openclaw-watcher 0.0.1

package/src/healthcheck/health-checker.ts

@@ -0,0 +1,71 @@
+import axios, { AxiosError } from 'axios';
+import logger from '@/utils/logger.js';
+import { HealthCheckResult, MonitorConfig } from '@/types';
+
+export class HealthChecker {
+  private config: MonitorConfig;
+  private consecutiveFailures: number = 0;
+
+  constructor(config: MonitorConfig) {
+    this.config = config;
+  }
+
+  async check(): Promise<HealthCheckResult> {
+    const url = `${this.config.gatewayUrl}${this.config.healthEndpoint}`;
+    const startTime = Date.now();
+
+    try {
+      const response = await axios.get(url, {
+        timeout: this.config.timeout,
+        validateStatus: (status) => status < 500,
+      });
+
+      const responseTime = Date.now() - startTime;
+      const healthy = response.status >= 200 && response.status < 300;
+
+      if (healthy) {
+        this.consecutiveFailures = 0;
+      } else {
+        this.consecutiveFailures++;
+      }
+
+      const result: HealthCheckResult = {
+        healthy,
+        timestamp: new Date(),
+        endpoint: url,
+        responseTime,
+        statusCode: response.status,
+      };
+
+      logger.info('Health check completed', result);
+      return result;
+    } catch (error) {
+      this.consecutiveFailures++;
+      const responseTime = Date.now() - startTime;
+
+      const result: HealthCheckResult = {
+        healthy: false,
+        timestamp: new Date(),
+        endpoint: url,
+        responseTime,
+        error: error instanceof AxiosError ? error.message : String(error),
+        statusCode: error instanceof AxiosError ? error.response?.status : undefined,
+      };
+
+      logger.error('Health check failed', result);
+      return result;
+    }
+  }
+
+  shouldTriggerRecovery(): boolean {
+    return this.consecutiveFailures >= this.config.failureThreshold;
+  }
+
+  getConsecutiveFailures(): number {
+    return this.consecutiveFailures;
+  }
+
+  reset(): void {
+    this.consecutiveFailures = 0;
+  }
+}

package/src/index.ts

@@ -0,0 +1,48 @@
+import 'dotenv/config';
+import { GatewayMonitor } from '@/healthcheck/gateway-monitor.js';
+import { defaultMonitorConfig, defaultAIConfig, defaultRecoveryConfig } from '@/config/default.js';
+import logger from '@/utils/logger.js';
+
+async function main() {
+  logger.info('🚀 Starting OpenClaw HealthCheck System');
+
+  logger.info('Configuration loaded', {
+    gatewayUrl: defaultMonitorConfig.gatewayUrl,
+    checkInterval: defaultMonitorConfig.checkInterval,
+    aiProvider: defaultAIConfig.provider,
+    gitTracking: defaultRecoveryConfig.useGitTracking,
+  });
+
+  const monitor = new GatewayMonitor(
+    defaultMonitorConfig,
+    defaultAIConfig,
+    defaultRecoveryConfig
+  );
+
+  // Handle graceful shutdown
+  process.on('SIGINT', () => {
+    logger.info('Received SIGINT, shutting down gracefully');
+    monitor.stop();
+    process.exit(0);
+  });
+
+  process.on('SIGTERM', () => {
+    logger.info('Received SIGTERM, shutting down gracefully');
+    monitor.stop();
+    process.exit(0);
+  });
+
+  // Start monitoring
+  try {
+    await monitor.start();
+    logger.info('✅ OpenClaw HealthCheck System is running');
+  } catch (error: any) {
+    logger.error('Failed to start monitoring', { error: error.message });
+    process.exit(1);
+  }
+}
+
+main().catch((error) => {
+  logger.error('Fatal error', { error: error.message });
+  process.exit(1);
+});

package/src/recovery/auto-fixer.ts

@@ -0,0 +1,184 @@
+import { ChangeRecorder } from './change-recorder.js';
+import { GitManager } from '@/utils/git-manager.js';
+import { SafeConfigGenerator } from '@/setup/safe-config-generator.js';
+import { executor } from '@/utils/executor.js';
+import logger from '@/utils/logger.js';
+import { DiagnosisResult, RecoveryResult, RecoveryConfig, ChangeRecord } from '@/types';
+
+export class AutoFixer {
+  private changeRecorder: ChangeRecorder;
+  private gitManager?: GitManager;
+  private config: RecoveryConfig;
+
+  constructor(config: RecoveryConfig) {
+    this.config = config;
+    this.changeRecorder = new ChangeRecorder();
+
+    if (config.useGitTracking) {
+      this.gitManager = new GitManager(config.openclawConfigPath);
+    }
+  }
+
+  /**
+   * Record the fix that AI has already applied
+   * AI has already modified files and executed commands
+   * We just need to commit to git and record the change
+   */
+  async recordFix(diagnosis: DiagnosisResult): Promise<RecoveryResult> {
+    logger.info('Recording AI-applied fix', { diagnosis });
+
+    const actions: string[] = [];
+    const errors: string[] = [];
+    let gitCommit: string | undefined;
+
+    try {
+      // Initialize git if needed
+      if (this.gitManager) {
+        await this.gitManager.init();
+      }
+
+      // AI has already modified files, so we collect what changed
+      actions.push('AI completed diagnosis and fix');
+
+      if (diagnosis.configChanges && diagnosis.configChanges.length > 0) {
+        actions.push(`Modified ${diagnosis.configChanges.length} configuration files`);
+      }
+
+      if (diagnosis.commands && diagnosis.commands.length > 0) {
+        actions.push(`Executed ${diagnosis.commands.length} commands`);
+      }
+
+      // Commit changes to git
+      if (this.gitManager) {
+        const commitMessage = this.createCommitMessage(diagnosis);
+
+        try {
+          // Update safe config before committing
+          logger.info('Updating safe configuration');
+          const safeConfigGen = new SafeConfigGenerator(this.config.openclawConfigPath);
+          await safeConfigGen.update();
+          actions.push('Updated openclaw.safe.json');
+
+          // Get diff to see what actually changed
+          const diff = await this.gitManager.getDiff();
+
+          if (diff) {
+            // Stage openclaw.safe.json
+            gitCommit = await this.gitManager.commit(commitMessage, ['openclaw.safe.json']);
+            actions.push(`Committed changes: ${gitCommit}`);
+            logger.info('Changes committed to git', { commit: gitCommit });
+
+            // Auto-push to GitHub if enabled
+            if (gitCommit && this.config.useGitHubCli) {
+              if (await this.gitManager.hasRemote()) {
+                const pushed = await this.gitManager.push();
+                actions.push(pushed ? 'Pushed to GitHub' : 'GitHub push failed (best-effort)');
+              }
+            }
+          } else {
+            logger.info('No git changes to commit');
+            actions.push('No git changes detected');
+          }
+        } catch (error: any) {
+          logger.error('Git commit failed', { error: error.message });
+          errors.push(`Git commit failed: ${error.message}`);
+        }
+      }
+
+      // Verify the fix by checking gateway status
+      const verificationResult = await this.verifyFix();
+
+      if (!verificationResult.success) {
+        errors.push(`Verification failed: ${verificationResult.message}`);
+      } else {
+        actions.push(`Verification: ${verificationResult.message}`);
+      }
+
+      const success = errors.length === 0 && verificationResult.success;
+      const result: RecoveryResult = {
+        success,
+        actions,
+        errors: errors.length > 0 ? errors : undefined,
+        configChanges: diagnosis.configChanges,
+        restartRequired: false, // AI should have already restarted if needed
+      };
+
+      // Record the change
+      const record: ChangeRecord = {
+        timestamp: new Date(),
+        trigger: 'ai-auto-fix',
+        diagnosis,
+        recovery: result,
+        gitCommit,
+      };
+      await this.changeRecorder.record(record);
+
+      logger.info('Fix recording completed', result);
+      return result;
+    } catch (error: any) {
+      logger.error('Fix recording failed', { error: error.message });
+
+      return {
+        success: false,
+        actions,
+        errors: [...errors, `Fatal error: ${error.message}`],
+        restartRequired: false,
+      };
+    }
+  }
+
+  private createCommitMessage(diagnosis: DiagnosisResult): string {
+    const lines: string[] = [];
+
+    lines.push(`${this.config.gitCommitPrefix} ${diagnosis.issue}`);
+    lines.push('');
+    lines.push(`Root Cause: ${diagnosis.rootCause}`);
+    lines.push(`Fix Applied: ${diagnosis.suggestedFix}`);
+    lines.push(`Confidence: ${diagnosis.confidence}`);
+
+    if (diagnosis.configChanges && diagnosis.configChanges.length > 0) {
+      lines.push('');
+      lines.push('Files Modified:');
+      diagnosis.configChanges.forEach((change) => {
+        lines.push(`- ${change.file}: ${change.reason}`);
+      });
+    }
+
+    if (diagnosis.commands && diagnosis.commands.length > 0) {
+      lines.push('');
+      lines.push('Commands Executed:');
+      diagnosis.commands.forEach((cmd) => {
+        lines.push(`- ${cmd}`);
+      });
+    }
+
+    lines.push('');
+    lines.push('Applied by: AI Auto-Fix System');
+
+    return lines.join('\n');
+  }
+
+  private async verifyFix(): Promise<{ success: boolean; message: string }> {
+    try {
+      // Check gateway status
+      const statusResult = await executor.getGatewayStatus();
+
+      if (statusResult.success) {
+        return {
+          success: true,
+          message: 'Gateway is running normally',
+        };
+      } else {
+        return {
+          success: false,
+          message: `Gateway status check failed: ${statusResult.stderr}`,
+        };
+      }
+    } catch (error: any) {
+      return {
+        success: false,
+        message: `Verification error: ${error.message}`,
+      };
+    }
+  }
+}

package/src/recovery/change-recorder.ts

@@ -0,0 +1,46 @@
+import fs from 'fs/promises';
+import path from 'path';
+import logger from '@/utils/logger.js';
+import { ChangeRecord } from '@/types';
+import { getChangesFilePath } from '@/utils/paths.js';
+
+export class ChangeRecorder {
+  private logFilePath: string;
+
+  constructor(logFilePath?: string) {
+    this.logFilePath = logFilePath || getChangesFilePath();
+  }
+
+  async record(record: ChangeRecord): Promise<void> {
+    logger.info('Recording change', record);
+
+    try {
+      await fs.mkdir(path.dirname(this.logFilePath), { recursive: true });
+
+      let records: ChangeRecord[] = [];
+      try {
+        const content = await fs.readFile(this.logFilePath, 'utf-8');
+        records = JSON.parse(content);
+      } catch {
+        // File doesn't exist yet
+      }
+
+      records.push(record);
+
+      await fs.writeFile(this.logFilePath, JSON.stringify(records, null, 2), 'utf-8');
+      logger.info('Change recorded successfully');
+    } catch (error: any) {
+      logger.error('Failed to record change', { error: error.message });
+    }
+  }
+
+  async getHistory(limit: number = 10): Promise<ChangeRecord[]> {
+    try {
+      const content = await fs.readFile(this.logFilePath, 'utf-8');
+      const records: ChangeRecord[] = JSON.parse(content);
+      return records.slice(-limit);
+    } catch {
+      return [];
+    }
+  }
+}

package/src/setup/config-initializer.ts

@@ -0,0 +1,63 @@
+import fs from 'fs/promises';
+import logger from '@/utils/logger.js';
+import {
+  getWatcherHome,
+  getConfigPath,
+  getLogsDir,
+  getLogFilePath,
+} from '@/utils/paths.js';
+
+export interface WatcherConfig {
+  openclawConfigPath: string;
+  gatewayUrl: string;
+  healthCheckInterval: number;
+  failureThreshold: number;
+  aiProvider: string;
+  gitTracking: boolean;
+  useGitHubCli: boolean;
+}
+
+export class ConfigInitializer {
+  async create(config: WatcherConfig): Promise<void> {
+    const configContent = {
+      monitor: {
+        gatewayUrl: config.gatewayUrl,
+        healthEndpoint: '/',
+        checkInterval: config.healthCheckInterval,
+        timeout: 10000,
+        maxRetries: 3,
+        failureThreshold: config.failureThreshold,
+      },
+      ai: {
+        provider: config.aiProvider,
+        timeout: 300000,
+      },
+      recovery: {
+        useGitTracking: config.gitTracking,
+        useGitHubCli: config.useGitHubCli,
+        gitCommitPrefix: '[AutoFix]',
+        backupBeforeChange: true,
+        openclawConfigPath: config.openclawConfigPath,
+      },
+      logging: {
+        level: 'info',
+        filePath: getLogFilePath(),
+      },
+    };
+
+    // Ensure watcher home and logs directory exist
+    const watcherHome = getWatcherHome();
+    await fs.mkdir(watcherHome, { recursive: true });
+    await fs.mkdir(getLogsDir(), { recursive: true });
+
+    const configPath = getConfigPath();
+
+    try {
+      await fs.writeFile(configPath, JSON.stringify(configContent, null, 2), 'utf-8');
+      logger.info('Configuration file created', { path: configPath });
+    } catch (error: any) {
+      logger.error('Failed to create configuration file', { error: error.message });
+      throw error;
+    }
+  }
+}

package/src/setup/config-loader.ts

@@ -0,0 +1,25 @@
+import fs from 'fs/promises';
+import { MonitorConfig, AIClientConfig, RecoveryConfig } from '@/types/index.js';
+import { getConfigPath } from '@/utils/paths.js';
+
+export interface LoadedConfig {
+  monitor: MonitorConfig;
+  ai: AIClientConfig;
+  recovery: RecoveryConfig;
+}
+
+export async function loadConfig(): Promise<LoadedConfig | null> {
+  const configPath = getConfigPath();
+
+  try {
+    const content = await fs.readFile(configPath, 'utf-8');
+    const config = JSON.parse(content);
+    return config as LoadedConfig;
+  } catch {
+    return null;
+  }
+}
+
+export function getConfigFilePath(): string {
+  return getConfigPath();
+}

package/src/setup/git-initializer.ts

@@ -0,0 +1,203 @@
+import simpleGit, { SimpleGit } from 'simple-git';
+import fs from 'fs/promises';
+import path from 'path';
+import logger from '@/utils/logger.js';
+
+export interface GitInitOptions {
+  repoName: string;
+  isPrivate: boolean;
+}
+
+export class GitInitializer {
+  private git: SimpleGit;
+  private repoPath: string;
+
+  constructor(repoPath: string) {
+    this.repoPath = repoPath;
+    this.git = simpleGit(repoPath);
+  }
+
+  async init(options: GitInitOptions): Promise<void> {
+    try {
+      // Check if already a git repo
+      const isRepo = await this.git.checkIsRepo();
+      if (isRepo) {
+        logger.info('Git repository already exists', { path: this.repoPath });
+        return;
+      }
+
+      // Initialize git
+      await this.git.init();
+      logger.info('Git repository initialized', { path: this.repoPath });
+
+      // Configure git
+      await this.git.addConfig('user.name', 'OpenClaw Watcher');
+      await this.git.addConfig('user.email', 'watcher@openclaw.local');
+
+      // Create .gitignore
+      await this.createGitignore();
+
+      // Create README
+      await this.createReadme(options);
+    } catch (error: any) {
+      logger.error('Failed to initialize git repository', { error: error.message });
+      throw error;
+    }
+  }
+
+  private async createGitignore(): Promise<void> {
+    const gitignorePath = path.join(this.repoPath, '.gitignore');
+    const content = `# OpenClaw Configuration - Sensitive Files
+# IMPORTANT: openclaw.json contains API keys and tokens
+openclaw.json
+
+# Agent auth profiles (API keys)
+agents/*/agent/auth-profiles.json
+
+# Session history (large + privacy)
+agents/*/sessions/
+
+# Vector index / memory DB (large)
+memory/*.sqlite
+
+# Cache
+cache/
+
+# Logs
+*.log
+
+# Backup files
+*.backup
+*.bak
+*.tmp
+
+# System files
+.DS_Store
+Thumbs.db
+`;
+    await fs.writeFile(gitignorePath, content, 'utf-8');
+    logger.info('.gitignore created');
+  }
+
+  private async createReadme(options: GitInitOptions): Promise<void> {
+    const readmePath = path.join(this.repoPath, 'README.md');
+    const content = `# ${options.repoName}
+
+${options.isPrivate ? '🔒 **Private Repository**' : '📖 Public Repository'}
+
+This repository is managed by **OpenClaw Watcher** — it tracks the entire \`~/.openclaw\` directory, including configuration, agent settings, and AI repair history.
+
+## What's Tracked
+
+| Path | Description |
+|------|-------------|
+| \`openclaw.safe.json\` | Safe configuration (secrets redacted) |
+| \`agents/*/agent/*.json\` | Agent configuration (except auth) |
+| \`README.md\` | This file |
+| \`.gitignore\` | Git ignore rules |
+
+## What's Excluded (.gitignore)
+
+| Pattern | Reason |
+|---------|--------|
+| \`openclaw.json\` | Contains API keys and tokens |
+| \`agents/*/agent/auth-profiles.json\` | Agent API keys |
+| \`agents/*/sessions/\` | Session history (large + privacy) |
+| \`memory/*.sqlite\` | Vector index / memory DB |
+| \`cache/\` | Runtime cache |
+| \`*.log\` | Log files |
+
+## ⚠️ Security
+
+- A **pre-commit hook** blocks commits containing sensitive patterns
+- Never commit \`openclaw.json\` or auth profile files manually
+- All automated commits are created by the AI repair system
+
+## 🔧 Managed by
+
+[OpenClaw Watcher](https://github.com/your-org/openclaw-watcher) - AI-powered health monitoring and auto-repair
+`;
+    await fs.writeFile(readmePath, content, 'utf-8');
+    logger.info('README.md created');
+  }
+
+  async setupPreCommitHook(): Promise<void> {
+    const hooksDir = path.join(this.repoPath, '.git', 'hooks');
+    const preCommitPath = path.join(hooksDir, 'pre-commit');
+
+    const hookContent = `#!/bin/bash
+
+# OpenClaw Watcher Pre-commit Hook
+# Checks for sensitive data in openclaw.safe.json
+
+echo "🔍 Checking for sensitive data..."
+
+# Check if openclaw.safe.json is staged
+if git diff --cached --name-only | grep -q "openclaw.safe.json"; then
+    # Get the diff content, excluding already redacted lines (placeholders)
+    # Lines containing <YOUR_..._HERE> or <REDACTED> are considered safe
+    DIFF_CONTENT=$(git diff --cached openclaw.safe.json | grep -v "<YOUR_.*_HERE>" | grep -v "<REDACTED>")
+    
+    # Check for common sensitive patterns in non-redacted content
+    PATTERNS=(
+        "sk-ant-[a-zA-Z0-9]"           # Claude API keys
+        "Bearer [a-zA-Z0-9_-]{10,}"     # Bearer tokens
+        "api[_-]?key[^\"]*[\"']\s*:\s*[\"'][^\"']{5,}[\"']" # API keys
+        "token[^\"]*[\"']\s*:\s*[\"'][^\"']{5,}[\"']" # Tokens
+        "password[^\"]*[\"']\s*:\s*[\"'][^\"']{3,}[\"']" # Passwords
+        "secret[^\"]*[\"']\s*:\s*[\"'][^\"']{5,}[\"']" # Secrets
+    )
+
+    FOUND_SENSITIVE=false
+
+    for pattern in "\${PATTERNS[@]}"; do
+        if echo "$DIFF_CONTENT" | grep -iE "$pattern" > /dev/null; then
+            echo "❌ ERROR: Possible sensitive data found in openclaw.safe.json"
+            echo "   Pattern matched: $pattern"
+            FOUND_SENSITIVE=true
+        fi
+    done
+
+    if [ "$FOUND_SENSITIVE" = true ]; then
+        echo ""
+        echo "🚨 Commit blocked to prevent sensitive data leak!"
+        echo "   Please review openclaw.safe.json and ensure all secrets are replaced with placeholders"
+        echo "   Example: \\"apiKey\\": \\"<YOUR_API_KEY_HERE>\\""
+        exit 1
+    fi
+fi
+
+# Check if openclaw.json is accidentally staged
+if git diff --cached --name-only | grep -q "^openclaw.json$"; then
+    echo "❌ ERROR: openclaw.json should NOT be committed!"
+    echo "   This file contains sensitive information."
+    echo "   It should be in .gitignore"
+    exit 1
+fi
+
+echo "✅ Pre-commit checks passed"
+exit 0
+`;
+
+    try {
+      await fs.mkdir(hooksDir, { recursive: true });
+      await fs.writeFile(preCommitPath, hookContent, 'utf-8');
+      await fs.chmod(preCommitPath, 0o755);
+      logger.info('Pre-commit hook installed');
+    } catch (error: any) {
+      logger.error('Failed to setup pre-commit hook', { error: error.message });
+      throw error;
+    }
+  }
+
+  async initialCommit(): Promise<void> {
+    try {
+      await this.git.add('.');
+      await this.git.commit('Initial commit: OpenClaw Watcher configuration tracking');
+      logger.info('Initial commit created');
+    } catch (error: any) {
+      logger.error('Failed to create initial commit', { error: error.message });
+      throw error;
+    }
+  }
+}