hyperclaw 4.0.0 → 4.0.2

package/dist/engine-D49jnSd_.js

@@ -0,0 +1,256 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_paths = require('./paths-AIyBxIzm.js');
+const require_src = require('./src-BeacbqsZ.js');
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+
+//#region packages/core/src/agent/engine.ts
+/**
+
+* Load workspace context: SOUL, AGENTS, MEMORY + custom .md
+
+*/
+async function loadWorkspaceContext(hcDir) {
+	const dir = hcDir || require_paths.getHyperClawDir();
+	let context = "";
+	const core = [
+		"SOUL.md",
+		"AGENTS.md",
+		"MEMORY.md"
+	];
+	for (const f of core) {
+		const fp = path.default.join(dir, f);
+		if (fs_extra.default.pathExistsSync(fp)) context += `## ${f}\n${fs_extra.default.readFileSync(fp, "utf8")}\n\n`;
+	}
+	try {
+		const entries = fs_extra.default.readdirSync(dir);
+		for (const f of entries) if (f.endsWith(".md") && !core.includes(f)) {
+			const fp = path.default.join(dir, f);
+			if (fs_extra.default.statSync(fp).isFile()) context += `## ${f}\n${fs_extra.default.readFileSync(fp, "utf8")}\n\n`;
+		}
+	} catch {}
+	return context;
+}
+/**
+
+* Load skills context (bundled + workspace)
+
+*/
+async function loadSkillsContext() {
+	const { loadSkills, buildSkillsContext } = await Promise.resolve().then(() => require("./skill-loader-CSxIAcTC.js"));
+	const skills = await loadSkills();
+	return skills.length > 0 ? buildSkillsContext(skills) : "";
+}
+/**
+
+* Resolve tools with policy, PC access, elevation.
+
+*/
+async function resolveTools(opts) {
+	const { config, source, elevated, sessionId, daemonMode, activeServer } = opts;
+	const cfg = config;
+	const sandboxNonMain = cfg?.agents?.defaults?.sandbox?.mode === "non-main" && source && CHANNEL_SOURCES.includes(source);
+	const { loadPCAccessConfig, getPCAccessTools } = await Promise.resolve().then(() => require("./pc-access-CWMHxZBx.js"));
+	const pcCfg = await loadPCAccessConfig({ daemonMode });
+	const dockerSandbox = cfg?.tools?.dockerSandbox?.enabled === true;
+	const pcTools = pcCfg.enabled && (!sandboxNonMain || elevated) ? getPCAccessTools({ dockerSandbox }) : [];
+	const { getSessionsTools } = await Promise.resolve().then(() => require("./sessions-tools-B13hjhhG.js"));
+	const sessionsTools = getSessionsTools(() => activeServer ?? null, sessionId);
+	const { InferenceEngine, getBuiltinTools } = await Promise.resolve().then(() => require("./inference-CDtB9dNd.js"));
+	const { getSubAgentTools } = await Promise.resolve().then(() => require("./sub-agent-tools-V7b3T9_s.js"));
+	const { getBrowserTools } = await Promise.resolve().then(() => require("./browser-tools-DOFkCYnC.js"));
+	const { getExtractionTools } = await Promise.resolve().then(() => require("./extraction-tools-DWfufFcw.js"));
+	const { getWebsiteWatchTools } = await Promise.resolve().then(() => require("./website-watch-tools-CVok-ly5.js"));
+	const { getVisionTools } = await Promise.resolve().then(() => require("./vision-tools-6pIIoflu.js"));
+	const { getBountyTools } = await Promise.resolve().then(() => require("./bounty-tools-DzvwDJ7r.js"));
+	const { loadMCPTools } = await Promise.resolve().then(() => require("./mcp-loader-j5ZLLw5O.js"));
+	const { applyToolPolicy } = await Promise.resolve().then(() => require("./tool-policy-CFF-d5fs.js"));
+	const isLocal = cfg?.provider?.providerId === "local" || cfg?.provider?.providerId === "ollama";
+	const provider = cfg?.provider?.providerId === "anthropic" ? "anthropic" : cfg?.provider?.providerId === "custom" || isLocal ? "custom" : "openrouter";
+	const visionProvider = cfg?.provider?.providerId === "custom" || isLocal ? "openrouter" : provider === "anthropic" ? "anthropic" : "openrouter";
+	const apiKey = await (await Promise.resolve().then(() => require("./env-resolve-BazAsaKp.js"))).getProviderCredentialAsync(cfg);
+	const visionTools = getVisionTools({
+		apiKey: apiKey || "",
+		provider: visionProvider
+	});
+	const bountyTools = getBountyTools(cfg);
+	let skillInvokeTools = [];
+	try {
+		const { loadSkills } = await Promise.resolve().then(() => require("./skill-loader-CSxIAcTC.js"));
+		const { getSkillInvokeTools } = await Promise.resolve().then(() => require("./skill-runtime-IVTiqrMR.js"));
+		const loaded = await loadSkills();
+		skillInvokeTools = getSkillInvokeTools(loaded);
+	} catch {}
+	let allTools = [
+		...getBuiltinTools(),
+		...getSubAgentTools(),
+		...sessionsTools,
+		...pcTools,
+		...getBrowserTools(),
+		...getExtractionTools(),
+		...getWebsiteWatchTools(),
+		...visionTools,
+		...bountyTools,
+		...skillInvokeTools
+	];
+	try {
+		const mcpTools = await loadMCPTools();
+		if (mcpTools.length > 0) allTools = [...allTools, ...mcpTools];
+	} catch {}
+	const policyConfig = cfg?.tools ? {
+		profile: cfg.tools.profile,
+		allow: cfg.tools.allow ?? cfg.tools.allowlist,
+		deny: cfg.tools.deny ?? cfg.tools.blocklist,
+		byProvider: cfg.tools.byProvider
+	} : void 0;
+	let tools = applyToolPolicy(allTools, policyConfig, {
+		provider: cfg?.provider?.providerId === "anthropic" ? "anthropic" : "openrouter",
+		model: cfg?.provider?.modelId
+	});
+	const { applyDestructiveGate } = await Promise.resolve().then(() => require("./destructive-gate-Z9gt4KmW.js"));
+	tools = applyDestructiveGate(tools, {
+		elevated: elevated ?? false,
+		source,
+		sessionId
+	});
+	return tools;
+}
+/**
+
+* Run agent: context + tools + inference.
+
+*/
+async function runAgentEngine(message, opts) {
+	const cfg = await fs_extra.default.readJson(require_paths.getConfigPath()).catch(() => ({}));
+	const isLocalProvider = cfg?.provider?.providerId === "local" || cfg?.provider?.providerId === "ollama";
+	const apiKey = await (await Promise.resolve().then(() => require("./env-resolve-BazAsaKp.js"))).getProviderCredentialAsync(cfg);
+	if (!apiKey && !isLocalProvider) return {
+		text: "No API key configured. Run: hyperclaw config set-key",
+		error: "no_api_key"
+	};
+	const sid = opts.sessionId;
+	if (sid && opts.appendTranscript) opts.appendTranscript(sid, "user", message);
+	let context = await loadWorkspaceContext(opts.workspace);
+	try {
+		const { getContextSummary } = await Promise.resolve().then(() => require("./knowledge-graph-B5jEPEZJ.js"));
+		const kg = await getContextSummary(25);
+		if (kg) context += kg + "\n\n";
+	} catch {}
+	context += await loadSkillsContext();
+	const serviceKeys = cfg?.skills?.apiKeys ? Object.keys(cfg.skills.apiKeys) : [];
+	if (serviceKeys.length > 0) context += `\n## Service API Keys (configured)\nAvailable for research/skills: ${serviceKeys.join(", ")}. Use hackerone_list_programs, bugcrowd_list_programs, synack_list_targets when applicable, or create_skill for custom integrations.\n\n`;
+	const tools = await resolveTools({
+		config: cfg,
+		source: opts.source,
+		elevated: opts.elevated,
+		sessionId: sid,
+		daemonMode: opts.daemonMode,
+		activeServer: opts.activeServer
+	});
+	const rawModel = opts.modelOverride || cfg?.provider?.modelId || "claude-sonnet-4-5";
+	const isLocal2 = cfg?.provider?.providerId === "local" || cfg?.provider?.providerId === "ollama";
+	const model = rawModel.startsWith("ollama/") ? rawModel.slice(7) : rawModel;
+	const provider = cfg?.provider?.providerId === "anthropic" ? "anthropic" : cfg?.provider?.providerId === "custom" || isLocal2 ? "custom" : "openrouter";
+	const ollamaBaseUrl = isLocal2 ? cfg?.provider?.baseUrl || "http://localhost:11434/v1" : void 0;
+	const thinkingBudget = opts.thinkingBudget ?? 0;
+	const maxTokens = thinkingBudget > 0 ? thinkingBudget + 4096 : 4096;
+	try {
+		const { InferenceEngine } = await Promise.resolve().then(() => require("./inference-CDtB9dNd.js"));
+		const engineOpts = {
+			model,
+			apiKey,
+			provider,
+			system: context || void 0,
+			tools,
+			maxTokens,
+			onToken: opts.onToken ?? (() => {}),
+			onThinking: opts.onThinking,
+			onToolCall: opts.onToolCall,
+			onToolResult: opts.onToolResult,
+			...provider === "custom" ? { baseUrl: ollamaBaseUrl || cfg?.provider?.baseUrl || "" } : {},
+			...thinkingBudget > 0 && (model.includes("claude") || model.includes("anthropic")) ? { thinking: { budget_tokens: thinkingBudget } } : {}
+		};
+		const engine = new InferenceEngine(engineOpts);
+		const result = await engine.run([{
+			role: "user",
+			content: message
+		}]);
+		const text = result.text || "(empty)";
+		if (sid && opts.appendTranscript) opts.appendTranscript(sid, "assistant", text);
+		try {
+			const { AutoMemory } = await Promise.resolve().then(() => require("./memory-auto-psh0i3fs.js"));
+			const mem = new AutoMemory({ extractEveryNTurns: 1 });
+			mem.addTurn("user", message);
+			mem.addTurn("assistant", text);
+			await mem.extract();
+		} catch {}
+		opts.onDone?.(text);
+		opts.onRunEnd?.(result.usage);
+		return {
+			text,
+			usage: result.usage
+		};
+	} catch (e) {
+		const errText = `Error: ${e.message}`;
+		opts.onDone?.(errText);
+		opts.onRunEnd?.(void 0, e.message);
+		return {
+			text: errText,
+			error: e.message
+		};
+	}
+}
+var CHANNEL_SOURCES;
+var init_engine = require_chunk.__esm({ "packages/core/src/agent/engine.ts"() {
+	require_src.init_src();
+	CHANNEL_SOURCES = [
+		"telegram",
+		"discord",
+		"whatsapp",
+		"slack",
+		"signal",
+		"matrix",
+		"line",
+		"nostr",
+		"feishu",
+		"msteams",
+		"teams",
+		"instagram",
+		"messenger",
+		"twitter",
+		"viber",
+		"zalo"
+	];
+} });
+
+//#endregion
+Object.defineProperty(exports, 'init_engine', {
+  enumerable: true,
+  get: function () {
+    return init_engine;
+  }
+});
+Object.defineProperty(exports, 'loadSkillsContext', {
+  enumerable: true,
+  get: function () {
+    return loadSkillsContext;
+  }
+});
+Object.defineProperty(exports, 'loadWorkspaceContext', {
+  enumerable: true,
+  get: function () {
+    return loadWorkspaceContext;
+  }
+});
+Object.defineProperty(exports, 'resolveTools', {
+  enumerable: true,
+  get: function () {
+    return resolveTools;
+  }
+});
+Object.defineProperty(exports, 'runAgentEngine', {
+  enumerable: true,
+  get: function () {
+    return runAgentEngine;
+  }
+});

package/dist/env-resolve-DWOQ45jG.js

@@ -0,0 +1,9 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_env_resolve = require('./env-resolve-szSWl0UF.js');
+
+require_env_resolve.init_env_resolve();
+exports.getProviderCredentialAsync = require_env_resolve.getProviderCredentialAsync;
+exports.resolveChannelToken = require_env_resolve.resolveChannelToken;
+exports.resolveGatewayToken = require_env_resolve.resolveGatewayToken;
+exports.resolveProviderApiKey = require_env_resolve.resolveProviderApiKey;
+exports.resolveServiceApiKey = require_env_resolve.resolveServiceApiKey;

package/dist/env-resolve-szSWl0UF.js

@@ -0,0 +1,94 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+
+//#region src/infra/env-resolve.ts
+function resolveGatewayToken(authTokenFromConfig) {
+	return authTokenFromConfig || process.env.HYPERCLAW_GATEWAY_TOKEN || "";
+}
+function resolveProviderApiKey(cfg) {
+	if (!cfg) return "";
+	const key = cfg.provider?.apiKey;
+	if (key) return key;
+	const pid = cfg.provider?.providerId || "openrouter";
+	switch (pid) {
+		case "openrouter": return process.env.OPENROUTER_API_KEY || "";
+		case "anthropic": return process.env.ANTHROPIC_API_KEY || "";
+		case "openai": return process.env.OPENAI_API_KEY || "";
+		case "xai": return process.env.XAI_API_KEY || "";
+		case "google": return process.env.GOOGLE_AI_API_KEY || "";
+		case "custom": return "";
+		default: return process.env.OPENROUTER_API_KEY || process.env.ANTHROPIC_API_KEY || "";
+	}
+}
+/** Resolve API key or OAuth access token (async). Use this when provider.authType may be 'oauth'. */
+async function getProviderCredentialAsync(cfg) {
+	if (!cfg?.provider) return "";
+	if (cfg.provider.authType === "oauth") {
+		const { getProviderCredentialAsync: getOAuth } = await Promise.resolve().then(() => require("./oauth-provider-BZb6qOw5.js"));
+		return getOAuth(cfg);
+	}
+	return resolveProviderApiKey(cfg);
+}
+/** Resolve API key for a service (bug bounty, research apps, etc.). Config first, then env. */
+function resolveServiceApiKey(serviceId, cfg) {
+	const key = cfg?.skills?.apiKeys?.[serviceId];
+	if (key) return key;
+	const envKey = SERVICE_ENV[serviceId] || `${serviceId.toUpperCase().replace(/-/g, "_")}_API_KEY`;
+	return process.env[envKey] || process.env[envKey.replace(/-/g, "_")] || "";
+}
+function resolveChannelToken(channelId, tokenFromConfig) {
+	if (tokenFromConfig) return tokenFromConfig;
+	const envKey = CHANNEL_ENV[channelId] || `${channelId.toUpperCase().replace(/-/g, "_")}_BOT_TOKEN`;
+	return process.env[envKey] || process.env[`${channelId.toUpperCase()}_BOT_TOKEN`] || "";
+}
+var CHANNEL_ENV, SERVICE_ENV;
+var init_env_resolve = require_chunk.__esm({ "src/infra/env-resolve.ts"() {
+	CHANNEL_ENV = {
+		telegram: "TELEGRAM_BOT_TOKEN",
+		discord: "DISCORD_BOT_TOKEN",
+		slack: "SLACK_BOT_TOKEN"
+	};
+	SERVICE_ENV = {
+		hackerone: "HACKERONE_API_USERNAME",
+		"hackerone-token": "HACKERONE_API_TOKEN",
+		bugcrowd: "BUGCROWD_API_TOKEN",
+		synack: "SYNACK_API_TOKEN"
+	};
+} });
+
+//#endregion
+Object.defineProperty(exports, 'getProviderCredentialAsync', {
+  enumerable: true,
+  get: function () {
+    return getProviderCredentialAsync;
+  }
+});
+Object.defineProperty(exports, 'init_env_resolve', {
+  enumerable: true,
+  get: function () {
+    return init_env_resolve;
+  }
+});
+Object.defineProperty(exports, 'resolveChannelToken', {
+  enumerable: true,
+  get: function () {
+    return resolveChannelToken;
+  }
+});
+Object.defineProperty(exports, 'resolveGatewayToken', {
+  enumerable: true,
+  get: function () {
+    return resolveGatewayToken;
+  }
+});
+Object.defineProperty(exports, 'resolveProviderApiKey', {
+  enumerable: true,
+  get: function () {
+    return resolveProviderApiKey;
+  }
+});
+Object.defineProperty(exports, 'resolveServiceApiKey', {
+  enumerable: true,
+  get: function () {
+    return resolveServiceApiKey;
+  }
+});

package/dist/extraction-tools-D3qDFBJ1.js

@@ -0,0 +1,91 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+const os = require_chunk.__toESM(require("os"));
+
+//#region packages/core/src/agent/extraction-tools.ts
+function safeRequire(id) {
+	try {
+		return require(id);
+	} catch {
+		return null;
+	}
+}
+function getExtractionTools() {
+	return [{
+		name: "extract_pdf",
+		description: "Extract text and structure from a PDF file. Returns full text content. Use for documents, forms, reports.",
+		input_schema: {
+			type: "object",
+			properties: { path: {
+				type: "string",
+				description: "Path to PDF file (absolute or ~)"
+			} },
+			required: ["path"]
+		},
+		handler: async (input) => {
+			const filePath = input.path.replace(/^~/, os.default.homedir());
+			if (!await fs_extra.default.pathExists(filePath)) return `Error: File not found: ${filePath}`;
+			const pdfParse = safeRequire("pdf-parse");
+			if (!pdfParse) return "Error: pdf-parse not installed. Run: npm install pdf-parse";
+			try {
+				const buf = await fs_extra.default.readFile(filePath);
+				const data = await pdfParse(buf);
+				const text = (data.text || "").trim().slice(0, 5e4);
+				return `Pages: ${data.numpages || "?"}\n\n${text || "(no extractable text)"}`;
+			} catch (e) {
+				return `Error: ${e.message}`;
+			}
+		}
+	}, {
+		name: "extract_spreadsheet",
+		description: "Extract data from Excel (.xlsx, .xls) or CSV. Returns sheet names and cell content as structured text.",
+		input_schema: {
+			type: "object",
+			properties: { path: {
+				type: "string",
+				description: "Path to spreadsheet (xlsx, xls, csv)"
+			} },
+			required: ["path"]
+		},
+		handler: async (input) => {
+			const filePath = input.path.replace(/^~/, os.default.homedir());
+			if (!await fs_extra.default.pathExists(filePath)) return `Error: File not found: ${filePath}`;
+			const ext = path.default.extname(filePath).toLowerCase();
+			if (ext === ".csv") {
+				const content = await fs_extra.default.readFile(filePath, "utf8");
+				return content.slice(0, 5e4);
+			}
+			const XLSX = safeRequire("xlsx");
+			if (!XLSX) return "Error: xlsx not installed. Run: npm install xlsx";
+			try {
+				const buf = await fs_extra.default.readFile(filePath);
+				const wb = XLSX.read(buf, { type: "buffer" });
+				const parts = [];
+				for (const name of wb.SheetNames) {
+					const sheet = wb.Sheets[name];
+					const arr = XLSX.utils.sheet_to_csv(sheet);
+					parts.push(`Sheet: ${name}\n${arr.slice(0, 2e4)}`);
+				}
+				return parts.join("\n\n---\n\n").slice(0, 5e4);
+			} catch (e) {
+				return `Error: ${e.message}`;
+			}
+		}
+	}];
+}
+var init_extraction_tools = require_chunk.__esm({ "packages/core/src/agent/extraction-tools.ts"() {} });
+
+//#endregion
+Object.defineProperty(exports, 'getExtractionTools', {
+  enumerable: true,
+  get: function () {
+    return getExtractionTools;
+  }
+});
+Object.defineProperty(exports, 'init_extraction_tools', {
+  enumerable: true,
+  get: function () {
+    return init_extraction_tools;
+  }
+});

package/dist/extraction-tools-DLr_AEwq.js

@@ -0,0 +1,5 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_extraction_tools = require('./extraction-tools-D3qDFBJ1.js');
+
+require_extraction_tools.init_extraction_tools();
+exports.getExtractionTools = require_extraction_tools.getExtractionTools;