bootstrap provider written into SQLite on first start.
+base_url = "https://api.openai.com/v1"
+api_key = "replace-me"
+model = "gpt-4.1-mini"
+static_fallback_response = "LLM backend not configured."
+
+[storage]
+sqlite_path = "./data/hajimi-claw.sqlite3"
+
+[security]
+# Required at runtime. Set the environment variable before starting hajimi-claw.
+master_key_env = "HAJIMI_CLAW_MASTER_KEY"
+
+[execution]
+mode = "auto"
+
+[policy]
+admin_user_id = 123456789
+admin_chat_id = 123456789
+allowed_workdirs = ["./", "./data", "C:/temp"]
+writable_workdirs = ["./data", "C:/temp"]
+windows_safe_allowlist = ["cmd", "cmd.exe", "powershell", "powershell.exe", "pwsh", "pwsh.exe", "docker", "docker.exe", "systemctl"]
+guarded_patterns = ["\\b(systemctl|docker)\\s+(restart|stop|rm)\\b", "\\b(chmod|chown|mv|cp)\\b"]
+dangerous_patterns = ["\\b(rm|del)\\s+(-rf|/s|/q|/f)\\b", "\\b(sudo|su|passwd|shutdown|reboot)\\b", ">\\s*/", "format\\s+"]
+max_timeout_secs = 120
+max_output_bytes = 32768
+session_idle_timeout_secs = 1800

package/crates/hajimi-claw-agent/Cargo.toml

@@ -0,0 +1,25 @@
+[package]
+name = "hajimi-claw-agent"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+authors.workspace = true
+
+[dependencies]
+anyhow.workspace = true
+chrono.workspace = true
+futures.workspace = true
+serde_json.workspace = true
+tokio.workspace = true
+tracing.workspace = true
+hajimi-claw-llm = { path = "../hajimi-claw-llm" }
+hajimi-claw-policy = { path = "../hajimi-claw-policy" }
+hajimi-claw-store = { path = "../hajimi-claw-store" }
+hajimi-claw-tools = { path = "../hajimi-claw-tools" }
+hajimi-claw-types = { path = "../hajimi-claw-types" }
+uuid.workspace = true
+
+[dev-dependencies]
+anyhow.workspace = true
+hajimi-claw-exec = { path = "../hajimi-claw-exec" }
+tempfile.workspace = true

package/crates/hajimi-claw-agent/src/lib.rs

@@ -0,0 +1,351 @@
+use std::path::PathBuf;
+use std::sync::Arc;
+
+use chrono::Utc;
+use futures::TryStreamExt;
+use hajimi_claw_llm::StaticBackend;
+use hajimi_claw_policy::PolicyEngine;
+use hajimi_claw_store::Store;
+use hajimi_claw_tools::ToolRegistry;
+use hajimi_claw_types::{
+    AgentRequest, ApprovalId, ClawError, ClawResult, ConversationId, ConversationMessage,
+    LlmBackend, MessageRole, PolicyMode, TaskId, TaskKind, TaskStatus, ToolContext,
+};
+use serde_json::json;
+use tokio::sync::Semaphore;
+
+pub struct AgentRuntime {
+    llm: Arc<dyn LlmBackend>,
+    tools: Arc<ToolRegistry>,
+    store: Arc<Store>,
+    policy: Arc<PolicyEngine>,
+    task_gate: Arc<Semaphore>,
+}
+
+#[derive(Debug, Clone)]
+pub struct ShellOpenReply {
+    pub session_id: String,
+    pub message: String,
+}
+
+impl AgentRuntime {
+    pub fn new(
+        llm: Arc<dyn LlmBackend>,
+        tools: Arc<ToolRegistry>,
+        store: Arc<Store>,
+        policy: Arc<PolicyEngine>,
+    ) -> Self {
+        Self {
+            llm,
+            tools,
+            store,
+            policy,
+            task_gate: Arc::new(Semaphore::new(1)),
+        }
+    }
+
+    pub fn for_tests(
+        tools: Arc<ToolRegistry>,
+        store: Arc<Store>,
+        policy: Arc<PolicyEngine>,
+    ) -> Self {
+        Self::new(
+            Arc::new(StaticBackend::new("fallback")),
+            tools,
+            store,
+            policy,
+        )
+    }
+
+    pub async fn ask(&self, prompt: &str, cwd: Option<PathBuf>) -> ClawResult<String> {
+        self.ask_with_provider(prompt, cwd, None).await
+    }
+
+    pub async fn ask_with_provider(
+        &self,
+        prompt: &str,
+        cwd: Option<PathBuf>,
+        provider_id: Option<String>,
+    ) -> ClawResult<String> {
+        let _permit = self
+            .task_gate
+            .acquire()
+            .await
+            .map_err(|_| ClawError::Backend("task gate closed".into()))?;
+
+        let task_id = TaskId::new();
+        let conversation_id = ConversationId::new();
+        let mut status = TaskStatus {
+            id: task_id,
+            kind: TaskKind::EphemeralAgentTask,
+            description: prompt.into(),
+            queued_at: Utc::now(),
+            started_at: Some(Utc::now()),
+            finished_at: None,
+            running: true,
+        };
+        self.store.upsert_task(&status).map_err(store_error)?;
+
+        self.store
+            .save_message(
+                conversation_id,
+                &ConversationMessage {
+                    role: MessageRole::User,
+                    content: prompt.into(),
+                    created_at: Utc::now(),
+                },
+            )
+            .map_err(store_error)?;
+
+        let result = if let Some((tool, input)) = select_tool(prompt) {
+            self.tools
+                .call(
+                    tool,
+                    ToolContext {
+                        conversation_id,
+                        working_directory: cwd,
+                        elevated: self.policy.is_elevated(),
+                    },
+                    input,
+                )
+                .await
+                .map(|output| output.content)
+        } else {
+            self.run_llm(conversation_id, prompt, provider_id).await
+        };
+
+        status.running = false;
+        status.finished_at = Some(Utc::now());
+        self.store.upsert_task(&status).map_err(store_error)?;
+
+        if let Ok(content) = &result {
+            self.store
+                .save_message(
+                    conversation_id,
+                    &ConversationMessage {
+                        role: MessageRole::Assistant,
+                        content: content.clone(),
+                        created_at: Utc::now(),
+                    },
+                )
+                .map_err(store_error)?;
+        }
+
+        result
+    }
+
+    pub async fn shell_open(
+        &self,
+        name: Option<String>,
+        cwd: Option<PathBuf>,
+    ) -> ClawResult<ShellOpenReply> {
+        let output = self
+            .tools
+            .call(
+                "session_open",
+                ToolContext {
+                    conversation_id: ConversationId::new(),
+                    working_directory: cwd,
+                    elevated: self.policy.is_elevated(),
+                },
+                json!({ "name": name }),
+            )
+            .await?;
+        let session_id = output
+            .structured
+            .as_ref()
+            .and_then(|value| value.get("session_id"))
+            .and_then(|value| value.as_str())
+            .ok_or_else(|| ClawError::Backend("session_open did not return session_id".into()))?;
+        Ok(ShellOpenReply {
+            session_id: session_id.to_string(),
+            message: output.content,
+        })
+    }
+
+    pub async fn shell_exec(&self, session_id: &str, command: &str) -> ClawResult<String> {
+        self.tools
+            .call(
+                "session_exec",
+                ToolContext {
+                    conversation_id: ConversationId::new(),
+                    working_directory: None,
+                    elevated: self.policy.is_elevated(),
+                },
+                json!({ "session_id": session_id, "command": command }),
+            )
+            .await
+            .map(|output| output.content)
+    }
+
+    pub async fn shell_close(&self, session_id: &str) -> ClawResult<String> {
+        self.tools
+            .call(
+                "session_close",
+                ToolContext {
+                    conversation_id: ConversationId::new(),
+                    working_directory: None,
+                    elevated: self.policy.is_elevated(),
+                },
+                json!({ "session_id": session_id }),
+            )
+            .await
+            .map(|output| output.content)
+    }
+
+    pub fn request_elevated(&self, minutes: i64, reason: String) -> String {
+        let approval = self.policy.request_elevation(minutes, reason.clone());
+        let _ = self.store.save_approval(&approval, None);
+        format!(
+            "approval required: {} [{}], expires at {}",
+            reason, approval.request_id, approval.expires_at
+        )
+    }
+
+    pub fn approve(&self, request_id: &str) -> ClawResult<String> {
+        let approval_id = ApprovalId(
+            uuid::Uuid::parse_str(request_id)
+                .map_err(|err| ClawError::InvalidRequest(err.to_string()))?,
+        );
+        let approval = self
+            .policy
+            .approve(approval_id)
+            .ok_or_else(|| ClawError::NotFound(format!("approval not found: {request_id}")))?;
+        let _ = self.store.save_approval(&approval, Some(true));
+        Ok(format!(
+            "approved {} ({})",
+            approval.command_preview, approval.request_id
+        ))
+    }
+
+    pub fn stop_elevated(&self) -> String {
+        self.policy.stop_elevation();
+        "elevated lease stopped".into()
+    }
+
+    pub fn status(&self) -> ClawResult<String> {
+        let tasks = self.store.list_tasks().map_err(store_error)?;
+        let task_lines = if tasks.is_empty() {
+            "no tasks".into()
+        } else {
+            tasks
+                .into_iter()
+                .take(5)
+                .map(|task| {
+                    format!(
+                        "{} [{}] running={} queued_at={}",
+                        task.id, task.description, task.running, task.queued_at
+                    )
+                })
+                .collect::<Vec<_>>()
+                .join("\n")
+        };
+        let mode = match self.policy.current_mode() {
+            PolicyMode::Normal => "normal",
+            PolicyMode::ApprovalPending => "approval_pending",
+            PolicyMode::ElevatedLease => "elevated",
+        };
+        Ok(format!("policy_mode={mode}\n{task_lines}"))
+    }
+
+    async fn run_llm(
+        &self,
+        conversation_id: ConversationId,
+        prompt: &str,
+        provider_id: Option<String>,
+    ) -> ClawResult<String> {
+        let stream = self
+            .llm
+            .respond(AgentRequest {
+                conversation_id,
+                provider_id,
+                system_prompt: "You are hajimi-claw, a narrow single-user operations agent. Prefer concise, actionable answers. Use tools when possible.".into(),
+                messages: vec![ConversationMessage {
+                    role: MessageRole::User,
+                    content: prompt.into(),
+                    created_at: Utc::now(),
+                }],
+                tool_specs: self.tools.specs(),
+            })
+            .await?;
+
+        let events = stream.try_collect::<Vec<_>>().await?;
+        let content = events
+            .into_iter()
+            .filter_map(|event| match event {
+                hajimi_claw_types::AgentEvent::TextDelta(delta) => Some(delta),
+                _ => None,
+            })
+            .collect::<String>();
+        Ok(content)
+    }
+}
+
+fn store_error(err: anyhow::Error) -> ClawError {
+    ClawError::Backend(err.to_string())
+}
+
+fn select_tool(prompt: &str) -> Option<(&'static str, serde_json::Value)> {
+    let trimmed = prompt.trim();
+
+    if trimmed.eq_ignore_ascii_case("docker ps") {
+        return Some(("docker_ps", json!({})));
+    }
+    if let Some(service) = trimmed.strip_prefix("systemctl status ") {
+        return Some(("systemd_status", json!({ "service": service.trim() })));
+    }
+    if let Some(service) = trimmed.strip_prefix("systemctl restart ") {
+        return Some(("systemd_restart", json!({ "service": service.trim() })));
+    }
+    if let Some(container) = trimmed.strip_prefix("docker logs ") {
+        return Some(("docker_logs", json!({ "container": container.trim() })));
+    }
+    if let Some(container) = trimmed.strip_prefix("docker restart ") {
+        return Some(("docker_restart", json!({ "container": container.trim() })));
+    }
+    if let Some(path) = trimmed.strip_prefix("read ") {
+        return Some(("read_file", json!({ "path": path.trim() })));
+    }
+    None
+}
+
+#[cfg(test)]
+mod tests {
+    use std::sync::Arc;
+
+    use anyhow::Result;
+    use hajimi_claw_exec::{LocalExecutor, PlatformMode};
+    use hajimi_claw_policy::{PolicyConfig, PolicyEngine};
+    use hajimi_claw_store::Store;
+    use tempfile::tempdir;
+
+    use super::AgentRuntime;
+
+    #[tokio::test]
+    async fn routes_file_read_without_llm() -> Result<()> {
+        let dir = tempdir()?;
+        let path = dir.path().join("notes.txt");
+        tokio::fs::write(&path, "hello from tool").await?;
+
+        let mut config = PolicyConfig::default();
+        config.allowed_workdirs = vec![dir.path().to_path_buf()];
+        let policy = Arc::new(PolicyEngine::new(config));
+        let executor = Arc::new(LocalExecutor::new(
+            policy.clone(),
+            PlatformMode::WindowsSafe,
+        ));
+        let tools = Arc::new(hajimi_claw_tools::ToolRegistry::default(
+            executor,
+            policy.clone(),
+        ));
+        let store = Arc::new(Store::open_in_memory()?);
+        let agent = AgentRuntime::for_tests(tools, store, policy);
+
+        let response = agent
+            .ask(&format!("read {}", path.display()), None)
+            .await
+            .expect("agent response");
+        assert_eq!(response, "hello from tool");
+        Ok(())
+    }
+}

package/crates/hajimi-claw-bot/Cargo.toml

@@ -0,0 +1,18 @@
+[package]
+name = "hajimi-claw-bot"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+authors.workspace = true
+
+[dependencies]
+anyhow.workspace = true
+chrono.workspace = true
+hajimi-claw-gateway = { path = "../hajimi-claw-gateway" }
+reqwest.workspace = true
+serde.workspace = true
+serde_json.workspace = true
+tokio.workspace = true
+tracing.workspace = true
+hajimi-claw-store = { path = "../hajimi-claw-store" }
+hajimi-claw-types = { path = "../hajimi-claw-types" }