hyperclaw 4.0.1 → 4.0.2

package/dist/bounty-tools-C6LyzxM-.js

@@ -0,0 +1,211 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_env_resolve = require('./env-resolve-szSWl0UF.js');
+const https = require_chunk.__toESM(require("https"));
+
+//#region packages/core/src/agent/bounty-tools.ts
+function fetchJson(url, auth) {
+	return new Promise((resolve, reject) => {
+		const u = new URL(url);
+		const opts = {
+			hostname: u.hostname,
+			port: 443,
+			path: u.pathname + u.search,
+			method: "GET",
+			headers: { "Accept": "application/json" }
+		};
+		if (auth) {
+			const h = opts.headers;
+			if (auth.startsWith("Basic ") || auth.startsWith("Token ") || auth.startsWith("Bearer ")) h["Authorization"] = auth;
+			else h["Authorization"] = `Basic ${Buffer.from(auth).toString("base64")}`;
+		}
+		https.default.get(opts, (res) => {
+			let data = "";
+			res.on("data", (c) => data += c);
+			res.on("end", () => {
+				try {
+					resolve(JSON.parse(data || "{}"));
+				} catch {
+					resolve({});
+				}
+			});
+		}).on("error", reject);
+	});
+}
+function getBountyTools(cfg) {
+	const hackeroneKey = require_env_resolve.resolveServiceApiKey("hackerone", cfg);
+	const bugcrowdKey = require_env_resolve.resolveServiceApiKey("bugcrowd", cfg);
+	const synackKey = require_env_resolve.resolveServiceApiKey("synack", cfg);
+	const tools = [];
+	if (hackeroneKey) tools.push({
+		name: "hackerone_list_programs",
+		description: "List HackerOne programs you have access to. Use for bug bounty research.",
+		input_schema: {
+			type: "object",
+			properties: { limit: {
+				type: "string",
+				description: "Max programs (default 20)"
+			} }
+		},
+		handler: async (input) => {
+			try {
+				const auth = Buffer.from(hackeroneKey.includes(":") ? hackeroneKey : `:${hackeroneKey}`).toString("base64");
+				const body = await fetchJson("https://api.hackerone.com/v1/hackers/programs", `Basic ${auth}`);
+				const progs = body.data || [];
+				const limit = parseInt(input.limit || "20", 10);
+				return progs.slice(0, limit).map((p) => {
+					const attrs = p.attributes;
+					return `- ${attrs?.name || p.id} (${attrs?.state || "?"})`;
+				}).join("\n") || "No programs found.";
+			} catch (e) {
+				return `Error: ${e.message}. Check HackerOne API key (username:token).`;
+			}
+		}
+	});
+	if (bugcrowdKey) tools.push({
+		name: "bugcrowd_list_programs",
+		description: "List Bugcrowd programs. Use for bug bounty research.",
+		input_schema: {
+			type: "object",
+			properties: { limit: {
+				type: "string",
+				description: "Max programs (default 20)"
+			} }
+		},
+		handler: async (input) => {
+			try {
+				const auth = bugcrowdKey.startsWith("Token ") ? bugcrowdKey : `Token ${bugcrowdKey}`;
+				const body = await fetchJson("https://api.bugcrowd.com/programs", auth);
+				const progs = (body && typeof body === "object" && "data" in body ? body.data : body) || [];
+				const arr = Array.isArray(progs) ? progs : [progs];
+				const limit = parseInt(input.limit || "20", 10);
+				return arr.slice(0, limit).map((p) => {
+					const attrs = p.attributes;
+					const name = attrs?.name || p.name || p.id || "?";
+					const links = p.links;
+					const linkUrl = links?.self || p.url || "";
+					return `- ${name} ${linkUrl ? `(${linkUrl})` : ""}`;
+				}).join("\n") || JSON.stringify(body).slice(0, 500);
+			} catch (e) {
+				return `Error: ${e.message}. Check Bugcrowd API token.`;
+			}
+		}
+	});
+	if (synackKey) tools.push({
+		name: "synack_list_targets",
+		description: "List Synack targets you have access to. Use for bug bounty research.",
+		input_schema: {
+			type: "object",
+			properties: {}
+		},
+		handler: async () => {
+			try {
+				const body = await fetchJson("https://api.synack.com/api/targets", `Bearer ${synackKey}`);
+				const targets = body.targets || body || [];
+				const arr = Array.isArray(targets) ? targets : [targets];
+				return arr.slice(0, 20).map((t) => `- ${t.name || t.slug || t.id || "?"}`).join("\n") || "No targets or check Synack API.";
+			} catch (e) {
+				return `Error: ${e.message}. Check Synack API token.`;
+			}
+		}
+	});
+	const apiKeys = cfg?.skills?.apiKeys ?? {};
+	const genericServiceIds = Object.keys(apiKeys).filter((id) => !KNOWN_BOUNTY_SERVICES.includes(id.toLowerCase()));
+	if (genericServiceIds.length > 0) tools.push({
+		name: "call_service_api",
+		description: `Call external API for services with configured keys. Available: ${genericServiceIds.join(", ")}. Use when the user needs to query an API for a service they've added (Stripe, GitHub, custom APIs, etc).`,
+		input_schema: {
+			type: "object",
+			properties: {
+				service_id: {
+					type: "string",
+					description: `Service id from configured keys: ${genericServiceIds.join(", ")}`
+				},
+				url: {
+					type: "string",
+					description: "Full API URL (e.g. https://api.example.com/v1/resource) or path if baseUrl configured"
+				},
+				method: {
+					type: "string",
+					description: "HTTP method",
+					enum: [
+						"GET",
+						"POST",
+						"PUT",
+						"PATCH",
+						"DELETE"
+					]
+				},
+				body: {
+					type: "object",
+					description: "Request body for POST/PUT/PATCH (optional)"
+				}
+			},
+			required: ["service_id", "url"]
+		},
+		handler: async (input) => {
+			const serviceId = String(input.service_id || "").trim().toLowerCase();
+			const url = String(input.url || "");
+			const method = String(input.method || "GET").toUpperCase();
+			const key = require_env_resolve.resolveServiceApiKey(serviceId, cfg);
+			if (!key) return `Error: No API key for service "${serviceId}". Configure via: hyperclaw config set-service-key ${serviceId} <key>`;
+			if (!url || !url.startsWith("http")) return "Error: url must be a full URL (https://...).";
+			try {
+				const body = await genericHttpRequest(url, method, key, input.body);
+				return typeof body === "string" ? body : JSON.stringify(body, null, 2).slice(0, 8e3);
+			} catch (e) {
+				return `Error: ${e.message}`;
+			}
+		}
+	});
+	return tools;
+}
+function genericHttpRequest(url, method, apiKey, body) {
+	return new Promise((resolve, reject) => {
+		const u = new URL(url);
+		const authHeader = apiKey.startsWith("Bearer ") || apiKey.startsWith("Token ") || apiKey.startsWith("Basic ") ? apiKey : `Bearer ${apiKey}`;
+		const bodyStr = body && method !== "GET" ? JSON.stringify(body) : void 0;
+		const opts = {
+			hostname: u.hostname,
+			port: u.port || 443,
+			path: u.pathname + u.search,
+			method,
+			headers: {
+				"Accept": "application/json",
+				"Authorization": authHeader,
+				...bodyStr ? {
+					"Content-Type": "application/json",
+					"Content-Length": Buffer.byteLength(bodyStr)
+				} : {}
+			}
+		};
+		const req = https.default.request(opts, (res) => {
+			let data = "";
+			res.on("data", (c) => {
+				data += c.toString();
+			});
+			res.on("end", () => {
+				try {
+					resolve(JSON.parse(data || "{}"));
+				} catch {
+					resolve(data || "{}");
+				}
+			});
+		});
+		req.on("error", reject);
+		if (bodyStr) req.write(bodyStr);
+		req.end();
+	});
+}
+var KNOWN_BOUNTY_SERVICES;
+var init_bounty_tools = require_chunk.__esm({ "packages/core/src/agent/bounty-tools.ts"() {
+	require_env_resolve.init_env_resolve();
+	KNOWN_BOUNTY_SERVICES = [
+		"hackerone",
+		"bugcrowd",
+		"synack"
+	];
+} });
+
+//#endregion
+init_bounty_tools();
+exports.getBountyTools = getBountyTools;

package/dist/browser-tools-CQBSbIuO.js

@@ -0,0 +1,5 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_browser_tools = require('./browser-tools-YQmwRLLM.js');
+
+require_browser_tools.init_browser_tools();
+exports.getBrowserTools = require_browser_tools.getBrowserTools;

package/dist/browser-tools-YQmwRLLM.js

@@ -0,0 +1,179 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+
+//#region packages/core/src/agent/browser-tools.ts
+async function getBrowser() {
+	try {
+		const puppeteer = await import("puppeteer").catch(() => null);
+		if (!puppeteer) return null;
+		if (!sharedBrowser || !sharedBrowser.connected) {
+			const execPath = process.env.PUPPETEER_EXECUTABLE_PATH;
+			sharedBrowser = await puppeteer.default.launch({
+				headless: true,
+				executablePath: execPath || void 0,
+				args: [
+					"--no-sandbox",
+					"--disable-setuid-sandbox",
+					"--disable-dev-shm-usage"
+				]
+			});
+			sharedPage = await sharedBrowser.newPage();
+			await sharedPage.setViewport({
+				width: 1280,
+				height: 800
+			});
+			await sharedPage.setUserAgent("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36");
+		}
+		return {
+			browser: sharedBrowser,
+			page: sharedPage
+		};
+	} catch {
+		return null;
+	}
+}
+function getBrowserTools() {
+	return [{
+		name: "browser_snapshot",
+		description: "Capture a snapshot of the current browser page (DOM, text, links). Use before interacting. Pass url to navigate first.",
+		input_schema: {
+			type: "object",
+			properties: { url: {
+				type: "string",
+				description: "URL to navigate to before snapshot (optional if already on page)"
+			} },
+			required: []
+		},
+		handler: async (input) => {
+			const bw = await getBrowser();
+			if (!bw) return BROWSER_SETUP;
+			const { page } = bw;
+			try {
+				if (input.url) await page.goto(input.url, {
+					waitUntil: "domcontentloaded",
+					timeout: 15e3
+				});
+				const snapshot = await page.evaluate(() => {
+					const text = document.body?.innerText?.slice(0, 12e3) || "";
+					const links = Array.from(document.querySelectorAll("a[href]")).map((a) => ({
+						text: (a.textContent || "").trim().slice(0, 80),
+						href: a.getAttribute("href")
+					})).filter((l) => l.href?.startsWith("http")).slice(0, 50);
+					const title = document.title || "";
+					const url = window.location.href;
+					return JSON.stringify({
+						title,
+						url,
+						text,
+						links
+					});
+				});
+				return snapshot;
+			} catch (e) {
+				return `Browser snapshot error: ${e.message}`;
+			}
+		}
+	}, {
+		name: "browser_action",
+		description: "Perform an action in the browser: click, type, scroll, navigate. Use after browser_snapshot.",
+		input_schema: {
+			type: "object",
+			properties: {
+				action: {
+					type: "string",
+					description: "Action: click, type, scroll, navigate",
+					enum: [
+						"click",
+						"type",
+						"scroll",
+						"navigate"
+					]
+				},
+				selector: {
+					type: "string",
+					description: "CSS selector or link text to match (for click/type)"
+				},
+				value: {
+					type: "string",
+					description: "For type: text to type. For navigate: URL. For scroll: \"up\" or \"down\""
+				}
+			},
+			required: ["action"]
+		},
+		handler: async (input) => {
+			const action = String(input?.action ?? "");
+			const selector = input?.selector;
+			const value = input?.value;
+			const bw = await getBrowser();
+			if (!bw) return BROWSER_SETUP;
+			const { page } = bw;
+			try {
+				switch (action) {
+					case "navigate":
+						if (!value) return "navigate requires value (URL)";
+						await page.goto(value, {
+							waitUntil: "domcontentloaded",
+							timeout: 15e3
+						});
+						return `Navigated to ${value}`;
+					case "click":
+						if (!selector) return "click requires selector";
+						const sel = selector.trim();
+						const isCss = /^[#.\w\[\]="'\s-:>+~]+$/.test(sel) && (sel.includes("#") || sel.includes(".") || sel.includes("[") || /^[a-z][a-z0-9]*$/i.test(sel));
+						if (isCss) {
+							await page.waitForSelector(sel, { timeout: 5e3 });
+							await page.click(sel);
+							return `Clicked ${sel}`;
+						}
+						const safe = sel.replace(/["']/g, "").slice(0, 100);
+						const xpath = `//a[contains(text(),"${safe}")]`;
+						const [el] = await page.$x(xpath);
+						if (el) {
+							await el.click();
+							return `Clicked link "${sel}"`;
+						}
+						const btnXpath = `//button[contains(text(),"${safe}")]`;
+						const [btn] = await page.$x(btnXpath);
+						if (btn) {
+							await btn.click();
+							return `Clicked button "${sel}"`;
+						}
+						throw new Error(`Element not found: ${sel}`);
+					case "type":
+						if (!selector) return "type requires selector";
+						await page.waitForSelector(selector, { timeout: 5e3 });
+						await page.type(selector, value || "");
+						return `Typed "${value || ""}" into ${selector}`;
+					case "scroll":
+						const dir = (value || "down").toLowerCase();
+						await page.evaluate((d) => {
+							window.scrollBy(0, d === "up" ? -400 : 400);
+						}, dir);
+						return `Scrolled ${dir}`;
+					default: return `Unknown action: ${action}`;
+				}
+			} catch (e) {
+				return `Browser action error: ${e.message}`;
+			}
+		}
+	}];
+}
+var BROWSER_SETUP, sharedBrowser, sharedPage;
+var init_browser_tools = require_chunk.__esm({ "packages/core/src/agent/browser-tools.ts"() {
+	BROWSER_SETUP = "Browser control requires Puppeteer. Install: npm i puppeteer. Then enable in config: browser.enabled: true";
+	sharedBrowser = null;
+	sharedPage = null;
+} });
+
+//#endregion
+Object.defineProperty(exports, 'getBrowserTools', {
+  enumerable: true,
+  get: function () {
+    return getBrowserTools;
+  }
+});
+Object.defineProperty(exports, 'init_browser_tools', {
+  enumerable: true,
+  get: function () {
+    return init_browser_tools;
+  }
+});

package/dist/claw-tasks-BRLUvFRD.js

@@ -0,0 +1,80 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const https = require_chunk.__toESM(require("https"));
+
+//#region src/services/claw-tasks.ts
+/** List open bounties. */
+async function listBounties(limit = 20, status = "open") {
+	if (!CLAW_TASKS_API) return [];
+	try {
+		const q = new URLSearchParams({ limit: String(limit) });
+		if (status === "open") q.set("status", "open");
+		const body = await fetchJson(`${CLAW_TASKS_API}/api/bounties?${q}`);
+		return Array.isArray(body.bounties) ? body.bounties : [];
+	} catch {
+		return [];
+	}
+}
+/** Claim a bounty (requires agent auth). */
+async function claimBounty(bountyId, agentToken) {
+	if (!CLAW_TASKS_API) return null;
+	try {
+		const body = await postJson(`${CLAW_TASKS_API}/api/bounties/${encodeURIComponent(bountyId)}/claim`, {}, agentToken);
+		return body.bounty || null;
+	} catch {
+		return null;
+	}
+}
+function fetchJson(url) {
+	return new Promise((resolve, reject) => {
+		https.default.get(url, (res) => {
+			let data = "";
+			res.on("data", (c) => data += c);
+			res.on("end", () => {
+				try {
+					resolve(JSON.parse(data));
+				} catch {
+					reject(new Error("Invalid JSON"));
+				}
+			});
+		}).on("error", reject);
+	});
+}
+function postJson(url, payload, token) {
+	return new Promise((resolve, reject) => {
+		const u = new URL(url);
+		const body = JSON.stringify(payload);
+		const req = https.default.request({
+			hostname: u.hostname,
+			port: 443,
+			path: u.pathname,
+			method: "POST",
+			headers: {
+				"Content-Type": "application/json",
+				"Content-Length": Buffer.byteLength(body),
+				...token ? { Authorization: `Bearer ${token}` } : {}
+			}
+		}, (res) => {
+			let data = "";
+			res.on("data", (c) => data += c);
+			res.on("end", () => {
+				try {
+					resolve(JSON.parse(data || "{}"));
+				} catch {
+					resolve({});
+				}
+			});
+		});
+		req.on("error", reject);
+		req.write(body);
+		req.end();
+	});
+}
+var CLAW_TASKS_API;
+var init_claw_tasks = require_chunk.__esm({ "src/services/claw-tasks.ts"() {
+	CLAW_TASKS_API = process.env.CLAW_TASKS_API_URL || "";
+} });
+
+//#endregion
+init_claw_tasks();
+exports.claimBounty = claimBounty;
+exports.listBounties = listBounties;

package/dist/connector-3HnyH8fn.js

@@ -0,0 +1,167 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const chalk = require_chunk.__toESM(require("chalk"));
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+const os = require_chunk.__toESM(require("os"));
+const https = require_chunk.__toESM(require("https"));
+const events = require_chunk.__toESM(require("events"));
+
+//#region extensions/zalo-personal/src/connector.ts
+const STATE_FILE = path.default.join(os.default.homedir(), ".hyperclaw", "zalo-personal-state.json");
+function zaloWebReq(cookie, method, endpoint, body) {
+	return new Promise((resolve, reject) => {
+		const payload = body ? JSON.stringify(body) : null;
+		const req = https.default.request({
+			hostname: "chat.zalo.me",
+			port: 443,
+			path: `/api${endpoint}`,
+			method,
+			headers: {
+				"Cookie": cookie,
+				"Referer": "https://chat.zalo.me/",
+				"User-Agent": "Mozilla/5.0 (compatible; HyperClaw/4.0)",
+				...payload ? {
+					"Content-Type": "application/json",
+					"Content-Length": Buffer.byteLength(payload)
+				} : {}
+			}
+		}, (res) => {
+			let data = "";
+			res.on("data", (c) => data += c);
+			res.on("end", () => {
+				try {
+					resolve(JSON.parse(data));
+				} catch {
+					resolve({ raw: data });
+				}
+			});
+		});
+		req.on("error", reject);
+		if (payload) req.write(payload);
+		req.end();
+	});
+}
+var ZaloPersonalConnector = class extends events.EventEmitter {
+	config;
+	running = false;
+	ws = null;
+	userId = "";
+	constructor(config) {
+		super();
+		this.config = {
+			imei: require("crypto").randomUUID(),
+			dmPolicy: "allowlist",
+			allowFrom: [],
+			approvedPairings: [],
+			pendingPairings: {},
+			...config
+		};
+	}
+	async connect() {
+		const profile = await zaloWebReq(this.config.cookie, "GET", "/profile");
+		this.userId = profile?.data?.userId || profile?.userId || "";
+		await this.loadState();
+		this.running = true;
+		console.log(chalk.default.green(`  🦅 Zalo Personal: ${profile?.data?.displayName || this.userId} connected`));
+		this.emit("connected", { userId: this.userId });
+		this.startPolling();
+	}
+	async startPolling() {
+		while (this.running) try {
+			const msgs = await zaloWebReq(this.config.cookie, "GET", `/message/fetchlatestmsg?last_msg_id=0&limit=20`);
+			for (const msg of msgs?.data?.msgs || []) {
+				if (msg.fromUid === this.userId) continue;
+				if (!msg.msgId || !msg.content) continue;
+				const from = msg.fromUid;
+				const text = msg.content;
+				const allowed = await this.checkDMPolicy(from, text);
+				if (!allowed) continue;
+				this.emit("message", {
+					id: msg.msgId,
+					channelId: "zalo-personal",
+					from,
+					chatId: msg.toUid || from,
+					text,
+					timestamp: new Date(parseInt(msg.ts || "0")).toISOString(),
+					isDM: true
+				});
+			}
+			await new Promise((r) => setTimeout(r, 3e3));
+		} catch (e) {
+			if (this.running) {
+				console.log(chalk.default.yellow(`  ⚠  Zalo Personal: ${e.message}`));
+				await new Promise((r) => setTimeout(r, 5e3));
+			}
+		}
+	}
+	async checkDMPolicy(from, text) {
+		if (this.config.dmPolicy === "none") return false;
+		if (this.config.dmPolicy === "open") return true;
+		if (this.config.dmPolicy === "allowlist") {
+			if (this.config.allowFrom.includes(from)) return true;
+			await this.sendMessage(from, "🦅 HyperClaw: Not on allowlist.");
+			return false;
+		}
+		if (this.config.dmPolicy === "pairing") {
+			if (this.config.approvedPairings.includes(from)) return true;
+			const upper = text.trim().toUpperCase();
+			if (this.config.pendingPairings[upper]) {
+				this.config.approvedPairings.push(from);
+				delete this.config.pendingPairings[upper];
+				await this.saveState();
+				await this.sendMessage(from, "🦅 Paired!");
+				this.emit("pairing:approved", {
+					userId: from,
+					channelId: "zalo-personal"
+				});
+				return true;
+			}
+			const code = Array.from({ length: 6 }, () => "ABCDEFGHJKLMNPQRSTUVWXYZ23456789"[Math.floor(Math.random() * 32)]).join("");
+			this.config.pendingPairings[code] = from;
+			await this.saveState();
+			await this.sendMessage(from, `🦅 Mã ghép đôi: ${code}\nXác nhận: hyperclaw pairing approve zalo-personal ${code}`);
+			return false;
+		}
+		return false;
+	}
+	async sendMessage(toUid, text) {
+		await zaloWebReq(this.config.cookie, "POST", "/message/sendmsg", {
+			toid: toUid,
+			msg: text.slice(0, 2e3),
+			imei: this.config.imei,
+			type: 1
+		});
+	}
+	disconnect() {
+		this.running = false;
+		this.ws?.close();
+	}
+	approvePairing(code) {
+		const upper = code.toUpperCase();
+		if (!this.config.pendingPairings[upper]) return false;
+		this.config.approvedPairings.push(this.config.pendingPairings[upper]);
+		delete this.config.pendingPairings[upper];
+		this.saveState();
+		return true;
+	}
+	async loadState() {
+		try {
+			const s = await fs_extra.default.readJson(STATE_FILE);
+			if (s.p) this.config.pendingPairings = s.p;
+			if (s.a) this.config.approvedPairings = s.a;
+		} catch {}
+	}
+	async saveState() {
+		await fs_extra.default.ensureDir(path.default.dirname(STATE_FILE));
+		await fs_extra.default.writeJson(STATE_FILE, {
+			p: this.config.pendingPairings,
+			a: this.config.approvedPairings
+		}, { spaces: 2 });
+	}
+	isRunning() {
+		return this.running;
+	}
+};
+
+//#endregion
+exports.ZaloPersonalConnector = ZaloPersonalConnector;