npm - mnemospark - Versions diffs - 1.2.0 → 1.2.2 - Mend

mnemospark 1.2.0 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/README.md +48 -12
package/dist/cli.js +135 -41
package/dist/cli.js.map +1 -1
package/dist/index.js +135 -41
package/dist/index.js.map +1 -1
package/openclaw.plugin.json +1 -1
package/package.json +1 -1
package/skills/mnemospark/SKILL.md +4 -2
package/skills/mnemospark/references/commands.md +1 -1
package/scripts/README.md +0 -55
package/scripts/install-aws-cli.sh +0 -28
package/scripts/install-jq.sh +0 -13
package/scripts/install-pnpm.sh +0 -20
package/scripts/reinstall.sh +0 -102
package/scripts/uninstall.sh +0 -67
package/scripts/verify-dev-tools.sh +0 -56

package/dist/index.js CHANGED Viewed

@@ -202,6 +202,10 @@ var PROXY_PORT = (() => {
   return DEFAULT_PORT;
 })();
 var MNEMOSPARK_BACKEND_API_BASE_URL = (process.env.MNEMOSPARK_BACKEND_API_BASE_URL ?? "").trim();
+var MNEMOSPARK_PROXY_VERBOSE_404 = (() => {
+  const v = process.env.MNEMOSPARK_PROXY_VERBOSE_404?.trim().toLowerCase();
+  return v === "1" || v === "true" || v === "yes";
+})();
 // src/mnemospark-request-sign.ts
 import { getAddress } from "viem";
@@ -1778,8 +1782,15 @@ async function readProxyJsonBody(req) {
   }
   return JSON.parse(bodyText);
 }
+function createJsonResponseHeaders() {
+  return {
+    "Content-Type": "application/json",
+    "X-Content-Type-Options": "nosniff",
+    "Cache-Control": "no-store"
+  };
+}
 function sendJson(res, status, body) {
-  res.writeHead(status, { "Content-Type": "application/json" });
+  res.writeHead(status, createJsonResponseHeaders());
   res.end(JSON.stringify(body));
 }
 function logProxyEvent(level, event, fields = {}) {
@@ -1839,7 +1850,9 @@ function isAlreadySettledConflict(status, bodyText) {
 }
 function createBackendForwardHeaders(response) {
   const responseHeaders = {
-    "Content-Type": response.contentType
+    "Content-Type": response.contentType,
+    "X-Content-Type-Options": "nosniff",
+    "Cache-Control": "no-store"
   };
   if (response.paymentRequired) {
     responseHeaders["PAYMENT-REQUIRED"] = response.paymentRequired;
@@ -1877,6 +1890,10 @@ function createWalletRequiredBody() {
     message: "wallet required for storage endpoints"
   });
 }
+function sendWalletRequired(res) {
+  res.writeHead(400, createJsonResponseHeaders());
+  res.end(createWalletRequiredBody());
+}
 function getProxyPort() {
   return PROXY_PORT;
 }
@@ -1976,6 +1993,18 @@ async function startProxy(options) {
         }
         correlation.wallet_address = requestPayload.wallet_address;
         correlation.object_id = requestPayload.object_id;
+        if (requestPayload.wallet_address.toLowerCase() !== proxyWalletAddressLower) {
+          logProxyEvent("warn", "proxy_price_storage_wallet_mismatch", {
+            request_wallet: requestPayload.wallet_address,
+            proxy_wallet: account.address
+          });
+          emitProxyTerminalFromStatus(correlation, 403, { reason: "wallet_mismatch" });
+          sendJson(res, 403, {
+            error: "wallet_proof_invalid",
+            message: "wallet proof invalid"
+          });
+          return;
+        }
         emitProxyEvent("storage.call", "start", correlation, { target: "price-storage" });
         const walletSignature = await createBackendWalletSignature(
           "POST",
@@ -1984,8 +2013,7 @@ async function startProxy(options) {
         );
         if (!walletSignature) {
           logProxyEvent("warn", "proxy_price_storage_wallet_signature_missing");
-          res.writeHead(400, { "Content-Type": "application/json" });
-          res.end(createWalletRequiredBody());
+          sendWalletRequired(res);
           emitProxyTerminalFromStatus(correlation, 400, { reason: "wallet_signature_missing" });
           return;
         }
@@ -2134,8 +2162,7 @@ async function startProxy(options) {
         );
         if (!walletSignature) {
           logProxyEvent("warn", "proxy_payment_settle_wallet_signature_missing");
-          res.writeHead(400, { "Content-Type": "application/json" });
-          res.end(createWalletRequiredBody());
+          sendWalletRequired(res);
           emitProxyTerminalFromStatus(correlation, 400, { reason: "wallet_signature_missing" });
           return;
         }
@@ -2243,8 +2270,7 @@ async function startProxy(options) {
         );
         if (!walletSignature) {
           logProxyEvent("warn", "proxy_upload_wallet_signature_missing");
-          res.writeHead(400, { "Content-Type": "application/json" });
-          res.end(createWalletRequiredBody());
+          sendWalletRequired(res);
           emitProxyTerminalFromStatus(correlation, 400, { reason: "wallet_signature_missing" });
           return;
         }
@@ -2291,8 +2317,7 @@ async function startProxy(options) {
         );
         if (!settleWalletSignature) {
           logProxyEvent("warn", "proxy_upload_settle_signature_missing");
-          res.writeHead(400, { "Content-Type": "application/json" });
-          res.end(createWalletRequiredBody());
+          sendWalletRequired(res);
           emitProxyTerminalFromStatus(correlation, 400, { reason: "settle_signature_missing" });
           return;
         }
@@ -2432,8 +2457,7 @@ async function startProxy(options) {
         );
         if (!walletSignature) {
           logProxyEvent("warn", "proxy_upload_confirm_wallet_signature_missing");
-          res.writeHead(400, { "Content-Type": "application/json" });
-          res.end(createWalletRequiredBody());
+          sendWalletRequired(res);
           emitProxyTerminalFromStatus(correlation, 400, { reason: "wallet_signature_missing" });
           return;
         }
@@ -2527,8 +2551,7 @@ async function startProxy(options) {
         );
         if (!walletSignature) {
           logProxyEvent("warn", "proxy_ls_wallet_signature_missing");
-          res.writeHead(400, { "Content-Type": "application/json" });
-          res.end(createWalletRequiredBody());
+          sendWalletRequired(res);
           emitProxyTerminalFromStatus(correlation, 400, { reason: "wallet_signature_missing" });
           return;
         }
@@ -2622,8 +2645,7 @@ async function startProxy(options) {
         );
         if (!walletSignature) {
           logProxyEvent("warn", "proxy_download_wallet_signature_missing");
-          res.writeHead(400, { "Content-Type": "application/json" });
-          res.end(createWalletRequiredBody());
+          sendWalletRequired(res);
           emitProxyTerminalFromStatus(correlation, 400, { reason: "wallet_signature_missing" });
           return;
         }
@@ -2739,8 +2761,7 @@ async function startProxy(options) {
         );
         if (!walletSignature) {
           logProxyEvent("warn", "proxy_delete_wallet_signature_missing");
-          res.writeHead(400, { "Content-Type": "application/json" });
-          res.end(createWalletRequiredBody());
+          sendWalletRequired(res);
           emitProxyTerminalFromStatus(correlation, 400, { reason: "wallet_signature_missing" });
           return;
         }
@@ -2810,10 +2831,14 @@ async function startProxy(options) {
       sendJson(res, 200, response);
       return;
     }
-    sendJson(res, 404, {
-      error: "Not found",
-      message: "Supported paths: /health and /mnemospark/* storage endpoints"
-    });
+    if (MNEMOSPARK_PROXY_VERBOSE_404) {
+      sendJson(res, 404, {
+        error: "Not found",
+        message: "Supported paths: /health and /mnemospark/* storage endpoints"
+      });
+    } else {
+      sendJson(res, 404, { error: "Not found" });
+    }
   });
   const tryListen = (attempt) => {
     return new Promise((resolveAttempt, rejectAttempt) => {
@@ -4159,7 +4184,8 @@ var priceStorageSchema = {
   args: [
     { name: "wallet-address", aliases: ["wallet"], required: true },
     { name: "object-id", aliases: ["object"], required: true },
-    { name: "object-id-hash", aliases: ["hash"], required: true },
+    // Optional: omit when the object exists in local SQLite after backup; CLI resolves sha256 from state.db.
+    { name: "object-id-hash", aliases: ["hash"] },
     { name: "gb", required: true },
     { name: "provider", required: true },
     { name: "region", required: true }
@@ -4251,7 +4277,7 @@ var TAR_OVERHEAD_BYTES = 10 * 1024 * 1024;
 var QUOTE_VALIDITY_USER_NOTE = "Quotes are valid for one hour. Please run price-storage again if you need a new quote.";
 var MNEMOSPARK_SUPPORT_EMAIL = "pluggedin@mnemospark.ai";
 var CLOUD_HELP_FOOTER_STATE = "Local state: mnemospark records quotes, objects, payments, cron jobs, friendly names, and operation metadata in ~/.openclaw/mnemospark/state.db (SQLite). For troubleshooting and correlation, commands and the HTTP proxy append structured JSON lines to ~/.openclaw/mnemospark/events.jsonl. Monthly storage billing jobs are listed in ~/.openclaw/cron/jobs.json for OpenClaw scheduling.";
-var REQUIRED_PRICE_STORAGE = "wallet-address:, object-id:, object-id-hash:, gb:, provider:, region:";
+var REQUIRED_PRICE_STORAGE = "wallet-address:, object-id:, gb:, provider:, region: (object-id-hash: optional if the object exists in local SQLite after backup)";
 var REQUIRED_UPLOAD = "quote-id:, wallet-address:, object-id:, object-id-hash:";
 var REQUIRED_BACKUP = "<file|directory> and name:<friendly-name>";
 var REQUIRED_PAYMENT_SETTLE = "wallet-address: and (quote-id: | renewal:true with object-key:)";
@@ -4281,10 +4307,10 @@ var CLOUD_HELP_TEXT = [
   "  Purpose: create a local tar+gzip archive under ~/.openclaw/mnemospark/backup (filename from sanitized friendly name) and record metadata in SQLite for later price-storage and upload.",
   "  Required: " + REQUIRED_BACKUP,
   "",
-  "\u2022 `/mnemospark cloud price-storage wallet-address:<addr> object-id:<id> object-id-hash:<hash> gb:<gb> provider:aws region:us-east-1`",
-  "  Purpose: request a storage quote before upload (defaults shown; override `provider:` / `region:` for other regions).",
+  "\u2022 `/mnemospark cloud price-storage wallet-address:<addr> object-id:<id> [object-id-hash:<hash>] gb:<gb> provider:aws region:us-east-1`",
+  "  Purpose: request a storage quote before upload (defaults shown; override `provider:` / `region:` for other regions). Omit `object-id-hash:` when the object is already in local SQLite (e.g. after backup); mnemospark reads sha256 from ~/.openclaw/mnemospark/state.db.",
   "  Required: " + REQUIRED_PRICE_STORAGE,
-  "  Shorter: `wallet:\u2026 object:\u2026 hash:\u2026 gb:\u2026 provider:\u2026 region:\u2026`",
+  "  Shorter: `wallet:\u2026 object:\u2026 [hash:\u2026] gb:\u2026 provider:\u2026 region:\u2026`",
   "",
   "\u2022 `/mnemospark cloud upload quote-id:<quote-id> wallet-address:<addr> object-id:<id> object-id-hash:<hash> [name:<friendly-name>] [async:true] [orchestrator:<inline|subagent>] [timeout-seconds:<n>]`",
   "  Purpose: upload an encrypted object using a valid quote-id.",
@@ -4495,6 +4521,41 @@ function stripAsyncControlFlags(args) {
 function mergeArgParseWarnings(a, b) {
   return [...a, ...b];
 }
+async function resolvePriceStorageHashFromDatastore(datastore, partial) {
+  await datastore.ensureReady();
+  const row = await datastore.findObjectById(partial.object_id.trim());
+  const wallet = partial.wallet_address.trim().toLowerCase();
+  if (!row) {
+    return {
+      ok: false,
+      message: "Cannot resolve object-id-hash: no object found in local SQLite for this object-id. Run backup first, or pass --object-id-hash explicitly."
+    };
+  }
+  if (row.wallet_address.trim().toLowerCase() !== wallet) {
+    return {
+      ok: false,
+      message: "Cannot resolve object-id-hash: wallet-address does not match the object record in ~/.openclaw/mnemospark/state.db."
+    };
+  }
+  const sha = row.sha256?.trim();
+  if (!sha) {
+    return {
+      ok: false,
+      message: "Cannot resolve object-id-hash: local object record has no sha256 yet. Run backup first, or pass --object-id-hash explicitly."
+    };
+  }
+  return {
+    ok: true,
+    request: {
+      wallet_address: partial.wallet_address.trim(),
+      object_id: partial.object_id.trim(),
+      object_id_hash: sha.replace(/\s/g, ""),
+      gb: partial.gb,
+      provider: partial.provider.trim(),
+      region: partial.region.trim()
+    }
+  };
+}
 function parseCloudArgs(args) {
   const trimmed = args?.trim() ?? "";
   if (!trimmed) {
@@ -4564,18 +4625,38 @@ function parseCloudArgs(args) {
     }
     const flags = valuesToStringRecord(parsed.values);
     const gb = Number.parseFloat(flags.gb ?? "");
-    const request = parsePriceStorageQuoteRequest({
-      wallet_address: flags["wallet-address"],
-      object_id: flags["object-id"],
-      object_id_hash: flags["object-id-hash"],
-      gb,
-      provider: flags.provider,
-      region: flags.region
-    });
-    if (!request) {
+    const hashRaw = flags["object-id-hash"]?.trim();
+    const walletAddress = flags["wallet-address"]?.trim();
+    const objectId = flags["object-id"]?.trim();
+    const provider = flags.provider?.trim();
+    const region = flags.region?.trim();
+    if (!walletAddress || !objectId || !provider || !region || !Number.isFinite(gb)) {
       return { mode: "price-storage-invalid" };
     }
-    return { mode: "price-storage", priceStorageRequest: request };
+    if (hashRaw) {
+      const request = parsePriceStorageQuoteRequest({
+        wallet_address: walletAddress,
+        object_id: objectId,
+        object_id_hash: hashRaw,
+        gb,
+        provider,
+        region
+      });
+      if (!request) {
+        return { mode: "price-storage-invalid" };
+      }
+      return { mode: "price-storage", priceStorageRequest: request };
+    }
+    return {
+      mode: "price-storage-resolve-hash",
+      priceStoragePartial: {
+        wallet_address: walletAddress,
+        object_id: objectId,
+        gb,
+        provider,
+        region
+      }
+    };
   }
   if (subcommand === "upload") {
     const parsed = parseCommandArgs(rest, uploadSchema);
@@ -6712,10 +6793,23 @@ operation-id: ${operationId}`,
       };
     }
   }
-  if (parsed.mode === "price-storage") {
+  if (parsed.mode === "price-storage" || parsed.mode === "price-storage-resolve-hash") {
+    let priceStorageRequest;
+    if (parsed.mode === "price-storage-resolve-hash") {
+      const resolved = await resolvePriceStorageHashFromDatastore(
+        datastore,
+        parsed.priceStoragePartial
+      );
+      if (!resolved.ok) {
+        return { text: resolved.message, isError: true };
+      }
+      priceStorageRequest = resolved.request;
+    } else {
+      priceStorageRequest = parsed.priceStorageRequest;
+    }
     const correlation = buildRequestCorrelation();
     try {
-      const quote = await requestPriceStorageQuote(parsed.priceStorageRequest, {
+      const quote = await requestPriceStorageQuote(priceStorageRequest, {
         ...options.proxyQuoteOptions,
         correlation
       });
@@ -6773,8 +6867,8 @@ operation-id: ${operationId}`,
         {
           operation_id: correlation.operationId,
           trace_id: correlation.traceId,
-          wallet_address: parsed.priceStorageRequest.wallet_address,
-          object_id: parsed.priceStorageRequest.object_id,
+          wallet_address: priceStorageRequest.wallet_address,
+          object_id: priceStorageRequest.object_id,
           status: "failed"
         },
         mnemosparkHomeDir