opc-agent 1.4.0 → 2.0.1

package/src/schema/oad.ts

@@ -1,154 +1,204 @@
-import { z } from 'zod';
-
-// ─── OAD Schema v1 ───────────────────────────────────────────
-
-export const SkillRefSchema = z.object({
-  name: z.string(),
-  description: z.string().optional(),
-  config: z.record(z.unknown()).optional(),
-});
-
-export const WorkflowStepSchema: z.ZodType<any> = z.lazy(() => z.object({
-  id: z.string(),
-  type: z.enum(['skill', 'tool', 'agent', 'condition', 'parallel']),
-  name: z.string(),
-  config: z.record(z.unknown()).optional(),
-  condition: z.string().optional(),
-  branches: z.object({ if: z.array(WorkflowStepSchema), else: z.array(WorkflowStepSchema).optional() }).optional(),
-  parallel: z.array(WorkflowStepSchema).optional(),
-  timeout: z.number().optional(),
-  retries: z.number().optional(),
-}));
-
-export const WorkflowSchema = z.object({
-  name: z.string(),
-  description: z.string().optional(),
-  version: z.string().optional(),
-  steps: z.array(WorkflowStepSchema).default([]),
-  onError: z.enum(['stop', 'skip', 'retry']).optional(),
-});
-
-export const VoiceSchema = z.object({
-  enabled: z.boolean().default(false),
-  sttProvider: z.string().optional(),
-  ttsProvider: z.string().optional(),
-  language: z.string().optional(),
-});
-
-export const WebhookSchema = z.object({
-  path: z.string().optional(),
-  secret: z.string().optional(),
-  retryAttempts: z.number().optional(),
-});
-
-export const HITLSchema = z.object({
-  enabled: z.boolean().default(false),
-  requireApproval: z.array(z.string()).default([]),
-  defaultTimeoutMs: z.number().default(60000),
-  defaultAction: z.enum(['approve', 'deny']).default('deny'),
-});
-
-export const PluginRefSchema = z.object({
-  name: z.string(),
-  config: z.record(z.unknown()).optional(),
-});
-
-export const AuthSchema = z.object({
-  enabled: z.boolean().default(false),
-  apiKeys: z.array(z.string()).default([]),
-  sessionIsolation: z.boolean().default(true),
-});
-
-export const ChannelSchema = z.object({
-  type: z.enum(['web', 'websocket', 'telegram', 'cli', 'voice', 'webhook']),
-  port: z.number().optional(),
-  config: z.record(z.unknown()).optional(),
-});
-
-export const LongTermMemorySchema = z.object({
-  provider: z.enum(['in-memory', 'deepbrain']).default('in-memory'),
-  collection: z.string().optional(),
-  config: z.record(z.unknown()).optional(),
-});
-
-export const MemorySchema = z.object({
-  shortTerm: z.boolean().default(true),
-  longTerm: z.union([z.boolean(), LongTermMemorySchema]).default(false),
-  provider: z.string().optional(),
-});
-
-export const TrustLevel = z.enum(['sandbox', 'verified', 'certified', 'listed']);
-
-export const DTVSchema = z.object({
-  trust: z.object({
-    level: TrustLevel.default('sandbox'),
-  }).optional(),
-  value: z.object({
-    metrics: z.array(z.string()).default([]),
-  }).optional(),
-});
-
-export const ProviderSchema = z.object({
-  default: z.string().default('deepseek'),
-  allowed: z.array(z.string()).default(['openai', 'deepseek', 'qwen']),
-});
-
-export const MarketplaceSchema = z.object({
-  certified: z.boolean().default(false),
-  category: z.string().optional(),
-  pricing: z.enum(['free', 'freemium', 'paid', 'enterprise']).optional(),
-  tags: z.array(z.string()).optional(),
-});
-
-export const MetadataSchema = z.object({
-  name: z.string(),
-  version: z.string().default('1.0.0'),
-  description: z.string().optional(),
-  author: z.string().optional(),
-  license: z.string().default('Apache-2.0'),
-  marketplace: MarketplaceSchema.optional(),
-});
-
-export const RoomSchema = z.object({
-  name: z.string(),
-  agents: z.array(z.string()).default([]),
-  topics: z.array(z.string()).default([]),
-});
-
-export const StreamingSchema = z.object({
-  enabled: z.boolean().default(false),
-  chunkSize: z.number().optional(),
-});
-
-export const SpecSchema = z.object({
-  provider: ProviderSchema.optional(),
-  model: z.string().default('deepseek-chat'),
-  systemPrompt: z.string().optional(),
-  skills: z.array(SkillRefSchema).default([]),
-  channels: z.array(ChannelSchema).default([]),
-  memory: MemorySchema.optional(),
-  dtv: DTVSchema.optional(),
-  room: RoomSchema.optional(),
-  streaming: z.union([z.boolean(), StreamingSchema]).default(false),
-  locale: z.enum(['en', 'zh-CN']).optional(),
-  workflows: z.array(WorkflowSchema).optional(),
-  voice: VoiceSchema.optional(),
-  webhook: WebhookSchema.optional(),
-  hitl: HITLSchema.optional(),
-  auth: AuthSchema.optional(),
-  plugins: z.array(PluginRefSchema).optional(),
-});
-
-export const OADSchema = z.object({
-  apiVersion: z.literal('opc/v1'),
-  kind: z.literal('Agent'),
-  metadata: MetadataSchema,
-  spec: SpecSchema,
-});
-
-export type OADDocument = z.infer<typeof OADSchema>;
-export type SkillRef = z.infer<typeof SkillRefSchema>;
-export type Channel = z.infer<typeof ChannelSchema>;
-export type Metadata = z.infer<typeof MetadataSchema>;
-export type Spec = z.infer<typeof SpecSchema>;
-export type TrustLevelType = string;
+import { z } from 'zod';
+
+// ─── OAD Schema v1 ───────────────────────────────────────────
+
+export const SkillRefSchema = z.object({
+  name: z.string(),
+  description: z.string().optional(),
+  config: z.record(z.unknown()).optional(),
+});
+
+export const WorkflowStepSchema: z.ZodType<any> = z.lazy(() => z.object({
+  id: z.string(),
+  type: z.enum(['skill', 'tool', 'agent', 'condition', 'parallel']),
+  name: z.string(),
+  config: z.record(z.unknown()).optional(),
+  condition: z.string().optional(),
+  branches: z.object({ if: z.array(WorkflowStepSchema), else: z.array(WorkflowStepSchema).optional() }).optional(),
+  parallel: z.array(WorkflowStepSchema).optional(),
+  timeout: z.number().optional(),
+  retries: z.number().optional(),
+}));
+
+export const WorkflowSchema = z.object({
+  name: z.string(),
+  description: z.string().optional(),
+  version: z.string().optional(),
+  steps: z.array(WorkflowStepSchema).default([]),
+  onError: z.enum(['stop', 'skip', 'retry']).optional(),
+});
+
+export const VoiceSchema = z.object({
+  enabled: z.boolean().default(false),
+  sttProvider: z.string().optional(),
+  ttsProvider: z.string().optional(),
+  language: z.string().optional(),
+});
+
+export const WebhookSchema = z.object({
+  path: z.string().optional(),
+  secret: z.string().optional(),
+  retryAttempts: z.number().optional(),
+});
+
+export const HITLSchema = z.object({
+  enabled: z.boolean().default(false),
+  requireApproval: z.array(z.string()).default([]),
+  defaultTimeoutMs: z.number().default(60000),
+  defaultAction: z.enum(['approve', 'deny']).default('deny'),
+});
+
+export const PluginRefSchema = z.object({
+  name: z.string(),
+  config: z.record(z.unknown()).optional(),
+});
+
+export const AuthSchema = z.object({
+  enabled: z.boolean().default(false),
+  apiKeys: z.array(z.string()).default([]),
+  sessionIsolation: z.boolean().default(true),
+});
+
+export const ChannelSchema = z.object({
+  type: z.enum(['web', 'websocket', 'telegram', 'cli', 'voice', 'webhook', 'wechat', 'feishu', 'email', 'slack', 'discord']),
+  port: z.number().optional(),
+  config: z.record(z.unknown()).optional(),
+});
+
+export const LongTermMemorySchema = z.object({
+  provider: z.enum(['in-memory', 'deepbrain']).default('in-memory'),
+  collection: z.string().optional(),
+  config: z.object({
+    database: z.string().optional(),
+    embeddingProvider: z.string().optional(),
+    autoLearn: z.boolean().optional(),
+    autoRecall: z.boolean().optional(),
+    evolveInterval: z.number().optional(),
+  }).passthrough().optional(),
+});
+
+export const MemorySchema = z.object({
+  shortTerm: z.boolean().default(true),
+  longTerm: z.union([z.boolean(), LongTermMemorySchema]).default(false),
+  provider: z.string().optional(),
+});
+
+export const TrustLevel = z.enum(['sandbox', 'verified', 'certified', 'listed']);
+
+export const DTVSchema = z.object({
+  trust: z.object({
+    level: TrustLevel.default('sandbox'),
+  }).optional(),
+  value: z.object({
+    metrics: z.array(z.string()).default([]),
+  }).optional(),
+});
+
+export const ProviderSchema = z.object({
+  default: z.string().default('deepseek'),
+  allowed: z.array(z.string()).default(['openai', 'deepseek', 'qwen']),
+});
+
+export const MarketplaceSchema = z.object({
+  certified: z.boolean().default(false),
+  category: z.string().optional(),
+  pricing: z.enum(['free', 'freemium', 'paid', 'enterprise']).optional(),
+  tags: z.array(z.string()).optional(),
+});
+
+export const MetadataSchema = z.object({
+  name: z.string(),
+  version: z.string().default('1.0.0'),
+  description: z.string().optional(),
+  author: z.string().optional(),
+  license: z.string().default('Apache-2.0'),
+  marketplace: MarketplaceSchema.optional(),
+});
+
+export const RoomSchema = z.object({
+  name: z.string(),
+  agents: z.array(z.string()).default([]),
+  topics: z.array(z.string()).default([]),
+});
+
+export const StreamingSchema = z.object({
+  enabled: z.boolean().default(false),
+  chunkSize: z.number().optional(),
+});
+
+export const MCPServerSchema = z.object({
+  name: z.string(),
+  command: z.string(),
+  args: z.array(z.string()).optional(),
+  env: z.record(z.string()).optional(),
+});
+
+export const MCPServeSchema = z.object({
+  enabled: z.boolean().default(false),
+  mode: z.enum(['stdio', 'http']).default('stdio'),
+  port: z.number().default(3002),
+  exposedTools: z.array(z.string()).optional(),
+});
+
+export const ToolsSchema = z.object({
+  builtin: z.array(z.string()).optional(),
+  mcp: z.array(MCPServerSchema).optional(),
+});
+
+export const TelemetrySchema = z.object({
+  enabled: z.boolean().default(false),
+  exporter: z.enum(['console', 'file', 'otlp']).default('console'),
+  endpoint: z.string().optional(),
+  filePath: z.string().optional(),
+  maxSpans: z.number().optional(),
+});
+
+export const AGUIProtocolSchema = z.object({
+  enabled: z.boolean().default(false),
+  path: z.string().default('/agui'),
+});
+
+export const ProtocolsSchema = z.object({
+  a2a: z.object({
+    enabled: z.boolean().default(false),
+    port: z.number().optional(),
+  }).optional(),
+  agui: AGUIProtocolSchema.optional(),
+  mcp: MCPServeSchema.optional(),
+});
+
+export const SpecSchema = z.object({
+  provider: ProviderSchema.optional(),
+  model: z.string().default('deepseek-chat'),
+  systemPrompt: z.string().optional(),
+  skills: z.array(SkillRefSchema).default([]),
+  channels: z.array(ChannelSchema).default([]),
+  memory: MemorySchema.optional(),
+  tools: ToolsSchema.optional(),
+  dtv: DTVSchema.optional(),
+  room: RoomSchema.optional(),
+  streaming: z.union([z.boolean(), StreamingSchema]).default(false),
+  locale: z.enum(['en', 'zh-CN']).optional(),
+  workflows: z.array(WorkflowSchema).optional(),
+  voice: VoiceSchema.optional(),
+  webhook: WebhookSchema.optional(),
+  hitl: HITLSchema.optional(),
+  auth: AuthSchema.optional(),
+  telemetry: TelemetrySchema.optional(),
+  protocols: ProtocolsSchema.optional(),
+  plugins: z.array(PluginRefSchema).optional(),
+});
+
+export const OADSchema = z.object({
+  apiVersion: z.literal('opc/v1'),
+  kind: z.literal('Agent'),
+  metadata: MetadataSchema,
+  spec: SpecSchema,
+});
+
+export type OADDocument = z.infer<typeof OADSchema>;
+export type SkillRef = z.infer<typeof SkillRefSchema>;
+export type Channel = z.infer<typeof ChannelSchema>;
+export type Metadata = z.infer<typeof MetadataSchema>;
+export type Spec = z.infer<typeof SpecSchema>;
+export type TrustLevelType = string;

package/src/security/approval.ts

@@ -0,0 +1,131 @@
+import { randomUUID } from 'crypto';
+
+export type ApprovalPolicy = 'always' | 'dangerous' | 'never';
+
+export interface ApprovalRequest {
+  id: string;
+  type: 'shell' | 'file_write' | 'file_delete' | 'network' | 'plugin';
+  command: string;
+  description: string;
+  requestedAt: Date;
+  status: 'pending' | 'approved' | 'denied';
+  approvedBy?: string;
+}
+
+export class ApprovalManager {
+  private policy: ApprovalPolicy;
+  private pendingApprovals: Map<string, ApprovalRequest> = new Map();
+  private allowlist: Set<string> = new Set();
+  private blocklist: Set<string> = new Set();
+
+  private static readonly DANGEROUS_PATTERNS = [
+    /rm\s+-rf/i, /del\s+\/s/i, /format\s+/i,
+    /DROP\s+TABLE/i, /DELETE\s+FROM/i,
+    /curl.*\|.*sh/i, /wget.*\|.*sh/i,
+    /chmod\s+777/i, /sudo\s+/i,
+    /npm\s+publish/i,
+  ];
+
+  constructor(policy: ApprovalPolicy = 'dangerous') {
+    this.policy = policy;
+  }
+
+  getPolicy(): ApprovalPolicy {
+    return this.policy;
+  }
+
+  setPolicy(policy: ApprovalPolicy): void {
+    this.policy = policy;
+  }
+
+  needsApproval(type: string, command: string): boolean {
+    // Blocklist always needs approval (effectively blocked)
+    if (this.isBlocked(command)) return true;
+    // Allowlist never needs approval
+    if (this.isAllowed(command)) return false;
+
+    if (this.policy === 'never') return false;
+    if (this.policy === 'always') return true;
+    // 'dangerous'
+    return this.isDangerous(type, command);
+  }
+
+  private isDangerous(_type: string, command: string): boolean {
+    return ApprovalManager.DANGEROUS_PATTERNS.some(p => p.test(command));
+  }
+
+  private isAllowed(command: string): boolean {
+    for (const pattern of this.allowlist) {
+      if (command.includes(pattern)) return true;
+    }
+    return false;
+  }
+
+  private isBlocked(command: string): boolean {
+    for (const pattern of this.blocklist) {
+      if (command.includes(pattern)) return true;
+    }
+    return false;
+  }
+
+  requestApproval(type: ApprovalRequest['type'], command: string, description: string): ApprovalRequest {
+    const request: ApprovalRequest = {
+      id: randomUUID(),
+      type,
+      command,
+      description,
+      requestedAt: new Date(),
+      status: 'pending',
+    };
+    this.pendingApprovals.set(request.id, request);
+    return request;
+  }
+
+  approve(id: string, approver: string): void {
+    const req = this.pendingApprovals.get(id);
+    if (!req) throw new Error(`Approval request ${id} not found`);
+    if (req.status !== 'pending') throw new Error(`Request ${id} is already ${req.status}`);
+    req.status = 'approved';
+    req.approvedBy = approver;
+  }
+
+  deny(id: string, approver: string): void {
+    const req = this.pendingApprovals.get(id);
+    if (!req) throw new Error(`Approval request ${id} not found`);
+    if (req.status !== 'pending') throw new Error(`Request ${id} is already ${req.status}`);
+    req.status = 'denied';
+    req.approvedBy = approver;
+  }
+
+  getRequest(id: string): ApprovalRequest | undefined {
+    return this.pendingApprovals.get(id);
+  }
+
+  addToAllowlist(pattern: string): void {
+    this.allowlist.add(pattern);
+  }
+
+  removeFromAllowlist(pattern: string): void {
+    this.allowlist.delete(pattern);
+  }
+
+  addToBlocklist(pattern: string): void {
+    this.blocklist.add(pattern);
+  }
+
+  removeFromBlocklist(pattern: string): void {
+    this.blocklist.delete(pattern);
+  }
+
+  getPending(): ApprovalRequest[] {
+    return Array.from(this.pendingApprovals.values()).filter(r => r.status === 'pending');
+  }
+
+  getAllowlist(): string[] {
+    return Array.from(this.allowlist);
+  }
+
+  getBlocklist(): string[] {
+    return Array.from(this.blocklist);
+  }
+}

package/src/security/index.ts

@@ -0,0 +1,3 @@
+export { ApprovalManager } from './approval';
+export type { ApprovalPolicy, ApprovalRequest } from './approval';
+export { KeyManager } from './keys';

package/src/security/keys.ts

@@ -0,0 +1,87 @@
+import * as fs from 'fs';
+import * as path from 'path';
+import * as crypto from 'crypto';
+import * as os from 'os';
+
+export class KeyManager {
+  private keys: Map<string, string> = new Map();
+  private keyFile: string;
+  private secret: Buffer;
+
+  constructor(keyFile: string = '.opc/keys.json') {
+    this.keyFile = path.resolve(keyFile);
+    this.secret = this.deriveSecret();
+    this.load();
+  }
+
+  private deriveSecret(): Buffer {
+    // Derive a key from machine-specific info (hostname + homedir)
+    const machineId = `${os.hostname()}:${os.homedir()}:opc-agent-keys`;
+    return crypto.createHash('sha256').update(machineId).digest();
+  }
+
+  set(name: string, value: string): void {
+    this.keys.set(name, value);
+    this.save();
+  }
+
+  get(name: string): string | undefined {
+    return this.keys.get(name);
+  }
+
+  delete(name: string): boolean {
+    const result = this.keys.delete(name);
+    if (result) this.save();
+    return result;
+  }
+
+  list(): string[] {
+    return Array.from(this.keys.keys());
+  }
+
+  private load(): void {
+    try {
+      if (fs.existsSync(this.keyFile)) {
+        const data = JSON.parse(fs.readFileSync(this.keyFile, 'utf-8'));
+        for (const [name, encoded] of Object.entries(data)) {
+          try {
+            this.keys.set(name, this.decode(encoded as string));
+          } catch {
+            // Skip corrupted entries
+          }
+        }
+      }
+    } catch {
+      // File doesn't exist or is corrupted — start fresh
+    }
+  }
+
+  private save(): void {
+    const dir = path.dirname(this.keyFile);
+    if (!fs.existsSync(dir)) {
+      fs.mkdirSync(dir, { recursive: true });
+    }
+    const data: Record<string, string> = {};
+    for (const [name, value] of this.keys) {
+      data[name] = this.encode(value);
+    }
+    fs.writeFileSync(this.keyFile, JSON.stringify(data, null, 2), 'utf-8');
+  }
+
+  private encode(value: string): string {
+    const iv = crypto.randomBytes(16);
+    const cipher = crypto.createCipheriv('aes-256-cbc', this.secret, iv);
+    let encrypted = cipher.update(value, 'utf-8', 'hex');
+    encrypted += cipher.final('hex');
+    return iv.toString('hex') + ':' + encrypted;
+  }
+
+  private decode(encoded: string): string {
+    const [ivHex, encrypted] = encoded.split(':');
+    const iv = Buffer.from(ivHex, 'hex');
+    const decipher = crypto.createDecipheriv('aes-256-cbc', this.secret, iv);
+    let decrypted = decipher.update(encrypted, 'hex', 'utf-8');
+    decrypted += decipher.final('utf-8');
+    return decrypted;
+  }
+}