hovclaw 0.1.2 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +13 -16
- package/dist/{doctor-D52M80De.js → doctor-0iphhiTj.js} +2 -2
- package/dist/hovclaw.js +893 -292
- package/dist/index.js +1194 -264
- package/dist/{login-BwvBMKdz.js → login-BtLE2Bye.js} +1 -1
- package/dist/{onboard-DL6VDf50.js → onboard-Cc2XHLT4.js} +12 -2
- package/dist/{reset-BJUhrojJ.js → reset-ChNzCD2s.js} +1 -1
- package/dist/{src-Y6AqidKn.js → src-GZDRRc5A.js} +309 -40
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
<h1 align="center">HOVClaw</h1>
|
|
2
2
|
|
|
3
3
|
<p align="center">
|
|
4
|
-
<strong>Lean self-hosted AI agent gateway
|
|
4
|
+
<strong>Lean self-hosted AI agent gateway</strong>
|
|
5
5
|
</p>
|
|
6
6
|
|
|
7
7
|
<p align="center">
|
|
@@ -20,7 +20,6 @@ HOVClaw is built on a simple principle: **run your own AI agent infrastructure,
|
|
|
20
20
|
|
|
21
21
|
- **Self-hosted first** - Everything runs on your machine, no cloud dependency
|
|
22
22
|
- **Channel-native** - Talk to your agent via Telegram or Discord, not a custom app
|
|
23
|
-
- **OpenClaw-compatible** - Mirror config to `~/.openclaw` for ClawHub discovery and tooling interop
|
|
24
23
|
- **Gateway-first control** - WebSocket protocol v3 for programmatic access, with a built-in web UI for quick ops
|
|
25
24
|
|
|
26
25
|
## Features
|
|
@@ -34,15 +33,17 @@ HOVClaw is built on a simple principle: **run your own AI agent infrastructure,
|
|
|
34
33
|
- **Policy layer** - `dmPolicy`, `groupPolicy`, per-group/per-topic overrides, pairing flow
|
|
35
34
|
- **Native Telegram commands** - Auto-registered slash command menu (including skill aliases)
|
|
36
35
|
- **Thinking controls** - `/think <level> <task>` plus persisted default via `commands.defaultThinkingLevel`
|
|
36
|
+
- **Exec chat approvals** - `/bash <cmd>` requests approval and `/approve <id> allow-once|allow-always|deny` resolves
|
|
37
37
|
|
|
38
38
|
### Gateway & Control Plane
|
|
39
39
|
|
|
40
|
-
- **WebSocket protocol v3** - Request/response/event frames with
|
|
40
|
+
- **WebSocket protocol v3** - Request/response/event frames with 25 methods
|
|
41
41
|
- **Built-in web UI** - Connection, health, channels, sessions, and chat in one page
|
|
42
42
|
- **Fail-closed auth defaults** - Gateway auth is required unless explicitly opting into insecure mode
|
|
43
43
|
- **Origin-aware WS policy** - Browser `Origin` headers must be same-origin or allowlisted
|
|
44
44
|
- **LaunchAgent integration** - `hovclaw gateway install/start/stop` for macOS background service
|
|
45
45
|
- **Programmatic access** - `hovclaw gateway call <method>` for scripting
|
|
46
|
+
- **Approval APIs** - `exec.approval.request|resolve` and `exec.approvals.get|set`
|
|
46
47
|
|
|
47
48
|
### Agent Runtime
|
|
48
49
|
|
|
@@ -50,7 +51,9 @@ HOVClaw is built on a simple principle: **run your own AI agent infrastructure,
|
|
|
50
51
|
- **Multi-provider models** - Anthropic, Google, OpenAI, OpenRouter via `@mariozechner/pi-ai`
|
|
51
52
|
- **Model routing** - Per-target model slots (interactive, discord, cron) with fallback policy
|
|
52
53
|
- **Workspace-first tools** - Relative file tool paths resolve from agent workspace
|
|
53
|
-
- **
|
|
54
|
+
- **Exec approvals model** - deny/allowlist/full + `off|on-miss|always` ask modes with persistent allowlists
|
|
55
|
+
- **Least-privilege defaults** - exec disabled by default (`runtime.tools.exec.enabled=false`)
|
|
56
|
+
- **Read-only diagnostics** - built-in `diagnose_device` tool (`profile=core`)
|
|
54
57
|
- **Session persistence** - SQLite-backed sessions, messages, agent state, and usage tracking
|
|
55
58
|
|
|
56
59
|
### Scheduling & Automation
|
|
@@ -59,12 +62,6 @@ HOVClaw is built on a simple principle: **run your own AI agent infrastructure,
|
|
|
59
62
|
- **Channel notifications** - Scheduled job results delivered to Telegram or Discord
|
|
60
63
|
- **Concurrent execution** - Configurable max concurrent jobs
|
|
61
64
|
|
|
62
|
-
### OpenClaw Compatibility
|
|
63
|
-
|
|
64
|
-
- **Mirror strategy** - HOVClaw is source of truth; mirror files written to `~/.openclaw`
|
|
65
|
-
- **ClawHub discovery** - `~/.openclaw/openclaw.json` + `~/.openclaw/skills` symlink
|
|
66
|
-
- **Compat CLI** - `hovclaw compat status --sync` to verify mirror state
|
|
67
|
-
|
|
68
65
|
## Installation
|
|
69
66
|
|
|
70
67
|
### Prerequisites
|
|
@@ -113,7 +110,7 @@ and agent configuration. All settings are saved to `~/.hovclaw/config.json`.
|
|
|
113
110
|
Security defaults in this release are intentionally strict:
|
|
114
111
|
- gateway start fails if `gateway.enabled=true` and neither `gateway.auth.token` nor `gateway.auth.password` is set (unless `gateway.auth.allowUnauthenticated=true`)
|
|
115
112
|
- Telegram webhook mode requires a non-empty webhook secret
|
|
116
|
-
-
|
|
113
|
+
- exec runtime tool is opt-in via `runtime.tools.exec.enabled=true` (legacy `runtime.tools.bashEnabled=true` still maps to exec enabled)
|
|
117
114
|
|
|
118
115
|
Agent and skill definitions are loaded from:
|
|
119
116
|
- `~/.hovclaw/agents/<name>/agent.json` (`CLAUDE.md`, `cron.json`)
|
|
@@ -194,7 +191,7 @@ Environment overrides are supported for most fields. See [docs/config-reference.
|
|
|
194
191
|
│ │
|
|
195
192
|
│ ┌────────────────────────────────────────────────────────┐ │
|
|
196
193
|
│ │ Gateway (ws + http) │ │
|
|
197
|
-
│ │ WebSocket v3 protocol • Web UI •
|
|
194
|
+
│ │ WebSocket v3 protocol • Web UI • 25 methods │ │
|
|
198
195
|
│ └────────────────────────────────────────────────────────┘ │
|
|
199
196
|
│ │
|
|
200
197
|
│ ┌────────────────────────────────────────────────────────┐ │
|
|
@@ -212,7 +209,7 @@ Environment overrides are supported for most fields. See [docs/config-reference.
|
|
|
212
209
|
| **Agent Manager** | Per-session agent lifecycle, state persistence, model resolution |
|
|
213
210
|
| **Router** | Binding-based inbound routing with peer/guild/account/channel cascade |
|
|
214
211
|
| **Scheduler** | Cron job loading, execution, and channel notifications |
|
|
215
|
-
| **Gateway** | WebSocket v3 server with
|
|
212
|
+
| **Gateway** | WebSocket v3 server with 25 methods, 7 event types, built-in web UI |
|
|
216
213
|
| **Skill Loader** | SKILL.md frontmatter parsing and dependency checking |
|
|
217
214
|
| **Channels** | Telegram (multi-account, policy, pairing) and Discord adapters |
|
|
218
215
|
|
|
@@ -252,8 +249,6 @@ hovclaw gateway open-ui
|
|
|
252
249
|
# Daemon
|
|
253
250
|
hovclaw daemon install|uninstall|start|stop|restart|status|logs
|
|
254
251
|
|
|
255
|
-
# Compatibility
|
|
256
|
-
hovclaw compat status [--sync] [--json]
|
|
257
252
|
```
|
|
258
253
|
|
|
259
254
|
## Gateway Methods (v3)
|
|
@@ -273,8 +268,10 @@ hovclaw compat status [--sync] [--json]
|
|
|
273
268
|
| `chat.history` / `chat.send` / `chat.abort` | Chat session interaction |
|
|
274
269
|
| `cron.list` / `cron.status` | Scheduled job listing and status |
|
|
275
270
|
| `logs.tail` | Recent audit events |
|
|
271
|
+
| `exec.approval.request` / `exec.approval.resolve` | Create and resolve pending exec approvals |
|
|
272
|
+
| `exec.approvals.get` / `exec.approvals.set` | Read/write persisted exec defaults and per-agent allowlists |
|
|
276
273
|
|
|
277
|
-
Events: `tick`, `health`, `agent`, `chat`, `shutdown`
|
|
274
|
+
Events: `tick`, `health`, `agent`, `chat`, `shutdown`, `exec.approval.requested`, `exec.approval.resolved`
|
|
278
275
|
|
|
279
276
|
## Development
|
|
280
277
|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { B as loadCredentials, I as getHovclawHome, L as hasConfigFile, M as ensureConfigFromLegacyEnv, N as getConfigPath, P as getCredentialsPath, R as hasCredentialsFile, U as saveConfigFile, V as loadFileConfig, W as saveCredentials, j as detectLegacyEnvConfig, z as loadConfig } from "./hovclaw.js";
|
|
2
2
|
import fs from "node:fs";
|
|
3
3
|
import path from "node:path";
|
|
4
4
|
import { fileURLToPath } from "node:url";
|
|
@@ -148,7 +148,7 @@ function runDoctorChecks(options, env = process.env) {
|
|
|
148
148
|
} else addFinding(findings, "telegram-webhook-secret", "fail", "Telegram webhook secret missing", `Accounts: ${webhookAccountsMissingSecret.join(", ")}`);
|
|
149
149
|
else addFinding(findings, "telegram-webhook-secret", "pass", "Telegram webhook secret policy", "OK");
|
|
150
150
|
}
|
|
151
|
-
if (!loadedConfig.gateway.enabled) addFinding(findings, "gateway-enabled", "warn", "Gateway is disabled", "Enable gateway for
|
|
151
|
+
if (!loadedConfig.gateway.enabled) addFinding(findings, "gateway-enabled", "warn", "Gateway is disabled", "Enable gateway for gateway RPC and built-in web UI access.");
|
|
152
152
|
else addFinding(findings, "gateway-enabled", "pass", "Gateway enabled", "OK");
|
|
153
153
|
if (loadedConfig.gateway.auth.allowUnauthenticated) addFinding(findings, "gateway-auth-mode", "warn", "Gateway unauthenticated mode is enabled", "Set gateway.auth.allowUnauthenticated=false for secure deployments.");
|
|
154
154
|
else if (!loadedConfig.gateway.auth.token.trim() && !loadedConfig.gateway.auth.password.trim()) if (options.repair) {
|