npm - ofiere-openclaw-plugin - Versions diffs - 4.50.0-probe.0 → 4.50.0-probe.2 - Mend

ofiere-openclaw-plugin 4.50.0-probe.0 → 4.50.0-probe.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/index.js +82 -0
package/dist/src/agent-resolver.js +75 -0
package/dist/src/agent-tier.js +147 -0
package/dist/src/attach-token.js +71 -0
package/dist/src/attachments.js +466 -0
package/dist/src/cli.js +208 -0
package/dist/src/config.js +59 -0
package/dist/src/prompt.js +229 -0
package/dist/src/sop-render.js +190 -0
package/dist/src/staffPersona.js +189 -0
package/dist/src/supabase.js +10 -0
package/dist/src/tools.js +6985 -0
package/dist/src/types.js +1 -0
package/openclaw.plugin.json +23 -0
package/package.json +8 -2
package/src/tools.ts +5 -4
package/tsconfig.json +6 -2

package/dist/index.js ADDED Viewed

@@ -0,0 +1,82 @@
+// index.ts — Ofiere PM Plugin for OpenClaw
+// Matches Composio plugin pattern: plain object export + api.on()
+import { parseOfiereConfig } from "./src/config.js";
+import { getSupabase } from "./src/supabase.js";
+import { registerTools, probeApiForAgentName } from "./src/tools.js";
+import { getSystemPrompt } from "./src/prompt.js";
+import { registerCli } from "./src/cli.js";
+import { seedAgentCache } from "./src/agent-resolver.js";
+const ofierePlugin = {
+    id: "ofiere",
+    name: "Ofiere PM",
+    description: "Manage Ofiere PM tasks, agents, and projects directly from the agent. " +
+        "Create tasks, update progress, assign agents — all synced to the dashboard in real time.",
+    register(api) {
+        const config = parseOfiereConfig(api.pluginConfig);
+        // Always register CLI (even if disabled — so user can run `openclaw ofiere setup`)
+        registerCli(api);
+        if (!config.enabled) {
+            api.logger.debug?.("[ofiere] Plugin disabled via config");
+            return;
+        }
+        if (!config.supabaseUrl || !config.serviceRoleKey) {
+            api.logger.warn("[ofiere] Not configured. Run: openclaw ofiere setup");
+            return;
+        }
+        if (!config.userId) {
+            api.logger.warn("[ofiere] Missing userId. Run: openclaw ofiere setup");
+            return;
+        }
+        // ── Pre-seed agent cache if OFIERE_AGENT_ID is set (legacy mode) ──────
+        if (config.agentId) {
+            const callerName = api?.agentContext?.accountId ||
+                api?.agentContext?.name ||
+                api?.currentAgent?.accountId ||
+                "";
+            if (callerName) {
+                seedAgentCache(callerName, config.userId, config.agentId);
+            }
+        }
+        // ── State for system prompt injection ──────────────────────────────────
+        const promptState = {
+            toolCount: 0,
+            agentId: config.agentId,
+            connectError: "",
+            ready: false,
+        };
+        // ── System prompt is built ONCE (it's static after init) ──────────────
+        // No hook needed here — the brain context hook in tools.ts uses
+        // prependSystemContext via getSystemPromptCached() to combine both
+        // in a single hook invocation, eliminating one serial hook call.
+        let cachedSystemPrompt = "";
+        const getSystemPromptCached = () => {
+            if (!cachedSystemPrompt) {
+                cachedSystemPrompt = getSystemPrompt(promptState);
+            }
+            return cachedSystemPrompt;
+        };
+        // Hook: inject BOTH system prompt + brain context in one call
+        api.on("before_prompt_build", () => ({
+            prependSystemContext: getSystemPromptCached(),
+        }));
+        // ── Connect to Supabase and register tools ────────────────────────────
+        try {
+            const supabase = getSupabase(config.supabaseUrl, config.serviceRoleKey);
+            // Probe the api object for any agent identity info (for debugging + fallback)
+            probeApiForAgentName(api, api.logger);
+            // registerTools now returns the count — no more hardcoding
+            const toolCount = registerTools(api, supabase, config);
+            promptState.toolCount = toolCount;
+            promptState.ready = true;
+            const agentLabel = config.agentId || "auto-detect";
+            api.logger.info(`[ofiere] Ready — ${toolCount} meta-tools registered (agent: ${agentLabel})`);
+        }
+        catch (e) {
+            const msg = e instanceof Error ? e.message : String(e);
+            promptState.connectError = msg;
+            promptState.ready = true;
+            api.logger.error(`[ofiere] Failed to initialize: ${msg}`);
+        }
+    },
+};
+export default ofierePlugin;

package/dist/src/agent-resolver.js ADDED Viewed

@@ -0,0 +1,75 @@
+// src/agent-resolver.ts — Dynamic agent identity resolution
+// Resolves an OpenClaw account name (e.g. "ivy") to a Ofiere agent UUID.
+// Caches lookups so only the first call per agent hits Supabase.
+// Auto-registers unknown agents so multi-agent setups work out of the box.
+const cache = new Map();
+/**
+ * Resolves an OpenClaw accountId to a Ofiere agent UUID.
+ *
+ * Strategy:
+ *   1. Check in-memory cache
+ *   2. Look up by name (case-insensitive) in agents table
+ *   3. If not found, auto-register a new agent record
+ *   4. Cache the result for subsequent calls
+ *
+ * @param accountId - The OpenClaw account name (e.g. "ivy", "daisy")
+ * @param userId    - The Ofiere user UUID who owns this agent
+ * @param supabase  - Supabase client
+ * @returns The Ofiere agent UUID
+ */
+export async function resolveAgentId(accountId, userId, supabase) {
+    if (!accountId)
+        return "";
+    const cacheKey = `${userId}:${accountId}`;
+    // 1. Cache hit
+    if (cache.has(cacheKey)) {
+        return cache.get(cacheKey);
+    }
+    // 2. Look up by name OR codename in a single query (v4.30.0 optimization)
+    const { data: existing } = await supabase
+        .from("agents")
+        .select("id")
+        .eq("user_id", userId)
+        .or(`name.ilike.${accountId},codename.ilike.${accountId}`)
+        .limit(1)
+        .single();
+    if (existing?.id) {
+        cache.set(cacheKey, existing.id);
+        return existing.id;
+    }
+    // 3. Auto-register a new agent
+    const newId = `agent-${accountId.toLowerCase()}-${Date.now()}`;
+    const { data: created } = await supabase
+        .from("agents")
+        .insert({
+        id: newId,
+        user_id: userId,
+        name: accountId.charAt(0).toUpperCase() + accountId.slice(1).toLowerCase(),
+        codename: accountId.toLowerCase(),
+        status: "active",
+        role: "operative",
+        level: 1,
+        xp: 0,
+        created_at: new Date().toISOString(),
+    })
+        .select("id")
+        .single();
+    const resolvedId = created?.id || newId;
+    cache.set(cacheKey, resolvedId);
+    return resolvedId;
+}
+/**
+ * Pre-warm the cache with a known mapping.
+ * Used when OFIERE_AGENT_ID env var is set (legacy single-agent mode).
+ */
+export function seedAgentCache(accountId, userId, agentId) {
+    if (accountId && agentId) {
+        cache.set(`${userId}:${accountId}`, agentId);
+    }
+}
+/**
+ * Clear the cache (useful for testing).
+ */
+export function clearAgentCache() {
+    cache.clear();
+}

package/dist/src/agent-tier.js ADDED Viewed

@@ -0,0 +1,147 @@
+// src/agent-tier.ts — Plugin-side agent tier resolver.
+// Manual override (agent_tier_overrides) wins over auto-detection.
+// Mirrors dashboard/lib/agentTier.ts contracts so the dashboard UI
+// and plugin enforcement agree on every agent's tier.
+// Hard-coded executive roster ids — match dashboard/lib/agentRoster.ts.
+// Anything in this set defaults to c-suite when no manual override exists.
+const ROSTER_IDS = new Set([
+    "ofie",
+    "daisy",
+    "ivy",
+    "celia",
+    "thalia",
+    "sasha",
+    "agent-zero",
+]);
+const TTL_MS = 5 * 60 * 1000;
+const cache = new Map();
+const k = (userId, agentId) => `${userId}::${agentId}`;
+export function invalidateAgentTier(userId, agentId) {
+    if (!agentId) {
+        for (const key of cache.keys())
+            if (key.startsWith(`${userId}::`))
+                cache.delete(key);
+        return;
+    }
+    cache.delete(k(userId, agentId));
+}
+export async function resolveAgentTier(supabase, agentId, userId) {
+    const id = (agentId || "").trim();
+    if (!id || !userId)
+        return { tier: null, source: "none" };
+    const key = k(userId, id);
+    // 1. Manual override — ALWAYS fresh (uncached). Direct-SQL writes to
+    //    agent_tier_overrides must win immediately, even when a non-override
+    //    branch is already cached from a prior call.
+    let overrideRow = null;
+    let overrideQueryFailed = false;
+    try {
+        const { data } = await supabase
+            .from("agent_tier_overrides")
+            .select("tier")
+            .eq("user_id", userId)
+            .eq("agent_id", id)
+            .maybeSingle();
+        overrideRow = data ?? null;
+    }
+    catch {
+        // Table missing in older installs — skip override path
+        overrideQueryFailed = true;
+    }
+    if (overrideRow?.tier === "c-suite" || overrideRow?.tier === "staff") {
+        const result = { tier: overrideRow.tier, source: "manual" };
+        cache.set(key, { value: result, expires: Date.now() + TTL_MS });
+        return result;
+    }
+    // Override absent: if cache holds a stale `manual` entry from a deleted
+    // override row, drop it so the auto branches re-resolve.
+    if (!overrideQueryFailed) {
+        const cachedManual = cache.get(key);
+        if (cachedManual && cachedManual.value.source === "manual") {
+            cache.delete(key);
+        }
+    }
+    // 2. Cache lookup for non-override branches.
+    const hit = cache.get(key);
+    if (hit && hit.expires > Date.now())
+        return hit.value;
+    let result = { tier: null, source: "none" };
+    // 3. C-Suite: hardcoded roster
+    if (ROSTER_IDS.has(id)) {
+        result = { tier: "c-suite", source: "roster" };
+        cache.set(key, { value: result, expires: Date.now() + TTL_MS });
+        return result;
+    }
+    // 4. agent_architectures.executive_role / department_role
+    try {
+        const { data } = await supabase
+            .from("agent_architectures")
+            .select("executive_role, department_role")
+            .eq("user_id", userId)
+            .eq("agent_id", id)
+            .maybeSingle();
+        if (data?.department_role === "chief" ||
+            (data?.executive_role && String(data.executive_role).trim())) {
+            result = { tier: "c-suite", source: "executiveRole" };
+            cache.set(key, { value: result, expires: Date.now() + TTL_MS });
+            return result;
+        }
+        if (data?.department_role === "staff") {
+            result = { tier: "staff", source: "departmentRole" };
+            cache.set(key, { value: result, expires: Date.now() + TTL_MS });
+            return result;
+        }
+    }
+    catch {
+        // Table missing — fall through
+    }
+    // 5. Staff: registered as subagent
+    try {
+        const { data } = await supabase
+            .from("agent_subagents")
+            .select("id")
+            .eq("user_id", userId)
+            .eq("id", id)
+            .maybeSingle();
+        if (data?.id) {
+            result = { tier: "staff", source: "subagent" };
+            cache.set(key, { value: result, expires: Date.now() + TTL_MS });
+            return result;
+        }
+    }
+    catch {
+        // ignore
+    }
+    cache.set(key, { value: result, expires: Date.now() + TTL_MS });
+    return result;
+}
+export async function getAgentTier(supabase, agentId, userId) {
+    return (await resolveAgentTier(supabase, agentId, userId)).tier;
+}
+export async function resolveTargetTier(supabase, target, userId) {
+    if (target.subagentId) {
+        try {
+            const { data } = await supabase
+                .from("agent_subagents")
+                .select("id")
+                .eq("user_id", userId)
+                .eq("id", target.subagentId)
+                .maybeSingle();
+            if (data?.id)
+                return { tier: "staff", source: "subagent" };
+        }
+        catch {
+            // Fall through to chief lookup
+        }
+    }
+    if (target.agentId)
+        return resolveAgentTier(supabase, target.agentId, userId);
+    return { tier: null, source: "none" };
+}
+export function isDocKindValidForTier(docKind, tier) {
+    if (tier === "c-suite")
+        return docKind === "framework";
+    if (tier === "staff")
+        return docKind === "sop";
+    return false;
+}

package/dist/src/attach-token.js ADDED Viewed

@@ -0,0 +1,71 @@
+// src/attach-token.ts — HMAC confirmation token for agent self-attach.
+// Mirrors dashboard/lib/attachmentToken.ts EXACTLY so tokens issued
+// here verify against the dashboard and vice-versa.
+//
+// Format: base64url(payload).base64url(sig)
+//   payload = JSON({ u, k, t, d, dk, exp })
+//   sig     = HMAC_SHA256(secret, payload)
+import { createHmac, timingSafeEqual } from "crypto";
+const TOKEN_TTL_MS = 5 * 60 * 1000;
+function getSecret() {
+    const s = process.env.OFIERE_ATTACH_SECRET;
+    if (!s)
+        throw new Error("OFIERE_ATTACH_SECRET is not configured");
+    return s;
+}
+function b64urlEncode(buf) {
+    const b = typeof buf === "string" ? Buffer.from(buf, "utf8") : buf;
+    return b.toString("base64").replace(/=+$/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+function b64urlDecode(s) {
+    const pad = s.length % 4 === 0 ? "" : "=".repeat(4 - (s.length % 4));
+    return Buffer.from(s.replace(/-/g, "+").replace(/_/g, "/") + pad, "base64");
+}
+export function issueAttachmentToken(args) {
+    const exp = Date.now() + (args.ttlMs ?? TOKEN_TTL_MS);
+    const payload = {
+        u: args.userId,
+        k: args.targetKind,
+        t: args.targetId,
+        d: [...args.docIds].sort(),
+        dk: args.docKind,
+        exp,
+    };
+    const json = JSON.stringify(payload);
+    const sig = createHmac("sha256", getSecret()).update(json).digest();
+    return `${b64urlEncode(json)}.${b64urlEncode(sig)}`;
+}
+export function verifyAttachmentToken(args) {
+    const parts = args.token.split(".");
+    if (parts.length !== 2)
+        return { ok: false, reason: "malformed" };
+    let payload;
+    try {
+        payload = JSON.parse(b64urlDecode(parts[0]).toString("utf8"));
+    }
+    catch {
+        return { ok: false, reason: "malformed" };
+    }
+    const expectedJson = JSON.stringify(payload);
+    const expectedSig = createHmac("sha256", getSecret()).update(expectedJson).digest();
+    const providedSig = b64urlDecode(parts[1]);
+    if (expectedSig.length !== providedSig.length)
+        return { ok: false, reason: "bad_signature" };
+    if (!timingSafeEqual(expectedSig, providedSig))
+        return { ok: false, reason: "bad_signature" };
+    if (typeof payload.exp !== "number" || payload.exp < Date.now()) {
+        return { ok: false, reason: "expired" };
+    }
+    if (payload.u !== args.userId)
+        return { ok: false, reason: "mismatch" };
+    if (payload.k !== args.targetKind || payload.t !== args.targetId)
+        return { ok: false, reason: "mismatch" };
+    if (payload.dk !== args.docKind)
+        return { ok: false, reason: "mismatch" };
+    const sortedRequested = [...args.docIds].sort();
+    if (payload.d.length !== sortedRequested.length ||
+        payload.d.some((v, i) => v !== sortedRequested[i])) {
+        return { ok: false, reason: "mismatch" };
+    }
+    return { ok: true };
+}