hyperclaw 5.2.8 → 5.3.0

package/dist/connector-1efnZgQN.js

@@ -0,0 +1,566 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const chalk = require_chunk.__toESM(require("chalk"));
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+const os = require_chunk.__toESM(require("os"));
+const crypto = require_chunk.__toESM(require("crypto"));
+const ws = require_chunk.__toESM(require("ws"));
+const http = require_chunk.__toESM(require("http"));
+const https = require_chunk.__toESM(require("https"));
+const events = require_chunk.__toESM(require("events"));
+
+//#region extensions/mattermost/src/connector.ts
+const STATE_FILE = path.default.join(os.default.homedir(), ".hyperclaw", "mattermost-state.json");
+const HMAC_INTERACTIONS_KEY = "openclaw-mattermost-interactions";
+const WS_RECONNECT_DELAY_MS = 5e3;
+const UNSAFE_KEYS = new Set([
+	"__proto__",
+	"prototype",
+	"constructor",
+	"__defineGetter__",
+	"__defineSetter__",
+	"__lookupGetter__",
+	"__lookupSetter__",
+	"hasOwnProperty",
+	"valueOf",
+	"toString",
+	"toJSON"
+]);
+function createSafeRecord() {
+	return Object.create(null);
+}
+function isSafeKey(key) {
+	if (!key || typeof key !== "string") return false;
+	if (UNSAFE_KEYS.has(key) || key.includes("__") || key.includes(".")) return false;
+	return /^[a-zA-Z][a-zA-Z0-9_-]*$/.test(key);
+}
+function sanitizeForLog(value) {
+	return String(value ?? "").replace(/[\r\n\t]+/g, " ").slice(0, 200);
+}
+function sanitizeAccountId(id) {
+	if (!/^[a-zA-Z0-9_-]+$/.test(id)) throw new Error(`Mattermost: invalid account id "${sanitizeForLog(id)}"`);
+	return id;
+}
+async function mmApi(baseUrl, token, method, apiPath, body) {
+	return new Promise((resolve, reject) => {
+		const base = baseUrl.replace(/\/$/, "");
+		const fullPath = apiPath.startsWith("/") ? apiPath : `/${apiPath}`;
+		const url = new URL(fullPath, base);
+		const payload = body ? JSON.stringify(body) : null;
+		const client = url.protocol === "https:" ? https.default : http.default;
+		const req = client.request({
+			hostname: url.hostname,
+			port: url.port || (url.protocol === "https:" ? 443 : 80),
+			path: url.pathname + (url.search || ""),
+			method,
+			headers: {
+				Authorization: `Bearer ${token}`,
+				...payload ? {
+					"Content-Type": "application/json",
+					"Content-Length": Buffer.byteLength(payload)
+				} : {}
+			}
+		}, (res) => {
+			let data = "";
+			res.on("data", (c) => data += c);
+			res.on("end", () => {
+				try {
+					const r = data ? JSON.parse(data) : {};
+					const ok = res.statusCode !== void 0 && res.statusCode >= 200 && res.statusCode < 300;
+					if (ok) resolve(r);
+					else reject(new Error(r.message || r.error || `HTTP ${res.statusCode}`));
+				} catch (e) {
+					reject(e || new Error("Parse error"));
+				}
+			});
+		});
+		req.on("error", reject);
+		if (payload) req.write(payload);
+		req.end();
+	});
+}
+function deriveInteractionSecret(botToken) {
+	return crypto.default.createHmac("sha256", HMAC_INTERACTIONS_KEY).update(botToken).digest("hex");
+}
+function signContext(ctx, secret) {
+	const sortedKeys = Object.keys(ctx).filter(isSafeKey).sort();
+	const payload = createSafeRecord();
+	for (const k of sortedKeys) payload[k] = ctx[k];
+	const serialized = JSON.stringify(payload);
+	return crypto.default.createHmac("sha256", secret).update(serialized).digest("hex");
+}
+function verifyInteraction(context, secret) {
+	const token = context["_token"];
+	if (typeof token !== "string") return false;
+	const { _token: _,...rest } = context;
+	return signContext(rest, secret) === token;
+}
+function resolveAccount(id, raw, state) {
+	const safeId = sanitizeAccountId(id);
+	const botToken = raw.botToken || raw.token || process.env["MATTERMOST_BOT_TOKEN"] || "";
+	const baseUrl = raw.baseUrl || raw.serverUrl || process.env["MATTERMOST_URL"] || "";
+	return {
+		id: safeId,
+		name: raw.name ?? id,
+		botToken,
+		baseUrl: baseUrl.replace(/\/$/, ""),
+		dmPolicy: raw.dmPolicy ?? "pairing",
+		allowFrom: raw.allowFrom ?? [],
+		groupPolicy: raw.groupPolicy ?? "allowlist",
+		groupAllowFrom: raw.groupAllowFrom ?? [],
+		dangerouslyAllowNameMatching: raw.dangerouslyAllowNameMatching ?? false,
+		chatmode: raw.chatmode ?? "oncall",
+		oncharPrefixes: raw.oncharPrefixes ?? [">"],
+		requireMention: raw.requireMention ?? true,
+		commands: raw.commands ?? { native: false },
+		capabilities: raw.capabilities ?? [],
+		actions: {
+			reactions: true,
+			...raw.actions
+		},
+		interactions: raw.interactions ?? {},
+		approvedPairings: state.approved,
+		pendingPairings: state.pending
+	};
+}
+var SingleAccountConnector = class extends events.EventEmitter {
+	acc;
+	ws = null;
+	wsSeq = 1;
+	reconnecting = false;
+	botUserId = "";
+	constructor(acc) {
+		super();
+		this.acc = acc;
+	}
+	async connect() {
+		const me = await mmApi(this.acc.baseUrl, this.acc.botToken, "GET", "/api/v4/users/me");
+		this.botUserId = me.id;
+		console.log(chalk.default.green(`  🦅 Mattermost[${sanitizeForLog(this.acc.id)}]: connected as @${sanitizeForLog(me.username)} → ${sanitizeForLog(this.acc.baseUrl)}`));
+		this._startWebSocket();
+		this.emit("connected", {
+			accountId: this.acc.id,
+			baseUrl: this.acc.baseUrl,
+			botUserId: this.botUserId
+		});
+	}
+	disconnect() {
+		this.reconnecting = false;
+		this.ws?.close();
+		this.ws = null;
+	}
+	_startWebSocket() {
+		const wsUrl = this.acc.baseUrl.replace(/^http/, "ws") + "/api/v4/websocket";
+		const ws$1 = new ws.default(wsUrl);
+		this.ws = ws$1;
+		ws$1.on("open", () => {
+			this.wsSeq = 1;
+			ws$1.send(JSON.stringify({
+				seq: this.wsSeq++,
+				action: "authentication_challenge",
+				data: { token: this.acc.botToken }
+			}));
+		});
+		ws$1.on("message", (raw) => {
+			try {
+				const ev = JSON.parse(raw.toString());
+				if (ev.event === "posted") this._onPostedEvent(ev);
+				if (ev.event === "reaction_added" || ev.event === "reaction_removed") this.emit("reaction", {
+					accountId: this.acc.id,
+					event: ev.event,
+					data: ev.data
+				});
+			} catch {}
+		});
+		ws$1.on("close", () => {
+			if (!this.reconnecting) return;
+			console.log(chalk.default.yellow(`  ⚠ Mattermost[${sanitizeForLog(this.acc.id)}]: WS closed, reconnecting...`));
+			setTimeout(() => this._startWebSocket(), WS_RECONNECT_DELAY_MS);
+		});
+		ws$1.on("error", (err) => {
+			console.log(chalk.default.yellow(`  ⚠ Mattermost[${sanitizeForLog(this.acc.id)}]: WS error: ${sanitizeForLog(err.message)}`));
+		});
+		this.reconnecting = true;
+	}
+	_onPostedEvent(ev) {
+		let post;
+		try {
+			post = typeof ev.data?.post === "string" ? JSON.parse(ev.data.post) : ev.data?.post;
+		} catch {
+			return;
+		}
+		if (!post) return;
+		if (post.user_id === this.botUserId) return;
+		const channelType = ev.data?.channel_type ?? "";
+		const isDM = channelType === "D";
+		const text = (post.message || "").trim();
+		const from = post.user_id;
+		const channelId = post.channel_id;
+		const senderName = ev.data?.sender_name ?? "";
+		if (!text) return;
+		if (isDM) this._routeDM(from, channelId, text, senderName, post.id);
+		else this._routeChannel(from, channelId, text, senderName, post.id);
+	}
+	async _routeDM(userId, channelId, text, senderName, postId) {
+		const acc = this.acc;
+		if (acc.dmPolicy === "none") return;
+		if (acc.dmPolicy === "open") {
+			this._emit(userId, channelId, text, senderName, postId, true);
+			return;
+		}
+		if (acc.dmPolicy === "allowlist") {
+			if (!acc.allowFrom.includes(userId)) {
+				console.log(chalk.default.gray(`  mattermost[${sanitizeForLog(acc.id)}]: drop DM from ${sanitizeForLog(userId)} (dmPolicy=allowlist)`));
+				return;
+			}
+			this._emit(userId, channelId, text, senderName, postId, true);
+			return;
+		}
+		if (acc.dmPolicy === "pairing") {
+			if (acc.approvedPairings.includes(userId)) {
+				this._emit(userId, channelId, text, senderName, postId, true);
+				return;
+			}
+			const raw = text.trim().toUpperCase();
+			const upper = /^[A-Z0-9]{4,12}$/.test(raw) ? raw : "";
+			if (upper && acc.pendingPairings[upper]) {
+				acc.approvedPairings.push(userId);
+				delete acc.pendingPairings[upper];
+				await this._saveState();
+				await this.sendMessage(channelId, "🦅 Paired!");
+				this.emit("pairing:approved", {
+					accountId: acc.id,
+					userId,
+					channelId
+				});
+				return;
+			}
+			const code = Array.from({ length: 6 }, () => "ABCDEFGHJKLMNPQRSTUVWXYZ23456789"[Math.floor(Math.random() * 32)]).join("");
+			acc.pendingPairings[code] = userId;
+			await this._saveState();
+			await this.sendMessage(channelId, `🦅 Pairing code: \`${code}\`\nApprove: hyperclaw pairing approve mattermost ${code}`);
+		}
+	}
+	_routeChannel(userId, channelId, text, senderName, postId) {
+		const acc = this.acc;
+		if (acc.groupPolicy === "allowlist") {
+			const combined = [...acc.groupAllowFrom, ...acc.allowFrom];
+			if (combined.length > 0) {
+				const match = combined.some((p) => {
+					if (p === "*") return true;
+					if (acc.dangerouslyAllowNameMatching) {
+						const name = senderName.replace(/^@/, "");
+						return name === p || userId === p;
+					}
+					return userId === p;
+				});
+				if (!match) {
+					console.log(chalk.default.gray(`  mattermost[${sanitizeForLog(acc.id)}]: drop group sender ${sanitizeForLog(userId)} (policy=allowlist)`));
+					return;
+				}
+			}
+		}
+		const botMentionPatterns = [
+			`@${this.botUserId}`,
+			`@hyperclaw`,
+			`@${acc.name?.toLowerCase()}`
+		];
+		const isMentioned = botMentionPatterns.some((p) => text.toLowerCase().includes(p.toLowerCase()));
+		if (acc.chatmode === "oncall" || acc.chatmode !== "onmessage" && acc.requireMention) {
+			if (!isMentioned) {
+				console.log(chalk.default.gray(`  mattermost[${sanitizeForLog(acc.id)}]: drop channel ${sanitizeForLog(channelId)} (missing-mention, chatmode=oncall)`));
+				return;
+			}
+		} else if (acc.chatmode === "onchar") {
+			const hasPrefix = acc.oncharPrefixes.some((p) => text.startsWith(p));
+			if (!hasPrefix && !isMentioned) {
+				console.log(chalk.default.gray(`  mattermost[${sanitizeForLog(acc.id)}]: drop channel ${sanitizeForLog(channelId)} (no prefix/mention, chatmode=onchar)`));
+				return;
+			}
+		}
+		this._emit(userId, channelId, text, senderName, postId, false);
+	}
+	_emit(from, chatId, text, senderName, postId, isDM) {
+		this.emit("message", {
+			accountId: this.acc.id,
+			id: postId,
+			from,
+			chatId,
+			text,
+			senderName,
+			isDM,
+			channelId: "mattermost"
+		});
+	}
+	async handleWebhook(body, webhookToken) {
+		const params = createSafeRecord();
+		const trimmed = (body || "").trim();
+		if (trimmed.startsWith("{")) try {
+			const raw = JSON.parse(trimmed);
+			if (!raw || typeof raw !== "object" || Array.isArray(raw)) return;
+			for (const [k, v] of Object.entries(raw)) if (isSafeKey(k)) params[k] = typeof v === "string" ? v : String(v ?? "");
+		} catch {
+			return;
+		}
+		else for (const pair of body.split("&")) {
+			const eq = pair.indexOf("=");
+			const k = eq >= 0 ? decodeURIComponent(pair.slice(0, eq).replace(/\+/g, " ")) : decodeURIComponent(pair.replace(/\+/g, " "));
+			const v = eq >= 0 ? decodeURIComponent((pair.slice(eq + 1) || "").replace(/\+/g, " ")) : "";
+			if (isSafeKey(k)) params[k] = v;
+		}
+		if (params.token !== webhookToken) {
+			console.log(chalk.default.yellow(`  ⚠ Mattermost[${sanitizeForLog(this.acc.id)}]: invalid webhook token`));
+			return;
+		}
+		const channelId = params.channel_id;
+		const userId = params.user_id;
+		const senderName = params.user_name || "";
+		let text = (params.text || "").trim();
+		const triggerWord = params.trigger_word || "";
+		if (triggerWord && text.startsWith(triggerWord)) text = text.slice(triggerWord.length).trim();
+		if (!channelId || !userId || !text) return;
+		this._routeChannel(userId, channelId, text, senderName, params.post_id || `${channelId}-${Date.now()}`);
+	}
+	async handleSlashCommand(payload, expectedToken) {
+		const safePayload = createSafeRecord();
+		for (const [k, v] of Object.entries(payload)) if (isSafeKey(k)) safePayload[k] = String(v ?? "");
+		if (safePayload.token !== expectedToken) {
+			console.log(chalk.default.yellow(`  ⚠ Mattermost[${sanitizeForLog(this.acc.id)}]: slash command token mismatch`));
+			return null;
+		}
+		const text = (safePayload.text || "").trim();
+		const userId = safePayload.user_id || "";
+		const channelId = safePayload.channel_id || "";
+		const commandName = safePayload.command || "";
+		this.emit("slash_command", {
+			accountId: this.acc.id,
+			command: commandName,
+			text,
+			userId,
+			channelId,
+			senderName: safePayload.user_name || "",
+			responseUrl: safePayload.response_url || ""
+		});
+		return null;
+	}
+	/** Register all native slash commands via Mattermost REST API. */
+	async registerSlashCommands(teamId, commands) {
+		const acc = this.acc;
+		if (!acc.commands.native || acc.commands.native === "auto") return;
+		const callbackUrl = acc.commands.callbackUrl || `http://localhost:18789${acc.commands.callbackPath ?? "/api/channels/mattermost/command"}`;
+		for (const cmd of commands) try {
+			await mmApi(acc.baseUrl, acc.botToken, "POST", "/api/v4/commands", {
+				team_id: teamId,
+				trigger: cmd.trigger.replace(/^\//, ""),
+				method: "P",
+				title: cmd.description,
+				description: cmd.description,
+				url: callbackUrl,
+				username: acc.name ?? "hyperclaw-bot",
+				auto_complete: true,
+				auto_complete_hint: "[prompt]",
+				auto_complete_desc: cmd.description
+			});
+			console.log(chalk.default.gray(`  mattermost[${sanitizeForLog(acc.id)}]: registered /${sanitizeForLog(cmd.trigger)}`));
+		} catch (e) {
+			console.log(chalk.default.yellow(`  ⚠ mattermost[${sanitizeForLog(acc.id)}]: failed to register /${sanitizeForLog(cmd.trigger)}: ${sanitizeForLog(e.message)}`));
+		}
+	}
+	handleInteraction(context) {
+		const secret = deriveInteractionSecret(this.acc.botToken);
+		if (!verifyInteraction(context, secret)) return {
+			ok: false,
+			error: "invalid _token"
+		};
+		if (!context["action_id"]) return {
+			ok: false,
+			error: "missing action_id in context"
+		};
+		this.emit("interaction", {
+			accountId: this.acc.id,
+			context
+		});
+		return { ok: true };
+	}
+	async addReaction(postId, emoji) {
+		if (!this.acc.actions.reactions) return;
+		const name = emoji.replace(/:/g, "");
+		await mmApi(this.acc.baseUrl, this.acc.botToken, "POST", "/api/v4/reactions", {
+			user_id: this.botUserId,
+			post_id: postId,
+			emoji_name: name
+		});
+	}
+	async removeReaction(postId, emoji) {
+		if (!this.acc.actions.reactions) return;
+		const name = emoji.replace(/:/g, "");
+		await mmApi(this.acc.baseUrl, this.acc.botToken, "DELETE", `/api/v4/users/${this.botUserId}/posts/${postId}/reactions/${name}`);
+	}
+	async sendMessage(channelId, text, attachments) {
+		const chunks = text.match(/.{1,4000}/gs) || [text];
+		let lastPost;
+		for (let i = 0; i < chunks.length; i++) {
+			const body = {
+				channel_id: channelId,
+				message: chunks[i].slice(0, 16383)
+			};
+			if (i === chunks.length - 1 && attachments?.length) body.props = { attachments };
+			lastPost = await mmApi(this.acc.baseUrl, this.acc.botToken, "POST", "/api/v4/posts", body);
+		}
+		return lastPost;
+	}
+	async resolveTarget(target) {
+		if (target.startsWith("channel:")) return {
+			type: "channel",
+			id: target.slice(8)
+		};
+		if (target.startsWith("user:")) {
+			const ch = await this._getDmChannel(target.slice(5));
+			return {
+				type: "dm",
+				id: ch
+			};
+		}
+		if (target.startsWith("@")) {
+			const users = await mmApi(this.acc.baseUrl, this.acc.botToken, "GET", `/api/v4/users?in_team=&per_page=200&page=0`);
+			const username = target.slice(1).toLowerCase();
+			const found = Array.isArray(users) ? users.find((u) => u.username?.toLowerCase() === username) : null;
+			if (!found) throw new Error(`Mattermost: user ${target} not found`);
+			const ch = await this._getDmChannel(found.id);
+			return {
+				type: "dm",
+				id: ch
+			};
+		}
+		if (target.startsWith("#")) {
+			const name = target.slice(1);
+			const ch = await mmApi(this.acc.baseUrl, this.acc.botToken, "GET", `/api/v4/channels/name/${name}`);
+			return {
+				type: "channel",
+				id: ch.id
+			};
+		}
+		return {
+			type: "channel",
+			id: target
+		};
+	}
+	async _getDmChannel(userId) {
+		const ch = await mmApi(this.acc.baseUrl, this.acc.botToken, "POST", "/api/v4/channels/direct", [this.botUserId, userId]);
+		return ch.id;
+	}
+	approvePairing(code) {
+		const upper = code.toUpperCase();
+		if (!this.acc.pendingPairings[upper]) return false;
+		this.acc.approvedPairings.push(this.acc.pendingPairings[upper]);
+		delete this.acc.pendingPairings[upper];
+		this._saveState();
+		return true;
+	}
+	listPendingPairings() {
+		return { ...this.acc.pendingPairings };
+	}
+	async _saveState() {
+		await fs_extra.default.ensureDir(path.default.dirname(STATE_FILE));
+		const safeId = sanitizeAccountId(this.acc.id);
+		let state = createSafeRecord();
+		try {
+			state = await fs_extra.default.readJson(STATE_FILE);
+		} catch {}
+		state[safeId] = {
+			approvedPairings: this.acc.approvedPairings,
+			pendingPairings: this.acc.pendingPairings
+		};
+		await fs_extra.default.writeJson(STATE_FILE, state, { spaces: 2 });
+	}
+	async loadState() {
+		try {
+			const state = await fs_extra.default.readJson(STATE_FILE);
+			const s = state?.[sanitizeAccountId(this.acc.id)];
+			if (s?.approvedPairings) this.acc.approvedPairings = s.approvedPairings;
+			if (s?.pendingPairings) this.acc.pendingPairings = s.pendingPairings;
+		} catch {}
+	}
+};
+var MattermostConnector = class extends events.EventEmitter {
+	accounts = /* @__PURE__ */ new Map();
+	rawConfig;
+	constructor(config) {
+		super();
+		this.rawConfig = config;
+	}
+	async connect() {
+		const cfg = this.rawConfig;
+		const accountDefs = cfg.accounts ?? { default: cfg };
+		for (const [id, rawAcc] of Object.entries(accountDefs)) {
+			const merged = {
+				...cfg,
+				...rawAcc
+			};
+			const state = {
+				approved: cfg.approvedPairings ?? [],
+				pending: cfg.pendingPairings ?? {}
+			};
+			const acc = resolveAccount(id, merged, state);
+			if (!acc.botToken || !acc.baseUrl) {
+				console.log(chalk.default.yellow(`  ⚠ Mattermost[${sanitizeForLog(id)}]: missing botToken or baseUrl — skipping`));
+				continue;
+			}
+			const conn = new SingleAccountConnector(acc);
+			await conn.loadState();
+			conn.on("message", (msg) => this.emit("message", msg));
+			conn.on("connected", (info) => this.emit("connected", info));
+			conn.on("pairing:approved", (info) => this.emit("pairing:approved", info));
+			conn.on("interaction", (info) => this.emit("interaction", info));
+			conn.on("reaction", (info) => this.emit("reaction", info));
+			conn.on("slash_command", (info) => this.emit("slash_command", info));
+			await conn.connect();
+			this.accounts.set(acc.id, conn);
+		}
+	}
+	disconnect() {
+		for (const conn of this.accounts.values()) conn.disconnect();
+		this.accounts.clear();
+	}
+	_acc(accountId = "default") {
+		const conn = this.accounts.get(accountId);
+		if (!conn) throw new Error(`Mattermost: account '${accountId}' not found`);
+		return conn;
+	}
+	async sendMessage(channelId, text, attachments, accountId) {
+		return this._acc(accountId).sendMessage(channelId, text, attachments);
+	}
+	async addReaction(postId, emoji, accountId) {
+		return this._acc(accountId).addReaction(postId, emoji);
+	}
+	async removeReaction(postId, emoji, accountId) {
+		return this._acc(accountId).removeReaction(postId, emoji);
+	}
+	async resolveTarget(target, accountId) {
+		return this._acc(accountId).resolveTarget(target);
+	}
+	handleInteraction(context, accountId) {
+		return this._acc(accountId).handleInteraction(context);
+	}
+	async handleWebhook(body, webhookToken, accountId) {
+		return this._acc(accountId).handleWebhook(body, webhookToken);
+	}
+	async handleSlashCommand(payload, expectedToken, accountId) {
+		return this._acc(accountId).handleSlashCommand(payload, expectedToken);
+	}
+	approvePairing(code, accountId) {
+		return this._acc(accountId).approvePairing(code);
+	}
+	listPendingPairings(accountId) {
+		return this._acc(accountId).listPendingPairings();
+	}
+	getAccountIds() {
+		return Array.from(this.accounts.keys());
+	}
+	isRunning() {
+		return this.accounts.size > 0;
+	}
+};
+
+//#endregion
+exports.MattermostConnector = MattermostConnector;