hyperclaw 4.0.1 → 4.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (148) hide show
  1. package/README.md +7 -4
  2. package/dist/a2ui-protocol-CT_jDEU9.js +75 -0
  3. package/dist/agents-routing-683Q2JGp.js +129 -0
  4. package/dist/agents-routing-BpZBswBH.js +4 -0
  5. package/dist/api-keys-guide-Dq5Obbp4.js +149 -0
  6. package/dist/audit-BYxPlnTQ.js +248 -0
  7. package/dist/bounty-tools-C6LyzxM-.js +211 -0
  8. package/dist/browser-tools-CQBSbIuO.js +5 -0
  9. package/dist/browser-tools-YQmwRLLM.js +179 -0
  10. package/dist/claw-tasks-BRLUvFRD.js +80 -0
  11. package/dist/connector-3HnyH8fn.js +167 -0
  12. package/dist/connector-6PMZo5Ky.js +189 -0
  13. package/dist/connector-B6eoF3DD.js +181 -0
  14. package/dist/connector-B9tLG8UZ.js +196 -0
  15. package/dist/connector-BOlqjXWP.js +182 -0
  16. package/dist/connector-BP8zsbP8.js +189 -0
  17. package/dist/connector-BPoSevxp.js +286 -0
  18. package/dist/connector-BRHj773i.js +163 -0
  19. package/dist/connector-BToxU-jV.js +267 -0
  20. package/dist/connector-BliDVsJQ.js +239 -0
  21. package/dist/connector-Bv6s9oP7.js +88 -0
  22. package/dist/connector-By5wWGTR.js +343 -0
  23. package/dist/connector-C1BaFFgN.js +213 -0
  24. package/dist/connector-CRRWY5Wv.js +167 -0
  25. package/dist/connector-CXPQVGyI.js +85 -0
  26. package/dist/connector-Cdk1CXKi.js +194 -0
  27. package/dist/connector-CwlgFgjx.js +181 -0
  28. package/dist/connector-DFchk6l7.js +178 -0
  29. package/dist/connector-DKw7tRAy.js +192 -0
  30. package/dist/connector-DRv1ahC_.js +2 -2
  31. package/dist/connector-DU63KW94.js +165 -0
  32. package/dist/connector-Dbvb1Cj9.js +280 -0
  33. package/dist/connector-DcZdQcgR.js +173 -0
  34. package/dist/connector-DxKL8VvZ.js +182 -0
  35. package/dist/connector-T_YdZtzv.js +162 -0
  36. package/dist/connector-i4gOS9xL.js +154 -0
  37. package/dist/connector-rHXE1ZD2.js +167 -0
  38. package/dist/connector-wdUXChwa.js +172 -0
  39. package/dist/cost-tracker-pVE15Yq4.js +103 -0
  40. package/dist/credentials-store-BvnMPJwi.js +4 -0
  41. package/dist/credentials-store-sb-TRLwR.js +77 -0
  42. package/dist/cron-tasks-BvDFNyiE.js +82 -0
  43. package/dist/delivery-D5Z98EVq.js +95 -0
  44. package/dist/delivery-DCOXhXEO.js +5 -0
  45. package/dist/destructive-gate-m-dWqUFg.js +101 -0
  46. package/dist/developer-keys-JaJK3T27.js +127 -0
  47. package/dist/developer-keys-kyqmtWK3.js +8 -0
  48. package/dist/doctor-3oi89QIc.js +175 -0
  49. package/dist/doctor-Cf1XSfp9.js +4 -0
  50. package/dist/engine-B4eMiTgl.js +7 -0
  51. package/dist/engine-B8M7dYul.js +7 -0
  52. package/dist/engine-BhT-1M9W.js +256 -0
  53. package/dist/engine-D49jnSd_.js +256 -0
  54. package/dist/env-resolve-DWOQ45jG.js +9 -0
  55. package/dist/env-resolve-szSWl0UF.js +94 -0
  56. package/dist/extraction-tools-D3qDFBJ1.js +91 -0
  57. package/dist/extraction-tools-DLr_AEwq.js +5 -0
  58. package/dist/form_data-B_hIUrxU.js +8657 -0
  59. package/dist/gmail-watch-setup-Czt8rXaX.js +40 -0
  60. package/dist/heartbeat-engine-CRqfPcFM.js +83 -0
  61. package/dist/hub-DTsqe5Bt.js +6 -0
  62. package/dist/hub-FrPTA33j.js +515 -0
  63. package/dist/hyperclawbot-D9KCtc4P.js +480 -0
  64. package/dist/hyperclawbot-Dw27pJo4.js +480 -0
  65. package/dist/inference-CTWJeX9Q.js +922 -0
  66. package/dist/inference-ix607p7k.js +6 -0
  67. package/dist/knowledge-graph-DqA-Fztl.js +131 -0
  68. package/dist/loader-CISCqBto.js +400 -0
  69. package/dist/loader-CYMQ8VOS.js +4 -0
  70. package/dist/logger-8tEtAd3y.js +83 -0
  71. package/dist/manager-CPjeRe-6.js +4 -0
  72. package/dist/manager-Cwzj7w5R.js +105 -0
  73. package/dist/manager-DLmZI-9R.js +6 -0
  74. package/dist/manager-DSGhn5i3.js +117 -0
  75. package/dist/manager-DgyF52mg.js +218 -0
  76. package/dist/manager-Dm8nrMFx.js +40 -0
  77. package/dist/mcp-B_9Ber63.js +139 -0
  78. package/dist/mcp-loader-DSM5UiFG.js +94 -0
  79. package/dist/mcp-loader-j5ZLLw5O.js +94 -0
  80. package/dist/memory-BI1kPkAN.js +4 -0
  81. package/dist/memory-BVFGkxxK.js +270 -0
  82. package/dist/memory-auto-Bc7euou4.js +306 -0
  83. package/dist/memory-auto-DPfbkMVt.js +5 -0
  84. package/dist/memory-integration-DZExqWr4.js +91 -0
  85. package/dist/moltbook-B6ZeGN5_.js +81 -0
  86. package/dist/node-pwL6O_KX.js +222 -0
  87. package/dist/nodes-registry-CsPm_-CJ.js +52 -0
  88. package/dist/oauth-flow-CpWlgvNB.js +150 -0
  89. package/dist/oauth-provider-BZb6qOw5.js +110 -0
  90. package/dist/observability-B43YvNQV.js +89 -0
  91. package/dist/onboard-Bd_wsYdi.js +4086 -0
  92. package/dist/onboard-CAN7x3me.js +3026 -0
  93. package/dist/onboard-DnegOHMh.js +4 -4
  94. package/dist/onboard-RYtDlYBw.js +9 -0
  95. package/dist/onboard-aTwlQs-4.js +9 -0
  96. package/dist/orchestrator-BSp2M5EU.js +189 -0
  97. package/dist/orchestrator-C7ko5tWa.js +6 -0
  98. package/dist/orchestrator-DfPkIx2Z.js +6 -0
  99. package/dist/orchestrator-NJQsmiBE.js +189 -0
  100. package/dist/pairing-DU0_J28n.js +87 -0
  101. package/dist/pairing-DWllbSbO.js +4 -0
  102. package/dist/pc-access-Ly-uA8mn.js +8 -0
  103. package/dist/pc-access-NxBvTrRj.js +819 -0
  104. package/dist/pending-approval-DIHvwwWS.js +22 -0
  105. package/dist/puppeteer-2o3QOwAy.js +2 -2
  106. package/dist/puppeteer-BYTMp3BI.js +2 -2
  107. package/dist/puppeteer-DQ45qwWk.js +2 -2
  108. package/dist/reminders-store-D79qdfN0.js +58 -0
  109. package/dist/renderer-pqlDRKbH.js +225 -0
  110. package/dist/rules-BooT_qFP.js +103 -0
  111. package/dist/run-main.js +289 -1031
  112. package/dist/runner-D1rjuMTJ.js +810 -0
  113. package/dist/sdk/index.js +2 -2
  114. package/dist/sdk/index.mjs +2 -2
  115. package/dist/security-C-5URby1.js +73 -0
  116. package/dist/security-_xve79aq.js +4 -0
  117. package/dist/server-0kgyELx4.js +1047 -0
  118. package/dist/server-BIuTobTC.js +4 -0
  119. package/dist/server-BRlCEjyT.js +1047 -0
  120. package/dist/server-CCI1hv45.js +2 -2
  121. package/dist/server-DU9POoWc.js +4 -0
  122. package/dist/session-store-CujxByI6.js +113 -0
  123. package/dist/session-store-qpJUg2M1.js +5 -0
  124. package/dist/sessions-tools-CB2qbwIk.js +5 -0
  125. package/dist/sessions-tools-DHMaTZIs.js +95 -0
  126. package/dist/skill-loader-BkceKkIg.js +7 -0
  127. package/dist/skill-loader-DhgIwK4J.js +159 -0
  128. package/dist/skill-runtime--LqxWrp5.js +102 -0
  129. package/dist/skill-runtime-C5l0Tgt-.js +5 -0
  130. package/dist/skill-runtime-DsXK_HYG.js +102 -0
  131. package/dist/skill-runtime-IVTiqrMR.js +5 -0
  132. package/dist/src-BEVLgaF1.js +63 -0
  133. package/dist/src-Bgu_OxTQ.js +458 -0
  134. package/dist/src-Bq-oKt7Z.js +458 -0
  135. package/dist/src-DWCUhnD4.js +20 -0
  136. package/dist/src-cfRTjFef.js +63 -0
  137. package/dist/sub-agent-tools-BD9DF8_g.js +39 -0
  138. package/dist/sub-agent-tools-V7b3T9_s.js +39 -0
  139. package/dist/tool-policy-DNvNRnve.js +189 -0
  140. package/dist/tts-elevenlabs-BUOGKL-k.js +61 -0
  141. package/dist/update-check-BD4qH7Am.js +81 -0
  142. package/dist/vision-DRq-f-Dj.js +121 -0
  143. package/dist/vision-tools-CFZEpQKm.js +5 -0
  144. package/dist/vision-tools-CQnBI9aa.js +51 -0
  145. package/dist/voice-transcription-CgWq54hn.js +138 -0
  146. package/dist/website-watch-tools-Bk_TnwuE.js +5 -0
  147. package/dist/website-watch-tools-DraMPxdl.js +139 -0
  148. package/package.json +1 -1
package/dist/cost-tracker-pVE15Yq4.js ADDED
@@ -0,0 +1,103 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+ const fs_extra = require_chunk.__toESM(require("fs-extra"));
3
+ const path = require_chunk.__toESM(require("path"));
4
+
5
+ //#region src/infra/cost-tracker.ts
6
+ /** Rough cost per 1M tokens by provider/model (Claude Sonnet ballpark). */
7
+ const DEFAULT_COST_PER_1M_INPUT = 3;
8
+ const DEFAULT_COST_PER_1M_OUTPUT = 15;
9
+ function estimateCost(usage, model) {
10
+ if (!usage) return 0;
11
+ const inp = (usage.input || 0) + (usage.cacheRead || 0);
12
+ const inputCost = inp / 1e6 * DEFAULT_COST_PER_1M_INPUT;
13
+ const outputCost = (usage.output || 0) / 1e6 * DEFAULT_COST_PER_1M_OUTPUT;
14
+ return inputCost + outputCost;
15
+ }
16
+ /** Path to cost log file for a session. */
17
+ function getCostLogPath(baseDir, sessionId) {
18
+ return path.default.join(baseDir, "costs", `session-${sessionId}.jsonl`);
19
+ }
20
+ /** Append a cost entry for a session. */
21
+ async function recordUsage(baseDir, sessionId, usage, opts) {
22
+ const costUsd = estimateCost(usage, opts?.model);
23
+ const entry = {
24
+ sessionId,
25
+ source: opts?.source,
26
+ tenantId: opts?.tenantId,
27
+ timestamp: (/* @__PURE__ */ new Date()).toISOString(),
28
+ usage,
29
+ costUsd,
30
+ model: opts?.model
31
+ };
32
+ const dir = path.default.join(baseDir, "costs");
33
+ await fs_extra.default.ensureDir(dir);
34
+ const fp = getCostLogPath(baseDir, sessionId);
35
+ await fs_extra.default.appendFile(fp, JSON.stringify(entry) + "\n");
36
+ }
37
+ /** Read and aggregate all entries for a session. */
38
+ async function getSessionSummary(baseDir, sessionId) {
39
+ const fp = getCostLogPath(baseDir, sessionId);
40
+ if (!await fs_extra.default.pathExists(fp)) return {
41
+ input: 0,
42
+ output: 0,
43
+ cacheRead: 0,
44
+ costUsd: 0,
45
+ runs: 0
46
+ };
47
+ const lines = (await fs_extra.default.readFile(fp, "utf8")).trim().split("\n").filter(Boolean);
48
+ let input = 0, output = 0, cacheRead = 0, costUsd = 0;
49
+ for (const line of lines) try {
50
+ const e = JSON.parse(line);
51
+ input += e.usage.input || 0;
52
+ output += e.usage.output || 0;
53
+ cacheRead += e.usage.cacheRead || 0;
54
+ costUsd += e.costUsd || 0;
55
+ } catch {}
56
+ return {
57
+ input,
58
+ output,
59
+ cacheRead,
60
+ costUsd,
61
+ runs: lines.length
62
+ };
63
+ }
64
+ /** Get global summary across all sessions. */
65
+ async function getGlobalSummary(baseDir) {
66
+ const dir = path.default.join(baseDir, "costs");
67
+ if (!await fs_extra.default.pathExists(dir)) return {
68
+ sessions: 0,
69
+ totalInput: 0,
70
+ totalOutput: 0,
71
+ totalCacheRead: 0,
72
+ totalCostUsd: 0,
73
+ totalRuns: 0
74
+ };
75
+ const files = (await fs_extra.default.readdir(dir)).filter((f) => f.startsWith("session-") && f.endsWith(".jsonl"));
76
+ let totalInput = 0, totalOutput = 0, totalCacheRead = 0, totalCostUsd = 0, totalRuns = 0;
77
+ for (const f of files) {
78
+ const fp = path.default.join(dir, f);
79
+ const content = await fs_extra.default.readFile(fp, "utf8").catch(() => "");
80
+ for (const line of content.trim().split("\n").filter(Boolean)) try {
81
+ const e = JSON.parse(line);
82
+ totalInput += e.usage.input || 0;
83
+ totalOutput += e.usage.output || 0;
84
+ totalCacheRead += e.usage.cacheRead || 0;
85
+ totalCostUsd += e.costUsd || 0;
86
+ totalRuns++;
87
+ } catch {}
88
+ }
89
+ return {
90
+ sessions: files.length,
91
+ totalInput,
92
+ totalOutput,
93
+ totalCacheRead,
94
+ totalCostUsd,
95
+ totalRuns
96
+ };
97
+ }
98
+
99
+ //#endregion
100
+ exports.estimateCost = estimateCost;
101
+ exports.getGlobalSummary = getGlobalSummary;
102
+ exports.getSessionSummary = getSessionSummary;
103
+ exports.recordUsage = recordUsage;
package/dist/credentials-store-BvnMPJwi.js ADDED
@@ -0,0 +1,4 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+ const require_credentials_store = require('./credentials-store-sb-TRLwR.js');
3
+
4
+ exports.CredentialsStore = require_credentials_store.CredentialsStore;
package/dist/credentials-store-sb-TRLwR.js ADDED
@@ -0,0 +1,77 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+ const chalk = require_chunk.__toESM(require("chalk"));
3
+ const fs_extra = require_chunk.__toESM(require("fs-extra"));
4
+ const path = require_chunk.__toESM(require("path"));
5
+ const os = require_chunk.__toESM(require("os"));
6
+
7
+ //#region src/secrets/credentials-store.ts
8
+ var CredentialsStore = class {
9
+ credsDir;
10
+ constructor(baseDir) {
11
+ this.credsDir = path.default.join(baseDir || path.default.join(os.default.homedir(), ".hyperclaw"), "credentials");
12
+ }
13
+ filePath(providerId) {
14
+ const safe = providerId.replace(/[^a-zA-Z0-9_-]/g, "_");
15
+ return path.default.join(this.credsDir, `${safe}.json`);
16
+ }
17
+ async set(providerId, creds) {
18
+ await fs_extra.default.ensureDir(this.credsDir);
19
+ await fs_extra.default.chmod(this.credsDir, 448);
20
+ const record = {
21
+ ...creds,
22
+ providerId,
23
+ updatedAt: (/* @__PURE__ */ new Date()).toISOString()
24
+ };
25
+ const fpath = this.filePath(providerId);
26
+ await fs_extra.default.writeJson(fpath, record, { spaces: 2 });
27
+ await fs_extra.default.chmod(fpath, 384);
28
+ }
29
+ async get(providerId) {
30
+ const fpath = this.filePath(providerId);
31
+ if (!await fs_extra.default.pathExists(fpath)) return null;
32
+ const stat = await fs_extra.default.stat(fpath);
33
+ if ((stat.mode & 63) !== 0) {
34
+ console.log(chalk.default.yellow(` ⚠ Unsafe permissions on credentials/${providerId}.json — fixing...`));
35
+ await fs_extra.default.chmod(fpath, 384);
36
+ }
37
+ return fs_extra.default.readJson(fpath);
38
+ }
39
+ async remove(providerId) {
40
+ const fpath = this.filePath(providerId);
41
+ await fs_extra.default.remove(fpath);
42
+ console.log(chalk.default.green(` ✔ Credentials removed: ${providerId}`));
43
+ }
44
+ async list() {
45
+ if (!await fs_extra.default.pathExists(this.credsDir)) return [];
46
+ const files = await fs_extra.default.readdir(this.credsDir);
47
+ return files.filter((f) => f.endsWith(".json")).map((f) => f.replace(".json", ""));
48
+ }
49
+ async showList() {
50
+ const providers = await this.list();
51
+ console.log(chalk.default.bold.cyan("\n 🔐 CREDENTIALS\n"));
52
+ if (providers.length === 0) {
53
+ console.log(chalk.default.gray(" No credentials stored.\n"));
54
+ console.log(chalk.default.gray(" Add with: hyperclaw auth add <service_id> (for any API key)\n"));
55
+ console.log(chalk.default.gray(" Or: hyperclaw secrets set KEY=value (for .env vars)\n"));
56
+ return;
57
+ }
58
+ for (const p of providers) {
59
+ const cred = await this.get(p);
60
+ const hasKey = !!cred?.apiKey;
61
+ const hasRefresh = !!cred?.refreshToken;
62
+ const expiry = cred?.expiresAt ? new Date(cred.expiresAt) > /* @__PURE__ */ new Date() ? chalk.default.green("valid") : chalk.default.red("expired") : chalk.default.gray("no expiry");
63
+ console.log(` ${chalk.default.green("●")} ${chalk.default.white(p.padEnd(20))} ${hasKey ? chalk.default.cyan("api_key") : ""}${hasRefresh ? chalk.default.yellow(" refresh_token") : ""} ${expiry}`);
64
+ console.log(` ${chalk.default.gray(`Updated: ${cred?.updatedAt ? new Date(cred.updatedAt).toLocaleString() : "unknown"}`)}`);
65
+ console.log();
66
+ }
67
+ console.log(chalk.default.gray(" credentials/ — stored at ~/.hyperclaw/credentials/*.json (mode 0600)\n"));
68
+ }
69
+ };
70
+
71
+ //#endregion
72
+ Object.defineProperty(exports, 'CredentialsStore', {
73
+ enumerable: true,
74
+ get: function () {
75
+ return CredentialsStore;
76
+ }
77
+ });
package/dist/cron-tasks-BvDFNyiE.js ADDED
@@ -0,0 +1,82 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+ const fs_extra = require_chunk.__toESM(require("fs-extra"));
3
+ const path = require_chunk.__toESM(require("path"));
4
+ const os = require_chunk.__toESM(require("os"));
5
+
6
+ //#region src/services/cron-tasks.ts
7
+ const CRON_TASKS_FILE = path.default.join(os.default.homedir(), ".hyperclaw", "cron-tasks.json");
8
+ let tasks = [];
9
+ async function loadCronTasks() {
10
+ try {
11
+ tasks = await fs_extra.default.readJson(CRON_TASKS_FILE);
12
+ } catch {
13
+ tasks = [];
14
+ }
15
+ return tasks;
16
+ }
17
+ async function saveCronTasks() {
18
+ await fs_extra.default.ensureDir(path.default.dirname(CRON_TASKS_FILE));
19
+ await fs_extra.default.writeJson(CRON_TASKS_FILE, tasks, { spaces: 2 });
20
+ }
21
+ function addCronTask(schedule, prompt, name) {
22
+ const id = `task-${Date.now().toString(36)}`;
23
+ const task = {
24
+ id,
25
+ schedule,
26
+ prompt,
27
+ name,
28
+ enabled: true,
29
+ createdAt: (/* @__PURE__ */ new Date()).toISOString()
30
+ };
31
+ tasks.push(task);
32
+ return task;
33
+ }
34
+ function removeCronTask(id) {
35
+ const i = tasks.findIndex((t) => t.id === id);
36
+ if (i >= 0) {
37
+ tasks.splice(i, 1);
38
+ return true;
39
+ }
40
+ return false;
41
+ }
42
+ async function runCronTask(task, port = 18789) {
43
+ const http = await import("http");
44
+ return new Promise((resolve, reject) => {
45
+ const payload = JSON.stringify({ message: task.prompt });
46
+ const req = http.request({
47
+ hostname: "127.0.0.1",
48
+ port,
49
+ path: "/api/webhook/inbound",
50
+ method: "POST",
51
+ headers: {
52
+ "Content-Type": "application/json",
53
+ "Content-Length": Buffer.byteLength(payload)
54
+ }
55
+ }, (res) => {
56
+ let data = "";
57
+ res.on("data", (c) => data += c);
58
+ res.on("end", async () => {
59
+ task.lastRunAt = (/* @__PURE__ */ new Date()).toISOString();
60
+ await saveCronTasks().catch(() => {});
61
+ resolve();
62
+ });
63
+ });
64
+ req.on("error", (e) => {
65
+ console.error(`[cron] task ${task.id} failed:`, e.message);
66
+ resolve();
67
+ });
68
+ req.setTimeout(6e4, () => {
69
+ req.destroy();
70
+ resolve();
71
+ });
72
+ req.write(payload);
73
+ req.end();
74
+ });
75
+ }
76
+
77
+ //#endregion
78
+ exports.addCronTask = addCronTask;
79
+ exports.loadCronTasks = loadCronTasks;
80
+ exports.removeCronTask = removeCronTask;
81
+ exports.runCronTask = runCronTask;
82
+ exports.saveCronTasks = saveCronTasks;
package/dist/delivery-D5Z98EVq.js ADDED
@@ -0,0 +1,95 @@
1
+
2
+ //#region src/channels/delivery.ts
3
+ /**
4
+
5
+ * src/channels/delivery.ts
6
+
7
+ * Delivery pipeline: queue retry, per-channel chunking, media handling.
8
+
9
+ */
10
+ const CHANNEL_MAX_LENGTH = {
11
+ telegram: 4096,
12
+ discord: 2e3,
13
+ whatsapp: 4096,
14
+ "whatsapp-baileys": 4096,
15
+ slack: 4e4,
16
+ googlechat: 4096,
17
+ msteams: 28e3,
18
+ matrix: 32768,
19
+ irc: 512,
20
+ mattermost: 16383,
21
+ signal: 4096,
22
+ line: 2e3,
23
+ twitch: 490,
24
+ viber: 7e3,
25
+ default: 4e3
26
+ };
27
+ function chunkForChannel(text, channelId) {
28
+ const max = CHANNEL_MAX_LENGTH[channelId] ?? CHANNEL_MAX_LENGTH.default;
29
+ if (text.length <= max) return [text];
30
+ const chunks = [];
31
+ let i = 0;
32
+ while (i < text.length) {
33
+ let end = Math.min(i + max, text.length);
34
+ if (end < text.length) {
35
+ const nl = text.lastIndexOf("\n", end);
36
+ if (nl > i) end = nl + 1;
37
+ }
38
+ chunks.push(text.slice(i, end));
39
+ i = end;
40
+ }
41
+ return chunks;
42
+ }
43
+ const DEFAULT_RETRIES = 3;
44
+ const DEFAULT_BACKOFF_MS = 1e3;
45
+ async function withRetry(fn, opts) {
46
+ const retries = opts?.retries ?? DEFAULT_RETRIES;
47
+ const backoff = opts?.backoffMs ?? DEFAULT_BACKOFF_MS;
48
+ let lastErr = null;
49
+ for (let i = 0; i <= retries; i++) try {
50
+ return await fn();
51
+ } catch (e) {
52
+ lastErr = e;
53
+ opts?.onRetry?.(i + 1, lastErr);
54
+ if (i < retries) await new Promise((r) => setTimeout(r, backoff * Math.pow(2, i)));
55
+ }
56
+ throw lastErr;
57
+ }
58
+ /** Enrich message text from voice note (transcribe if audioPath provided). */
59
+ async function enrichVoiceNote(msg) {
60
+ if (!msg.audioPath) return msg.text;
61
+ if (msg.text && msg.text !== "[voice note]") return msg.text;
62
+ try {
63
+ const { transcribeVoiceNote } = await Promise.resolve().then(() => require("./voice-transcription-CgWq54hn.js"));
64
+ const text = await transcribeVoiceNote(msg.audioPath);
65
+ return text || msg.text;
66
+ } catch (e) {
67
+ return `[Voice note — transcription failed: ${e.message}]`;
68
+ }
69
+ }
70
+
71
+ //#endregion
72
+ Object.defineProperty(exports, 'CHANNEL_MAX_LENGTH', {
73
+ enumerable: true,
74
+ get: function () {
75
+ return CHANNEL_MAX_LENGTH;
76
+ }
77
+ });
78
+ Object.defineProperty(exports, 'chunkForChannel', {
79
+ enumerable: true,
80
+ get: function () {
81
+ return chunkForChannel;
82
+ }
83
+ });
84
+ Object.defineProperty(exports, 'enrichVoiceNote', {
85
+ enumerable: true,
86
+ get: function () {
87
+ return enrichVoiceNote;
88
+ }
89
+ });
90
+ Object.defineProperty(exports, 'withRetry', {
91
+ enumerable: true,
92
+ get: function () {
93
+ return withRetry;
94
+ }
95
+ });
package/dist/delivery-DCOXhXEO.js ADDED
@@ -0,0 +1,5 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+ const require_delivery = require('./delivery-D5Z98EVq.js');
3
+
4
+ exports.enrichVoiceNote = require_delivery.enrichVoiceNote;
5
+ exports.withRetry = require_delivery.withRetry;
package/dist/destructive-gate-m-dWqUFg.js ADDED
@@ -0,0 +1,101 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+
3
+ //#region src/infra/destructive-gate.ts
4
+ function isDangerousShellCommand(cmd) {
5
+ const c = (cmd || "").trim();
6
+ for (const re of DANGEROUS_SHELL_PATTERNS) if (re.test(c)) return true;
7
+ return false;
8
+ }
9
+ /**
10
+
11
+ * Wrap tools so destructive ones are gated. When sessionId set, stores pending for confirm flow.
12
+
13
+ */
14
+ function applyDestructiveGate(tools, opts) {
15
+ const { elevated, source, sessionId } = opts;
16
+ const fromChannel = source && CHANNEL_SOURCES.has(source);
17
+ if (!fromChannel || elevated) return tools;
18
+ return tools.map((t) => {
19
+ if (DESTRUCTIVE_TOOLS.includes(t.name)) {
20
+ const orig = t.handler;
21
+ return {
22
+ ...t,
23
+ handler: async (input) => {
24
+ if (sessionId) {
25
+ const { setPending } = await Promise.resolve().then(() => require("./pending-approval-DIHvwwWS.js"));
26
+ setPending(sessionId, {
27
+ toolName: t.name,
28
+ input,
29
+ execute: () => orig(input)
30
+ });
31
+ return PENDING_MSG;
32
+ }
33
+ return BLOCKED_MSG;
34
+ }
35
+ };
36
+ }
37
+ if (t.name === "run_shell") {
38
+ const orig = t.handler;
39
+ return {
40
+ ...t,
41
+ handler: async (input) => {
42
+ const cmd = input.command || "";
43
+ if (isDangerousShellCommand(cmd)) {
44
+ if (sessionId) {
45
+ const { setPending } = await Promise.resolve().then(() => require("./pending-approval-DIHvwwWS.js"));
46
+ setPending(sessionId, {
47
+ toolName: "run_shell",
48
+ input,
49
+ execute: () => orig(input)
50
+ });
51
+ return PENDING_MSG;
52
+ }
53
+ return BLOCKED_MSG;
54
+ }
55
+ return orig(input);
56
+ }
57
+ };
58
+ }
59
+ return t;
60
+ });
61
+ }
62
+ var DESTRUCTIVE_TOOLS, DANGEROUS_SHELL_PATTERNS, CHANNEL_SOURCES, BLOCKED_MSG, PENDING_MSG;
63
+ var init_destructive_gate = require_chunk.__esm({ "src/infra/destructive-gate.ts"() {
64
+ DESTRUCTIVE_TOOLS = ["delete_file", "kill_process"];
65
+ DANGEROUS_SHELL_PATTERNS = [
66
+ /\brm\s+-[rf]\b|\brm\s+--recursive|\brm\s+-rf\b/,
67
+ /\bmkfs\.|format\s+/i,
68
+ /\bdd\s+if=/,
69
+ /\b>\/dev\/sd[a-z]/,
70
+ /\bshutdown\s+-/,
71
+ /\breboot\b/i,
72
+ /\b:\(\)\s*\{\s*:\s*\|\s*:\s*&\s*\}/,
73
+ /\bcurl\s+.*\s*\|\s*sh\b/,
74
+ /\bwget\s+.*\s*\|\s*(bash|sh)\b/
75
+ ];
76
+ CHANNEL_SOURCES = new Set([
77
+ "telegram",
78
+ "discord",
79
+ "whatsapp",
80
+ "slack",
81
+ "signal",
82
+ "matrix",
83
+ "line",
84
+ "nostr",
85
+ "feishu",
86
+ "msteams",
87
+ "teams",
88
+ "instagram",
89
+ "messenger",
90
+ "twitter",
91
+ "viber",
92
+ "zalo",
93
+ "webhook:inbound"
94
+ ]);
95
+ BLOCKED_MSG = "Blocked: destructive action requires elevated session. Use \"elevate\" or run from CLI with full access.";
96
+ PENDING_MSG = "This action requires confirmation. Ask the user to reply \"confirm\" to proceed.";
97
+ } });
98
+
99
+ //#endregion
100
+ init_destructive_gate();
101
+ exports.applyDestructiveGate = applyDestructiveGate;
package/dist/developer-keys-JaJK3T27.js ADDED
@@ -0,0 +1,127 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+ const require_paths = require('./paths-AIyBxIzm.js');
3
+ const fs_extra = require_chunk.__toESM(require("fs-extra"));
4
+ const path = require_chunk.__toESM(require("path"));
5
+ const crypto = require_chunk.__toESM(require("crypto"));
6
+
7
+ //#region src/infra/developer-keys.ts
8
+ require_paths.init_paths();
9
+ const KEYS_FILE = "developer-keys.json";
10
+ function getKeysPath(baseDir) {
11
+ const root = baseDir ?? require_paths.getHyperClawDir();
12
+ return path.default.join(root, KEYS_FILE);
13
+ }
14
+ function hashKey(key) {
15
+ return crypto.default.createHash("sha256").update(key, "utf8").digest("hex");
16
+ }
17
+ function generateKey() {
18
+ return `hc_${crypto.default.randomBytes(24).toString("base64url")}`;
19
+ }
20
+ async function loadKeys(baseDir) {
21
+ const fp = getKeysPath(baseDir);
22
+ if (!await fs_extra.default.pathExists(fp)) return [];
23
+ try {
24
+ const data = await fs_extra.default.readJson(fp);
25
+ return Array.isArray(data.keys) ? data.keys : [];
26
+ } catch {
27
+ return [];
28
+ }
29
+ }
30
+ async function saveKeys(keys, baseDir) {
31
+ const fp = getKeysPath(baseDir);
32
+ const dir = path.default.dirname(fp);
33
+ await fs_extra.default.ensureDir(dir);
34
+ await fs_extra.default.writeJson(fp, {
35
+ keys,
36
+ updatedAt: (/* @__PURE__ */ new Date()).toISOString()
37
+ }, { spaces: 2 });
38
+ }
39
+ /** Create a new developer key. Returns the raw key (show once). Optional tenantId for multi-tenant. */
40
+ async function createDeveloperKey(name, opts) {
41
+ const rawKey = generateKey();
42
+ const keyHash = hashKey(rawKey);
43
+ const id = `key_${crypto.default.randomBytes(8).toString("hex")}`;
44
+ const entry = {
45
+ id,
46
+ name: name || "Unnamed",
47
+ keyHash,
48
+ tenantId: opts?.tenantId,
49
+ createdAt: (/* @__PURE__ */ new Date()).toISOString()
50
+ };
51
+ const keys = await loadKeys(opts?.baseDir);
52
+ keys.push(entry);
53
+ await saveKeys(keys, opts?.baseDir);
54
+ return {
55
+ id,
56
+ key: rawKey,
57
+ name: entry.name,
58
+ tenantId: entry.tenantId
59
+ };
60
+ }
61
+ /** List developer keys (without raw keys). Optional tenantId filter. */
62
+ async function listDeveloperKeys(opts) {
63
+ let keys = await loadKeys(opts?.baseDir);
64
+ if (opts?.tenantId) keys = keys.filter((k) => k.tenantId === opts.tenantId);
65
+ return keys.map((k) => ({
66
+ id: k.id,
67
+ name: k.name,
68
+ tenantId: k.tenantId,
69
+ createdAt: k.createdAt,
70
+ lastUsedAt: k.lastUsedAt
71
+ }));
72
+ }
73
+ /** Revoke a developer key by id. */
74
+ async function revokeDeveloperKey(id) {
75
+ const keys = await loadKeys();
76
+ const before = keys.length;
77
+ const filtered = keys.filter((k) => k.id !== id);
78
+ if (filtered.length === before) return false;
79
+ await saveKeys(filtered);
80
+ return true;
81
+ }
82
+ /**
83
+
84
+ * Validate a Bearer token. Returns { valid: true, tenantId?: string } or { valid: false }.
85
+
86
+ * Use with gateway token check: valid = gatewayToken OR result.valid.
87
+
88
+ */
89
+ async function validateDeveloperKey(bearer, opts) {
90
+ if (!bearer || bearer.length < 20) return { valid: false };
91
+ const keys = await loadKeys(opts?.baseDir);
92
+ const hash = hashKey(bearer);
93
+ const idx = keys.findIndex((k) => k.keyHash === hash);
94
+ if (idx < 0) return { valid: false };
95
+ keys[idx].lastUsedAt = (/* @__PURE__ */ new Date()).toISOString();
96
+ await saveKeys(keys, opts?.baseDir).catch(() => {});
97
+ return {
98
+ valid: true,
99
+ tenantId: keys[idx].tenantId
100
+ };
101
+ }
102
+
103
+ //#endregion
104
+ Object.defineProperty(exports, 'createDeveloperKey', {
105
+ enumerable: true,
106
+ get: function () {
107
+ return createDeveloperKey;
108
+ }
109
+ });
110
+ Object.defineProperty(exports, 'listDeveloperKeys', {
111
+ enumerable: true,
112
+ get: function () {
113
+ return listDeveloperKeys;
114
+ }
115
+ });
116
+ Object.defineProperty(exports, 'revokeDeveloperKey', {
117
+ enumerable: true,
118
+ get: function () {
119
+ return revokeDeveloperKey;
120
+ }
121
+ });
122
+ Object.defineProperty(exports, 'validateDeveloperKey', {
123
+ enumerable: true,
124
+ get: function () {
125
+ return validateDeveloperKey;
126
+ }
127
+ });
package/dist/developer-keys-kyqmtWK3.js ADDED
@@ -0,0 +1,8 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+ require('./paths-AIyBxIzm.js');
3
+ const require_developer_keys = require('./developer-keys-JaJK3T27.js');
4
+
5
+ exports.createDeveloperKey = require_developer_keys.createDeveloperKey;
6
+ exports.listDeveloperKeys = require_developer_keys.listDeveloperKeys;
7
+ exports.revokeDeveloperKey = require_developer_keys.revokeDeveloperKey;
8
+ exports.validateDeveloperKey = require_developer_keys.validateDeveloperKey;