openclaw-navigator 5.5.0 → 5.5.2

package/cli.mjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 /**
- * openclaw-navigator v5.5.0
+ * openclaw-navigator v5.5.2
  *
  * One-command bridge + tunnel for the Navigator browser.
  * Starts a local bridge, creates a Cloudflare tunnel automatically,
@@ -1278,51 +1278,20 @@ function handleRequest(req, res) {
     return;
   }
 
-  // ── Reverse proxy: /api/* → OC Gateway (localhost:ocGatewayPort) ──────────
-  // ALL /api/* requests go to the OC gateway EXCEPT:
-  //   - /api/auth/* → falls through to web UI (NextAuth login/session)
-  //   - /api/sessions/respond + /api/sessions/stream → handled locally above
-  //   - /api/sessions/send → smart SSE bridge above
-  // The OC web UI frontend expects /api/agents, /api/sessions/*, /api/chat/*,
-  // etc. to reach the gateway. Only /api/auth/* is a Next.js API route.
-  if (path.startsWith("/api/") && !path.startsWith("/api/auth/") && path !== "/api/auth") {
-    const targetURL = `${path}${url.search}`;
-
-    const proxyOpts = {
-      hostname: "127.0.0.1",
-      port: ocGatewayPort,
-      path: targetURL,
-      method: req.method,
-      headers: {
-        ...req.headers,
-        host: `127.0.0.1:${ocGatewayPort}`,
-      },
-    };
-
-    const proxyReq = httpRequest(proxyOpts, (proxyRes) => {
-      const headers = { ...proxyRes.headers };
-      headers["access-control-allow-origin"] = "*";
-      headers["access-control-allow-methods"] = "GET, POST, PUT, DELETE, OPTIONS";
-      headers["access-control-allow-headers"] = "Content-Type, Authorization";
-      res.writeHead(proxyRes.statusCode ?? 502, headers);
-      proxyRes.pipe(res, { end: true });
-    });
-
-    proxyReq.on("error", (err) => {
-      sendJSON(res, 502, {
-        ok: false,
-        error: `OC Gateway not reachable on port ${ocGatewayPort}`,
-        detail: err.message,
-        hint:
-          "Make sure the OC gateway is running on port " +
-          ocGatewayPort +
-          " (openclaw gateway start)",
-      });
-    });
-
-    req.pipe(proxyReq, { end: true });
-    return;
-  }
+  // ── /api/* routing strategy ──────────────────────────────────────────────
+  // NO direct gateway proxy for /api/* here. The web UI (Next.js on port 4000)
+  // has its own /api/* routes that act as a BFF (Backend for Frontend) —
+  // they call the gateway internally (localhost:18789) and return clean JSON.
+  // Routing /api/* directly to the gateway bypasses the BFF and breaks things
+  // (e.g. /api/agents returns raw SSE instead of JSON).
+  //
+  // Specific bridge-handled routes (above this point):
+  //   - /api/sessions/respond → local WebSocket broadcast
+  //   - /api/sessions/stream  → local WebSocket broadcast
+  //   - /api/sessions/send    → smart SSE bridge to gateway (sidepane chat)
+  //
+  // Everything else (/api/agents, /api/auth/*, /api/chat/*, etc.) falls through
+  // to the fallback proxy below, which sends it to port 4000 (web UI).
 
   // ── Root → redirect to /ui/ (Next.js basePath) or show bridge status ──
   if (req.method === "GET" && path === "") {
@@ -1361,25 +1330,37 @@ function handleRequest(req, res) {
   }
 
   // ── Fallback: proxy unmatched paths → OC Web UI ──────────────────────
-  // Catches /login, /_next/*, /static/*, /favicon.ico, etc.
+  // Catches /api/*, /login, /_next/*, /static/*, /favicon.ico, etc.
   // MUST apply the same cookie/redirect/forwarded-header treatment as /ui/*
   // or login won't work (session cookies get lost through the tunnel).
+  //
+  // SSE safety: If the web UI returns text/event-stream but the browser
+  // expects JSON (e.g. /api/agents), we collect the SSE events and return
+  // them as a JSON array. This prevents "data: ... is not valid JSON" errors.
   {
     const targetURL = `${path}${url.search}`;
     const incomingHost = req.headers.host || "localhost";
 
+    // Encourage JSON responses from the web UI's API routes
+    const proxyHeaders = {
+      ...req.headers,
+      host: `127.0.0.1:${ocUIPort}`,
+      "x-forwarded-host": incomingHost,
+      "x-forwarded-proto": activeTunnelURL ? "https" : "http",
+      "x-forwarded-for": req.socket.remoteAddress || "127.0.0.1",
+    };
+
+    // For /api/* requests, prefer JSON over SSE
+    if (path.startsWith("/api/")) {
+      proxyHeaders["accept"] = "application/json, text/plain, */*";
+    }
+
     const proxyOpts = {
       hostname: "127.0.0.1",
       port: ocUIPort,
       path: targetURL,
       method: req.method,
-      headers: {
-        ...req.headers,
-        host: `127.0.0.1:${ocUIPort}`,
-        "x-forwarded-host": incomingHost,
-        "x-forwarded-proto": activeTunnelURL ? "https" : "http",
-        "x-forwarded-for": req.socket.remoteAddress || "127.0.0.1",
-      },
+      headers: proxyHeaders,
     };
 
     const proxyReq = httpRequest(proxyOpts, (proxyRes) => {
@@ -1408,6 +1389,72 @@ function handleRequest(req, res) {
         );
       }
 
+      // ── SSE→JSON conversion for /api/* endpoints ─────────────────────
+      // If the upstream returns text/event-stream but the request was an
+      // API call (which the frontend expects as JSON), we collect the SSE
+      // data events and return them as a JSON response.
+      const contentType = (proxyRes.headers["content-type"] || "").toLowerCase();
+      const isSSE = contentType.includes("text/event-stream");
+
+      if (isSSE && path.startsWith("/api/")) {
+        console.log(`  ${DIM}SSE→JSON: converting ${path}${RESET}`);
+        let buffer = "";
+        const items = [];
+
+        proxyRes.setEncoding("utf-8");
+        proxyRes.on("data", (chunk) => {
+          buffer += chunk;
+          const lines = buffer.split("\n");
+          buffer = lines.pop() || "";
+          for (const line of lines) {
+            if (line.startsWith("data: ")) {
+              const raw = line.slice(6).trim();
+              if (raw === "[DONE]" || !raw) {
+                continue;
+              }
+              try {
+                items.push(JSON.parse(raw));
+              } catch {
+                // Non-JSON SSE data — wrap as text
+                if (raw) {
+                  items.push({ text: raw });
+                }
+              }
+            }
+          }
+        });
+
+        proxyRes.on("end", () => {
+          // Process remaining buffer
+          if (buffer.startsWith("data: ")) {
+            const raw = buffer.slice(6).trim();
+            if (raw && raw !== "[DONE]") {
+              try {
+                items.push(JSON.parse(raw));
+              } catch {
+                if (raw) {
+                  items.push({ text: raw });
+                }
+              }
+            }
+          }
+
+          // Return as JSON — single object if 1 item, array if multiple
+          const result = items.length === 1 ? items[0] : items;
+          headers["content-type"] = "application/json";
+          delete headers["content-length"];
+          delete headers["transfer-encoding"];
+          res.writeHead(proxyRes.statusCode ?? 200, headers);
+          res.end(JSON.stringify(result));
+        });
+
+        proxyRes.on("error", () => {
+          sendJSON(res, 502, { ok: false, error: "SSE stream error" });
+        });
+        return;
+      }
+
+      // Non-SSE responses — stream through as-is
       res.writeHead(proxyRes.statusCode ?? 502, headers);
       proxyRes.pipe(res, { end: true });
     });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openclaw-navigator",
-  "version": "5.5.0",
+  "version": "5.5.2",
   "description": "One-command bridge + tunnel for the Navigator browser — works on any machine, any OS",
   "keywords": [
     "browser",