openclaw-telegram-manager 1.3.0 → 1.3.2

package/src/lib/include-generator.ts

@@ -1,174 +0,0 @@
-import * as crypto from 'node:crypto';
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import JSON5 from 'json5';
-import type { Registry, TopicEntry, TopicType } from './types.js';
-
-// ── Constants ──────────────────────────────────────────────────────────
-
-const INCLUDE_FILENAME = 'telegram-manager.generated.groups.json5';
-const FILE_MODE = 0o600;
-
-// ── System prompt template ─────────────────────────────────────────────
-
-/**
- * Build the per-topic systemPrompt using absolute paths resolved at generation time.
- */
-export function getSystemPromptTemplate(slug: string, absoluteWorkspacePath: string): string {
-  return `You are the assistant for the Telegram topic: ${slug}.
-
-Determinism rules:
-- Source of truth is the project capsule at: ${absoluteWorkspacePath}/projects/${slug}/
-- After /reset, /new, or context compaction: ALWAYS re-read STATUS.md,
-  then TODO.md, then COMMANDS.md before continuing work. Do not rely on
-  summarized memory for paths, commands, or task state.
-- Before context compaction or when the conversation is long: proactively
-  flush current progress to STATUS.md (update "Last done (UTC)" and
-  "Next 3 actions") so compaction cannot erase critical state.
-  Use the standard file write tool directly — do not route through /topic.
-- Keep STATUS.md accurate: always maintain "Last done (UTC)" and "Next 3 actions".
-- When new commands appear, add them to COMMANDS.md (don't leave them only in chat).
-- When new links/paths/services appear, add them to LINKS.md.
-- If automation/cron is involved, record job IDs + schedules in CRON.md.
-- Task IDs (e.g., [T-1]) must stay consistent between STATUS.md and TODO.md.
-
-Separation:
-- Do not mix in other topics' work unless explicitly requested.
-- Ask one clarifying question if the next action is ambiguous.`;
-}
-
-// ── Registry hash ──────────────────────────────────────────────────────
-
-/**
- * Compute a SHA256 hash of the registry topics for drift detection.
- */
-export function computeRegistryHash(topics: Registry['topics']): string {
-  const content = JSON.stringify(topics);
-  return crypto.createHash('sha256').update(content).digest('hex');
-}
-
-// ── Build include object ───────────────────────────────────────────────
-
-/**
- * Build the JavaScript object for the generated include file.
- * Groups topics by groupId, with each topic's config under its threadId.
- */
-export function buildIncludeObject(
-  registry: Registry,
-  workspaceDir: string,
-): Record<string, unknown> {
-  const absoluteWorkspacePath = path.resolve(workspaceDir);
-  const groups: Record<string, { topics: Record<string, unknown> }> = {};
-
-  for (const entry of Object.values(registry.topics)) {
-    const { groupId, threadId, slug, type, status } = entry;
-
-    if (!groups[groupId]) {
-      groups[groupId] = { topics: {} };
-    }
-
-    const isEnabled = status !== 'archived';
-    const skills = getSkillsForType(type);
-    const systemPrompt = getSystemPromptTemplate(slug, absoluteWorkspacePath);
-
-    groups[groupId].topics[threadId] = {
-      enabled: isEnabled,
-      skills,
-      systemPrompt,
-    };
-  }
-
-  return groups;
-}
-
-/**
- * Get the default skills list for a topic type.
- */
-function getSkillsForType(type: TopicType): string[] {
-  switch (type) {
-    case 'coding':
-      return ['coding-agent'];
-    case 'research':
-      return ['research-agent'];
-    case 'marketing':
-      return ['marketing-agent'];
-    default:
-      return [];
-  }
-}
-
-// ── Generate include file ──────────────────────────────────────────────
-
-/**
- * Generate the JSON5 include file from the registry.
- *
- * Steps:
- * 1. Build JS object from registry entries
- * 2. Serialize via JSON5.stringify (never string interpolation)
- * 3. Parse back to verify round-trip integrity
- * 4. Atomic write with .bak
- * 5. Prepend registry-hash comment
- */
-export function generateInclude(
-  workspaceDir: string,
-  registry: Registry,
-  configDir: string,
-): void {
-  const includeObj = buildIncludeObject(registry, workspaceDir);
-  const hash = computeRegistryHash(registry.topics);
-
-  // Serialize via JSON5.stringify
-  const json5Content = JSON5.stringify(includeObj, null, 2);
-
-  // Round-trip validation: parse back to verify integrity
-  try {
-    JSON5.parse(json5Content);
-  } catch (err) {
-    throw new Error(
-      `Include generation failed: round-trip validation error. ${err instanceof Error ? err.message : String(err)}`,
-    );
-  }
-
-  // Build final content with header comment
-  const header = [
-    '// This file is generated by telegram-manager. Do not hand-edit.',
-    `// Rebuild from: ${path.resolve(workspaceDir)}/projects/topics.json`,
-    `// registry-hash: sha256:${hash}`,
-  ].join('\n');
-
-  const finalContent = header + '\n' + json5Content + '\n';
-
-  // Atomic write
-  const includePath = path.join(configDir, INCLUDE_FILENAME);
-  const tmpPath = includePath + '.tmp';
-  const bakPath = includePath + '.bak';
-
-  // Backup existing file if it exists
-  if (fs.existsSync(includePath)) {
-    fs.copyFileSync(includePath, bakPath);
-    fs.chmodSync(bakPath, FILE_MODE);
-  }
-
-  // Write to tmp then rename (atomic on POSIX)
-  fs.writeFileSync(tmpPath, finalContent, { mode: FILE_MODE });
-  fs.renameSync(tmpPath, includePath);
-  fs.chmodSync(includePath, FILE_MODE);
-}
-
-// ── Extract registry hash from include file ────────────────────────────
-
-/**
- * Extract the registry-hash from an existing include file's content.
- * Returns the hash string or null if not found.
- */
-export function extractRegistryHash(includeContent: string): string | null {
-  const match = includeContent.match(/^\/\/ registry-hash: sha256:([a-f0-9]+)$/m);
-  return match?.[1] ?? null;
-}
-
-/**
- * Get the path to the generated include file.
- */
-export function includePath(configDir: string): string {
-  return path.join(configDir, INCLUDE_FILENAME);
-}

package/src/lib/registry.ts

@@ -1,197 +0,0 @@
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import lockfile from 'proper-lockfile';
-import { Value } from '@sinclair/typebox/value';
-import {
-  RegistrySchema,
-  TopicEntrySchema,
-  CURRENT_REGISTRY_VERSION,
-  MAX_TOPICS_DEFAULT,
-} from './types.js';
-import type { Registry, TopicEntry } from './types.js';
-
-// ── Constants ──────────────────────────────────────────────────────────
-
-const REGISTRY_FILENAME = 'topics.json';
-const FILE_MODE = 0o600;
-const LOCK_TIMEOUT = 5000;
-const LOCK_RETRY_INTERVAL = 100;
-
-// ── Path helpers ───────────────────────────────────────────────────────
-
-export function registryPath(workspaceDir: string): string {
-  return path.join(workspaceDir, 'projects', REGISTRY_FILENAME);
-}
-
-// ── Schema migration pipeline ──────────────────────────────────────────
-
-type MigrationFn = (data: Record<string, unknown>) => Record<string, unknown>;
-
-const migrations: Record<string, MigrationFn> = {
-  // Add migrations here as needed:
-  // '1_to_2': (data) => { ... return data; },
-};
-
-function migrateRegistry(data: Record<string, unknown>): Record<string, unknown> {
-  const rawVersion = data['version'];
-  if (typeof rawVersion !== 'number') {
-    throw new Error('Registry missing or invalid version field in migration');
-  }
-  let version = rawVersion;
-
-  while (version < CURRENT_REGISTRY_VERSION) {
-    const key = `${version}_to_${version + 1}`;
-    const fn = migrations[key];
-    if (!fn) {
-      throw new Error(
-        `No migration function found for ${key}. Cannot upgrade registry from v${version}.`,
-      );
-    }
-    data = fn(data);
-    version++;
-    data['version'] = version;
-  }
-
-  return data;
-}
-
-// ── Read ───────────────────────────────────────────────────────────────
-
-/**
- * Read and validate the registry from disk.
- * - Migrates if version is behind current
- * - Rejects if version is ahead of current
- * - Quarantines invalid topic entries (logs + excludes)
- */
-export function readRegistry(workspaceDir: string): Registry {
-  const regPath = registryPath(workspaceDir);
-  const raw = fs.readFileSync(regPath, 'utf-8');
-  let data: Record<string, unknown>;
-
-  try {
-    data = JSON.parse(raw) as Record<string, unknown>;
-  } catch {
-    throw new Error(`Failed to parse registry at ${regPath}: invalid JSON`);
-  }
-
-  // Version check
-  const version = data['version'];
-  if (typeof version !== 'number') {
-    throw new Error('Registry missing version field');
-  }
-
-  if (version > CURRENT_REGISTRY_VERSION) {
-    throw new Error(
-      `Registry version ${version} is newer than this plugin supports (v${CURRENT_REGISTRY_VERSION}). Please upgrade openclaw-telegram-manager.`,
-    );
-  }
-
-  // Migrate if needed
-  if (version < CURRENT_REGISTRY_VERSION) {
-    data = migrateRegistry(data);
-  }
-
-  // Quarantine invalid topic entries
-  const topics = data['topics'];
-  if (topics && typeof topics === 'object' && !Array.isArray(topics)) {
-    const validTopics: Record<string, TopicEntry> = {};
-    for (const [key, entry] of Object.entries(topics as Record<string, unknown>)) {
-      if (Value.Check(TopicEntrySchema, entry)) {
-        validTopics[key] = entry as TopicEntry;
-      } else {
-        const errors = [...Value.Errors(TopicEntrySchema, entry)];
-        const errorMsg = errors.map((e) => `${e.path}: ${e.message}`).join('; ');
-        console.error(`[registry] Quarantined invalid entry "${key}": ${errorMsg}`);
-      }
-    }
-    data['topics'] = validTopics;
-  }
-
-  // Validate the full registry schema
-  if (!Value.Check(RegistrySchema, data)) {
-    const errors = [...Value.Errors(RegistrySchema, data)];
-    const errorMsg = errors.map((e) => `${e.path}: ${e.message}`).join('; ');
-    throw new Error(`Registry validation failed: ${errorMsg}`);
-  }
-
-  return data as Registry;
-}
-
-// ── Atomic write ───────────────────────────────────────────────────────
-
-/**
- * Atomically write registry data to disk.
- * Writes to a .tmp file then renames (atomic on POSIX).
- */
-export function writeRegistryAtomic(filePath: string, data: Registry): void {
-  const tmpPath = filePath + '.tmp';
-  const content = JSON.stringify(data, null, 2) + '\n';
-
-  fs.writeFileSync(tmpPath, content, { mode: FILE_MODE });
-  fs.renameSync(tmpPath, filePath);
-  fs.chmodSync(filePath, FILE_MODE);
-}
-
-// ── withRegistry pattern ───────────────────────────────────────────────
-
-/**
- * Lock the registry, read it, apply a mutation function, and write it back.
- * The lock prevents concurrent writes from corrupting the registry.
- *
- * The mutation function receives the registry data and can modify it.
- * Return value of the mutation function is passed through as the return value.
- */
-export async function withRegistry<T>(
-  workspaceDir: string,
-  fn: (data: Registry) => T | Promise<T>,
-): Promise<T> {
-  const regPath = registryPath(workspaceDir);
-  const lockDir = path.dirname(regPath);
-
-  // Ensure the registry file exists before locking
-  if (!fs.existsSync(regPath)) {
-    throw new Error(`Registry not found at ${regPath}. Run setup first.`);
-  }
-
-  let release: (() => Promise<void>) | undefined;
-
-  try {
-    release = await lockfile.lock(regPath, {
-      stale: LOCK_TIMEOUT * 2,
-      retries: {
-        retries: Math.ceil(LOCK_TIMEOUT / LOCK_RETRY_INTERVAL),
-        minTimeout: LOCK_RETRY_INTERVAL,
-        maxTimeout: LOCK_RETRY_INTERVAL,
-      },
-      lockfilePath: path.join(lockDir, REGISTRY_FILENAME + '.lock'),
-    });
-
-    const data = readRegistry(workspaceDir);
-    const result = await fn(data);
-
-    // Write the (potentially mutated) registry back
-    writeRegistryAtomic(regPath, data);
-
-    return result;
-  } finally {
-    if (release) {
-      await release();
-    }
-  }
-}
-
-// ── Empty registry factory ─────────────────────────────────────────────
-
-/**
- * Create a new empty registry with default values.
- */
-export function createEmptyRegistry(callbackSecret: string): Registry {
-  return {
-    version: CURRENT_REGISTRY_VERSION,
-    topicManagerAdmins: [],
-    callbackSecret,
-    lastDoctorAllRunAt: null,
-    maxTopics: MAX_TOPICS_DEFAULT,
-    topics: {},
-  };
-}

package/src/lib/security.ts

@@ -1,174 +0,0 @@
-import * as crypto from 'node:crypto';
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-
-// ── Slug validation ────────────────────────────────────────────────────
-
-const SLUG_RE = /^[a-z][a-z0-9-]{0,49}$/;
-
-/** Validate a slug against the allowed pattern. */
-export function validateSlug(slug: string): boolean {
-  return SLUG_RE.test(slug);
-}
-
-/**
- * Sanitize a title into a valid slug.
- * Strip non-alphanumeric (except hyphens), strip dots, collapse
- * consecutive hyphens, trim leading/trailing hyphens, lowercase.
- */
-export function sanitizeSlug(title: string): string {
-  return title
-    .toLowerCase()
-    .replace(/\./g, '')                // strip dots explicitly
-    .replace(/[^a-z0-9-]/g, '-')      // non-alphanum to hyphen
-    .replace(/-{2,}/g, '-')           // collapse consecutive hyphens
-    .replace(/^-+|-+$/g, '')          // trim leading/trailing hyphens
-    .slice(0, 50);                    // enforce max length
-}
-
-// ── Path safety ────────────────────────────────────────────────────────
-
-/**
- * Jail check: ensure `userPath` resolves within `base`.
- * Returns true if safe, false if the path escapes the base.
- */
-export function jailCheck(base: string, userPath: string): boolean {
-  const resolved = path.resolve(base, userPath);
-  const normalizedBase = path.resolve(base) + path.sep;
-  return resolved.startsWith(normalizedBase) || resolved === path.resolve(base);
-}
-
-/**
- * Reject symlinks. Returns true if the path is a symlink (should be rejected).
- * Returns false if not a symlink or path does not exist.
- */
-export function rejectSymlink(filePath: string): boolean {
-  try {
-    return fs.lstatSync(filePath).isSymbolicLink();
-  } catch {
-    return false;
-  }
-}
-
-// ── HMAC signing / verification ────────────────────────────────────────
-
-/**
- * Sign a payload with HMAC-SHA256, returning the first 16 hex chars.
- * Truncated to 8 bytes (16 hex chars) to fit within Telegram's 64-byte
- * callback_data limit. Online brute-force is infeasible due to Telegram rate limits.
- */
-export function hmacSign(secret: string, payload: string): string {
-  return crypto
-    .createHmac('sha256', secret)
-    .update(payload)
-    .digest('hex')
-    .slice(0, 16);
-}
-
-/**
- * Verify an HMAC signature using constant-time comparison.
- * Returns true if the signature is valid.
- */
-export function hmacVerify(secret: string, payload: string, signature: string): boolean {
-  const expected = hmacSign(secret, payload);
-  if (expected.length !== signature.length) return false;
-  try {
-    return crypto.timingSafeEqual(
-      Buffer.from(expected, 'utf8'),
-      Buffer.from(signature, 'utf8'),
-    );
-  } catch {
-    return false;
-  }
-}
-
-// ── HTML escaping ──────────────────────────────────────────────────────
-
-const HTML_ESCAPE_MAP: Record<string, string> = {
-  '<': '&lt;',
-  '>': '&gt;',
-  '&': '&amp;',
-  '"': '&quot;',
-};
-
-/** Escape HTML special characters for safe Telegram HTML output. */
-export function htmlEscape(str: string): string {
-  return str.replace(/[<>&"]/g, (ch) => HTML_ESCAPE_MAP[ch] ?? ch);
-}
-
-// ── ID validation ──────────────────────────────────────────────────────
-
-const GROUP_ID_RE = /^-?\d+$/;
-const THREAD_ID_RE = /^\d+$/;
-
-/** Validate a Telegram group ID (may be negative). */
-export function validateGroupId(id: string): boolean {
-  return GROUP_ID_RE.test(id);
-}
-
-/** Validate a Telegram thread ID (positive integer). */
-export function validateThreadId(id: string): boolean {
-  return THREAD_ID_RE.test(id);
-}
-
-// ── Callback data handling ─────────────────────────────────────────────
-
-const CALLBACK_RE = /^tm:[a-z0-9]+:[a-z0-9-]+:-?\d+:\d+:[a-f0-9]+$/;
-
-export interface CallbackData {
-  action: string;
-  slug: string;
-  groupId: string;
-  threadId: string;
-}
-
-/**
- * Build callback data string with HMAC signature.
- * Format: tm:<action>:<slug>:<groupId>:<threadId>:<hmac>
- */
-export function buildCallbackData(
-  action: string,
-  slug: string,
-  groupId: string,
-  threadId: string,
-  secret: string,
-): string {
-  const payload = `tm:${action}:${slug}:${groupId}:${threadId}`;
-  const sig = hmacSign(secret, payload);
-  return `${payload}:${sig}`;
-}
-
-/**
- * Parse and verify callback data.
- * Returns the parsed data or null if verification fails.
- *
- * Checks:
- * 1. Format matches the expected regex
- * 2. HMAC is valid
- * 3. groupId and threadId match the context (prevents cross-topic tampering)
- */
-export function parseAndVerifyCallback(
-  data: string,
-  secret: string,
-  contextGroupId: string,
-  contextThreadId: string,
-): CallbackData | null {
-  if (!CALLBACK_RE.test(data)) return null;
-
-  const parts = data.split(':');
-  // tm : action : slug : groupId : threadId : hmac
-  if (parts.length !== 6) return null;
-
-  const [, action, slug, groupId, threadId, signature] = parts as [
-    string, string, string, string, string, string,
-  ];
-
-  // Verify context match (prevent cross-topic tampering)
-  if (groupId !== contextGroupId || threadId !== contextThreadId) return null;
-
-  // Verify HMAC
-  const payload = `tm:${action}:${slug}:${groupId}:${threadId}`;
-  if (!hmacVerify(secret, payload, signature)) return null;
-
-  return { action, slug, groupId, threadId };
-}