hovclaw 0.1.2 → 0.1.4

package/dist/{login-BwvBMKdz.js → login-BtLE2Bye.js}

@@ -1,4 +1,4 @@
-import { H as saveCredentials, R as loadCredentials } from "./hovclaw.js";
+import { B as loadCredentials, W as saveCredentials } from "./hovclaw.js";
 import { n as runOAuthLogin, t as SUPPORTED_OAUTH_PROVIDERS } from "./oauth-CQsXP0kP.js";
 import path from "node:path";
 import { fileURLToPath } from "node:url";

package/dist/{onboard-DL6VDf50.js → onboard-Cc2XHLT4.js}

@@ -1,4 +1,4 @@
-import { F as hasConfigFile, H as saveCredentials, L as loadConfig, M as getCredentialsPath, N as getDefaultFileConfig, O as config, P as getHovclawHome, R as loadCredentials, V as saveConfigFile, j as getConfigPath, m as ensureWorkspaceBootstrapForConfig, y as listAvailableSkills } from "./hovclaw.js";
+import { A as config, B as loadCredentials, F as getDefaultFileConfig, I as getHovclawHome, L as hasConfigFile, N as getConfigPath, P as getCredentialsPath, U as saveConfigFile, W as saveCredentials, g as ensureWorkspaceBootstrapForConfig, x as listAvailableSkills, z as loadConfig } from "./hovclaw.js";
 import { n as runOAuthLogin } from "./oauth-CQsXP0kP.js";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
@@ -727,7 +727,17 @@ function asFileConfig(appConfig) {
 			allowedReadRoots: [...appConfig.runtime.allowedReadRoots],
 			allowedWriteRoots: [...appConfig.runtime.allowedWriteRoots],
 			allowedCommandPrefixes: [...appConfig.runtime.allowedCommandPrefixes],
-			tools: { bashEnabled: appConfig.runtime.tools.bashEnabled }
+			tools: {
+				bashEnabled: appConfig.runtime.tools.bashEnabled,
+				exec: {
+					enabled: appConfig.runtime.tools.exec.enabled,
+					security: appConfig.runtime.tools.exec.security,
+					ask: appConfig.runtime.tools.exec.ask,
+					approvalTimeoutMs: appConfig.runtime.tools.exec.approvalTimeoutMs,
+					allowlist: [...appConfig.runtime.tools.exec.allowlist],
+					safeBins: [...appConfig.runtime.tools.exec.safeBins]
+				}
+			}
 		},
 		channels: {
 			discord: {

package/dist/{reset-BJUhrojJ.js → reset-ChNzCD2s.js}

@@ -1,4 +1,4 @@
-import { L as loadConfig, M as getCredentialsPath, P as getHovclawHome, j as getConfigPath, n as stopDaemon } from "./hovclaw.js";
+import { I as getHovclawHome, N as getConfigPath, P as getCredentialsPath, n as stopDaemon, z as loadConfig } from "./hovclaw.js";
 import fs from "node:fs";
 import path from "node:path";
 import { cancel, confirm, isCancel, log, select } from "@clack/prompts";

package/dist/{src-Y6AqidKn.js → src-GZDRRc5A.js}

@@ -1,15 +1,46 @@
-import { A as ensureConfigFromLegacyEnv, B as resolveTelegramAccountConfig, C as resolveModelAlias, D as parseGatewayFrame, E as parseConnectParams, F as hasConfigFile, L as loadConfig, N as getDefaultFileConfig, O as config, S as parseModelRef, T as PROTOCOL_VERSION, U as writeOpenClawMirror, V as saveConfigFile, _ as extractAssistantText, a as LocalHostRuntime, b as loadSkill, c as redactSensitiveData, d as PiAgentManager, f as composeSessionKey, g as extractAssistantError, h as resolveAgentWorkspaceDir, i as createTools, l as TelegramChannel, m as ensureWorkspaceBootstrapForConfig, o as ContainerRuntime, p as WORKSPACE_CONTEXT_FILE_ORDER, r as TelegramPairingStore, s as HovClawDb, t as requestDaemonRestartFromCurrentProcess, u as DiscordChannel, v as toUserFacingAssistantError, w as logger, x as listConfiguredModelRefs, y as listAvailableSkills, z as loadFileConfig } from "./hovclaw.js";
+import { A as config, C as listConfiguredModelRefs, D as PROTOCOL_VERSION, E as logger, F as getDefaultFileConfig, H as resolveTelegramAccountConfig, L as hasConfigFile, M as ensureConfigFromLegacyEnv, O as parseConnectParams, S as loadSkill, T as resolveModelAlias, U as saveConfigFile, V as loadFileConfig, _ as resolveAgentWorkspaceDir, a as LocalHostRuntime, b as toUserFacingAssistantError, c as evaluateExecPolicy, d as TelegramChannel, f as DiscordChannel, g as ensureWorkspaceBootstrapForConfig, h as WORKSPACE_CONTEXT_FILE_ORDER, i as createTools, k as parseGatewayFrame, l as HovClawDb, m as composeSessionKey, o as ContainerRuntime, p as PiAgentManager, r as TelegramPairingStore, s as ExecApprovalsManager, t as requestDaemonRestartFromCurrentProcess, u as redactSensitiveData, v as extractAssistantError, w as parseModelRef, x as listAvailableSkills, y as extractAssistantText, z as loadConfig } from "./hovclaw.js";
 import fs from "node:fs";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
-import { ZodError, z } from "zod";
 import { randomUUID } from "node:crypto";
 import WebSocket, { WebSocketServer } from "ws";
+import { ZodError, z } from "zod";
 import fs$1 from "node:fs/promises";
 import { createServer } from "node:http";
 import { spawnSync } from "node:child_process";
 import { Cron } from "croner";
 
+//#region src/channels/command-auth.ts
+function normalizeAllowFromEntry(value) {
+	return String(value).trim().toLowerCase();
+}
+function senderCandidates(msg) {
+	const candidates = /* @__PURE__ */ new Set();
+	const userId = msg.userId.trim();
+	if (userId) candidates.add(userId.toLowerCase());
+	const displayName = msg.displayName.trim();
+	if (displayName.startsWith("@")) candidates.add(displayName.toLowerCase());
+	return Array.from(candidates);
+}
+function resolveCommandsAllowFrom(config, channel) {
+	const entries = config.commands.allowFrom;
+	if (Object.keys(entries).length === 0) return null;
+	const providerSpecific = entries[channel];
+	if (Array.isArray(providerSpecific)) return providerSpecific;
+	const global = entries["*"];
+	if (Array.isArray(global)) return global;
+	return [];
+}
+function isCommandAuthorized(config, msg) {
+	const allowFrom = resolveCommandsAllowFrom(config, msg.channel);
+	if (allowFrom === null) return true;
+	const normalizedAllow = new Set(allowFrom.map((entry) => normalizeAllowFromEntry(entry)));
+	if (normalizedAllow.has("*")) return true;
+	for (const candidate of senderCandidates(msg)) if (normalizedAllow.has(candidate)) return true;
+	return false;
+}
+
+//#endregion
 //#region src/channels/plugins/discord.ts
 function createDiscordPlugin() {
 	return {
@@ -157,37 +188,6 @@ function buildModelCatalog(aliases) {
 	}).filter((entry) => Boolean(entry)).sort((a, b) => a.ref.localeCompare(b.ref));
 }
 
-//#endregion
-//#region src/channels/command-auth.ts
-function normalizeAllowFromEntry(value) {
-	return String(value).trim().toLowerCase();
-}
-function senderCandidates(msg) {
-	const candidates = /* @__PURE__ */ new Set();
-	const userId = msg.userId.trim();
-	if (userId) candidates.add(userId.toLowerCase());
-	const displayName = msg.displayName.trim();
-	if (displayName.startsWith("@")) candidates.add(displayName.toLowerCase());
-	return Array.from(candidates);
-}
-function resolveCommandsAllowFrom(config, channel) {
-	const entries = config.commands.allowFrom;
-	if (Object.keys(entries).length === 0) return null;
-	const providerSpecific = entries[channel];
-	if (Array.isArray(providerSpecific)) return providerSpecific;
-	const global = entries["*"];
-	if (Array.isArray(global)) return global;
-	return [];
-}
-function isCommandAuthorized(config, msg) {
-	const allowFrom = resolveCommandsAllowFrom(config, msg.channel);
-	if (allowFrom === null) return true;
-	const normalizedAllow = new Set(allowFrom.map((entry) => normalizeAllowFromEntry(entry)));
-	if (normalizedAllow.has("*")) return true;
-	for (const candidate of senderCandidates(msg)) if (normalizedAllow.has(candidate)) return true;
-	return false;
-}
-
 //#endregion
 //#region src/channels/commands-registry.ts
 const TELEGRAM_COMMAND_NAME_RE = /^[a-z0-9_]{1,32}$/;
@@ -298,6 +298,11 @@ const BASE_COMMANDS = [
 		nativeName: "bash",
 		description: "Run a shell command through the assistant (if enabled)"
 	},
+	{
+		key: "approve",
+		nativeName: "approve",
+		description: "Approve or deny pending exec request"
+	},
 	{
 		key: "restart",
 		nativeName: "restart",
@@ -543,7 +548,6 @@ function reloadRuntimeConfig() {
 function persistFileConfig(next) {
 	saveConfigFile(next);
 	reloadRuntimeConfig();
-	writeOpenClawMirror(config);
 }
 function parseConfigPath(raw) {
 	const pathValue = raw?.trim();
@@ -1311,6 +1315,156 @@ function evaluateTelegramPolicy(params) {
 	return { allowed: true };
 }
 
+//#endregion
+//#region src/exec-chat.ts
+const APPROVE_USAGE = "Usage: /approve <id> allow-once|allow-always|deny";
+const BASH_USAGE = "Usage: /bash <command>";
+function normalizeDecision(value) {
+	const normalized = value.trim().toLowerCase();
+	if (normalized === "allow-once" || normalized === "allow-always" || normalized === "deny") return normalized;
+	return null;
+}
+function formatExecOutput(result) {
+	const lines = [
+		`exitCode: ${result.exitCode}`,
+		result.timedOut ? "timedOut: true" : "timedOut: false",
+		result.truncated ? "truncated: true" : "truncated: false",
+		""
+	];
+	if (result.stdout) {
+		lines.push("stdout:");
+		lines.push(result.stdout);
+		lines.push("");
+	}
+	if (result.stderr) {
+		lines.push("stderr:");
+		lines.push(result.stderr);
+	}
+	if (!result.stdout && !result.stderr) lines.push("No output.");
+	return lines.join("\n").trim();
+}
+async function executeApprovedCommand(options) {
+	const result = await options.runtime.exec(options.command, { timeoutMs: options.timeoutMs });
+	await options.channel.sendMessage(options.target, [
+		`Approval granted. Executed: ${options.command}`,
+		"",
+		formatExecOutput(result)
+	].join("\n"));
+}
+async function handleExecChatCommand(options) {
+	const trimmed = options.msg.text.trim();
+	if (!trimmed.startsWith("/")) return { handled: false };
+	const parsed = trimmed.split(/\s+/);
+	const command = (parsed[0] || "").toLowerCase();
+	if (command === "/approve") {
+		if (!options.commandAuthorized) {
+			await options.channel.sendMessage(options.target, "You are not authorized to use this command.");
+			return { handled: true };
+		}
+		const approvalId = parsed[1]?.trim();
+		const decision = parsed[2] ? normalizeDecision(parsed[2]) : null;
+		if (!approvalId || !decision) {
+			await options.channel.sendMessage(options.target, APPROVE_USAGE);
+			return { handled: true };
+		}
+		if (!options.execApprovals.resolve(approvalId, decision, options.msg.userId)) {
+			await options.channel.sendMessage(options.target, `Unknown or expired approval id: ${approvalId}`);
+			return { handled: true };
+		}
+		await options.channel.sendMessage(options.target, `Approval ${decision} recorded for ${approvalId}.`);
+		options.audit({
+			sessionKey: options.sessionKey,
+			actor: "channel",
+			eventType: "exec.approval.resolve",
+			payload: {
+				id: approvalId,
+				decision,
+				resolvedBy: options.msg.userId
+			}
+		});
+		return { handled: true };
+	}
+	if (command !== "/bash") return { handled: false };
+	if (!options.execPolicy.enabled) {
+		await options.channel.sendMessage(options.target, "/bash is disabled. Set runtime.tools.exec.enabled=true (or runtime.tools.bashEnabled=true) to enable.");
+		return { handled: true };
+	}
+	if (!options.commandAuthorized) {
+		await options.channel.sendMessage(options.target, "You are not authorized to use this command.");
+		return { handled: true };
+	}
+	if (!options.msg.text.slice(5).trim()) {
+		await options.channel.sendMessage(options.target, BASH_USAGE);
+		return { handled: true };
+	}
+	const bashCommand = options.msg.text.slice(5).trim();
+	const evaluation = evaluateExecPolicy({
+		command: bashCommand,
+		agentId: options.agentId,
+		policy: options.execPolicy,
+		manager: options.execApprovals,
+		cwd: process.cwd(),
+		env: process.env
+	});
+	options.audit({
+		sessionKey: options.sessionKey,
+		actor: "channel",
+		eventType: "exec.chat.request",
+		payload: {
+			command: bashCommand,
+			security: options.execPolicy.security,
+			ask: options.execPolicy.ask,
+			allowlistSatisfied: evaluation.allowlistSatisfied,
+			requiresApproval: evaluation.requiresApproval
+		}
+	});
+	if (evaluation.denied) {
+		await options.channel.sendMessage(options.target, evaluation.deniedReason || "Command denied by policy.");
+		return { handled: true };
+	}
+	if (evaluation.requiresApproval) {
+		const approval = options.execApprovals.request({
+			command: bashCommand,
+			agentId: options.agentId,
+			sessionKey: options.sessionKey,
+			resolvedPath: evaluation.resolvedPath,
+			timeoutMs: options.execPolicy.approvalTimeoutMs,
+			target: {
+				channel: options.target.channel,
+				chatId: options.target.chatId,
+				accountId: options.target.accountId
+			},
+			onApproved: async (record) => {
+				if (record.decision === "deny") return;
+				await executeApprovedCommand({
+					runtime: options.runtime,
+					channel: options.channel,
+					target: options.target,
+					command: bashCommand,
+					timeoutMs: options.execPolicy.approvalTimeoutMs
+				});
+			}
+		});
+		await options.channel.sendMessage(options.target, [
+			"Approval required for this command.",
+			`id: ${approval.id}`,
+			`expiresAt: ${new Date(approval.expiresAtMs).toISOString()}`,
+			"",
+			`Approve with: /approve ${approval.id} allow-once|allow-always|deny`
+		].join("\n"));
+		return { handled: true };
+	}
+	try {
+		const result = await options.runtime.exec(bashCommand, { timeoutMs: options.execPolicy.approvalTimeoutMs });
+		if (evaluation.allowlistPattern && !evaluation.allowlistPattern.startsWith("safe-bin:") && evaluation.allowlistPattern !== "one-time-approval") options.execApprovals.recordAllowlistUse(options.agentId, evaluation.allowlistPattern, bashCommand, evaluation.resolvedPath);
+		await options.channel.sendMessage(options.target, formatExecOutput(result));
+	} catch (error) {
+		const message = error instanceof Error ? error.message : String(error);
+		await options.channel.sendMessage(options.target, `Command failed: ${message}`);
+	}
+	return { handled: true };
+}
+
 //#endregion
 //#region src/gateway/methods/agent.ts
 const agentParamsSchema = z.object({
@@ -1483,14 +1637,12 @@ const configGetMethod = async (_params, context) => {
 const configSetMethod = async (params, context) => {
 	const parsed = configSetParamsSchema.parse(params);
 	context.writeFileConfig(parsed.config);
-	writeOpenClawMirror(loadConfig());
 	return { ok: true };
 };
 const configPatchMethod = async (params, context) => {
 	const parsed = configPatchParamsSchema.parse(params);
 	const merged = deepMerge(context.readFileConfig(), parsed.patch);
 	context.writeFileConfig(merged);
-	writeOpenClawMirror(loadConfig());
 	return { ok: true };
 };
 
@@ -1509,6 +1661,68 @@ const cronStatusMethod = async (_params, context) => {
 	};
 };
 
+//#endregion
+//#region src/gateway/methods/exec-approvals.ts
+const requestParamsSchema = z.object({
+	command: z.string().min(1),
+	agentId: z.string().min(1).optional(),
+	sessionKey: z.string().min(1).optional(),
+	resolvedPath: z.string().min(1).optional(),
+	timeoutMs: z.number().int().positive().optional()
+});
+const resolveParamsSchema = z.object({
+	id: z.string().min(1),
+	decision: z.enum([
+		"allow-once",
+		"allow-always",
+		"deny"
+	]),
+	resolvedBy: z.string().min(1).optional()
+});
+const setParamsSchema = z.object({ file: z.unknown() });
+const execApprovalRequestMethod = async (params, context) => {
+	const parsed = requestParamsSchema.parse(params);
+	const record = context.execApprovals.request({
+		command: parsed.command,
+		agentId: parsed.agentId ?? "main",
+		sessionKey: parsed.sessionKey,
+		resolvedPath: parsed.resolvedPath,
+		timeoutMs: parsed.timeoutMs
+	});
+	return {
+		id: record.id,
+		createdAtMs: record.createdAtMs,
+		expiresAtMs: record.expiresAtMs,
+		command: record.command,
+		agentId: record.agentId
+	};
+};
+const execApprovalResolveMethod = async (params, context) => {
+	const parsed = resolveParamsSchema.parse(params);
+	const record = context.execApprovals.resolve(parsed.id, parsed.decision, parsed.resolvedBy);
+	if (!record) throw new Error(`Unknown or expired approval id: ${parsed.id}`);
+	return {
+		ok: true,
+		id: record.id,
+		decision: parsed.decision,
+		resolvedBy: parsed.resolvedBy ?? null,
+		resolvedAtMs: record.resolvedAtMs ?? Date.now()
+	};
+};
+const execApprovalsGetMethod = async (_params, context) => {
+	return {
+		path: context.execApprovals.getConfigPath(),
+		file: context.execApprovals.getSnapshot()
+	};
+};
+const execApprovalsSetMethod = async (params, context) => {
+	const parsed = setParamsSchema.parse(params);
+	return {
+		ok: true,
+		file: context.execApprovals.setSnapshot(parsed.file)
+	};
+};
+
 //#endregion
 //#region src/gateway/methods/health.ts
 const healthMethod = async (_params, context) => {
@@ -1747,14 +1961,20 @@ const gatewayMethodHandlers = {
 	"chat.abort": chatAbortMethod,
 	"cron.list": cronListMethod,
 	"cron.status": cronStatusMethod,
-	"logs.tail": logsTailMethod
+	"logs.tail": logsTailMethod,
+	"exec.approval.request": execApprovalRequestMethod,
+	"exec.approval.resolve": execApprovalResolveMethod,
+	"exec.approvals.get": execApprovalsGetMethod,
+	"exec.approvals.set": execApprovalsSetMethod
 };
 const gatewayEventNames = [
 	"tick",
 	"health",
 	"agent",
 	"chat",
-	"shutdown"
+	"shutdown",
+	"exec.approval.requested",
+	"exec.approval.resolved"
 ];
 
 //#endregion
@@ -1888,6 +2108,7 @@ function resolveUiDirectory() {
 }
 var HovClawGatewayServer = class {
 	db;
+	execApprovals;
 	agentManager;
 	channels;
 	readFileConfig;
@@ -1903,6 +2124,7 @@ var HovClawGatewayServer = class {
 	constructor(options) {
 		this.runtimeConfig = options.config;
 		this.db = options.db;
+		this.execApprovals = options.execApprovals;
 		this.agentManager = options.agentManager;
 		this.channels = options.channels;
 		this.readFileConfig = options.readFileConfig;
@@ -2176,6 +2398,7 @@ var HovClawGatewayServer = class {
 		const context = {
 			config: this.runtimeConfig,
 			db: this.db,
+			execApprovals: this.execApprovals,
 			agentManager: this.agentManager,
 			channels: this.channels,
 			startedAt: this.startedAt,
@@ -2604,7 +2827,6 @@ async function main() {
 	} catch (error) {
 		logger.warn({ error }, "Workspace bootstrap failed");
 	}
-	writeOpenClawMirror(config);
 	const db = new HovClawDb(path.join(config.storeDir, "hovclaw.db"));
 	db.ping();
 	const runtime = config.runtime.mode === "container" ? new ContainerRuntime({
@@ -2623,10 +2845,40 @@ async function main() {
 		allowedWriteRoots: config.runtime.allowedWriteRoots,
 		allowedCommandPrefixes: config.runtime.allowedCommandPrefixes
 	});
+	let emitGatewayEvent = null;
+	const execApprovals = new ExecApprovalsManager({
+		storeDir: config.storeDir,
+		defaults: {
+			security: config.runtime.tools.exec.security,
+			ask: config.runtime.tools.exec.ask
+		},
+		onRequested: (record) => {
+			emitGatewayEvent?.("exec.approval.requested", {
+				id: record.id,
+				request: {
+					command: record.command,
+					agentId: record.agentId,
+					sessionKey: record.sessionKey,
+					resolvedPath: record.resolvedPath
+				},
+				createdAtMs: record.createdAtMs,
+				expiresAtMs: record.expiresAtMs
+			});
+		},
+		onResolved: (record) => {
+			emitGatewayEvent?.("exec.approval.resolved", {
+				id: record.id,
+				decision: record.decision,
+				resolvedBy: record.resolvedBy ?? null,
+				resolvedAtMs: record.resolvedAtMs
+			});
+		}
+	});
 	const agentManager = new PiAgentManager(db, createTools({
 		runtime,
 		audit: (record) => db.appendAuditEvent(record),
-		bashEnabled: config.runtime.tools.bashEnabled
+		execPolicy: config.runtime.tools.exec,
+		execApprovals
 	}));
 	let lastMessageAt = null;
 	const telegramPairingStore = new TelegramPairingStore(config.storeDir);
@@ -2650,6 +2902,19 @@ async function main() {
 		if (!normalizedPrompt) return;
 		let thinkingLevel = config.commands.defaultThinkingLevel;
 		let thinkingLevelForced = false;
+		const commandAuthorized = isCommandAuthorized(config, msg);
+		if ((await handleExecChatCommand({
+			msg,
+			target,
+			channel,
+			runtime,
+			execApprovals,
+			execPolicy: config.runtime.tools.exec,
+			commandAuthorized,
+			agentId,
+			sessionKey,
+			audit: (record) => db.appendAuditEvent(record)
+		})).handled) return;
 		if (msg.channel === "telegram") {
 			const policy = evaluateTelegramPolicy({
 				config,
@@ -2794,12 +3059,16 @@ async function main() {
 	const gatewayServer = config.gateway.enabled ? new HovClawGatewayServer({
 		config,
 		db,
+		execApprovals,
 		agentManager,
 		channels,
 		getChannelStatus: () => channelPluginManager.buildStatusPayload(),
 		readFileConfig,
 		writeFileConfig
 	}) : null;
+	emitGatewayEvent = gatewayServer ? (event, payload) => {
+		gatewayServer.emitEvent(event, payload);
+	} : null;
 	gatewayServer?.start();
 	const healthPortRaw = process.env.HEALTH_PORT || "8787";
 	const healthPort = Number(healthPortRaw);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hovclaw",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "description": "Multi-channel AI agent gateway",
   "license": "MIT",
   "type": "module",