hajimi-claw 0.1.0

package/crates/hajimi-claw-bot/src/lib.rs

@@ -0,0 +1,305 @@
+use std::sync::Arc;
+
+use anyhow::{Context, Result};
+use hajimi_claw_gateway::{
+    Gateway, GatewayRequest, InlineKeyboard, SessionDirective, parse_gateway_command,
+};
+use serde::Deserialize;
+use tokio::sync::Mutex;
+use tracing::{error, info, warn};
+
+#[derive(Debug, Clone)]
+pub struct TelegramConfig {
+    pub token: String,
+    pub poll_timeout_secs: u64,
+    pub admin_user_id: i64,
+    pub admin_chat_id: i64,
+}
+
+pub struct TelegramBot {
+    client: reqwest::Client,
+    config: TelegramConfig,
+    gateway: Arc<dyn Gateway>,
+    current_session: Mutex<Option<String>>,
+}
+
+impl TelegramBot {
+    pub fn new(config: TelegramConfig, gateway: Arc<dyn Gateway>) -> Self {
+        Self {
+            client: reqwest::Client::new(),
+            config,
+            gateway,
+            current_session: Mutex::new(None),
+        }
+    }
+
+    pub async fn run(&self) -> Result<()> {
+        let mut offset = 0_i64;
+        loop {
+            match self.get_updates(offset).await {
+                Ok(updates) => {
+                    for update in updates {
+                        offset = update.update_id + 1;
+                        if let Err(err) = self.handle_update(update).await {
+                            error!(error = %err, "failed to handle telegram update");
+                        }
+                    }
+                }
+                Err(err) => {
+                    warn!(error = %err, "telegram polling failed");
+                    tokio::time::sleep(tokio::time::Duration::from_secs(2)).await;
+                }
+            }
+        }
+    }
+
+    async fn handle_update(&self, update: Update) -> Result<()> {
+        if let Some(message) = update.message {
+            if !self.is_authorized(
+                message.chat.id,
+                message
+                    .from
+                    .as_ref()
+                    .map(|user| user.id)
+                    .unwrap_or_default(),
+            ) {
+                warn!("ignored telegram message from unauthorized actor");
+                return Ok(());
+            }
+
+            let Some(text) = message.text else {
+                return Ok(());
+            };
+            let reply = self.dispatch_command(&text).await;
+            self.send_message(message.chat.id, &reply.text, reply.keyboard)
+                .await?;
+            return Ok(());
+        }
+
+        if let Some(callback_query) = update.callback_query {
+            let chat_id = callback_query
+                .message
+                .as_ref()
+                .map(|message| message.chat.id)
+                .unwrap_or(self.config.admin_chat_id);
+            if !self.is_authorized(chat_id, callback_query.from.id) {
+                warn!("ignored telegram callback from unauthorized actor");
+                return Ok(());
+            }
+
+            if let Some(data) = callback_query.data {
+                let reply = self.dispatch_command(&data).await;
+                self.send_message(chat_id, &reply.text, reply.keyboard)
+                    .await?;
+            }
+            self.answer_callback_query(&callback_query.id).await?;
+        }
+
+        Ok(())
+    }
+
+    async fn dispatch_command(&self, text: &str) -> BotReply {
+        let current_session_id = self.current_session.lock().await.clone();
+        match self
+            .gateway
+            .handle(GatewayRequest {
+                actor_user_id: self.config.admin_user_id,
+                actor_chat_id: self.config.admin_chat_id,
+                raw_text: text.to_string(),
+                command: parse_gateway_command(text),
+                current_session_id,
+            })
+            .await
+        {
+            Ok(response) => {
+                match response.session {
+                    SessionDirective::Keep => {}
+                    SessionDirective::Set(session_id) => {
+                        *self.current_session.lock().await = Some(session_id);
+                    }
+                    SessionDirective::Clear => {
+                        *self.current_session.lock().await = None;
+                    }
+                }
+                BotReply {
+                    text: response.text,
+                    keyboard: response.keyboard,
+                }
+            }
+            Err(err) => BotReply {
+                text: format!("error: {err}"),
+                keyboard: None,
+            },
+        }
+    }
+
+    async fn get_updates(&self, offset: i64) -> Result<Vec<Update>> {
+        let response = self
+            .client
+            .post(self.api_url("getUpdates"))
+            .json(&serde_json::json!({
+                "timeout": self.config.poll_timeout_secs,
+                "offset": offset,
+            }))
+            .send()
+            .await
+            .context("getUpdates request")?;
+
+        let payload: TelegramEnvelope<Vec<Update>> =
+            response.json().await.context("decode updates")?;
+        if !payload.ok {
+            anyhow::bail!("telegram getUpdates returned ok=false");
+        }
+        Ok(payload.result)
+    }
+
+    async fn send_message(
+        &self,
+        chat_id: i64,
+        text: &str,
+        keyboard: Option<InlineKeyboard>,
+    ) -> Result<()> {
+        let payload = if let Some(keyboard) = keyboard {
+            serde_json::json!({
+                "chat_id": chat_id,
+                "text": clamp_text(text),
+                "reply_markup": to_reply_markup(keyboard),
+            })
+        } else {
+            serde_json::json!({
+                "chat_id": chat_id,
+                "text": clamp_text(text),
+            })
+        };
+        let response = self
+            .client
+            .post(self.api_url("sendMessage"))
+            .json(&payload)
+            .send()
+            .await
+            .context("sendMessage request")?;
+        let payload: TelegramEnvelope<serde_json::Value> =
+            response.json().await.context("decode sendMessage")?;
+        if !payload.ok {
+            anyhow::bail!("telegram sendMessage returned ok=false");
+        }
+        info!("sent telegram message");
+        Ok(())
+    }
+
+    async fn answer_callback_query(&self, callback_query_id: &str) -> Result<()> {
+        let response = self
+            .client
+            .post(self.api_url("answerCallbackQuery"))
+            .json(&serde_json::json!({
+                "callback_query_id": callback_query_id,
+            }))
+            .send()
+            .await
+            .context("answerCallbackQuery request")?;
+        let payload: TelegramEnvelope<serde_json::Value> = response
+            .json()
+            .await
+            .context("decode answerCallbackQuery")?;
+        if !payload.ok {
+            anyhow::bail!("telegram answerCallbackQuery returned ok=false");
+        }
+        Ok(())
+    }
+
+    fn api_url(&self, method: &str) -> String {
+        format!(
+            "https://api.telegram.org/bot{}/{}",
+            self.config.token, method
+        )
+    }
+
+    fn is_authorized(&self, chat_id: i64, user_id: i64) -> bool {
+        chat_id == self.config.admin_chat_id && user_id == self.config.admin_user_id
+    }
+}
+
+#[derive(Debug, Deserialize)]
+struct TelegramEnvelope<T> {
+    ok: bool,
+    result: T,
+}
+
+#[derive(Debug, Deserialize)]
+struct Update {
+    update_id: i64,
+    message: Option<Message>,
+    callback_query: Option<CallbackQuery>,
+}
+
+#[derive(Debug, Deserialize)]
+struct Message {
+    chat: Chat,
+    from: Option<User>,
+    text: Option<String>,
+}
+
+#[derive(Debug, Deserialize)]
+struct Chat {
+    id: i64,
+}
+
+#[derive(Debug, Deserialize)]
+struct User {
+    id: i64,
+}
+
+#[derive(Debug, Deserialize)]
+struct CallbackQuery {
+    id: String,
+    from: User,
+    data: Option<String>,
+    message: Option<Message>,
+}
+
+struct BotReply {
+    text: String,
+    keyboard: Option<InlineKeyboard>,
+}
+
+fn clamp_text(text: &str) -> String {
+    const MAX: usize = 3500;
+    if text.len() <= MAX {
+        return text.to_string();
+    }
+    format!("{}...\n[truncated]", &text[..MAX])
+}
+
+fn to_reply_markup(keyboard: InlineKeyboard) -> serde_json::Value {
+    let rows = keyboard
+        .rows
+        .into_iter()
+        .map(|row| {
+            row.into_iter()
+                .map(|button| {
+                    serde_json::json!({
+                        "text": button.text,
+                        "callback_data": button.data,
+                    })
+                })
+                .collect::<Vec<_>>()
+        })
+        .collect::<Vec<_>>();
+    serde_json::json!({ "inline_keyboard": rows })
+}
+
+#[cfg(test)]
+mod tests {
+    use hajimi_claw_gateway::{GatewayCommand, parse_gateway_command};
+
+    #[test]
+    fn parses_elevated_start() {
+        assert_eq!(
+            parse_gateway_command("/elevated start 15 maintenance"),
+            GatewayCommand::ElevatedStart {
+                minutes: 15,
+                reason: "maintenance".into(),
+            }
+        );
+    }
+}

package/crates/hajimi-claw-daemon/Cargo.toml

@@ -0,0 +1,24 @@
+[package]
+name = "hajimi-claw-daemon"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+authors.workspace = true
+
+[dependencies]
+anyhow.workspace = true
+chrono.workspace = true
+serde.workspace = true
+tokio.workspace = true
+toml.workspace = true
+tracing.workspace = true
+tracing-subscriber.workspace = true
+hajimi-claw-agent = { path = "../hajimi-claw-agent" }
+hajimi-claw-bot = { path = "../hajimi-claw-bot" }
+hajimi-claw-exec = { path = "../hajimi-claw-exec" }
+hajimi-claw-gateway = { path = "../hajimi-claw-gateway" }
+hajimi-claw-llm = { path = "../hajimi-claw-llm" }
+hajimi-claw-policy = { path = "../hajimi-claw-policy" }
+hajimi-claw-store = { path = "../hajimi-claw-store" }
+hajimi-claw-tools = { path = "../hajimi-claw-tools" }
+hajimi-claw-types = { path = "../hajimi-claw-types" }

package/crates/hajimi-claw-daemon/src/lib.rs

@@ -0,0 +1,173 @@
+use std::path::PathBuf;
+use std::sync::Arc;
+
+use anyhow::{Context, Result};
+use hajimi_claw_agent::AgentRuntime;
+use hajimi_claw_bot::{TelegramBot, TelegramConfig};
+use hajimi_claw_exec::{LocalExecutor, PlatformMode};
+use hajimi_claw_gateway::InProcessGateway;
+use hajimi_claw_llm::{StaticBackend, StoreBackedBackend};
+use hajimi_claw_policy::{PolicyConfig, PolicyEngine};
+use hajimi_claw_store::{SecretCipher, Store};
+use hajimi_claw_tools::ToolRegistry;
+use serde::Deserialize;
+use tracing_subscriber::EnvFilter;
+
+#[derive(Debug, Clone, Deserialize)]
+pub struct AppConfig {
+    pub telegram: TelegramSection,
+    pub llm: LlmSection,
+    pub storage: StorageSection,
+    pub security: SecuritySection,
+    pub policy: PolicyConfig,
+    pub execution: ExecutionSection,
+}
+
+#[derive(Debug, Clone, Deserialize)]
+pub struct TelegramSection {
+    pub bot_token: String,
+    pub poll_timeout_secs: Option<u64>,
+}
+
+#[derive(Debug, Clone, Deserialize)]
+pub struct LlmSection {
+    pub base_url: Option<String>,
+    pub api_key: Option<String>,
+    pub model: Option<String>,
+    pub static_fallback_response: Option<String>,
+}
+
+#[derive(Debug, Clone, Deserialize)]
+pub struct StorageSection {
+    pub sqlite_path: PathBuf,
+}
+
+#[derive(Debug, Clone, Deserialize)]
+pub struct SecuritySection {
+    pub master_key_env: Option<String>,
+}
+
+#[derive(Debug, Clone, Deserialize)]
+pub struct ExecutionSection {
+    pub mode: Option<String>,
+}
+
+pub async fn run_from_env() -> Result<()> {
+    init_tracing();
+    let config_path = std::env::var("HAJIMI_CLAW_CONFIG").unwrap_or_else(|_| "config.toml".into());
+    let config = load_config(PathBuf::from(config_path))?;
+    run(config).await
+}
+
+pub async fn run(config: AppConfig) -> Result<()> {
+    if let Some(parent) = config.storage.sqlite_path.parent() {
+        std::fs::create_dir_all(parent)
+            .with_context(|| format!("create storage directory {}", parent.display()))?;
+    }
+    let policy = Arc::new(PolicyEngine::new(config.policy.clone()));
+    let master_key_env = config
+        .security
+        .master_key_env
+        .clone()
+        .unwrap_or_else(|| "HAJIMI_CLAW_MASTER_KEY".into());
+    let master_key = std::env::var(&master_key_env).with_context(|| {
+        format!(
+            "missing provider encryption key env `{master_key_env}`; set it before starting hajimi-claw"
+        )
+    })?;
+    let cipher = Arc::new(SecretCipher::from_passphrase(&master_key)?);
+    let store = Arc::new(Store::open_with_cipher(
+        &config.storage.sqlite_path,
+        Some(cipher),
+    )?);
+    let executor = Arc::new(LocalExecutor::new(
+        policy.clone(),
+        select_platform_mode(config.execution.mode.as_deref()),
+    ));
+    let tools = Arc::new(ToolRegistry::default(executor, policy.clone()));
+    let fallback = Arc::new(StaticBackend::new(
+        config
+            .llm
+            .static_fallback_response
+            .clone()
+            .unwrap_or_else(|| "LLM backend not configured.".into()),
+    ));
+    if let (Some(base_url), Some(api_key), Some(model)) = (
+        config.llm.base_url.clone(),
+        config.llm.api_key.clone(),
+        config.llm.model.clone(),
+    ) {
+        let bootstrap_record = hajimi_claw_types::ProviderRecord {
+            config: hajimi_claw_types::ProviderConfig {
+                id: "bootstrap".into(),
+                label: "Bootstrap".into(),
+                kind: hajimi_claw_types::ProviderKind::OpenAiCompatible,
+                base_url,
+                api_key,
+                model,
+                enabled: true,
+                extra_headers: vec![],
+                created_at: chrono::Utc::now(),
+            },
+            is_default: store.get_default_provider()?.is_none(),
+        };
+        store.upsert_provider(&bootstrap_record)?;
+    }
+    let llm: Arc<dyn hajimi_claw_types::LlmBackend> =
+        Arc::new(StoreBackedBackend::new(store.clone(), Some(fallback)));
+
+    let runtime = Arc::new(AgentRuntime::new(llm, tools, store.clone(), policy.clone()));
+    let gateway = Arc::new(InProcessGateway::new(
+        runtime,
+        policy.clone(),
+        store.clone(),
+    ));
+    let bot = TelegramBot::new(
+        TelegramConfig {
+            token: config.telegram.bot_token,
+            poll_timeout_secs: config.telegram.poll_timeout_secs.unwrap_or(30),
+            admin_user_id: config.policy.admin_user_id,
+            admin_chat_id: config.policy.admin_chat_id,
+        },
+        gateway,
+    );
+
+    bot.run().await
+}
+
+pub fn load_config(path: PathBuf) -> Result<AppConfig> {
+    let raw = std::fs::read_to_string(&path)
+        .with_context(|| format!("read config file {}", path.display()))?;
+    let config: AppConfig = toml::from_str(&raw).context("parse config.toml")?;
+    Ok(config)
+}
+
+fn init_tracing() {
+    let _ = tracing_subscriber::fmt()
+        .with_env_filter(EnvFilter::from_default_env())
+        .try_init();
+}
+
+fn select_platform_mode(mode: Option<&str>) -> PlatformMode {
+    match mode.unwrap_or("auto") {
+        "windows-safe" => PlatformMode::WindowsSafe,
+        "windows-elevated" => PlatformMode::WindowsElevated,
+        "unix" => PlatformMode::Unix,
+        _ if cfg!(windows) => PlatformMode::WindowsSafe,
+        _ => PlatformMode::Unix,
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::select_platform_mode;
+    use hajimi_claw_exec::PlatformMode;
+
+    #[test]
+    fn selects_explicit_mode() {
+        assert!(matches!(
+            select_platform_mode(Some("windows-safe")),
+            PlatformMode::WindowsSafe
+        ));
+    }
+}

package/crates/hajimi-claw-exec/Cargo.toml

@@ -0,0 +1,21 @@
+[package]
+name = "hajimi-claw-exec"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+authors.workspace = true
+
+[dependencies]
+anyhow.workspace = true
+async-trait.workspace = true
+chrono.workspace = true
+hajimi-claw-policy = { path = "../hajimi-claw-policy" }
+hajimi-claw-types = { path = "../hajimi-claw-types" }
+serde.workspace = true
+tokio.workspace = true
+tracing.workspace = true
+uuid.workspace = true
+windows.workspace = true
+
+[dev-dependencies]
+tempfile.workspace = true