miladyai 2.0.0-alpha.27

package/dist/runtime/custom-actions.js

@@ -0,0 +1,250 @@
+import { loadMiladyConfig } from "../config/config.js";
+import { isBlockedPrivateOrLinkLocalIp, normalizeHostLike } from "../security/network-policy.js";
+import { lookup } from "node:dns/promises";
+import net from "node:net";
+
+//#region src/runtime/custom-actions.ts
+/**
+* Custom Actions runtime loader.
+*
+* Converts `CustomActionDef[]` from config into ElizaOS `Action[]` objects
+* so the agent can use them in conversations.
+*
+* @module runtime/custom-actions
+*/
+/** Cached runtime reference for hot-registration of new actions. */
+let _runtime = null;
+/**
+* Store the runtime reference so we can hot-register actions later.
+* Called once from plugin.init().
+*/
+function setCustomActionsRuntime(runtime) {
+	_runtime = runtime;
+}
+/**
+* Hot-register a CustomActionDef into the running agent.
+* Returns the ElizaOS Action that was registered, or null if no runtime.
+*/
+function registerCustomActionLive(def) {
+	if (!_runtime) return null;
+	const action = defToAction(def);
+	_runtime.registerAction(action);
+	return action;
+}
+/** API port for shell handler requests. */
+const API_PORT = process.env.API_PORT || process.env.SERVER_PORT || "2138";
+/** Valid handler types that we actually support. */
+const VALID_HANDLER_TYPES = new Set([
+	"http",
+	"shell",
+	"code"
+]);
+let vmRunner = null;
+function resolveFetchInputUrl(input) {
+	if (typeof input === "string") return input;
+	if (input instanceof URL) return input.toString();
+	if (typeof Request !== "undefined" && input instanceof Request) return input.url;
+	return null;
+}
+async function safeCodeFetch(input, init) {
+	const url = resolveFetchInputUrl(input);
+	if (!url || await isBlockedUrl(url)) throw new Error("Blocked: cannot make requests to internal network addresses");
+	const response = await fetch(input, {
+		...init,
+		redirect: "manual"
+	});
+	if (response.status >= 300 && response.status < 400) throw new Error("Blocked: redirects are not allowed for code custom actions");
+	return response;
+}
+async function runCodeHandler(code, params) {
+	if (typeof process === "undefined" || !process.versions?.node) throw new Error("Code actions are only supported in Node runtimes.");
+	if (!vmRunner) vmRunner = await import("node:vm");
+	const script = `(async () => { ${code} })();`;
+	const context = {
+		params,
+		fetch: safeCodeFetch
+	};
+	return await vmRunner.runInNewContext(`"use strict"; ${script}`, context, {
+		filename: "milady-custom-action",
+		timeout: 3e4
+	});
+}
+/**
+* Shell-escape a value so it can be safely interpolated into a shell command.
+* Wraps in single quotes and escapes any embedded single quotes.
+*/
+function shellEscape(value) {
+	return `'${value.replace(/'/g, "'\\''")}'`;
+}
+function isBlockedIp(ip) {
+	return isBlockedPrivateOrLinkLocalIp(ip);
+}
+/**
+* Check whether a URL targets a private/internal network (SSRF guard).
+* Blocks loopback, link-local, and RFC-1918 ranges except our own API.
+* Resolves hostnames to concrete IPs to prevent DNS-alias bypasses.
+*/
+async function isBlockedUrl(url) {
+	try {
+		const parsed = new URL(url);
+		const hostname = normalizeHostLike(parsed.hostname);
+		if ((hostname === "localhost" || hostname === "127.0.0.1" || hostname === "::1") && parsed.port === String(API_PORT)) return false;
+		if (hostname === "localhost" || hostname === "127.0.0.1" || hostname === "::1" || hostname === "0.0.0.0" || hostname.endsWith(".local") || hostname === "[::1]" || hostname === "metadata.google.internal" || hostname === "169.254.169.254") return true;
+		if (net.isIP(hostname)) return isBlockedIp(hostname);
+		const records = await lookup(hostname, { all: true });
+		const addresses = Array.isArray(records) ? records : [records];
+		for (const entry of addresses) if (isBlockedIp(entry.address)) return true;
+		return false;
+	} catch {
+		return true;
+	}
+}
+/**
+* Build an async handler function from a CustomActionHandler definition.
+*/
+function buildHandler(handler, paramDefs) {
+	if (!VALID_HANDLER_TYPES.has(handler.type)) return async () => ({
+		ok: false,
+		output: `Unsupported handler type: ${handler.type}`
+	});
+	switch (handler.type) {
+		case "http": return async (params) => {
+			let url = handler.url;
+			let body = handler.bodyTemplate ?? "";
+			const headers = { ...handler.headers };
+			for (const p of paramDefs) {
+				const value = params[p.name] ?? "";
+				url = url.replaceAll(`{{${p.name}}}`, encodeURIComponent(value));
+				body = body.replaceAll(`{{${p.name}}}`, value);
+			}
+			if (await isBlockedUrl(url)) return {
+				ok: false,
+				output: "Blocked: cannot make requests to internal network addresses"
+			};
+			if (!headers["Content-Type"] && body) headers["Content-Type"] = "application/json";
+			const fetchOpts = {
+				method: handler.method || "GET",
+				headers,
+				redirect: "manual"
+			};
+			if (body && handler.method !== "GET" && handler.method !== "HEAD") fetchOpts.body = body;
+			const response = await fetch(url, fetchOpts);
+			if (response.status >= 300 && response.status < 400) return {
+				ok: false,
+				output: "Blocked: redirects are not allowed for HTTP custom actions"
+			};
+			const text = await response.text();
+			return {
+				ok: response.ok,
+				output: text.slice(0, 4e3)
+			};
+		};
+		case "shell": return async (params) => {
+			let command = handler.command;
+			for (const p of paramDefs) {
+				const value = params[p.name] ?? "";
+				command = command.replaceAll(`{{${p.name}}}`, shellEscape(value));
+			}
+			const response = await fetch(`http://localhost:${API_PORT}/api/terminal/run`, {
+				method: "POST",
+				headers: (() => {
+					const headers = { "Content-Type": "application/json" };
+					const token = process.env.MILADY_API_TOKEN?.trim();
+					if (token) headers.Authorization = /^Bearer\s+/i.test(token) ? token : `Bearer ${token}`;
+					return headers;
+				})(),
+				body: JSON.stringify({
+					command,
+					clientId: "runtime-shell-action"
+				})
+			});
+			if (!response.ok) return {
+				ok: false,
+				output: `Terminal request failed: HTTP ${response.status}`
+			};
+			return {
+				ok: true,
+				output: `Executed: ${command}`
+			};
+		};
+		case "code": return async (params) => {
+			const result = await runCodeHandler(handler.code, params);
+			return {
+				ok: true,
+				output: (result !== void 0 ? String(result) : "Done").slice(0, 4e3)
+			};
+		};
+		default: return async () => ({
+			ok: false,
+			output: "Unknown handler type"
+		});
+	}
+}
+/**
+* Convert a single CustomActionDef into an ElizaOS Action.
+*/
+function defToAction(def) {
+	const handler = buildHandler(def.handler, def.parameters);
+	return {
+		name: def.name,
+		similes: def.similes ?? [],
+		description: def.description,
+		validate: async () => true,
+		handler: async (_runtime, _message, _state, options) => {
+			try {
+				const opts = options;
+				const params = {};
+				for (const p of def.parameters) {
+					const value = opts?.parameters?.[p.name];
+					if (typeof value === "string") params[p.name] = value;
+					else if (value !== void 0 && value !== null) params[p.name] = String(value);
+					else if (p.required) return {
+						text: `Missing required parameter: ${p.name}`,
+						success: false
+					};
+				}
+				const result = await handler(params);
+				return {
+					text: result.output,
+					success: result.ok,
+					data: {
+						actionId: def.id,
+						params
+					}
+				};
+			} catch (err) {
+				return {
+					text: `Action failed: ${err instanceof Error ? err.message : String(err)}`,
+					success: false
+				};
+			}
+		},
+		parameters: def.parameters.map((p) => ({
+			name: p.name,
+			description: p.description,
+			required: p.required,
+			schema: { type: "string" }
+		}))
+	};
+}
+/**
+* Load custom actions from config and convert them to ElizaOS Action objects.
+* Only returns enabled actions.
+*/
+function loadCustomActions() {
+	try {
+		return (loadMiladyConfig().customActions ?? []).filter((d) => d.enabled).map(defToAction);
+	} catch {
+		return [];
+	}
+}
+/**
+* Build a temporary handler for testing a custom action definition.
+* Used by the test endpoint to execute an action with sample params.
+*/
+function buildTestHandler(def) {
+	return buildHandler(def.handler, def.parameters);
+}
+
+//#endregion
+export { buildTestHandler, loadCustomActions, registerCustomActionLive, setCustomActionsRuntime };