openclaw-navigator 5.3.4 → 5.4.1

package/cli.mjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 /**
- * openclaw-navigator v5.3.4
+ * openclaw-navigator v5.4.1
  *
  * One-command bridge + tunnel for the Navigator browser.
  * Starts a local bridge, creates a Cloudflare tunnel automatically,
@@ -17,10 +17,10 @@
  */
 
 import { spawn } from "node:child_process";
-import { randomUUID } from "node:crypto";
+import { randomUUID, createHash } from "node:crypto";
 import { existsSync, appendFileSync, readFileSync, writeFileSync, mkdirSync } from "node:fs";
 import { createServer, request as httpRequest } from "node:http";
-import { connect as netConnect } from "node:net";
+// node:net no longer needed — WebSocket is local, not proxied to gateway
 import { networkInterfaces, hostname, userInfo, homedir } from "node:os";
 import { dirname, join } from "node:path";
 import { fileURLToPath } from "node:url";
@@ -362,6 +362,159 @@ function validateBridgeAuth(req) {
   return validTokens.has(token);
 }
 
+// ── WebSocket server for chat (minimal, no dependencies) ────────────────
+// Tracks connected WebSocket clients. When the OC agent pushes messages
+// via /api/sessions/respond or /api/sessions/stream, we broadcast to all
+// connected Navigator chat panes.
+
+const wsClients = new Set();
+
+/** Accept a raw WebSocket upgrade on a socket. */
+function acceptWebSocket(req, socket) {
+  const key = req.headers["sec-websocket-key"];
+  if (!key) {
+    socket.destroy();
+    return null;
+  }
+  const accept = createHash("sha1")
+    .update(key + "258EAFA5-E914-47DA-95CA-5AB9C4F6B258")
+    .digest("base64");
+  socket.write(
+    "HTTP/1.1 101 Switching Protocols\r\n" +
+      "Upgrade: websocket\r\n" +
+      "Connection: Upgrade\r\n" +
+      `Sec-WebSocket-Accept: ${accept}\r\n\r\n`,
+  );
+  return socket;
+}
+
+/** Encode a string as a WebSocket text frame. */
+function wsEncodeText(str) {
+  const payload = Buffer.from(str, "utf8");
+  const len = payload.length;
+  let header;
+  if (len < 126) {
+    header = Buffer.alloc(2);
+    header[0] = 0x81; // FIN + text opcode
+    header[1] = len;
+  } else if (len < 65536) {
+    header = Buffer.alloc(4);
+    header[0] = 0x81;
+    header[1] = 126;
+    header.writeUInt16BE(len, 2);
+  } else {
+    header = Buffer.alloc(10);
+    header[0] = 0x81;
+    header[1] = 127;
+    header.writeBigUInt64BE(BigInt(len), 2);
+  }
+  return Buffer.concat([header, payload]);
+}
+
+/** Broadcast a JSON event to all connected WebSocket clients. */
+function broadcastToWS(event) {
+  const frame = wsEncodeText(JSON.stringify(event));
+  for (const client of wsClients) {
+    try {
+      client.write(frame);
+    } catch {
+      wsClients.delete(client);
+    }
+  }
+}
+
+/** Decode a masked WebSocket frame (client→server frames are always masked). */
+function wsDecodeFrame(buf) {
+  if (buf.length < 2) {
+    return null;
+  }
+  const opcode = buf[0] & 0x0f;
+  const masked = (buf[1] & 0x80) !== 0;
+  let payloadLen = buf[1] & 0x7f;
+  let offset = 2;
+  if (payloadLen === 126) {
+    if (buf.length < 4) {
+      return null;
+    }
+    payloadLen = buf.readUInt16BE(2);
+    offset = 4;
+  } else if (payloadLen === 127) {
+    if (buf.length < 10) {
+      return null;
+    }
+    payloadLen = Number(buf.readBigUInt64BE(2));
+    offset = 10;
+  }
+  let mask = null;
+  if (masked) {
+    if (buf.length < offset + 4) {
+      return null;
+    }
+    mask = buf.subarray(offset, offset + 4);
+    offset += 4;
+  }
+  if (buf.length < offset + payloadLen) {
+    return null;
+  }
+  const data = buf.subarray(offset, offset + payloadLen);
+  if (mask) {
+    for (let i = 0; i < data.length; i++) {
+      data[i] ^= mask[i % 4];
+    }
+  }
+  return { opcode, data, totalLength: offset + payloadLen };
+}
+
+/** Set up WebSocket message/close handling for a client socket. */
+function setupWSClient(socket) {
+  wsClients.add(socket);
+  console.log(`  ${DIM}WebSocket client connected (${wsClients.size} total)${RESET}`);
+
+  // Send initial connected event
+  try {
+    socket.write(wsEncodeText(JSON.stringify({ type: "connected", clients: wsClients.size })));
+  } catch {
+    /* ignore */
+  }
+
+  let buffer = Buffer.alloc(0);
+  socket.on("data", (chunk) => {
+    buffer = Buffer.concat([buffer, chunk]);
+    while (buffer.length > 0) {
+      const frame = wsDecodeFrame(buffer);
+      if (!frame) {
+        break;
+      }
+      buffer = buffer.subarray(frame.totalLength);
+      if (frame.opcode === 0x08) {
+        // Close frame
+        wsClients.delete(socket);
+        socket.destroy();
+        return;
+      }
+      if (frame.opcode === 0x09) {
+        // Ping — respond with pong
+        const pong = Buffer.alloc(2);
+        pong[0] = 0x8a; // FIN + pong
+        pong[1] = 0;
+        try {
+          socket.write(pong);
+        } catch {
+          /* ignore */
+        }
+      }
+      // Text frames (opcode 1) can be ignored — clients don't send chat messages via WS
+    }
+  });
+  socket.on("close", () => {
+    wsClients.delete(socket);
+    console.log(`  ${DIM}WebSocket client disconnected (${wsClients.size} remaining)${RESET}`);
+  });
+  socket.on("error", () => {
+    wsClients.delete(socket);
+  });
+}
+
 function handleRequest(req, res) {
   // CORS preflight
   if (req.method === "OPTIONS") {
@@ -828,9 +981,11 @@ function handleRequest(req, res) {
   }
 
   // ── Reverse proxy: /ui/* → OC Web UI (localhost:ocUIPort) ──────────────
-  // Keep /ui prefix — Next.js basePath: "/ui" expects it
+  // Strip /ui prefix — the Next.js app serves at root on port 4000.
+  // /ui/ → /, /ui/dashboard → /dashboard, /ui/_next/* → /_next/*
   if (path === "/ui" || path.startsWith("/ui/")) {
-    const targetURL = `${path}${url.search}`;
+    const strippedPath = path === "/ui" ? "/" : path.slice(3); // remove "/ui"
+    const targetURL = `${strippedPath}${url.search}`;
     const incomingHost = req.headers.host || "localhost";
 
     const proxyOpts = {
@@ -856,11 +1011,20 @@ function handleRequest(req, res) {
       headers["access-control-allow-headers"] = "Content-Type, Authorization, Cookie";
       headers["access-control-allow-credentials"] = "true";
 
-      // Fix redirects — rewrite Location from localhost:4000 to tunnel URL
+      // Fix redirects — rewrite Location: strip localhost, add /ui prefix back
+      // Since we stripped /ui before proxying, any redirect from the app
+      // (e.g. /login, /dashboard) needs the /ui prefix added back for the
+      // browser to stay within our /ui/* proxy.
       if (headers.location) {
-        headers.location = headers.location
+        let loc = headers.location
           .replace(`http://127.0.0.1:${ocUIPort}`, "")
           .replace(`http://localhost:${ocUIPort}`, "");
+        // If the redirect is a relative path (starts with /), add /ui prefix
+        // BUT don't double-prefix if it already starts with /ui
+        if (loc.startsWith("/") && !loc.startsWith("/ui")) {
+          loc = "/ui" + loc;
+        }
+        headers.location = loc;
       }
 
       // Fix cookies — remove domain restriction so they work through tunnel
@@ -890,8 +1054,71 @@ function handleRequest(req, res) {
     return;
   }
 
+  // ── Local chat handlers: respond + stream → WebSocket broadcast ─────
+  // These endpoints are called by the OC agent (via MCP tools) to push
+  // responses back to Navigator's chat pane. They broadcast via the
+  // local WebSocket server — NOT proxied to the gateway.
+  if (path === "/api/sessions/respond" && req.method === "POST") {
+    readBody(req)
+      .then((body) => {
+        try {
+          const data = JSON.parse(body);
+          const message = data.content || data.message || "";
+          const sessionKey = data.sessionKey || "main";
+          if (!message) {
+            sendJSON(res, 400, { ok: false, error: "Missing 'content' or 'message'" });
+            return;
+          }
+          // Broadcast as a final chat message via WebSocket
+          broadcastToWS({
+            type: "chat.final",
+            text: message,
+            content: message,
+            sessionKey,
+            role: "assistant",
+            timestamp: Date.now(),
+          });
+          console.log(
+            `  ${DIM}Chat respond → ${wsClients.size} WS client(s): ${message.substring(0, 60)}...${RESET}`,
+          );
+          sendJSON(res, 200, { ok: true, delivered: wsClients.size });
+        } catch {
+          sendJSON(res, 400, { ok: false, error: "Invalid JSON" });
+        }
+      })
+      .catch(() => sendJSON(res, 400, { ok: false, error: "Bad request" }));
+    return;
+  }
+
+  if (path === "/api/sessions/stream" && req.method === "POST") {
+    readBody(req)
+      .then((body) => {
+        try {
+          const data = JSON.parse(body);
+          const text = data.text || "";
+          const sessionKey = data.sessionKey || "main";
+          const runId = data.runId || null;
+          // Broadcast as a streaming delta
+          broadcastToWS({
+            type: "chat.delta",
+            text,
+            delta: text,
+            sessionKey,
+            runId,
+            timestamp: Date.now(),
+          });
+          sendJSON(res, 200, { ok: true, delivered: wsClients.size });
+        } catch {
+          sendJSON(res, 400, { ok: false, error: "Invalid JSON" });
+        }
+      })
+      .catch(() => sendJSON(res, 400, { ok: false, error: "Bad request" }));
+    return;
+  }
+
   // ── Reverse proxy: /api/sessions/* → OC Gateway (localhost:ocGatewayPort) ──
-  // ONLY proxy known OC gateway paths — /api/sessions/* (chat/agent endpoints).
+  // Proxies /api/sessions/send and /api/sessions/history to the OC gateway.
+  // /api/sessions/respond and /api/sessions/stream are handled locally above.
   // Other /api/* paths (e.g. /api/auth/* from NextAuth) fall through to the
   // web UI fallback so login and other web UI API routes work correctly.
   if (path.startsWith("/api/sessions/") || path === "/api/sessions") {
@@ -1247,64 +1474,24 @@ module.exports = {
     server.listen(port, bindHost, () => resolve());
   });
 
-  // ── WebSocket proxy — forward /ws connections to OC gateway ─────────
-  // The bridge is a transparent relay: Navigator connects to /ws here,
-  // we pipe to the OC gateway WebSocket at ws://localhost:ocGatewayPort/
-  // (OC Core accepts WebSocket at root /, not /ws)
+  // ── WebSocket server — local chat relay for Navigator clients ────────
+  // Navigator's OCChatService connects to /ws for real-time chat events.
+  // When the OC agent calls /api/sessions/respond or /api/sessions/stream,
+  // broadcastToWS pushes the event to all connected clients here.
   server.on("upgrade", (req, socket, head) => {
     const reqUrl = new URL(req.url ?? "/", "http://localhost");
     const reqPath = reqUrl.pathname;
 
-    // Only handle /ws paths (Navigator connects to /ws)
+    // Only handle /ws paths
     if (reqPath !== "/ws" && !reqPath.startsWith("/ws/")) {
       socket.destroy();
       return;
     }
 
-    // Connect to the gateway WebSocket
-    const gwSocket = netConnect(ocGatewayPort, "127.0.0.1", () => {
-      // Rewrite path: Navigator uses /ws but OC Core expects / (root)
-      const gwPath = reqPath === "/ws" ? "/" : reqPath.replace(/^\/ws/, "");
-      const upgradeHeaders = [
-        `${req.method} ${gwPath || "/"} HTTP/${req.httpVersion}`,
-        ...Object.entries(req.headers).map(([k, v]) => `${k}: ${v}`),
-        "",
-        "",
-      ].join("\r\n");
-      gwSocket.write(upgradeHeaders);
-      if (head && head.length > 0) {
-        gwSocket.write(head);
-      }
-    });
-
-    gwSocket.on("error", (err) => {
-      warn(`WS proxy: gateway on port ${ocGatewayPort} unreachable — ${err.message}`);
-      socket.destroy();
-    });
-
-    // Once the gateway responds with 101, pipe bidirectionally
-    gwSocket.once("data", (firstChunk) => {
-      const response = firstChunk.toString();
-      if (response.startsWith("HTTP/1.1 101")) {
-        // Forward the 101 response to the client
-        socket.write(firstChunk);
-        // Now pipe both directions transparently
-        socket.pipe(gwSocket);
-        gwSocket.pipe(socket);
-
-        socket.on("close", () => gwSocket.destroy());
-        gwSocket.on("close", () => socket.destroy());
-        socket.on("error", () => gwSocket.destroy());
-        gwSocket.on("error", () => socket.destroy());
-
-        console.log(`  ${DIM}WebSocket proxied to gateway:${ocGatewayPort}${RESET}`);
-      } else {
-        // Gateway rejected the upgrade
-        socket.write(firstChunk);
-        socket.destroy();
-        gwSocket.destroy();
-      }
-    });
+    const accepted = acceptWebSocket(req, socket);
+    if (accepted) {
+      setupWSClient(accepted);
+    }
   });
 
   ok(`Bridge server running on ${bindHost}:${port}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openclaw-navigator",
-  "version": "5.3.4",
+  "version": "5.4.1",
   "description": "One-command bridge + tunnel for the Navigator browser — works on any machine, any OS",
   "keywords": [
     "browser",