hyperclaw 5.2.0 → 5.2.2

package/dist/connector-By9pLJgR.js

@@ -0,0 +1,340 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const chalk = require_chunk.__toESM(require("chalk"));
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+const os = require_chunk.__toESM(require("os"));
+const crypto = require_chunk.__toESM(require("crypto"));
+const http = require_chunk.__toESM(require("http"));
+const https = require_chunk.__toESM(require("https"));
+const events = require_chunk.__toESM(require("events"));
+
+//#region extensions/nextcloud/src/connector.ts
+const STATE_FILE = path.default.join(os.default.homedir(), ".hyperclaw", "nextcloud-talk-state.json");
+const DEFAULT_PORT = 8788;
+const DEFAULT_HOST = "0.0.0.0";
+const DEFAULT_PATH = "/nextcloud-talk-webhook";
+const DEFAULT_CHUNK = 32e3;
+function ocsReq(baseUrl, user, password, method, apiPath, body) {
+	return new Promise((resolve, reject) => {
+		const url = new URL(`${baseUrl}/ocs/v2.php/apps/spreed/api/v4${apiPath}`);
+		const isHttps = url.protocol === "https:";
+		const mod = isHttps ? https.default : http.default;
+		const auth = Buffer.from(`${user}:${password}`).toString("base64");
+		const payload = body ? JSON.stringify(body) : null;
+		const req = mod.request({
+			hostname: url.hostname,
+			port: url.port || (isHttps ? 443 : 80),
+			path: url.pathname + url.search,
+			method,
+			headers: {
+				Authorization: `Basic ${auth}`,
+				"OCS-APIRequest": "true",
+				Accept: "application/json",
+				...payload ? {
+					"Content-Type": "application/json",
+					"Content-Length": Buffer.byteLength(payload)
+				} : {}
+			}
+		}, (res) => {
+			let data = "";
+			res.on("data", (c) => data += c);
+			res.on("end", () => {
+				try {
+					const parsed = JSON.parse(data);
+					const ocs = parsed?.ocs;
+					if (ocs?.meta?.statuscode >= 400) reject(new Error(ocs.meta.message || "OCS error"));
+					else resolve(ocs?.data ?? parsed);
+				} catch {
+					reject(new Error("Nextcloud: invalid JSON"));
+				}
+			});
+		});
+		req.on("error", reject);
+		if (payload) req.write(payload);
+		req.end();
+	});
+}
+/** Send a message via the Talk bot API (X-Nextcloud-Talk-Bot-Secret auth). */
+function botSend(baseUrl, secret, token, message, referenceId) {
+	return new Promise((resolve, reject) => {
+		const url = new URL(`${baseUrl}/ocs/v2.php/apps/spreed/api/v1/bot/${token}/message`);
+		const isHttps = url.protocol === "https:";
+		const mod = isHttps ? https.default : http.default;
+		const payload = JSON.stringify({
+			message,
+			referenceId: referenceId || crypto.default.randomBytes(8).toString("hex")
+		});
+		const req = mod.request({
+			hostname: url.hostname,
+			port: url.port || (isHttps ? 443 : 80),
+			path: url.pathname,
+			method: "POST",
+			headers: {
+				"X-Nextcloud-Talk-Bot-Secret": secret,
+				"OCS-APIRequest": "true",
+				"Content-Type": "application/json",
+				"Content-Length": Buffer.byteLength(payload)
+			}
+		}, (res) => {
+			let data = "";
+			res.on("data", (c) => data += c);
+			res.on("end", () => {
+				try {
+					resolve(JSON.parse(data));
+				} catch {
+					resolve({});
+				}
+			});
+		});
+		req.on("error", reject);
+		req.write(payload);
+		req.end();
+	});
+}
+function chunkText(text, limit, mode) {
+	if (mode === "newline") {
+		const paras = text.split(/\n\n+/);
+		const chunks$1 = [];
+		let cur = "";
+		for (const p of paras) if ((cur + "\n\n" + p).length > limit && cur) {
+			chunks$1.push(cur.trim());
+			cur = p;
+		} else cur = cur ? cur + "\n\n" + p : p;
+		if (cur) chunks$1.push(cur.trim());
+		return chunks$1.filter(Boolean);
+	}
+	const chunks = [];
+	for (let i = 0; i < text.length; i += limit) chunks.push(text.slice(i, i + limit));
+	return chunks.length ? chunks : [""];
+}
+var NextcloudTalkConnector = class extends events.EventEmitter {
+	config;
+	server = null;
+	running = false;
+	resolvedSecret = "";
+	resolvedApiPassword = "";
+	/** Cache: room token → isDM (room.type === 1) */
+	roomTypeCache = /* @__PURE__ */ new Map();
+	constructor(config) {
+		super();
+		this.config = {
+			dmPolicy: "pairing",
+			allowFrom: [],
+			groupPolicy: "allowlist",
+			groupAllowFrom: [],
+			rooms: {},
+			approvedPairings: [],
+			pendingPairings: {},
+			...config
+		};
+	}
+	async resolveCredentials() {
+		this.resolvedSecret = this.config.botSecret || (this.config.botSecretFile ? (await fs_extra.default.readFile(this.config.botSecretFile, "utf8")).trim() : "");
+		if (!this.resolvedSecret) throw new Error("nextcloud-talk: botSecret or botSecretFile is required");
+		this.resolvedApiPassword = this.config.apiPassword || (this.config.apiPasswordFile ? (await fs_extra.default.readFile(this.config.apiPasswordFile, "utf8")).trim() : "");
+	}
+	async connect() {
+		await this.resolveCredentials();
+		await this.loadState();
+		this.running = true;
+		await this.startWebhookServer();
+		const port = this.config.webhookPort ?? DEFAULT_PORT;
+		const wPath = this.config.webhookPath ?? DEFAULT_PATH;
+		const publicUrl = this.config.webhookPublicUrl || `http://localhost:${port}${wPath}`;
+		console.log(chalk.default.green(`  ☁️  Nextcloud Talk: webhook listening at ${publicUrl}`));
+		this.emit("connected", { webhookUrl: publicUrl });
+	}
+	disconnect() {
+		this.running = false;
+		this.server?.close();
+		this.server = null;
+	}
+	startWebhookServer() {
+		return new Promise((resolve, reject) => {
+			this.server = http.default.createServer((req, res) => {
+				const wPath = this.config.webhookPath ?? DEFAULT_PATH;
+				if (req.url !== wPath || req.method !== "POST") {
+					res.writeHead(404);
+					res.end();
+					return;
+				}
+				let body = "";
+				req.on("data", (c) => body += c.toString());
+				req.on("end", () => {
+					const random = req.headers["x-nextcloud-talk-random"];
+					const sig = req.headers["x-nextcloud-talk-signature"];
+					if (!this.verifySignature(random || "", body, sig || "")) {
+						console.log(chalk.default.yellow("  ⚠  Nextcloud Talk: invalid webhook signature"));
+						res.writeHead(401);
+						res.end();
+						return;
+					}
+					res.writeHead(200);
+					res.end();
+					this.handlePayload(body).catch((e) => console.error(`[nextcloud-talk] handler error: ${e.message}`));
+				});
+			});
+			const port = this.config.webhookPort ?? DEFAULT_PORT;
+			const host = this.config.webhookHost ?? DEFAULT_HOST;
+			this.server.listen(port, host, () => resolve());
+			this.server.on("error", reject);
+		});
+	}
+	verifySignature(random, body, signature) {
+		if (!this.resolvedSecret) return false;
+		const expected = crypto.default.createHmac("sha256", this.resolvedSecret).update(random + body).digest("hex");
+		try {
+			return crypto.default.timingSafeEqual(Buffer.from(signature.toLowerCase()), Buffer.from(expected.toLowerCase()));
+		} catch {
+			return false;
+		}
+	}
+	async handlePayload(raw) {
+		let payload;
+		try {
+			payload = JSON.parse(raw);
+		} catch {
+			return;
+		}
+		const objectType = payload?.object?.type || "";
+		const actorId = payload?.actor?.id || "";
+		const actorName = payload?.actor?.name || actorId;
+		const token = payload?.target?.id || "";
+		if (!token || !actorId) return;
+		switch (objectType) {
+			case "chat-message": {
+				const msgContent = payload.object?.content;
+				const text = (typeof msgContent === "object" ? msgContent?.message : msgContent) || payload.object?.name || "";
+				if (!text) return;
+				await this.routeMessage(token, actorId, actorName, text);
+				break;
+			}
+			case "reaction": {
+				const emoji = payload.object?.name || payload.object?.content || "";
+				const reactedId = String(payload.object?.id || "");
+				if (!emoji) return;
+				const text = `[reaction:${emoji}:${reactedId}]`;
+				await this.routeMessage(token, actorId, actorName, text);
+				break;
+			}
+			default: break;
+		}
+	}
+	async routeMessage(token, userId, displayName, text) {
+		const isDM = await this.detectDM(token);
+		if (isDM) {
+			const allowed = await this.checkDMPolicy(userId, text, token);
+			if (!allowed) return;
+		} else if (!this.checkGroupPolicy(token, userId, text)) return;
+		this.emit("message", {
+			channelId: "nextcloud-talk",
+			chatId: token,
+			from: userId,
+			displayName,
+			text,
+			isDM
+		});
+	}
+	/** Look up whether a room token is a DM (type=1). Caches results. */
+	async detectDM(token) {
+		if (this.roomTypeCache.has(token)) return this.roomTypeCache.get(token);
+		if (!this.config.apiUser || !this.resolvedApiPassword) {
+			this.roomTypeCache.set(token, false);
+			return false;
+		}
+		try {
+			const room = await ocsReq(this.config.baseUrl, this.config.apiUser, this.resolvedApiPassword, "GET", `/room/${token}`);
+			const isDM = room?.type === 1;
+			this.roomTypeCache.set(token, isDM);
+			return isDM;
+		} catch {
+			this.roomTypeCache.set(token, false);
+			return false;
+		}
+	}
+	async checkDMPolicy(userId, text, token) {
+		switch (this.config.dmPolicy) {
+			case "disabled": return false;
+			case "open": return true;
+			case "allowlist":
+				if (this.config.allowFrom.includes(userId) || this.config.allowFrom.includes("*")) return true;
+				await this.sendMessage(token, "HyperClaw: Not on allowlist.");
+				return false;
+			case "pairing": {
+				if (this.config.approvedPairings.includes(userId)) return true;
+				const upper = text.trim().toUpperCase().match(/[A-Z0-9]{6}/)?.[0];
+				if (upper && this.config.pendingPairings[upper]) {
+					this.config.approvedPairings.push(userId);
+					delete this.config.pendingPairings[upper];
+					await this.saveState();
+					await this.sendMessage(token, "Paired!");
+					this.emit("pairing:approved", {
+						userId,
+						channelId: "nextcloud-talk"
+					});
+					return true;
+				}
+				const code = Array.from({ length: 6 }, () => "ABCDEFGHJKLMNPQRSTUVWXYZ23456789"[Math.floor(Math.random() * 32)]).join("");
+				this.config.pendingPairings[code] = userId;
+				await this.saveState();
+				await this.sendMessage(token, `Pairing code: ${code}\nApprove: hyperclaw pairing approve nextcloud-talk ${code}`);
+				return false;
+			}
+		}
+		return false;
+	}
+	checkGroupPolicy(token, userId, text) {
+		const policy = this.config.groupPolicy;
+		if (policy === "disabled") return false;
+		const roomCfg = this.config.rooms[token];
+		if (policy === "open") {
+			if (roomCfg?.allowFrom?.length && !roomCfg.allowFrom.includes(userId)) return false;
+			const global$1 = this.config.groupAllowFrom;
+			if (global$1.length && !global$1.includes(userId)) return false;
+			return true;
+		}
+		if (!roomCfg) return false;
+		const global = this.config.groupAllowFrom;
+		if (global.length && !global.includes(userId)) return false;
+		if (roomCfg.allowFrom?.length && !roomCfg.allowFrom.includes(userId)) return false;
+		if (roomCfg.requireMention !== false) {
+			if (!text.includes("@HyperClaw") && !text.startsWith("!")) return false;
+		}
+		return true;
+	}
+	async sendMessage(token, text) {
+		const limit = this.config.textChunkLimit ?? DEFAULT_CHUNK;
+		const mode = this.config.chunkMode ?? "length";
+		const chunks = chunkText(text, limit, mode);
+		for (const chunk of chunks) if (this.config.apiUser && this.resolvedApiPassword) await ocsReq(this.config.baseUrl, this.config.apiUser, this.resolvedApiPassword, "POST", `/chat/${token}`, { message: chunk });
+		else await botSend(this.config.baseUrl, this.resolvedSecret, token, chunk);
+	}
+	approvePairing(code) {
+		const upper = code.toUpperCase();
+		if (!this.config.pendingPairings[upper]) return false;
+		this.config.approvedPairings.push(this.config.pendingPairings[upper]);
+		delete this.config.pendingPairings[upper];
+		this.saveState();
+		return true;
+	}
+	async loadState() {
+		try {
+			const s = await fs_extra.default.readJson(STATE_FILE);
+			if (s.p) this.config.pendingPairings = s.p;
+			if (s.a) this.config.approvedPairings = s.a;
+		} catch {}
+	}
+	async saveState() {
+		await fs_extra.default.ensureDir(path.default.dirname(STATE_FILE));
+		await fs_extra.default.writeJson(STATE_FILE, {
+			p: this.config.pendingPairings,
+			a: this.config.approvedPairings
+		}, { spaces: 2 });
+	}
+	isRunning() {
+		return this.running;
+	}
+};
+
+//#endregion
+exports.NextcloudTalkConnector = NextcloudTalkConnector;

package/dist/connector-C7c1ASzT.js

@@ -0,0 +1,192 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const chalk = require_chunk.__toESM(require("chalk"));
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+const os = require_chunk.__toESM(require("os"));
+const crypto = require_chunk.__toESM(require("crypto"));
+const ws = require_chunk.__toESM(require("ws"));
+const events = require_chunk.__toESM(require("events"));
+
+//#region extensions/nostr/src/connector.ts
+const STATE_FILE = path.default.join(os.default.homedir(), ".hyperclaw", "nostr-state.json");
+function getPublicKey(privKeyHex) {
+	const privKey = Buffer.from(privKeyHex, "hex");
+	const ec = crypto.default.createECDH("prime256v1");
+	return crypto.default.createHash("sha256").update(privKey).digest("hex");
+}
+function signEvent(event, privKeyHex) {
+	const payload = JSON.stringify(event);
+	return crypto.default.createHmac("sha256", Buffer.from(privKeyHex, "hex")).update(payload).digest("hex");
+}
+function nip04Decrypt(privKeyHex, senderPubKey, ciphertext) {
+	try {
+		const [encrypted, iv] = ciphertext.split("?iv=");
+		const sharedSecret = crypto.default.createHash("sha256").update(Buffer.from(privKeyHex + senderPubKey, "hex")).digest();
+		const decipher = crypto.default.createDecipheriv("aes-256-cbc", sharedSecret, Buffer.from(iv, "base64"));
+		return decipher.update(encrypted, "base64", "utf8") + decipher.final("utf8");
+	} catch {
+		return ciphertext;
+	}
+}
+function nip04Encrypt(privKeyHex, recipientPubKey, plaintext) {
+	const sharedSecret = crypto.default.createHash("sha256").update(Buffer.from(privKeyHex + recipientPubKey, "hex")).digest();
+	const iv = crypto.default.randomBytes(16);
+	const cipher = crypto.default.createCipheriv("aes-256-cbc", sharedSecret, iv);
+	const encrypted = cipher.update(plaintext, "utf8", "base64") + cipher.final("base64");
+	return `${encrypted}?iv=${iv.toString("base64")}`;
+}
+var NostrConnector = class extends events.EventEmitter {
+	config;
+	sockets = /* @__PURE__ */ new Map();
+	running = false;
+	pubKey;
+	seenEventIds = /* @__PURE__ */ new Set();
+	constructor(config) {
+		super();
+		this.config = {
+			relays: [
+				"wss://relay.damus.io",
+				"wss://nos.lol",
+				"wss://relay.nostr.band"
+			],
+			dmPolicy: "open",
+			allowFrom: [],
+			approvedPairings: [],
+			pendingPairings: {},
+			...config
+		};
+		this.pubKey = getPublicKey(this.config.privateKeyHex);
+	}
+	async connect() {
+		await this.loadState();
+		for (const relay of this.config.relays) this.connectRelay(relay);
+		this.running = true;
+		console.log(chalk.default.green(`  🦅 Nostr: pubkey ${this.pubKey.slice(0, 16)}... connected to ${this.config.relays.length} relays`));
+		this.emit("connected", { pubKey: this.pubKey });
+	}
+	connectRelay(url) {
+		const ws$1 = new ws.WebSocket(url);
+		this.sockets.set(url, ws$1);
+		ws$1.on("open", () => {
+			ws$1.send(JSON.stringify([
+				"REQ",
+				`hc-${Date.now()}`,
+				{
+					kinds: [4],
+					"#p": [this.pubKey],
+					limit: 10
+				}
+			]));
+		});
+		ws$1.on("message", async (data) => {
+			try {
+				const msg = JSON.parse(data.toString());
+				if (msg[0] === "EVENT") await this.handleEvent(msg[2]);
+			} catch {}
+		});
+		ws$1.on("close", () => {
+			if (this.running) setTimeout(() => this.connectRelay(url), 5e3);
+		});
+		ws$1.on("error", () => {});
+	}
+	async handleEvent(event) {
+		if (event.kind !== 4) return;
+		if (event.pubkey === this.pubKey) return;
+		if (this.seenEventIds.has(event.id)) return;
+		this.seenEventIds.add(event.id);
+		const from = event.pubkey;
+		const text = nip04Decrypt(this.config.privateKeyHex, from, event.content);
+		const allowed = await this.checkDMPolicy(from, text);
+		if (!allowed) return;
+		this.emit("message", {
+			id: event.id,
+			channelId: "nostr",
+			from,
+			chatId: from,
+			text,
+			timestamp: new Date(event.created_at * 1e3).toISOString(),
+			isDM: true
+		});
+	}
+	async checkDMPolicy(from, text) {
+		if (this.config.dmPolicy === "none") return false;
+		if (this.config.dmPolicy === "open") return true;
+		if (this.config.dmPolicy === "allowlist") {
+			if (this.config.allowFrom.includes(from)) return true;
+			await this.sendDM(from, "🦅 HyperClaw: Not on allowlist.");
+			return false;
+		}
+		if (this.config.dmPolicy === "pairing") {
+			if (this.config.approvedPairings.includes(from)) return true;
+			const upper = text.trim().toUpperCase();
+			if (this.config.pendingPairings[upper]) {
+				this.config.approvedPairings.push(from);
+				delete this.config.pendingPairings[upper];
+				await this.saveState();
+				await this.sendDM(from, "🦅 Paired!");
+				this.emit("pairing:approved", {
+					userId: from,
+					channelId: "nostr"
+				});
+				return true;
+			}
+			const code = Array.from({ length: 6 }, () => "ABCDEFGHJKLMNPQRSTUVWXYZ23456789"[Math.floor(Math.random() * 32)]).join("");
+			this.config.pendingPairings[code] = from;
+			await this.saveState();
+			await this.sendDM(from, `🦅 Pairing code: ${code}\nApprove: hyperclaw pairing approve nostr ${code}`);
+			return false;
+		}
+		return false;
+	}
+	async sendDM(recipientPubKey, text) {
+		const encrypted = nip04Encrypt(this.config.privateKeyHex, recipientPubKey, text);
+		const event = {
+			pubkey: this.pubKey,
+			created_at: Math.floor(Date.now() / 1e3),
+			kind: 4,
+			tags: [["p", recipientPubKey]],
+			content: encrypted
+		};
+		const sig = signEvent(event, this.config.privateKeyHex);
+		const fullEvent = {
+			...event,
+			id: sig,
+			sig
+		};
+		const msg = JSON.stringify(["EVENT", fullEvent]);
+		for (const ws$1 of this.sockets.values()) if (ws$1.readyState === ws.WebSocket.OPEN) ws$1.send(msg);
+	}
+	disconnect() {
+		this.running = false;
+		for (const ws$1 of this.sockets.values()) ws$1.close();
+		this.sockets.clear();
+	}
+	approvePairing(code) {
+		const upper = code.toUpperCase();
+		if (!this.config.pendingPairings[upper]) return false;
+		this.config.approvedPairings.push(this.config.pendingPairings[upper]);
+		delete this.config.pendingPairings[upper];
+		this.saveState();
+		return true;
+	}
+	async loadState() {
+		try {
+			const s = await fs_extra.default.readJson(STATE_FILE);
+			if (s.p) this.config.pendingPairings = s.p;
+			if (s.a) this.config.approvedPairings = s.a;
+		} catch {}
+	}
+	async saveState() {
+		await fs_extra.default.ensureDir(path.default.dirname(STATE_FILE));
+		await fs_extra.default.writeJson(STATE_FILE, {
+			p: this.config.pendingPairings,
+			a: this.config.approvedPairings
+		}, { spaces: 2 });
+	}
+	isRunning() {
+		return this.running;
+	}
+};
+
+//#endregion
+exports.NostrConnector = NostrConnector;