hyperclaw 5.4.1 → 5.4.2

package/dist/connector-BYPxgmsD.js

@@ -0,0 +1,312 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const chalk = require_chunk.__toESM(require("chalk"));
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+const os = require_chunk.__toESM(require("os"));
+const https = require_chunk.__toESM(require("https"));
+const events = require_chunk.__toESM(require("events"));
+
+//#region extensions/telegram/src/connector.ts
+function tgDownloadFile(token, filePath) {
+	return new Promise((resolve, reject) => {
+		const req = https.default.request({
+			hostname: "api.telegram.org",
+			port: 443,
+			path: `/file/bot${token}/${filePath}`,
+			method: "GET"
+		}, (res) => {
+			const chunks = [];
+			res.on("data", (c) => chunks.push(c));
+			res.on("end", () => resolve(Buffer.concat(chunks)));
+		});
+		req.on("error", reject);
+		req.setTimeout(3e4, () => {
+			req.destroy();
+			reject(new Error("Download timeout"));
+		});
+		req.end();
+	});
+}
+function tgRequest(token, method, body) {
+	return new Promise((resolve, reject) => {
+		const payload = body ? JSON.stringify(body) : null;
+		const req = https.default.request({
+			hostname: "api.telegram.org",
+			port: 443,
+			path: `/bot${token}/${method}`,
+			method: payload ? "POST" : "GET",
+			headers: payload ? {
+				"Content-Type": "application/json",
+				"Content-Length": Buffer.byteLength(payload)
+			} : {}
+		}, (res) => {
+			let data = "";
+			res.on("data", (c) => data += c);
+			res.on("end", () => {
+				try {
+					const r = JSON.parse(data);
+					if (r.ok) resolve(r.result);
+					else reject(new Error(r.description || "Telegram API error"));
+				} catch {
+					reject(new Error("Invalid JSON"));
+				}
+			});
+		});
+		req.on("error", reject);
+		req.setTimeout(35e3, () => {
+			req.destroy();
+			reject(new Error("Timeout"));
+		});
+		if (payload) req.write(payload);
+		req.end();
+	});
+}
+const STATE_FILE = path.default.join(os.default.homedir(), ".hyperclaw", "telegram-state.json");
+function sleep(ms) {
+	return new Promise((r) => setTimeout(r, ms));
+}
+function generateCode() {
+	const chars = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789";
+	return Array.from({ length: 6 }, () => chars[Math.floor(Math.random() * chars.length)]).join("");
+}
+function chunkText(text, max) {
+	if (text.length <= max) return [text];
+	const chunks = [];
+	let i = 0;
+	while (i < text.length) {
+		let end = Math.min(i + max, text.length);
+		if (end < text.length) {
+			const nl = text.lastIndexOf("\n", end);
+			if (nl > i) end = nl + 1;
+		}
+		chunks.push(text.slice(i, end));
+		i = end;
+	}
+	return chunks;
+}
+var TelegramConnector = class extends events.EventEmitter {
+	token;
+	config;
+	offset = 0;
+	running = false;
+	botInfo = null;
+	constructor(token, config) {
+		super();
+		this.token = token;
+		this.config = {
+			token,
+			dmPolicy: "allowlist",
+			allowFrom: [],
+			pendingPairings: {},
+			approvedPairings: [],
+			...config
+		};
+	}
+	async connect() {
+		this.botInfo = await tgRequest(this.token, "getMe");
+		console.log(chalk.default.green(`  🦅 Telegram: @${this.botInfo?.username} connected`));
+		await this.loadState();
+		this.running = true;
+		this.pollLoop();
+		this.emit("connected", this.botInfo);
+	}
+	async disconnect() {
+		this.running = false;
+		await this.saveState();
+	}
+	async pollLoop() {
+		while (this.running) try {
+			const allowed = this.config.inlineMode ? ["message", "inline_query"] : ["message"];
+			const updates = await tgRequest(this.token, "getUpdates", {
+				offset: this.offset,
+				timeout: 30,
+				allowed_updates: allowed
+			});
+			for (const u of updates) {
+				this.offset = u.update_id + 1;
+				await this.handleUpdate(u).catch((e) => console.log(chalk.default.yellow(`  ⚠  ${e.message}`)));
+			}
+		} catch (e) {
+			if (this.running) {
+				console.log(chalk.default.yellow(`  ⚠  Telegram poll: ${e.message}`));
+				await sleep(5e3);
+			}
+		}
+	}
+	async handleUpdate(u) {
+		if (u.inline_query) {
+			this.emit("inline_query", {
+				id: u.inline_query.id,
+				from: String(u.inline_query.from?.id),
+				query: u.inline_query.query,
+				username: u.inline_query.from?.username
+			});
+			return;
+		}
+		const msg = u.message || u.edited_message;
+		if (!msg) return;
+		const text = msg.text?.trim() || "";
+		if (!text && !msg.voice) return;
+		const userId = String(msg.from?.id || "");
+		const isDM = msg.chat.type === "private";
+		const isGroup = msg.chat.type === "group" || msg.chat.type === "supergroup";
+		if (isDM && !await this.checkDMPolicy(userId, msg.chat.id, text || "[voice note]")) return;
+		let finalText = text || "[voice note]";
+		if (isGroup) {
+			const groupAllowFrom = this.config.groupAllowFrom ?? [];
+			if (groupAllowFrom.length > 0 && !groupAllowFrom.includes(String(msg.chat.id))) return;
+			const activation = this.config.groupActivation ?? "mention";
+			if (activation === "mention") {
+				const botUsername = this.botInfo?.username ? `@${this.botInfo.username}`.toLowerCase() : "";
+				const mentioned = botUsername && text.toLowerCase().includes(botUsername);
+				const isReplyToBot = msg.reply_to_message?.from?.is_bot && msg.reply_to_message.from.id === this.botInfo?.id;
+				if (!mentioned && !isReplyToBot) return;
+				if (mentioned && botUsername) finalText = text.replace(new RegExp(botUsername, "gi"), "").trim() || finalText;
+			}
+		}
+		let audioBuffer;
+		if (msg?.voice?.file_id) try {
+			const file = await tgRequest(this.token, "getFile", { file_id: msg.voice.file_id });
+			audioBuffer = await tgDownloadFile(this.token, file.file_path);
+		} catch (e) {
+			console.log(chalk.default.yellow(`  ⚠  Telegram voice download failed: ${e.message}`));
+		}
+		this.emit("message", {
+			id: String(msg.message_id),
+			channelId: "telegram",
+			from: userId,
+			fromUsername: msg.from?.username,
+			chatId: msg.chat.id,
+			text: finalText,
+			audioBuffer,
+			timestamp: new Date(msg.date * 1e3).toISOString(),
+			isDM,
+			isGroup,
+			threadId: msg.message_thread_id != null ? String(msg.message_thread_id) : void 0
+		});
+	}
+	async checkDMPolicy(userId, chatId, text) {
+		if (this.config.dmPolicy === "none") return false;
+		if (this.config.dmPolicy === "open") return true;
+		if (this.config.dmPolicy === "allowlist") {
+			if (this.config.allowFrom.includes(userId)) return true;
+			await this.sendMessage(chatId, `🦅 *HyperClaw*\n\nYou are not on the allowlist.`);
+			return false;
+		}
+		if (this.config.dmPolicy === "pairing") {
+			if (this.config.approvedPairings.includes(userId)) return true;
+			const upper = text.trim().toUpperCase();
+			if (this.config.pendingPairings[upper]) {
+				this.config.approvedPairings.push(userId);
+				delete this.config.pendingPairings[upper];
+				await this.saveState();
+				await this.sendMessage(chatId, `🦅 *Paired!* You can now send messages.`);
+				this.emit("pairing:approved", {
+					userId,
+					channelId: "telegram"
+				});
+				return true;
+			}
+			const code = generateCode();
+			this.config.pendingPairings[code] = userId;
+			await this.saveState();
+			await this.sendMessage(chatId, `🦅 *HyperClaw Pairing*\n\nSend the owner this code:\n\`${code}\`\n\nApprove with:\n\`hyperclaw pairing approve telegram ${code}\``);
+			console.log(chalk.default.cyan(`  🦅 Telegram pairing from ${userId} — code: ${code}`));
+			return false;
+		}
+		return false;
+	}
+	async sendMessage(chatId, text, opts = {}) {
+		const chunks = chunkText(text, 4096);
+		let last = null;
+		for (const chunk of chunks) last = await tgRequest(this.token, "sendMessage", {
+			chat_id: chatId,
+			text: chunk,
+			parse_mode: opts.parse_mode || "Markdown",
+			disable_web_page_preview: opts.disable_web_page_preview ?? true,
+			...opts.reply_to_message_id ? { reply_to_message_id: opts.reply_to_message_id } : {},
+			...opts.message_thread_id != null ? { message_thread_id: opts.message_thread_id } : {}
+		});
+		return last;
+	}
+	async sendTyping(chatId) {
+		await tgRequest(this.token, "sendChatAction", {
+			chat_id: chatId,
+			action: "typing"
+		}).catch(() => {});
+	}
+	/** Answer inline query (Telegram inline mode). Results shown when user types @botname &lt;query&gt; in any chat. */
+	async answerInlineQuery(queryId, results, opts) {
+		try {
+			const articles = results.map((r) => ({
+				type: "article",
+				id: r.id,
+				title: r.title,
+				description: r.description,
+				input_message_content: {
+					message_text: r.message_text,
+					parse_mode: r.parse_mode || "Markdown"
+				}
+			}));
+			await tgRequest(this.token, "answerInlineQuery", {
+				inline_query_id: queryId,
+				results: articles,
+				cache_time: opts?.cache_time ?? 60
+			});
+			return true;
+		} catch {
+			return false;
+		}
+	}
+	approvePairing(code) {
+		const upper = code.toUpperCase();
+		if (!this.config.pendingPairings[upper]) return false;
+		const userId = this.config.pendingPairings[upper];
+		this.config.approvedPairings.push(userId);
+		delete this.config.pendingPairings[upper];
+		this.saveState();
+		return true;
+	}
+	addToAllowlist(userId) {
+		if (!this.config.allowFrom.includes(userId)) {
+			this.config.allowFrom.push(userId);
+			this.saveState();
+		}
+	}
+	listPendingPairings() {
+		return Object.entries(this.config.pendingPairings).map(([code, userId]) => ({
+			code,
+			userId
+		}));
+	}
+	handleWebhookPayload(body) {
+		try {
+			this.handleUpdate(JSON.parse(body));
+		} catch {}
+	}
+	async loadState() {
+		try {
+			const s = await fs_extra.default.readJson(STATE_FILE);
+			this.offset = s.offset || 0;
+			if (s.pendingPairings) this.config.pendingPairings = s.pendingPairings;
+			if (s.approvedPairings) this.config.approvedPairings = s.approvedPairings;
+		} catch {}
+	}
+	async saveState() {
+		await fs_extra.default.ensureDir(path.default.dirname(STATE_FILE));
+		await fs_extra.default.writeJson(STATE_FILE, {
+			offset: this.offset,
+			pendingPairings: this.config.pendingPairings,
+			approvedPairings: this.config.approvedPairings
+		}, { spaces: 2 });
+	}
+	isRunning() {
+		return this.running;
+	}
+	getBotInfo() {
+		return this.botInfo;
+	}
+};
+
+//#endregion
+exports.TelegramConnector = TelegramConnector;

package/dist/cost-tracker-x9E8VKtk.js

@@ -0,0 +1,103 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+
+//#region src/infra/cost-tracker.ts
+/** Rough cost per 1M tokens by provider/model (Claude Sonnet ballpark). */
+const DEFAULT_COST_PER_1M_INPUT = 3;
+const DEFAULT_COST_PER_1M_OUTPUT = 15;
+function estimateCost(usage, model) {
+	if (!usage) return 0;
+	const inp = (usage.input || 0) + (usage.cacheRead || 0);
+	const inputCost = inp / 1e6 * DEFAULT_COST_PER_1M_INPUT;
+	const outputCost = (usage.output || 0) / 1e6 * DEFAULT_COST_PER_1M_OUTPUT;
+	return inputCost + outputCost;
+}
+/** Path to cost log file for a session. */
+function getCostLogPath(baseDir, sessionId) {
+	return path.default.join(baseDir, "costs", `session-${sessionId}.jsonl`);
+}
+/** Append a cost entry for a session. */
+async function recordUsage(baseDir, sessionId, usage, opts) {
+	const costUsd = estimateCost(usage, opts?.model);
+	const entry = {
+		sessionId,
+		source: opts?.source,
+		tenantId: opts?.tenantId,
+		timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+		usage,
+		costUsd,
+		model: opts?.model
+	};
+	const dir = path.default.join(baseDir, "costs");
+	await fs_extra.default.ensureDir(dir);
+	const fp = getCostLogPath(baseDir, sessionId);
+	await fs_extra.default.appendFile(fp, JSON.stringify(entry) + "\n");
+}
+/** Read and aggregate all entries for a session. */
+async function getSessionSummary(baseDir, sessionId) {
+	const fp = getCostLogPath(baseDir, sessionId);
+	if (!await fs_extra.default.pathExists(fp)) return {
+		input: 0,
+		output: 0,
+		cacheRead: 0,
+		costUsd: 0,
+		runs: 0
+	};
+	const lines = (await fs_extra.default.readFile(fp, "utf8")).trim().split("\n").filter(Boolean);
+	let input = 0, output = 0, cacheRead = 0, costUsd = 0;
+	for (const line of lines) try {
+		const e = JSON.parse(line);
+		input += e.usage.input || 0;
+		output += e.usage.output || 0;
+		cacheRead += e.usage.cacheRead || 0;
+		costUsd += e.costUsd || 0;
+	} catch {}
+	return {
+		input,
+		output,
+		cacheRead,
+		costUsd,
+		runs: lines.length
+	};
+}
+/** Get global summary across all sessions. */
+async function getGlobalSummary(baseDir) {
+	const dir = path.default.join(baseDir, "costs");
+	if (!await fs_extra.default.pathExists(dir)) return {
+		sessions: 0,
+		totalInput: 0,
+		totalOutput: 0,
+		totalCacheRead: 0,
+		totalCostUsd: 0,
+		totalRuns: 0
+	};
+	const files = (await fs_extra.default.readdir(dir)).filter((f) => f.startsWith("session-") && f.endsWith(".jsonl"));
+	let totalInput = 0, totalOutput = 0, totalCacheRead = 0, totalCostUsd = 0, totalRuns = 0;
+	for (const f of files) {
+		const fp = path.default.join(dir, f);
+		const content = await fs_extra.default.readFile(fp, "utf8").catch(() => "");
+		for (const line of content.trim().split("\n").filter(Boolean)) try {
+			const e = JSON.parse(line);
+			totalInput += e.usage.input || 0;
+			totalOutput += e.usage.output || 0;
+			totalCacheRead += e.usage.cacheRead || 0;
+			totalCostUsd += e.costUsd || 0;
+			totalRuns++;
+		} catch {}
+	}
+	return {
+		sessions: files.length,
+		totalInput,
+		totalOutput,
+		totalCacheRead,
+		totalCostUsd,
+		totalRuns
+	};
+}
+
+//#endregion
+exports.estimateCost = estimateCost;
+exports.getGlobalSummary = getGlobalSummary;
+exports.getSessionSummary = getSessionSummary;
+exports.recordUsage = recordUsage;

package/dist/credentials-store-Ddhgmbpz.js

@@ -0,0 +1,7 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+require('./paths-AIyBxIzm.js');
+require('./paths-DPovhojT.js');
+const require_credentials_store = require('./credentials-store-onL1tYct.js');
+
+require_credentials_store.init_credentials_store();
+exports.CredentialsStore = require_credentials_store.CredentialsStore;

package/dist/credentials-store-onL1tYct.js

@@ -0,0 +1,89 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_paths = require('./paths-AIyBxIzm.js');
+const require_paths$1 = require('./paths-DPovhojT.js');
+const chalk = require_chunk.__toESM(require("chalk"));
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+
+//#region src/secrets/credentials-store.ts
+var CredentialsStore;
+var init_credentials_store = require_chunk.__esm({ "src/secrets/credentials-store.ts"() {
+	require_paths$1.init_paths();
+	CredentialsStore = class {
+		credsDir;
+		constructor(baseDir) {
+			const base = baseDir ?? require_paths.getHyperClawDir();
+			this.credsDir = path.default.join(base, "credentials");
+		}
+		filePath(providerId) {
+			const safe = providerId.replace(/[^a-zA-Z0-9_-]/g, "_");
+			return path.default.join(this.credsDir, `${safe}.json`);
+		}
+		async set(providerId, creds) {
+			await fs_extra.default.ensureDir(this.credsDir);
+			await fs_extra.default.chmod(this.credsDir, 448);
+			const record = {
+				...creds,
+				providerId,
+				updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+			};
+			const fpath = this.filePath(providerId);
+			await fs_extra.default.writeJson(fpath, record, { spaces: 2 });
+			await fs_extra.default.chmod(fpath, 384);
+		}
+		async get(providerId) {
+			const fpath = this.filePath(providerId);
+			if (!await fs_extra.default.pathExists(fpath)) return null;
+			const stat = await fs_extra.default.stat(fpath);
+			if (process.platform !== "win32" && (stat.mode & 63) !== 0) {
+				console.log(chalk.default.yellow(`  ⚠  Unsafe permissions on credentials/${providerId}.json — fixing...`));
+				await fs_extra.default.chmod(fpath, 384);
+			}
+			return fs_extra.default.readJson(fpath);
+		}
+		async remove(providerId) {
+			const fpath = this.filePath(providerId);
+			await fs_extra.default.remove(fpath);
+			console.log(chalk.default.green(`  ✔  Credentials removed: ${providerId}`));
+		}
+		async list() {
+			if (!await fs_extra.default.pathExists(this.credsDir)) return [];
+			const files = await fs_extra.default.readdir(this.credsDir);
+			return files.filter((f) => f.endsWith(".json")).map((f) => f.replace(".json", ""));
+		}
+		async showList() {
+			const providers = await this.list();
+			console.log(chalk.default.bold.cyan("\n  🔐 CREDENTIALS\n"));
+			if (providers.length === 0) {
+				console.log(chalk.default.gray("  No credentials stored.\n"));
+				console.log(chalk.default.gray("  Add with: hyperclaw auth add <service_id>  (for any API key)\n"));
+				console.log(chalk.default.gray("  Or:       hyperclaw secrets set KEY=value  (for .env vars)\n"));
+				return;
+			}
+			for (const p of providers) {
+				const cred = await this.get(p);
+				const hasKey = !!cred?.apiKey;
+				const hasRefresh = !!cred?.refreshToken;
+				const expiry = cred?.expiresAt ? new Date(cred.expiresAt) > /* @__PURE__ */ new Date() ? chalk.default.green("valid") : chalk.default.red("expired") : chalk.default.gray("no expiry");
+				console.log(`  ${chalk.default.green("●")} ${chalk.default.white(p.padEnd(20))} ${hasKey ? chalk.default.cyan("api_key") : ""}${hasRefresh ? chalk.default.yellow(" refresh_token") : ""} ${expiry}`);
+				console.log(`     ${chalk.default.gray(`Updated: ${cred?.updatedAt ? new Date(cred.updatedAt).toLocaleString() : "unknown"}`)}`);
+				console.log();
+			}
+			console.log(chalk.default.gray("  credentials/ — stored at ~/.hyperclaw/credentials/*.json (mode 0600)\n"));
+		}
+	};
+} });
+
+//#endregion
+Object.defineProperty(exports, 'CredentialsStore', {
+  enumerable: true,
+  get: function () {
+    return CredentialsStore;
+  }
+});
+Object.defineProperty(exports, 'init_credentials_store', {
+  enumerable: true,
+  get: function () {
+    return init_credentials_store;
+  }
+});

package/dist/cron-tasks-CF4MJoIU.js

@@ -0,0 +1,89 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_paths = require('./paths-AIyBxIzm.js');
+const require_paths$1 = require('./paths-DPovhojT.js');
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+
+//#region src/services/cron-tasks.ts
+require_paths$1.init_paths();
+const getCronTasksFile = () => path.default.join(require_paths.getHyperClawDir(), "cron-tasks.json");
+let tasks = [];
+async function loadCronTasks() {
+	try {
+		tasks = await fs_extra.default.readJson(getCronTasksFile());
+	} catch {
+		tasks = [];
+	}
+	return tasks;
+}
+async function saveCronTasks() {
+	const f = getCronTasksFile();
+	await fs_extra.default.ensureDir(path.default.dirname(f));
+	await fs_extra.default.writeJson(f, tasks, { spaces: 2 });
+}
+function addCronTask(schedule, prompt, name, skillId) {
+	const id = `task-${Date.now().toString(36)}`;
+	const task = {
+		id,
+		schedule,
+		prompt,
+		name,
+		skillId,
+		enabled: true,
+		createdAt: (/* @__PURE__ */ new Date()).toISOString()
+	};
+	tasks.push(task);
+	return task;
+}
+function removeCronTask(id) {
+	const i = tasks.findIndex((t) => t.id === id);
+	if (i >= 0) {
+		tasks.splice(i, 1);
+		return true;
+	}
+	return false;
+}
+async function runCronTask(task, port = 18789) {
+	const http = await import("http");
+	return new Promise((resolve, reject) => {
+		const payload = JSON.stringify({
+			message: task.prompt,
+			...task.skillId ? { skillId: task.skillId } : {}
+		});
+		const req = http.request({
+			hostname: "127.0.0.1",
+			port,
+			path: "/api/webhook/inbound",
+			method: "POST",
+			headers: {
+				"Content-Type": "application/json",
+				"Content-Length": Buffer.byteLength(payload)
+			}
+		}, (res) => {
+			let data = "";
+			res.on("data", (c) => data += c);
+			res.on("end", async () => {
+				task.lastRunAt = (/* @__PURE__ */ new Date()).toISOString();
+				await saveCronTasks().catch(() => {});
+				resolve();
+			});
+		});
+		req.on("error", (e) => {
+			console.error(`[cron] task ${task.id} failed:`, e.message);
+			resolve();
+		});
+		req.setTimeout(6e4, () => {
+			req.destroy();
+			resolve();
+		});
+		req.write(payload);
+		req.end();
+	});
+}
+
+//#endregion
+exports.addCronTask = addCronTask;
+exports.loadCronTasks = loadCronTasks;
+exports.removeCronTask = removeCronTask;
+exports.runCronTask = runCronTask;
+exports.saveCronTasks = saveCronTasks;