hyperclaw 4.0.1 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (277) hide show
  1. package/README.md +58 -4
  2. package/dist/a2ui-protocol-CT_jDEU9.js +75 -0
  3. package/dist/a2ui-protocol-CfBI44-Q.js +75 -0
  4. package/dist/agents-routing-683Q2JGp.js +129 -0
  5. package/dist/agents-routing-BpZBswBH.js +4 -0
  6. package/dist/agents-routing-ChHiZp36.js +327 -0
  7. package/dist/agents-routing-ChqZ6l2S.js +4 -0
  8. package/dist/api-keys-guide-BCcOl0Q7.js +149 -0
  9. package/dist/api-keys-guide-Dq5Obbp4.js +149 -0
  10. package/dist/audit-BYxPlnTQ.js +248 -0
  11. package/dist/audit-BaIiyWFu.js +441 -0
  12. package/dist/bounty-tools-C6LyzxM-.js +211 -0
  13. package/dist/bounty-tools-DWudyZie.js +211 -0
  14. package/dist/browser-tools-BsTeGMnX.js +5 -0
  15. package/dist/browser-tools-CQBSbIuO.js +5 -0
  16. package/dist/browser-tools-D8_rLe2p.js +179 -0
  17. package/dist/browser-tools-YQmwRLLM.js +179 -0
  18. package/dist/claw-tasks-BRLUvFRD.js +80 -0
  19. package/dist/claw-tasks-CgTsiNE8.js +80 -0
  20. package/dist/connector-3HnyH8fn.js +167 -0
  21. package/dist/connector-5N0-X_xs.js +194 -0
  22. package/dist/connector-6PMZo5Ky.js +189 -0
  23. package/dist/connector-B3v0qcXg.js +425 -0
  24. package/dist/connector-B6eoF3DD.js +181 -0
  25. package/dist/connector-B8R3iBY1.js +280 -0
  26. package/dist/connector-B9tLG8UZ.js +196 -0
  27. package/dist/connector-BAM-08NN.js +189 -0
  28. package/dist/connector-BC8FIVu4.js +181 -0
  29. package/dist/connector-BDmwwaVc.js +213 -0
  30. package/dist/connector-BGjbBy69.js +225 -0
  31. package/dist/connector-BO2SRzfG.js +218 -0
  32. package/dist/connector-BOlqjXWP.js +182 -0
  33. package/dist/connector-BP8zsbP8.js +189 -0
  34. package/dist/connector-BPoSevxp.js +286 -0
  35. package/dist/connector-BRHj773i.js +163 -0
  36. package/dist/connector-BToxU-jV.js +267 -0
  37. package/dist/connector-BfXky0L3.js +167 -0
  38. package/dist/connector-BiiSJpx3.js +192 -0
  39. package/dist/connector-BliDVsJQ.js +239 -0
  40. package/dist/connector-BnDmIhIu.js +85 -0
  41. package/dist/connector-Bv6s9oP7.js +88 -0
  42. package/dist/connector-By5wWGTR.js +343 -0
  43. package/dist/connector-C1BaFFgN.js +213 -0
  44. package/dist/connector-C1HSoUyk.js +189 -0
  45. package/dist/connector-CKQHZOXg.js +568 -0
  46. package/dist/connector-CRRWY5Wv.js +167 -0
  47. package/dist/connector-CRl-iidy.js +239 -0
  48. package/dist/connector-CXPQVGyI.js +85 -0
  49. package/dist/connector-Cdk1CXKi.js +194 -0
  50. package/dist/connector-Ci9glMD-.js +340 -0
  51. package/dist/connector-CjtZIEDj.js +181 -0
  52. package/dist/connector-Ck6JtOsX.js +531 -0
  53. package/dist/connector-CwlgFgjx.js +181 -0
  54. package/dist/connector-D8Kelee0.js +286 -0
  55. package/dist/connector-DAnRJ0oP.js +162 -0
  56. package/dist/connector-DFchk6l7.js +178 -0
  57. package/dist/connector-DKw7tRAy.js +192 -0
  58. package/dist/connector-DRv1ahC_.js +2 -2
  59. package/dist/connector-DU63KW94.js +165 -0
  60. package/dist/connector-DXTp5PE8.js +508 -0
  61. package/dist/connector-Dbvb1Cj9.js +280 -0
  62. package/dist/connector-DcZdQcgR.js +173 -0
  63. package/dist/connector-Dih6dUPP.js +173 -0
  64. package/dist/connector-DqTH_tPX.js +182 -0
  65. package/dist/connector-DrnEiiyP.js +419 -0
  66. package/dist/connector-DtR5GGTX.js +167 -0
  67. package/dist/connector-DxKL8VvZ.js +182 -0
  68. package/dist/connector-T_YdZtzv.js +162 -0
  69. package/dist/connector-Tky_qS_K.js +350 -0
  70. package/dist/connector-ZSc3oTTy.js +305 -0
  71. package/dist/connector-i4gOS9xL.js +154 -0
  72. package/dist/connector-rHXE1ZD2.js +167 -0
  73. package/dist/connector-sW5yhU1m.js +498 -0
  74. package/dist/connector-u3ICd3Ic.js +552 -0
  75. package/dist/connector-wdUXChwa.js +172 -0
  76. package/dist/cost-tracker-DD9wtWsr.js +103 -0
  77. package/dist/cost-tracker-pVE15Yq4.js +103 -0
  78. package/dist/credentials-store-BvnMPJwi.js +4 -0
  79. package/dist/credentials-store-C6ir0Dae.js +4 -0
  80. package/dist/credentials-store-H13LqOwJ.js +77 -0
  81. package/dist/credentials-store-sb-TRLwR.js +77 -0
  82. package/dist/cron-tasks-Bli7Kzd2.js +82 -0
  83. package/dist/cron-tasks-BvDFNyiE.js +82 -0
  84. package/dist/daemon-Bg4GtCmc.js +318 -0
  85. package/dist/daemon-DhmwY8k4.js +5 -0
  86. package/dist/delivery-BmIYy9VQ.js +4 -0
  87. package/dist/delivery-D5Z98EVq.js +95 -0
  88. package/dist/delivery-DCOXhXEO.js +5 -0
  89. package/dist/delivery-pWUPBp1F.js +95 -0
  90. package/dist/destructive-gate-D6vWOdEl.js +101 -0
  91. package/dist/destructive-gate-m-dWqUFg.js +101 -0
  92. package/dist/developer-keys-CPWT7Q6S.js +8 -0
  93. package/dist/developer-keys-DrrcUqFa.js +127 -0
  94. package/dist/developer-keys-JaJK3T27.js +127 -0
  95. package/dist/developer-keys-kyqmtWK3.js +8 -0
  96. package/dist/doctor-3oi89QIc.js +175 -0
  97. package/dist/doctor-BvCe8BBk.js +230 -0
  98. package/dist/doctor-Cf1XSfp9.js +4 -0
  99. package/dist/doctor-CxyPLYsJ.js +6 -0
  100. package/dist/engine-B4eMiTgl.js +7 -0
  101. package/dist/engine-B8M7dYul.js +7 -0
  102. package/dist/engine-BhT-1M9W.js +256 -0
  103. package/dist/engine-CEDSqXfw.js +256 -0
  104. package/dist/engine-D49jnSd_.js +256 -0
  105. package/dist/engine-Da4JMNpI.js +7 -0
  106. package/dist/env-resolve-CiXbWYwe.js +10 -0
  107. package/dist/env-resolve-CmGWhWXJ.js +115 -0
  108. package/dist/env-resolve-DWOQ45jG.js +9 -0
  109. package/dist/env-resolve-szSWl0UF.js +94 -0
  110. package/dist/extraction-tools-D3qDFBJ1.js +91 -0
  111. package/dist/extraction-tools-DLr_AEwq.js +5 -0
  112. package/dist/extraction-tools-HOZstZ0y.js +91 -0
  113. package/dist/extraction-tools-m4lmAv7l.js +5 -0
  114. package/dist/form_data-B_hIUrxU.js +8657 -0
  115. package/dist/form_data-Cz040rio.js +8657 -0
  116. package/dist/gmail-watch-setup-Czt8rXaX.js +40 -0
  117. package/dist/gmail-watch-setup-Du7DVV7S.js +40 -0
  118. package/dist/health-B-asI__D.js +6 -0
  119. package/dist/health-Ds2YlpTB.js +152 -0
  120. package/dist/heartbeat-engine-BYT5ayQH.js +83 -0
  121. package/dist/heartbeat-engine-CRqfPcFM.js +83 -0
  122. package/dist/hub-D0XwdjM-.js +515 -0
  123. package/dist/hub-DTsqe5Bt.js +6 -0
  124. package/dist/hub-FrPTA33j.js +515 -0
  125. package/dist/hub-LiD5Iztb.js +6 -0
  126. package/dist/hyperclawbot-D9KCtc4P.js +480 -0
  127. package/dist/hyperclawbot-Dw27pJo4.js +480 -0
  128. package/dist/hyperclawbot-zvczQgKx.js +505 -0
  129. package/dist/inference-BKVkBREb.js +6 -0
  130. package/dist/inference-CTWJeX9Q.js +922 -0
  131. package/dist/inference-DCXH4Q3x.js +922 -0
  132. package/dist/inference-ix607p7k.js +6 -0
  133. package/dist/knowledge-graph-DqA-Fztl.js +131 -0
  134. package/dist/knowledge-graph-iBG76fvm.js +131 -0
  135. package/dist/loader-CC45xGpC.js +4 -0
  136. package/dist/loader-CISCqBto.js +400 -0
  137. package/dist/loader-CYMQ8VOS.js +4 -0
  138. package/dist/loader-CnEdOyjT.js +400 -0
  139. package/dist/logger-8tEtAd3y.js +83 -0
  140. package/dist/logger-ybOp7VOC.js +83 -0
  141. package/dist/manager-03ipO9R0.js +105 -0
  142. package/dist/manager-BpDfbDjg.js +117 -0
  143. package/dist/manager-Bxl0sqlh.js +4 -0
  144. package/dist/manager-CPjeRe-6.js +4 -0
  145. package/dist/manager-CrVDn6eN.js +6 -0
  146. package/dist/manager-Cwzj7w5R.js +105 -0
  147. package/dist/manager-DLmZI-9R.js +6 -0
  148. package/dist/manager-DSGhn5i3.js +117 -0
  149. package/dist/manager-DgyF52mg.js +218 -0
  150. package/dist/manager-Dm8nrMFx.js +40 -0
  151. package/dist/manager-FCgF1plu.js +218 -0
  152. package/dist/manager-rgCsaWT1.js +40 -0
  153. package/dist/mcp-B_9Ber63.js +139 -0
  154. package/dist/mcp-CfoSU4Uz.js +139 -0
  155. package/dist/mcp-loader-DSM5UiFG.js +94 -0
  156. package/dist/mcp-loader-DkRBsLpk.js +94 -0
  157. package/dist/mcp-loader-j5ZLLw5O.js +94 -0
  158. package/dist/memory-BI1kPkAN.js +4 -0
  159. package/dist/memory-BVFGkxxK.js +270 -0
  160. package/dist/memory-BlHL7JCO.js +4 -0
  161. package/dist/memory-DsS_eFvJ.js +270 -0
  162. package/dist/memory-auto-Bc7euou4.js +306 -0
  163. package/dist/memory-auto-BkvtSFUw.js +5 -0
  164. package/dist/memory-auto-Bnz_-1wP.js +306 -0
  165. package/dist/memory-auto-DPfbkMVt.js +5 -0
  166. package/dist/memory-integration-DZExqWr4.js +91 -0
  167. package/dist/memory-integration-cSYkZyEo.js +91 -0
  168. package/dist/moltbook-B6ZeGN5_.js +81 -0
  169. package/dist/moltbook-BtLDZTfM.js +81 -0
  170. package/dist/node-Dw2Gi-cP.js +222 -0
  171. package/dist/node-pwL6O_KX.js +222 -0
  172. package/dist/nodes-registry-B8dmrlLv.js +52 -0
  173. package/dist/nodes-registry-CsPm_-CJ.js +52 -0
  174. package/dist/oauth-flow-CpWlgvNB.js +150 -0
  175. package/dist/oauth-flow-DQPvMHRH.js +150 -0
  176. package/dist/oauth-provider-BZb6qOw5.js +110 -0
  177. package/dist/oauth-provider-Uo4Nib_c.js +110 -0
  178. package/dist/observability-B43YvNQV.js +89 -0
  179. package/dist/observability-BV-Yx0V9.js +89 -0
  180. package/dist/onboard-0WoDxbv_.js +10 -0
  181. package/dist/onboard-BXNXCQp4.js +4070 -0
  182. package/dist/onboard-Bd_wsYdi.js +4086 -0
  183. package/dist/onboard-CAN7x3me.js +3026 -0
  184. package/dist/onboard-DnegOHMh.js +4 -4
  185. package/dist/onboard-RYtDlYBw.js +9 -0
  186. package/dist/onboard-aTwlQs-4.js +9 -0
  187. package/dist/orchestrator-BSp2M5EU.js +189 -0
  188. package/dist/orchestrator-C7ko5tWa.js +6 -0
  189. package/dist/orchestrator-DfPkIx2Z.js +6 -0
  190. package/dist/orchestrator-DmnEvMaL.js +189 -0
  191. package/dist/orchestrator-NJQsmiBE.js +189 -0
  192. package/dist/orchestrator-RI3bpqqc.js +6 -0
  193. package/dist/pairing-6iM27aD8.js +196 -0
  194. package/dist/pairing-DU0_J28n.js +87 -0
  195. package/dist/pairing-DWllbSbO.js +4 -0
  196. package/dist/pairing-dGoiGepK.js +4 -0
  197. package/dist/pc-access-CgCsYrpt.js +8 -0
  198. package/dist/pc-access-Ly-uA8mn.js +8 -0
  199. package/dist/pc-access-NxBvTrRj.js +819 -0
  200. package/dist/pc-access-_iH2aorG.js +819 -0
  201. package/dist/pending-approval-CUXjysAo.js +22 -0
  202. package/dist/pending-approval-DIHvwwWS.js +22 -0
  203. package/dist/puppeteer-2o3QOwAy.js +2 -2
  204. package/dist/puppeteer-BYTMp3BI.js +2 -2
  205. package/dist/puppeteer-DQ45qwWk.js +2 -2
  206. package/dist/reminders-store-D79qdfN0.js +58 -0
  207. package/dist/reminders-store-Drjed_-h.js +58 -0
  208. package/dist/renderer-BVQrd0_g.js +225 -0
  209. package/dist/renderer-pqlDRKbH.js +225 -0
  210. package/dist/rules-BE4GV6cV.js +103 -0
  211. package/dist/rules-BooT_qFP.js +103 -0
  212. package/dist/run-main.js +1649 -1227
  213. package/dist/runner-D1rjuMTJ.js +810 -0
  214. package/dist/runner-DatMMYYE.js +1271 -0
  215. package/dist/sdk/index.js +2 -2
  216. package/dist/sdk/index.mjs +2 -2
  217. package/dist/security-BqNyT4ID.js +4 -0
  218. package/dist/security-C-5URby1.js +73 -0
  219. package/dist/security-_xve79aq.js +4 -0
  220. package/dist/security-tpgqPWWH.js +73 -0
  221. package/dist/server-0kgyELx4.js +1047 -0
  222. package/dist/server-BIuTobTC.js +4 -0
  223. package/dist/server-BRlCEjyT.js +1047 -0
  224. package/dist/server-CCI1hv45.js +2 -2
  225. package/dist/server-D4wVHiX9.js +4 -0
  226. package/dist/server-DU9POoWc.js +4 -0
  227. package/dist/server-Dh3JlBFB.js +1255 -0
  228. package/dist/session-store-BUiPz0Vv.js +5 -0
  229. package/dist/session-store-CujxByI6.js +113 -0
  230. package/dist/session-store-is4B6qmD.js +113 -0
  231. package/dist/session-store-qpJUg2M1.js +5 -0
  232. package/dist/sessions-tools-CB2qbwIk.js +5 -0
  233. package/dist/sessions-tools-CbUTFe4i.js +5 -0
  234. package/dist/sessions-tools-CeqD7iil.js +95 -0
  235. package/dist/sessions-tools-DHMaTZIs.js +95 -0
  236. package/dist/skill-loader-BaNLVmJy.js +7 -0
  237. package/dist/skill-loader-BkceKkIg.js +7 -0
  238. package/dist/skill-loader-DhgIwK4J.js +159 -0
  239. package/dist/skill-loader-HgpF6Vqs.js +159 -0
  240. package/dist/skill-runtime--LqxWrp5.js +102 -0
  241. package/dist/skill-runtime-C5l0Tgt-.js +5 -0
  242. package/dist/skill-runtime-CJN24QPW.js +102 -0
  243. package/dist/skill-runtime-DsXK_HYG.js +102 -0
  244. package/dist/skill-runtime-IVTiqrMR.js +5 -0
  245. package/dist/skill-runtime-w1ig_lcw.js +5 -0
  246. package/dist/src-BEVLgaF1.js +63 -0
  247. package/dist/src-Bgu_OxTQ.js +458 -0
  248. package/dist/src-Bq-oKt7Z.js +458 -0
  249. package/dist/src-BxPHKO5x.js +63 -0
  250. package/dist/src-DIc-L2IG.js +20 -0
  251. package/dist/src-DWCUhnD4.js +20 -0
  252. package/dist/src-cfRTjFef.js +63 -0
  253. package/dist/src-g_rNx5rh.js +458 -0
  254. package/dist/sub-agent-tools-BD9DF8_g.js +39 -0
  255. package/dist/sub-agent-tools-CHQoHz9c.js +39 -0
  256. package/dist/sub-agent-tools-V7b3T9_s.js +39 -0
  257. package/dist/theme-DcxwcUgZ.js +180 -0
  258. package/dist/theme-cx0fkgWC.js +8 -0
  259. package/dist/tool-policy-CNT-mF2Z.js +189 -0
  260. package/dist/tool-policy-DNvNRnve.js +189 -0
  261. package/dist/tts-elevenlabs-BRosZv-f.js +61 -0
  262. package/dist/tts-elevenlabs-BUOGKL-k.js +61 -0
  263. package/dist/update-check-BD4qH7Am.js +81 -0
  264. package/dist/update-check-C2Dz85wJ.js +81 -0
  265. package/dist/vision-BMmiIKy7.js +121 -0
  266. package/dist/vision-DRq-f-Dj.js +121 -0
  267. package/dist/vision-tools-CFZEpQKm.js +5 -0
  268. package/dist/vision-tools-CQnBI9aa.js +51 -0
  269. package/dist/vision-tools-DVuYc17I.js +51 -0
  270. package/dist/vision-tools-U3YC4L-g.js +5 -0
  271. package/dist/voice-transcription-B555DbWR.js +138 -0
  272. package/dist/voice-transcription-CgWq54hn.js +138 -0
  273. package/dist/website-watch-tools-Bk_TnwuE.js +5 -0
  274. package/dist/website-watch-tools-DFMrJU-R.js +139 -0
  275. package/dist/website-watch-tools-DraMPxdl.js +139 -0
  276. package/dist/website-watch-tools-Du3W5sN7.js +5 -0
  277. package/package.json +1 -1
package/dist/destructive-gate-D6vWOdEl.js ADDED
@@ -0,0 +1,101 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+
3
+ //#region src/infra/destructive-gate.ts
4
+ function isDangerousShellCommand(cmd) {
5
+ const c = (cmd || "").trim();
6
+ for (const re of DANGEROUS_SHELL_PATTERNS) if (re.test(c)) return true;
7
+ return false;
8
+ }
9
+ /**
10
+
11
+ * Wrap tools so destructive ones are gated. When sessionId set, stores pending for confirm flow.
12
+
13
+ */
14
+ function applyDestructiveGate(tools, opts) {
15
+ const { elevated, source, sessionId } = opts;
16
+ const fromChannel = source && CHANNEL_SOURCES.has(source);
17
+ if (!fromChannel || elevated) return tools;
18
+ return tools.map((t) => {
19
+ if (DESTRUCTIVE_TOOLS.includes(t.name)) {
20
+ const orig = t.handler;
21
+ return {
22
+ ...t,
23
+ handler: async (input) => {
24
+ if (sessionId) {
25
+ const { setPending } = await Promise.resolve().then(() => require("./pending-approval-CUXjysAo.js"));
26
+ setPending(sessionId, {
27
+ toolName: t.name,
28
+ input,
29
+ execute: () => orig(input)
30
+ });
31
+ return PENDING_MSG;
32
+ }
33
+ return BLOCKED_MSG;
34
+ }
35
+ };
36
+ }
37
+ if (t.name === "run_shell") {
38
+ const orig = t.handler;
39
+ return {
40
+ ...t,
41
+ handler: async (input) => {
42
+ const cmd = input.command || "";
43
+ if (isDangerousShellCommand(cmd)) {
44
+ if (sessionId) {
45
+ const { setPending } = await Promise.resolve().then(() => require("./pending-approval-CUXjysAo.js"));
46
+ setPending(sessionId, {
47
+ toolName: "run_shell",
48
+ input,
49
+ execute: () => orig(input)
50
+ });
51
+ return PENDING_MSG;
52
+ }
53
+ return BLOCKED_MSG;
54
+ }
55
+ return orig(input);
56
+ }
57
+ };
58
+ }
59
+ return t;
60
+ });
61
+ }
62
+ var DESTRUCTIVE_TOOLS, DANGEROUS_SHELL_PATTERNS, CHANNEL_SOURCES, BLOCKED_MSG, PENDING_MSG;
63
+ var init_destructive_gate = require_chunk.__esm({ "src/infra/destructive-gate.ts"() {
64
+ DESTRUCTIVE_TOOLS = ["delete_file", "kill_process"];
65
+ DANGEROUS_SHELL_PATTERNS = [
66
+ /\brm\s+-[rf]\b|\brm\s+--recursive|\brm\s+-rf\b/,
67
+ /\bmkfs\.|format\s+/i,
68
+ /\bdd\s+if=/,
69
+ /\b>\/dev\/sd[a-z]/,
70
+ /\bshutdown\s+-/,
71
+ /\breboot\b/i,
72
+ /\b:\(\)\s*\{\s*:\s*\|\s*:\s*&\s*\}/,
73
+ /\bcurl\s+.*\s*\|\s*sh\b/,
74
+ /\bwget\s+.*\s*\|\s*(bash|sh)\b/
75
+ ];
76
+ CHANNEL_SOURCES = new Set([
77
+ "telegram",
78
+ "discord",
79
+ "whatsapp",
80
+ "slack",
81
+ "signal",
82
+ "matrix",
83
+ "line",
84
+ "nostr",
85
+ "feishu",
86
+ "msteams",
87
+ "teams",
88
+ "instagram",
89
+ "messenger",
90
+ "twitter",
91
+ "viber",
92
+ "zalo",
93
+ "webhook:inbound"
94
+ ]);
95
+ BLOCKED_MSG = "Blocked: destructive action requires elevated session. Use \"elevate\" or run from CLI with full access.";
96
+ PENDING_MSG = "This action requires confirmation. Ask the user to reply \"confirm\" to proceed.";
97
+ } });
98
+
99
+ //#endregion
100
+ init_destructive_gate();
101
+ exports.applyDestructiveGate = applyDestructiveGate;
package/dist/destructive-gate-m-dWqUFg.js ADDED
@@ -0,0 +1,101 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+
3
+ //#region src/infra/destructive-gate.ts
4
+ function isDangerousShellCommand(cmd) {
5
+ const c = (cmd || "").trim();
6
+ for (const re of DANGEROUS_SHELL_PATTERNS) if (re.test(c)) return true;
7
+ return false;
8
+ }
9
+ /**
10
+
11
+ * Wrap tools so destructive ones are gated. When sessionId set, stores pending for confirm flow.
12
+
13
+ */
14
+ function applyDestructiveGate(tools, opts) {
15
+ const { elevated, source, sessionId } = opts;
16
+ const fromChannel = source && CHANNEL_SOURCES.has(source);
17
+ if (!fromChannel || elevated) return tools;
18
+ return tools.map((t) => {
19
+ if (DESTRUCTIVE_TOOLS.includes(t.name)) {
20
+ const orig = t.handler;
21
+ return {
22
+ ...t,
23
+ handler: async (input) => {
24
+ if (sessionId) {
25
+ const { setPending } = await Promise.resolve().then(() => require("./pending-approval-DIHvwwWS.js"));
26
+ setPending(sessionId, {
27
+ toolName: t.name,
28
+ input,
29
+ execute: () => orig(input)
30
+ });
31
+ return PENDING_MSG;
32
+ }
33
+ return BLOCKED_MSG;
34
+ }
35
+ };
36
+ }
37
+ if (t.name === "run_shell") {
38
+ const orig = t.handler;
39
+ return {
40
+ ...t,
41
+ handler: async (input) => {
42
+ const cmd = input.command || "";
43
+ if (isDangerousShellCommand(cmd)) {
44
+ if (sessionId) {
45
+ const { setPending } = await Promise.resolve().then(() => require("./pending-approval-DIHvwwWS.js"));
46
+ setPending(sessionId, {
47
+ toolName: "run_shell",
48
+ input,
49
+ execute: () => orig(input)
50
+ });
51
+ return PENDING_MSG;
52
+ }
53
+ return BLOCKED_MSG;
54
+ }
55
+ return orig(input);
56
+ }
57
+ };
58
+ }
59
+ return t;
60
+ });
61
+ }
62
+ var DESTRUCTIVE_TOOLS, DANGEROUS_SHELL_PATTERNS, CHANNEL_SOURCES, BLOCKED_MSG, PENDING_MSG;
63
+ var init_destructive_gate = require_chunk.__esm({ "src/infra/destructive-gate.ts"() {
64
+ DESTRUCTIVE_TOOLS = ["delete_file", "kill_process"];
65
+ DANGEROUS_SHELL_PATTERNS = [
66
+ /\brm\s+-[rf]\b|\brm\s+--recursive|\brm\s+-rf\b/,
67
+ /\bmkfs\.|format\s+/i,
68
+ /\bdd\s+if=/,
69
+ /\b>\/dev\/sd[a-z]/,
70
+ /\bshutdown\s+-/,
71
+ /\breboot\b/i,
72
+ /\b:\(\)\s*\{\s*:\s*\|\s*:\s*&\s*\}/,
73
+ /\bcurl\s+.*\s*\|\s*sh\b/,
74
+ /\bwget\s+.*\s*\|\s*(bash|sh)\b/
75
+ ];
76
+ CHANNEL_SOURCES = new Set([
77
+ "telegram",
78
+ "discord",
79
+ "whatsapp",
80
+ "slack",
81
+ "signal",
82
+ "matrix",
83
+ "line",
84
+ "nostr",
85
+ "feishu",
86
+ "msteams",
87
+ "teams",
88
+ "instagram",
89
+ "messenger",
90
+ "twitter",
91
+ "viber",
92
+ "zalo",
93
+ "webhook:inbound"
94
+ ]);
95
+ BLOCKED_MSG = "Blocked: destructive action requires elevated session. Use \"elevate\" or run from CLI with full access.";
96
+ PENDING_MSG = "This action requires confirmation. Ask the user to reply \"confirm\" to proceed.";
97
+ } });
98
+
99
+ //#endregion
100
+ init_destructive_gate();
101
+ exports.applyDestructiveGate = applyDestructiveGate;
package/dist/developer-keys-CPWT7Q6S.js ADDED
@@ -0,0 +1,8 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+ require('./paths-AIyBxIzm.js');
3
+ const require_developer_keys = require('./developer-keys-DrrcUqFa.js');
4
+
5
+ exports.createDeveloperKey = require_developer_keys.createDeveloperKey;
6
+ exports.listDeveloperKeys = require_developer_keys.listDeveloperKeys;
7
+ exports.revokeDeveloperKey = require_developer_keys.revokeDeveloperKey;
8
+ exports.validateDeveloperKey = require_developer_keys.validateDeveloperKey;
package/dist/developer-keys-DrrcUqFa.js ADDED
@@ -0,0 +1,127 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+ const require_paths = require('./paths-AIyBxIzm.js');
3
+ const fs_extra = require_chunk.__toESM(require("fs-extra"));
4
+ const path = require_chunk.__toESM(require("path"));
5
+ const crypto = require_chunk.__toESM(require("crypto"));
6
+
7
+ //#region src/infra/developer-keys.ts
8
+ require_paths.init_paths();
9
+ const KEYS_FILE = "developer-keys.json";
10
+ function getKeysPath(baseDir) {
11
+ const root = baseDir ?? require_paths.getHyperClawDir();
12
+ return path.default.join(root, KEYS_FILE);
13
+ }
14
+ function hashKey(key) {
15
+ return crypto.default.createHash("sha256").update(key, "utf8").digest("hex");
16
+ }
17
+ function generateKey() {
18
+ return `hc_${crypto.default.randomBytes(24).toString("base64url")}`;
19
+ }
20
+ async function loadKeys(baseDir) {
21
+ const fp = getKeysPath(baseDir);
22
+ if (!await fs_extra.default.pathExists(fp)) return [];
23
+ try {
24
+ const data = await fs_extra.default.readJson(fp);
25
+ return Array.isArray(data.keys) ? data.keys : [];
26
+ } catch {
27
+ return [];
28
+ }
29
+ }
30
+ async function saveKeys(keys, baseDir) {
31
+ const fp = getKeysPath(baseDir);
32
+ const dir = path.default.dirname(fp);
33
+ await fs_extra.default.ensureDir(dir);
34
+ await fs_extra.default.writeJson(fp, {
35
+ keys,
36
+ updatedAt: (/* @__PURE__ */ new Date()).toISOString()
37
+ }, { spaces: 2 });
38
+ }
39
+ /** Create a new developer key. Returns the raw key (show once). Optional tenantId for multi-tenant. */
40
+ async function createDeveloperKey(name, opts) {
41
+ const rawKey = generateKey();
42
+ const keyHash = hashKey(rawKey);
43
+ const id = `key_${crypto.default.randomBytes(8).toString("hex")}`;
44
+ const entry = {
45
+ id,
46
+ name: name || "Unnamed",
47
+ keyHash,
48
+ tenantId: opts?.tenantId,
49
+ createdAt: (/* @__PURE__ */ new Date()).toISOString()
50
+ };
51
+ const keys = await loadKeys(opts?.baseDir);
52
+ keys.push(entry);
53
+ await saveKeys(keys, opts?.baseDir);
54
+ return {
55
+ id,
56
+ key: rawKey,
57
+ name: entry.name,
58
+ tenantId: entry.tenantId
59
+ };
60
+ }
61
+ /** List developer keys (without raw keys). Optional tenantId filter. */
62
+ async function listDeveloperKeys(opts) {
63
+ let keys = await loadKeys(opts?.baseDir);
64
+ if (opts?.tenantId) keys = keys.filter((k) => k.tenantId === opts.tenantId);
65
+ return keys.map((k) => ({
66
+ id: k.id,
67
+ name: k.name,
68
+ tenantId: k.tenantId,
69
+ createdAt: k.createdAt,
70
+ lastUsedAt: k.lastUsedAt
71
+ }));
72
+ }
73
+ /** Revoke a developer key by id. */
74
+ async function revokeDeveloperKey(id) {
75
+ const keys = await loadKeys();
76
+ const before = keys.length;
77
+ const filtered = keys.filter((k) => k.id !== id);
78
+ if (filtered.length === before) return false;
79
+ await saveKeys(filtered);
80
+ return true;
81
+ }
82
+ /**
83
+
84
+ * Validate a Bearer token. Returns { valid: true, tenantId?: string } or { valid: false }.
85
+
86
+ * Use with gateway token check: valid = gatewayToken OR result.valid.
87
+
88
+ */
89
+ async function validateDeveloperKey(bearer, opts) {
90
+ if (!bearer || bearer.length < 20) return { valid: false };
91
+ const keys = await loadKeys(opts?.baseDir);
92
+ const hash = hashKey(bearer);
93
+ const idx = keys.findIndex((k) => k.keyHash === hash);
94
+ if (idx < 0) return { valid: false };
95
+ keys[idx].lastUsedAt = (/* @__PURE__ */ new Date()).toISOString();
96
+ await saveKeys(keys, opts?.baseDir).catch(() => {});
97
+ return {
98
+ valid: true,
99
+ tenantId: keys[idx].tenantId
100
+ };
101
+ }
102
+
103
+ //#endregion
104
+ Object.defineProperty(exports, 'createDeveloperKey', {
105
+ enumerable: true,
106
+ get: function () {
107
+ return createDeveloperKey;
108
+ }
109
+ });
110
+ Object.defineProperty(exports, 'listDeveloperKeys', {
111
+ enumerable: true,
112
+ get: function () {
113
+ return listDeveloperKeys;
114
+ }
115
+ });
116
+ Object.defineProperty(exports, 'revokeDeveloperKey', {
117
+ enumerable: true,
118
+ get: function () {
119
+ return revokeDeveloperKey;
120
+ }
121
+ });
122
+ Object.defineProperty(exports, 'validateDeveloperKey', {
123
+ enumerable: true,
124
+ get: function () {
125
+ return validateDeveloperKey;
126
+ }
127
+ });
package/dist/developer-keys-JaJK3T27.js ADDED
@@ -0,0 +1,127 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+ const require_paths = require('./paths-AIyBxIzm.js');
3
+ const fs_extra = require_chunk.__toESM(require("fs-extra"));
4
+ const path = require_chunk.__toESM(require("path"));
5
+ const crypto = require_chunk.__toESM(require("crypto"));
6
+
7
+ //#region src/infra/developer-keys.ts
8
+ require_paths.init_paths();
9
+ const KEYS_FILE = "developer-keys.json";
10
+ function getKeysPath(baseDir) {
11
+ const root = baseDir ?? require_paths.getHyperClawDir();
12
+ return path.default.join(root, KEYS_FILE);
13
+ }
14
+ function hashKey(key) {
15
+ return crypto.default.createHash("sha256").update(key, "utf8").digest("hex");
16
+ }
17
+ function generateKey() {
18
+ return `hc_${crypto.default.randomBytes(24).toString("base64url")}`;
19
+ }
20
+ async function loadKeys(baseDir) {
21
+ const fp = getKeysPath(baseDir);
22
+ if (!await fs_extra.default.pathExists(fp)) return [];
23
+ try {
24
+ const data = await fs_extra.default.readJson(fp);
25
+ return Array.isArray(data.keys) ? data.keys : [];
26
+ } catch {
27
+ return [];
28
+ }
29
+ }
30
+ async function saveKeys(keys, baseDir) {
31
+ const fp = getKeysPath(baseDir);
32
+ const dir = path.default.dirname(fp);
33
+ await fs_extra.default.ensureDir(dir);
34
+ await fs_extra.default.writeJson(fp, {
35
+ keys,
36
+ updatedAt: (/* @__PURE__ */ new Date()).toISOString()
37
+ }, { spaces: 2 });
38
+ }
39
+ /** Create a new developer key. Returns the raw key (show once). Optional tenantId for multi-tenant. */
40
+ async function createDeveloperKey(name, opts) {
41
+ const rawKey = generateKey();
42
+ const keyHash = hashKey(rawKey);
43
+ const id = `key_${crypto.default.randomBytes(8).toString("hex")}`;
44
+ const entry = {
45
+ id,
46
+ name: name || "Unnamed",
47
+ keyHash,
48
+ tenantId: opts?.tenantId,
49
+ createdAt: (/* @__PURE__ */ new Date()).toISOString()
50
+ };
51
+ const keys = await loadKeys(opts?.baseDir);
52
+ keys.push(entry);
53
+ await saveKeys(keys, opts?.baseDir);
54
+ return {
55
+ id,
56
+ key: rawKey,
57
+ name: entry.name,
58
+ tenantId: entry.tenantId
59
+ };
60
+ }
61
+ /** List developer keys (without raw keys). Optional tenantId filter. */
62
+ async function listDeveloperKeys(opts) {
63
+ let keys = await loadKeys(opts?.baseDir);
64
+ if (opts?.tenantId) keys = keys.filter((k) => k.tenantId === opts.tenantId);
65
+ return keys.map((k) => ({
66
+ id: k.id,
67
+ name: k.name,
68
+ tenantId: k.tenantId,
69
+ createdAt: k.createdAt,
70
+ lastUsedAt: k.lastUsedAt
71
+ }));
72
+ }
73
+ /** Revoke a developer key by id. */
74
+ async function revokeDeveloperKey(id) {
75
+ const keys = await loadKeys();
76
+ const before = keys.length;
77
+ const filtered = keys.filter((k) => k.id !== id);
78
+ if (filtered.length === before) return false;
79
+ await saveKeys(filtered);
80
+ return true;
81
+ }
82
+ /**
83
+
84
+ * Validate a Bearer token. Returns { valid: true, tenantId?: string } or { valid: false }.
85
+
86
+ * Use with gateway token check: valid = gatewayToken OR result.valid.
87
+
88
+ */
89
+ async function validateDeveloperKey(bearer, opts) {
90
+ if (!bearer || bearer.length < 20) return { valid: false };
91
+ const keys = await loadKeys(opts?.baseDir);
92
+ const hash = hashKey(bearer);
93
+ const idx = keys.findIndex((k) => k.keyHash === hash);
94
+ if (idx < 0) return { valid: false };
95
+ keys[idx].lastUsedAt = (/* @__PURE__ */ new Date()).toISOString();
96
+ await saveKeys(keys, opts?.baseDir).catch(() => {});
97
+ return {
98
+ valid: true,
99
+ tenantId: keys[idx].tenantId
100
+ };
101
+ }
102
+
103
+ //#endregion
104
+ Object.defineProperty(exports, 'createDeveloperKey', {
105
+ enumerable: true,
106
+ get: function () {
107
+ return createDeveloperKey;
108
+ }
109
+ });
110
+ Object.defineProperty(exports, 'listDeveloperKeys', {
111
+ enumerable: true,
112
+ get: function () {
113
+ return listDeveloperKeys;
114
+ }
115
+ });
116
+ Object.defineProperty(exports, 'revokeDeveloperKey', {
117
+ enumerable: true,
118
+ get: function () {
119
+ return revokeDeveloperKey;
120
+ }
121
+ });
122
+ Object.defineProperty(exports, 'validateDeveloperKey', {
123
+ enumerable: true,
124
+ get: function () {
125
+ return validateDeveloperKey;
126
+ }
127
+ });
package/dist/developer-keys-kyqmtWK3.js ADDED
@@ -0,0 +1,8 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+ require('./paths-AIyBxIzm.js');
3
+ const require_developer_keys = require('./developer-keys-JaJK3T27.js');
4
+
5
+ exports.createDeveloperKey = require_developer_keys.createDeveloperKey;
6
+ exports.listDeveloperKeys = require_developer_keys.listDeveloperKeys;
7
+ exports.revokeDeveloperKey = require_developer_keys.revokeDeveloperKey;
8
+ exports.validateDeveloperKey = require_developer_keys.validateDeveloperKey;
package/dist/doctor-3oi89QIc.js ADDED
@@ -0,0 +1,175 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+ const chalk = require_chunk.__toESM(require("chalk"));
3
+ const ora = require_chunk.__toESM(require("ora"));
4
+ const fs_extra = require_chunk.__toESM(require("fs-extra"));
5
+ const path = require_chunk.__toESM(require("path"));
6
+ const os = require_chunk.__toESM(require("os"));
7
+ const net = require_chunk.__toESM(require("net"));
8
+
9
+ //#region src/commands/doctor.ts
10
+ async function isPortOpen(port) {
11
+ return new Promise((resolve) => {
12
+ const s = new net.default.Socket();
13
+ s.setTimeout(500);
14
+ s.on("connect", () => {
15
+ s.destroy();
16
+ resolve(true);
17
+ });
18
+ s.on("error", () => resolve(false));
19
+ s.on("timeout", () => resolve(false));
20
+ try {
21
+ s.connect(port, "127.0.0.1");
22
+ } catch {
23
+ resolve(false);
24
+ }
25
+ });
26
+ }
27
+ async function runDoctor(fix = false) {
28
+ const spinner = (0, ora.default)("Running health checks...").start();
29
+ await new Promise((r) => setTimeout(r, 800));
30
+ spinner.stop();
31
+ const configDir = path.default.join(os.default.homedir(), ".hyperclaw");
32
+ const configFile = path.default.join(configDir, "config.json");
33
+ const agentsFile = path.default.join(configDir, "AGENTS.md");
34
+ const authFile = path.default.join(configDir, "auth.json");
35
+ const pairingFile = path.default.join(configDir, "pairing-store.json");
36
+ let cfg = null;
37
+ try {
38
+ cfg = fs_extra.default.readJsonSync(configFile);
39
+ } catch {}
40
+ const issues = [];
41
+ if (!cfg) issues.push({
42
+ id: "no-config",
43
+ severity: "error",
44
+ title: "No configuration found",
45
+ detail: "Run: hyperclaw init",
46
+ fixable: false
47
+ });
48
+ else {
49
+ const hasToken = !!cfg.gateway?.authToken;
50
+ issues.push({
51
+ id: "gateway-token",
52
+ severity: hasToken ? "ok" : "warn",
53
+ title: hasToken ? "Gateway auth token set" : "Gateway auth token missing",
54
+ detail: hasToken ? "Token is configured" : "Set a strong token in gateway config",
55
+ fixable: !hasToken,
56
+ fix: async () => {
57
+ const crypto = await import("crypto");
58
+ cfg.gateway = cfg.gateway || {};
59
+ cfg.gateway.authToken = crypto.randomBytes(32).toString("hex");
60
+ fs_extra.default.writeJsonSync(configFile, cfg, { spaces: 2 });
61
+ console.log(chalk.default.green(" ✔ Generated and saved gateway auth token"));
62
+ }
63
+ });
64
+ const channels = cfg.channels || [];
65
+ const channelConfigs = cfg.channelConfigs || {};
66
+ for (const ch of channels) {
67
+ const dmPolicy = channelConfigs[ch]?.dmPolicy?.policy;
68
+ if (dmPolicy === "open") issues.push({
69
+ id: `dm-open-${ch}`,
70
+ severity: "warn",
71
+ title: `DM policy is "open" on ${ch}`,
72
+ detail: `Anyone can DM your agent on ${ch}. Consider using "pairing" or "allowlist".`,
73
+ fixable: false
74
+ });
75
+ if (dmPolicy === "allowlist") {
76
+ const allowFrom = channelConfigs[ch]?.dmPolicy?.allowFrom || [];
77
+ if (allowFrom.length === 0) issues.push({
78
+ id: `dm-empty-allowlist-${ch}`,
79
+ severity: "error",
80
+ title: `Empty allowlist on ${ch} — DMs will be silently dropped`,
81
+ detail: `channel.${ch}.dmPolicy.allowFrom is empty. Add users or change policy.`,
82
+ fixable: true,
83
+ fix: async () => {
84
+ try {
85
+ const pairingEntries = fs_extra.default.readJsonSync(pairingFile);
86
+ const approved = pairingEntries.filter((e) => e.channelId === ch && e.status === "approved" && e.userId);
87
+ if (approved.length > 0) {
88
+ channelConfigs[ch].dmPolicy.allowFrom = approved.map((e) => e.userId);
89
+ cfg.channelConfigs = channelConfigs;
90
+ fs_extra.default.writeJsonSync(configFile, cfg, { spaces: 2 });
91
+ console.log(chalk.default.green(` ✔ Restored ${approved.length} user(s) from pairing store to ${ch} allowlist`));
92
+ }
93
+ } catch {}
94
+ }
95
+ });
96
+ }
97
+ }
98
+ const hasApiKey = !!cfg.provider?.apiKey;
99
+ const isLocal = cfg.provider?.providerId === "local";
100
+ if (!hasApiKey && !isLocal) issues.push({
101
+ id: "no-api-key",
102
+ severity: "error",
103
+ title: "No AI provider API key configured",
104
+ detail: "Run: hyperclaw config set-key",
105
+ fixable: false
106
+ });
107
+ else issues.push({
108
+ id: "api-key",
109
+ severity: "ok",
110
+ title: "AI provider key configured",
111
+ detail: `Provider: ${cfg.provider?.providerId}`,
112
+ fixable: false
113
+ });
114
+ issues.push({
115
+ id: "agents-md",
116
+ severity: await fs_extra.default.pathExists(agentsFile) ? "ok" : "warn",
117
+ title: await fs_extra.default.pathExists(agentsFile) ? "AGENTS.md exists" : "AGENTS.md missing",
118
+ detail: await fs_extra.default.pathExists(agentsFile) ? agentsFile : "Run: hyperclaw memory init to generate",
119
+ fixable: false
120
+ });
121
+ const port = cfg.gateway?.port || 1515;
122
+ const running = await isPortOpen(port);
123
+ issues.push({
124
+ id: "gateway-running",
125
+ severity: running ? "ok" : "warn",
126
+ title: running ? `Gateway running on port ${port}` : `Gateway not running on port ${port}`,
127
+ detail: running ? `ws://127.0.0.1:${port}` : "Run: hyperclaw daemon start",
128
+ fixable: false
129
+ });
130
+ if (await fs_extra.default.pathExists(authFile)) {
131
+ const stat = await fs_extra.default.stat(authFile);
132
+ const unsafe = (stat.mode & 63) !== 0;
133
+ issues.push({
134
+ id: "auth-permissions",
135
+ severity: unsafe ? "warn" : "ok",
136
+ title: unsafe ? "Auth store has unsafe permissions" : "Auth store permissions OK",
137
+ detail: unsafe ? `chmod 600 ${authFile}` : `Mode: 600`,
138
+ fixable: unsafe,
139
+ fix: async () => {
140
+ await fs_extra.default.chmod(authFile, 384);
141
+ console.log(chalk.default.green(` ✔ Fixed permissions on ${authFile}`));
142
+ }
143
+ });
144
+ }
145
+ }
146
+ console.log(chalk.default.bold.cyan("\n 🩺 HYPERCLAW DOCTOR\n"));
147
+ let errorCount = 0, warnCount = 0;
148
+ for (const issue of issues) {
149
+ const icon = {
150
+ error: chalk.default.red("✖"),
151
+ warn: chalk.default.yellow("⚠"),
152
+ ok: chalk.default.green("✔")
153
+ }[issue.severity];
154
+ console.log(` ${icon} ${chalk.default.white(issue.title)}`);
155
+ console.log(` ${chalk.default.gray(issue.detail)}`);
156
+ if (issue.fixable && fix && issue.fix) await issue.fix();
157
+ else if (issue.fixable && !fix) console.log(chalk.default.gray(" Run with --fix to auto-repair"));
158
+ if (issue.severity === "error") errorCount++;
159
+ if (issue.severity === "warn") warnCount++;
160
+ console.log();
161
+ }
162
+ const total = issues.length;
163
+ const okCount = total - errorCount - warnCount;
164
+ console.log(` ${chalk.default.bold("Summary:")} ${chalk.default.green(`${okCount} ok`)} ${chalk.default.yellow(`${warnCount} warnings`)} ${chalk.default.red(`${errorCount} errors`)}`);
165
+ if (errorCount > 0 || warnCount > 0) console.log(chalk.default.gray("\n Run: hyperclaw doctor --fix to auto-repair fixable issues\n"));
166
+ else console.log(chalk.default.green("\n ✔ All checks passed!\n"));
167
+ }
168
+
169
+ //#endregion
170
+ Object.defineProperty(exports, 'runDoctor', {
171
+ enumerable: true,
172
+ get: function () {
173
+ return runDoctor;
174
+ }
175
+ });