openclaw-memory-alibaba-local 0.1.3 → 0.1.5

package/API.md

@@ -99,11 +99,17 @@
 | `memory.admin.delete` | 批量删除 | `items`: `{ agentId, id }[]` | 同原 `POST …/api/delete` |
 | `memory.admin.add` | 手工插入 | `agentId`, `text`, `category` | 同原 `POST …/api/add` |
 
-### 1.3 废弃的 HTTP JSON
+### 1.3 HTTP 同源 RPC（公网 / 非本机，免 WS `operator.admin`）
 
 | 路径 | 行为 |
 |------|------|
-| `GET/POST {GATEWAY}/plugins/memory/api/*` | 若配置了 gateway token，仍校验 `?token=` 或 `Authorization: Bearer`；校验通过后返回 **`410 Gone`**，body 提示改用 WebSocket `memory.admin.*`。 |
+| `POST {GATEWAY}/plugins/memory/api/v1/call` | Body：`{"method":"memory.admin.list","params":{...}}`（`method` 与上表 WebSocket 方法名一致）。若配置了 `gateway.auth.token`，须 `Authorization: Bearer <token>` 或 URL `?token=`。成功时 HTTP 200，body 为与 WS `payload` 相同的 JSON；失败时 HTTP 状态码与 body 内 `error` 等与运维操作一致。 |
+
+### 1.4 废弃的旧版 HTTP JSON 路径
+
+| 路径 | 行为 |
+|------|------|
+| `GET/POST {GATEWAY}/plugins/memory/api/config` 等旧路径（非 `api/v1/call`） | 若配置了 gateway token，仍校验 `?token=` 或 `Authorization: Bearer`；未命中 `v1/call` 时返回 **`404`**，请使用上表 **`POST …/api/v1/call`** 或 WebSocket `memory.admin.*`。 |
 
 ---
 
@@ -113,7 +119,7 @@
 
 | 项目 | 说明 |
 |------|------|
-| **功能** | 返回记忆管理端单页 HTML（壳页面；数据由 `/api/*` 拉取） |
+| **功能** | 返回记忆管理端单页 HTML（壳页面；本机数据可走 WebSocket `memory.admin.*`，**非本机 hostname** 时面板走 **`POST /plugins/memory/api/v1/call`**） |
 | **URI** | `{GATEWAY}/plugins/memory` |
 
 **入参**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openclaw-memory-alibaba-local",
-  "version": "0.1.3",
+  "version": "0.1.5",
   "description": "OpenClaw memory plugin: local LanceDB + DashScope-compatible embeddings",
   "type": "module",
   "license": "MIT",

package/web/memory-routes.ts

@@ -18,6 +18,7 @@ import {
   opMemoryAdminDelete,
   opMemoryAdminFacets,
   opMemoryAdminList,
+  type AdminOpResult,
   type MemoryAdminOpsContext,
   type MemoryAdminOpsOpts,
 } from "./memory-admin-ops.js";
@@ -83,7 +84,7 @@ function sendHtml(res: ServerResponse, html: string): void {
   res.end(html);
 }
 
-function applyAdminOpResult(respond: GatewayRequestHandlerOptions["respond"], result: import("./memory-admin-ops.js").AdminOpResult): void {
+function applyAdminOpResult(respond: GatewayRequestHandlerOptions["respond"], result: AdminOpResult): void {
   if (result.ok) {
     respond(true, result.data);
     return;
@@ -168,8 +169,49 @@ export function registerMemoryAdminGatewayMethods(
   logger.info("[openclaw-memory-alibaba-local] Memory admin Gateway methods: memory.admin.* (config, facets, dashboard, list, delete, add)");
 }
 
+async function readJsonBody(req: IncomingMessage, maxBytes = 2 * 1024 * 1024): Promise<string> {
+  return new Promise((resolve, reject) => {
+    const chunks: Buffer[] = [];
+    let n = 0;
+    req.on("data", (chunk: Buffer) => {
+      n += chunk.length;
+      if (n > maxBytes) {
+        req.destroy();
+        reject(new Error("body too large"));
+        return;
+      }
+      chunks.push(chunk);
+    });
+    req.on("end", () => resolve(Buffer.concat(chunks).toString("utf8")));
+    req.on("error", reject);
+  });
+}
+
+async function dispatchMemoryAdminRpc(
+  ctx: MemoryAdminOpsContext,
+  method: string,
+  params: unknown,
+): Promise<AdminOpResult> {
+  switch (method) {
+    case "memory.admin.config":
+      return opMemoryAdminConfig(ctx);
+    case "memory.admin.facets":
+      return opMemoryAdminFacets(ctx);
+    case "memory.admin.dashboard":
+      return opMemoryAdminDashboard(ctx, (params as Record<string, unknown>) ?? {});
+    case "memory.admin.list":
+      return opMemoryAdminList(ctx, (params as Record<string, unknown>) ?? {});
+    case "memory.admin.delete":
+      return opMemoryAdminDelete(ctx, (params as Record<string, unknown>) ?? {});
+    case "memory.admin.add":
+      return opMemoryAdminAdd(ctx, (params as Record<string, unknown>) ?? {});
+    default:
+      return { ok: false, status: 404, body: { error: "unknown method", method } };
+  }
+}
+
 /**
- * HTTP: serves HTML at /plugins/memory; legacy /plugins/memory/api/* returns 410 with migration hint.
+ * HTTP: HTML at /plugins/memory；同源 HTTP POST /plugins/memory/api/v1/call 供非本机访问（仅需 gateway token，不经 WS operator scope）。
  */
 export function registerMemoryPanelRoutes(
   registerHttpRoute: RegisterHttpRoute,
@@ -178,9 +220,11 @@ export function registerMemoryPanelRoutes(
   logger: PluginLogger,
   opts?: MemoryPanelRoutesOpts | null,
 ): void {
-  void db;
-  void cfg;
-  void opts;
+  const ctxBase: MemoryAdminOpsContext = {
+    db,
+    cfg,
+    opts: opts ?? undefined,
+  };
   const requiredToken = resolveGatewayToken();
   const token = typeof requiredToken === "string" && requiredToken.length > 0 ? requiredToken : undefined;
 
@@ -204,9 +248,44 @@ export function registerMemoryPanelRoutes(
               return true;
             }
           }
-          sendJson(res, 410, {
-            error: "HTTP JSON API removed",
-            detail: "Use Gateway WebSocket RPC methods: memory.admin.config, memory.admin.facets, memory.admin.dashboard, memory.admin.list, memory.admin.delete, memory.admin.add",
+
+          if (p === "/plugins/memory/api/v1/call" && req.method === "POST") {
+            let raw: string;
+            try {
+              raw = await readJsonBody(req);
+            } catch {
+              sendJson(res, 400, { error: "invalid body" });
+              return true;
+            }
+            let body: { method?: string; params?: unknown };
+            try {
+              body = JSON.parse(raw || "{}") as { method?: string; params?: unknown };
+            } catch {
+              sendJson(res, 400, { error: "invalid json" });
+              return true;
+            }
+            const method = typeof body.method === "string" ? body.method.trim() : "";
+            if (!method) {
+              sendJson(res, 400, { error: "missing method" });
+              return true;
+            }
+            try {
+              const result = await dispatchMemoryAdminRpc(ctxBase, method, body.params ?? {});
+              if (result.ok) {
+                sendJson(res, 200, result.data as unknown);
+              } else {
+                sendJson(res, result.status, { ...result.body, status: result.status });
+              }
+            } catch (e) {
+              logger.warn(`memory api/v1/call ${method}: ${String(e)}`);
+              sendJson(res, 500, { error: String(e) });
+            }
+            return true;
+          }
+
+          sendJson(res, 404, {
+            error: "not found",
+            detail: "POST /plugins/memory/api/v1/call with JSON { method, params } (same as memory.admin.* WebSocket RPC)",
           });
           return true;
         }
@@ -221,5 +300,7 @@ export function registerMemoryPanelRoutes(
     },
   });
 
-  logger.info("[openclaw-memory-alibaba-local] Memory admin UI at /plugins/memory/ (data via WebSocket memory.admin.*)");
+  logger.info(
+    "[openclaw-memory-alibaba-local] Memory admin UI at /plugins/memory/ (WS memory.admin.* on loopback; HTTP POST .../api/v1/call for remote)",
+  );
 }

package/web/memory-ui.ts

@@ -797,6 +797,20 @@ function buildClientScript(): string {
   // 外层是模板字符串反引号：内层不要用 \ 转义双引号，否则生成到浏览器里的 JS 会断串（例如 class="mono"）。
   const s = `
 (function () {
+  // 与 rds-claw-observability-plugin 一致：127.0.0.1 与 localhost 在网关 Control UI / WS 策略上不等价，统一跳到 localhost。
+  try {
+    if (window.location.hostname === "127.0.0.1") {
+      var _ocRedir =
+        window.location.protocol +
+        "//localhost" +
+        (window.location.port ? ":" + window.location.port : "") +
+        window.location.pathname +
+        window.location.search +
+        window.location.hash;
+      window.location.replace(_ocRedir);
+    }
+  } catch (_ocRedirErr) {}
+
   var LS_TOKEN_KEY = "openclaw_memory_gateway_token";
 
   function readTokenFromQueryString(qs) {
@@ -807,12 +821,60 @@ function buildClientScript(): string {
     return t && String(t).trim() ? String(t).trim() : "";
   }
 
+  /** 与观测插件一致：支持 JSON 包一层 token / gatewayToken / settings.* */
+  function tryTokenFromJsonString(raw) {
+    if (!raw || typeof raw !== "string") {
+      return "";
+    }
+    var st = raw.trim();
+    if (!st) {
+      return "";
+    }
+    if (st.charAt(0) === "{") {
+      try {
+        var obj = JSON.parse(st);
+        if (obj && typeof obj === "object") {
+          if (typeof obj.token === "string" && obj.token.trim()) {
+            return obj.token.trim();
+          }
+          if (typeof obj.gatewayToken === "string" && obj.gatewayToken.trim()) {
+            return obj.gatewayToken.trim();
+          }
+          if (obj.settings && typeof obj.settings === "object") {
+            if (typeof obj.settings.token === "string" && obj.settings.token.trim()) {
+              return obj.settings.token.trim();
+            }
+            if (typeof obj.settings.gatewayToken === "string" && obj.settings.gatewayToken.trim()) {
+              return obj.settings.gatewayToken.trim();
+            }
+          }
+        }
+      } catch (e) {}
+    }
+    return st;
+  }
+
+  function readTokenFromStorage(storage, key) {
+    try {
+      if (!storage || typeof storage.getItem !== "function") {
+        return "";
+      }
+      return tryTokenFromJsonString(storage.getItem(key) || "");
+    } catch (e) {
+      return "";
+    }
+  }
+
+  function persistToken(t) {
+    try {
+      localStorage.setItem(LS_TOKEN_KEY, t);
+    } catch (e) {}
+  }
+
   function getGatewayToken() {
     var fromSearch = readTokenFromQueryString(window.location.search);
     if (fromSearch) {
-      try {
-        localStorage.setItem(LS_TOKEN_KEY, fromSearch);
-      } catch (e) {}
+      persistToken(fromSearch);
       return fromSearch;
     }
     var hash = window.location.hash || "";
@@ -820,15 +882,35 @@ function buildClientScript(): string {
     if (qm >= 0) {
       var fromHash = readTokenFromQueryString(hash.slice(qm));
       if (fromHash) {
-        try {
-          localStorage.setItem(LS_TOKEN_KEY, fromHash);
-        } catch (e) {}
+        persistToken(fromHash);
         return fromHash;
       }
     }
+    var ocKeys = [
+      "openclaw.control.token.v1",
+      "openclaw.control.settings.v1",
+      "openclaw.gateway.token",
+      "gateway.token",
+      "gatewayToken",
+      "token"
+    ];
+    var i;
+    for (i = 0; i < ocKeys.length; i++) {
+      var tk = readTokenFromStorage(window.localStorage, ocKeys[i]);
+      if (tk) {
+        persistToken(tk);
+        return tk;
+      }
+      tk = readTokenFromStorage(window.sessionStorage, ocKeys[i]);
+      if (tk) {
+        persistToken(tk);
+        return tk;
+      }
+    }
     try {
-      var s = localStorage.getItem(LS_TOKEN_KEY);
-      return s && String(s).trim() ? String(s).trim() : "";
+      var legacy = localStorage.getItem(LS_TOKEN_KEY);
+      legacy = legacy ? tryTokenFromJsonString(legacy) : "";
+      return legacy && String(legacy).trim() ? String(legacy).trim() : "";
     } catch (e) {
       return "";
     }
@@ -855,7 +937,7 @@ function buildClientScript(): string {
     if (isMemoryPanelLoopbackHost()) {
       return (
         " 解决办法：编辑 ~/.openclaw/openclaw.json，在 gateway.controlUi 中加入 \\"allowInsecureAuth\\": true，保存后执行 openclaw gateway restart，再刷新本页。" +
-        " 请用 http://127.0.0.1 或 http://localhost 打开面板（不要用局域网 IP，除非按下文配置）。"
+        " 请用 http://localhost 打开本机面板（从 127.0.0.1 访问会自动跳转）；不要用局域网 IP，除非按下文配置。"
       );
     }
     return (
@@ -1020,10 +1102,76 @@ function buildClientScript(): string {
     });
   }
 
+  /**
+   * 非本机 hostname（公网 IP / 域名）时 Gateway WebSocket 会剥离 operator.admin；同源 HTTP 仅需 gateway token（与观测插件一致）。
+   */
+  async function fetchMemoryApiHttp(method, params) {
+    var tok = getGatewayToken();
+    var headers = { "Content-Type": "application/json" };
+    if (tok) {
+      headers["Authorization"] = "Bearer " + tok;
+    }
+    var resp;
+    try {
+      resp = await fetch("/plugins/memory/api/v1/call", {
+        method: "POST",
+        headers: headers,
+        body: JSON.stringify({ method: method, params: params || {} })
+      });
+    } catch (e) {
+      return {
+        ok: false,
+        status: 0,
+        json: function () {
+          return Promise.resolve({ error: String(e) });
+        },
+        text: function () {
+          return Promise.resolve(String(e));
+        }
+      };
+    }
+    var j;
+    try {
+      j = await resp.json();
+    } catch (e2) {
+      j = { error: "invalid JSON response" };
+    }
+    if (resp.ok) {
+      return {
+        ok: true,
+        status: 200,
+        json: function () {
+          return Promise.resolve(j);
+        },
+        text: function () {
+          return Promise.resolve("");
+        }
+      };
+    }
+    var st = resp.status;
+    if (j && typeof j.status === "number" && Number.isFinite(j.status)) {
+      st = j.status;
+    }
+    return {
+      ok: false,
+      status: st,
+      json: function () {
+        return Promise.resolve(j);
+      },
+      text: function () {
+        return Promise.resolve(String((j && j.error) || resp.status));
+      }
+    };
+  }
+
   /** 与原先 fetch 类似的接口：ok / status / json() / text() */
   async function fetchMemoryApi(method, params) {
+    var p = params || {};
+    if (!isMemoryPanelLoopbackHost()) {
+      return fetchMemoryApiHttp(method, p);
+    }
     try {
-      var res = await gatewayRpc(method, params || {});
+      var res = await gatewayRpc(method, p);
       if (res.ok) {
         return {
           ok: true,
@@ -1036,6 +1184,12 @@ function buildClientScript(): string {
           }
         };
       }
+      if (res.unauthorized) {
+        var httpRes = await fetchMemoryApiHttp(method, p);
+        if (httpRes.ok) {
+          return httpRes;
+        }
+      }
       var st = res.payload && res.payload.status ? parseInt(String(res.payload.status), 10) : 0;
       if (!Number.isFinite(st) || st < 400) {
         st = res.unauthorized ? 403 : 502;