hyperclaw 5.2.0 → 5.2.2

package/dist/connector-DwRF3CQg.js

@@ -0,0 +1,218 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const chalk = require_chunk.__toESM(require("chalk"));
+const events = require_chunk.__toESM(require("events"));
+const irc = require_chunk.__toESM(require("irc"));
+
+//#region extensions/irc/src/connector.ts
+function resolveEnvConfig(cfg) {
+	return {
+		server: cfg.server || process.env["IRC_HOST"] || "",
+		port: cfg.port ?? (process.env["IRC_PORT"] ? parseInt(process.env["IRC_PORT"], 10) : void 0),
+		tls: cfg.tls ?? (process.env["IRC_TLS"] === "true" || process.env["IRC_TLS"] === "1"),
+		nick: cfg.nick || process.env["IRC_NICK"] || "hyperclaw-bot",
+		username: cfg.username || process.env["IRC_USERNAME"],
+		realname: cfg.realname || process.env["IRC_REALNAME"],
+		password: cfg.password || process.env["IRC_PASSWORD"],
+		channels: cfg.channels?.length ? cfg.channels : process.env["IRC_CHANNELS"]?.split(",").map((c) => c.trim()).filter(Boolean) ?? [],
+		nickserv: cfg.nickserv ?? (process.env["IRC_NICKSERV_PASSWORD"] ? {
+			enabled: true,
+			service: "NickServ",
+			password: process.env["IRC_NICKSERV_PASSWORD"],
+			registerEmail: process.env["IRC_NICKSERV_REGISTER_EMAIL"]
+		} : void 0),
+		dmPolicy: cfg.dmPolicy ?? "pairing",
+		allowFrom: cfg.allowFrom ?? [],
+		groupPolicy: cfg.groupPolicy ?? "allowlist",
+		groupAllowFrom: cfg.groupAllowFrom ?? [],
+		groups: cfg.groups ?? {},
+		dangerouslyAllowNameMatching: cfg.dangerouslyAllowNameMatching ?? false
+	};
+}
+/** Match a sender (nick!user@host or bare nick) against an allowFrom entry. */
+function matchSender(sender, pattern, allowBareNick) {
+	if (pattern === "*") return true;
+	if (pattern.startsWith("id:")) {
+		const id = pattern.slice(3);
+		return sender === id || sender.startsWith(id + "!");
+	}
+	if (pattern === sender) return true;
+	if (allowBareNick) {
+		const nick = sender.split("!")[0];
+		return nick === pattern;
+	}
+	return false;
+}
+function senderAllowed(sender, allowList, allowBareNick) {
+	if (!allowList.length) return false;
+	return allowList.some((p) => matchSender(sender, p, allowBareNick));
+}
+/** Return the first matching ToolsBySender policy for a sender. */
+function resolveToolsBySender(sender, toolsBySender, allowBareNick) {
+	for (const [pattern, policy] of Object.entries(toolsBySender)) {
+		const pat = pattern.startsWith("id:") ? pattern : `id:${pattern}`;
+		if (matchSender(sender, pat === "id:*" ? "*" : pat, allowBareNick)) return policy;
+	}
+	return void 0;
+}
+/** Resolve effective tool policy for a sender in a channel. */
+function resolveToolPolicy(sender, channelCfg, allowBareNick) {
+	if (!channelCfg) return void 0;
+	if (channelCfg.toolsBySender) {
+		const byS = resolveToolsBySender(sender, channelCfg.toolsBySender, allowBareNick);
+		if (byS) return byS;
+	}
+	return channelCfg.tools;
+}
+/** Find the best group config for a channel name. */
+function getGroupConfig(channel, groups) {
+	return groups[channel] ?? groups["*"];
+}
+var IrcConnector = class extends events.EventEmitter {
+	client = null;
+	config;
+	constructor(rawConfig) {
+		super();
+		this.config = resolveEnvConfig(rawConfig);
+	}
+	async connect() {
+		return new Promise((resolve, reject) => {
+			const cfg = this.config;
+			const useTls = cfg.tls ?? false;
+			const port = cfg.port ?? (useTls ? 6697 : 6667);
+			const channels = (cfg.channels ?? []).map((c) => c.startsWith("#") ? c : `#${c}`);
+			this.client = new irc.default.Client(cfg.server, cfg.nick, {
+				port,
+				secure: useTls,
+				channels,
+				userName: cfg.username ?? cfg.nick,
+				realName: cfg.realname ?? "HyperClaw IRC Bot",
+				password: cfg.password,
+				autoConnect: true,
+				debug: false,
+				showErrors: true,
+				stripColors: true
+			});
+			this.client.on("registered", () => {
+				console.log(chalk.default.green(`  🦅 IRC: ${cfg.nick} on ${cfg.server}:${port}${useTls ? " (TLS)" : ""} connected`));
+				this._handleNickServ();
+				this.emit("connected", {
+					server: cfg.server,
+					nick: cfg.nick,
+					port,
+					tls: useTls
+				});
+				resolve();
+			});
+			this.client.on("error", (err) => {
+				console.log(chalk.default.yellow(`  ⚠ IRC error: ${err.message}`));
+				reject(err);
+			});
+			this.client.on("message", (from, to, message) => {
+				const isChannel = to.startsWith("#");
+				if (isChannel) this._handleChannelMessage(from, to, message);
+				else this._handleDm(from, message);
+			});
+			this.client.on("pm", (from, message) => {
+				this._handleDm(from, message);
+			});
+		});
+	}
+	_handleNickServ() {
+		const ns = this.config.nickserv;
+		if (!ns?.enabled) return;
+		const service = ns.service ?? "NickServ";
+		const nsPassword = ns.password ?? process.env["IRC_NICKSERV_PASSWORD"];
+		if (ns.register && ns.registerEmail) {
+			console.log(chalk.default.gray(`  IRC NickServ: attempting REGISTER`));
+			this.client.say(service, `REGISTER ${nsPassword} ${ns.registerEmail}`);
+		} else if (nsPassword) {
+			console.log(chalk.default.gray(`  IRC NickServ: identifying`));
+			this.client.say(service, `IDENTIFY ${nsPassword}`);
+		}
+	}
+	_handleChannelMessage(from, channel, message) {
+		const cfg = this.config;
+		const text = message.trim();
+		if (!text) return;
+		const groupCfg = getGroupConfig(channel, cfg.groups ?? {});
+		if (cfg.groupPolicy === "allowlist") {
+			const defined = cfg.groups && (cfg.groups[channel] !== void 0 || cfg.groups["*"] !== void 0);
+			if (!defined) {
+				console.log(chalk.default.gray(`  irc: drop channel ${channel} (groupPolicy=allowlist, not in groups)`));
+				return;
+			}
+		}
+		const allowBareNick = cfg.dangerouslyAllowNameMatching ?? false;
+		const perChannelAllow = groupCfg?.allowFrom ?? [];
+		const globalGroupAllow = cfg.groupAllowFrom ?? [];
+		const effectiveAllow = perChannelAllow.length ? perChannelAllow : globalGroupAllow;
+		if (effectiveAllow.length && !senderAllowed(from, effectiveAllow, allowBareNick)) {
+			console.log(chalk.default.gray(`  irc: drop group sender ${from} (policy=allowlist)`));
+			return;
+		}
+		const requireMention = groupCfg?.requireMention ?? true;
+		if (requireMention) {
+			const mentionPatterns = [
+				cfg.nick,
+				`${cfg.nick}:`,
+				`@${cfg.nick}`,
+				`${cfg.nick},`
+			];
+			const mentioned = mentionPatterns.some((p) => text.toLowerCase().startsWith(p.toLowerCase()));
+			if (!mentioned) {
+				console.log(chalk.default.gray(`  irc: drop channel ${channel} (missing-mention)`));
+				return;
+			}
+		}
+		const toolPolicy = resolveToolPolicy(from, groupCfg, allowBareNick);
+		const payload = {
+			chatId: channel,
+			text,
+			from,
+			to: channel,
+			isChannel: true,
+			...toolPolicy ? { toolPolicy } : {}
+		};
+		this.emit("message", payload);
+	}
+	_handleDm(from, message) {
+		const cfg = this.config;
+		const text = message.trim();
+		if (!text) return;
+		if (cfg.dmPolicy === "none") return;
+		if (cfg.dmPolicy === "allowlist") {
+			const allowBareNick = cfg.dangerouslyAllowNameMatching ?? false;
+			const allowList = cfg.allowFrom ?? [];
+			if (!senderAllowed(from, allowList, allowBareNick)) {
+				console.log(chalk.default.gray(`  irc: drop DM from ${from} (dmPolicy=allowlist)`));
+				return;
+			}
+		}
+		const payload = {
+			chatId: from,
+			text,
+			from,
+			to: from,
+			isChannel: false
+		};
+		this.emit("message", payload);
+	}
+	async sendMessage(chatId, text) {
+		if (!this.client) throw new Error("IRC not connected");
+		const lines = text.split("\n").filter(Boolean);
+		for (const line of lines) this.client.say(chatId, line);
+	}
+	async disconnect() {
+		if (this.client) {
+			this.client.disconnect();
+			this.client = null;
+		}
+	}
+	getToolPolicy(sender, channel) {
+		const groupCfg = getGroupConfig(channel, this.config.groups ?? {});
+		return resolveToolPolicy(sender, groupCfg, this.config.dangerouslyAllowNameMatching ?? false);
+	}
+};
+
+//#endregion
+exports.IrcConnector = IrcConnector;

package/dist/connector-HG61cV9h.js

@@ -0,0 +1,340 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const chalk = require_chunk.__toESM(require("chalk"));
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+const os = require_chunk.__toESM(require("os"));
+const crypto = require_chunk.__toESM(require("crypto"));
+const http = require_chunk.__toESM(require("http"));
+const https = require_chunk.__toESM(require("https"));
+const events = require_chunk.__toESM(require("events"));
+
+//#region extensions/nextcloud/src/connector.ts
+const STATE_FILE = path.default.join(os.default.homedir(), ".hyperclaw", "nextcloud-talk-state.json");
+const DEFAULT_PORT = 8788;
+const DEFAULT_HOST = "0.0.0.0";
+const DEFAULT_PATH = "/nextcloud-talk-webhook";
+const DEFAULT_CHUNK = 32e3;
+function ocsReq(baseUrl, user, password, method, apiPath, body) {
+	return new Promise((resolve, reject) => {
+		const url = new URL(`${baseUrl}/ocs/v2.php/apps/spreed/api/v4${apiPath}`);
+		const isHttps = url.protocol === "https:";
+		const mod = isHttps ? https.default : http.default;
+		const auth = Buffer.from(`${user}:${password}`).toString("base64");
+		const payload = body ? JSON.stringify(body) : null;
+		const req = mod.request({
+			hostname: url.hostname,
+			port: url.port || (isHttps ? 443 : 80),
+			path: url.pathname + url.search,
+			method,
+			headers: {
+				Authorization: `Basic ${auth}`,
+				"OCS-APIRequest": "true",
+				Accept: "application/json",
+				...payload ? {
+					"Content-Type": "application/json",
+					"Content-Length": Buffer.byteLength(payload)
+				} : {}
+			}
+		}, (res) => {
+			let data = "";
+			res.on("data", (c) => data += c);
+			res.on("end", () => {
+				try {
+					const parsed = JSON.parse(data);
+					const ocs = parsed?.ocs;
+					if (ocs?.meta?.statuscode >= 400) reject(new Error(ocs.meta.message || "OCS error"));
+					else resolve(ocs?.data ?? parsed);
+				} catch {
+					reject(new Error("Nextcloud: invalid JSON"));
+				}
+			});
+		});
+		req.on("error", reject);
+		if (payload) req.write(payload);
+		req.end();
+	});
+}
+/** Send a message via the Talk bot API (X-Nextcloud-Talk-Bot-Secret auth). */
+function botSend(baseUrl, secret, token, message, referenceId) {
+	return new Promise((resolve, reject) => {
+		const url = new URL(`${baseUrl}/ocs/v2.php/apps/spreed/api/v1/bot/${token}/message`);
+		const isHttps = url.protocol === "https:";
+		const mod = isHttps ? https.default : http.default;
+		const payload = JSON.stringify({
+			message,
+			referenceId: referenceId || crypto.default.randomBytes(8).toString("hex")
+		});
+		const req = mod.request({
+			hostname: url.hostname,
+			port: url.port || (isHttps ? 443 : 80),
+			path: url.pathname,
+			method: "POST",
+			headers: {
+				"X-Nextcloud-Talk-Bot-Secret": secret,
+				"OCS-APIRequest": "true",
+				"Content-Type": "application/json",
+				"Content-Length": Buffer.byteLength(payload)
+			}
+		}, (res) => {
+			let data = "";
+			res.on("data", (c) => data += c);
+			res.on("end", () => {
+				try {
+					resolve(JSON.parse(data));
+				} catch {
+					resolve({});
+				}
+			});
+		});
+		req.on("error", reject);
+		req.write(payload);
+		req.end();
+	});
+}
+function chunkText(text, limit, mode) {
+	if (mode === "newline") {
+		const paras = text.split(/\n\n+/);
+		const chunks$1 = [];
+		let cur = "";
+		for (const p of paras) if ((cur + "\n\n" + p).length > limit && cur) {
+			chunks$1.push(cur.trim());
+			cur = p;
+		} else cur = cur ? cur + "\n\n" + p : p;
+		if (cur) chunks$1.push(cur.trim());
+		return chunks$1.filter(Boolean);
+	}
+	const chunks = [];
+	for (let i = 0; i < text.length; i += limit) chunks.push(text.slice(i, i + limit));
+	return chunks.length ? chunks : [""];
+}
+var NextcloudTalkConnector = class extends events.EventEmitter {
+	config;
+	server = null;
+	running = false;
+	resolvedSecret = "";
+	resolvedApiPassword = "";
+	/** Cache: room token → isDM (room.type === 1) */
+	roomTypeCache = /* @__PURE__ */ new Map();
+	constructor(config) {
+		super();
+		this.config = {
+			dmPolicy: "pairing",
+			allowFrom: [],
+			groupPolicy: "allowlist",
+			groupAllowFrom: [],
+			rooms: {},
+			approvedPairings: [],
+			pendingPairings: {},
+			...config
+		};
+	}
+	async resolveCredentials() {
+		this.resolvedSecret = this.config.botSecret || (this.config.botSecretFile ? (await fs_extra.default.readFile(this.config.botSecretFile, "utf8")).trim() : "");
+		if (!this.resolvedSecret) throw new Error("nextcloud-talk: botSecret or botSecretFile is required");
+		this.resolvedApiPassword = this.config.apiPassword || (this.config.apiPasswordFile ? (await fs_extra.default.readFile(this.config.apiPasswordFile, "utf8")).trim() : "");
+	}
+	async connect() {
+		await this.resolveCredentials();
+		await this.loadState();
+		this.running = true;
+		await this.startWebhookServer();
+		const port = this.config.webhookPort ?? DEFAULT_PORT;
+		const wPath = this.config.webhookPath ?? DEFAULT_PATH;
+		const publicUrl = this.config.webhookPublicUrl || `http://localhost:${port}${wPath}`;
+		console.log(chalk.default.green(`  ☁️  Nextcloud Talk: webhook listening at ${publicUrl}`));
+		this.emit("connected", { webhookUrl: publicUrl });
+	}
+	disconnect() {
+		this.running = false;
+		this.server?.close();
+		this.server = null;
+	}
+	startWebhookServer() {
+		return new Promise((resolve, reject) => {
+			this.server = http.default.createServer((req, res) => {
+				const wPath = this.config.webhookPath ?? DEFAULT_PATH;
+				if (req.url !== wPath || req.method !== "POST") {
+					res.writeHead(404);
+					res.end();
+					return;
+				}
+				let body = "";
+				req.on("data", (c) => body += c.toString());
+				req.on("end", () => {
+					const random = req.headers["x-nextcloud-talk-random"];
+					const sig = req.headers["x-nextcloud-talk-signature"];
+					if (!this.verifySignature(random || "", body, sig || "")) {
+						console.log(chalk.default.yellow("  ⚠  Nextcloud Talk: invalid webhook signature"));
+						res.writeHead(401);
+						res.end();
+						return;
+					}
+					res.writeHead(200);
+					res.end();
+					this.handlePayload(body).catch((e) => console.error(`[nextcloud-talk] handler error: ${e.message}`));
+				});
+			});
+			const port = this.config.webhookPort ?? DEFAULT_PORT;
+			const host = this.config.webhookHost ?? DEFAULT_HOST;
+			this.server.listen(port, host, () => resolve());
+			this.server.on("error", reject);
+		});
+	}
+	verifySignature(random, body, signature) {
+		if (!this.resolvedSecret) return false;
+		const expected = crypto.default.createHmac("sha256", this.resolvedSecret).update(random + body).digest("hex");
+		try {
+			return crypto.default.timingSafeEqual(Buffer.from(signature.toLowerCase()), Buffer.from(expected.toLowerCase()));
+		} catch {
+			return false;
+		}
+	}
+	async handlePayload(raw) {
+		let payload;
+		try {
+			payload = JSON.parse(raw);
+		} catch {
+			return;
+		}
+		const objectType = payload?.object?.type || "";
+		const actorId = payload?.actor?.id || "";
+		const actorName = payload?.actor?.name || actorId;
+		const token = payload?.target?.id || "";
+		if (!token || !actorId) return;
+		switch (objectType) {
+			case "chat-message": {
+				const msgContent = payload.object?.content;
+				const text = (typeof msgContent === "object" ? msgContent?.message : msgContent) || payload.object?.name || "";
+				if (!text) return;
+				await this.routeMessage(token, actorId, actorName, text);
+				break;
+			}
+			case "reaction": {
+				const emoji = payload.object?.name || payload.object?.content || "";
+				const reactedId = String(payload.object?.id || "");
+				if (!emoji) return;
+				const text = `[reaction:${emoji}:${reactedId}]`;
+				await this.routeMessage(token, actorId, actorName, text);
+				break;
+			}
+			default: break;
+		}
+	}
+	async routeMessage(token, userId, displayName, text) {
+		const isDM = await this.detectDM(token);
+		if (isDM) {
+			const allowed = await this.checkDMPolicy(userId, text, token);
+			if (!allowed) return;
+		} else if (!this.checkGroupPolicy(token, userId, text)) return;
+		this.emit("message", {
+			channelId: "nextcloud-talk",
+			chatId: token,
+			from: userId,
+			displayName,
+			text,
+			isDM
+		});
+	}
+	/** Look up whether a room token is a DM (type=1). Caches results. */
+	async detectDM(token) {
+		if (this.roomTypeCache.has(token)) return this.roomTypeCache.get(token);
+		if (!this.config.apiUser || !this.resolvedApiPassword) {
+			this.roomTypeCache.set(token, false);
+			return false;
+		}
+		try {
+			const room = await ocsReq(this.config.baseUrl, this.config.apiUser, this.resolvedApiPassword, "GET", `/room/${token}`);
+			const isDM = room?.type === 1;
+			this.roomTypeCache.set(token, isDM);
+			return isDM;
+		} catch {
+			this.roomTypeCache.set(token, false);
+			return false;
+		}
+	}
+	async checkDMPolicy(userId, text, token) {
+		switch (this.config.dmPolicy) {
+			case "disabled": return false;
+			case "open": return true;
+			case "allowlist":
+				if (this.config.allowFrom.includes(userId) || this.config.allowFrom.includes("*")) return true;
+				await this.sendMessage(token, "HyperClaw: Not on allowlist.");
+				return false;
+			case "pairing": {
+				if (this.config.approvedPairings.includes(userId)) return true;
+				const upper = text.trim().toUpperCase().match(/[A-Z0-9]{6}/)?.[0];
+				if (upper && this.config.pendingPairings[upper]) {
+					this.config.approvedPairings.push(userId);
+					delete this.config.pendingPairings[upper];
+					await this.saveState();
+					await this.sendMessage(token, "Paired!");
+					this.emit("pairing:approved", {
+						userId,
+						channelId: "nextcloud-talk"
+					});
+					return true;
+				}
+				const code = Array.from({ length: 6 }, () => "ABCDEFGHJKLMNPQRSTUVWXYZ23456789"[Math.floor(Math.random() * 32)]).join("");
+				this.config.pendingPairings[code] = userId;
+				await this.saveState();
+				await this.sendMessage(token, `Pairing code: ${code}\nApprove: hyperclaw pairing approve nextcloud-talk ${code}`);
+				return false;
+			}
+		}
+		return false;
+	}
+	checkGroupPolicy(token, userId, text) {
+		const policy = this.config.groupPolicy;
+		if (policy === "disabled") return false;
+		const roomCfg = this.config.rooms[token];
+		if (policy === "open") {
+			if (roomCfg?.allowFrom?.length && !roomCfg.allowFrom.includes(userId)) return false;
+			const global$1 = this.config.groupAllowFrom;
+			if (global$1.length && !global$1.includes(userId)) return false;
+			return true;
+		}
+		if (!roomCfg) return false;
+		const global = this.config.groupAllowFrom;
+		if (global.length && !global.includes(userId)) return false;
+		if (roomCfg.allowFrom?.length && !roomCfg.allowFrom.includes(userId)) return false;
+		if (roomCfg.requireMention !== false) {
+			if (!text.includes("@HyperClaw") && !text.startsWith("!")) return false;
+		}
+		return true;
+	}
+	async sendMessage(token, text) {
+		const limit = this.config.textChunkLimit ?? DEFAULT_CHUNK;
+		const mode = this.config.chunkMode ?? "length";
+		const chunks = chunkText(text, limit, mode);
+		for (const chunk of chunks) if (this.config.apiUser && this.resolvedApiPassword) await ocsReq(this.config.baseUrl, this.config.apiUser, this.resolvedApiPassword, "POST", `/chat/${token}`, { message: chunk });
+		else await botSend(this.config.baseUrl, this.resolvedSecret, token, chunk);
+	}
+	approvePairing(code) {
+		const upper = code.toUpperCase();
+		if (!this.config.pendingPairings[upper]) return false;
+		this.config.approvedPairings.push(this.config.pendingPairings[upper]);
+		delete this.config.pendingPairings[upper];
+		this.saveState();
+		return true;
+	}
+	async loadState() {
+		try {
+			const s = await fs_extra.default.readJson(STATE_FILE);
+			if (s.p) this.config.pendingPairings = s.p;
+			if (s.a) this.config.approvedPairings = s.a;
+		} catch {}
+	}
+	async saveState() {
+		await fs_extra.default.ensureDir(path.default.dirname(STATE_FILE));
+		await fs_extra.default.writeJson(STATE_FILE, {
+			p: this.config.pendingPairings,
+			a: this.config.approvedPairings
+		}, { spaces: 2 });
+	}
+	isRunning() {
+		return this.running;
+	}
+};
+
+//#endregion
+exports.NextcloudTalkConnector = NextcloudTalkConnector;