squad-openclaw 2026.2.2004 → 2026.2.2005

package/dist/cli.js

@@ -0,0 +1,223 @@
+#!/usr/bin/env node
+
+// src/cli.ts
+import crypto2 from "crypto";
+import fs2 from "fs";
+import path2 from "path";
+import os2 from "os";
+import { execSync } from "child_process";
+
+// src/device-keys.ts
+import crypto from "crypto";
+import fs from "fs";
+import path from "path";
+import os from "os";
+var RELAY_DATA_DIR = path.join(os.homedir(), ".openclaw", "squad-ceo-data", "relay");
+var RELAY_STATE_PATH = path.join(RELAY_DATA_DIR, "squad-relay.json");
+var PENDING_APPROVAL_PATH = path.join(RELAY_DATA_DIR, "pending-approval.json");
+function readRelayState() {
+  try {
+    const raw = fs.readFileSync(RELAY_STATE_PATH, "utf-8");
+    return JSON.parse(raw);
+  } catch {
+    return {};
+  }
+}
+function writeRelayState(state) {
+  if (!fs.existsSync(RELAY_DATA_DIR)) {
+    fs.mkdirSync(RELAY_DATA_DIR, { recursive: true });
+  }
+  fs.writeFileSync(RELAY_STATE_PATH, JSON.stringify(state, null, 2), { mode: 384 });
+}
+function toBase64Url(buf) {
+  return buf.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function loadOrCreateRelayDeviceKeys() {
+  const state = readRelayState();
+  if (state.deviceKeys) {
+    return state.deviceKeys;
+  }
+  const { publicKey, privateKey } = crypto.generateKeyPairSync("ed25519");
+  const pubDer = publicKey.export({ type: "spki", format: "der" });
+  const rawPub = pubDer.subarray(pubDer.length - 32);
+  const deviceId = crypto.createHash("sha256").update(rawPub).digest("hex");
+  const publicKeyB64 = toBase64Url(rawPub);
+  const privateKeyPem = privateKey.export({ type: "pkcs8", format: "pem" });
+  const keys = { deviceId, publicKey: publicKeyB64, privateKeyPem };
+  writeRelayState({ ...state, deviceKeys: keys });
+  console.log(`[device-keys] Generated relay device identity: ${deviceId.substring(0, 12)}...`);
+  return keys;
+}
+function writeDeviceInfoFile(keys) {
+  const stateDir = process.env.OPENCLAW_STATE_DIR || path.join(os.homedir(), ".openclaw");
+  const infoPath = path.join(stateDir, "squad-ceo-data", "relay", "relay-device-info.json");
+  const info = {
+    deviceId: keys.deviceId,
+    publicKey: keys.publicKey,
+    displayName: "squad-relay",
+    platform: process.platform,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  try {
+    fs.writeFileSync(infoPath, JSON.stringify(info, null, 2));
+  } catch (err) {
+    console.error("[device-keys] Failed to write relay-device-info.json:", err);
+  }
+}
+
+// src/cli.ts
+var RELAY_URL = "https://relay.squad.ceo";
+var DEVICES_DIR = path2.join(os2.homedir(), ".openclaw", "devices");
+var PAIRED_JSON_PATH = path2.join(DEVICES_DIR, "paired.json");
+function generateApprovalCode() {
+  const chars = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789";
+  const bytes = crypto2.randomBytes(8);
+  let code = "";
+  for (let i = 0; i < 8; i++) {
+    code += chars[bytes[i] % chars.length];
+  }
+  return code;
+}
+function readPendingApproval() {
+  try {
+    const raw = fs2.readFileSync(PENDING_APPROVAL_PATH, "utf-8");
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+function writePendingApproval(approval) {
+  if (!fs2.existsSync(RELAY_DATA_DIR)) {
+    fs2.mkdirSync(RELAY_DATA_DIR, { recursive: true });
+  }
+  fs2.writeFileSync(PENDING_APPROVAL_PATH, JSON.stringify(approval, null, 2));
+}
+async function handleRequest() {
+  const state = readRelayState();
+  if (!state.claimToken) {
+    console.error("Error: No claim token found in squad-relay.json.");
+    console.error("Run the setup from the Squad web app first to get a claim token.");
+    process.exit(1);
+  }
+  const keys = loadOrCreateRelayDeviceKeys();
+  console.log(`Device ID: ${keys.deviceId.substring(0, 16)}...`);
+  writeDeviceInfoFile(keys);
+  const code = generateApprovalCode();
+  const approval = {
+    code,
+    deviceId: keys.deviceId,
+    createdAt: Date.now()
+  };
+  writePendingApproval(approval);
+  console.log("Sending pairing request to relay...");
+  try {
+    const res = await fetch(`${RELAY_URL}/api/relay/device-pair-request`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        claimToken: state.claimToken,
+        deviceId: keys.deviceId,
+        publicKey: keys.publicKey,
+        code
+      })
+    });
+    if (!res.ok) {
+      const text = await res.text();
+      console.error(`Error: Relay returned ${res.status}: ${text}`);
+      process.exit(1);
+    }
+    console.log("");
+    console.log("Pairing request sent successfully.");
+    console.log("Ask the user to check their Squad dashboard for the approval command.");
+  } catch (err) {
+    console.error("Error: Failed to reach relay server:", err.message);
+    process.exit(1);
+  }
+}
+async function handleApprove(code) {
+  const pending = readPendingApproval();
+  if (!pending) {
+    console.error("Error: No pending pairing request found.");
+    console.error("Run 'squad-pair request' first.");
+    process.exit(1);
+  }
+  if (pending.code !== code.toUpperCase()) {
+    console.error("Error: Approval code does not match.");
+    console.error("Check the code shown in the Squad dashboard and try again.");
+    process.exit(1);
+  }
+  if (Date.now() - pending.createdAt > 30 * 60 * 1e3) {
+    console.error("Error: Pairing request has expired. Run 'squad-pair request' again.");
+    try {
+      fs2.unlinkSync(PENDING_APPROVAL_PATH);
+    } catch {
+    }
+    process.exit(1);
+  }
+  const state = readRelayState();
+  if (!state.deviceKeys) {
+    console.error("Error: No device keys found. Run 'squad-pair request' first.");
+    process.exit(1);
+  }
+  const { deviceId, publicKey } = state.deviceKeys;
+  let paired = {};
+  if (!fs2.existsSync(DEVICES_DIR)) {
+    fs2.mkdirSync(DEVICES_DIR, { recursive: true });
+  }
+  try {
+    const raw = fs2.readFileSync(PAIRED_JSON_PATH, "utf-8");
+    paired = JSON.parse(raw);
+  } catch {
+  }
+  paired[deviceId] = {
+    deviceId,
+    publicKey,
+    role: "operator",
+    scopes: ["operator"],
+    approvedAtMs: Date.now(),
+    displayName: "squad-relay"
+  };
+  fs2.writeFileSync(PAIRED_JSON_PATH, JSON.stringify(paired, null, 2));
+  console.log("Device paired successfully.");
+  try {
+    fs2.unlinkSync(PENDING_APPROVAL_PATH);
+  } catch {
+  }
+  console.log("Restarting gateway...");
+  try {
+    execSync("openclaw gateway restart", { stdio: "inherit" });
+  } catch {
+    console.error("Warning: Could not restart gateway automatically.");
+    console.error("Run 'openclaw gateway restart' manually.");
+  }
+}
+var args = process.argv.slice(2);
+var command = args[0];
+switch (command) {
+  case "request":
+    handleRequest().catch((err) => {
+      console.error("Fatal error:", err);
+      process.exit(1);
+    });
+    break;
+  case "approve": {
+    const code = args[1];
+    if (!code) {
+      console.error("Usage: squad-pair approve <CODE>");
+      console.error("The approval code is shown in your Squad dashboard.");
+      process.exit(1);
+    }
+    handleApprove(code).catch((err) => {
+      console.error("Fatal error:", err);
+      process.exit(1);
+    });
+    break;
+  }
+  default:
+    console.log("squad-pair \u2014 Device pairing for Squad relay");
+    console.log("");
+    console.log("Commands:");
+    console.log("  squad-pair request          Send a pairing request to the relay");
+    console.log("  squad-pair approve <CODE>   Approve device pairing and restart gateway");
+    process.exit(command ? 1 : 0);
+}

package/dist/index.js

@@ -1352,10 +1352,10 @@ function registerVersionMethods(api) {
 
 // src/relay-client.ts
 import { WebSocket as NodeWebSocket } from "ws";
-import crypto2 from "crypto";
-import fs6 from "fs";
-import path6 from "path";
-import os from "os";
+import crypto3 from "crypto";
+import fs7 from "fs";
+import path7 from "path";
+import os2 from "os";
 
 // src/e2e-crypto.ts
 import crypto from "crypto";
@@ -1434,20 +1434,14 @@ var E2ECrypto = class {
   }
 };
 
-// src/relay-client.ts
-function readOperatorToken() {
-  const stateDir = process.env.OPENCLAW_STATE_DIR || path6.join(os.homedir(), ".openclaw");
-  const configPath = path6.join(stateDir, "openclaw.json");
-  try {
-    const raw = fs6.readFileSync(configPath, "utf-8");
-    const config = JSON.parse(raw);
-    return config?.gateway?.auth?.token ?? config?.gateway?.remote?.token ?? config?.gateway?.token ?? null;
-  } catch {
-    return null;
-  }
-}
+// src/device-keys.ts
+import crypto2 from "crypto";
+import fs6 from "fs";
+import path6 from "path";
+import os from "os";
 var RELAY_DATA_DIR = path6.join(os.homedir(), ".openclaw", "squad-ceo-data", "relay");
 var RELAY_STATE_PATH = path6.join(RELAY_DATA_DIR, "squad-relay.json");
+var PENDING_APPROVAL_PATH = path6.join(RELAY_DATA_DIR, "pending-approval.json");
 function readRelayState() {
   try {
     const raw = fs6.readFileSync(RELAY_STATE_PATH, "utf-8");
@@ -1478,7 +1472,7 @@ function loadOrCreateRelayDeviceKeys() {
   const privateKeyPem = privateKey.export({ type: "pkcs8", format: "pem" });
   const keys = { deviceId, publicKey: publicKeyB64, privateKeyPem };
   writeRelayState({ ...state, deviceKeys: keys });
-  console.log(`[relay-client] Generated relay device identity: ${deviceId.substring(0, 12)}...`);
+  console.log(`[device-keys] Generated relay device identity: ${deviceId.substring(0, 12)}...`);
   return keys;
 }
 function writeDeviceInfoFile(keys) {
@@ -1494,16 +1488,29 @@ function writeDeviceInfoFile(keys) {
   try {
     fs6.writeFileSync(infoPath, JSON.stringify(info, null, 2));
   } catch (err2) {
-    console.error("[relay-client] Failed to write relay-device-info.json:", err2);
+    console.error("[device-keys] Failed to write relay-device-info.json:", err2);
+  }
+}
+
+// src/relay-client.ts
+function readOperatorToken() {
+  const stateDir = process.env.OPENCLAW_STATE_DIR || path7.join(os2.homedir(), ".openclaw");
+  const configPath = path7.join(stateDir, "openclaw.json");
+  try {
+    const raw = fs7.readFileSync(configPath, "utf-8");
+    const config = JSON.parse(raw);
+    return config?.gateway?.auth?.token ?? config?.gateway?.remote?.token ?? config?.gateway?.token ?? null;
+  } catch {
+    return null;
   }
 }
 function signDeviceIdentity(keys, clientId, clientMode, role, scopes, token, challengeNonce) {
   const signedAtMs = Date.now();
-  const nonce = challengeNonce || crypto2.randomBytes(16).toString("hex");
+  const nonce = challengeNonce || crypto3.randomBytes(16).toString("hex");
   const scopeStr = scopes.join(",");
   const payload = `v2|${keys.deviceId}|${clientId}|${clientMode}|${role}|${scopeStr}|${signedAtMs}|${token ?? ""}|${nonce}`;
-  const privateKey = crypto2.createPrivateKey(keys.privateKeyPem);
-  const signature = crypto2.sign(null, Buffer.from(payload), privateKey);
+  const privateKey = crypto3.createPrivateKey(keys.privateKeyPem);
+  const signature = crypto3.sign(null, Buffer.from(payload), privateKey);
   return {
     id: keys.deviceId,
     publicKey: keys.publicKey,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "squad-openclaw",
-  "version": "2026.2.2004",
+  "version": "2026.2.2005",
   "description": "Entity registry, filesystem tools, and version management plugin for OpenClaw gateway",
   "type": "module",
   "main": "./dist/index.js",
@@ -16,6 +16,9 @@
       "./dist/index.js"
     ]
   },
+  "bin": {
+    "squad-pair": "./dist/cli.js"
+  },
   "license": "MIT",
   "files": [
     "dist/",