jishushell 0.6.5 → 0.7.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1207) hide show
  1. package/apps/anythingllm-container.yaml +16 -170
  2. package/apps/browserless-chromium-container.yaml +16 -10
  3. package/apps/filebrowser-container.yaml +15 -9
  4. package/apps/hermes-container.yaml +20 -5
  5. package/apps/immich-container-lite.yaml +337 -0
  6. package/apps/immich-container.yaml +371 -0
  7. package/apps/jishu-kb-container.yaml +50 -177
  8. package/apps/ollama-binary.yaml +33 -28
  9. package/apps/ollama-cpu-container.yaml +6 -0
  10. package/apps/ollama-with-hollama-binary.yaml +35 -28
  11. package/apps/openclaw-binary.yaml +35 -15
  12. package/apps/openclaw-container.yaml +29 -11
  13. package/apps/openclaw-with-ollama-container.yaml +9 -2
  14. package/apps/openclaw-with-searxng-container.yaml +38 -6
  15. package/apps/searxng-container.yaml +31 -6
  16. package/apps/weknora-container.yaml +26 -21
  17. package/dependencies/jishushell-panel-0.7.3.tgz +0 -0
  18. package/dist/cli/app.js +244 -213
  19. package/dist/cli/app.js.map +1 -1
  20. package/dist/cli/backup.js +15 -12
  21. package/dist/cli/backup.js.map +1 -1
  22. package/dist/cli/core.d.ts +4 -3
  23. package/dist/cli/core.js +392 -227
  24. package/dist/cli/core.js.map +1 -1
  25. package/dist/cli/doctor.d.ts +1 -1
  26. package/dist/cli/doctor.js +113 -10
  27. package/dist/cli/doctor.js.map +1 -1
  28. package/dist/cli/job.js +62 -14
  29. package/dist/cli/job.js.map +1 -1
  30. package/dist/cli/llm.js +80 -11
  31. package/dist/cli/llm.js.map +1 -1
  32. package/dist/cli/managed-list.d.ts +1 -3
  33. package/dist/cli/managed-list.js +18 -16
  34. package/dist/cli/managed-list.js.map +1 -1
  35. package/dist/cli/migrate.d.ts +2 -0
  36. package/dist/cli/migrate.js +160 -0
  37. package/dist/cli/migrate.js.map +1 -0
  38. package/dist/cli.js +1 -0
  39. package/dist/cli.js.map +1 -1
  40. package/dist/config.d.ts +32 -20
  41. package/dist/config.js +132 -51
  42. package/dist/config.js.map +1 -1
  43. package/dist/control.d.ts +6 -6
  44. package/dist/control.js +31 -23
  45. package/dist/control.js.map +1 -1
  46. package/dist/core.d.ts +5 -5
  47. package/dist/core.js +5 -5
  48. package/dist/core.js.map +1 -1
  49. package/dist/install.d.ts +2 -2
  50. package/dist/install.js +78 -37
  51. package/dist/install.js.map +1 -1
  52. package/dist/routes/admin.d.ts +2 -0
  53. package/dist/routes/admin.js +72 -0
  54. package/dist/routes/admin.js.map +1 -0
  55. package/dist/routes/apps.d.ts +1 -1
  56. package/dist/routes/apps.js +101 -193
  57. package/dist/routes/apps.js.map +1 -1
  58. package/dist/routes/auth.js +1 -1
  59. package/dist/routes/auth.js.map +1 -1
  60. package/dist/routes/backup.js +1 -1
  61. package/dist/routes/backup.js.map +1 -1
  62. package/dist/routes/docker.d.ts +2 -0
  63. package/dist/routes/docker.js +58 -0
  64. package/dist/routes/docker.js.map +1 -0
  65. package/dist/routes/external-mounts.d.ts +1 -1
  66. package/dist/routes/external-mounts.js +1 -1
  67. package/dist/routes/external-mounts.js.map +1 -1
  68. package/dist/routes/file-mounts.d.ts +4 -3
  69. package/dist/routes/file-mounts.js +49 -31
  70. package/dist/routes/file-mounts.js.map +1 -1
  71. package/dist/routes/files-organize.d.ts +2 -2
  72. package/dist/routes/files-organize.js +5 -5
  73. package/dist/routes/files-organize.js.map +1 -1
  74. package/dist/routes/files.d.ts +1 -1
  75. package/dist/routes/files.js +1 -1
  76. package/dist/routes/files.js.map +1 -1
  77. package/dist/routes/instances.d.ts +0 -8
  78. package/dist/routes/instances.js +202 -1560
  79. package/dist/routes/instances.js.map +1 -1
  80. package/dist/routes/integration-apps.d.ts +14 -0
  81. package/dist/routes/integration-apps.js +81 -0
  82. package/dist/routes/integration-apps.js.map +1 -0
  83. package/dist/routes/integrations.d.ts +9 -0
  84. package/dist/routes/integrations.js +12 -0
  85. package/dist/routes/integrations.js.map +1 -0
  86. package/dist/routes/llm-proxy.js +26 -3
  87. package/dist/routes/llm-proxy.js.map +1 -1
  88. package/dist/routes/setup.js +53 -38
  89. package/dist/routes/setup.js.map +1 -1
  90. package/dist/routes/system.js +108 -68
  91. package/dist/routes/system.js.map +1 -1
  92. package/dist/routes/webdav.d.ts +1 -1
  93. package/dist/routes/webdav.js +2 -2
  94. package/dist/routes/webdav.js.map +1 -1
  95. package/dist/server.d.ts +6 -0
  96. package/dist/server.js +368 -233
  97. package/dist/server.js.map +1 -1
  98. package/dist/services/app-common/app-compiler.js +186 -0
  99. package/dist/services/app-common/app-compiler.js.map +1 -0
  100. package/dist/services/app-common/app-shared.d.ts +15 -0
  101. package/dist/services/app-common/app-shared.js +64 -0
  102. package/dist/services/app-common/app-shared.js.map +1 -0
  103. package/dist/services/app-common/capability-service.d.ts +45 -0
  104. package/dist/services/app-common/capability-service.js +331 -0
  105. package/dist/services/app-common/capability-service.js.map +1 -0
  106. package/dist/services/app-common/catalog-service.d.ts +59 -0
  107. package/dist/services/app-common/catalog-service.js +318 -0
  108. package/dist/services/app-common/catalog-service.js.map +1 -0
  109. package/dist/services/app-common/create-pipeline.d.ts +26 -0
  110. package/dist/services/app-common/create-pipeline.js +298 -0
  111. package/dist/services/app-common/create-pipeline.js.map +1 -0
  112. package/dist/services/app-common/delete-service.d.ts +5 -0
  113. package/dist/services/app-common/delete-service.js +109 -0
  114. package/dist/services/app-common/delete-service.js.map +1 -0
  115. package/dist/services/app-common/execution-owner.d.ts +23 -0
  116. package/dist/services/app-common/execution-owner.js +124 -0
  117. package/dist/services/app-common/execution-owner.js.map +1 -0
  118. package/dist/services/app-common/execution-service.d.ts +23 -0
  119. package/dist/services/app-common/execution-service.js +105 -0
  120. package/dist/services/app-common/execution-service.js.map +1 -0
  121. package/dist/services/app-common/id-normalizer.d.ts +31 -0
  122. package/dist/services/app-common/id-normalizer.js +83 -0
  123. package/dist/services/app-common/id-normalizer.js.map +1 -0
  124. package/dist/services/app-common/install-store.d.ts +34 -0
  125. package/dist/services/app-common/install-store.js +261 -0
  126. package/dist/services/app-common/install-store.js.map +1 -0
  127. package/dist/services/app-common/instance-store.d.ts +78 -0
  128. package/dist/services/app-common/instance-store.js +498 -0
  129. package/dist/services/app-common/instance-store.js.map +1 -0
  130. package/dist/services/app-common/integration-refs.d.ts +17 -0
  131. package/dist/services/app-common/integration-refs.js +47 -0
  132. package/dist/services/app-common/integration-refs.js.map +1 -0
  133. package/dist/services/app-common/lifecycle-pipeline.d.ts +62 -0
  134. package/dist/services/app-common/lifecycle-pipeline.js +317 -0
  135. package/dist/services/app-common/lifecycle-pipeline.js.map +1 -0
  136. package/dist/services/app-common/lifecycle-scripts.d.ts +38 -0
  137. package/dist/services/app-common/lifecycle-scripts.js +935 -0
  138. package/dist/services/app-common/lifecycle-scripts.js.map +1 -0
  139. package/dist/services/app-common/lifecycle-service.d.ts +68 -0
  140. package/dist/services/app-common/lifecycle-service.js +475 -0
  141. package/dist/services/app-common/lifecycle-service.js.map +1 -0
  142. package/dist/services/app-common/ownership.d.ts +3 -0
  143. package/dist/services/app-common/ownership.js +11 -0
  144. package/dist/services/app-common/ownership.js.map +1 -0
  145. package/dist/services/app-common/paths.d.ts +29 -0
  146. package/dist/services/app-common/paths.js +34 -0
  147. package/dist/services/app-common/paths.js.map +1 -0
  148. package/dist/services/app-common/platform-transform.d.ts +32 -0
  149. package/dist/services/app-common/platform-transform.js +65 -0
  150. package/dist/services/app-common/platform-transform.js.map +1 -0
  151. package/dist/services/app-common/provide-resolver.d.ts +29 -0
  152. package/dist/services/app-common/provide-resolver.js +129 -0
  153. package/dist/services/app-common/provide-resolver.js.map +1 -0
  154. package/dist/services/app-common/remote-spec.d.ts +14 -0
  155. package/dist/services/app-common/remote-spec.js +58 -0
  156. package/dist/services/app-common/remote-spec.js.map +1 -0
  157. package/dist/services/app-common/runtime-builder.d.ts +1 -0
  158. package/dist/services/app-common/runtime-builder.js +2 -0
  159. package/dist/services/app-common/runtime-builder.js.map +1 -0
  160. package/dist/services/app-common/runtime-facts.d.ts +19 -0
  161. package/dist/services/app-common/runtime-facts.js +128 -0
  162. package/dist/services/app-common/runtime-facts.js.map +1 -0
  163. package/dist/services/app-common/service.d.ts +9 -0
  164. package/dist/services/app-common/service.js +10 -0
  165. package/dist/services/app-common/service.js.map +1 -0
  166. package/dist/services/app-common/spec-materializer.d.ts +8 -0
  167. package/dist/services/app-common/spec-materializer.js +295 -0
  168. package/dist/services/app-common/spec-materializer.js.map +1 -0
  169. package/dist/services/app-common/status-refresh.d.ts +33 -0
  170. package/dist/services/app-common/status-refresh.js +771 -0
  171. package/dist/services/app-common/status-refresh.js.map +1 -0
  172. package/dist/services/app-common/task-service.d.ts +29 -0
  173. package/dist/services/app-common/task-service.js +93 -0
  174. package/dist/services/app-common/task-service.js.map +1 -0
  175. package/dist/services/app-common/terminal-session-manager.js +157 -0
  176. package/dist/services/app-common/terminal-session-manager.js.map +1 -0
  177. package/dist/services/app-modules/browserless/routes.d.ts +9 -0
  178. package/dist/services/app-modules/browserless/routes.js +519 -0
  179. package/dist/services/app-modules/browserless/routes.js.map +1 -0
  180. package/dist/services/app-modules/routes.d.ts +2 -0
  181. package/dist/services/app-modules/routes.js +5 -0
  182. package/dist/services/app-modules/routes.js.map +1 -0
  183. package/dist/services/backup/backup-admin.d.ts +95 -0
  184. package/dist/services/backup/backup-admin.js +246 -0
  185. package/dist/services/backup/backup-admin.js.map +1 -0
  186. package/dist/services/backup/backup-manager.d.ts +264 -0
  187. package/dist/services/backup/backup-manager.js +2318 -0
  188. package/dist/services/backup/backup-manager.js.map +1 -0
  189. package/dist/services/backup/backup-verify.js +240 -0
  190. package/dist/services/backup/backup-verify.js.map +1 -0
  191. package/dist/services/capabilities/browser-policy.d.ts +14 -0
  192. package/dist/services/capabilities/browser-policy.js +141 -0
  193. package/dist/services/capabilities/browser-policy.js.map +1 -0
  194. package/dist/services/capabilities/contract.d.ts +49 -0
  195. package/dist/services/capabilities/contract.js +119 -0
  196. package/dist/services/capabilities/contract.js.map +1 -0
  197. package/dist/services/capabilities/endpoint-validator.d.ts +42 -0
  198. package/dist/services/capabilities/endpoint-validator.js +113 -0
  199. package/dist/services/capabilities/endpoint-validator.js.map +1 -0
  200. package/dist/services/capabilities/health.d.ts +16 -0
  201. package/dist/services/capabilities/health.js +121 -0
  202. package/dist/services/capabilities/health.js.map +1 -0
  203. package/dist/services/capabilities/registry.d.ts +56 -0
  204. package/dist/services/capabilities/registry.js +222 -0
  205. package/dist/services/capabilities/registry.js.map +1 -0
  206. package/dist/services/capabilities/sync.d.ts +7 -0
  207. package/dist/services/capabilities/sync.js +223 -0
  208. package/dist/services/capabilities/sync.js.map +1 -0
  209. package/dist/services/capability-proxy/html-rewriters/browserless.d.ts +1 -0
  210. package/dist/services/capability-proxy/html-rewriters/browserless.js +83 -0
  211. package/dist/services/capability-proxy/html-rewriters/browserless.js.map +1 -0
  212. package/dist/services/capability-proxy/html-rewriters/index.d.ts +12 -0
  213. package/dist/services/capability-proxy/html-rewriters/index.js +25 -0
  214. package/dist/services/capability-proxy/html-rewriters/index.js.map +1 -0
  215. package/dist/services/capability-proxy/html-rewriters/jishukb.d.ts +1 -0
  216. package/dist/services/capability-proxy/html-rewriters/jishukb.js +161 -0
  217. package/dist/services/capability-proxy/html-rewriters/jishukb.js.map +1 -0
  218. package/dist/services/capability-proxy/http.d.ts +7 -0
  219. package/dist/services/capability-proxy/http.js +555 -0
  220. package/dist/services/capability-proxy/http.js.map +1 -0
  221. package/dist/services/capability-proxy/terminal.d.ts +4 -0
  222. package/dist/services/capability-proxy/terminal.js +179 -0
  223. package/dist/services/capability-proxy/terminal.js.map +1 -0
  224. package/dist/services/connections/admin.d.ts +80 -0
  225. package/dist/services/connections/admin.js +337 -0
  226. package/dist/services/connections/admin.js.map +1 -0
  227. package/dist/services/connections/apply.d.ts +104 -0
  228. package/dist/services/connections/apply.js +415 -0
  229. package/dist/services/connections/apply.js.map +1 -0
  230. package/dist/services/connections/resolver.d.ts +82 -0
  231. package/dist/services/connections/resolver.js +289 -0
  232. package/dist/services/connections/resolver.js.map +1 -0
  233. package/dist/services/connections/transactor.d.ts +39 -0
  234. package/dist/services/connections/transactor.js +307 -0
  235. package/dist/services/connections/transactor.js.map +1 -0
  236. package/dist/services/files/bootstrap.d.ts +7 -0
  237. package/dist/services/files/bootstrap.js +16 -0
  238. package/dist/services/files/bootstrap.js.map +1 -0
  239. package/dist/services/files/external-mounts.js +187 -0
  240. package/dist/services/files/external-mounts.js.map +1 -0
  241. package/dist/services/files/files-manager.d.ts +265 -0
  242. package/dist/services/files/files-manager.js +1189 -0
  243. package/dist/services/files/files-manager.js.map +1 -0
  244. package/dist/services/files/files-mounts.d.ts +42 -0
  245. package/dist/services/files/files-mounts.js +207 -0
  246. package/dist/services/files/files-mounts.js.map +1 -0
  247. package/dist/services/files/organize/applier.js +218 -0
  248. package/dist/services/files/organize/applier.js.map +1 -0
  249. package/dist/services/files/organize/rules.js +286 -0
  250. package/dist/services/files/organize/rules.js.map +1 -0
  251. package/dist/services/files/organize/scanner.js +366 -0
  252. package/dist/services/files/organize/scanner.js.map +1 -0
  253. package/dist/services/files/organize/store.js +82 -0
  254. package/dist/services/files/organize/store.js.map +1 -0
  255. package/dist/services/files/photos/upload-page.d.ts +2 -0
  256. package/dist/services/files/photos/upload-page.js +248 -0
  257. package/dist/services/files/photos/upload-page.js.map +1 -0
  258. package/dist/services/files/photos/upload-store.d.ts +74 -0
  259. package/dist/services/files/photos/upload-store.js +432 -0
  260. package/dist/services/files/photos/upload-store.js.map +1 -0
  261. package/dist/services/files/webdav/server.d.ts +47 -0
  262. package/dist/services/files/webdav/server.js +329 -0
  263. package/dist/services/files/webdav/server.js.map +1 -0
  264. package/dist/services/files/webdav/xml-builder.js.map +1 -0
  265. package/dist/services/http/proxy-utils.d.ts +7 -0
  266. package/dist/services/http/proxy-utils.js +29 -0
  267. package/dist/services/http/proxy-utils.js.map +1 -0
  268. package/dist/services/http/request-utils.d.ts +3 -0
  269. package/dist/services/http/request-utils.js +23 -0
  270. package/dist/services/http/request-utils.js.map +1 -0
  271. package/dist/services/instances/admin.d.ts +23 -0
  272. package/dist/services/instances/admin.js +218 -0
  273. package/dist/services/instances/admin.js.map +1 -0
  274. package/dist/services/instances/clone.d.ts +26 -0
  275. package/dist/services/instances/clone.js +78 -0
  276. package/dist/services/instances/clone.js.map +1 -0
  277. package/dist/services/instances/config-admin.d.ts +17 -0
  278. package/dist/services/instances/config-admin.js +181 -0
  279. package/dist/services/instances/config-admin.js.map +1 -0
  280. package/dist/services/instances/manager.d.ts +232 -0
  281. package/dist/services/instances/manager.js +1342 -0
  282. package/dist/services/instances/manager.js.map +1 -0
  283. package/dist/services/instances/pairing.d.ts +17 -0
  284. package/dist/services/instances/pairing.js +53 -0
  285. package/dist/services/instances/pairing.js.map +1 -0
  286. package/dist/services/instances/passwords.js +173 -0
  287. package/dist/services/instances/passwords.js.map +1 -0
  288. package/dist/services/instances/status.d.ts +2 -0
  289. package/dist/services/instances/status.js +11 -0
  290. package/dist/services/instances/status.js.map +1 -0
  291. package/dist/services/instances/types.d.ts +21 -0
  292. package/dist/services/instances/types.js +2 -0
  293. package/dist/services/instances/types.js.map +1 -0
  294. package/dist/services/integrations/anythingllm/integration.d.ts +25 -0
  295. package/dist/services/integrations/anythingllm/integration.js +251 -0
  296. package/dist/services/integrations/anythingllm/integration.js.map +1 -0
  297. package/dist/services/integrations/catalog.d.ts +3 -0
  298. package/dist/services/integrations/catalog.js +73 -0
  299. package/dist/services/integrations/catalog.js.map +1 -0
  300. package/dist/services/integrations/custom/integration.d.ts +28 -0
  301. package/dist/services/integrations/custom/integration.js +179 -0
  302. package/dist/services/integrations/custom/integration.js.map +1 -0
  303. package/dist/services/integrations/hermes/integration.d.ts +194 -0
  304. package/dist/services/integrations/hermes/integration.js +1668 -0
  305. package/dist/services/integrations/hermes/integration.js.map +1 -0
  306. package/dist/services/integrations/immich/client.d.ts +93 -0
  307. package/dist/services/integrations/immich/client.js +458 -0
  308. package/dist/services/integrations/immich/client.js.map +1 -0
  309. package/dist/services/integrations/immich/config.d.ts +15 -0
  310. package/dist/services/integrations/immich/config.js +178 -0
  311. package/dist/services/integrations/immich/config.js.map +1 -0
  312. package/dist/services/integrations/immich/discovery.d.ts +9 -0
  313. package/dist/services/integrations/immich/discovery.js +101 -0
  314. package/dist/services/integrations/immich/discovery.js.map +1 -0
  315. package/dist/services/integrations/immich/gallery-renderer.d.ts +5 -0
  316. package/dist/services/integrations/immich/gallery-renderer.js +150 -0
  317. package/dist/services/integrations/immich/gallery-renderer.js.map +1 -0
  318. package/dist/services/integrations/immich/immich-shim.d.ts +11 -0
  319. package/dist/services/integrations/immich/immich-shim.js +439 -0
  320. package/dist/services/integrations/immich/immich-shim.js.map +1 -0
  321. package/dist/services/integrations/immich/integration.d.ts +18 -0
  322. package/dist/services/integrations/immich/integration.js +64 -0
  323. package/dist/services/integrations/immich/integration.js.map +1 -0
  324. package/dist/services/integrations/immich/photo-library.d.ts +4 -0
  325. package/dist/services/integrations/immich/photo-library.js +63 -0
  326. package/dist/services/integrations/immich/photo-library.js.map +1 -0
  327. package/dist/services/integrations/immich/review-executor.d.ts +3 -0
  328. package/dist/services/integrations/immich/review-executor.js +41 -0
  329. package/dist/services/integrations/immich/review-executor.js.map +1 -0
  330. package/dist/services/integrations/immich/review-session-service.d.ts +27 -0
  331. package/dist/services/integrations/immich/review-session-service.js +206 -0
  332. package/dist/services/integrations/immich/review-session-service.js.map +1 -0
  333. package/dist/services/integrations/immich/review-store.d.ts +47 -0
  334. package/dist/services/integrations/immich/review-store.js +347 -0
  335. package/dist/services/integrations/immich/review-store.js.map +1 -0
  336. package/dist/services/integrations/immich/routes.d.ts +7 -0
  337. package/dist/services/integrations/immich/routes.js +363 -0
  338. package/dist/services/integrations/immich/routes.js.map +1 -0
  339. package/dist/services/integrations/immich/types.d.ts +186 -0
  340. package/dist/services/integrations/immich/types.js +2 -0
  341. package/dist/services/integrations/immich/types.js.map +1 -0
  342. package/dist/services/integrations/index.d.ts +41 -0
  343. package/dist/services/integrations/index.js +60 -0
  344. package/dist/services/integrations/index.js.map +1 -0
  345. package/dist/services/integrations/installable/catalog.d.ts +33 -0
  346. package/dist/services/integrations/installable/catalog.js +88 -0
  347. package/dist/services/integrations/installable/catalog.js.map +1 -0
  348. package/dist/services/integrations/installable/index.d.ts +35 -0
  349. package/dist/services/integrations/installable/index.js +170 -0
  350. package/dist/services/integrations/installable/index.js.map +1 -0
  351. package/dist/services/integrations/installable/installers/integration-probes.d.ts +50 -0
  352. package/dist/services/integrations/installable/installers/integration-probes.js +231 -0
  353. package/dist/services/integrations/installable/installers/integration-probes.js.map +1 -0
  354. package/dist/services/integrations/installable/installers/integration.d.ts +30 -0
  355. package/dist/services/integrations/installable/installers/integration.js +283 -0
  356. package/dist/services/integrations/installable/installers/integration.js.map +1 -0
  357. package/dist/services/integrations/installable/installers/registry-probe.js.map +1 -0
  358. package/dist/services/integrations/installable/installers/shell-script.d.ts +46 -0
  359. package/dist/services/integrations/installable/installers/shell-script.js +487 -0
  360. package/dist/services/integrations/installable/installers/shell-script.js.map +1 -0
  361. package/dist/services/integrations/installable/types.d.ts +130 -0
  362. package/dist/services/integrations/installable/types.js +19 -0
  363. package/dist/services/integrations/installable/types.js.map +1 -0
  364. package/dist/services/integrations/jishukb/integration.d.ts +24 -0
  365. package/dist/services/integrations/jishukb/integration.js +300 -0
  366. package/dist/services/integrations/jishukb/integration.js.map +1 -0
  367. package/dist/services/integrations/openclaw/anythingllm-shim.d.ts +46 -0
  368. package/dist/services/integrations/openclaw/anythingllm-shim.js +281 -0
  369. package/dist/services/integrations/openclaw/anythingllm-shim.js.map +1 -0
  370. package/dist/services/integrations/openclaw/drive-shim.js +490 -0
  371. package/dist/services/integrations/openclaw/drive-shim.js.map +1 -0
  372. package/dist/services/integrations/openclaw/integration.d.ts +438 -0
  373. package/dist/services/integrations/openclaw/integration.js +4629 -0
  374. package/dist/services/integrations/openclaw/integration.js.map +1 -0
  375. package/dist/services/integrations/openclaw/jishukb-native-mcp.d.ts +58 -0
  376. package/dist/services/integrations/openclaw/jishukb-native-mcp.js +373 -0
  377. package/dist/services/integrations/openclaw/jishukb-native-mcp.js.map +1 -0
  378. package/dist/services/integrations/openclaw/jishukb-shim.d.ts +52 -0
  379. package/dist/services/integrations/openclaw/jishukb-shim.js +1357 -0
  380. package/dist/services/integrations/openclaw/jishukb-shim.js.map +1 -0
  381. package/dist/services/integrations/openclaw/mcporter-lite.js +276 -0
  382. package/dist/services/integrations/openclaw/mcporter-lite.js.map +1 -0
  383. package/dist/services/integrations/openclaw/mcporter.d.ts +59 -0
  384. package/dist/services/integrations/openclaw/mcporter.js +143 -0
  385. package/dist/services/integrations/openclaw/mcporter.js.map +1 -0
  386. package/dist/services/integrations/openclaw/native-mcp.d.ts +48 -0
  387. package/dist/services/integrations/openclaw/native-mcp.js +125 -0
  388. package/dist/services/integrations/openclaw/native-mcp.js.map +1 -0
  389. package/dist/services/integrations/openclaw/routes.d.ts +21 -0
  390. package/dist/services/integrations/openclaw/routes.js +1194 -0
  391. package/dist/services/integrations/openclaw/routes.js.map +1 -0
  392. package/dist/services/integrations/registry.d.ts +17 -0
  393. package/dist/services/integrations/registry.js +36 -0
  394. package/dist/services/integrations/registry.js.map +1 -0
  395. package/dist/services/integrations/routes.d.ts +2 -0
  396. package/dist/services/integrations/routes.js +9 -0
  397. package/dist/services/integrations/routes.js.map +1 -0
  398. package/dist/services/integrations/types.d.ts +457 -0
  399. package/dist/services/integrations/types.js +2 -0
  400. package/dist/services/integrations/types.js.map +1 -0
  401. package/dist/services/legacy-migrator/classifier.d.ts +44 -0
  402. package/dist/services/legacy-migrator/classifier.js +309 -0
  403. package/dist/services/legacy-migrator/classifier.js.map +1 -0
  404. package/dist/services/legacy-migrator/executor.d.ts +42 -0
  405. package/dist/services/legacy-migrator/executor.js +637 -0
  406. package/dist/services/legacy-migrator/executor.js.map +1 -0
  407. package/dist/services/legacy-migrator/index.d.ts +31 -0
  408. package/dist/services/legacy-migrator/index.js +34 -0
  409. package/dist/services/legacy-migrator/index.js.map +1 -0
  410. package/dist/services/legacy-migrator/planner.d.ts +8 -0
  411. package/dist/services/legacy-migrator/planner.js +154 -0
  412. package/dist/services/legacy-migrator/planner.js.map +1 -0
  413. package/dist/services/legacy-migrator/provider-settings.d.ts +6 -0
  414. package/dist/services/legacy-migrator/provider-settings.js +72 -0
  415. package/dist/services/legacy-migrator/provider-settings.js.map +1 -0
  416. package/dist/services/legacy-migrator/report.d.ts +9 -0
  417. package/dist/services/legacy-migrator/report.js +99 -0
  418. package/dist/services/legacy-migrator/report.js.map +1 -0
  419. package/dist/services/legacy-migrator/scanner.d.ts +13 -0
  420. package/dist/services/legacy-migrator/scanner.js +157 -0
  421. package/dist/services/legacy-migrator/scanner.js.map +1 -0
  422. package/dist/services/legacy-migrator/types.d.ts +97 -0
  423. package/dist/services/legacy-migrator/types.js +23 -0
  424. package/dist/services/legacy-migrator/types.js.map +1 -0
  425. package/dist/services/llm-proxy/instance-proxy.d.ts +17 -1
  426. package/dist/services/llm-proxy/instance-proxy.js +171 -44
  427. package/dist/services/llm-proxy/instance-proxy.js.map +1 -1
  428. package/dist/services/llm-proxy/probe.js +5 -14
  429. package/dist/services/llm-proxy/probe.js.map +1 -1
  430. package/dist/services/llm-proxy/providers.js +23 -31
  431. package/dist/services/llm-proxy/providers.js.map +1 -1
  432. package/dist/services/llm-proxy/ssrf.d.ts +11 -4
  433. package/dist/services/llm-proxy/ssrf.js +45 -7
  434. package/dist/services/llm-proxy/ssrf.js.map +1 -1
  435. package/dist/services/llm-proxy/validate-key.js +16 -37
  436. package/dist/services/llm-proxy/validate-key.js.map +1 -1
  437. package/dist/services/repair/runtime-repair.d.ts +22 -0
  438. package/dist/services/repair/runtime-repair.js +374 -0
  439. package/dist/services/repair/runtime-repair.js.map +1 -0
  440. package/dist/services/runtime/docker-network.d.ts +8 -0
  441. package/dist/services/runtime/docker-network.js +123 -0
  442. package/dist/services/runtime/docker-network.js.map +1 -0
  443. package/dist/services/runtime/driver-registry.d.ts +25 -0
  444. package/dist/services/runtime/driver-registry.js +22 -0
  445. package/dist/services/runtime/driver-registry.js.map +1 -0
  446. package/dist/services/runtime/drivers/nomad.d.ts +261 -0
  447. package/dist/services/runtime/drivers/nomad.js +3122 -0
  448. package/dist/services/runtime/drivers/nomad.js.map +1 -0
  449. package/dist/services/runtime/errors.d.ts +3 -3
  450. package/dist/services/runtime/errors.js +3 -3
  451. package/dist/services/runtime/instance.d.ts +14 -16
  452. package/dist/services/runtime/instance.js +93 -123
  453. package/dist/services/runtime/instance.js.map +1 -1
  454. package/dist/services/runtime/job-id.d.ts +1 -1
  455. package/dist/services/runtime/job-id.js +1 -1
  456. package/dist/services/runtime/mcp-shims/firewall.d.ts +2 -2
  457. package/dist/services/runtime/mcp-shims/firewall.js +2 -2
  458. package/dist/services/runtime/mcp-shims/searxng-shim.d.ts +3 -5
  459. package/dist/services/runtime/mcp-shims/searxng-shim.js +3 -5
  460. package/dist/services/runtime/mcp-shims/searxng-shim.js.map +1 -1
  461. package/dist/services/runtime/mcp-shims/write-mcp-entry.d.ts +20 -20
  462. package/dist/services/runtime/mcp-shims/write-mcp-entry.js +16 -16
  463. package/dist/services/runtime/mcp-shims/write-mcp-entry.js.map +1 -1
  464. package/dist/services/runtime/ownership-marker.d.ts +83 -0
  465. package/dist/services/runtime/ownership-marker.js +109 -0
  466. package/dist/services/runtime/ownership-marker.js.map +1 -0
  467. package/dist/services/runtime/service-manager.d.ts +2 -0
  468. package/dist/services/runtime/service-manager.js +18 -0
  469. package/dist/services/runtime/service-manager.js.map +1 -0
  470. package/dist/services/runtime/types.d.ts +23 -501
  471. package/dist/services/runtime/types.js +0 -12
  472. package/dist/services/runtime/types.js.map +1 -1
  473. package/dist/services/runtime/workload-compiler.d.ts +17 -0
  474. package/dist/services/runtime/workload-compiler.js +550 -0
  475. package/dist/services/runtime/workload-compiler.js.map +1 -0
  476. package/dist/services/runtime/workload-types.d.ts +11 -0
  477. package/dist/services/runtime/workload-types.js +2 -0
  478. package/dist/services/runtime/workload-types.js.map +1 -0
  479. package/dist/services/setup/core-manager.d.ts +50 -0
  480. package/dist/services/setup/core-manager.js +456 -0
  481. package/dist/services/setup/core-manager.js.map +1 -0
  482. package/dist/services/setup/plugin-installer.js +136 -0
  483. package/dist/services/setup/plugin-installer.js.map +1 -0
  484. package/dist/services/setup/setup-manager.d.ts +158 -0
  485. package/dist/services/setup/setup-manager.js +2724 -0
  486. package/dist/services/setup/setup-manager.js.map +1 -0
  487. package/dist/services/system/cli-command.d.ts +5 -0
  488. package/dist/services/system/cli-command.js +18 -0
  489. package/dist/services/system/cli-command.js.map +1 -0
  490. package/dist/services/system/macos-launchd.js +312 -0
  491. package/dist/services/system/macos-launchd.js.map +1 -0
  492. package/dist/services/system/repair-orchestrator.d.ts +71 -0
  493. package/dist/services/system/repair-orchestrator.js +412 -0
  494. package/dist/services/system/repair-orchestrator.js.map +1 -0
  495. package/dist/services/system/runtime-ownership.d.ts +36 -0
  496. package/dist/services/system/runtime-ownership.js +250 -0
  497. package/dist/services/system/runtime-ownership.js.map +1 -0
  498. package/dist/services/system/system-monitor.js +96 -0
  499. package/dist/services/system/system-monitor.js.map +1 -0
  500. package/dist/services/system/system-ollama-provider.d.ts +14 -0
  501. package/dist/services/system/system-ollama-provider.js +129 -0
  502. package/dist/services/system/system-ollama-provider.js.map +1 -0
  503. package/dist/services/system/system-reconciler.d.ts +59 -0
  504. package/dist/services/system/system-reconciler.js +763 -0
  505. package/dist/services/system/system-reconciler.js.map +1 -0
  506. package/dist/services/system/update-manager.d.ts +43 -0
  507. package/dist/services/system/update-manager.js +315 -0
  508. package/dist/services/system/update-manager.js.map +1 -0
  509. package/dist/services/system/upgrade-finalize.d.ts +80 -0
  510. package/dist/services/system/upgrade-finalize.js +507 -0
  511. package/dist/services/system/upgrade-finalize.js.map +1 -0
  512. package/dist/services/tasks/registry.d.ts +44 -0
  513. package/dist/services/tasks/registry.js +90 -0
  514. package/dist/services/tasks/registry.js.map +1 -0
  515. package/dist/services/telemetry/activation.d.ts +6 -2
  516. package/dist/services/telemetry/activation.js +6 -2
  517. package/dist/services/telemetry/activation.js.map +1 -1
  518. package/dist/services/telemetry/heartbeat.d.ts +6 -2
  519. package/dist/services/telemetry/heartbeat.js +6 -2
  520. package/dist/services/telemetry/heartbeat.js.map +1 -1
  521. package/dist/services/workspaces/builder.d.ts +29 -0
  522. package/dist/services/workspaces/builder.js +186 -0
  523. package/dist/services/workspaces/builder.js.map +1 -0
  524. package/dist/types.d.ts +350 -48
  525. package/dist/utils/instance-lock.d.ts +2 -2
  526. package/dist/utils/instance-lock.js +2 -2
  527. package/dist/utils/path-safety.js +1 -1
  528. package/dist/utils/service-user.d.ts +13 -0
  529. package/dist/utils/service-user.js +129 -0
  530. package/dist/utils/service-user.js.map +1 -0
  531. package/install/jishu-install.sh +107 -27
  532. package/install/jishu-uninstall.sh +8 -0
  533. package/install/post-install.sh +162 -185
  534. package/install/post-uninstall.sh +6 -0
  535. package/node_modules/@fastify/static/.github/workflows/ci.yml +1 -1
  536. package/node_modules/@fastify/static/.github/workflows/lock-threads.yml +19 -0
  537. package/node_modules/@fastify/static/LICENSE +1 -3
  538. package/node_modules/@fastify/static/example/server-benchmark.js +39 -0
  539. package/node_modules/@fastify/static/index.js +169 -23
  540. package/node_modules/@fastify/static/lib/dirList.js +20 -6
  541. package/node_modules/@fastify/static/package.json +10 -8
  542. package/node_modules/@fastify/static/test/dir-list.test.js +82 -0
  543. package/node_modules/@fastify/static/test/static.test.js +326 -4
  544. package/node_modules/@fastify/static/types/index.d.ts +0 -4
  545. package/node_modules/@fastify/static/types/index.test-d.ts +1 -1
  546. package/node_modules/brace-expansion/dist/commonjs/index.js +24 -14
  547. package/node_modules/brace-expansion/dist/commonjs/index.js.map +1 -1
  548. package/node_modules/brace-expansion/dist/esm/index.js +24 -14
  549. package/node_modules/brace-expansion/dist/esm/index.js.map +1 -1
  550. package/node_modules/brace-expansion/package.json +2 -2
  551. package/node_modules/content-disposition/README.md +21 -22
  552. package/node_modules/content-disposition/index.js +122 -44
  553. package/node_modules/content-disposition/package.json +16 -20
  554. package/node_modules/fast-uri/index.js +1 -1
  555. package/node_modules/fast-uri/package.json +1 -1
  556. package/node_modules/fast-uri/test/security.test.js +28 -0
  557. package/node_modules/fastify/SECURITY.md +1 -1
  558. package/node_modules/fastify/SPONSORS.md +6 -4
  559. package/node_modules/fastify/docs/Guides/Database.md +0 -28
  560. package/node_modules/fastify/docs/Guides/Ecosystem.md +13 -2
  561. package/node_modules/fastify/docs/Guides/Serverless.md +2 -2
  562. package/node_modules/fastify/docs/Guides/Write-Plugin.md +1 -1
  563. package/node_modules/fastify/docs/Reference/Encapsulation.md +27 -26
  564. package/node_modules/fastify/docs/Reference/Errors.md +10 -4
  565. package/node_modules/fastify/docs/Reference/HTTP2.md +10 -10
  566. package/node_modules/fastify/docs/Reference/Hooks.md +4 -4
  567. package/node_modules/fastify/docs/Reference/Index.md +14 -16
  568. package/node_modules/fastify/docs/Reference/LTS.md +12 -13
  569. package/node_modules/fastify/docs/Reference/Lifecycle.md +9 -8
  570. package/node_modules/fastify/docs/Reference/Logging.md +44 -39
  571. package/node_modules/fastify/docs/Reference/Middleware.md +21 -25
  572. package/node_modules/fastify/docs/Reference/Principles.md +2 -2
  573. package/node_modules/fastify/docs/Reference/Reply.md +6 -1
  574. package/node_modules/fastify/docs/Reference/Request.md +27 -16
  575. package/node_modules/fastify/docs/Reference/Routes.md +5 -2
  576. package/node_modules/fastify/docs/Reference/Server.md +31 -3
  577. package/node_modules/fastify/docs/Reference/Type-Providers.md +29 -5
  578. package/node_modules/fastify/docs/Reference/Validation-and-Serialization.md +15 -2
  579. package/node_modules/fastify/docs/Reference/Warnings.md +7 -6
  580. package/node_modules/fastify/eslint.config.js +7 -2
  581. package/node_modules/fastify/fastify.d.ts +8 -3
  582. package/node_modules/fastify/fastify.js +43 -14
  583. package/node_modules/fastify/lib/content-type-parser.js +13 -1
  584. package/node_modules/fastify/lib/decorate.js +11 -3
  585. package/node_modules/fastify/lib/error-handler.js +4 -3
  586. package/node_modules/fastify/lib/error-serializer.js +59 -59
  587. package/node_modules/fastify/lib/errors.js +16 -1
  588. package/node_modules/fastify/lib/four-oh-four.js +14 -9
  589. package/node_modules/fastify/lib/handle-request.js +11 -5
  590. package/node_modules/fastify/lib/plugin-override.js +2 -1
  591. package/node_modules/fastify/lib/plugin-utils.js +5 -5
  592. package/node_modules/fastify/lib/reply.js +63 -8
  593. package/node_modules/fastify/lib/request.js +14 -4
  594. package/node_modules/fastify/lib/route.js +20 -6
  595. package/node_modules/fastify/lib/schema-controller.js +1 -1
  596. package/node_modules/fastify/lib/schemas.js +37 -30
  597. package/node_modules/fastify/lib/symbols.js +3 -1
  598. package/node_modules/fastify/lib/validation.js +1 -13
  599. package/node_modules/fastify/lib/warnings.js +3 -3
  600. package/node_modules/fastify/package.json +13 -15
  601. package/node_modules/fastify/scripts/validate-ecosystem-links.js +1 -0
  602. package/node_modules/fastify/test/bundler/esbuild/package.json +1 -1
  603. package/node_modules/fastify/test/close-pipelining.test.js +1 -2
  604. package/node_modules/fastify/test/custom-http-server.test.js +38 -0
  605. package/node_modules/fastify/test/decorator-instance-properties.test.js +63 -0
  606. package/node_modules/fastify/test/diagnostics-channel/async-error-handler.test.js +74 -0
  607. package/node_modules/fastify/test/hooks.test.js +23 -0
  608. package/node_modules/fastify/test/http-methods/get.test.js +1 -1
  609. package/node_modules/fastify/test/http2/plain.test.js +135 -0
  610. package/node_modules/fastify/test/http2/secure-with-fallback.test.js +1 -1
  611. package/node_modules/fastify/test/https/https.test.js +1 -2
  612. package/node_modules/fastify/test/internals/errors.test.js +31 -1
  613. package/node_modules/fastify/test/internals/plugin.test.js +3 -1
  614. package/node_modules/fastify/test/internals/request.test.js +27 -3
  615. package/node_modules/fastify/test/internals/schema-controller-perf.test.js +33 -0
  616. package/node_modules/fastify/test/logger/logging.test.js +18 -1
  617. package/node_modules/fastify/test/logger/options.test.js +38 -1
  618. package/node_modules/fastify/test/reply-error.test.js +1 -1
  619. package/node_modules/fastify/test/reply-trailers.test.js +70 -0
  620. package/node_modules/fastify/test/request-media-type.test.js +105 -0
  621. package/node_modules/fastify/test/route-prefix.test.js +34 -0
  622. package/node_modules/fastify/test/router-options.test.js +222 -11
  623. package/node_modules/fastify/test/schema-serialization.test.js +108 -0
  624. package/node_modules/fastify/test/schema-validation.test.js +24 -0
  625. package/node_modules/fastify/test/scripts/validate-ecosystem-links.test.js +40 -57
  626. package/node_modules/fastify/test/throw.test.js +14 -0
  627. package/node_modules/fastify/test/trust-proxy.test.js +21 -0
  628. package/node_modules/fastify/test/types/content-type-parser.tst.ts +70 -0
  629. package/node_modules/fastify/test/types/decorate-request-reply.tst.ts +18 -0
  630. package/node_modules/fastify/test/types/dummy-plugin.mts +9 -0
  631. package/node_modules/fastify/test/types/errors.tst.ts +91 -0
  632. package/node_modules/fastify/test/types/fastify.tst.ts +351 -0
  633. package/node_modules/fastify/test/types/hooks.tst.ts +578 -0
  634. package/node_modules/fastify/test/types/instance.tst.ts +597 -0
  635. package/node_modules/fastify/test/types/logger.tst.ts +276 -0
  636. package/node_modules/fastify/test/types/plugin.tst.ts +96 -0
  637. package/node_modules/fastify/test/types/register.tst.ts +245 -0
  638. package/node_modules/fastify/test/types/reply.tst.ts +297 -0
  639. package/node_modules/fastify/test/types/request.tst.ts +199 -0
  640. package/node_modules/fastify/test/types/route.tst.ts +576 -0
  641. package/node_modules/fastify/test/types/schema.tst.ts +135 -0
  642. package/node_modules/fastify/test/types/serverFactory.tst.ts +37 -0
  643. package/node_modules/fastify/test/types/tsconfig.json +9 -0
  644. package/node_modules/fastify/test/types/type-provider.tst.ts +1219 -0
  645. package/node_modules/fastify/test/types/using.tst.ts +14 -0
  646. package/node_modules/fastify/types/errors.d.ts +3 -0
  647. package/node_modules/fastify/types/request.d.ts +23 -2
  648. package/node_modules/glob/README.md +39 -130
  649. package/node_modules/glob/dist/commonjs/glob.d.ts +8 -0
  650. package/node_modules/glob/dist/commonjs/glob.d.ts.map +1 -1
  651. package/node_modules/glob/dist/commonjs/glob.js +2 -1
  652. package/node_modules/glob/dist/commonjs/glob.js.map +1 -1
  653. package/node_modules/glob/dist/commonjs/index.min.js +4 -0
  654. package/node_modules/glob/dist/commonjs/index.min.js.map +7 -0
  655. package/node_modules/glob/dist/commonjs/pattern.d.ts +3 -0
  656. package/node_modules/glob/dist/commonjs/pattern.d.ts.map +1 -1
  657. package/node_modules/glob/dist/commonjs/pattern.js +4 -0
  658. package/node_modules/glob/dist/commonjs/pattern.js.map +1 -1
  659. package/node_modules/glob/dist/esm/glob.d.ts +8 -0
  660. package/node_modules/glob/dist/esm/glob.d.ts.map +1 -1
  661. package/node_modules/glob/dist/esm/glob.js +2 -1
  662. package/node_modules/glob/dist/esm/glob.js.map +1 -1
  663. package/node_modules/glob/dist/esm/index.min.js +4 -0
  664. package/node_modules/glob/dist/esm/index.min.js.map +7 -0
  665. package/node_modules/glob/dist/esm/pattern.d.ts +3 -0
  666. package/node_modules/glob/dist/esm/pattern.d.ts.map +1 -1
  667. package/node_modules/glob/dist/esm/pattern.js +4 -0
  668. package/node_modules/glob/dist/esm/pattern.js.map +1 -1
  669. package/node_modules/glob/package.json +38 -37
  670. package/node_modules/jishushell-panel/README.md +4 -4
  671. package/node_modules/jishushell-panel/output/dist/server.js +17 -6
  672. package/node_modules/jishushell-panel/output/dist/server.js.map +1 -1
  673. package/node_modules/jishushell-panel/output/public/assets/ApiKeyField-Ce5d1xna.js +1 -0
  674. package/node_modules/jishushell-panel/output/public/assets/Dashboard-BXame3yg.js +1 -0
  675. package/node_modules/jishushell-panel/output/public/assets/HermesChatPanel-BHZtPCJd.js +1 -0
  676. package/node_modules/jishushell-panel/output/public/assets/HermesConfigForm-CB3GbNX9.js +4 -0
  677. package/node_modules/jishushell-panel/output/public/assets/InitPassword-Boab9F6g.js +1 -0
  678. package/node_modules/jishushell-panel/output/public/assets/InstanceDetail-DrIWCqo-.js +14 -0
  679. package/node_modules/jishushell-panel/output/public/assets/Login-CzpOkNau.js +1 -0
  680. package/node_modules/jishushell-panel/output/public/assets/NewInstance-CANXyCcL.js +1 -0
  681. package/node_modules/jishushell-panel/output/public/assets/ProviderRecommendations-BABo9VOC.js +1 -0
  682. package/node_modules/jishushell-panel/output/public/assets/Settings-CKp5XxFh.js +1 -0
  683. package/node_modules/jishushell-panel/output/public/assets/Setup-C7xVDPow.js +1 -0
  684. package/node_modules/jishushell-panel/output/public/assets/WeixinLoginPanel-B765Xz4C.js +1 -0
  685. package/node_modules/jishushell-panel/output/public/assets/api-C70Gt678.js +4 -0
  686. package/node_modules/jishushell-panel/output/public/assets/index-Bs6DSbiR.js +23 -0
  687. package/node_modules/jishushell-panel/output/public/assets/index-DnnqTf7s.css +1 -0
  688. package/node_modules/jishushell-panel/output/public/assets/registry-sWIZsIEF.js +2 -0
  689. package/node_modules/jishushell-panel/output/public/assets/rolldown-runtime-QTnfLwEv.js +1 -0
  690. package/node_modules/jishushell-panel/output/public/assets/setup-task-q21GnI0E.js +1 -0
  691. package/node_modules/jishushell-panel/output/public/assets/usePolling-D4IDOQd_.js +1 -0
  692. package/node_modules/jishushell-panel/output/public/assets/vendor-i18n-Df8aUdv8.js +1 -0
  693. package/node_modules/jishushell-panel/output/public/assets/vendor-react-0L0rjmYG.js +8 -0
  694. package/node_modules/jishushell-panel/output/public/index.html +6 -4
  695. package/node_modules/jishushell-panel/package.json +2 -2
  696. package/node_modules/semver/classes/range.js +17 -4
  697. package/node_modules/semver/package.json +2 -2
  698. package/package.json +12 -64
  699. package/scripts/check-app-path-boundaries.mjs +121 -0
  700. package/scripts/check-app-spec.mjs +123 -29
  701. package/scripts/check-architecture-boundaries.mjs +178 -0
  702. package/scripts/check-colima-launchd.mjs +10 -8
  703. package/scripts/check-integration-isolation.ts +541 -0
  704. package/scripts/check-new-file-tests.mjs +11 -3
  705. package/scripts/check-open-core-boundaries.mjs +60 -10
  706. package/scripts/check-test-layering.sh +1 -1
  707. package/scripts/fixtures/instances/hermes-sample/instance.json +3 -2
  708. package/scripts/fixtures/instances/legacy-openclaw-sample/instance.json +1 -1
  709. package/scripts/local-web-upgrade-test.README +4 -3
  710. package/scripts/local-web-upgrade-test.example.env +2 -2
  711. package/scripts/local-web-upgrade-test.sh +14 -1
  712. package/scripts/pack-gui-and-send-pi.sh +43 -0
  713. package/scripts/perf/instances.js +1 -1
  714. package/scripts/prune-open-core-dist.mjs +89 -2
  715. package/scripts/smoke/hermes-bootstrap.sh +5 -5
  716. package/templates/hermes-entrypoint.sh +19 -29
  717. package/apps/openwebui-container.yaml +0 -97
  718. package/apps/playwright-container.yaml +0 -126
  719. package/dependencies/jishushell-panel-0.6.5.tgz +0 -0
  720. package/dist/crypto-shim.d.ts +0 -1
  721. package/dist/crypto-shim.js +0 -2
  722. package/dist/crypto-shim.js.map +0 -1
  723. package/dist/routes/agent-apps.d.ts +0 -14
  724. package/dist/routes/agent-apps.js +0 -77
  725. package/dist/routes/agent-apps.js.map +0 -1
  726. package/dist/routes/internal.d.ts +0 -2
  727. package/dist/routes/internal.js +0 -55
  728. package/dist/routes/internal.js.map +0 -1
  729. package/dist/routes/openclaw-routes.d.ts +0 -22
  730. package/dist/routes/openclaw-routes.js +0 -1020
  731. package/dist/routes/openclaw-routes.js.map +0 -1
  732. package/dist/routes/runtime.d.ts +0 -15
  733. package/dist/routes/runtime.js +0 -76
  734. package/dist/routes/runtime.js.map +0 -1
  735. package/dist/services/agent-apps/catalog.d.ts +0 -33
  736. package/dist/services/agent-apps/catalog.js +0 -88
  737. package/dist/services/agent-apps/catalog.js.map +0 -1
  738. package/dist/services/agent-apps/index.d.ts +0 -36
  739. package/dist/services/agent-apps/index.js +0 -171
  740. package/dist/services/agent-apps/index.js.map +0 -1
  741. package/dist/services/agent-apps/installers/adapter-probes.d.ts +0 -49
  742. package/dist/services/agent-apps/installers/adapter-probes.js +0 -230
  743. package/dist/services/agent-apps/installers/adapter-probes.js.map +0 -1
  744. package/dist/services/agent-apps/installers/adapter.d.ts +0 -30
  745. package/dist/services/agent-apps/installers/adapter.js +0 -171
  746. package/dist/services/agent-apps/installers/adapter.js.map +0 -1
  747. package/dist/services/agent-apps/installers/registry-probe.js.map +0 -1
  748. package/dist/services/agent-apps/installers/shell-script.d.ts +0 -47
  749. package/dist/services/agent-apps/installers/shell-script.js +0 -488
  750. package/dist/services/agent-apps/installers/shell-script.js.map +0 -1
  751. package/dist/services/agent-apps/types.d.ts +0 -128
  752. package/dist/services/agent-apps/types.js +0 -17
  753. package/dist/services/agent-apps/types.js.map +0 -1
  754. package/dist/services/app/app-compiler.js +0 -185
  755. package/dist/services/app/app-compiler.js.map +0 -1
  756. package/dist/services/app/app-manager.d.ts +0 -184
  757. package/dist/services/app/app-manager.js +0 -2933
  758. package/dist/services/app/app-manager.js.map +0 -1
  759. package/dist/services/app/custom-manager.d.ts +0 -27
  760. package/dist/services/app/custom-manager.js +0 -382
  761. package/dist/services/app/custom-manager.js.map +0 -1
  762. package/dist/services/app/hermes-agent-manager.d.ts +0 -20
  763. package/dist/services/app/hermes-agent-manager.js +0 -299
  764. package/dist/services/app/hermes-agent-manager.js.map +0 -1
  765. package/dist/services/app/id-normalizer.d.ts +0 -27
  766. package/dist/services/app/id-normalizer.js +0 -77
  767. package/dist/services/app/id-normalizer.js.map +0 -1
  768. package/dist/services/app/ollama-manager.d.ts +0 -18
  769. package/dist/services/app/ollama-manager.js +0 -224
  770. package/dist/services/app/ollama-manager.js.map +0 -1
  771. package/dist/services/app/openclaw-manager.d.ts +0 -63
  772. package/dist/services/app/openclaw-manager.js +0 -1215
  773. package/dist/services/app/openclaw-manager.js.map +0 -1
  774. package/dist/services/app/paths.d.ts +0 -27
  775. package/dist/services/app/paths.js +0 -40
  776. package/dist/services/app/paths.js.map +0 -1
  777. package/dist/services/app/platform-transform.d.ts +0 -32
  778. package/dist/services/app/platform-transform.js +0 -65
  779. package/dist/services/app/platform-transform.js.map +0 -1
  780. package/dist/services/app/provide-resolver.d.ts +0 -29
  781. package/dist/services/app/provide-resolver.js +0 -135
  782. package/dist/services/app/provide-resolver.js.map +0 -1
  783. package/dist/services/app/registry.d.ts +0 -17
  784. package/dist/services/app/registry.js +0 -31
  785. package/dist/services/app/registry.js.map +0 -1
  786. package/dist/services/app/remote-spec.d.ts +0 -14
  787. package/dist/services/app/remote-spec.js +0 -58
  788. package/dist/services/app/remote-spec.js.map +0 -1
  789. package/dist/services/app/terminal-session-manager.js +0 -157
  790. package/dist/services/app/terminal-session-manager.js.map +0 -1
  791. package/dist/services/app/types.d.ts +0 -74
  792. package/dist/services/app/types.js +0 -16
  793. package/dist/services/app/types.js.map +0 -1
  794. package/dist/services/app-config-admin.d.ts +0 -17
  795. package/dist/services/app-config-admin.js +0 -177
  796. package/dist/services/app-config-admin.js.map +0 -1
  797. package/dist/services/app-create-from-installed.d.ts +0 -23
  798. package/dist/services/app-create-from-installed.js +0 -75
  799. package/dist/services/app-create-from-installed.js.map +0 -1
  800. package/dist/services/app-passwords.js +0 -173
  801. package/dist/services/app-passwords.js.map +0 -1
  802. package/dist/services/backup-admin.d.ts +0 -101
  803. package/dist/services/backup-admin.js +0 -259
  804. package/dist/services/backup-admin.js.map +0 -1
  805. package/dist/services/backup-manager.d.ts +0 -264
  806. package/dist/services/backup-manager.js +0 -2263
  807. package/dist/services/backup-manager.js.map +0 -1
  808. package/dist/services/backup-verify.js +0 -240
  809. package/dist/services/backup-verify.js.map +0 -1
  810. package/dist/services/capability-endpoint-validator.d.ts +0 -41
  811. package/dist/services/capability-endpoint-validator.js +0 -114
  812. package/dist/services/capability-endpoint-validator.js.map +0 -1
  813. package/dist/services/capability-health.d.ts +0 -16
  814. package/dist/services/capability-health.js +0 -121
  815. package/dist/services/capability-health.js.map +0 -1
  816. package/dist/services/capability-registry.d.ts +0 -29
  817. package/dist/services/capability-registry.js +0 -176
  818. package/dist/services/capability-registry.js.map +0 -1
  819. package/dist/services/capability-sync.d.ts +0 -4
  820. package/dist/services/capability-sync.js +0 -220
  821. package/dist/services/capability-sync.js.map +0 -1
  822. package/dist/services/connection-admin.d.ts +0 -74
  823. package/dist/services/connection-admin.js +0 -287
  824. package/dist/services/connection-admin.js.map +0 -1
  825. package/dist/services/connection-apply.d.ts +0 -91
  826. package/dist/services/connection-apply.js +0 -471
  827. package/dist/services/connection-apply.js.map +0 -1
  828. package/dist/services/connection-resolver.d.ts +0 -65
  829. package/dist/services/connection-resolver.js +0 -281
  830. package/dist/services/connection-resolver.js.map +0 -1
  831. package/dist/services/connection-transactor.d.ts +0 -39
  832. package/dist/services/connection-transactor.js +0 -354
  833. package/dist/services/connection-transactor.js.map +0 -1
  834. package/dist/services/core-manager.d.ts +0 -50
  835. package/dist/services/core-manager.js +0 -411
  836. package/dist/services/core-manager.js.map +0 -1
  837. package/dist/services/external-mounts.js +0 -187
  838. package/dist/services/external-mounts.js.map +0 -1
  839. package/dist/services/files-manager.d.ts +0 -252
  840. package/dist/services/files-manager.js +0 -1156
  841. package/dist/services/files-manager.js.map +0 -1
  842. package/dist/services/files-mounts.d.ts +0 -42
  843. package/dist/services/files-mounts.js +0 -207
  844. package/dist/services/files-mounts.js.map +0 -1
  845. package/dist/services/instance-admin.d.ts +0 -26
  846. package/dist/services/instance-admin.js +0 -218
  847. package/dist/services/instance-admin.js.map +0 -1
  848. package/dist/services/instance-manager.d.ts +0 -192
  849. package/dist/services/instance-manager.js +0 -1289
  850. package/dist/services/instance-manager.js.map +0 -1
  851. package/dist/services/macos-launchd.js +0 -312
  852. package/dist/services/macos-launchd.js.map +0 -1
  853. package/dist/services/nomad-manager.d.ts +0 -307
  854. package/dist/services/nomad-manager.js +0 -3958
  855. package/dist/services/nomad-manager.js.map +0 -1
  856. package/dist/services/organize/applier.js +0 -218
  857. package/dist/services/organize/applier.js.map +0 -1
  858. package/dist/services/organize/rules.js +0 -286
  859. package/dist/services/organize/rules.js.map +0 -1
  860. package/dist/services/organize/scanner.js +0 -366
  861. package/dist/services/organize/scanner.js.map +0 -1
  862. package/dist/services/organize/store.js +0 -82
  863. package/dist/services/organize/store.js.map +0 -1
  864. package/dist/services/plugin-installer.js +0 -128
  865. package/dist/services/plugin-installer.js.map +0 -1
  866. package/dist/services/process-manager.d.ts +0 -25
  867. package/dist/services/process-manager.js +0 -568
  868. package/dist/services/process-manager.js.map +0 -1
  869. package/dist/services/runtime/adapters/custom.d.ts +0 -20
  870. package/dist/services/runtime/adapters/custom.js +0 -188
  871. package/dist/services/runtime/adapters/custom.js.map +0 -1
  872. package/dist/services/runtime/adapters/hermes.d.ts +0 -204
  873. package/dist/services/runtime/adapters/hermes.js +0 -1684
  874. package/dist/services/runtime/adapters/hermes.js.map +0 -1
  875. package/dist/services/runtime/adapters/openclaw-mcporter.d.ts +0 -45
  876. package/dist/services/runtime/adapters/openclaw-mcporter.js +0 -108
  877. package/dist/services/runtime/adapters/openclaw-mcporter.js.map +0 -1
  878. package/dist/services/runtime/adapters/openclaw.d.ts +0 -426
  879. package/dist/services/runtime/adapters/openclaw.js +0 -3975
  880. package/dist/services/runtime/adapters/openclaw.js.map +0 -1
  881. package/dist/services/runtime/index.d.ts +0 -34
  882. package/dist/services/runtime/index.js +0 -51
  883. package/dist/services/runtime/index.js.map +0 -1
  884. package/dist/services/runtime/mcp-shims/anythingllm-shim.d.ts +0 -46
  885. package/dist/services/runtime/mcp-shims/anythingllm-shim.js +0 -281
  886. package/dist/services/runtime/mcp-shims/anythingllm-shim.js.map +0 -1
  887. package/dist/services/runtime/mcp-shims/drive-shim.js +0 -490
  888. package/dist/services/runtime/mcp-shims/drive-shim.js.map +0 -1
  889. package/dist/services/runtime/mcp-shims/jishukb-shim.d.ts +0 -48
  890. package/dist/services/runtime/mcp-shims/jishukb-shim.js +0 -723
  891. package/dist/services/runtime/mcp-shims/jishukb-shim.js.map +0 -1
  892. package/dist/services/runtime/mcp-shims/mcporter-lite.js +0 -276
  893. package/dist/services/runtime/mcp-shims/mcporter-lite.js.map +0 -1
  894. package/dist/services/runtime/migrations.d.ts +0 -23
  895. package/dist/services/runtime/migrations.js +0 -125
  896. package/dist/services/runtime/migrations.js.map +0 -1
  897. package/dist/services/runtime/registry.d.ts +0 -13
  898. package/dist/services/runtime/registry.js +0 -32
  899. package/dist/services/runtime/registry.js.map +0 -1
  900. package/dist/services/runtime-identity.d.ts +0 -13
  901. package/dist/services/runtime-identity.js +0 -166
  902. package/dist/services/runtime-identity.js.map +0 -1
  903. package/dist/services/runtime-repair.d.ts +0 -52
  904. package/dist/services/runtime-repair.js +0 -352
  905. package/dist/services/runtime-repair.js.map +0 -1
  906. package/dist/services/setup-manager.d.ts +0 -158
  907. package/dist/services/setup-manager.js +0 -2740
  908. package/dist/services/setup-manager.js.map +0 -1
  909. package/dist/services/suggestions.d.ts +0 -27
  910. package/dist/services/suggestions.js +0 -133
  911. package/dist/services/suggestions.js.map +0 -1
  912. package/dist/services/system-monitor.js +0 -79
  913. package/dist/services/system-monitor.js.map +0 -1
  914. package/dist/services/system-ollama-provider.d.ts +0 -14
  915. package/dist/services/system-ollama-provider.js +0 -125
  916. package/dist/services/system-ollama-provider.js.map +0 -1
  917. package/dist/services/system-reconciler.d.ts +0 -72
  918. package/dist/services/system-reconciler.js +0 -600
  919. package/dist/services/system-reconciler.js.map +0 -1
  920. package/dist/services/task-registry.d.ts +0 -44
  921. package/dist/services/task-registry.js +0 -76
  922. package/dist/services/task-registry.js.map +0 -1
  923. package/dist/services/types-shim.d.ts +0 -16
  924. package/dist/services/types-shim.js +0 -2
  925. package/dist/services/types-shim.js.map +0 -1
  926. package/dist/services/update-manager.d.ts +0 -47
  927. package/dist/services/update-manager.js +0 -351
  928. package/dist/services/update-manager.js.map +0 -1
  929. package/dist/services/webdav/server.d.ts +0 -24
  930. package/dist/services/webdav/server.js +0 -420
  931. package/dist/services/webdav/server.js.map +0 -1
  932. package/dist/services/webdav/xml-builder.js.map +0 -1
  933. package/dist/services/workspace-builder.d.ts +0 -29
  934. package/dist/services/workspace-builder.js +0 -188
  935. package/dist/services/workspace-builder.js.map +0 -1
  936. package/node_modules/@fastify/static/.github/stale.yml +0 -21
  937. package/node_modules/@isaacs/cliui/LICENSE.md +0 -63
  938. package/node_modules/@isaacs/cliui/README.md +0 -151
  939. package/node_modules/@isaacs/cliui/dist/commonjs/ansi-regex/index.d.ts +0 -4
  940. package/node_modules/@isaacs/cliui/dist/commonjs/ansi-regex/index.d.ts.map +0 -1
  941. package/node_modules/@isaacs/cliui/dist/commonjs/ansi-regex/index.js +0 -16
  942. package/node_modules/@isaacs/cliui/dist/commonjs/ansi-regex/index.js.map +0 -1
  943. package/node_modules/@isaacs/cliui/dist/commonjs/ansi-styles/index.d.ts +0 -34
  944. package/node_modules/@isaacs/cliui/dist/commonjs/ansi-styles/index.d.ts.map +0 -1
  945. package/node_modules/@isaacs/cliui/dist/commonjs/ansi-styles/index.js +0 -170
  946. package/node_modules/@isaacs/cliui/dist/commonjs/ansi-styles/index.js.map +0 -1
  947. package/node_modules/@isaacs/cliui/dist/commonjs/eastasianwidth/index.d.ts +0 -6
  948. package/node_modules/@isaacs/cliui/dist/commonjs/eastasianwidth/index.d.ts.map +0 -1
  949. package/node_modules/@isaacs/cliui/dist/commonjs/eastasianwidth/index.js +0 -307
  950. package/node_modules/@isaacs/cliui/dist/commonjs/eastasianwidth/index.js.map +0 -1
  951. package/node_modules/@isaacs/cliui/dist/commonjs/emoji-regex/index.d.ts +0 -2
  952. package/node_modules/@isaacs/cliui/dist/commonjs/emoji-regex/index.d.ts.map +0 -1
  953. package/node_modules/@isaacs/cliui/dist/commonjs/emoji-regex/index.js +0 -7
  954. package/node_modules/@isaacs/cliui/dist/commonjs/emoji-regex/index.js.map +0 -1
  955. package/node_modules/@isaacs/cliui/dist/commonjs/index.d.ts +0 -41
  956. package/node_modules/@isaacs/cliui/dist/commonjs/index.d.ts.map +0 -1
  957. package/node_modules/@isaacs/cliui/dist/commonjs/index.js +0 -322
  958. package/node_modules/@isaacs/cliui/dist/commonjs/index.js.map +0 -1
  959. package/node_modules/@isaacs/cliui/dist/commonjs/index.min.js +0 -12
  960. package/node_modules/@isaacs/cliui/dist/commonjs/index.min.js.map +0 -7
  961. package/node_modules/@isaacs/cliui/dist/commonjs/package.json +0 -3
  962. package/node_modules/@isaacs/cliui/dist/commonjs/string-width/index.d.ts +0 -5
  963. package/node_modules/@isaacs/cliui/dist/commonjs/string-width/index.d.ts.map +0 -1
  964. package/node_modules/@isaacs/cliui/dist/commonjs/string-width/index.js +0 -49
  965. package/node_modules/@isaacs/cliui/dist/commonjs/string-width/index.js.map +0 -1
  966. package/node_modules/@isaacs/cliui/dist/commonjs/strip-ansi/index.d.ts +0 -2
  967. package/node_modules/@isaacs/cliui/dist/commonjs/strip-ansi/index.d.ts.map +0 -1
  968. package/node_modules/@isaacs/cliui/dist/commonjs/strip-ansi/index.js +0 -8
  969. package/node_modules/@isaacs/cliui/dist/commonjs/strip-ansi/index.js.map +0 -1
  970. package/node_modules/@isaacs/cliui/dist/commonjs/wrap-ansi/index.d.ts +0 -7
  971. package/node_modules/@isaacs/cliui/dist/commonjs/wrap-ansi/index.d.ts.map +0 -1
  972. package/node_modules/@isaacs/cliui/dist/commonjs/wrap-ansi/index.js +0 -176
  973. package/node_modules/@isaacs/cliui/dist/commonjs/wrap-ansi/index.js.map +0 -1
  974. package/node_modules/@isaacs/cliui/dist/esm/ansi-regex/index.d.ts +0 -4
  975. package/node_modules/@isaacs/cliui/dist/esm/ansi-regex/index.d.ts.map +0 -1
  976. package/node_modules/@isaacs/cliui/dist/esm/ansi-regex/index.js +0 -12
  977. package/node_modules/@isaacs/cliui/dist/esm/ansi-regex/index.js.map +0 -1
  978. package/node_modules/@isaacs/cliui/dist/esm/ansi-styles/index.d.ts +0 -34
  979. package/node_modules/@isaacs/cliui/dist/esm/ansi-styles/index.d.ts.map +0 -1
  980. package/node_modules/@isaacs/cliui/dist/esm/ansi-styles/index.js +0 -167
  981. package/node_modules/@isaacs/cliui/dist/esm/ansi-styles/index.js.map +0 -1
  982. package/node_modules/@isaacs/cliui/dist/esm/eastasianwidth/index.d.ts +0 -6
  983. package/node_modules/@isaacs/cliui/dist/esm/eastasianwidth/index.d.ts.map +0 -1
  984. package/node_modules/@isaacs/cliui/dist/esm/eastasianwidth/index.js +0 -299
  985. package/node_modules/@isaacs/cliui/dist/esm/eastasianwidth/index.js.map +0 -1
  986. package/node_modules/@isaacs/cliui/dist/esm/emoji-regex/index.d.ts +0 -2
  987. package/node_modules/@isaacs/cliui/dist/esm/emoji-regex/index.d.ts.map +0 -1
  988. package/node_modules/@isaacs/cliui/dist/esm/emoji-regex/index.js +0 -3
  989. package/node_modules/@isaacs/cliui/dist/esm/emoji-regex/index.js.map +0 -1
  990. package/node_modules/@isaacs/cliui/dist/esm/index.d.ts +0 -41
  991. package/node_modules/@isaacs/cliui/dist/esm/index.d.ts.map +0 -1
  992. package/node_modules/@isaacs/cliui/dist/esm/index.js +0 -317
  993. package/node_modules/@isaacs/cliui/dist/esm/index.js.map +0 -1
  994. package/node_modules/@isaacs/cliui/dist/esm/index.min.js +0 -12
  995. package/node_modules/@isaacs/cliui/dist/esm/index.min.js.map +0 -7
  996. package/node_modules/@isaacs/cliui/dist/esm/package.json +0 -3
  997. package/node_modules/@isaacs/cliui/dist/esm/string-width/index.d.ts +0 -5
  998. package/node_modules/@isaacs/cliui/dist/esm/string-width/index.d.ts.map +0 -1
  999. package/node_modules/@isaacs/cliui/dist/esm/string-width/index.js +0 -46
  1000. package/node_modules/@isaacs/cliui/dist/esm/string-width/index.js.map +0 -1
  1001. package/node_modules/@isaacs/cliui/dist/esm/strip-ansi/index.d.ts +0 -2
  1002. package/node_modules/@isaacs/cliui/dist/esm/strip-ansi/index.d.ts.map +0 -1
  1003. package/node_modules/@isaacs/cliui/dist/esm/strip-ansi/index.js +0 -4
  1004. package/node_modules/@isaacs/cliui/dist/esm/strip-ansi/index.js.map +0 -1
  1005. package/node_modules/@isaacs/cliui/dist/esm/wrap-ansi/index.d.ts +0 -7
  1006. package/node_modules/@isaacs/cliui/dist/esm/wrap-ansi/index.d.ts.map +0 -1
  1007. package/node_modules/@isaacs/cliui/dist/esm/wrap-ansi/index.js +0 -172
  1008. package/node_modules/@isaacs/cliui/dist/esm/wrap-ansi/index.js.map +0 -1
  1009. package/node_modules/@isaacs/cliui/package.json +0 -163
  1010. package/node_modules/content-disposition/HISTORY.md +0 -60
  1011. package/node_modules/cross-spawn/LICENSE +0 -21
  1012. package/node_modules/cross-spawn/README.md +0 -89
  1013. package/node_modules/cross-spawn/index.js +0 -39
  1014. package/node_modules/cross-spawn/lib/enoent.js +0 -59
  1015. package/node_modules/cross-spawn/lib/parse.js +0 -91
  1016. package/node_modules/cross-spawn/lib/util/escape.js +0 -47
  1017. package/node_modules/cross-spawn/lib/util/readShebang.js +0 -23
  1018. package/node_modules/cross-spawn/lib/util/resolveCommand.js +0 -52
  1019. package/node_modules/cross-spawn/package.json +0 -73
  1020. package/node_modules/fastify/test/types/content-type-parser.test-d.ts +0 -72
  1021. package/node_modules/fastify/test/types/decorate-request-reply.test-d.ts +0 -18
  1022. package/node_modules/fastify/test/types/dummy-plugin.ts +0 -9
  1023. package/node_modules/fastify/test/types/errors.test-d.ts +0 -90
  1024. package/node_modules/fastify/test/types/fastify.test-d.ts +0 -352
  1025. package/node_modules/fastify/test/types/hooks.test-d.ts +0 -550
  1026. package/node_modules/fastify/test/types/import.ts +0 -2
  1027. package/node_modules/fastify/test/types/instance.test-d.ts +0 -588
  1028. package/node_modules/fastify/test/types/logger.test-d.ts +0 -277
  1029. package/node_modules/fastify/test/types/plugin.test-d.ts +0 -97
  1030. package/node_modules/fastify/test/types/register.test-d.ts +0 -237
  1031. package/node_modules/fastify/test/types/reply.test-d.ts +0 -254
  1032. package/node_modules/fastify/test/types/request.test-d.ts +0 -188
  1033. package/node_modules/fastify/test/types/route.test-d.ts +0 -553
  1034. package/node_modules/fastify/test/types/schema.test-d.ts +0 -135
  1035. package/node_modules/fastify/test/types/serverFactory.test-d.ts +0 -37
  1036. package/node_modules/fastify/test/types/type-provider.test-d.ts +0 -1213
  1037. package/node_modules/fastify/test/types/using.test-d.ts +0 -17
  1038. package/node_modules/foreground-child/LICENSE +0 -15
  1039. package/node_modules/foreground-child/README.md +0 -128
  1040. package/node_modules/foreground-child/dist/commonjs/all-signals.d.ts +0 -2
  1041. package/node_modules/foreground-child/dist/commonjs/all-signals.d.ts.map +0 -1
  1042. package/node_modules/foreground-child/dist/commonjs/all-signals.js +0 -58
  1043. package/node_modules/foreground-child/dist/commonjs/all-signals.js.map +0 -1
  1044. package/node_modules/foreground-child/dist/commonjs/index.d.ts +0 -58
  1045. package/node_modules/foreground-child/dist/commonjs/index.d.ts.map +0 -1
  1046. package/node_modules/foreground-child/dist/commonjs/index.js +0 -123
  1047. package/node_modules/foreground-child/dist/commonjs/index.js.map +0 -1
  1048. package/node_modules/foreground-child/dist/commonjs/package.json +0 -3
  1049. package/node_modules/foreground-child/dist/commonjs/proxy-signals.d.ts +0 -6
  1050. package/node_modules/foreground-child/dist/commonjs/proxy-signals.d.ts.map +0 -1
  1051. package/node_modules/foreground-child/dist/commonjs/proxy-signals.js +0 -38
  1052. package/node_modules/foreground-child/dist/commonjs/proxy-signals.js.map +0 -1
  1053. package/node_modules/foreground-child/dist/commonjs/watchdog.d.ts +0 -10
  1054. package/node_modules/foreground-child/dist/commonjs/watchdog.d.ts.map +0 -1
  1055. package/node_modules/foreground-child/dist/commonjs/watchdog.js +0 -50
  1056. package/node_modules/foreground-child/dist/commonjs/watchdog.js.map +0 -1
  1057. package/node_modules/foreground-child/dist/esm/all-signals.d.ts +0 -2
  1058. package/node_modules/foreground-child/dist/esm/all-signals.d.ts.map +0 -1
  1059. package/node_modules/foreground-child/dist/esm/all-signals.js +0 -52
  1060. package/node_modules/foreground-child/dist/esm/all-signals.js.map +0 -1
  1061. package/node_modules/foreground-child/dist/esm/index.d.ts +0 -58
  1062. package/node_modules/foreground-child/dist/esm/index.d.ts.map +0 -1
  1063. package/node_modules/foreground-child/dist/esm/index.js +0 -115
  1064. package/node_modules/foreground-child/dist/esm/index.js.map +0 -1
  1065. package/node_modules/foreground-child/dist/esm/package.json +0 -3
  1066. package/node_modules/foreground-child/dist/esm/proxy-signals.d.ts +0 -6
  1067. package/node_modules/foreground-child/dist/esm/proxy-signals.d.ts.map +0 -1
  1068. package/node_modules/foreground-child/dist/esm/proxy-signals.js +0 -34
  1069. package/node_modules/foreground-child/dist/esm/proxy-signals.js.map +0 -1
  1070. package/node_modules/foreground-child/dist/esm/watchdog.d.ts +0 -10
  1071. package/node_modules/foreground-child/dist/esm/watchdog.d.ts.map +0 -1
  1072. package/node_modules/foreground-child/dist/esm/watchdog.js +0 -46
  1073. package/node_modules/foreground-child/dist/esm/watchdog.js.map +0 -1
  1074. package/node_modules/foreground-child/package.json +0 -106
  1075. package/node_modules/glob/dist/esm/bin.d.mts +0 -3
  1076. package/node_modules/glob/dist/esm/bin.d.mts.map +0 -1
  1077. package/node_modules/glob/dist/esm/bin.mjs +0 -346
  1078. package/node_modules/glob/dist/esm/bin.mjs.map +0 -1
  1079. package/node_modules/isexe/.npmignore +0 -2
  1080. package/node_modules/isexe/LICENSE +0 -15
  1081. package/node_modules/isexe/README.md +0 -51
  1082. package/node_modules/isexe/index.js +0 -57
  1083. package/node_modules/isexe/mode.js +0 -41
  1084. package/node_modules/isexe/package.json +0 -31
  1085. package/node_modules/isexe/test/basic.js +0 -221
  1086. package/node_modules/isexe/windows.js +0 -42
  1087. package/node_modules/jackspeak/LICENSE.md +0 -55
  1088. package/node_modules/jackspeak/README.md +0 -394
  1089. package/node_modules/jackspeak/dist/commonjs/index.d.ts +0 -323
  1090. package/node_modules/jackspeak/dist/commonjs/index.d.ts.map +0 -1
  1091. package/node_modules/jackspeak/dist/commonjs/index.js +0 -944
  1092. package/node_modules/jackspeak/dist/commonjs/index.js.map +0 -1
  1093. package/node_modules/jackspeak/dist/commonjs/index.min.js +0 -33
  1094. package/node_modules/jackspeak/dist/commonjs/index.min.js.map +0 -7
  1095. package/node_modules/jackspeak/dist/commonjs/package.json +0 -3
  1096. package/node_modules/jackspeak/dist/esm/index.d.ts +0 -323
  1097. package/node_modules/jackspeak/dist/esm/index.d.ts.map +0 -1
  1098. package/node_modules/jackspeak/dist/esm/index.js +0 -936
  1099. package/node_modules/jackspeak/dist/esm/index.js.map +0 -1
  1100. package/node_modules/jackspeak/dist/esm/index.min.js +0 -33
  1101. package/node_modules/jackspeak/dist/esm/index.min.js.map +0 -7
  1102. package/node_modules/jackspeak/dist/esm/package.json +0 -3
  1103. package/node_modules/jackspeak/package.json +0 -115
  1104. package/node_modules/jishushell-panel/output/public/assets/ApiKeyField-D1i7zWXR.js +0 -1
  1105. package/node_modules/jishushell-panel/output/public/assets/Dashboard-sWIvL43F.js +0 -1
  1106. package/node_modules/jishushell-panel/output/public/assets/HermesChatPanel-DQ8RyvQY.js +0 -1
  1107. package/node_modules/jishushell-panel/output/public/assets/HermesConfigForm-tIbPP1sB.js +0 -4
  1108. package/node_modules/jishushell-panel/output/public/assets/InitPassword-C3Slq3Dd.js +0 -1
  1109. package/node_modules/jishushell-panel/output/public/assets/InstanceDetail-7JqY9tq4.js +0 -92
  1110. package/node_modules/jishushell-panel/output/public/assets/Login-BXLDJlQN.js +0 -1
  1111. package/node_modules/jishushell-panel/output/public/assets/NewInstance-dLc5Xrpx.js +0 -1
  1112. package/node_modules/jishushell-panel/output/public/assets/ProviderRecommendations-DIAXxesl.js +0 -1
  1113. package/node_modules/jishushell-panel/output/public/assets/Settings-Bd5utbBh.js +0 -1
  1114. package/node_modules/jishushell-panel/output/public/assets/Setup-Yn9_20FL.js +0 -1
  1115. package/node_modules/jishushell-panel/output/public/assets/WeixinLoginPanel-C21doQTJ.js +0 -9
  1116. package/node_modules/jishushell-panel/output/public/assets/index-CCkaIEjn.js +0 -20
  1117. package/node_modules/jishushell-panel/output/public/assets/index-D7qxy-Vh.css +0 -1
  1118. package/node_modules/jishushell-panel/output/public/assets/registry-B2ZQZXWL.js +0 -2
  1119. package/node_modules/jishushell-panel/output/public/assets/usePolling-BFZm4do_.js +0 -1
  1120. package/node_modules/jishushell-panel/output/public/assets/vendor-i18n-DqPtOicc.js +0 -9
  1121. package/node_modules/jishushell-panel/output/public/assets/vendor-react-DW5juQin.js +0 -59
  1122. package/node_modules/package-json-from-dist/LICENSE.md +0 -63
  1123. package/node_modules/package-json-from-dist/README.md +0 -110
  1124. package/node_modules/package-json-from-dist/dist/commonjs/index.d.ts +0 -89
  1125. package/node_modules/package-json-from-dist/dist/commonjs/index.d.ts.map +0 -1
  1126. package/node_modules/package-json-from-dist/dist/commonjs/index.js +0 -134
  1127. package/node_modules/package-json-from-dist/dist/commonjs/index.js.map +0 -1
  1128. package/node_modules/package-json-from-dist/dist/commonjs/package.json +0 -3
  1129. package/node_modules/package-json-from-dist/dist/esm/index.d.ts +0 -89
  1130. package/node_modules/package-json-from-dist/dist/esm/index.d.ts.map +0 -1
  1131. package/node_modules/package-json-from-dist/dist/esm/index.js +0 -129
  1132. package/node_modules/package-json-from-dist/dist/esm/index.js.map +0 -1
  1133. package/node_modules/package-json-from-dist/dist/esm/package.json +0 -3
  1134. package/node_modules/package-json-from-dist/package.json +0 -68
  1135. package/node_modules/path-key/index.d.ts +0 -40
  1136. package/node_modules/path-key/index.js +0 -16
  1137. package/node_modules/path-key/license +0 -9
  1138. package/node_modules/path-key/package.json +0 -39
  1139. package/node_modules/path-key/readme.md +0 -61
  1140. package/node_modules/safe-buffer/LICENSE +0 -21
  1141. package/node_modules/safe-buffer/README.md +0 -584
  1142. package/node_modules/safe-buffer/index.d.ts +0 -187
  1143. package/node_modules/safe-buffer/index.js +0 -65
  1144. package/node_modules/safe-buffer/package.json +0 -51
  1145. package/node_modules/shebang-command/index.js +0 -19
  1146. package/node_modules/shebang-command/license +0 -9
  1147. package/node_modules/shebang-command/package.json +0 -34
  1148. package/node_modules/shebang-command/readme.md +0 -34
  1149. package/node_modules/shebang-regex/index.d.ts +0 -22
  1150. package/node_modules/shebang-regex/index.js +0 -2
  1151. package/node_modules/shebang-regex/license +0 -9
  1152. package/node_modules/shebang-regex/package.json +0 -35
  1153. package/node_modules/shebang-regex/readme.md +0 -33
  1154. package/node_modules/signal-exit/LICENSE.txt +0 -16
  1155. package/node_modules/signal-exit/README.md +0 -74
  1156. package/node_modules/signal-exit/dist/cjs/browser.d.ts +0 -12
  1157. package/node_modules/signal-exit/dist/cjs/browser.d.ts.map +0 -1
  1158. package/node_modules/signal-exit/dist/cjs/browser.js +0 -10
  1159. package/node_modules/signal-exit/dist/cjs/browser.js.map +0 -1
  1160. package/node_modules/signal-exit/dist/cjs/index.d.ts +0 -48
  1161. package/node_modules/signal-exit/dist/cjs/index.d.ts.map +0 -1
  1162. package/node_modules/signal-exit/dist/cjs/index.js +0 -279
  1163. package/node_modules/signal-exit/dist/cjs/index.js.map +0 -1
  1164. package/node_modules/signal-exit/dist/cjs/package.json +0 -3
  1165. package/node_modules/signal-exit/dist/cjs/signals.d.ts +0 -29
  1166. package/node_modules/signal-exit/dist/cjs/signals.d.ts.map +0 -1
  1167. package/node_modules/signal-exit/dist/cjs/signals.js +0 -42
  1168. package/node_modules/signal-exit/dist/cjs/signals.js.map +0 -1
  1169. package/node_modules/signal-exit/dist/mjs/browser.d.ts +0 -12
  1170. package/node_modules/signal-exit/dist/mjs/browser.d.ts.map +0 -1
  1171. package/node_modules/signal-exit/dist/mjs/browser.js +0 -4
  1172. package/node_modules/signal-exit/dist/mjs/browser.js.map +0 -1
  1173. package/node_modules/signal-exit/dist/mjs/index.d.ts +0 -48
  1174. package/node_modules/signal-exit/dist/mjs/index.d.ts.map +0 -1
  1175. package/node_modules/signal-exit/dist/mjs/index.js +0 -275
  1176. package/node_modules/signal-exit/dist/mjs/index.js.map +0 -1
  1177. package/node_modules/signal-exit/dist/mjs/package.json +0 -3
  1178. package/node_modules/signal-exit/dist/mjs/signals.d.ts +0 -29
  1179. package/node_modules/signal-exit/dist/mjs/signals.d.ts.map +0 -1
  1180. package/node_modules/signal-exit/dist/mjs/signals.js +0 -39
  1181. package/node_modules/signal-exit/dist/mjs/signals.js.map +0 -1
  1182. package/node_modules/signal-exit/package.json +0 -106
  1183. package/node_modules/which/CHANGELOG.md +0 -166
  1184. package/node_modules/which/LICENSE +0 -15
  1185. package/node_modules/which/README.md +0 -54
  1186. package/node_modules/which/bin/node-which +0 -52
  1187. package/node_modules/which/package.json +0 -43
  1188. package/node_modules/which/which.js +0 -125
  1189. package/scripts/check-adapter-isolation.ts +0 -293
  1190. /package/dist/services/{app → app-common}/app-compiler.d.ts +0 -0
  1191. /package/dist/services/{app → app-common}/terminal-session-manager.d.ts +0 -0
  1192. /package/dist/services/{backup-verify.d.ts → backup/backup-verify.d.ts} +0 -0
  1193. /package/dist/services/{external-mounts.d.ts → files/external-mounts.d.ts} +0 -0
  1194. /package/dist/services/{organize → files/organize}/applier.d.ts +0 -0
  1195. /package/dist/services/{organize → files/organize}/rules.d.ts +0 -0
  1196. /package/dist/services/{organize → files/organize}/scanner.d.ts +0 -0
  1197. /package/dist/services/{organize → files/organize}/store.d.ts +0 -0
  1198. /package/dist/services/{webdav → files/webdav}/xml-builder.d.ts +0 -0
  1199. /package/dist/services/{webdav → files/webdav}/xml-builder.js +0 -0
  1200. /package/dist/services/{app-passwords.d.ts → instances/passwords.d.ts} +0 -0
  1201. /package/dist/services/{agent-apps → integrations/installable}/installers/registry-probe.d.ts +0 -0
  1202. /package/dist/services/{agent-apps → integrations/installable}/installers/registry-probe.js +0 -0
  1203. /package/dist/services/{runtime/mcp-shims → integrations/openclaw}/drive-shim.d.ts +0 -0
  1204. /package/dist/services/{runtime/mcp-shims → integrations/openclaw}/mcporter-lite.d.ts +0 -0
  1205. /package/dist/services/{plugin-installer.d.ts → setup/plugin-installer.d.ts} +0 -0
  1206. /package/dist/services/{macos-launchd.d.ts → system/macos-launchd.d.ts} +0 -0
  1207. /package/dist/services/{system-monitor.d.ts → system/system-monitor.d.ts} +0 -0
@@ -1,1684 +0,0 @@
1
- /**
2
- * HermesAdapter — first non-OpenClaw runtime adapter.
3
- *
4
- * Design: docs/multi-agent-runtime-generalization-plan.md §11, §28, §32.
5
- *
6
- * MVP scope (§32.3):
7
- * - Only create / buildRuntime / getRuntimeVersion are wired up.
8
- * - Baseline image mode only. Overlay upgrade CLI is deferred.
9
- * - Assumes core.json.runtime_catalog.hermes has been populated by
10
- * setup-manager.installHermes(): defaultImage (+ optional defaultImageDigest),
11
- * shimPath, resources, homeDirName.
12
- */
13
- import { execFileSync } from "child_process";
14
- import { createRequire } from "node:module";
15
- import { chmodSync, chownSync, existsSync, mkdirSync, readFileSync, readdirSync, statSync, writeFileSync } from "fs";
16
- import { randomBytes } from "crypto";
17
- import { dirname, join } from "path";
18
- import { getCoreConfig, getRuntimeCatalogEntry, setRuntimeCatalogEntry, HERMES_DEFAULT_IMAGE, getMaxAppMemoryMB, } from "../../../config.js";
19
- import { ensureDirContainer, writeConfigFile, writeSecretFile, } from "../../../utils/fs.js";
20
- import { safeWriteJson } from "../../../utils/safe-json.js";
21
- import { ensureInstanceProxyToken } from "../../llm-proxy/instance-proxy.js";
22
- import { getDefaultLlmProvider, normalizeProviderApi } from "../../llm-proxy/providers.js";
23
- import { getCoreProxyBaseUrl } from "../../llm-proxy/proxy-runtime.js";
24
- import { allocateGatewayPort, releasePendingPort, resolveServiceUser, updateEnvFile, } from "../../instance-manager.js";
25
- import { JISHUSHELL_HOME, getInstanceDir as instanceDir, instanceMetaPath } from "../../../config.js";
26
- import { createTask, emitTask, spawnWithTask, resolveDockerInvocation, captureImageDigest, } from "../../setup-manager.js";
27
- import { InstanceCreationRejected } from "../errors.js";
28
- import { resolveNomadJobId } from "../job-id.js";
29
- import YAML from "yaml";
30
- import { registerAdapter } from "../registry.js";
31
- import { SEARXNG_MCP_SHIM_SOURCE } from "../mcp-shims/searxng-shim.js";
32
- import { resolveEnvTemplate, writeMcpEntry } from "../mcp-shims/write-mcp-entry.js";
33
- import * as capabilityRegistry from "../../capability-registry.js";
34
- const SEARXNG_SHIM_REL_PATH = "__mcp_shims__/searxng/index.mjs";
35
- const UPSTREAM_SECRET_ENV_NAME = "UPSTREAM_API_KEY";
36
- const HERMES_CONTAINER_PORT = 8642;
37
- const HERMES_CONTAINER_HOME = "/opt/data";
38
- const HERMES_CONTAINER_SHIM = "/usr/local/bin/jishushell-hermes-entry.sh";
39
- const HERMES_CONTAINER_WORKDIR = "/opt/hermes";
40
- export const HERMES_DEFAULT_GATEWAY_PORT = HERMES_CONTAINER_PORT;
41
- const HERMES_VERSION_LABEL = "org.opencontainers.image.version";
42
- const HERMES_MUTABLE_TAG_RE = /:(latest|slim)$/;
43
- const HERMES_CATALOG_DEFAULTS = {
44
- configFormat: "yaml+env",
45
- homeDirName: "agent-home",
46
- resources: { CPU: 1000, MemoryMB: 1024 },
47
- allowDockerSock: false,
48
- };
49
- function readOfficialHermesRepoDigest(image) {
50
- const repo = imageRepository(HERMES_DEFAULT_IMAGE);
51
- if (!repo)
52
- return null;
53
- try {
54
- const invocation = resolveDockerInvocation();
55
- const raw = execFileSync(invocation.cmd, [
56
- ...invocation.argsPrefix,
57
- "image",
58
- "inspect",
59
- "--format",
60
- "{{range .RepoDigests}}{{.}}{{println}}{{end}}",
61
- image,
62
- ], { timeout: 5_000, encoding: "utf-8", stdio: ["ignore", "pipe", "ignore"] });
63
- const prefix = `${repo}@sha256:`;
64
- return raw
65
- .split("\n")
66
- .map((line) => line.trim())
67
- .find((line) => line.startsWith(prefix) && /^[a-f0-9]{64}$/i.test(line.slice(prefix.length))) ?? null;
68
- }
69
- catch {
70
- return null;
71
- }
72
- }
73
- function assertOfficialHermesImage(image) {
74
- const digest = readOfficialHermesRepoDigest(image);
75
- if (digest)
76
- return digest;
77
- const repo = imageRepository(HERMES_DEFAULT_IMAGE) ?? HERMES_DEFAULT_IMAGE;
78
- throw new Error(`Hermes image ${image} is not a JishuShell-provided runtime image. ` +
79
- `It must be pulled from ${repo} and retain an official RepoDigest.`);
80
- }
81
- function imageRepository(image) {
82
- const digestIdx = image.indexOf("@");
83
- const withoutDigest = digestIdx >= 0 ? image.slice(0, digestIdx) : image;
84
- const colonIdx = withoutDigest.lastIndexOf(":");
85
- const slashIdx = withoutDigest.lastIndexOf("/");
86
- if (colonIdx > slashIdx)
87
- return withoutDigest.slice(0, colonIdx);
88
- return withoutDigest || null;
89
- }
90
- function imageTag(image) {
91
- const colonIdx = image.lastIndexOf(":");
92
- const slashIdx = image.lastIndexOf("/");
93
- if (colonIdx <= slashIdx)
94
- return null;
95
- const tag = image.slice(colonIdx + 1);
96
- return tag && tag !== "<none>" && tag !== "none" ? tag : null;
97
- }
98
- function imageTagVersion(image) {
99
- const tag = imageTag(image);
100
- return tag && /^\d+\.\d+\.\d+/.test(tag) ? tag : undefined;
101
- }
102
- function versionScore(image) {
103
- const tag = imageTag(image) ?? "";
104
- const semver = tag.match(/^v?(\d+)\.(\d+)\.(\d+)/);
105
- if (semver) {
106
- return [
107
- 3,
108
- Number.parseInt(semver[1], 10),
109
- Number.parseInt(semver[2], 10),
110
- Number.parseInt(semver[3], 10),
111
- tag,
112
- ];
113
- }
114
- if (tag === "latest")
115
- return [2, 0, 0, 0, tag];
116
- if (tag === "slim")
117
- return [1, 0, 0, 0, tag];
118
- return [0, 0, 0, 0, tag];
119
- }
120
- function compareLocalHermesImages(left, right) {
121
- const a = versionScore(left);
122
- const b = versionScore(right);
123
- for (let i = 0; i < 4; i++) {
124
- const diff = b[i] - a[i];
125
- if (diff !== 0)
126
- return diff;
127
- }
128
- return b[4].localeCompare(a[4]);
129
- }
130
- function findLocalHermesImage() {
131
- const repo = imageRepository(HERMES_DEFAULT_IMAGE);
132
- if (!repo)
133
- return null;
134
- try {
135
- const invocation = resolveDockerInvocation();
136
- const out = execFileSync(invocation.cmd, [...invocation.argsPrefix, "image", "ls", "--format", "{{.Repository}}:{{.Tag}}"], { timeout: 5_000, encoding: "utf-8", stdio: ["ignore", "pipe", "ignore"] });
137
- const candidates = out
138
- .split("\n")
139
- .map((line) => line.trim())
140
- .filter((line) => line.startsWith(`${repo}:`) && !!imageTag(line));
141
- for (const candidate of candidates.sort(compareLocalHermesImages)) {
142
- const digest = readOfficialHermesRepoDigest(candidate);
143
- if (digest)
144
- return { image: candidate, digest };
145
- }
146
- return null;
147
- }
148
- catch {
149
- return null;
150
- }
151
- }
152
- function persistHermesCatalogForImage(image, existing, officialDigest) {
153
- const next = {
154
- ...HERMES_CATALOG_DEFAULTS,
155
- ...(existing ?? {}),
156
- defaultImage: image,
157
- };
158
- const digest = officialDigest ?? readOfficialHermesRepoDigest(image);
159
- if (digest)
160
- next.defaultImageDigest = digest;
161
- else
162
- delete next.defaultImageDigest;
163
- setRuntimeCatalogEntry("hermes", next);
164
- }
165
- /**
166
- * Read `org.opencontainers.image.version` LABEL from a local image.
167
- * Returns the version string if it matches `N.N.N...`, null otherwise.
168
- */
169
- function readHermesImageVersion(image) {
170
- try {
171
- const out = execFileSync("docker", ["inspect", "--format", `{{ index .Config.Labels "${HERMES_VERSION_LABEL}" }}`, image], { timeout: 5_000, encoding: "utf-8", stdio: ["ignore", "pipe", "ignore"] }).trim();
172
- return /^\d+\.\d+\.\d+/.test(out) ? out : null;
173
- }
174
- catch {
175
- return null;
176
- }
177
- }
178
- /**
179
- * If `stored` has a mutable tag (`:latest` / `:slim`), read the bundled
180
- * version from the image's LABEL and create a local `:${version}` tag
181
- * alias, then drop the mutable source tag. Mirrors the OpenClaw pin in
182
- * config.ts:migrateOpenclawImageTagIfNeeded, but uses the LABEL instead
183
- * of spawning the container (Hermes images bake the version into the
184
- * manifest, OpenClaw's used to lie — see that function's docstring).
185
- *
186
- * Returns the pinned tag on success, null when nothing was changed.
187
- */
188
- function pinHermesImageToLabeledVersion(stored) {
189
- if (!HERMES_MUTABLE_TAG_RE.test(stored))
190
- return null;
191
- const version = readHermesImageVersion(stored);
192
- if (!version)
193
- return null;
194
- const colonIdx = stored.lastIndexOf(":");
195
- const slashIdx = stored.lastIndexOf("/");
196
- if (colonIdx <= slashIdx)
197
- return null;
198
- const pinnedTag = `${stored.slice(0, colonIdx)}:${version}`;
199
- if (pinnedTag === stored)
200
- return null;
201
- try {
202
- execFileSync("docker", ["tag", stored, pinnedTag], { timeout: 10_000, stdio: "ignore" });
203
- }
204
- catch {
205
- return null;
206
- }
207
- try {
208
- execFileSync("docker", ["rmi", stored], { timeout: 10_000, stdio: "ignore" });
209
- }
210
- catch { /* best-effort cleanup */ }
211
- return pinnedTag;
212
- }
213
- /**
214
- * One-shot startup migration for Hermes installs whose
215
- * catalog still stores `:latest` / `:slim`. Silent no-op when the catalog
216
- * already holds a pinned tag, when docker is unreachable, or when the
217
- * local image lacks the expected LABEL. Called from server.ts onReady.
218
- */
219
- export function migrateHermesImageTagIfNeeded() {
220
- const entry = getRuntimeCatalogEntry("hermes");
221
- if (!entry || typeof entry.defaultImage !== "string")
222
- return;
223
- const stored = entry.defaultImage;
224
- const pinned = pinHermesImageToLabeledVersion(stored);
225
- if (!pinned)
226
- return;
227
- setRuntimeCatalogEntry("hermes", { ...entry, defaultImage: pinned });
228
- console.log(`[hermes] migrated runtime_catalog.hermes.defaultImage: ${stored} → ${pinned}`);
229
- }
230
- // ── Nomad primitives (mirrored from nomad-manager.ts so HermesAdapter's
231
- // buildNomadTask is self-contained) ─────────────────────────────────
232
- const DOCKER_IMAGE_RE = /^[a-zA-Z0-9][a-zA-Z0-9\-_.:/@]*$/;
233
- const MAX_DOCKER_IMAGE_NAME_LEN = 256;
234
- const VALID_USER_RE = /^[a-z0-9._-]{1,32}$/;
235
- const DEFAULT_PIDS_LIMIT = 512;
236
- const MAX_CPU_MHZ = 4000;
237
- // Memory ceilings read from core.json at runtime via getMaxAppMemoryMB().
238
- const NOMAD_TEMPLATE_UNSAFE_RE = /[{}"\\]/;
239
- // Matches the shape Feishu issues from `archetype=PersonalAgent` device-flow
240
- // (cli_ prefix + alphanumerics). Kept narrow on purpose — wider wildcards
241
- // would accept untrusted strings propagated from the OAuth response body.
242
- const FEISHU_APP_ID_RE = /^cli_[a-zA-Z0-9]{8,64}$/;
243
- // iLink Bot IDs are numeric-ish bot handles issued by Tencent. Keep the
244
- // same 128-char ceiling + charset OpenClaw's adapter uses so invalid
245
- // payloads from a tampered OAuth response don't become filesystem paths.
246
- const SAFE_WEIXIN_ACCOUNT_ID_RE = /^[a-zA-Z0-9@._-]{1,128}$/;
247
- function assertSafeTemplateId(id) {
248
- if (NOMAD_TEMPLATE_UNSAFE_RE.test(id)) {
249
- throw new Error(`Job ID "${id}" contains characters unsafe for Nomad Template interpolation`);
250
- }
251
- }
252
- function _resolveUidGid(username) {
253
- try {
254
- if (!VALID_USER_RE.test(username)) {
255
- return `${process.getuid()}:${process.getgid()}`;
256
- }
257
- const passwd = readFileSync("/etc/passwd", "utf-8");
258
- const line = passwd.split("\n").find((l) => l.startsWith(username + ":"));
259
- if (line) {
260
- const parts = line.split(":");
261
- const uid = parseInt(parts[2], 10);
262
- const gid = parseInt(parts[3], 10);
263
- if (!isNaN(uid) && !isNaN(gid))
264
- return `${uid}:${gid}`;
265
- }
266
- }
267
- catch {
268
- /* ignore */
269
- }
270
- return `${process.getuid()}:${process.getgid()}`;
271
- }
272
- // Mirrors nomad-manager.ts:nomadConfigDeclaresHostNetwork. When the host
273
- // nomad.hcl declares `host_network "external" { ... }`, the legacy hermes
274
- // job needs to attach `HostNetwork: "external"` to its ReservedPorts so
275
- // docker publishes the gateway to the LAN address instead of 127.0.0.1.
276
- function nomadHasExternalHostNetwork() {
277
- const path = join(JISHUSHELL_HOME, "nomad", "nomad.hcl");
278
- if (!existsSync(path))
279
- return false;
280
- try {
281
- return /host_network\s+"external"\s*\{/.test(readFileSync(path, "utf-8"));
282
- }
283
- catch {
284
- return false;
285
- }
286
- }
287
- const DEFAULT_CAPABILITIES = {
288
- gateway: {
289
- http: true,
290
- websocket: false,
291
- // "inline" = JishuShell-side chat UI that POSTs to
292
- // /api/instances/:id/agent/chat (which forwards to Hermes's own
293
- // /v1/chat/completions endpoint with the per-instance API_SERVER_KEY).
294
- // NOT the same as "openclaw" which iframes a full OpenClaw gateway UI.
295
- chatPanel: "inline",
296
- },
297
- pairing: {
298
- list: true,
299
- approve: true,
300
- // Capability is `false` until the adapter, routes, and CLI actually
301
- // ship revoke / clear-pending surfaces. Declaring them true here
302
- // with no backing implementation would mislead the UI and any
303
- // external caller into attempting unreachable operations.
304
- revoke: false,
305
- clearPending: false,
306
- },
307
- configEditor: "yaml+env",
308
- configSchema: false,
309
- customProvider: true,
310
- pluginInstall: false,
311
- skills: true,
312
- mcp: true,
313
- memory: true,
314
- backupRestore: false,
315
- usageStats: false,
316
- restartlessReload: false,
317
- messagingPlatforms: [
318
- "feishu",
319
- "weixin",
320
- "telegram",
321
- "discord",
322
- "slack",
323
- "whatsapp",
324
- "signal",
325
- "email",
326
- ],
327
- };
328
- const HERMES_AGENT_HOME_SUBDIRS = [
329
- "cron",
330
- "sessions",
331
- "logs",
332
- "hooks",
333
- "memories",
334
- "skills",
335
- "skins",
336
- "plans",
337
- "workspace",
338
- "home",
339
- ];
340
- const HERMES_AGENT_HOME_NESTED_DIRS = [
341
- ["weixin"],
342
- ["weixin", "accounts"],
343
- ["hermes-overlay"],
344
- ];
345
- const HERMES_SECRET_ENV_RE = /(KEY|TOKEN|SECRET|PASSWORD)$/i;
346
- function defaultHermesModelId() {
347
- const dp = getDefaultLlmProvider();
348
- const selected = typeof dp?.selectedModelId === "string" ? dp.selectedModelId.trim() : "";
349
- if (selected)
350
- return selected;
351
- const first = Array.isArray(dp?.models) ? dp.models.find((model) => typeof model?.id === "string" && model.id.trim()) : null;
352
- return first?.id || "default";
353
- }
354
- function defaultHermesConfigYaml() {
355
- // Main agent routes through our `jsproxy` custom provider — honest: we
356
- // really are an OpenAI-compatible proxy that may sit in front of any
357
- // upstream (MiniMax/OpenAI/Anthropic/…). Aliasing to any built-in
358
- // provider name (e.g. `minimax`) would leak upstream-specific request
359
- // fields to unrelated backends and create surprising breakage.
360
- //
361
- // Hermes expects `custom_providers` as a YAML list (each entry an
362
- // object with a `name` field). See Hermes config schema at
363
- // https://hermes-agent.nousresearch.com/docs/user-guide/configuration/
364
- const doc = {
365
- model: {
366
- provider: "jsproxy",
367
- default: defaultHermesModelId(),
368
- },
369
- terminal: {
370
- backend: "local",
371
- },
372
- custom_providers: [
373
- {
374
- name: "jsproxy",
375
- base_url: getCoreProxyBaseUrl(),
376
- api_key: "${JSPROXY_API_KEY}",
377
- },
378
- ],
379
- };
380
- return YAML.stringify(doc).trimEnd() + "\n";
381
- }
382
- function defaultHermesEnvText() {
383
- // Hermes refuses to bind 0.0.0.0 without an API_SERVER_KEY (safety gate).
384
- // Generate a random 32-byte hex key per instance so unauthenticated access
385
- // is impossible even though the host port is published.
386
- const apiServerKey = randomBytes(32).toString("hex");
387
- return [
388
- "API_SERVER_ENABLED=true",
389
- "API_SERVER_HOST=0.0.0.0",
390
- `API_SERVER_PORT=${HERMES_CONTAINER_PORT}`,
391
- `API_SERVER_KEY=${apiServerKey}`,
392
- // Main agent provider lookup uses JSPROXY_API_KEY (referenced from
393
- // config.yaml custom_providers). Seeded by ensureInstanceProxyToken.
394
- "JSPROXY_API_KEY=",
395
- // OPENAI_BASE_URL + OPENAI_API_KEY are the standard env vars Hermes's
396
- // `auxiliary_client._try_custom_endpoint` reads to auto-discover a
397
- // generic OpenAI-compatible endpoint. Pointing them at our jsproxy
398
- // stops the auxiliary resolution chain from falling through to the
399
- // Nous Portal (which needs cookie auth and emits a 401 warning at
400
- // every agent startup). The aux token is a mirror of JSPROXY_API_KEY
401
- // populated by syncHermesProxyEnv after ensureInstanceProxyToken runs.
402
- `OPENAI_BASE_URL=${getCoreProxyBaseUrl()}`,
403
- "OPENAI_API_KEY=",
404
- // Allow all users for the smoke path; production deployments should
405
- // configure per-platform allowlists via TELEGRAM_ALLOWED_USERS etc.
406
- "GATEWAY_ALLOW_ALL_USERS=true",
407
- "",
408
- ].join("\n");
409
- }
410
- /**
411
- * After `ensureInstanceProxyToken(instanceId)` writes JSPROXY_API_KEY into
412
- * the Hermes .env, mirror the same token into OPENAI_API_KEY and make
413
- * sure OPENAI_BASE_URL points at our jsproxy. This gives the
414
- * auxiliary_client / vision client / trajectory compressor a valid
415
- * OpenAI-compatible endpoint to auto-discover, so startup no longer
416
- * emits the `custom/main requested but no endpoint credentials found`
417
- * warning + Nous 401. Safe to call repeatedly (idempotent).
418
- */
419
- function syncHermesProxyEnv(instanceId) {
420
- const paths = resolveHermesPaths(instanceId);
421
- if (!paths.secretEnv || !existsSync(paths.secretEnv))
422
- return;
423
- const env = parseEnvFileFromText(readFileSync(paths.secretEnv, "utf-8"));
424
- const token = env.JSPROXY_API_KEY?.trim();
425
- if (!token)
426
- return;
427
- const updates = {};
428
- if (env.OPENAI_API_KEY !== token)
429
- updates.OPENAI_API_KEY = token;
430
- const expectedBase = getCoreProxyBaseUrl();
431
- if (env.OPENAI_BASE_URL !== expectedBase)
432
- updates.OPENAI_BASE_URL = expectedBase;
433
- if (Object.keys(updates).length === 0)
434
- return;
435
- updateEnvFile(paths.secretEnv, updates);
436
- }
437
- function syncHermesProviderSecret(instanceId) {
438
- const paths = resolveHermesPaths(instanceId);
439
- if (!paths.secretEnv)
440
- return;
441
- const providerEnvPath = join(dirname(paths.secretEnv), "provider.env");
442
- const existing = existsSync(providerEnvPath)
443
- ? parseEnvFileFromText(readFileSync(providerEnvPath, "utf-8"))
444
- : {};
445
- if (existing[UPSTREAM_SECRET_ENV_NAME]?.trim())
446
- return;
447
- const dp = getDefaultLlmProvider();
448
- if (!dp?.id || !dp.apiKey)
449
- return;
450
- try {
451
- const meta = JSON.parse(readFileSync(instanceMetaPath(instanceId), "utf-8"));
452
- const providerId = String(meta["x-jishushell"]?.proxy?.upstream?.providerId || "").trim();
453
- if (providerId && providerId !== dp.id)
454
- return;
455
- }
456
- catch {
457
- // Instance metadata may not exist yet during createInstance; use the
458
- // configured default provider in that bootstrap path.
459
- }
460
- updateEnvFile(providerEnvPath, { [UPSTREAM_SECRET_ENV_NAME]: dp.apiKey });
461
- }
462
- function ensureHermesConfigFiles(paths) {
463
- if (!paths.primaryConfig || !existsSync(paths.primaryConfig)) {
464
- writeConfigFile(paths.primaryConfig, defaultHermesConfigYaml());
465
- }
466
- if (!paths.secretEnv || !existsSync(paths.secretEnv)) {
467
- writeSecretFile(paths.secretEnv, defaultHermesEnvText());
468
- }
469
- }
470
- function secretEnvFields(envText) {
471
- const env = parseEnvFileFromText(envText);
472
- return Object.keys(env)
473
- .filter((key) => HERMES_SECRET_ENV_RE.test(key))
474
- .map((key) => `env.${key}`);
475
- }
476
- function parseEnvFileFromText(envText) {
477
- const env = {};
478
- for (let line of envText.split("\n")) {
479
- line = line.trim();
480
- if (!line || line.startsWith("#"))
481
- continue;
482
- if (line.startsWith("export "))
483
- line = line.slice(7).trimStart();
484
- if (!line.includes("="))
485
- continue;
486
- const eqIdx = line.indexOf("=");
487
- const key = line.slice(0, eqIdx).trim();
488
- let value = line.slice(eqIdx + 1).trim();
489
- if (!key)
490
- continue;
491
- if (value.length >= 2 && value[0] === value[value.length - 1] && (value[0] === "'" || value[0] === '"')) {
492
- value = value.slice(1, -1);
493
- }
494
- env[key] = value;
495
- }
496
- return env;
497
- }
498
- function injectHermesUpstreamKeyStatus(instanceId, config) {
499
- const merged = structuredClone(config);
500
- const upstream = merged["x-jishushell"]?.proxy?.upstream;
501
- if (!upstream || typeof upstream !== "object")
502
- return merged;
503
- const paths = resolveHermesPaths(instanceId);
504
- if (!paths.secretEnv)
505
- return merged;
506
- const providerEnvPath = join(dirname(paths.secretEnv), "provider.env");
507
- if (!existsSync(providerEnvPath))
508
- return merged;
509
- const providerEnv = parseEnvFileFromText(readFileSync(providerEnvPath, "utf-8"));
510
- upstream.hasApiKey = !!String(providerEnv[UPSTREAM_SECRET_ENV_NAME] || "").trim();
511
- return merged;
512
- }
513
- function normalizeEnvText(raw) {
514
- const trimmed = raw.replace(/\r\n/g, "\n").replace(/\r/g, "\n").trimEnd();
515
- return trimmed ? `${trimmed}\n` : "";
516
- }
517
- /**
518
- * Resolve the hermes instance filesystem layout. Agent-home lives inside the
519
- * per-instance directory and is bind-mounted to /opt/data inside the container.
520
- */
521
- export function resolveHermesPaths(instanceId) {
522
- const catalog = getRuntimeCatalogEntry("hermes");
523
- const homeDirName = catalog?.homeDirName || "agent-home";
524
- const resolvedInstanceDir = instanceDir(instanceId);
525
- const agentHome = join(resolvedInstanceDir, homeDirName);
526
- return {
527
- instanceDir: resolvedInstanceDir,
528
- agentHome,
529
- primaryConfig: join(agentHome, "config.yaml"),
530
- secretEnv: join(agentHome, ".env"),
531
- };
532
- }
533
- function isPrecreatedManagedAppDir(dir) {
534
- return existsSync(join(dir, "app-spec.yaml")) && existsSync(join(dir, "manifest.json"));
535
- }
536
- /**
537
- * §17 — find the capability-registry entry that produced a given
538
- * resolved env URL (e.g. `SEARCH_API_BASE_URL = http://x:8080/search`).
539
- * Match by host:port (and path when declared). Returns the entry so
540
- * applyConnectionEnv can read its `toolSchema`. Returns null when no
541
- * match — caller falls back to the legacy PR 7 path.
542
- */
543
- function findSearchProviderForUrl(rawUrl) {
544
- let parsed;
545
- try {
546
- parsed = new URL(rawUrl);
547
- }
548
- catch {
549
- return null;
550
- }
551
- const targetHost = parsed.hostname.toLowerCase();
552
- const targetPort = Number(parsed.port) || (parsed.protocol === "https:" ? 443 : 80);
553
- const targetPath = parsed.pathname.replace(/\/+$/u, "");
554
- const snapshot = capabilityRegistry.snapshot().providersByCapability ?? {};
555
- for (const [cap, entries] of Object.entries(snapshot)) {
556
- if (!cap.startsWith("search"))
557
- continue;
558
- for (const entry of entries) {
559
- const entryHost = (entry.host ?? "").toLowerCase();
560
- const entryPort = entry.hostPort;
561
- const entryPath = (entry.path ?? "").replace(/\/+$/u, "");
562
- if (entryPort !== targetPort)
563
- continue;
564
- if (entryHost && entryHost !== targetHost) {
565
- // Tolerate localhost <-> 127.0.0.1 / advertised-host mismatches by
566
- // accepting any host when the port + path match — env URLs go
567
- // through nomad-manager's host rewriting which can disagree with
568
- // registry's stored host.
569
- }
570
- if (entryPath && targetPath && entryPath !== targetPath)
571
- continue;
572
- return entry;
573
- }
574
- }
575
- return null;
576
- }
577
- class HermesAdapter {
578
- agentType = "hermes";
579
- displayName = "Hermes Agent";
580
- defaultCapabilities = DEFAULT_CAPABILITIES;
581
- defaultGatewayPort = HERMES_DEFAULT_GATEWAY_PORT;
582
- manifest = {
583
- agentType: "hermes",
584
- displayName: "Hermes Agent",
585
- description: "NousResearch Hermes — Telegram / Discord / Slack / Signal 等 IM 接入",
586
- defaultCapabilities: DEFAULT_CAPABILITIES,
587
- requiresNomadDocker: true,
588
- diskSpaceMB: 5120,
589
- };
590
- hooks = {
591
- /**
592
- * Hermes pre-start: verify the docker image retains the official
593
- * ghcr.io/x-aijishu/hermes-runtime RepoDigest before Nomad receives it.
594
- * No config patches (the shim bootstraps `.env` / `config.yaml` on first
595
- * run) and no Nomad Variables template (Hermes reads keys from the
596
- * bind-mounted `.env`, not from secrets).
597
- */
598
- onBeforeStart: async (args) => {
599
- const catalog = getRuntimeCatalogEntry("hermes");
600
- const image = catalog?.defaultImageDigest
601
- || catalog?.defaultImage;
602
- if (!image) {
603
- throw new Error("Hermes runtime is not installed. Run POST /api/setup/install/hermes first.");
604
- }
605
- if (!DOCKER_IMAGE_RE.test(image) || image.length > MAX_DOCKER_IMAGE_NAME_LEN) {
606
- throw new Error(`Invalid Hermes docker image: "${image}"`);
607
- }
608
- assertOfficialHermesImage(image);
609
- // Idempotent migration: pre-alias Hermes instances created before the
610
- // OPENAI_* env switch still carry only JSPROXY_API_KEY. Every start
611
- // mirrors that token into OPENAI_API_KEY and pins OPENAI_BASE_URL at
612
- // the jsproxy so auxiliary_client auto-discovery stops hitting Nous.
613
- // Safe to re-run on every restart.
614
- try {
615
- syncHermesProxyEnv(args.instanceId);
616
- }
617
- catch { /* best-effort */ }
618
- try {
619
- syncHermesProviderSecret(args.instanceId);
620
- }
621
- catch { /* best-effort */ }
622
- },
623
- };
624
- /**
625
- * Full Hermes instance bootstrap, physically migrated from the legacy
626
- * `instance-manager.createHermesInstance()`. The framework routes layer
627
- * calls this uniformly via `getAdapter(agentType).createInstance(args)` —
628
- * instance-manager no longer owns any Hermes business logic.
629
- *
630
- * Rejection cases (all raise `InstanceCreationRejected`):
631
- * - core service_manager !== "nomad"
632
- * - core nomad_driver !== "docker"
633
- * - core runtime_catalog.hermes not present (install not run yet)
634
- */
635
- async createInstance(args) {
636
- if (args.cloneFrom || args.agentHome || args.cloneOptions) {
637
- throw new Error(`Hermes does not support clone_from / agent_home / clone_options — ` +
638
- `these are OpenClaw-specific create fields.`);
639
- }
640
- const { instanceId, name, description = "" } = args;
641
- const d = instanceDir(instanceId);
642
- const metaPath = instanceMetaPath(instanceId);
643
- if (existsSync(metaPath))
644
- throw new Error(`Instance '${instanceId}' already exists`);
645
- if (existsSync(d) && !isPrecreatedManagedAppDir(d)) {
646
- throw new Error(`Instance '${instanceId}' already exists`);
647
- }
648
- // 1. Prereq validation (structured reject with hint)
649
- const coreConfig = getCoreConfig();
650
- const svcMgr = coreConfig.service_manager || "nomad";
651
- const driver = coreConfig.nomad_driver || "docker";
652
- if (svcMgr !== "nomad") {
653
- throw new InstanceCreationRejected({
654
- code: "RUNTIME_REQUIRES_NOMAD_DOCKER",
655
- requestedKind: "hermes",
656
- currentServiceManager: svcMgr,
657
- currentNomadDriver: driver,
658
- hint: `Hermes requires service_manager="nomad" (current: "${svcMgr}"). ` +
659
- `Switch in core.json or via settings before creating a Hermes instance.`,
660
- });
661
- }
662
- if (driver !== "docker") {
663
- throw new InstanceCreationRejected({
664
- code: "RUNTIME_REQUIRES_NOMAD_DOCKER",
665
- requestedKind: "hermes",
666
- currentServiceManager: svcMgr,
667
- currentNomadDriver: driver,
668
- hint: `Hermes requires nomad_driver="docker" (current: "${driver}").`,
669
- });
670
- }
671
- // Catalog must exist (populated by setup-manager.installHermes)
672
- const catalog = coreConfig.runtime_catalog?.hermes;
673
- if (!catalog || !catalog.defaultImage) {
674
- throw new InstanceCreationRejected({
675
- code: "RUNTIME_PREREQ_MISSING",
676
- requestedKind: "hermes",
677
- currentServiceManager: svcMgr,
678
- currentNomadDriver: driver,
679
- hint: `Hermes runtime is not installed. Run POST /api/setup/install/hermes first.`,
680
- });
681
- }
682
- // 2. Lay out filesystem
683
- ensureDirContainer(d);
684
- try {
685
- const parentGid = statSync(dirname(d)).gid;
686
- chownSync(d, -1, parentGid);
687
- }
688
- catch {
689
- /* best effort */
690
- }
691
- const paths = await this.createInitialLayout({ instanceId, name, description });
692
- // 3. Allocate gateway host port (kind-agnostic framework primitive)
693
- const portAlloc = await allocateGatewayPort(instanceId, HERMES_DEFAULT_GATEWAY_PORT);
694
- // 4. Build runtime spec, inject allocated port into ports[] / env / health
695
- const runtimeSpec = await this.buildRuntime(instanceId);
696
- if (runtimeSpec.ports && runtimeSpec.ports.length > 0) {
697
- runtimeSpec.ports = runtimeSpec.ports.map((port, idx) => idx === 0
698
- ? { ...port, hostPort: portAlloc.port, containerPort: portAlloc.port }
699
- : port);
700
- }
701
- if (runtimeSpec.env && runtimeSpec.env.API_SERVER_PORT !== undefined) {
702
- runtimeSpec.env.API_SERVER_PORT = String(portAlloc.port);
703
- }
704
- if (runtimeSpec.health && typeof runtimeSpec.health === "object" && runtimeSpec.health.port != null) {
705
- runtimeSpec.health = { ...runtimeSpec.health, port: portAlloc.port };
706
- }
707
- // python-dotenv override=True can overwrite docker -e env vars, so the
708
- // allocated port must also be rewritten into the .env file.
709
- if (paths.secretEnv && existsSync(paths.secretEnv)) {
710
- try {
711
- updateEnvFile(paths.secretEnv, { API_SERVER_PORT: String(portAlloc.port) });
712
- }
713
- catch (e) {
714
- console.warn(`[hermes] failed to patch .env API_SERVER_PORT for ${instanceId}: ${e.message}`);
715
- }
716
- }
717
- // 5. Persist instance.json
718
- const meta = {
719
- id: instanceId,
720
- name,
721
- description,
722
- agentType: "hermes",
723
- paths: {
724
- instanceDir: paths.instanceDir,
725
- agentHome: paths.agentHome,
726
- primaryConfig: paths.primaryConfig,
727
- secretEnv: paths.secretEnv,
728
- },
729
- runtime: runtimeSpec,
730
- created_at: new Date().toISOString(),
731
- };
732
- // Propagate the configured default provider into instance.json because
733
- // Hermes has no openclaw.json for the proxy to derive upstream settings from.
734
- const dp = getDefaultLlmProvider();
735
- if (dp?.id) {
736
- const modelList = Array.isArray(dp.models)
737
- ? dp.models
738
- .map((m) => ({
739
- id: String(m?.id ?? ""),
740
- name: String(m?.name ?? m?.id ?? ""),
741
- contextWindow: Number(m?.contextWindow) || 128000,
742
- }))
743
- .filter((m) => m.id)
744
- : [];
745
- const selectedModelId = String(dp.selectedModelId || modelList[0]?.id || "");
746
- if (selectedModelId && modelList.every((m) => m.id !== selectedModelId)) {
747
- modelList.unshift({ id: selectedModelId, name: selectedModelId, contextWindow: 128000 });
748
- }
749
- meta["x-jishushell"] = {
750
- proxy: {
751
- upstream: {
752
- providerId: String(dp.id),
753
- baseUrl: String(dp.baseUrl || ""),
754
- api: normalizeProviderApi(dp.api),
755
- authHeader: dp.authHeader === true,
756
- headers: {},
757
- models: modelList,
758
- selectedModelId,
759
- apiKey: "",
760
- hasApiKey: !!dp.apiKey,
761
- clearApiKey: false,
762
- },
763
- },
764
- };
765
- }
766
- try {
767
- safeWriteJson(instanceMetaPath(instanceId), meta);
768
- try {
769
- ensureInstanceProxyToken(instanceId);
770
- syncHermesProxyEnv(instanceId);
771
- syncHermesProviderSecret(instanceId);
772
- }
773
- catch (e) {
774
- console.warn(`[hermes] failed to seed proxy token for ${instanceId}: ${e.message}`);
775
- }
776
- // If running as root, hand ownership of created files to service user
777
- const svcUser = resolveServiceUser();
778
- if (svcUser) {
779
- try {
780
- execFileSync("chown", ["-R", `${svcUser.uid}:${svcUser.gid}`, d], { timeout: 10_000 });
781
- }
782
- catch (e) {
783
- console.warn(`[hermes] chown for ${instanceId} failed:`, e.message);
784
- }
785
- }
786
- if (portAlloc.skipped.length > 0) {
787
- meta.port_allocation = {
788
- assigned: portAlloc.port,
789
- requested: HERMES_DEFAULT_GATEWAY_PORT,
790
- reason: "default_busy",
791
- skipped: portAlloc.skipped,
792
- };
793
- }
794
- return meta;
795
- }
796
- finally {
797
- releasePendingPort(portAlloc.port);
798
- }
799
- }
800
- async createInitialLayout(ctx) {
801
- const paths = resolveHermesPaths(ctx.instanceId);
802
- mkdirSync(paths.agentHome, { recursive: true });
803
- for (const sub of HERMES_AGENT_HOME_SUBDIRS) {
804
- mkdirSync(join(paths.agentHome, sub), { recursive: true });
805
- }
806
- for (const segments of HERMES_AGENT_HOME_NESTED_DIRS) {
807
- mkdirSync(join(paths.agentHome, ...segments), { recursive: true });
808
- }
809
- ensureHermesConfigFiles(paths);
810
- return paths;
811
- }
812
- async buildRuntime(instanceId) {
813
- const catalog = getRuntimeCatalogEntry("hermes");
814
- if (!catalog) {
815
- throw new Error("Hermes runtime is not installed. Run POST /api/setup/install/hermes first.");
816
- }
817
- // Prefer digest over tag for image pinning per §32.1. When installHermes
818
- // captured a digest it is stored alongside the tag; adapter favors digest.
819
- const image = catalog.defaultImageDigest
820
- || catalog.defaultImage;
821
- if (!image) {
822
- throw new Error("Hermes runtime catalog missing defaultImage");
823
- }
824
- // Only run JishuShell-provided Hermes runtime images. A local tag alone
825
- // is not enough because anyone can retag an arbitrary image; RepoDigest
826
- // records that Docker pulled this image from our official repository.
827
- assertOfficialHermesImage(image);
828
- const paths = resolveHermesPaths(instanceId);
829
- // Migrate pre-alias instances (created before the switch to
830
- // provider:minimax) in-place: mirror JSPROXY_API_KEY into MINIMAX_API_KEY
831
- // and pin MINIMAX_BASE_URL at the jsproxy. Idempotent — no-op on
832
- // instances already aligned with the new template.
833
- try {
834
- syncHermesProxyEnv(instanceId);
835
- }
836
- catch { /* best-effort */ }
837
- try {
838
- syncHermesProviderSecret(instanceId);
839
- }
840
- catch { /* best-effort */ }
841
- // §32.1.3: baseline mode is detected by ABSENCE of JISHUSHELL_HERMES_SOURCE_REF.
842
- // We deliberately do NOT inject this env here. Only the (future) upgrade CLI
843
- // populates it after a per-instance overlay build.
844
- const env = {
845
- API_SERVER_ENABLED: "true",
846
- API_SERVER_HOST: "0.0.0.0",
847
- API_SERVER_PORT: String(HERMES_CONTAINER_PORT),
848
- HERMES_UID: String(process.getuid?.() ?? 1000),
849
- HERMES_GID: String(process.getgid?.() ?? 1000),
850
- };
851
- const resources = catalog.resources && typeof catalog.resources === "object"
852
- ? {
853
- CPU: Number(catalog.resources.CPU) || 1000,
854
- MemoryMB: Number(catalog.resources.MemoryMB) || 1024,
855
- MemoryMaxMB: catalog.resources.MemoryMaxMB != null
856
- ? Number(catalog.resources.MemoryMaxMB)
857
- : undefined,
858
- }
859
- : { CPU: 1000, MemoryMB: 1024 };
860
- return {
861
- image,
862
- // Invoke the shim via /bin/bash explicitly instead of execve'ing the
863
- // script file directly. Debian-based containers always ship /bin/bash,
864
- // and this bypasses EACCES on execve when bind-mounted script files
865
- // occasionally lose their exec bit through the container runtime.
866
- command: "/bin/bash",
867
- args: [HERMES_CONTAINER_SHIM, "gateway", "run"],
868
- cwd: HERMES_CONTAINER_WORKDIR,
869
- user: "root", // shim exec-gosu-downgrades to hermes uid
870
- env,
871
- envFiles: paths.secretEnv ? [paths.secretEnv] : undefined,
872
- resources,
873
- volumes: [
874
- { hostPath: paths.agentHome, containerPath: HERMES_CONTAINER_HOME, mode: "rw" },
875
- // Shim no longer bind-mounted — it is baked at HERMES_CONTAINER_SHIM
876
- // in the image (see Dockerfile.hermes-slim). Any remaining legacy
877
- // shimPath in runtime_catalog is scrubbed by migrateHermesShimOut.
878
- ],
879
- ports: [
880
- {
881
- name: "gateway",
882
- containerPort: HERMES_CONTAINER_PORT,
883
- hostPort: 0, // allocated by instance-manager
884
- visibility: "external",
885
- },
886
- ],
887
- health: {
888
- type: "http",
889
- path: "/health",
890
- port: HERMES_CONTAINER_PORT,
891
- },
892
- };
893
- }
894
- /**
895
- * Hermes has no `openclaw.json` — it stores upstream metadata directly
896
- * on instance.json under `x-jishushell`. Return a synthetic stub
897
- * containing just that block so the LLM proxy's
898
- * `deriveUpstreamConfig()` finds what it needs.
899
- */
900
- getNativeConfig(instanceId) {
901
- const config = this.getStoredNativeConfig(instanceId);
902
- if (!config)
903
- return null;
904
- return injectHermesUpstreamKeyStatus(instanceId, config);
905
- }
906
- getStoredNativeConfig(instanceId) {
907
- // Lazy import to avoid pulling the full instance-manager into top-level
908
- // static graph (adapters reach back for framework primitives on demand).
909
- try {
910
- const req = createRequire(import.meta.url);
911
- const im = req("../../instance-manager.js");
912
- const meta = im.getInstance(instanceId);
913
- if (!meta)
914
- return null;
915
- return { "x-jishushell": meta["x-jishushell"] || {} };
916
- }
917
- catch {
918
- return null;
919
- }
920
- }
921
- /**
922
- * Persist the `x-jishushell` meta block to instance.json. Hermes's user-
923
- * facing config lives in yaml+env (editable via `writeConfig`), so this
924
- * hook is scoped to the meta block only — any other keys in the payload
925
- * are ignored intentionally.
926
- *
927
- * Called by `llm-proxy.saveInstanceConfig` when the editor saves a
928
- * per-instance provider override. By implementing the same
929
- * `saveNativeConfig(instanceId, {x-jishushell})` contract OpenClaw uses,
930
- * Hermes piggy-backs on the shared API key encryption + rollback flow.
931
- */
932
- saveNativeConfig(instanceId, config) {
933
- const xJishushell = config?.["x-jishushell"];
934
- if (!xJishushell || typeof xJishushell !== "object")
935
- return false;
936
- try {
937
- const req = createRequire(import.meta.url);
938
- const im = req("../../instance-manager.js");
939
- const metaPath = im.instanceMetaPath(instanceId);
940
- if (!existsSync(metaPath))
941
- return false;
942
- const meta = JSON.parse(readFileSync(metaPath, "utf-8"));
943
- meta["x-jishushell"] = xJishushell;
944
- safeWriteJson(metaPath, meta);
945
- return true;
946
- }
947
- catch (e) {
948
- console.warn(`[hermes] saveNativeConfig failed for ${instanceId}: ${e.message}`);
949
- return false;
950
- }
951
- }
952
- /**
953
- * Connection-apply hook (§7 / §17 of app-interconnect-design):
954
- * translate resolved bindings into Hermes-native config.yaml updates.
955
- *
956
- * Hermes' web tool only supports Firecrawl/Tavily/Exa/Parallel as direct
957
- * search backends — it does NOT recognize SearXNG natively. We expose
958
- * SearXNG (and any other MCP-shaped capability) to the agent via the
959
- * jishushell MCP firewall (see `mcp-shims/firewall.ts`).
960
- *
961
- * The firewall replaces the upstream package's `tools/list` description
962
- * with the canonical wording declared in app yaml's
963
- * `provides[].tool_schema` — preventing prompt-injection like the
964
- * "news / recent events" + `time_range` slots of upstream `mcp-searxng`,
965
- * which was rewriting Chinese queries into English and hallucinating
966
- * dates on MiniMax-class models.
967
- *
968
- * For each `SEARCH_API_BASE_URL` (or future MCP-shaped slot):
969
- * 1. Find the producing capability entry in the registry.
970
- * 2. If it carries `toolSchema`, drop firewall + config.json into
971
- * agent-home and write `mcp_servers.<cap_id>` pointing at it.
972
- * 3. If it doesn't (legacy yaml without §17 fields), fall back to
973
- * the PR 7 in-tree searxng-shim — kept for one release cycle as
974
- * backstop while community apps migrate.
975
- *
976
- * Other env (OPENAI_API_BASE_URL etc.) is a no-op here; the framework
977
- * still injects them via `nomad-manager.injectConnectionsRuntimeEnv`
978
- * and Hermes picks them up natively.
979
- */
980
- async applyConnectionEnv(instanceId, env) {
981
- const searchUrl = env.SEARCH_API_BASE_URL;
982
- if (typeof searchUrl !== "string")
983
- return;
984
- if (searchUrl === "") {
985
- // Empty value = unbind. Strip any connection-managed searxng /
986
- // search-* entries from mcp_servers so the next start doesn't keep
987
- // routing through a dead provider. We're conservative: only entries
988
- // we know we may have written (`searxng` for the legacy shim path,
989
- // and any `*_search` shaped key for the §17 firewall path's stable
990
- // alias) get removed.
991
- try {
992
- const paths = resolveHermesPaths(instanceId);
993
- if (!paths.primaryConfig || !existsSync(paths.primaryConfig))
994
- return;
995
- const yamlText = readFileSync(paths.primaryConfig, "utf-8");
996
- const parsed = YAML.parse(yamlText) ?? {};
997
- if (parsed?.mcp_servers && typeof parsed.mcp_servers === "object") {
998
- for (const key of Object.keys(parsed.mcp_servers)) {
999
- if (key === "searxng" || /(^|_)search$/.test(key)) {
1000
- delete parsed.mcp_servers[key];
1001
- }
1002
- }
1003
- }
1004
- writeConfigFile(paths.primaryConfig, YAML.stringify(parsed).trimEnd() + "\n");
1005
- }
1006
- catch (e) {
1007
- console.warn(`[hermes] applyConnectionEnv unbind failed for ${instanceId}: ${e.message}`);
1008
- }
1009
- return;
1010
- }
1011
- try {
1012
- const paths = resolveHermesPaths(instanceId);
1013
- ensureHermesConfigFiles(paths);
1014
- const yamlText = readFileSync(paths.primaryConfig, "utf-8");
1015
- const parsed = YAML.parse(yamlText) ?? {};
1016
- parsed.mcp_servers = parsed.mcp_servers ?? {};
1017
- // Try the §17 firewall path first — look up the producer capability
1018
- // entry to find a tool_schema declared by the provider's yaml.
1019
- const provider = findSearchProviderForUrl(searchUrl);
1020
- const svcUser = resolveServiceUser();
1021
- const serviceUser = svcUser ? { uid: svcUser.uid, gid: svcUser.gid } : undefined;
1022
- if (provider?.toolSchema) {
1023
- const upstreamEnv = resolveEnvTemplate(provider.toolSchema.upstream.env_template, env);
1024
- const entry = writeMcpEntry({
1025
- agentHomeDir: paths.agentHome,
1026
- containerHomeDir: HERMES_CONTAINER_HOME,
1027
- capabilityId: provider.capability,
1028
- toolSchema: provider.toolSchema,
1029
- upstreamEnv,
1030
- serviceUser,
1031
- });
1032
- // mcp_servers map key — use a stable short alias (the bare tool
1033
- // name) so users editing config.yaml see something readable.
1034
- const mapKey = provider.toolSchema.name.replace(/_web_search$|_search$/u, "")
1035
- || provider.capability;
1036
- parsed.mcp_servers[mapKey] = { ...entry, enabled: true };
1037
- }
1038
- else {
1039
- // Fallback: legacy PR 7 per-capability shim. Strip trailing
1040
- // /search to get the SearXNG origin for the shim's SEARXNG_URL env.
1041
- // The URL is re-rendered from the registry on each instance start
1042
- // (PR 9 phaseRefreshConnections), so host IP changes are picked
1043
- // up automatically when the user restarts the consuming agent.
1044
- let baseUrl = searchUrl;
1045
- try {
1046
- const u = new URL(searchUrl);
1047
- if (u.pathname === "/search" || u.pathname === "/search/") {
1048
- u.pathname = "";
1049
- baseUrl = u.toString().replace(/\/$/, "");
1050
- }
1051
- }
1052
- catch {
1053
- return;
1054
- }
1055
- const shimAbsPath = join(paths.agentHome, SEARXNG_SHIM_REL_PATH);
1056
- mkdirSync(dirname(shimAbsPath), { recursive: true });
1057
- writeFileSync(shimAbsPath, SEARXNG_MCP_SHIM_SOURCE, { mode: 0o755 });
1058
- try {
1059
- if (serviceUser) {
1060
- chownSync(dirname(shimAbsPath), serviceUser.uid, serviceUser.gid);
1061
- chownSync(shimAbsPath, serviceUser.uid, serviceUser.gid);
1062
- }
1063
- }
1064
- catch {
1065
- /* best-effort */
1066
- }
1067
- parsed.mcp_servers.searxng = {
1068
- command: "node",
1069
- args: [`${HERMES_CONTAINER_HOME}/${SEARXNG_SHIM_REL_PATH}`],
1070
- env: { SEARXNG_URL: baseUrl },
1071
- enabled: true,
1072
- };
1073
- }
1074
- writeConfigFile(paths.primaryConfig, YAML.stringify(parsed).trimEnd() + "\n");
1075
- }
1076
- catch (e) {
1077
- console.warn(`[hermes] applyConnectionEnv failed for ${instanceId}: ${e.message}`);
1078
- }
1079
- }
1080
- async getRuntimeVersion(instanceId) {
1081
- const catalog = getRuntimeCatalogEntry("hermes");
1082
- const digest = catalog?.defaultImageDigest;
1083
- // Read per-instance SOURCE_REF from instance.json without introducing
1084
- // a runtime→instance-manager cycle: late require to break the chain.
1085
- // If the env isn't set, we are in baseline mode.
1086
- let ref;
1087
- try {
1088
- const { getInstance } = await import("../../instance-manager.js");
1089
- const meta = getInstance(instanceId);
1090
- const envRef = meta?.runtime?.env?.JISHUSHELL_HERMES_SOURCE_REF;
1091
- if (typeof envRef === "string" && envRef.trim())
1092
- ref = envRef.trim();
1093
- }
1094
- catch {
1095
- // best-effort: if instance lookup fails, report baseline
1096
- }
1097
- return {
1098
- agentType: "hermes",
1099
- ref,
1100
- digest,
1101
- mode: ref ? "overlay" : "baseline",
1102
- };
1103
- }
1104
- async getConfigMeta(instanceId) {
1105
- const doc = await this.readConfig(instanceId);
1106
- return {
1107
- agentType: "hermes",
1108
- format: "yaml+env",
1109
- schemaId: "hermes/v1",
1110
- capabilities: this.defaultCapabilities,
1111
- secretFields: doc.format === "yaml+env" ? secretEnvFields(doc.env) : [],
1112
- runtimeVersion: await this.getRuntimeVersion(instanceId),
1113
- };
1114
- }
1115
- async readConfig(instanceId) {
1116
- const paths = resolveHermesPaths(instanceId);
1117
- ensureHermesConfigFiles(paths);
1118
- // Surface the instance.json `x-jishushell` meta block alongside yaml/env
1119
- // so the Config form can round-trip per-instance upstream provider
1120
- // overrides through the same ConfigDocument shape OpenClaw uses.
1121
- const xJishushell = this.getStoredNativeConfig(instanceId)?.["x-jishushell"];
1122
- const doc = {
1123
- format: "yaml+env",
1124
- yaml: readFileSync(paths.primaryConfig, "utf-8"),
1125
- env: readFileSync(paths.secretEnv, "utf-8"),
1126
- };
1127
- if (xJishushell && typeof xJishushell === "object") {
1128
- doc["x-jishushell"] = xJishushell;
1129
- }
1130
- return doc;
1131
- }
1132
- async writeConfig(instanceId, doc) {
1133
- if (doc.format !== "yaml+env") {
1134
- throw new Error(`Hermes config requires format="yaml+env", got "${doc.format}"`);
1135
- }
1136
- YAML.parse(doc.yaml);
1137
- const envText = normalizeEnvText(doc.env);
1138
- parseEnvFileFromText(envText);
1139
- const paths = resolveHermesPaths(instanceId);
1140
- ensureHermesConfigFiles(paths);
1141
- // Atomicity: the x-jishushell save path (via llm-proxy.saveInstanceConfig)
1142
- // can reject for reasons we only learn after some I/O — missing upstream
1143
- // API key, provider.env write failure, etc. Snapshot the current YAML/ENV
1144
- // contents BEFORE overwriting them so we can restore on failure and
1145
- // callers never see a half-applied save (new YAML on disk + rejected
1146
- // x-jishushell would leave the instance in a dirty state).
1147
- const priorYaml = readFileSync(paths.primaryConfig, "utf-8");
1148
- const priorEnv = readFileSync(paths.secretEnv, "utf-8");
1149
- writeConfigFile(paths.primaryConfig, doc.yaml.trimEnd() + "\n");
1150
- writeSecretFile(paths.secretEnv, envText);
1151
- // If the caller included per-instance upstream metadata, route it
1152
- // through the shared llm-proxy save flow — that path owns API key
1153
- // encryption, provider.env persistence, rollback on secret failures,
1154
- // and upstream cache invalidation. We deliberately reuse it instead
1155
- // of duplicating the logic here so Hermes and OpenClaw agree bit-
1156
- // for-bit on how per-instance provider config is stored.
1157
- const xJishushell = doc["x-jishushell"];
1158
- if (xJishushell && typeof xJishushell === "object") {
1159
- try {
1160
- const { saveInstanceConfig } = await import("../../llm-proxy/instance-proxy.js");
1161
- await saveInstanceConfig(instanceId, { "x-jishushell": xJishushell });
1162
- }
1163
- catch (e) {
1164
- try {
1165
- writeConfigFile(paths.primaryConfig, priorYaml);
1166
- writeSecretFile(paths.secretEnv, priorEnv);
1167
- }
1168
- catch (rollbackErr) {
1169
- console.error(`[hermes] CRITICAL: YAML/ENV rollback failed for ${instanceId}:`, rollbackErr?.message || rollbackErr);
1170
- }
1171
- throw e;
1172
- }
1173
- }
1174
- return this.readConfig(instanceId);
1175
- }
1176
- /**
1177
- * Persist Feishu/Lark OAuth credentials returned by the device-flow
1178
- * endpoints (handled by openclaw-routes.ts but adapter-agnostic at the
1179
- * persistence layer — framework code dispatches here via
1180
- * `instance-manager.saveFeishuCredentials`).
1181
- *
1182
- * Hermes reads platform config from two places on every gateway start:
1183
- * - `config.yaml` → `platforms.feishu.enabled` + `platforms.feishu.extra.*`
1184
- * - `.env` → `FEISHU_APP_ID`, `FEISHU_APP_SECRET`
1185
- *
1186
- * We write into BOTH. The YAML holds structural config (enabled flag,
1187
- * connection mode, domain) and references the secret env vars via
1188
- * `${...}` interpolation. That way the YAML can be backed up / shared
1189
- * without leaking credentials, and the real secrets live next to the
1190
- * .env the user already edits.
1191
- */
1192
- saveFeishuCredentials(instanceId, creds) {
1193
- if (!FEISHU_APP_ID_RE.test(creds.appId)) {
1194
- throw new Error(`Invalid Feishu appId format: expected cli_<alnum> (got "${creds.appId}")`);
1195
- }
1196
- if (!creds.appSecret || typeof creds.appSecret !== "string" || creds.appSecret.length < 4) {
1197
- throw new Error("Invalid Feishu appSecret: must be a non-empty string");
1198
- }
1199
- const domainName = creds.domain === "lark" ? "lark" : "feishu";
1200
- const paths = resolveHermesPaths(instanceId);
1201
- ensureHermesConfigFiles(paths);
1202
- // Merge into existing YAML rather than overwrite — the user may have
1203
- // customised model/terminal/custom_providers/etc. via the Config tab.
1204
- const currentYaml = readFileSync(paths.primaryConfig, "utf-8");
1205
- const parsed = YAML.parse(currentYaml) || {};
1206
- parsed.platforms = parsed.platforms || {};
1207
- const prior = parsed.platforms.feishu || {};
1208
- const priorExtra = prior.extra || {};
1209
- parsed.platforms.feishu = {
1210
- ...prior,
1211
- enabled: true,
1212
- extra: {
1213
- ...priorExtra,
1214
- // Env interpolation: hermes expands ${FOO} at load time against
1215
- // the process env, which Docker populates from agent-home/.env.
1216
- app_id: "${FEISHU_APP_ID}",
1217
- app_secret: "${FEISHU_APP_SECRET}",
1218
- domain_name: domainName,
1219
- connection_mode: priorExtra.connection_mode || "websocket",
1220
- },
1221
- };
1222
- writeConfigFile(paths.primaryConfig, YAML.stringify(parsed).trimEnd() + "\n");
1223
- // Env merge preserves unrelated keys (API_SERVER_KEY, JSPROXY_API_KEY, …).
1224
- updateEnvFile(paths.secretEnv, {
1225
- FEISHU_APP_ID: creds.appId,
1226
- FEISHU_APP_SECRET: creds.appSecret,
1227
- });
1228
- console.log(`[hermes] Feishu credentials saved for ${instanceId}, domain=${domainName}`);
1229
- }
1230
- /**
1231
- * Persist WeChat (personal-account) credentials returned by iLink Bot API's QR
1232
- * login flow. Called from the shared `/api/instances/:id/weixin/login`
1233
- * handler via `instance-manager.saveWeixinCredentials` → adapter dispatch.
1234
- *
1235
- * Upstream Hermes's `WeixinAdapter.__init__` scans
1236
- * `$HERMES_HOME/weixin/accounts/*.json` at startup and auto-connects every
1237
- * account file it finds, so the handshake we persist here is everything
1238
- * the runtime needs to come online after an instance restart. The JSON
1239
- * shape is pinned to upstream's `save_weixin_account` helper:
1240
- * `{token, base_url, user_id, saved_at}` with mode 0600.
1241
- *
1242
- * We also flip `platforms.weixin.enabled: true` in the instance's
1243
- * config.yaml so the gateway actually tries to connect the adapter on
1244
- * next start (without it, hermes ignores the weixin folder entirely).
1245
- */
1246
- saveWeixinCredentials(instanceId, creds) {
1247
- if (!creds.accountId || !SAFE_WEIXIN_ACCOUNT_ID_RE.test(creds.accountId)) {
1248
- throw new Error(`Invalid WeChat accountId: must be 1-128 chars of [a-zA-Z0-9@._-], got "${creds.accountId}"`);
1249
- }
1250
- if (!creds.token || typeof creds.token !== "string" || creds.token.length < 4) {
1251
- throw new Error("Invalid WeChat bot token: must be a non-empty string");
1252
- }
1253
- const home = resolveHermesPaths(instanceId).agentHome;
1254
- const accountsDir = join(home, "weixin", "accounts");
1255
- ensureDirContainer(accountsDir);
1256
- // Match upstream `save_weixin_account` exactly — WeixinAdapter reloads
1257
- // this file at connect time so we can't improvise the field names.
1258
- const payload = {
1259
- token: creds.token,
1260
- base_url: creds.baseUrl,
1261
- user_id: creds.userId || "",
1262
- saved_at: new Date().toISOString().replace(/\.\d+Z$/, "Z"),
1263
- };
1264
- const accountPath = join(accountsDir, `${creds.accountId}.json`);
1265
- safeWriteJson(accountPath, payload);
1266
- try {
1267
- chmodSync(accountPath, 0o600);
1268
- }
1269
- catch { /* best effort */ }
1270
- // Hermes runs as the `hermes` user inside the container; on the host
1271
- // the bind-mount is owned by the core service user. `ensureDirContainer`
1272
- // already handles ownership for the dir — file-level chown is a noop
1273
- // in the container path and not available as a shared helper here, so
1274
- // we rely on the directory permissions inheriting to the new file.
1275
- // Enable platforms.weixin in config.yaml (merge, preserve other keys).
1276
- // Upstream WeixinAdapter resolves startup credentials in this order at
1277
- // init time (weixin.py:1066-1067):
1278
- // token = config.token || extra.token || env WEIXIN_TOKEN
1279
- // account_id = extra.account_id || env WEIXIN_ACCOUNT_ID
1280
- // The per-account JSON we wrote above is state storage (refresh
1281
- // cursor, context token cache), not the startup seed — without the
1282
- // YAML + env entries below the adapter crashes with
1283
- // "WEIXIN_TOKEN is required".
1284
- const paths = resolveHermesPaths(instanceId);
1285
- ensureHermesConfigFiles(paths);
1286
- const currentYaml = readFileSync(paths.primaryConfig, "utf-8");
1287
- const parsed = YAML.parse(currentYaml) || {};
1288
- parsed.platforms = parsed.platforms || {};
1289
- const prior = parsed.platforms.weixin || {};
1290
- const priorExtra = prior.extra || {};
1291
- parsed.platforms.weixin = {
1292
- ...prior,
1293
- enabled: true,
1294
- extra: {
1295
- ...priorExtra,
1296
- // Same env-interpolation convention used by the feishu save path:
1297
- // YAML references ${VAR}, the real value lives in agent-home/.env.
1298
- account_id: "${WEIXIN_ACCOUNT_ID}",
1299
- token: "${WEIXIN_TOKEN}",
1300
- },
1301
- };
1302
- writeConfigFile(paths.primaryConfig, YAML.stringify(parsed).trimEnd() + "\n");
1303
- updateEnvFile(paths.secretEnv, {
1304
- WEIXIN_ACCOUNT_ID: creds.accountId,
1305
- WEIXIN_TOKEN: creds.token,
1306
- });
1307
- console.log(`[hermes] WeChat credentials saved for ${instanceId}, account=${creds.accountId}`);
1308
- }
1309
- /**
1310
- * List connected WeChat accounts for an instance. Backs the panel UI's
1311
- * "Connected Accounts" section in WeixinLoginPanel. Tolerates a missing
1312
- * directory (returns empty) and skips sidecar files the runtime writes
1313
- * alongside account records (sync buffers + context-token caches).
1314
- */
1315
- getWeixinAccounts(instanceId) {
1316
- const home = resolveHermesPaths(instanceId).agentHome;
1317
- if (!home)
1318
- return [];
1319
- const accountsDir = join(home, "weixin", "accounts");
1320
- if (!existsSync(accountsDir))
1321
- return [];
1322
- const results = [];
1323
- for (const f of readdirSync(accountsDir)) {
1324
- if (!f.endsWith(".json"))
1325
- continue;
1326
- // Skip sidecar files written by the runtime (sync cursor + context
1327
- // token cache). They share the accounts dir but aren't accounts.
1328
- if (f.endsWith(".sync.json") || f.endsWith(".context-tokens.json"))
1329
- continue;
1330
- try {
1331
- const data = JSON.parse(readFileSync(join(accountsDir, f), "utf-8"));
1332
- results.push({
1333
- accountId: f.replace(/\.json$/, ""),
1334
- userId: typeof data.user_id === "string" ? data.user_id : undefined,
1335
- savedAt: typeof data.saved_at === "string" ? data.saved_at : undefined,
1336
- });
1337
- }
1338
- catch {
1339
- /* malformed account file — skip */
1340
- }
1341
- }
1342
- return results;
1343
- }
1344
- /**
1345
- * Build the Nomad docker task spec directly from the persisted RuntimeSpec.
1346
- * Physically migrated from `nomad-manager.buildHermesTaskDocker`. Framework
1347
- * code now calls `getAdapter(agentType).buildNomadTask(id)` uniformly.
1348
- */
1349
- async buildNomadTask(instanceId) {
1350
- const { getInstanceRuntime } = await import("../../instance-manager.js");
1351
- const safeJobId = resolveNomadJobId(instanceId, this.nomadJobPrefix);
1352
- assertSafeTemplateId(safeJobId);
1353
- const spec = getInstanceRuntime(instanceId);
1354
- if (!spec || typeof spec !== "object") {
1355
- throw new Error(`Hermes instance ${instanceId} has no persisted runtime spec`);
1356
- }
1357
- if (!spec.image || typeof spec.image !== "string") {
1358
- throw new Error(`Hermes runtime spec missing image for ${instanceId}`);
1359
- }
1360
- if (!DOCKER_IMAGE_RE.test(spec.image) || spec.image.length > MAX_DOCKER_IMAGE_NAME_LEN) {
1361
- throw new Error(`Invalid Hermes docker image: "${spec.image}"`);
1362
- }
1363
- const volumes = [];
1364
- for (const vol of (spec.volumes || [])) {
1365
- volumes.push(`${vol.hostPath}:${vol.containerPath}:${vol.mode}`);
1366
- }
1367
- const ports = Array.isArray(spec.ports) ? spec.ports : [];
1368
- const gatewayPort = Number(ports[0]?.hostPort) || 0;
1369
- if (!gatewayPort) {
1370
- throw new Error(`Hermes instance ${instanceId} has no allocated gateway hostPort`);
1371
- }
1372
- const resourcesRaw = (spec.resources || {});
1373
- const requestedCpu = Math.max(1, Math.min(Number(resourcesRaw.CPU) || 1000, MAX_CPU_MHZ));
1374
- const requestedMem = Math.max(1, Math.min(Number(resourcesRaw.MemoryMB) || 1024, getMaxAppMemoryMB()));
1375
- const requestedMemMax = Math.min(Number(resourcesRaw.MemoryMaxMB ?? requestedMem), getMaxAppMemoryMB());
1376
- // Start non-root directly as the host's uid:gid — aligns with OpenClaw's
1377
- // security model (openclaw.ts:1404) and makes `cap_drop: ["ALL"]` viable
1378
- // without any cap_add. The entrypoint shim detects non-root via
1379
- // `if [ "$(id -u)" = "0" ]; then ... gosu ...; fi` and cleanly falls
1380
- // through to the venv-activation branch when started this way.
1381
- //
1382
- // Bind-mounted /opt/data on the host is already owned by this uid:gid
1383
- // (JishuShell creates instance dirs as the service user), so mkdir/cp/chmod
1384
- // inside the shim's non-root branch all succeed without CAP_CHOWN.
1385
- const hostUid = process.getuid?.() ?? 1000;
1386
- const hostGid = process.getgid?.() ?? 1000;
1387
- // Without HostNetwork, Nomad's docker driver publishes the gateway to
1388
- // 127.0.0.1, so cross-container consumers (e.g. OpenWebUI binding
1389
- // hermes via the llm-agent capability) can't reach it. Match the
1390
- // modern app-yaml path (nomad-manager.ts:hostNetworkForPort): when
1391
- // the agent's nomad.hcl declares `host_network "external"`, attach
1392
- // it to the ReservedPort so docker binds to the LAN address.
1393
- const hostNetwork = nomadHasExternalHostNetwork() ? "external" : undefined;
1394
- return {
1395
- Name: "gateway",
1396
- Driver: "docker",
1397
- User: `${hostUid}:${hostGid}`,
1398
- Config: {
1399
- image: spec.image,
1400
- force_pull: false,
1401
- // Match nomad-manager.ts:buildAppTask — default 5-minute pull
1402
- // timeout is too short for Pi-class networks pulling a 1+ GiB
1403
- // hermes image; bump to 15 minutes.
1404
- image_pull_timeout: "15m",
1405
- entrypoint: [spec.command],
1406
- args: [...(spec.args || [])],
1407
- work_dir: spec.cwd || HERMES_CONTAINER_WORKDIR,
1408
- volumes,
1409
- // Tell the docker driver to publish the labeled "gateway" port,
1410
- // so it routes the host_network IP rather than the loopback default.
1411
- ports: ["gateway"],
1412
- extra_hosts: ["host.docker.internal:host-gateway"],
1413
- // No cap_add — starting as non-root uid:gid means the shim's
1414
- // privilege-drop ritual (usermod / chown / gosu) is skipped
1415
- // entirely. `security_opt: no-new-privileges` prevents the
1416
- // unprivileged process from regaining any caps via setuid
1417
- // binaries. If browser_navigate's chromium sandbox fails, fix
1418
- // it with `--no-sandbox` in Dockerfile.hermes-slim rather
1419
- // than adding CAP_SYS_ADMIN here.
1420
- cap_drop: ["ALL"],
1421
- security_opt: ["no-new-privileges"],
1422
- pids_limit: DEFAULT_PIDS_LIMIT,
1423
- readonly_rootfs: false,
1424
- //
1425
- // `init: true` asks docker to run docker-init (a tini fork) as PID 1.
1426
- // This is the authoritative zombie-reaper for our containers — the
1427
- // image itself deliberately does NOT set ENTRYPOINT, so anyone who
1428
- // runs the image outside of Nomad must pass `--init` themselves.
1429
- // Without a real init, the chromium / agent-browser subprocess
1430
- // zombies never get reaped and we hit `pids_limit` after ~50
1431
- // browser_navigate calls.
1432
- //
1433
- // `shm_size` raises /dev/shm from docker's 64 MB default. Chromium
1434
- // uses shared memory for render/GPU buffers; 64 MB SIGBUSes on any
1435
- // JS-heavy page. 1 GB matches Chrome's default heap budget and is
1436
- // what Playwright / Puppeteer docker guides recommend.
1437
- //
1438
- init: true,
1439
- shm_size: 1073741824,
1440
- mounts: [{ type: "tmpfs", target: "/tmp", tmpfs_options: { size: 536870912 } }],
1441
- },
1442
- Env: { ...spec.env },
1443
- Resources: {
1444
- CPU: requestedCpu,
1445
- MemoryMB: requestedMem,
1446
- MemoryMaxMB: requestedMemMax,
1447
- Networks: [
1448
- {
1449
- ReservedPorts: [
1450
- {
1451
- Label: "gateway",
1452
- Value: gatewayPort,
1453
- To: gatewayPort,
1454
- ...(hostNetwork ? { HostNetwork: hostNetwork } : {}),
1455
- },
1456
- ],
1457
- },
1458
- ],
1459
- },
1460
- LogConfig: { MaxFiles: 3, MaxFileSizeMB: 10 },
1461
- };
1462
- }
1463
- /**
1464
- * Rewrite a persisted Hermes runtime spec to use a new host port.
1465
- * Hermes persists its port in `ports[0].hostPort/containerPort`,
1466
- * `env.API_SERVER_PORT`, and `health.port`.
1467
- */
1468
- reallocateRuntimePort(runtime, newPort) {
1469
- if (Array.isArray(runtime.ports) && runtime.ports.length > 0) {
1470
- runtime.ports = runtime.ports.map((port, idx) => idx === 0 ? { ...port, hostPort: newPort, containerPort: newPort } : port);
1471
- }
1472
- if (runtime.env && runtime.env.API_SERVER_PORT !== undefined) {
1473
- runtime.env.API_SERVER_PORT = String(newPort);
1474
- }
1475
- if (runtime.health && typeof runtime.health === "object" && runtime.health.port != null) {
1476
- runtime.health = { ...runtime.health, port: newPort };
1477
- }
1478
- }
1479
- // Each adapter owns its own Nomad job prefix, derived from the agent
1480
- // type (`hermes-<id>`, `openclaw-<id>`, …). Any new runtime should
1481
- // declare its own prefix here so job IDs are self-describing and
1482
- // multiple runtime kinds never collide in the Nomad Raft namespace.
1483
- nomadJobPrefix = "hermes-";
1484
- migrateStartup() {
1485
- migrateHermesImageTagIfNeeded();
1486
- }
1487
- // Inline chat forwarder dispatch — framework reads this from
1488
- // `routes/instances.ts:/api/instances/:id/agent/chat`. Declaring the
1489
- // descriptor (rather than hardcoding API_SERVER_KEY in the route) lets
1490
- // other OpenAI-compat agents plug in without touching framework code.
1491
- inlineChatDescriptor = {
1492
- apiKeyEnvVar: "API_SERVER_KEY",
1493
- endpointPath: "/v1/chat/completions",
1494
- };
1495
- async buildPairingListCommand(_instanceId) {
1496
- return ["hermes", "pairing", "list"];
1497
- }
1498
- async buildPairingApproveCommand(_instanceId, input) {
1499
- return ["hermes", "pairing", "approve", input.channel, input.code];
1500
- }
1501
- // ── §32.2.4 runtime install (aligned with OpenClaw pull flow) ─────────
1502
- //
1503
- // Pull-only flow — no local Dockerfile build fallback. Hermes ships as
1504
- // a ~2.4 GB pre-built image on GHCR; building from upstream source on
1505
- // a Raspberry Pi would take 20+ minutes and almost always fails on
1506
- // resource-constrained hardware. If the pull fails we return a clear
1507
- // error so the user can fix network / registry access rather than
1508
- // silently burning an hour on a futile source build.
1509
- //
1510
- // Steps:
1511
- // 1. docker image inspect — reuse existing local image if present
1512
- // 2. docker pull ghcr.io/x-aijishu/hermes-runtime:latest
1513
- // 3. capture RepoDigest for digest pinning (best-effort)
1514
- // 4. Copy templates/hermes-entrypoint.sh to ~/.jishushell/runtimes/hermes/
1515
- // 5. Write runtime catalog entry into core.json
1516
- async installRuntime(_opts) {
1517
- const task = createTask("hermes");
1518
- try {
1519
- await this.prepareHermesWithTask(task);
1520
- if (task.status === "error") {
1521
- return {
1522
- ok: false,
1523
- message: "Hermes installation failed",
1524
- taskId: task.id,
1525
- };
1526
- }
1527
- return {
1528
- ok: true,
1529
- message: "Hermes runtime installed",
1530
- taskId: task.id,
1531
- };
1532
- }
1533
- catch (e) {
1534
- emitTask(task, { type: "error", message: `Hermes 安装失败: ${e.message}` });
1535
- task.status = "error";
1536
- return {
1537
- ok: false,
1538
- message: "Hermes installation failed",
1539
- error: e.message,
1540
- taskId: task.id,
1541
- };
1542
- }
1543
- }
1544
- /**
1545
- * Non-blocking variant — returns a task id immediately and runs the
1546
- * install in the background. Matches OpenClaw's startBuildRuntimeImage.
1547
- */
1548
- startInstallRuntime(_opts) {
1549
- const task = createTask("hermes");
1550
- this.prepareHermesWithTask(task).catch((e) => {
1551
- // Mirror errors to stderr so post-mortem via journalctl works.
1552
- // Task events live in memory and vanish after TASK_MAX_AGE / core
1553
- // restart — leaving us blind if the UI stops polling before the
1554
- // failure arrives.
1555
- console.error(`[hermes] install failed (task=${task.id}):`, e?.stack || e?.message || e);
1556
- emitTask(task, { type: "error", message: `Hermes 安装失败: ${e?.message || e}` });
1557
- task.status = "error";
1558
- });
1559
- return { ok: true, message: "Hermes install started", taskId: task.id };
1560
- }
1561
- /**
1562
- * Shared helper that pulls (or builds) the Hermes runtime image and
1563
- * finalises the runtime catalog entry. Mirrors OpenClaw's
1564
- * `pullOrBuildOpenclawImageWithTask` so both runtimes expose the same
1565
- * install UX (local → pull → fallback build → digest pin).
1566
- */
1567
- async prepareHermesWithTask(task) {
1568
- emitTask(task, { type: "progress", message: "准备 Hermes runtime...", progress: 0 });
1569
- const invocation = resolveDockerInvocation();
1570
- // Always pull. When the image is already local and up-to-date with
1571
- // upstream, docker pull returns in a few seconds after a registry
1572
- // digest check — the trade is worthwhile because it keeps "reinstall"
1573
- // from turning into a three-second no-op. Failures are clearly
1574
- // reported instead of silently retrying with a local fallback: Hermes
1575
- // cannot be built locally (Python toolchain + wheels OOMs on Pi).
1576
- emitTask(task, {
1577
- type: "progress",
1578
- message: `拉取 Hermes 镜像: ${HERMES_DEFAULT_IMAGE} (已缓存时约 10s)...`,
1579
- progress: 10,
1580
- });
1581
- const pull = await spawnWithTask(task, invocation.cmd, [...invocation.argsPrefix, "pull", HERMES_DEFAULT_IMAGE], { timeout: 1800000 });
1582
- if (!pull.ok) {
1583
- console.error(`[hermes] docker pull failed for ${HERMES_DEFAULT_IMAGE} — output follows:\n${pull.output}`);
1584
- emitTask(task, {
1585
- type: "error",
1586
- message: `Hermes 镜像拉取失败。请检查网络/registry 认证,或手动执行: docker pull ${HERMES_DEFAULT_IMAGE}`,
1587
- });
1588
- task.status = "error";
1589
- return;
1590
- }
1591
- // 3. capture digest (best-effort)
1592
- emitTask(task, { type: "progress", message: "捕获镜像 digest...", progress: 75 });
1593
- const digest = captureImageDigest(HERMES_DEFAULT_IMAGE);
1594
- if (digest) {
1595
- emitTask(task, { type: "log", message: `Digest: ${digest}` });
1596
- }
1597
- else {
1598
- emitTask(task, {
1599
- type: "log",
1600
- message: "No RepoDigest available (local build); will use :latest tag",
1601
- });
1602
- }
1603
- // 4. pin the mutable tag to the image's LABEL version (e.g.
1604
- // ghcr.io/…:latest → ghcr.io/…:0.10.0). Parity with OpenClaw's
1605
- // migrateOpenclawImageTagIfNeeded: keeps core.json referencing an
1606
- // immutable tag so nothing — Nomad image_pull, doctor, UI — ever
1607
- // sees a mutable alias after install. No-op when the image was
1608
- // locally built or lacks the LABEL.
1609
- emitTask(task, { type: "progress", message: "锁定镜像版本标签...", progress: 85 });
1610
- const pinnedTag = pinHermesImageToLabeledVersion(HERMES_DEFAULT_IMAGE);
1611
- const storedImage = pinnedTag ?? HERMES_DEFAULT_IMAGE;
1612
- if (pinnedTag) {
1613
- emitTask(task, { type: "log", message: `Pinned tag: ${pinnedTag}` });
1614
- }
1615
- // 5. persist runtime catalog
1616
- // The shim is baked into the image (see Dockerfile.hermes-slim's
1617
- // COPY / LABEL). No host-side shim install needed anymore — we
1618
- // verify the official RepoDigest at buildRuntime()/onBeforeStart time.
1619
- emitTask(task, { type: "progress", message: "写入 runtime catalog...", progress: 95 });
1620
- setRuntimeCatalogEntry("hermes", {
1621
- ...HERMES_CATALOG_DEFAULTS,
1622
- defaultImage: storedImage,
1623
- ...(digest ? { defaultImageDigest: digest } : {}),
1624
- });
1625
- emitTask(task, {
1626
- type: "done",
1627
- message: digest
1628
- ? `Hermes 安装完成, 镜像已 pin 到 digest (tag=${storedImage})`
1629
- : `Hermes 安装完成 (tag=${storedImage})`,
1630
- progress: 100,
1631
- });
1632
- task.status = "done";
1633
- }
1634
- /**
1635
- * Hermes readiness: the image must retain an official RepoDigest from
1636
- * ghcr.io/x-aijishu/hermes-runtime. This accepts images pulled directly
1637
- * from our registry (and docker save/load copies that preserve RepoDigests)
1638
- * while rejecting arbitrary local retags that only look like Hermes runtime.
1639
- */
1640
- getInstallStatus() {
1641
- const entry = getRuntimeCatalogEntry("hermes");
1642
- const storedImage = typeof entry?.defaultImage === "string" ? entry.defaultImage.trim() : "";
1643
- if (storedImage) {
1644
- const digest = readOfficialHermesRepoDigest(storedImage);
1645
- if (digest) {
1646
- return {
1647
- installed: true,
1648
- imageReady: true,
1649
- version: imageTagVersion(storedImage),
1650
- digest: entry?.defaultImageDigest ?? digest,
1651
- };
1652
- }
1653
- const localImage = findLocalHermesImage();
1654
- if (localImage) {
1655
- persistHermesCatalogForImage(localImage.image, entry, localImage.digest);
1656
- return {
1657
- installed: true,
1658
- imageReady: true,
1659
- version: imageTagVersion(localImage.image),
1660
- digest: localImage.digest,
1661
- };
1662
- }
1663
- return {
1664
- installed: true,
1665
- imageReady: false,
1666
- version: imageTagVersion(storedImage),
1667
- digest: entry?.defaultImageDigest,
1668
- };
1669
- }
1670
- const localImage = findLocalHermesImage();
1671
- if (!localImage)
1672
- return { installed: false, imageReady: false };
1673
- persistHermesCatalogForImage(localImage.image, entry, localImage.digest);
1674
- return {
1675
- installed: true,
1676
- imageReady: true,
1677
- version: imageTagVersion(localImage.image),
1678
- digest: localImage.digest,
1679
- };
1680
- }
1681
- }
1682
- export const hermesAdapter = new HermesAdapter();
1683
- registerAdapter(hermesAdapter);
1684
- //# sourceMappingURL=hermes.js.map