openclaw-scheduler 0.2.0 → 0.2.2

package/provider-registry.js

@@ -0,0 +1,94 @@
+import { readdir, stat as fsStat } from 'node:fs/promises';
+import { join, resolve } from 'node:path';
+import { pathToFileURL } from 'node:url';
+
+const identityProviders = new Map();
+const authorizationProviders = new Map();
+const proofVerifiers = new Map();
+
+/**
+ * Load provider plugins from a directory. Every *.js file is imported and
+ * its default export registered by type (identity / authorization / proof-verifier).
+ *
+ * TRUST BOUNDARY: This directory is dynamically imported at startup. Only
+ * point SCHEDULER_PROVIDER_PATH at operator-controlled directories. The loader
+ * refuses world-writable directories as a minimal safety net, but the
+ * primary defense is correct deployment configuration.
+ */
+export async function loadProviders(dirPath) {
+  if (!dirPath) return;
+  const absPath = resolve(dirPath);
+
+  // Trust boundary: provider plugins run arbitrary code in the scheduler process.
+  // Refuse to load from world-writable directories to prevent code injection.
+  try {
+    const dirStat = await fsStat(absPath);
+    if ((dirStat.mode & 0o002) !== 0) {
+      console.error(`[provider-registry] REFUSING to load providers: ${absPath} is world-writable (mode 0${(dirStat.mode & 0o777).toString(8)}). Fix permissions or use a trusted directory.`);
+      return;
+    }
+  } catch (err) {
+    console.error(`[provider-registry] Cannot stat provider directory ${absPath}: ${err.message}`);
+    return;
+  }
+
+  const files = await readdir(absPath);
+  const jsFiles = files.filter(f => f.endsWith('.js'));
+
+  for (const file of jsFiles) {
+    const filePath = join(absPath, file);
+    try {
+      const mod = await import(pathToFileURL(filePath).href);
+      const provider = mod.default;
+      if (!provider || !provider.name || !provider.type) {
+        console.warn(`[provider-registry] Skipping ${file}: missing name or type`);
+        continue;
+      }
+      if (provider.type === 'identity') {
+        identityProviders.set(provider.name, provider);
+      } else if (provider.type === 'authorization') {
+        authorizationProviders.set(provider.name, provider);
+      } else if (provider.type === 'proof-verifier') {
+        proofVerifiers.set(provider.name, provider);
+      } else {
+        console.warn(`[provider-registry] Skipping ${file}: unknown type "${provider.type}"`);
+      }
+    } catch (err) {
+      console.error(`[provider-registry] Failed to load ${file}: ${err.message}`);
+    }
+  }
+
+  const total = identityProviders.size + authorizationProviders.size + proofVerifiers.size;
+  console.log(`[provider-registry] Loaded ${total} provider(s) from ${absPath}`);
+}
+
+export function getIdentityProvider(name) {
+  return identityProviders.get(name) || null;
+}
+
+export function getAuthorizationProvider(name) {
+  return authorizationProviders.get(name) || null;
+}
+
+export function getProofVerifier(name) {
+  return proofVerifiers.get(name) || null;
+}
+
+export function hasProvider(name) {
+  return identityProviders.has(name) || authorizationProviders.has(name) || proofVerifiers.has(name);
+}
+
+export function listProviders() {
+  const result = [];
+  for (const [name, p] of identityProviders) result.push({ name, type: p.type });
+  for (const [name, p] of authorizationProviders) result.push({ name, type: p.type });
+  for (const [name, p] of proofVerifiers) result.push({ name, type: p.type });
+  return result;
+}
+
+// For testing: reset all registries
+export function _resetForTesting() {
+  identityProviders.clear();
+  authorizationProviders.clear();
+  proofVerifiers.clear();
+}

package/scheduler-schema.js

@@ -22,7 +22,9 @@ export const SCHEDULER_SCHEMAS = {
       max_trigger_fanout: { type: 'integer', min: 1, default: 25 },
       delivery_mode: { type: 'string', enum: ['announce', 'announce-always', 'none'], default: 'announce' },
       delivery_channel: { type: 'string', nullable: true },
-      delivery_to: { type: 'string', nullable: true },
+      // REQUIRED on insert for non-exempt jobs. Exempt: job_type='watchdog', name starts with 'watchdog:',
+      // session_target='main', or delivery_mode='none'. Set to the origin chat_id so results reach the right chat.
+      delivery_to: { type: 'string', nullable: true, required: 'non-system jobs', description: 'Target chat/user id for delivery (e.g. telegram chat_id). Required on insert for non-system jobs.' },
       parent_id: { type: 'string', nullable: true },
       trigger_on: { type: 'string', enum: ['success', 'failure', 'complete'], nullable: true },
       trigger_delay_s: { type: 'integer', min: 0, default: 0 },
@@ -38,8 +40,8 @@ export const SCHEDULER_SCHEMAS = {
       context_retrieval: { type: 'string', enum: ['none', 'recent', 'hybrid'], default: 'none' },
       context_retrieval_limit: { type: 'integer', min: 1, default: 5 },
       output_store_limit_bytes: { type: 'integer', min: 128, default: 65536 },
-      output_excerpt_limit_bytes: { type: 'integer', min: 64, default: 2000 },
-      output_summary_limit_bytes: { type: 'integer', min: 64, default: 5000 },
+      output_excerpt_limit_bytes: { type: 'integer', min: 64, default: 65536 },
+      output_summary_limit_bytes: { type: 'integer', min: 64, default: 65536 },
       output_offload_threshold_bytes: { type: 'integer', min: 128, default: 65536 },
       preferred_session_key: { type: 'string', nullable: true },
       auth_profile: { type: 'string', nullable: true, description: 'Auth profile override: null=default, "inherit"=main session profile, or "provider:label"' },

package/schema.sql

@@ -81,8 +81,8 @@ CREATE TABLE IF NOT EXISTS jobs (
 
   -- Output handling (v14)
   output_store_limit_bytes INTEGER NOT NULL DEFAULT 65536,
-  output_excerpt_limit_bytes INTEGER NOT NULL DEFAULT 2000,
-  output_summary_limit_bytes INTEGER NOT NULL DEFAULT 5000,
+  output_excerpt_limit_bytes INTEGER NOT NULL DEFAULT 65536,
+  output_summary_limit_bytes INTEGER NOT NULL DEFAULT 65536,
   output_offload_threshold_bytes INTEGER NOT NULL DEFAULT 65536,
 
   -- Session continuity (v9)

package/scripts/inbox-consumer.mjs

@@ -118,7 +118,7 @@ function formatMessageForDelivery(msg, { brand = 'Scheduler' } = {}) {
   const subject = msg.subject || 'Notification';
   const header = `${brand} | ${subject} | ${age}`;
 
-  return `${header}\n\n${body}`.slice(0, 4000);
+  return `${header}\n\n${body}`;
 }
 
 /**
@@ -137,12 +137,17 @@ function _formatMessagesDebug(msgs, agentId) {
 }
 
 function selectPendingMessages(db, agentId, limit) {
+  // Only fetch 'pending' messages for user-facing delivery.
+  // Messages with status='delivered' have already been injected into an AI
+  // agent's context prompt (by buildJobPrompt/markDelivered in dispatcher.js)
+  // and must NOT be re-delivered to the user via Telegram — doing so causes
+  // duplicate notifications on every inbox-consumer run.
   return db.prepare(`
     SELECT id, from_agent, to_agent, subject, body, kind, created_at, priority,
            delivery_to, channel
     FROM messages
     WHERE (to_agent = ? OR to_agent = 'broadcast')
-      AND status IN ('pending', 'delivered')
+      AND status = 'pending'
     ORDER BY
       CASE kind
         WHEN 'constraint' THEN 0
@@ -273,8 +278,30 @@ try {
     }, 250);
   });
 
+  // Periodic poll fallback — catches messages that slip through WAL checkpoints.
+  // When SQLite checkpoints the WAL (merges it back into the main DB), the WAL
+  // file is reset and the watcher may miss a subsequent write. This belt-and-
+  // suspenders poll ensures delivery within at most INBOX_POLL_INTERVAL_MS.
+  const pollIntervalMs = parsePositiveInt(process.env.INBOX_POLL_INTERVAL_MS, 60000);
+  const pollInterval = setInterval(async () => {
+    if (draining) return;
+    draining = true;
+    try {
+      const n = await drainOnce(db, { to: deliveryTo, channel, agentId, limit, brand });
+      if (n > 0) {
+        process.stdout.write(`[inbox-consumer] poll fallback delivered ${n} pending message(s)\n`);
+      }
+    } catch (err) {
+      process.stderr.write(`[inbox-consumer] poll fallback error: ${err.message}\n`);
+    } finally {
+      draining = false;
+    }
+  }, pollIntervalMs);
+  process.stdout.write(`[inbox-consumer] poll fallback enabled (interval=${pollIntervalMs}ms)\n`);
+
   const shutdown = (signal) => {
     if (timer) clearTimeout(timer);
+    clearInterval(pollInterval);
     watcher.close();
     process.stdout.write(`[inbox-consumer] ${signal}; exiting\n`);
     process.exit(0);

package/shell-result.js

@@ -4,8 +4,8 @@ import { getResolvedDbPath } from './db.js';
 import { ensureArtifactsDir, resolveArtifactsDir } from './paths.js';
 
 export const DEFAULT_STORE_LIMIT = 64 * 1024;
-export const DEFAULT_EXCERPT_LIMIT = 2000;
-export const DEFAULT_SUMMARY_LIMIT = 5000;
+export const DEFAULT_EXCERPT_LIMIT = 64 * 1024;
+export const DEFAULT_SUMMARY_LIMIT = 64 * 1024;
 export const DEFAULT_OFFLOAD_THRESHOLD = 64 * 1024;
 
 function toText(value) {
@@ -92,7 +92,24 @@ export function normalizeShellResult(
     artifactsDir = resolveArtifactsDir({ dbPath: getResolvedDbPath() }),
   } = {}
 ) {
-  const stdoutText = toText(stdout);
+  const rawStdout = toText(stdout);
+
+  // Extract [IMAGE:path] markers from stdout before processing.
+  // Scripts can signal image attachments by writing lines like:
+  //   [IMAGE:/tmp/chart.png]
+  //   [IMAGE:/tmp/report.pdf]
+  // Extracted paths are passed through to the delivery layer.
+  const IMAGE_MARKER_RE = /^\[IMAGE:(\/[^\]\n]+)\]$/gm;
+  const imageAttachments = [];
+  let match;
+  while ((match = IMAGE_MARKER_RE.exec(rawStdout)) !== null) {
+    imageAttachments.push(match[1]);
+  }
+  // Strip markers from stdout so they don't appear in delivery text
+  const stdoutText = imageAttachments.length > 0
+    ? rawStdout.replace(IMAGE_MARKER_RE, '').replace(/\n{3,}/g, '\n\n').trim()
+    : rawStdout;
+
   const stderrText = toText(stderr);
   const stdoutBytes = textBytes(stdoutText);
   const stderrBytes = textBytes(stderrText);
@@ -144,6 +161,7 @@ export function normalizeShellResult(
     stderrTruncated: stderrStored.truncated,
     summary: truncateText(previewText, summaryLimit).text,
     deliveryText: previewText,
+    imageAttachments,
     errorMessage,
     contextSummary: {
       shell_result: {