npm - mnemospark - Versions diffs - 1.2.0 → 1.2.1 - Mend

mnemospark 1.2.0 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md CHANGED Viewed

@@ -52,9 +52,32 @@ openclaw gateway restart
 ---
+## Slash command reference
+**Syntax**
+- **Chat / OpenClaw (primary):** use `key:value` for arguments (for example `wallet-address:0x…`, `region:us-east-1`). `key=value` is also accepted.
+- **Agent-driven workflows and CLI-style usage:** prefer `--parameter value` (as in the Core Commands examples and `npx mnemospark`).
+**Top-level routes** (after `/mnemospark`)
+- `/mnemospark` or `/mnemospark help` — overview
+- `/mnemospark cloud …` — cloud storage (see below)
+- `/mnemospark wallet …` — wallet helpers
+**`/mnemospark cloud`** — includes: `cloud` / `cloud help`, `backup`, `price-storage`, `upload`, `payment-settle`, `ls`, `download`, `delete`, `op-status`. Optional flags include `async:true`, `orchestrator:inline|subagent`, `timeout-seconds:<n>`. For the full cloud guide, run `/mnemospark cloud help` in chat.
+**`/mnemospark wallet`**
+- `/mnemospark wallet` — address, balance, and key file path
+- `/mnemospark wallet help` — command list and funding link
+- `/mnemospark wallet export` — export private key for backup (sensitive)
+---
 ## Core Commands
-Use via `/mnemospark cloud …` (or `/mnemospark wallet …`) in OpenClaw chat.
+Use via `/mnemospark cloud …` (or `/mnemospark wallet …`) in OpenClaw chat. Prefer `key:value` in chat; use `--wallet-address` style for scripted or agent-driven flows.
 ### Get a storage quote
@@ -128,6 +151,7 @@ Optional unless noted. All names use the `MNEMOSPARK_` prefix.
 | `MNEMOSPARK_DISABLED`             | Set to `true` or `1` to disable plugin registration.                                                                                                                                                                                      |
 | `MNEMOSPARK_DISABLE_SQLITE`       | Set to `1` to disable local SQLite (`state.db`); cloud commands that need local state will fail.                                                                                                                                          |
 | `MNEMOSPARK_SQLITE_STRICT`        | Set to `1` so certain SQLite consistency checks (e.g. friendly-name verification after upload) throw instead of warning.                                                                                                                  |
+| `MNEMOSPARK_PROXY_VERBOSE_404`    | When `1`, `true`, or `yes`, the local HTTP proxy includes a `message` field on **404** responses describing supported paths. Default (unset) is a generic JSON body `{ "error": "Not found" }` only (reduces reconnaissance).             |
 ---

package/dist/cli.js CHANGED Viewed

@@ -157,6 +157,10 @@ var PROXY_PORT = (() => {
   return DEFAULT_PORT;
 })();
 var MNEMOSPARK_BACKEND_API_BASE_URL = (process.env.MNEMOSPARK_BACKEND_API_BASE_URL ?? "").trim();
+var MNEMOSPARK_PROXY_VERBOSE_404 = (() => {
+  const v = process.env.MNEMOSPARK_PROXY_VERBOSE_404?.trim().toLowerCase();
+  return v === "1" || v === "true" || v === "yes";
+})();
 // src/mnemospark-request-sign.ts
 import { getAddress } from "viem";
@@ -1733,8 +1737,15 @@ async function readProxyJsonBody(req) {
   }
   return JSON.parse(bodyText);
 }
+function createJsonResponseHeaders() {
+  return {
+    "Content-Type": "application/json",
+    "X-Content-Type-Options": "nosniff",
+    "Cache-Control": "no-store"
+  };
+}
 function sendJson(res, status, body) {
-  res.writeHead(status, { "Content-Type": "application/json" });
+  res.writeHead(status, createJsonResponseHeaders());
   res.end(JSON.stringify(body));
 }
 function logProxyEvent(level, event, fields = {}) {
@@ -1794,7 +1805,9 @@ function isAlreadySettledConflict(status, bodyText) {
 }
 function createBackendForwardHeaders(response) {
   const responseHeaders = {
-    "Content-Type": response.contentType
+    "Content-Type": response.contentType,
+    "X-Content-Type-Options": "nosniff",
+    "Cache-Control": "no-store"
   };
   if (response.paymentRequired) {
     responseHeaders["PAYMENT-REQUIRED"] = response.paymentRequired;
@@ -1832,6 +1845,10 @@ function createWalletRequiredBody() {
     message: "wallet required for storage endpoints"
   });
 }
+function sendWalletRequired(res) {
+  res.writeHead(400, createJsonResponseHeaders());
+  res.end(createWalletRequiredBody());
+}
 function getProxyPort() {
   return PROXY_PORT;
 }
@@ -1931,6 +1948,18 @@ async function startProxy(options) {
         }
         correlation.wallet_address = requestPayload.wallet_address;
         correlation.object_id = requestPayload.object_id;
+        if (requestPayload.wallet_address.toLowerCase() !== proxyWalletAddressLower) {
+          logProxyEvent("warn", "proxy_price_storage_wallet_mismatch", {
+            request_wallet: requestPayload.wallet_address,
+            proxy_wallet: account.address
+          });
+          emitProxyTerminalFromStatus(correlation, 403, { reason: "wallet_mismatch" });
+          sendJson(res, 403, {
+            error: "wallet_proof_invalid",
+            message: "wallet proof invalid"
+          });
+          return;
+        }
         emitProxyEvent("storage.call", "start", correlation, { target: "price-storage" });
         const walletSignature = await createBackendWalletSignature(
           "POST",
@@ -1939,8 +1968,7 @@ async function startProxy(options) {
         );
         if (!walletSignature) {
           logProxyEvent("warn", "proxy_price_storage_wallet_signature_missing");
-          res.writeHead(400, { "Content-Type": "application/json" });
-          res.end(createWalletRequiredBody());
+          sendWalletRequired(res);
           emitProxyTerminalFromStatus(correlation, 400, { reason: "wallet_signature_missing" });
           return;
         }
@@ -2089,8 +2117,7 @@ async function startProxy(options) {
         );
         if (!walletSignature) {
           logProxyEvent("warn", "proxy_payment_settle_wallet_signature_missing");
-          res.writeHead(400, { "Content-Type": "application/json" });
-          res.end(createWalletRequiredBody());
+          sendWalletRequired(res);
           emitProxyTerminalFromStatus(correlation, 400, { reason: "wallet_signature_missing" });
           return;
         }
@@ -2198,8 +2225,7 @@ async function startProxy(options) {
         );
         if (!walletSignature) {
           logProxyEvent("warn", "proxy_upload_wallet_signature_missing");
-          res.writeHead(400, { "Content-Type": "application/json" });
-          res.end(createWalletRequiredBody());
+          sendWalletRequired(res);
           emitProxyTerminalFromStatus(correlation, 400, { reason: "wallet_signature_missing" });
           return;
         }
@@ -2246,8 +2272,7 @@ async function startProxy(options) {
         );
         if (!settleWalletSignature) {
           logProxyEvent("warn", "proxy_upload_settle_signature_missing");
-          res.writeHead(400, { "Content-Type": "application/json" });
-          res.end(createWalletRequiredBody());
+          sendWalletRequired(res);
           emitProxyTerminalFromStatus(correlation, 400, { reason: "settle_signature_missing" });
           return;
         }
@@ -2387,8 +2412,7 @@ async function startProxy(options) {
         );
         if (!walletSignature) {
           logProxyEvent("warn", "proxy_upload_confirm_wallet_signature_missing");
-          res.writeHead(400, { "Content-Type": "application/json" });
-          res.end(createWalletRequiredBody());
+          sendWalletRequired(res);
           emitProxyTerminalFromStatus(correlation, 400, { reason: "wallet_signature_missing" });
           return;
         }
@@ -2482,8 +2506,7 @@ async function startProxy(options) {
         );
         if (!walletSignature) {
           logProxyEvent("warn", "proxy_ls_wallet_signature_missing");
-          res.writeHead(400, { "Content-Type": "application/json" });
-          res.end(createWalletRequiredBody());
+          sendWalletRequired(res);
           emitProxyTerminalFromStatus(correlation, 400, { reason: "wallet_signature_missing" });
           return;
         }
@@ -2577,8 +2600,7 @@ async function startProxy(options) {
         );
         if (!walletSignature) {
           logProxyEvent("warn", "proxy_download_wallet_signature_missing");
-          res.writeHead(400, { "Content-Type": "application/json" });
-          res.end(createWalletRequiredBody());
+          sendWalletRequired(res);
           emitProxyTerminalFromStatus(correlation, 400, { reason: "wallet_signature_missing" });
           return;
         }
@@ -2694,8 +2716,7 @@ async function startProxy(options) {
         );
         if (!walletSignature) {
           logProxyEvent("warn", "proxy_delete_wallet_signature_missing");
-          res.writeHead(400, { "Content-Type": "application/json" });
-          res.end(createWalletRequiredBody());
+          sendWalletRequired(res);
           emitProxyTerminalFromStatus(correlation, 400, { reason: "wallet_signature_missing" });
           return;
         }
@@ -2765,10 +2786,14 @@ async function startProxy(options) {
       sendJson(res, 200, response);
       return;
     }
-    sendJson(res, 404, {
-      error: "Not found",
-      message: "Supported paths: /health and /mnemospark/* storage endpoints"
-    });
+    if (MNEMOSPARK_PROXY_VERBOSE_404) {
+      sendJson(res, 404, {
+        error: "Not found",
+        message: "Supported paths: /health and /mnemospark/* storage endpoints"
+      });
+    } else {
+      sendJson(res, 404, { error: "Not found" });
+    }
   });
   const tryListen = (attempt) => {
     return new Promise((resolveAttempt, rejectAttempt) => {