hyperclaw 4.0.2 → 5.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (194) hide show
  1. package/README.md +246 -60
  2. package/dist/a2ui-protocol-CfBI44-Q.js +75 -0
  3. package/dist/agents-routing-ChHiZp36.js +327 -0
  4. package/dist/agents-routing-ChqZ6l2S.js +4 -0
  5. package/dist/api-keys-guide-BCcOl0Q7.js +149 -0
  6. package/dist/api-keys-guide-CGn5BSF7.js +149 -0
  7. package/dist/audit-BJohI_vC.js +441 -0
  8. package/dist/audit-BaIiyWFu.js +441 -0
  9. package/dist/bounty-tools-CY_i91DU.js +211 -0
  10. package/dist/bounty-tools-DWudyZie.js +211 -0
  11. package/dist/browser-tools-BsTeGMnX.js +5 -0
  12. package/dist/browser-tools-D8_rLe2p.js +179 -0
  13. package/dist/claw-tasks-CgTsiNE8.js +80 -0
  14. package/dist/claw-tasks-Cyzdbhz_.js +80 -0
  15. package/dist/connector-5N0-X_xs.js +194 -0
  16. package/dist/connector-B3v0qcXg.js +425 -0
  17. package/dist/connector-B8R3iBY1.js +280 -0
  18. package/dist/connector-BAM-08NN.js +189 -0
  19. package/dist/connector-BC8FIVu4.js +181 -0
  20. package/dist/connector-BDmwwaVc.js +213 -0
  21. package/dist/connector-BGjbBy69.js +225 -0
  22. package/dist/connector-BO2SRzfG.js +218 -0
  23. package/dist/connector-BfXky0L3.js +167 -0
  24. package/dist/connector-BiiSJpx3.js +192 -0
  25. package/dist/connector-BnDmIhIu.js +85 -0
  26. package/dist/connector-C1HSoUyk.js +189 -0
  27. package/dist/connector-CKQHZOXg.js +568 -0
  28. package/dist/connector-CRl-iidy.js +239 -0
  29. package/dist/connector-Ci9glMD-.js +340 -0
  30. package/dist/connector-CjtZIEDj.js +181 -0
  31. package/dist/connector-Ck6JtOsX.js +531 -0
  32. package/dist/connector-D8Kelee0.js +286 -0
  33. package/dist/connector-DAnRJ0oP.js +162 -0
  34. package/dist/connector-DXTp5PE8.js +508 -0
  35. package/dist/connector-Dih6dUPP.js +173 -0
  36. package/dist/connector-DqTH_tPX.js +182 -0
  37. package/dist/connector-DrnEiiyP.js +419 -0
  38. package/dist/connector-DtR5GGTX.js +167 -0
  39. package/dist/connector-Tky_qS_K.js +350 -0
  40. package/dist/connector-ZSc3oTTy.js +305 -0
  41. package/dist/connector-sW5yhU1m.js +498 -0
  42. package/dist/connector-u3ICd3Ic.js +552 -0
  43. package/dist/cost-tracker-Ca1UPZ33.js +103 -0
  44. package/dist/cost-tracker-DD9wtWsr.js +103 -0
  45. package/dist/credentials-store-C6ir0Dae.js +4 -0
  46. package/dist/credentials-store-CA8UtK0T.js +77 -0
  47. package/dist/credentials-store-Cm7DH-kh.js +4 -0
  48. package/dist/credentials-store-H13LqOwJ.js +77 -0
  49. package/dist/cron-tasks-Bli7Kzd2.js +82 -0
  50. package/dist/cron-tasks-_pqQCmxc.js +82 -0
  51. package/dist/daemon-7ViroziB.js +5 -0
  52. package/dist/daemon-BfyKmZhr.js +318 -0
  53. package/dist/daemon-Bg4GtCmc.js +318 -0
  54. package/dist/daemon-DhmwY8k4.js +5 -0
  55. package/dist/delivery-BmIYy9VQ.js +4 -0
  56. package/dist/delivery-DVHmv1IR.js +4 -0
  57. package/dist/delivery-DpMX0Yyc.js +95 -0
  58. package/dist/delivery-pWUPBp1F.js +95 -0
  59. package/dist/destructive-gate-D6vWOdEl.js +101 -0
  60. package/dist/destructive-gate-DZt71UZR.js +101 -0
  61. package/dist/developer-keys-CPWT7Q6S.js +8 -0
  62. package/dist/developer-keys-DrrcUqFa.js +127 -0
  63. package/dist/doctor-BvCe8BBk.js +230 -0
  64. package/dist/doctor-CxyPLYsJ.js +6 -0
  65. package/dist/engine-B0kLfRL0.js +256 -0
  66. package/dist/engine-BJUpRUOv.js +7 -0
  67. package/dist/engine-CEDSqXfw.js +256 -0
  68. package/dist/engine-Da4JMNpI.js +7 -0
  69. package/dist/env-resolve-17ekEU6p.js +10 -0
  70. package/dist/env-resolve-CiXbWYwe.js +10 -0
  71. package/dist/env-resolve-CmGWhWXJ.js +115 -0
  72. package/dist/env-resolve-Z2XF6leB.js +115 -0
  73. package/dist/extraction-tools-HOZstZ0y.js +91 -0
  74. package/dist/extraction-tools-m4lmAv7l.js +5 -0
  75. package/dist/form_data-Cz040rio.js +8657 -0
  76. package/dist/gmail-watch-setup-Du7DVV7S.js +40 -0
  77. package/dist/health-B-asI__D.js +6 -0
  78. package/dist/health-Ds2YlpTB.js +152 -0
  79. package/dist/heartbeat-engine-BYT5ayQH.js +83 -0
  80. package/dist/heartbeat-engine-Ut6pXBD6.js +83 -0
  81. package/dist/hub-9LaKnLjY.js +6 -0
  82. package/dist/hub-CfwUz9YW.js +515 -0
  83. package/dist/hub-D0XwdjM-.js +515 -0
  84. package/dist/hub-LiD5Iztb.js +6 -0
  85. package/dist/hyperclawbot-CBiDSKsa.js +505 -0
  86. package/dist/hyperclawbot-zvczQgKx.js +505 -0
  87. package/dist/inference-0mlFQqIm.js +922 -0
  88. package/dist/inference-BKVkBREb.js +6 -0
  89. package/dist/inference-DCXH4Q3x.js +922 -0
  90. package/dist/inference-SzqFe_nk.js +6 -0
  91. package/dist/knowledge-graph-DE5lSF02.js +131 -0
  92. package/dist/knowledge-graph-iBG76fvm.js +131 -0
  93. package/dist/loader-BkDi8MD9.js +400 -0
  94. package/dist/loader-CC45xGpC.js +4 -0
  95. package/dist/loader-CnEdOyjT.js +400 -0
  96. package/dist/loader-DI2qDRPC.js +4 -0
  97. package/dist/logger-Cp8wC7F8.js +83 -0
  98. package/dist/logger-ybOp7VOC.js +83 -0
  99. package/dist/manager-03ipO9R0.js +105 -0
  100. package/dist/manager-B2Gls5RG.js +218 -0
  101. package/dist/manager-BpDfbDjg.js +117 -0
  102. package/dist/manager-Bxl0sqlh.js +4 -0
  103. package/dist/manager-CWNSML5D.js +117 -0
  104. package/dist/manager-CrVDn6eN.js +6 -0
  105. package/dist/manager-FCgF1plu.js +218 -0
  106. package/dist/manager-SJe9gt-q.js +4 -0
  107. package/dist/manager-rgCsaWT1.js +40 -0
  108. package/dist/mcp-CfoSU4Uz.js +139 -0
  109. package/dist/mcp-loader-CvxRDtPC.js +94 -0
  110. package/dist/mcp-loader-DkRBsLpk.js +94 -0
  111. package/dist/memory-BlHL7JCO.js +4 -0
  112. package/dist/memory-DsS_eFvJ.js +270 -0
  113. package/dist/memory-auto-BkvtSFUw.js +5 -0
  114. package/dist/memory-auto-Bnz_-1wP.js +306 -0
  115. package/dist/memory-auto-CpQHZlEJ.js +306 -0
  116. package/dist/memory-auto-Z6LCf-iK.js +5 -0
  117. package/dist/memory-integration-cSYkZyEo.js +91 -0
  118. package/dist/memory-integration-g2vxwgoE.js +91 -0
  119. package/dist/moltbook-BtLDZTfM.js +81 -0
  120. package/dist/moltbook-Cl8cQfxJ.js +81 -0
  121. package/dist/node-Dw2Gi-cP.js +222 -0
  122. package/dist/nodes-registry-B8dmrlLv.js +52 -0
  123. package/dist/nodes-registry-C9dCFwjh.js +52 -0
  124. package/dist/oauth-flow-CeaaGAz0.js +150 -0
  125. package/dist/oauth-flow-DQPvMHRH.js +150 -0
  126. package/dist/oauth-provider-B4dzn56l.js +110 -0
  127. package/dist/oauth-provider-Uo4Nib_c.js +110 -0
  128. package/dist/observability-BV-Yx0V9.js +89 -0
  129. package/dist/observability-nZ3CBIxG.js +89 -0
  130. package/dist/onboard-0WoDxbv_.js +10 -0
  131. package/dist/onboard-BBBWcfhp.js +10 -0
  132. package/dist/onboard-BXNXCQp4.js +4070 -0
  133. package/dist/onboard-Bw28IRQ3.js +4070 -0
  134. package/dist/orchestrator-BovkM63z.js +6 -0
  135. package/dist/orchestrator-DSbpkP1X.js +189 -0
  136. package/dist/orchestrator-DmnEvMaL.js +189 -0
  137. package/dist/orchestrator-RI3bpqqc.js +6 -0
  138. package/dist/osint-B4_m3VHQ.js +277 -0
  139. package/dist/pairing-6iM27aD8.js +196 -0
  140. package/dist/pairing-dGoiGepK.js +4 -0
  141. package/dist/pc-access-CgCsYrpt.js +8 -0
  142. package/dist/pc-access-_iH2aorG.js +819 -0
  143. package/dist/pending-approval-BgNjjuI2.js +22 -0
  144. package/dist/pending-approval-CUXjysAo.js +22 -0
  145. package/dist/reminders-store-Drjed_-h.js +58 -0
  146. package/dist/renderer-BVQrd0_g.js +225 -0
  147. package/dist/rules-BE4GV6cV.js +103 -0
  148. package/dist/run-main.js +1639 -460
  149. package/dist/runner-CJFJUtPm.js +1271 -0
  150. package/dist/runner-DatMMYYE.js +1271 -0
  151. package/dist/sdk/index.js +2 -2
  152. package/dist/sdk/index.mjs +2 -2
  153. package/dist/security-BqNyT4ID.js +4 -0
  154. package/dist/security-tpgqPWWH.js +73 -0
  155. package/dist/server-Brl_HQUB.js +1255 -0
  156. package/dist/server-D4wVHiX9.js +4 -0
  157. package/dist/server-Dh3JlBFB.js +1255 -0
  158. package/dist/server-DhfipkwN.js +4 -0
  159. package/dist/session-store-BUiPz0Vv.js +5 -0
  160. package/dist/session-store-is4B6qmD.js +113 -0
  161. package/dist/sessions-tools-CbUTFe4i.js +5 -0
  162. package/dist/sessions-tools-CeqD7iil.js +95 -0
  163. package/dist/skill-loader-BaNLVmJy.js +7 -0
  164. package/dist/skill-loader-HgpF6Vqs.js +159 -0
  165. package/dist/skill-runtime-BXWd-Ktf.js +102 -0
  166. package/dist/skill-runtime-CJN24QPW.js +102 -0
  167. package/dist/skill-runtime-jgklm02e.js +5 -0
  168. package/dist/skill-runtime-w1ig_lcw.js +5 -0
  169. package/dist/src-Bhybpk1J.js +63 -0
  170. package/dist/src-BxPHKO5x.js +63 -0
  171. package/dist/src-DIc-L2IG.js +20 -0
  172. package/dist/src-DMJ4-uqk.js +458 -0
  173. package/dist/src-g_rNx5rh.js +458 -0
  174. package/dist/sub-agent-tools-CHQoHz9c.js +39 -0
  175. package/dist/sub-agent-tools-DHY-4WWM.js +39 -0
  176. package/dist/theme-DcxwcUgZ.js +180 -0
  177. package/dist/theme-cx0fkgWC.js +8 -0
  178. package/dist/tool-policy-CNT-mF2Z.js +189 -0
  179. package/dist/tool-policy-DZvF8xlQ.js +189 -0
  180. package/dist/tts-elevenlabs-BRosZv-f.js +61 -0
  181. package/dist/tts-elevenlabs-C06nUxMK.js +61 -0
  182. package/dist/update-check-C2Dz85wJ.js +81 -0
  183. package/dist/update-check-w4XuxVl7.js +81 -0
  184. package/dist/vision-BMmiIKy7.js +121 -0
  185. package/dist/vision-JOtOS1Br.js +121 -0
  186. package/dist/vision-tools-CB28ZCO_.js +5 -0
  187. package/dist/vision-tools-DVuYc17I.js +51 -0
  188. package/dist/vision-tools-U3YC4L-g.js +5 -0
  189. package/dist/vision-tools-vPPwQ-0N.js +51 -0
  190. package/dist/voice-transcription-B555DbWR.js +138 -0
  191. package/dist/voice-transcription-DBo5hXmu.js +138 -0
  192. package/dist/website-watch-tools-DFMrJU-R.js +139 -0
  193. package/dist/website-watch-tools-Du3W5sN7.js +5 -0
  194. package/package.json +1 -1
package/dist/oauth-flow-CeaaGAz0.js ADDED
@@ -0,0 +1,150 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+ const path = require_chunk.__toESM(require("path"));
3
+ const os = require_chunk.__toESM(require("os"));
4
+ const crypto = require_chunk.__toESM(require("crypto"));
5
+ const http = require_chunk.__toESM(require("http"));
6
+
7
+ //#region src/services/oauth-flow.ts
8
+ const HC_DIR = path.default.join(os.default.homedir(), ".hyperclaw");
9
+ const REDIRECT_PORT = 38789;
10
+ const REDIRECT_PATH = "/oauth/callback";
11
+ const PROVIDERS = {
12
+ google: {
13
+ authorize_url: "https://accounts.google.com/o/oauth2/v2/auth",
14
+ token_url: "https://oauth2.googleapis.com/token",
15
+ scopes: [
16
+ "openid",
17
+ "email",
18
+ "profile",
19
+ "https://www.googleapis.com/auth/aiplatform"
20
+ ],
21
+ client_id: process.env.GOOGLE_OAUTH_CLIENT_ID || "",
22
+ client_secret: process.env.GOOGLE_OAUTH_CLIENT_SECRET
23
+ },
24
+ "google-gmail": {
25
+ authorize_url: "https://accounts.google.com/o/oauth2/v2/auth",
26
+ token_url: "https://oauth2.googleapis.com/token",
27
+ scopes: [
28
+ "openid",
29
+ "email",
30
+ "profile",
31
+ "https://www.googleapis.com/auth/gmail.modify",
32
+ "https://mail.google.com/"
33
+ ],
34
+ client_id: process.env.GOOGLE_OAUTH_CLIENT_ID || "",
35
+ client_secret: process.env.GOOGLE_OAUTH_CLIENT_SECRET
36
+ },
37
+ microsoft: {
38
+ authorize_url: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
39
+ token_url: "https://login.microsoftonline.com/common/oauth2/v2.0/token",
40
+ scopes: [
41
+ "openid",
42
+ "profile",
43
+ "offline_access",
44
+ "https://cognitiveservices.azure.com/.default"
45
+ ],
46
+ client_id: process.env.AZURE_OAUTH_CLIENT_ID || process.env.MICROSOFT_OAUTH_CLIENT_ID || "",
47
+ client_secret: process.env.AZURE_OAUTH_CLIENT_SECRET || process.env.MICROSOFT_OAUTH_CLIENT_SECRET
48
+ }
49
+ };
50
+ async function runOAuthFlow(providerId, opts) {
51
+ const cfg = PROVIDERS[providerId];
52
+ if (!cfg) throw new Error(`OAuth provider "${providerId}" not configured. Supported: google, google-gmail (Gmail Pub/Sub), microsoft. Anthropic/OpenAI: use "hyperclaw auth add" (API keys) or "hyperclaw auth setup-token anthropic" for Claude Pro/Max.`);
53
+ const clientId = opts?.clientId || cfg.client_id || process.env.OAUTH_CLIENT_ID;
54
+ const clientSecret = opts?.clientSecret || cfg.client_secret || process.env.OAUTH_CLIENT_SECRET;
55
+ const scopes = opts?.scopes || cfg.scopes;
56
+ if (!clientId) {
57
+ const hint = providerId === "google" ? "Set GOOGLE_OAUTH_CLIENT_ID or OAUTH_CLIENT_ID. Create at: https://console.cloud.google.com/apis/credentials" : providerId === "microsoft" ? "Set AZURE_OAUTH_CLIENT_ID. Create at: https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade" : "Set OAUTH_CLIENT_ID or pass --client-id";
58
+ throw new Error(`OAuth client_id required. ${hint}`);
59
+ }
60
+ const codeVerifier = crypto.default.randomBytes(32).toString("base64url");
61
+ const codeChallenge = crypto.default.createHash("sha256").update(codeVerifier).digest("base64url");
62
+ const authParams = new URLSearchParams({
63
+ client_id: clientId,
64
+ redirect_uri: `http://127.0.0.1:${REDIRECT_PORT}${REDIRECT_PATH}`,
65
+ response_type: "code",
66
+ scope: scopes.join(" "),
67
+ code_challenge: codeChallenge,
68
+ code_challenge_method: "S256",
69
+ access_type: "offline",
70
+ prompt: "consent"
71
+ });
72
+ const authUrl = `${cfg.authorize_url}?${authParams}`;
73
+ return new Promise((resolve, reject) => {
74
+ const server = http.default.createServer(async (req, res) => {
75
+ const url = new URL(req.url || "/", `http://127.0.0.1`);
76
+ if (url.pathname !== REDIRECT_PATH) {
77
+ res.writeHead(404);
78
+ res.end("Not found");
79
+ return;
80
+ }
81
+ const code = url.searchParams.get("code");
82
+ const error = url.searchParams.get("error");
83
+ res.setHeader("Content-Type", "text/html; charset=utf-8");
84
+ if (error) {
85
+ res.writeHead(400);
86
+ res.end(`<h1>OAuth error</h1><p>${error}</p><p>You can close this tab.</p>`);
87
+ server.close();
88
+ reject(new Error(`OAuth error: ${error}`));
89
+ return;
90
+ }
91
+ if (!code) {
92
+ res.writeHead(400);
93
+ res.end("<h1>No code received</h1><p>You can close this tab.</p>");
94
+ server.close();
95
+ reject(new Error("No authorization code received"));
96
+ return;
97
+ }
98
+ const body = new URLSearchParams({
99
+ grant_type: "authorization_code",
100
+ code,
101
+ redirect_uri: `http://127.0.0.1:${REDIRECT_PORT}${REDIRECT_PATH}`,
102
+ code_verifier: codeVerifier
103
+ });
104
+ if (clientSecret) body.set("client_secret", clientSecret);
105
+ body.set("client_id", clientId);
106
+ try {
107
+ const tokenRes = await fetch(cfg.token_url, {
108
+ method: "POST",
109
+ headers: { "Content-Type": "application/x-www-form-urlencoded" },
110
+ body: body.toString()
111
+ });
112
+ const tokenData = await tokenRes.json();
113
+ if (tokenData.error) {
114
+ res.writeHead(400);
115
+ res.end(`<h1>Token error</h1><p>${tokenData.error}</p><p>You can close this tab.</p>`);
116
+ server.close();
117
+ reject(new Error(tokenData.error_description || tokenData.error));
118
+ return;
119
+ }
120
+ res.writeHead(200);
121
+ res.end("<h1>Success!</h1><p>HyperClaw has received your tokens. You can close this tab and return to the terminal.</p>");
122
+ server.close();
123
+ resolve({
124
+ access_token: tokenData.access_token,
125
+ refresh_token: tokenData.refresh_token,
126
+ expires_in: tokenData.expires_in
127
+ });
128
+ } catch (e) {
129
+ res.writeHead(500);
130
+ res.end(`<h1>Error</h1><p>${e.message}</p><p>You can close this tab.</p>`);
131
+ server.close();
132
+ reject(e);
133
+ }
134
+ });
135
+ server.listen(REDIRECT_PORT, "127.0.0.1", () => {
136
+ try {
137
+ const { exec } = require("child_process");
138
+ const opener = process.platform === "win32" ? `start "" "${authUrl}"` : (process.platform === "darwin" ? "open" : "xdg-open") + ` "${authUrl}"`;
139
+ exec(opener);
140
+ } catch {}
141
+ });
142
+ server.on("error", (err) => {
143
+ server.close();
144
+ reject(err);
145
+ });
146
+ });
147
+ }
148
+
149
+ //#endregion
150
+ exports.runOAuthFlow = runOAuthFlow;
package/dist/oauth-flow-DQPvMHRH.js ADDED
@@ -0,0 +1,150 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+ const path = require_chunk.__toESM(require("path"));
3
+ const os = require_chunk.__toESM(require("os"));
4
+ const crypto = require_chunk.__toESM(require("crypto"));
5
+ const http = require_chunk.__toESM(require("http"));
6
+
7
+ //#region src/services/oauth-flow.ts
8
+ const HC_DIR = path.default.join(os.default.homedir(), ".hyperclaw");
9
+ const REDIRECT_PORT = 38789;
10
+ const REDIRECT_PATH = "/oauth/callback";
11
+ const PROVIDERS = {
12
+ google: {
13
+ authorize_url: "https://accounts.google.com/o/oauth2/v2/auth",
14
+ token_url: "https://oauth2.googleapis.com/token",
15
+ scopes: [
16
+ "openid",
17
+ "email",
18
+ "profile",
19
+ "https://www.googleapis.com/auth/aiplatform"
20
+ ],
21
+ client_id: process.env.GOOGLE_OAUTH_CLIENT_ID || "",
22
+ client_secret: process.env.GOOGLE_OAUTH_CLIENT_SECRET
23
+ },
24
+ "google-gmail": {
25
+ authorize_url: "https://accounts.google.com/o/oauth2/v2/auth",
26
+ token_url: "https://oauth2.googleapis.com/token",
27
+ scopes: [
28
+ "openid",
29
+ "email",
30
+ "profile",
31
+ "https://www.googleapis.com/auth/gmail.modify",
32
+ "https://mail.google.com/"
33
+ ],
34
+ client_id: process.env.GOOGLE_OAUTH_CLIENT_ID || "",
35
+ client_secret: process.env.GOOGLE_OAUTH_CLIENT_SECRET
36
+ },
37
+ microsoft: {
38
+ authorize_url: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
39
+ token_url: "https://login.microsoftonline.com/common/oauth2/v2.0/token",
40
+ scopes: [
41
+ "openid",
42
+ "profile",
43
+ "offline_access",
44
+ "https://cognitiveservices.azure.com/.default"
45
+ ],
46
+ client_id: process.env.AZURE_OAUTH_CLIENT_ID || process.env.MICROSOFT_OAUTH_CLIENT_ID || "",
47
+ client_secret: process.env.AZURE_OAUTH_CLIENT_SECRET || process.env.MICROSOFT_OAUTH_CLIENT_SECRET
48
+ }
49
+ };
50
+ async function runOAuthFlow(providerId, opts) {
51
+ const cfg = PROVIDERS[providerId];
52
+ if (!cfg) throw new Error(`OAuth provider "${providerId}" not configured. Supported: google, google-gmail (Gmail Pub/Sub), microsoft. Anthropic/OpenAI: use "hyperclaw auth add" (API keys) or "hyperclaw auth setup-token anthropic" for Claude Pro/Max.`);
53
+ const clientId = opts?.clientId || cfg.client_id || process.env.OAUTH_CLIENT_ID;
54
+ const clientSecret = opts?.clientSecret || cfg.client_secret || process.env.OAUTH_CLIENT_SECRET;
55
+ const scopes = opts?.scopes || cfg.scopes;
56
+ if (!clientId) {
57
+ const hint = providerId === "google" ? "Set GOOGLE_OAUTH_CLIENT_ID or OAUTH_CLIENT_ID. Create at: https://console.cloud.google.com/apis/credentials" : providerId === "microsoft" ? "Set AZURE_OAUTH_CLIENT_ID. Create at: https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade" : "Set OAUTH_CLIENT_ID or pass --client-id";
58
+ throw new Error(`OAuth client_id required. ${hint}`);
59
+ }
60
+ const codeVerifier = crypto.default.randomBytes(32).toString("base64url");
61
+ const codeChallenge = crypto.default.createHash("sha256").update(codeVerifier).digest("base64url");
62
+ const authParams = new URLSearchParams({
63
+ client_id: clientId,
64
+ redirect_uri: `http://127.0.0.1:${REDIRECT_PORT}${REDIRECT_PATH}`,
65
+ response_type: "code",
66
+ scope: scopes.join(" "),
67
+ code_challenge: codeChallenge,
68
+ code_challenge_method: "S256",
69
+ access_type: "offline",
70
+ prompt: "consent"
71
+ });
72
+ const authUrl = `${cfg.authorize_url}?${authParams}`;
73
+ return new Promise((resolve, reject) => {
74
+ const server = http.default.createServer(async (req, res) => {
75
+ const url = new URL(req.url || "/", `http://127.0.0.1`);
76
+ if (url.pathname !== REDIRECT_PATH) {
77
+ res.writeHead(404);
78
+ res.end("Not found");
79
+ return;
80
+ }
81
+ const code = url.searchParams.get("code");
82
+ const error = url.searchParams.get("error");
83
+ res.setHeader("Content-Type", "text/html; charset=utf-8");
84
+ if (error) {
85
+ res.writeHead(400);
86
+ res.end(`<h1>OAuth error</h1><p>${error}</p><p>You can close this tab.</p>`);
87
+ server.close();
88
+ reject(new Error(`OAuth error: ${error}`));
89
+ return;
90
+ }
91
+ if (!code) {
92
+ res.writeHead(400);
93
+ res.end("<h1>No code received</h1><p>You can close this tab.</p>");
94
+ server.close();
95
+ reject(new Error("No authorization code received"));
96
+ return;
97
+ }
98
+ const body = new URLSearchParams({
99
+ grant_type: "authorization_code",
100
+ code,
101
+ redirect_uri: `http://127.0.0.1:${REDIRECT_PORT}${REDIRECT_PATH}`,
102
+ code_verifier: codeVerifier
103
+ });
104
+ if (clientSecret) body.set("client_secret", clientSecret);
105
+ body.set("client_id", clientId);
106
+ try {
107
+ const tokenRes = await fetch(cfg.token_url, {
108
+ method: "POST",
109
+ headers: { "Content-Type": "application/x-www-form-urlencoded" },
110
+ body: body.toString()
111
+ });
112
+ const tokenData = await tokenRes.json();
113
+ if (tokenData.error) {
114
+ res.writeHead(400);
115
+ res.end(`<h1>Token error</h1><p>${tokenData.error}</p><p>You can close this tab.</p>`);
116
+ server.close();
117
+ reject(new Error(tokenData.error_description || tokenData.error));
118
+ return;
119
+ }
120
+ res.writeHead(200);
121
+ res.end("<h1>Success!</h1><p>HyperClaw has received your tokens. You can close this tab and return to the terminal.</p>");
122
+ server.close();
123
+ resolve({
124
+ access_token: tokenData.access_token,
125
+ refresh_token: tokenData.refresh_token,
126
+ expires_in: tokenData.expires_in
127
+ });
128
+ } catch (e) {
129
+ res.writeHead(500);
130
+ res.end(`<h1>Error</h1><p>${e.message}</p><p>You can close this tab.</p>`);
131
+ server.close();
132
+ reject(e);
133
+ }
134
+ });
135
+ server.listen(REDIRECT_PORT, "127.0.0.1", () => {
136
+ try {
137
+ const { exec } = require("child_process");
138
+ const opener = process.platform === "win32" ? `start "" "${authUrl}"` : (process.platform === "darwin" ? "open" : "xdg-open") + ` "${authUrl}"`;
139
+ exec(opener);
140
+ } catch {}
141
+ });
142
+ server.on("error", (err) => {
143
+ server.close();
144
+ reject(err);
145
+ });
146
+ });
147
+ }
148
+
149
+ //#endregion
150
+ exports.runOAuthFlow = runOAuthFlow;
package/dist/oauth-provider-B4dzn56l.js ADDED
@@ -0,0 +1,110 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+ const fs_extra = require_chunk.__toESM(require("fs-extra"));
3
+ const path = require_chunk.__toESM(require("path"));
4
+ const os = require_chunk.__toESM(require("os"));
5
+ const https = require_chunk.__toESM(require("https"));
6
+
7
+ //#region src/services/oauth-provider.ts
8
+ function defaultTokenPath(providerId) {
9
+ return path.default.join(HC_DIR, `oauth-${providerId}.json`);
10
+ }
11
+ async function getProviderCredentialAsync(cfg) {
12
+ if (!cfg?.provider) return "";
13
+ const authType = cfg.provider.authType ?? "api_key";
14
+ if (authType === "api_key") {
15
+ const key = cfg.provider.apiKey;
16
+ if (key) return key;
17
+ const pid = cfg.provider.providerId || "openrouter";
18
+ switch (pid) {
19
+ case "openrouter": return process.env.OPENROUTER_API_KEY || "";
20
+ case "anthropic": return process.env.ANTHROPIC_API_KEY || "";
21
+ case "openai": return process.env.OPENAI_API_KEY || "";
22
+ case "xai": return process.env.XAI_API_KEY || "";
23
+ case "google": return process.env.GOOGLE_AI_API_KEY || "";
24
+ default: return process.env.OPENROUTER_API_KEY || process.env.ANTHROPIC_API_KEY || "";
25
+ }
26
+ }
27
+ const tokenPath = cfg.provider.oauthTokenPath || defaultTokenPath(cfg.provider.providerId || "default");
28
+ if (!await fs_extra.default.pathExists(tokenPath)) return "";
29
+ let data;
30
+ try {
31
+ data = await fs_extra.default.readJson(tokenPath);
32
+ } catch {
33
+ return "";
34
+ }
35
+ if (!data.access_token) return "";
36
+ const now = Math.floor(Date.now() / 1e3);
37
+ const expiresAt = data.expires_at ?? 0;
38
+ if (expiresAt > 0 && now < expiresAt - 60) return data.access_token;
39
+ if (!data.refresh_token) return data.access_token;
40
+ const tokenUrl = data.token_url || DEFAULT_REFRESH_URLS[cfg.provider.providerId || ""] || "";
41
+ if (!tokenUrl) return data.access_token;
42
+ const refreshed = await refreshAccessToken({
43
+ token_url: tokenUrl,
44
+ refresh_token: data.refresh_token,
45
+ client_id: data.client_id || process.env.OAUTH_CLIENT_ID,
46
+ client_secret: data.client_secret || process.env.OAUTH_CLIENT_SECRET
47
+ });
48
+ if (refreshed.access_token) {
49
+ data.access_token = refreshed.access_token;
50
+ if (refreshed.expires_in) data.expires_at = now + refreshed.expires_in;
51
+ await fs_extra.default.writeJson(tokenPath, data, { spaces: 2 });
52
+ return data.access_token;
53
+ }
54
+ return data.access_token;
55
+ }
56
+ async function refreshAccessToken(opts) {
57
+ const body = new URLSearchParams({
58
+ grant_type: "refresh_token",
59
+ refresh_token: opts.refresh_token
60
+ });
61
+ if (opts.client_id) body.set("client_id", opts.client_id);
62
+ if (opts.client_secret) body.set("client_secret", opts.client_secret);
63
+ const u = new URL(opts.token_url);
64
+ return new Promise((resolve) => {
65
+ const req = https.default.request({
66
+ hostname: u.hostname,
67
+ port: 443,
68
+ path: u.pathname + u.search,
69
+ method: "POST",
70
+ headers: { "Content-Type": "application/x-www-form-urlencoded" }
71
+ }, (res) => {
72
+ let data = "";
73
+ res.on("data", (c) => data += c);
74
+ res.on("end", () => {
75
+ try {
76
+ const j = JSON.parse(data);
77
+ resolve({
78
+ access_token: j.access_token,
79
+ expires_in: j.expires_in
80
+ });
81
+ } catch {
82
+ resolve({});
83
+ }
84
+ });
85
+ });
86
+ req.on("error", () => resolve({}));
87
+ req.write(body.toString());
88
+ req.end();
89
+ });
90
+ }
91
+ /** Write token file (e.g. after OAuth callback or manual paste). */
92
+ async function writeOAuthToken(providerId, token, customPath) {
93
+ const p = customPath || defaultTokenPath(providerId);
94
+ await fs_extra.default.ensureDir(path.default.dirname(p));
95
+ await fs_extra.default.writeJson(p, token, { spaces: 2 });
96
+ }
97
+ var HC_DIR, DEFAULT_REFRESH_URLS;
98
+ var init_oauth_provider = require_chunk.__esm({ "src/services/oauth-provider.ts"() {
99
+ HC_DIR = path.default.join(os.default.homedir(), ".hyperclaw");
100
+ DEFAULT_REFRESH_URLS = {
101
+ google: "https://oauth2.googleapis.com/token",
102
+ openai: "https://api.openai.com/v1/auth/refresh",
103
+ anthropic: ""
104
+ };
105
+ } });
106
+
107
+ //#endregion
108
+ init_oauth_provider();
109
+ exports.getProviderCredentialAsync = getProviderCredentialAsync;
110
+ exports.writeOAuthToken = writeOAuthToken;
package/dist/oauth-provider-Uo4Nib_c.js ADDED
@@ -0,0 +1,110 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+ const fs_extra = require_chunk.__toESM(require("fs-extra"));
3
+ const path = require_chunk.__toESM(require("path"));
4
+ const os = require_chunk.__toESM(require("os"));
5
+ const https = require_chunk.__toESM(require("https"));
6
+
7
+ //#region src/services/oauth-provider.ts
8
+ function defaultTokenPath(providerId) {
9
+ return path.default.join(HC_DIR, `oauth-${providerId}.json`);
10
+ }
11
+ async function getProviderCredentialAsync(cfg) {
12
+ if (!cfg?.provider) return "";
13
+ const authType = cfg.provider.authType ?? "api_key";
14
+ if (authType === "api_key") {
15
+ const key = cfg.provider.apiKey;
16
+ if (key) return key;
17
+ const pid = cfg.provider.providerId || "openrouter";
18
+ switch (pid) {
19
+ case "openrouter": return process.env.OPENROUTER_API_KEY || "";
20
+ case "anthropic": return process.env.ANTHROPIC_API_KEY || "";
21
+ case "openai": return process.env.OPENAI_API_KEY || "";
22
+ case "xai": return process.env.XAI_API_KEY || "";
23
+ case "google": return process.env.GOOGLE_AI_API_KEY || "";
24
+ default: return process.env.OPENROUTER_API_KEY || process.env.ANTHROPIC_API_KEY || "";
25
+ }
26
+ }
27
+ const tokenPath = cfg.provider.oauthTokenPath || defaultTokenPath(cfg.provider.providerId || "default");
28
+ if (!await fs_extra.default.pathExists(tokenPath)) return "";
29
+ let data;
30
+ try {
31
+ data = await fs_extra.default.readJson(tokenPath);
32
+ } catch {
33
+ return "";
34
+ }
35
+ if (!data.access_token) return "";
36
+ const now = Math.floor(Date.now() / 1e3);
37
+ const expiresAt = data.expires_at ?? 0;
38
+ if (expiresAt > 0 && now < expiresAt - 60) return data.access_token;
39
+ if (!data.refresh_token) return data.access_token;
40
+ const tokenUrl = data.token_url || DEFAULT_REFRESH_URLS[cfg.provider.providerId || ""] || "";
41
+ if (!tokenUrl) return data.access_token;
42
+ const refreshed = await refreshAccessToken({
43
+ token_url: tokenUrl,
44
+ refresh_token: data.refresh_token,
45
+ client_id: data.client_id || process.env.OAUTH_CLIENT_ID,
46
+ client_secret: data.client_secret || process.env.OAUTH_CLIENT_SECRET
47
+ });
48
+ if (refreshed.access_token) {
49
+ data.access_token = refreshed.access_token;
50
+ if (refreshed.expires_in) data.expires_at = now + refreshed.expires_in;
51
+ await fs_extra.default.writeJson(tokenPath, data, { spaces: 2 });
52
+ return data.access_token;
53
+ }
54
+ return data.access_token;
55
+ }
56
+ async function refreshAccessToken(opts) {
57
+ const body = new URLSearchParams({
58
+ grant_type: "refresh_token",
59
+ refresh_token: opts.refresh_token
60
+ });
61
+ if (opts.client_id) body.set("client_id", opts.client_id);
62
+ if (opts.client_secret) body.set("client_secret", opts.client_secret);
63
+ const u = new URL(opts.token_url);
64
+ return new Promise((resolve) => {
65
+ const req = https.default.request({
66
+ hostname: u.hostname,
67
+ port: 443,
68
+ path: u.pathname + u.search,
69
+ method: "POST",
70
+ headers: { "Content-Type": "application/x-www-form-urlencoded" }
71
+ }, (res) => {
72
+ let data = "";
73
+ res.on("data", (c) => data += c);
74
+ res.on("end", () => {
75
+ try {
76
+ const j = JSON.parse(data);
77
+ resolve({
78
+ access_token: j.access_token,
79
+ expires_in: j.expires_in
80
+ });
81
+ } catch {
82
+ resolve({});
83
+ }
84
+ });
85
+ });
86
+ req.on("error", () => resolve({}));
87
+ req.write(body.toString());
88
+ req.end();
89
+ });
90
+ }
91
+ /** Write token file (e.g. after OAuth callback or manual paste). */
92
+ async function writeOAuthToken(providerId, token, customPath) {
93
+ const p = customPath || defaultTokenPath(providerId);
94
+ await fs_extra.default.ensureDir(path.default.dirname(p));
95
+ await fs_extra.default.writeJson(p, token, { spaces: 2 });
96
+ }
97
+ var HC_DIR, DEFAULT_REFRESH_URLS;
98
+ var init_oauth_provider = require_chunk.__esm({ "src/services/oauth-provider.ts"() {
99
+ HC_DIR = path.default.join(os.default.homedir(), ".hyperclaw");
100
+ DEFAULT_REFRESH_URLS = {
101
+ google: "https://oauth2.googleapis.com/token",
102
+ openai: "https://api.openai.com/v1/auth/refresh",
103
+ anthropic: ""
104
+ };
105
+ } });
106
+
107
+ //#endregion
108
+ init_oauth_provider();
109
+ exports.getProviderCredentialAsync = getProviderCredentialAsync;
110
+ exports.writeOAuthToken = writeOAuthToken;
package/dist/observability-BV-Yx0V9.js ADDED
@@ -0,0 +1,89 @@
1
+ const require_chunk = require('./chunk-jS-bbMI5.js');
2
+
3
+ //#region src/infra/observability.ts
4
+ /** Rough cost per 1M tokens (Claude Sonnet ballpark). */
5
+ const COST_PER_1M_INPUT = 3;
6
+ const COST_PER_1M_OUTPUT = 15;
7
+ function estimateCost(usage) {
8
+ if (!usage) return 0;
9
+ const inp = (usage.input || 0) + (usage.cacheRead || 0);
10
+ return inp / 1e6 * COST_PER_1M_INPUT + (usage.output || 0) / 1e6 * COST_PER_1M_OUTPUT;
11
+ }
12
+ function createRunTracer(sessionId, source) {
13
+ const startTime = (/* @__PURE__ */ new Date()).toISOString();
14
+ const toolCalls = [];
15
+ const pending = [];
16
+ const trace = {
17
+ sessionId,
18
+ source,
19
+ startTime,
20
+ toolCalls
21
+ };
22
+ return {
23
+ trace,
24
+ onToolCall(name, input) {
25
+ pending.push({
26
+ name,
27
+ input
28
+ });
29
+ },
30
+ onToolResult(name, result) {
31
+ const head = pending.shift();
32
+ toolCalls.push({
33
+ name: name || head?.name || "unknown",
34
+ input: head?.input ?? {},
35
+ result: result.slice(0, 500),
36
+ at: (/* @__PURE__ */ new Date()).toISOString()
37
+ });
38
+ },
39
+ onRunEnd(usage, error) {
40
+ trace.endTime = (/* @__PURE__ */ new Date()).toISOString();
41
+ trace.usage = usage;
42
+ trace.costUsd = estimateCost(usage);
43
+ trace.error = error;
44
+ }
45
+ };
46
+ }
47
+ /** List trace files (for querying). */
48
+ async function listTraces(baseDir, limit = 50) {
49
+ try {
50
+ const fs = await import("fs-extra");
51
+ const path = await import("path");
52
+ const dir = path.join(baseDir, "traces");
53
+ if (!await fs.pathExists(dir)) return [];
54
+ const files = (await fs.readdir(dir)).filter((f) => f.endsWith(".json")).map((f) => path.join(dir, f));
55
+ const stats = await Promise.all(files.map(async (fp) => ({
56
+ fp,
57
+ mtime: (await fs.stat(fp)).mtime.getTime()
58
+ })));
59
+ stats.sort((a, b) => b.mtime - a.mtime);
60
+ const out = [];
61
+ for (const { fp } of stats.slice(0, limit)) try {
62
+ out.push(await fs.readJson(fp));
63
+ } catch {}
64
+ return out;
65
+ } catch {
66
+ return [];
67
+ }
68
+ }
69
+ /** Write trace to file (e.g. ~/.hyperclaw/traces/). */
70
+ async function writeTraceToFile(baseDir, trace) {
71
+ try {
72
+ const fs = await import("fs-extra");
73
+ const path = await import("path");
74
+ const dir = path.join(baseDir, "traces");
75
+ await fs.ensureDir(dir);
76
+ const name = `run-${trace.startTime.replace(/[:.]/g, "-")}.json`;
77
+ const fp = path.join(dir, name);
78
+ await fs.writeJson(fp, trace, { spaces: 0 });
79
+ return fp;
80
+ } catch {
81
+ return null;
82
+ }
83
+ }
84
+
85
+ //#endregion
86
+ exports.createRunTracer = createRunTracer;
87
+ exports.estimateCost = estimateCost;
88
+ exports.listTraces = listTraces;
89
+ exports.writeTraceToFile = writeTraceToFile;